All of the following criteria must be fulfilled for full points. Capitalization in naming of VLANs...

 

Transcribed Image Text:

All of the following criteria must be fulfilled for full points. Capitalization in naming of VLANs and Hostnames matters. Configure that information as indicated in the directions and/or topology. Addressing requirements: 1. The gigabit link between Edge & ISP should use 209.165.0.0/30 network. Edge should be assigned the first usable IP address, ISP should be assigned the 2nd usable. 2. The serial link between Edge & ISP should use 209.170.0.0/30 network. Edge should be assigned the first usable IP address, ISP should be assigned the 2nd usable. 3. The link between Edge & Core Primary should use the 10.0.0.0/30 network. Edge should be assigned the first usable IP address, Core Primary should be assigned the 2nd usable. 4. The link between Edge & Core Secondary should use the 10.0.0.4/30 network. Edge should be assigned the first usable IP address. Core Secondary should be assigned the 2nd usable. 5. VLANS: VLAN 10 should get the 192.168.10.0/24 network. PC0 and PC2 are assigned to VLAN 10. PC0 should be assigned 192.168.10.10, PC2 should be assigned 192.168.10.15 VLAN 20 should get the 192.168.20.0/24 network. PC1 and PC3 are assigned to VLAN 20. PC1 should be assigned 192.168.20.10, PC3 should be assigned 192.168.20.15 Basic device requirements: 1. All switches and routers should have their hostnames set according to their display name in the topology. Please watch Caps/Lower-case. It matters. 2. Core Primary should have its enable secret password set to class HSRP requirements: 1. Core Primary should be the main router for VLAN 10 & 20 2. Core Primary should have a priority number for each VLAN set to 101 3. Core Secondary should be the backup router for VLAN 10 & 20 4. Core Secondary should have a priority number for each VLAN set to 99 5. Preempt should be enabled on all participating sub-interfaces. 6. Remember you'll have two standby numbers, one for VLAN 10 and one for VLAN 20. They must match between the two routers. USE group# 10 for VLAN 10 and group= 20 for VLAN 20. VLAN requirements: Watch Capitalization on the VLAN Names... 1. PC0 and PC2 should be on VLAN-10. Name it: VLAN-10 2. PC1 and PC3 should be on VLAN-20. Name it: VLAN-20 3. All switches should have a Management VLAN of 88. Name it: Management 4. All switches should have a Native VLAN of 99. Name it: Native 5. All trunk lines should follow these guidelines: VLANs 10, 20, and 88 should be allowed across the trunk. VLAN 99 should be used as the Native VLAN. Etherchannel requirements: 1. Configure LACP between S1 and S2 2. For proper grading, go into the range of ports and: 1. Setup LACP using the Channel-group 1 2. Configure all your trunk port configs on the port-channel interface 3. Don't forget to turn off DTP (nonegotiate). 4. Once you've configured both sides of the Ether-Channel, check that it's working with the show ether-channel summary command. Port Security requirements: Use the nonegotiate command on ports you configure. 1. Port security should be placed only where appropriate. 2. Ports should only allow the first 2 MAC addresses. 3. Ports should dynamically remember the MAC addresses that are connected. 4. The security mode should be set to Restrict. SSH requirements: 1. SSH should only be configured on Core_Primary. 2. Use the domain name cisco.com on Core Primary. 3. Core Primary should have a username and password configured. 1. The username should be admin, secret password should be class. 4. 1024 bit key. Use v.2 of SSH. Setup all VTY lines for SSH only and use of the username/password you created above for authentication. Routing requirements: You need to understand the difference between Next-hop and Directly-Connected static routes to successfully configure the steps below. 1. There should be a Next-Hop default route on Edge pointing towards ISP using the gigabit link. This route should be shared to all other devices participating in OSPF. (Hint default-information originate) 2. There should be a Next-Hop floating (backup) default route on Edge pointing towards ISP using the serial link. The floating static route should use the Administrative Distance of 130. 3. ISP should have two Next-Hop static routes that allow connectivity to VLANs 10 and 20 using the gigabit link. Create two separate static routes, one for each of the two VLAN Networks. 4. ISP should have two Next-Hop floating (backup) static routes that allow connectivity to VLANs 10 and 20 using the serial link. The floating static routes should use the Administrative Distance of 10. 5. ISP should have two Directly-Connected static routes; one to the 10.0.0.0/30 and one to the 10.0.0.4/30 networks using the gigabit link exit interface. 6. ISP should have two Directly-Connected floating (backup) static routes to the 10.0.0.0/30 and 10.0.0.4/30 networks using the serial link exit interface. The floating static route should have the AD set to 10. 7. OSPF should be used between Edge, Core Primary and Core_Secondary 1. Use Process ID 1 for OSPF, and of course Area 0. 