Networking design
IST 260: Network Design Capstone Course Network Design Project Topology Assessment Objectives: Build this small business network to support its employees Part 1: Apply the IPv4 Addressing Scheme (5 points) Part 2: Cable the network as required to ensure connectivity with all devices (10 points) Part 3: Perform router admin configuration to allow connectivity and secure remote access (15 points) Part 4: Configure the switch with IPv4 addressing, switchport security, remote access (15 points) Test and Verify IPv4 End-to-End Connectivity Part 5: Configure a server- based DHCP process for IPv4 (15 points) Part 6: Configure server-based DNS, NTP, in IPv4. Point the router to the NTP service (15 points) Part 7: Configure wireless LAN devices to communicate on the network (10 points) Part 8: Test and Verify wireless- device connectivity (IPv4 address received from server-based DHCP) (5 points) Part 9: Back up the switch and router startup configurations to the TFTP Server. (10 points) Troubleshoot and adjust as required to ensure proper network functionality and recovery. Tasks for the project In this Skills Assessment (SA) you will configure the devices in a small business network. You must configure a router, switch, server, printer, wireless controllers, wireless access point, wireless devices, and PCs to support IPv4. You will configure security, including SSH, on the router and switch. You will test and document the network using common CLI commands. Finally, you will save the entire packet tracer project and submit it to the instructor in the D2L assignments folder. Required Resources: Packet Tracer 7.3.1 Addressing Assignment Table Device Interface IP Address Subnet Mask Default Gateway LAN Router G0/1 172.16.0.1 255.255.240 N/A ISP Network S0/0/0 13.13.13.2 255.255.255.252 N/A Switch G0/1 172.16.0.2 255.255.240.0 172.16.0.1 Server Fa0/1 172.16.0.3 255.255.240.0 172.16.0.1 Printer Fa0/2 172.16.0.4 255.255.240.0 172.16.0.1 Wireless LAN Controller G0/2 172.16.0.5 255.255.240.0 172.16.0.1 LWAP F0/4 172.16.0.6 255.255.240.0 N/A PC-A F0/5 Via DHCP Via DHCP Via DHCP PC-B F0/6 Via DHCP Via DHCP Via DHCP PC-C F0/7 Via DHCP Via DHCP Via DHCP Tablet PC Wireless NIC Via DHCP Via DHCP Via DHCP Smartphone Wireless NIC Via DHCP Via DHCP Via DHCP Laptop Wireless NIC Via DHCP Via DHCP Via DHCP Part 1. Cable the Network Use Ethernet cabling to properly connect the devices to support the business. Part 2: Apply the IPv4 Addressing Scheme You’ve been given the IPv4 network address 172.16.0.0/20 for your internal LAN network. Statically assign the IPv4 addresses to the equipment per the addressing assignment table. Part 3: Perform Router Admin and security configuration Configure the following on the Company Router Enable service timestamps for the Syslog Server Block router logins for 1 minute when more than 3 attempts are made within 2 minutes Name the router Encrypt all passwords Enable Secret password (class) Set a banner MOTD Turn off DNS lookups Set at least 1 admin user named admin with the highest privilege level, secure the password class1234 Generate an encryption key (domain name ttc.com, SSH version 2, modulus 1024) Configure console login (password cisco) Set the executive timeouts to 15 minutes Set the executive timeouts to 20 minutes Configure VTY for SSH local logins only Set the executive timeouts to 10 minutes Configure Router to use the time from the NP Server. Ensure authentication is on between the router and NTP Server Part 4: Perform Switch Admin and security configuration Configure the following on the Switch Name the Switch Enable Secret password (class) Turn off DNS lookups Encrypt all passwords Set a banner MOTD Enable service timestamps for syslog are enables Generate an encryption key (domain name ttc.com, SSH version 2, modulus 1024) Configure port-security on used all access-ports (not trunk ports) Enable Sticky secure on all active access ports, set the violation counter to a maximum of 1 and manually configure the violation mode to shutdown Administratively disable all unused ports Configure and enable line console login (password cisco) Set the executive timeouts to 15 minutes Enable synchronous logging Configure VTY for SSH login local only (username: admin password: cisco) Set the executive timeouts to 15 minutes Part 5: Configure the Server for DHCP Configuration to be performed in IPv4 only. Exclude the first 100 IPv4 addresses to be assigned statically as your network intermediary devices. Configure the DHCP Serverpool for the network ID given in Part 2. Part 6: Configure the Server for NTP, TFTP, HTTP, and DNS Turn on and configure the services on the Server and test them properly to ensure reachability and functionality. Ensure and unused services are secured. Your Router should be getting its clock settings securely from the NTP Server. Your DNS Server should have some DNS records configured for the network. Your HTTP Server should be reachable and functional. Test for functionality Your TFTP Server should be able transfer files. (Try upgrading the switch to IOS 15.) Part 7: Configure the wireless controller and Access point for connectivity Configure the Wireless LAN controller name to TTCWireless SSID: TTC Secure Authentication: WPA2-PSK PSK Pass Phrase: cisco1234 Encryption: AES AP Groups: ensure the LWAP associates with the wireless controller DHCP: off Management: Enable IP addressing from the Addressing Assignment table Associate the AP with the Wireless LAN Controller Statically assign the IP address from the Addressing Assignment Table Part 8: Test and verify Wireless device connectivity The tablet, smart phone, and Laptop should receive IP addresses wirelessly from the DHCP on the DHCP Server. Wireless devices should be able to reach the remote networks. Part 9: Verify connectivity to the ISP- connected device the topology from any LAN device. Ping the internet PC to verify connectivity You can also ping Google’s DNS server 8.8.8.8. Part 10: Back up the switch and router startup configuration to the TFTP Server Transfer the startup configurations from the switch and router to the TFTP Server. Both config files should have your last name associated with the file. eg SkywalkerL_S1config.txt, SoloH_R1config.txt.