SOHO DMZ Svr Z 1 0000000000000 W Internal Servers WXZ SOHO Wireless LAN Controller X Internet...

Transcribed Image Text:

SOHO DMZ Svr Z 1 0000000000000 W Internal Servers WXZ SOHO Wireless LAN Controller X Internet Port A P LW AP 00000000000 M Internet KR ISP K FW NTP & Web Server Root DNS Server Scenario The SRWE Company has come to you for a redesign of their company's network. Because of their expanding business operations, they want to upgrade their existing networking devices to support Gigabit Ethernet, a Wireless LAN Controller (WLC) with Lightweight Access Points (LWAP), new security features and First Hop Redundancy Protocol (FHRP). Configure the hostnames on all devices per the topology diagram and set a house keeping script for each device and cable the topology using the correct cabling. Replace all host NIC's with Gig NIC's. Note: Use the latest version of Packet Tracer. Safe your work often and have backup copies of your work based on date - time - phase. Packet Tracer is known to "crash" at the absolute worst time. Do not combine the Native & Management VLAN. For good network documentation, add interface descriptions and banners where appropriate. Passwords will be set in Phase 4. Task 1: ISP Router 1. Use the 4331 Router. 1.1. Install one NIM-ES 2-4 network module, which will provide four Gigabit (layer 2) switchports. 2. Connect two Servers to the ISP router via a layer 2 access port. 3. ISP layer 2 switchports 3.1. Directly connect each Server to the ISP router using a Gigabit Layer 2 access switchport 3.2. Statically assign addressing to each server per the Addressing Table 3.3. Statically set each layer 2 access switchport and set the specific VLAN and enable spanning - tree portfast 3.4. Create a layer 3 Switched Virtual Interface (SVI) that will be the default gateway. 4. On the DNS Server create an "A Record" for the Web Page (example: www.ipv4.com based on the IP address of the Web Server) 5. On the Web Server, modify the Web Pages to display "Public SRWE Web Server" with your name on the Web page. 6. Enable the appropriate services (DNS, Web) for each server. 7. The SOHO Router is a Wireless Home Router which can be configured via the GUI 7.1. Connect the cable from the ISP Layer 3 interface to the Internet Port on the SOHO Router. 7.2. Assign an IP address to the ISP Layer 3 Interface. (Addressing Table) 7.2.1. Set up a DHCP pool to the SOHO Router including DNS information. 7.3. The SOHO router will receive IP addressing via DHCP from the ISP Router. 8. Add a laptop computer and install Wireless NIC card. 8.1. Wireless connectivity and DHCP should be automatic using default parameters. Task 2: FW Router and ISP Router 1. Install a cable between the FW router and the ISP router 2. Set a public IPv4 address using the VLSM Table. 2.1. Assign the ISP the first usable IP address and FW the second usable IP address. Task 3: Static Default Route on FW 1. On FW configure a static default IPv4 route using the next hop IP address to the ISP 1.1. Set a static route to the ISP with an administrative distance of twice the default value. Task 4: Verify Connectivity 1. From SOHO laptop ping the DNS server IP address and HTTP via DNS to the Web Server. 2. From FW router ping the DNS server. (troubleshoot as needed) 3. From FW router ping the Web server. (troubleshoot as needed) WXZ Router and Devices Next, install a Cisco 4331 router, a 3504 Wireless LAN Controller, one Lightweight Access Point, three Servers, one Admin PC 1 and one wireless laptop M. The internal Servers will provide internal services to the company, including DNS, Web, TFTP, AAA, Syslog and Radius. The DMZ Web Server will provide Web services to (external) Internet customers. The Admin PC 1 will provide management of the WLC. Implement Gigabit Ethernet for all links. Again remove FastEthernet NIC cards from host devices and replace with Gig NIC cards. Task 5: WXZ Router to FW 1. Connect a cable between the WXZ router and the FW router on Gigabit Ethernet layer 3 interfaces 1.1. This will be a layer 3 point-to-point link using a 30 bit mask. 1.2. Assign IP addressing per your Addressing Table design. Task 6: DMZ Server Page 2 of 4 SRWE Case Study Phase 1 1. Connect the correct cable to the Gigabit Ethernet NIC on the DMZ Server Z to the Gigabit Ethernet (layer 3) port on DMZ router. 