2. Remember to share the Default-Static-Route from Edge. 3. Apply passive interface where appropriate. Connectivity requirements: 1. All PC's should be able to ping each other. 2. All PC's should be able to ping up to ISP. 3. You should be able to SSH into Core Primary using the admin/class credentials. 4. You should be able to ping all configured router interfaces. 5. You should be able to ping from any PC to the ISP, even if Core Primary G0/0 interface is Shutdown. (This tests your HSRP configs). You can use ping -t 209.165.0.2 to test this. The -t option will ping until you hit Ctl-C on the PC CLI. There will be a Request Timed Out period as HSRP reacts and recovers from the change. Don't forget to NO SHUT the G0/0 interface when done testing. 6. My recommendation is to test the Floating Default Routes by creating and using a Loopback Interface on ISP. I created mine in global config using: int lo 1; ip address 209.175.0.1 255.255.255.252. This creates a logical interface that I can use for testing purposes. If you try to test the Floating Static Route on Edge to the ISP, please note that I ran into an issue with PT (Edge in particular) showing in its routing table that the new/working Default Route was going across the Serial link, however, Edge was not sharing the updated Default Route through OSPF, even though the default-information originate command was in place. This means that Core Primary and Secondary strip the defunct Default Route out of their routing tables, but OSPF on Edge isn't sharing the newly installed Default Route through OSPF, even though you can see it in Edge's Show IP Route command. Core Primary and Secondary will Not have a Default Route and you will get the Destination Host Unreachable echo reply. 1. I did all my Interface manipulation (shutdown/no shutdown) on the ISP, to simulate the ISP GO/2 Interface failing. 2. To fix this OSPF issue: Go on ISP, shut down the S0/0/0 Interface and then bring it right back up. This should shake-up OSPF on Edge enough for it to implement the Default Route through the Serial Connection. (Do this while the ISP's G0/2 Interface is already ShutDown to test the Floating Route). After some time, Edge's OSPF will detect the S0/0/0 interface is back up and there is a Default Route associated with it and will then share it out to Primary/Secondary through OSPF. At that time, you should get successful pings. Fa0 PC0 Gig0/1 Gig0/0 Fa0/5 Fa0/3 Primary S1 Fa0/4 Fa0 Gig0/0 Edge Gig0/1 CANI Fa0/2 Sel Gig0/2 PC1 11 Gig0/1 Core_Secondary Gig0/0 Fa0/5 CAN11 Fa0/2 Fa0/3 Fa0 PC2 52 Fa0/4 Se0/0/0 Gig0/2 Fa0 PC3 ISP All of the following criteria must be fulfilled for full points. Capitalization in naming of VLANs and Hostnames matters. Configure that information as indicated in the directions and/or topology. Addressing requirements: 1. The gigabit link between Edge & ISP should use 209.165.0.0/30 network. Edge should be assigned the first usable IP address, ISP should be assigned the 2nd usable. 2. The serial link between Edge & ISP should use 209.170.0.0/30 network. Edge should be assigned the first usable IP address, ISP should be assigned the 2nd usable. 3. The link between Edge & Core Primary should use the 10.0.0.0/30 network. Edge should be assigned the first usable IP address, Core Primary should be assigned the 2nd usable. 4. The link between Edge & Core Secondary should use the 10.0.0.4/30 network. Edge should be assigned the first usable IP address. Core Secondary should be assigned the 2nd usable. 5. VLANS: VLAN 10 should get the 192.168.10.0/24 network. PC0 and PC2 are assigned to VLAN 10. PC0 should be assigned 192.168.10.10, PC2 should be assigned 192.168.10.15 VLAN 20 should get the 192.168.20.0/24 network. PC1 and PC3 are assigned to VLAN 20. PC1 should be assigned 192.168.20.10, PC3 should be assigned 192.168.20.15 Basic device requirements: 1. All switches and routers should have their hostnames set according to their display name in the topology. Please watch Caps/Lower-case. It matters. 2. Core Primary should have its enable secret password set to class HSRP requirements: 1. Core Primary should be the main router for VLAN 10 & 20 2. Core Primary should have a priority number for each VLAN set to 101 3. Core Secondary should be the backup router for VLAN 10 & 20 4. Core Secondary should have a priority number for each VLAN set to 99 5. Preempt should be enabled on all participating sub-interfaces. 6. Remember you'll have two standby numbers, one for VLAN 10 and one for VLAN 20. They must match between the two routers. USE group# 10 for VLAN 10 and group= 20 for VLAN 20. VLAN requirements: Watch Capitalization on the VLAN Names... 1. PC0 and PC2 should be on VLAN-10. Name it: VLAN-10 2. PC1 and PC3 should be on VLAN-20. Name it: VLAN-20 3. All switches should have a Management VLAN of 88. Name it: Management 4. All switches should have a Native VLAN of 99. Name it: Native 5. All trunk lines should follow these guidelines: VLANs 10, 20, and 88 should be allowed across the trunk. VLAN 99 should be used as the Native VLAN. Etherchannel requirements: 1. Configure LACP between S1 and S2 2. For proper grading, go into the range of ports and: 1. Setup LACP using the Channel-group 1 2. Configure all your trunk port configs on the port-channel interface 3. Don't forget to turn off DTP (nonegotiate). 