XYZs CCNA Internetwork Challenge

Introduction Company XYZ is a US-based, plumbing company that has its main headquarters stationed at San Francisco, and two remote sites at Houston and Florida. Over the years, the company has experienced intermittent connectivity and poor service from its previous network specialists. Geared towards excellence, the company has outsourced your company, Network Experts - East, in ensuring the networks security and stability. Initially, the network has a mixture of Cisco and non-Cisco routers / switches. But, after presenting the advantages of using Cisco devices (such as having SMARTNET and TAC within our disposal), the company has decided to eliminate all non-Cisco equipment and has bought three new routers, two new switches and one wireless router for you to configure - HOUSTON, FLORIDA, EDGERTR, HSTN-SW1, HSTNSW2 and HSTN-WR1. Objective Knowing that you are a promising CCNA practitioner, the company has ensured that all their requirements are within the bounds of the curriculum. Your task is to ensure that all their network requirements are met, as well as make sure that the new devices can work hand in hand with their existing devices(enclosed in orange boxes).

NOTE TO USER: This activity is created using Packet Tracer 5.3.1. Best viewed when the Always show port labels check box under Preferences Options is unchecked. COMPLETION TIME: 60 minutes

XYZs Network Topology

IP Addressing Table
Device Interfac e S0/0/0 SANFRAN S0/0/1 Fa0/0 S0/0/0 Fa0/0.50 HOUSTON Fa0/0.75 Fa0/0.10 0 FLORIDA EDGERTR ISP S0/0/1 Fa0/0 Fa0/0 Fa0/1 Fa0/0 Fa0/1 192.168.100.6 10.10.50.1 50.74.56.9 180.20.40.1 50.74.56.10 207.184.30.161 255.255.255.252 255.255.255.224 255.255.255.252 255.255.255.248 255.255.255.252 255.255.255.224 IP Address 192.168.100.1 192.168.100.5 180.20.40.2 192.168.100.2 Subnet Mask 255.255.255.252 255.255.255.252 255.255.255.248 255.255.255.252 Default Gateway N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

HSTN-SW1 VLAN75 HSTN-SW2 VLAN75 HDServer SMTPServer OutsideSer ver GUEST-LT EMPLOYEEPC ADMIN-PC NIC NIC NIC NIC NIC NIC 10.10.50.10 10.10.50.20 207.184.30.167 DHCP DHCP DHCP 255.255.255.224 255.255.255.224 255.255.255.224 DHCP DHCP DHCP 255.255.255.224 255.255.255.224 207.184.30.161 DHCP DHCP DHCP

Use VLSM in calculating for the Network addresses of the HOUSTON Networks. Note: The IP addresses in the green boxes are already assigned in their respective interfaces. The IP addresses in the yellow boxes needs to be assigned in their respective interfaces. The IP addresses in the blue boxes needs to be computed for, and needs to be assigned in their respective interfaces.

Network Name EMPLOYEES ADMINISTRAT 3

VLAN 50 75

Host Requirement 100 hosts 15 hosts

ORS WLINK GUESTS (Wireless) 100 Point-to-point 50 hosts

IP address assignments:
For all the HOUSTON FastEthernet subinterfaces, configure it with the first usable IP address of the network where the port belongs to. Configure the IP address of the remaining FastEthernet/Serial ports of the routers as indicated in the IP Addressing Table. For the switch HSTN-SW1s management interface, use the 2nd usable IP address of the ADMINISTRATORS network. The switch must be able to communicate with devices from the other networks. For the switch HSTN-SW2s management interface, use the 3rd usable IP address of the ADMINISTRATORS network. The switch must be able to communicate with devices from the other networks. For the wireless router HSTN-WR1s internet interface, configure it with the last usable IP address of the WLINK network. For the wireless router HSTN-WR1s LAN interface, configure it with the first usable IP address of the GUESTS network. For the ADMIN-PC, create a DHCP pool named ADMINISTRATORS in the HOUSTON router to provide IP address on the devices in that network. Exclude the first five IP addresses in the DHCP pool. The primary DNS server of the devices should be 10.10.50.10. For the EMPLOYEE-PC, create a DHCP pool named EMPLOYEES in the HOUSTON router to provide IP address on the devices in that network. Exclude the first five IP addresses in the DHCP pool. The primary DNS server of the devices should be 10.10.50.10. For the GUEST-LT, create the DHCP pool in the HSTN-WR1 router to provide IP address on the devices in that network. The primary DNS server of the devices should be 10.10.50.10.