2. Assign IP addressing per your Addressing Table design. 3. Modify the default Web Page to display "DMZ Server" with your name. Task 7: WXZ 4331 Router Hardware Upgrade 1. Install one NIM-ES 2-4 network module, which will provide four Gigabit (layer 2) switching ports. 1.1. Each layer 2 port is assigned a VLAN per the Addressing Table 1.2. Each VLAN requires a Switched Virtual Interface (SVI) to provide Gateway services. Task 8: Internal Server W and Internal Server X 1. Cable the servers to the layer 2 ports just installed on WXZ router (Task 7) 2. Create the "VLAN" SVI to provide Gateway services to both internal servers. 2.1. Statically assign IP addressing to the both servers and SVI per your design. 3. On Server W modify the default Web Page to display "Internal SRWE Web Server" with your name. 4. On Server X enable DNS services. 4.1. Create a DNS "A Record" for the Internal Web Server based on the private IP address. 4.2. Create a Name Server record pointing to the Root DNS Server. 4.3. Do not create a DNS mapping for the DMZ server. Task 9: Wireless LAN Controller (WLC 3504), Lightweight Access Point (LWAP), PC and Laptop 1. Connect a crossover cable on port 1 of the WLC to the WXZ router on a layer 2 switchport 2. Connect a cable from the Packet Tracer ICON LAP-PT (LWAP) to the WXZ router on a layer 2 switchport 2.1. The LWAP will need power adapter installed 2.2. The LWAP will receive an IP address via DHCP from the WLC 3. Connect a cable from the WLC port 2 to PC 1. 4. Statically assign IP addressing to the WLC and PC 1 per your Addressing Table design. 4.4. Click on the WLC click on the Config Tab click Management 4.5. Set the IP addressing parameters 5. Add a laptop (M) with one WPC300N wireless interface card 6. On the WXZ router configure the switchports with the correct VLAN per the Addressing Table 6.1. Create the SVI to provide Gateway services to the WLC, PC 1, LWAP and Laptop. Task 10: WLC Initial Configuration Wizard Important: Complete the PT Lab Initial Configuration Wizard before configuring the WLC. This lab is located on Canvas under Additional PT Labs 1. Ensure PC 1 can ping the WLC and then HTTP from PC 1 to the WLC. 2. Then start the initial WLC using the Startup Configuration Wizard. 3. Set up the Management Profile / SSID and wireless security parameters via the GUI. Page 3 of 4 SRWE Case Study Phase 1 4. Once completed you will need to login the WLC via HTTPs and configure DHCP so Laptop M can obtain IP addressing via DHCP. 6.2. click Controller Internal DHCP Server DHCP Scope then click New to create a new DHCP Scope 6.3. Create a new DHCP Scope Address pool; this will be the Wireless LAN Controller Management subnet. 6.3.1. From the new DHCP Scope, set the default gateway (SVI) and DNS server address. 4.1. When done click Apply and then click Save Settings 5. Next, from the Controller menu set the Primary DHCP Server IP address. 6.4. on the left side of the screen click Interfaces click the interface name 6.4.1. scroll down to DHCP Information 6.4.2. set the IP address of the WLC as the Primary DHCP Server. 7. When done click Apply and then click Save Settings 8. Set the SSID and wireless security parameters on laptop M. Laptop M "should" get a DHCP address from the WLC. Task 11: Internal Dynamic Routing 1. Internal dynamic routing will be configured using EIGRP advertising directly connected interfaces 2. Advertise EIGRP in AS 645xx using the inverse mask of each directly connected interface excluding the ISP link 3. On only FW, advertise the static default route in EIGRP using the IOS redistribute static command Task 12: Network Address Translation (NAT) PAT 1. Define the inside and outside NAT interfaces. 