4. Once you've configured both sides of the Ether-Channel, check that it's working with the show ether-channel summary command. Port Security requirements: Use the nonegotiate command on ports you configure. 1. Port security should be placed only where appropriate. 2. Ports should only allow the first 2 MAC addresses. 3. Ports should dynamically remember the MAC addresses that are connected. 4. The security mode should be set to Restrict. SSH requirements: 1. SSH should only be configured on Core_Primary. 2. Use the domain name cisco.com on Core Primary. 3. Core Primary should have a username and password configured. 1. The username should be admin, secret password should be class. 4. 1024 bit key. Use v.2 of SSH. Setup all VTY lines for SSH only and use of the username/password you created above for authentication. Routing requirements: You need to understand the difference between Next-hop and Directly-Connected static routes to successfully configure the steps below. 1. There should be a Next-Hop default route on Edge pointing towards ISP using the gigabit link. This route should be shared to all other devices participating in OSPF. (Hint default-information originate) 2. There should be a Next-Hop floating (backup) default route on Edge pointing towards ISP using the serial link. The floating static route should use the Administrative Distance of 130. 3. ISP should have two Next-Hop static routes that allow connectivity to VLANs 10 and 20 using the gigabit link. Create two separate static routes, one for each of the two VLAN Networks. 4. ISP should have two Next-Hop floating (backup) static routes that allow connectivity to VLANs 10 and 20 using the serial link. The floating static routes should use the Administrative Distance of 10. 5. ISP should have two Directly-Connected static routes; one to the 10.0.0.0/30 and one to the 10.0.0.4/30 networks using the gigabit link exit interface. 6. ISP should have two Directly-Connected floating (backup) static routes to the 10.0.0.0/30 and 10.0.0.4/30 networks using the serial link exit interface. The floating static route should have the AD set to 10. 7. OSPF should be used between Edge, Core Primary and Core_Secondary 1. Use Process ID 1 for OSPF, and of course Area 0. 2. Remember to share the Default-Static-Route from Edge. 3. Apply passive interface where appropriate. Connectivity requirements: 1. All PC's should be able to ping each other. 2. All PC's should be able to ping up to ISP. 3. You should be able to SSH into Core Primary using the admin/class credentials. 4. You should be able to ping all configured router interfaces. 5. You should be able to ping from any PC to the ISP, even if Core Primary G0/0 interface is Shutdown. (This tests your HSRP configs). You can use ping -t 209.165.0.2 to test this. The -t option will ping until you hit Ctl-C on the PC CLI. There will be a Request Timed Out period as HSRP reacts and recovers from the change. Don't forget to NO SHUT the G0/0 interface when done testing. 6. My recommendation is to test the Floating Default Routes by creating and using a Loopback Interface on ISP. I created mine in global config using: int lo 1; ip address 209.175.0.1 255.255.255.252. This creates a logical interface that I can use for testing purposes. If you try to test the Floating Static Route on Edge to the ISP, please note that I ran into an issue with PT (Edge in particular) showing in its routing table that the new/working Default Route was going across the Serial link, however, Edge was not sharing the updated Default Route through OSPF, even though the default-information originate command was in place. This means that Core Primary and Secondary strip the defunct Default Route out of their routing tables, but OSPF on Edge isn't sharing the newly installed Default Route through OSPF, even though you can see it in Edge's Show IP Route command. Core Primary and Secondary will Not have a Default Route and you will get the Destination Host Unreachable echo reply. 1. I did all my Interface manipulation (shutdown/no shutdown) on the ISP, to simulate the ISP GO/2 Interface failing. 2. To fix this OSPF issue: Go on ISP, shut down the S0/0/0 Interface and then bring it right back up. This should shake-up OSPF on Edge enough for it to implement the Default Route through the Serial Connection. (Do this while the ISP's G0/2 Interface is already ShutDown to test the Floating Route). After some time, Edge's OSPF will detect the S0/0/0 interface is back up and there is a Default Route associated with it and will then share it out to Primary/Secondary through OSPF. At that time, you should get successful pings. Fa0 PC0 Gig0/1 Gig0/0 Fa0/5 Fa0/3 Primary S1 Fa0/4 Fa0 Gig0/0 Edge Gig0/1 CANI Fa0/2 Sel Gig0/2 PC1 11 Gig0/1 Core_Secondary Gig0/0 Fa0/5 CAN11 Fa0/2 Fa0/3 Fa0 PC2 52 Fa0/4 Se0/0/0 Gig0/2 Fa0 PC3 ISP