Configuration Requirements:

Configure the device hostnames as shown in the device label. Configure the password networkeast as the enable secret password, console password, and vty password on all the configurable routers/switches. Also, secure the devices by encrypting all plain-text passwords using the type 7 encryption. Configure a default route on the router EDGERTR, pointing to the ISP router. Use the exit-interface in defining the route. Configure a static route on the router HOUSTON, pointing to the HSTN-WR1 wireless router. Use the next-hop address in defining the route. Enable OSPF on the routers HOUSTON and EDGERTR. Using the process id of 23, appropriately configure these networks on the routers where they are supposed to be configured:

o o o o o

EMPLOYEES network ADMINISTRATORS network WLINK network 192.168.100.0 network 189.20.40.0 network

Using OSPF, propagate the static route in the HOUSTON router to all the routers in the network. Make sure that you propagate the subnet mask with it. Using OSPF, propagate the default route in the EDGERTR router to all the routers in the network. Ensure that the FastEthernet interface of the EDGERTR will never be the DR/BDR of its network. Change the OSPF hello timer in the S0/0/0 interface of the HOUSTON router to 5 seconds and the OSPF dead timer in the S0/0/0 interface of the HOUSTON router to 20 seconds. Enable EIGRP in the FLORIDA router. Using autonomous system 23, define all the networks directly connected to the router and ensure that summarization is disabled. Change the EIGRP K-values in the FLORIDA router, where:

o o o o o

k1 k2 k3 k4 k5

= = = = =

2 0 1 0 0

Create the following VLANs in HSTN-SW1:

o o o

VLAN50 = EMPLOYEES VLAN75 = ADMINISTRATORS VLAN100 = WLINK

In the HSTN-SW1 and HSTN-SW2 switches, ports Fa0/1 to Fa0/4 must be configured as access ports and should be assigned to VLAN75. In the HSTN-SW1 and HSTN-SW2 switches, ports Fa0/5 to Fa0/20 must be configured as access ports and should be assigned to VLAN50. In the HSTN-SW1 and HSTN-SW2 switches, ports Fa0/21 to Fa0/22 must be configured as access ports and should be assigned to VLAN100. In the HSTN-SW1 and HSTN-SW2 switches, ports Fa0/23 to Fa0/24 should be configured as trunk ports. In the HSTN-SW1 and HSTN-SW2 switches, ports Fa0/1 to Fa0/20 should automatically be functioning in the STP Forwarding state when the port comes up. Enable port-security in HSTN-SW1 and HSTN-SW2 switches. Ports Fa0/1 to Fa0/20 can only have a maximum of 3 MAC addresses per port that are dynamically learned, and are stored in the running-config. Configure the VTP domain named HSTN on HSTN-SW1 and HSTN-SW2. HSTN-SW1 should act as the server while HSTN-SW2 should act as the client. The password for the VTP process should be !Hou5t0n. Make HSTN-SW1 the root bridge of VLAN50 and VLAN75 by changing VLAN50s priority to 8192 and VLAN75s priority to 16384. Make HSTN-SW2 the root bridge of VLAN100 by changing VLAN100s priority to 4096. Change the SSID of the wireless router to HOUSTONGUESTS, and utilize WPA2 Personal the wireless security mode. AES will be encryption technique, and the pre-shared key will be !H0u5t0n. Configure NAT overloading on the EDGERTR router by overloading the Fa0/1 interface of the router, defining the inside/outside interfaces accordingly, and creating a standard, named access-list called NAT. Create the list in the following order:

o o o o

EMPLOYEES network ADMINISTRATORS network WLINK network Florida LAN

Enable public HTTP access for HDSERVER by configuring static NAT on the EDGERTR. Devices accessing the http port of the outside IP of EDGERTR should be automatically redirected to the HDSERVER. Enable public SMTP access for SMTPSERVER by configuring static NAT on the EDGERTR. Devices accessing the smtp port of the outside IP of EDGERTR should be automatically redirected to the SMTPSERVER. Configure PPP on the HOUSTON router. Use CHAP as the mode of authentication. SANFRAN router is configured with the username SANFRAN, the password c15c04353r.

Create an extended, named access-list called ACLIN in the HOUSTON router and configure the following requirements(in order):

Note: The wireless router in PT automatically uses NAT. As such, use its internet IP address as the source IP address to be used in your access-list statements.

a. Allow the GUEST network to access both the TCP and UDP DNS service of the HDServer in the Florida LAN. b. Prevent the GUEST network from accessing the Florida LAN. c. Prevent the GUEST network from accessing the EMPLOYEES network. d. Prevent the GUEST network from accessing the ADMINISTRATORS network. e. Prevent the EMPLOYEES network from accessing the ADMINISTRATORS network. Apply the access-list ACLIN, in the inbound direction, on the Fa0/0.50 and Fa0/0.100 interface of the HOUSTON router.