1.1. Configure a "NAT" access control list (ACL) based on your private internal addressing 1.2. Configure NAT-PAT to translate private internal hosts to the outside "public" interface. Verification after Phase 1 OPC 1 (Admin) ping all devices and server, excluding SOHO router/Laptop PC 1 (Admin) and Laptop M web browse to internal web server & public web server using internal DNS. Additional IOS verification commands: show ip eigrp neighbors show ip route connected show ip route static show ip route show ip nat translations SOHO DMZ Svr Z 1 0000000000000 W Internal Servers WXZ SOHO Wireless LAN Controller X Internet Port A P LW AP 00000000000 M Internet KR ISP K FW NTP & Web Server Root DNS Server Scenario The SRWE Company has come to you for a redesign of their company's network. Because of their expanding business operations, they want to upgrade their existing networking devices to support Gigabit Ethernet, a Wireless LAN Controller (WLC) with Lightweight Access Points (LWAP), new security features and First Hop Redundancy Protocol (FHRP). Configure the hostnames on all devices per the topology diagram and set a house keeping script for each device and cable the topology using the correct cabling. Replace all host NIC's with Gig NIC's. Note: Use the latest version of Packet Tracer. Safe your work often and have backup copies of your work based on date - time - phase. Packet Tracer is known to "crash" at the absolute worst time. Do not combine the Native & Management VLAN. For good network documentation, add interface descriptions and banners where appropriate. Passwords will be set in Phase 4. Task 1: ISP Router 1. Use the 4331 Router. 1.1. Install one NIM-ES 2-4 network module, which will provide four Gigabit (layer 2) switchports. 2. Connect two Servers to the ISP router via a layer 2 access port. 3. ISP layer 2 switchports 3.1. Directly connect each Server to the ISP router using a Gigabit Layer 2 access switchport 3.2. Statically assign addressing to each server per the Addressing Table 3.3. Statically set each layer 2 access switchport and set the specific VLAN and enable spanning - tree portfast 3.4. Create a layer 3 Switched Virtual Interface (SVI) that will be the default gateway. 4. On the DNS Server create an "A Record" for the Web Page (example: www.ipv4.com based on the IP address of the Web Server) 5. On the Web Server, modify the Web Pages to display "Public SRWE Web Server" with your name on the Web page. 6. Enable the appropriate services (DNS, Web) for each server. 7. The SOHO Router is a Wireless Home Router which can be configured via the GUI 7.1. Connect the cable from the ISP Layer 3 interface to the Internet Port on the SOHO Router. 7.2. Assign an IP address to the ISP Layer 3 Interface. (Addressing Table) 7.2.1. Set up a DHCP pool to the SOHO Router including DNS information. 7.3. The SOHO router will receive IP addressing via DHCP from the ISP Router. 8. Add a laptop computer and install Wireless NIC card. 8.1. Wireless connectivity and DHCP should be automatic using default parameters. Task 2: FW Router and ISP Router 1. Install a cable between the FW router and the ISP router 2. Set a public IPv4 address using the VLSM Table. 2.1. Assign the ISP the first usable IP address and FW the second usable IP address. Task 3: Static Default Route on FW 1. On FW configure a static default IPv4 route using the next hop IP address to the ISP 1.1. Set a static route to the ISP with an administrative distance of twice the default value. Task 4: Verify Connectivity 1. From SOHO laptop ping the DNS server IP address and HTTP via DNS to the Web Server. 2. From FW router ping the DNS server. (troubleshoot as needed) 3. From FW router ping the Web server. (troubleshoot as needed) WXZ Router and Devices Next, install a Cisco 4331 router, a 3504 Wireless LAN Controller, one Lightweight Access Point, three Servers, one Admin PC 1 and one wireless laptop M. The internal Servers will provide internal services to the company, including DNS, Web, TFTP, AAA, Syslog and Radius. The DMZ Web Server will provide Web services to (external) Internet customers. The Admin PC 1 will provide management of the WLC. Implement Gigabit Ethernet for all links. Again remove FastEthernet NIC cards from host devices and replace with Gig NIC cards. Task 5: WXZ Router to FW 1. Connect a cable between the WXZ router and the FW router on Gigabit Ethernet layer 3 interfaces 1.1. This will be a layer 3 point-to-point link using a 30 bit mask. 1.2. Assign IP addressing per your Addressing Table design. Task 6: DMZ Server Page 2 of 4 SRWE Case Study Phase 1 1. Connect the correct cable to the Gigabit Ethernet NIC on the DMZ Server Z to the Gigabit Ethernet (layer 3) port on DMZ router. 