Professional Documents
Culture Documents
01 Project Description
02 Network Topology
03 Requirements
Project Description
The Enterprise is an IT solutions that has three branches as the followings:
· Cairo-Site
· Alex-Site
· DC-Site
And it's ordered their network engineers for designing and implementing its
networks on each site, connecting them together with a DMVPN over GRE WAN
link.
Looking at Cairo-Site, it has four departments separated by four VLANs as
the following table:
30 PR 172.16.0.64/27
40 HR 172.16.0.96/27
Looking at Alex-Site, it has two departments separated by
two VLANs as the following table:
10 Technical-Support 192.168.0.0/25
20 Customer-Service 192.168.0.128/25
Looking at Data Center, it has the following servers:
CUCM-Server
ACS-Server
• Configure VTP versi on 3 “fee@fee.com" on Cairo-DSW-1 to be in the primary server mode with
an authenti cation key with cisco.
• Configure Cai ro-DSW-1 to be the default-gateway for VLAN 10 and VLAN 20.
• Configure Cai ro-DSW-1 to be the default-gateway for VLAN 30 and VLAN 40.
• Configure helper-address on Cairo-DSW-1 and Cairo-DSW-2 so all hosts on Cairo-Site can get a
n IP from the D.C+DHCP-Server and Backup D.C+DHCP-Server as an alternate DHCP-Server.
• Permit for VLAN 10, VLAN 20, VLAN 30 and VLAN 40 only to go into trunk ports.
• Configure interfaces IP configuration on Sophos-UTM, setting the default-gateway for eth1 and
eth2.
• Configure load-balanci ng between eth1 and eth2 on Sophos-UTM putting eth1 as an active link
and eth2 as a standby link.
• Configure interfaces IP configuration on ISP, NAT configuration and default route configuration
so any site can connect to the internet.
• Configure interfaces IP configuration on Cairo-GW, NAT configuration, OSPF configuration and
default route configuration so Cairo-Site can go to the internet.
• Configure interfaces IP configuration on DC-GW-1 and DC-GW-2, NAT confi guration, RIPv2 conf
iguration and default route configuration so DC-Site can go to the internet.
• Configure EIGRP over DMVPN network between Alex-Site, Cairo-Site and DC-Site.
• Configure VTP versi on 3 “fee@fee.com" on Alex-Core and set it as a primary server with an aut
hentication key wi th cisco.
• Configure VTP versi on 3 “fee@fee.com" on Alex-Access-1 and Alex-Access-2 and set them as a
client with an authentication key with cisco.
• Configure domain control ler on D.C+DHCP Server and DHCP pools for al l VLANs on the other t
wo sites.
• Configure backup domain controller on Backup D.C+DHCP Server and backup DHCP pools for a
ll VLANs on the other two sites.
• Configure OUs for each site and OUs for each VLAN on A.D on D.C+DHCP-Server.
• Configure group policy so deny access for USB ports, CD-Room, control panel for each VLAN.
• Add the domain controller in the Sophos-UTM as an authentication server and synchronize Soph
os with active directory.
• Enable web-filter for each VLAN on Cairo-Site so VLAN 10 can't access the any website without
authenticating, VLAN 20 can't access only to www.facebook.com, VLAN 30 can't access only to
www.twitter.com, and VLAN 40 can't access any HTTP/HTTPs websi te.
• Configure ACS-Server to be a TACACS+ authenticator.
• Configure CME-Server to be a call-manager for VLAN 10, VLAN 20, VLAN 30 and VLAN 40 on C
airo-Site.
• Configure dial-peer between CME-Server and CUCM-Server so any phone from VLAN 10, VLAN
20, VLAN 30 and VLAN 40 can contact any phone from DC-Site.
THANKS