CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0
Name NRIC/FIN No:
Module: Code: Project:
Advanced Networking (16 hours)
Design a WAN to interconnect LANs complete with IP address scheme, routing protocols and ACLs.
Overview and Objectives
This final project allows you to build and configure a network using skills gained throughout the course. It is divided into 7 phases. Your project must fulfill the following requirements:
• Set up the network using the diagrams provided.
• Calculate and assign appropriate IP addresses as needed.
• Configure and redistribute multi-area OSPF and EIGRP routing protocols.
• Configure VLANs and 802.1q trunk.
• Configure PPP and GRE Tunneling.
• Configure DHCPv6 and NAT to access to an ISP network.
• Create and apply access control lists on the appropriate routers and interfaces.
• Configure SYSLOG services on appropriate router and switch.
• Create and configure First Hop Redundancy Protocol on appropriate routers and interfaces.
• Configure eBGP to a NTP server with the proper network redistribution.
• Configure remote users to access the network via Tanglin router using PPPoE and DSL.
You are required to design and implement a network for a company as shown on Appendix A. It has 4 different sites, namely HQ, Orchard, Tanglin and AMK connected using Point-to-Point (PPP) serial links. EIGRP routing protocol is applied at AMK site while the remaining sites use multi-area OSPF scheme. All sites are able to communicate with each other.
Orchard site requires VLANs to group users logically. The company will use private addresses (RFC 1918) throughout and IPv6 addresses on some part of the WAN. Hence you must properly implement NAT for Internet connectivity where necessary. The company also wishes to limit Internet access to Web traffic while allowing multiple protocols within its own WAN.
The company is also exploring on the feasibility to:
• Move some services to a second ISP and to use BGP protocol. As a start, ABR2 is chosen to connect to the second ISP, Isp2 for NTP and DNS services.
• Allow remote VPN via PPPoE and a DSL modem using a third ISP. Tanglin site is chosen. In this design VLSM is used to minimize wastage of IP addresses.
Equipment/Tool List
Packet Tracer version 6.2 and above is preferred.
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0 Name: Class:
Phase 1: Derive and assign addresses to LAN & WAN and connect the devices.
Complete all tasks in Phase 1 with reference to Topology 1.
NOTE: You may be provided with a different set of IP blocks, hosts and VLANs from those below.
1. Hosts required:
Hosts 200 1600 900
2. Use 172.16.0.0/16 IPv4 address block with IP for Tanglin, Orchard and AMK LANs. Router interfaces for LANs are assigned the highest IPs’ address in descending order while PCs are the lowest addresses in ascending order. Switches are assigned the fifth lowest IP address with the appropriate default gateways. For all serial interfaces, use IP addresses from 10.1.0.0/16 range starting from the second highest available subnets in descending order for AMK-ABR2, ABR2-HQ,HQ-ABR1, ABR1-Tanglin and ABR1-Orchard links. Design the IP addressing scheme to conserve the most number of IP from wastages.
3. Configure all the devices and check connectivity.
Topology 1
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Name:
Phase 2: Configure Routers with Layer 2 & 3 Protocols (PPP, EIGRP, OSPF)
Ver No: 1.0 Class:
Topology 2
Complete all tasks in Phase 2 with reference to Topology 2: Part A: Perform basic configurations.
The hostnames of all devices must match the displayed names. The password, mySecretKey is the non-reversible encryption password to enter the privilege command mode. The devices should not resolve incorrect commands and prevent logging must not interrupt console and vty session. The intermediary devices management interfaces are configured with the parameters below:
Pa$$w0rd1 myANWProj.com 1024/RSA Admin Pa$$w0rd1
Part B: Configure dynamic routing for IPv4 using the information below
The different areas are configured with dynamic routing protocols as shown on the topology with additional
information as below.
Router id 1.1.1.1 2.2.2.2 3.3.3.3 4.4.4.4 5.5.5.5 6.6.6.6
Inter-area OSPF advertisements must be minimized. Also, the unnecessary routing updates must be suppressed to improve security. All devices in different areas must be able to communicate with each other. In addition, ABR2 & AMK routers are connected using PPP with CHAP passwords NWTisFUN.
Console & VTY Password
SSH for VTY lines
Domain Name
Key Length/Type
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0 Name: Class:
Phase 3: Configure NAT, ACLs and DHCPv6
Complete all tasks in Phase 3 with reference to Topology 3:
Note: The followings are preconfigured on Isp1 and SRV which are on an external ISP network
• IP addresses and netmasks on SRV and Isp1.
• SRV provide https, http and ftp services. A file stored on the ftp server is FileOnSRV.txt.
Part A: Configure NAT to allow all PCs to simultaneously access SRV.
A default static route using the next hop method to Isp1 is used by all computers from the 172.16.0.0 network to access the ISP1 network simultaneously. Router HQ router performs NAT: A block of public address, 209.150.100.48/29, is procured this purpose. Use ISP_A as the pool name for NAT. A static route is to be configured on Isp1 using the next hop to provide a path for traffic from SRV to return the internal network.