2. Assign IP addressing per your Addressing Table design. 3. Modify the default Web Page to display "DMZ Server" with your name. Task 7: WXZ 4331 Router Hardware Upgrade 1. Install one NIM-ES 2-4 network module, which will provide four Gigabit (layer 2) switching ports. 1.1. Each layer 2 port is assigned a VLAN per the Addressing Table 1.2. Each VLAN requires a Switched Virtual Interface (SVI) to provide Gateway services. Task 8: Internal Server W and Internal Server X 1. Cable the servers to the layer 2 ports just installed on WXZ router (Task 7) 2. Create the "VLAN" SVI to provide Gateway services to both internal servers. 2.1. Statically assign IP addressing to the both servers and SVI per your design. 3. On Server W modify the default Web Page to display "Internal SRWE Web Server" with your name. 4. On Server X enable DNS services. 4.1. Create a DNS "A Record" for the Internal Web Server based on the private IP address. 4.2. Create a Name Server record pointing to the Root DNS Server. 4.3. Do not create a DNS mapping for the DMZ server. Task 9: Wireless LAN Controller (WLC 3504), Lightweight Access Point (LWAP), PC and Laptop 1. Connect a crossover cable on port 1 of the WLC to the WXZ router on a layer 2 switchport 2. Connect a cable from the Packet Tracer ICON LAP-PT (LWAP) to the WXZ router on a layer 2 switchport 2.1. The LWAP will need power adapter installed 2.2. The LWAP will receive an IP address via DHCP from the WLC 3. Connect a cable from the WLC port 2 to PC 1. 4. Statically assign IP addressing to the WLC and PC 1 per your Addressing Table design. 4.4. Click on the WLC click on the Config Tab click Management 4.5. Set the IP addressing parameters 5. Add a laptop (M) with one WPC300N wireless interface card 6. On the WXZ router configure the switchports with the correct VLAN per the Addressing Table 6.1. Create the SVI to provide Gateway services to the WLC, PC 1, LWAP and Laptop. Task 10: WLC Initial Configuration Wizard Important: Complete the PT Lab Initial Configuration Wizard before configuring the WLC. This lab is located on Canvas under Additional PT Labs 1. Ensure PC 1 can ping the WLC and then HTTP from PC 1 to the WLC. 2. Then start the initial WLC using the Startup Configuration Wizard. 3. Set up the Management Profile / SSID and wireless security parameters via the GUI. Page 3 of 4 SRWE Case Study Phase 1 4. Once completed you will need to login the WLC via HTTPs and configure DHCP so Laptop M can obtain IP addressing via DHCP. 6.2. click Controller Internal DHCP Server DHCP Scope then click New to create a new DHCP Scope 6.3. Create a new DHCP Scope Address pool; this will be the Wireless LAN Controller Management subnet. 6.3.1. From the new DHCP Scope, set the default gateway (SVI) and DNS server address. 4.1. When done click Apply and then click Save Settings 5. Next, from the Controller menu set the Primary DHCP Server IP address. 6.4. on the left side of the screen click Interfaces click the interface name 6.4.1. scroll down to DHCP Information 6.4.2. set the IP address of the WLC as the Primary DHCP Server. 7. When done click Apply and then click Save Settings 8. Set the SSID and wireless security parameters on laptop M. Laptop M "should" get a DHCP address from the WLC. Task 11: Internal Dynamic Routing 1. Internal dynamic routing will be configured using EIGRP advertising directly connected interfaces 2. Advertise EIGRP in AS 645xx using the inverse mask of each directly connected interface excluding the ISP link 3. On only FW, advertise the static default route in EIGRP using the IOS redistribute static command Task 12: Network Address Translation (NAT) PAT 1. Define the inside and outside NAT interfaces. 1.1. Configure a "NAT" access control list (ACL) based on your private internal addressing 1.2. Configure NAT-PAT to translate private internal hosts to the outside "public" interface. Verification after Phase 1 OPC 1 (Admin) ping all devices and server, excluding SOHO router/Laptop PC 1 (Admin) and Laptop M web browse to internal web server & public web server using internal DNS. Additional IOS verification commands: show ip eigrp neighbors show ip route connected show ip route static show ip route show ip nat translations