Upon configuration, all PCs in the LANs can access the SRV using http, https and ftp. Download the FileOnSRV.txt using ftp protocol to PC1.
Part B: Configure ACL using the best practices on ACL placement.
Create packet filtering on Tanglin LAN and AN. Tanglin LAN to allow accesses to SRV via https protocol only. All other types of traffic to the rest of the internal networks is allowed. 0/0/1 allows only SSH outgoing traffic from AN to the internal subnets, disallow all other protocols from accessing the AMK network and allow all traffic to other locations.
Part C: Configure stateless DHCPv6 (SLAAC & DHCPv6) on AMK router for AMK LAN network.
POOL6 myANWProjIPv6.org 2001::FFAA 2001::/64 EUI FE80::1
1. Verify the settings are functioning as required.
Topology 3
Domain Name
DNS Server
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0 Name: Class:
Phase 4: Configure VLANs and VPN Tunneling
Part A: Configuring VLANs on AN with reference to Topology 4A
The initial AN is now further segmented into the 4 equal size LAN to support 4 different VLANs. The
Topology 4A
Topology 4B
VLANs on S2 is as shown in the table below.
2 30 Sales
3 40 Guests
Fa0/5 – Fa0/8 Fa0/9 – Fa0/12 Fa 0/13- Fa 0/20 Fa0/21 – Fa0/24
Interfaces
The PCs is given the lowest usable IP to the PCs while the routers interfaces are assigned the highest usable IP usable IP addresses. S2 keeps its original IP address but changed appropriately to its correct VLAN. For security purpose, all unused ports (physical and virtual) on S2 must be turned off. Configure the necessary routing to allow inter-VLAN communication.
PART B: Configure site-to-site VPN using GRE with reference to Topology 4B.
Create a site-to-site VPN access between Orchard and Tanglin using the below information..
EIGRP protocol is used for Tanglin and AN and the GRE Tunnel is created for VPN access. Do NOT perform route redistribution for the VPN tunnel.
Tanglin 1 192.168.10.129/30 Orchard 1 192.168.10.130/30
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0 Name: Class:
Phase 5: Configure Network Monitoring & FHRP/HSRP Protocol
Topology 5
PART A: Set up the SYSLOG to log events from ABR2, AMK and S1 with reference to Topology 5.
Connect the SYSLOG server according to the Topology 5. Configure the SYSLOG server to use the 10th usable IP address in its respective subnet. Set up the syslog function on SYSLOG server. Configure ABR2, AMK and S1 to log events to the SYSLOG server successfully.
PART B: As AMK LAN is a very important LAN, it is necessary to design AMK LAN to provide redundancy for the users in AMK LAN to continue to access to other parts of the network even in the event that AMK router fails. However, in the event AMK router comes back online after a failure, it will be used as the preferred router for the AMK LAN.
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Name:
Phase 6: Configure time synchronization and eBGP
Ver No: 1.0 Class:
Topology 6
Refer to Topology 6 to complete this phase of the project. NOTE: The NTPDNS server is preconfigured:
• With IP addresses.
• To provide network time and domain name services.
The NTPDNS server is to provide time and DNS services to the company network. Isp2 runs eBGA routing protocol with ABR2. Configure the BGP routing to form a BGP connection between AS65001 and AS65000. All the routers in EIGRP 51 domain to obtain the network time from NTPDNS server. Troubleshoot and resolve issues to allow ABR2, AMK and AMK-1 to get their time from NTPDNS server, if any. Verify PC1 and PC6 area able to view the webpage on SRV by using the domain name https://mywebonSRV.com. Troubleshoot and resolve issues if necessary.
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Name:
Phase 7: Configure PPPoE
Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0 Class:
Complete all tasks in Phase 7 with reference to Topology 7. NOTE: The DSL modem is preconfigured and supplied by ISP3.
The company is requesting for a study on remote access via VPN and PPPoE.
Topology 7
Cable the devices with the correct cables according to the topology.Configure Tanglin Gi0/1 IP as 172.168.10.1/28. Enable and configure PPPoE parameters as below:
myPool 172.168.1.2 – 172.168.1.11 ANWite
PPPoE should provide IP address automatically to PC7. Provide the user of PC7 with the name ITEGuest and password Pa$$w0rd to access the network via PPPoE. Troubleshoot and resolve all issues to allow PC7 to access SRV webpage and to connect to PC1 – PC6
Deliverables
1. Submit the completed Packet Tracer files.
Address Range
VPN dialup name
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Name:
APPENDIX A: OVERALL NETWORK TOPOLOGY
Ver No: 1.0 Class:
Copyright, Institute of Technical Education
CONFIDENTIAL
Project Doc No: PT-HFISN/HTISN-OOO Ver No: 1.0
Copyright, Institute of Technical Education