Configure the network according to the specifications listed. Make sure that you address both the internal and external access rules. Test your network carefully and then save your configuration. You will be asked to demonstrate your network to your instructor for grading. Make sure the ping command operates properly and the access rules are being implemented as specified in the requirements.
The objective of this project is for the students to gain experience configuring VLANs and access
lists for controlling data traffic into and out of the VLANs and the wide-area network connection.
This network setup has two separate sites, Site A and Site B, that are connected through Routers 1
and 2. The network address for Site A is 172.168.0.0. The network address for Site B is
192.168.35.0. IP addressing and subnetting within your network is up to you; however, plan your
network carefully.
Specifics
Site A:
? Research VLAN (PC1), server (S1)
? Finance VLAN (PC2), server (S2)
Site B:
? Office LAN (PC3)
Internal access rules:
? Computers on the Office and Finance VLANs can communicate with the server (S2).
? Only the computers in the Research VLAN can talk to the Research server (S1).
External access rules:
? Only the computers in the Office and Finance LANs can access the wide-area network conne
Note on grading:
Refer to the running-config files for the routers and the switches to see how this task can be implemented. The best way to grade this exercise is to have the students come into your office and explain how they meet each access requirement. This takes a little extra time, but it gives the students the opportunity to fully explain their intentions. In addition, there is more than one possible solution.
```
R1# sh access-lists
Extended IP access list 100
40 deny icmp any any
50 deny tcp any any eq telnet
80 permit ip any any
Extended IP access list Finance_IN
40 permit ip host 172.168.3.10 192.168.35.0 0.0.0.255
70 permit ip host 172.168.3.11 any
Extended IP access list Finance_OUT
40 permit ip 192.168.35.0 0.0.0.255 host 172.168.3.10
Extended IP access list Research_IN
40 deny ip any any
Extended IP access list Research_OUT
40 deny ip any any
R1#
R2# sh access-lists
Extended IP access list 100
40 deny icmp any any
50 deny tcp any any eq telnet
80 permit ip any any
R2#
Computer PC1, PC2, PC3 and Server 1, 2 settings
S1
IP: 172.168.2.10/24
DG: 172.168.2.1
S2
IP: 172.168.3.10/24
DG: 172.168.3.1
PC1
IP: 172.168.2.11/24
DG: 172.168.2.1
PC2
IP: 172.168.3.11/24
DG: 172.168.3.1
PC3
IP: 192.168.35.11/24
DG: 192.168.35.1
Router 1
R1# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
interface FastEthernet0/0
no ip address
!
FastEthernet0/0.1
encapsulation dot1q 1 native
ip address 172.168.1.1 255.255.255.0
!
FastEthernet0/0.2
encapsulation dot1q 2
ip address 172.168.2.1 255.255.255.0
!
FastEthernet0/0.3
encapsulation dot1q 3
ip address 172.168.3.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
!
interface Serial0/0/0
ip address 172.168.0.1 255.255.255.252
clock rate 128000
!
interface Serial0/0/1
no ip address
shutdown
!
router ospf 100
network 172.168.0.0 0.0.255.255 area 0
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
ip access-list extended Finance_OUT
remark Interface FA 0/0.3 OUT (FINANCE VLAN)
remark
remark Computers on the OFFICE LAN can communicate with S2
permit ip 192.168.35.0 0.0.0.255 host 172.168.3.10
ip access-list extended Research_IN
remark Interface FA 0/0.2 IN (RESEARCH VLAN)
remark
remark Computers can only communicate within the same LAN
deny ip any any
ip access-list extended Finance_IN
remark Interface FA 0/0.3 IN (FINANCE VLAN)
remark
remark Computers on the OFFICE LAN can communicate with S2
permit ip host 172.168.3.10 192.168.35.0 0.0.0.255
remark -
remark Only the computer in the FINANCE VLAN can access the WAN
permit ip host 172.168.3.11 any
remark —
remark Computers can only communicate within the same LAN (Implicit Deny)
ip access-list extended Research_OUT
remark Interface FA 0/0.2 OUT (RESEARCH VLAN)
remark
remark Only the computers in the Research VLAN can talk to S1
deny ip any any
!
access-list 100 remark Interface s 0/0/0 OUT
access-list 100 remark
access-list 100 remark The following traffic is not allowed into the network: Ping,
Telnet
access-list 100 deny icmp any any
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
!
control-plane
!
line con 0
line aux 0
allocate 20000 1000
!
end
R1#
Router 2
R2# sh run
Building configuration...
Current configuration : 800 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
ip cef
!
interface FastEthernet0/0
ip address 192.168.35.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/0/1
ip address 172.168.0.2 255.255.255.252
ip access-group 100 out
!
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
access-list 100 remark Interface S 0/0/1 OUT
access-list 100 remark
access-list 100 remark The following traffic is not allowed into the network: Ping,
Telnet
access-list 100 deny icmp any any
access-list 100 deny tcp any any eq telnet
access-list 100 permit ip any any
!
control-plane
!
line con 0
line aux 0
line vty 0 4
no login
!
scheduler allocate 20000 1000
!
end
R2#
Switch 1
SW1# sh run
Building configuration...
Current configuration : 1310 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW1
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
!
Vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
ip address 172.168.1.10 255.255.255.0
no ip route-cache
!
ip default-gateway 172.168.1.1
ip http server
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end
SW1#
Switch 2
SW2# sh run
Building configuration...
Current configuration : 1310 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW2
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
!
Vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
ip address 172.168.1.20 255.255.255.0
no ip route-cache
!
ip http server
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end
SW2#
Switch 3
SW3# sh run
Building configuration...
Current configuration : 1310 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW3
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
!
Vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 172.168.1.30 255.255.255.0
no ip route-cache
!
ip http server
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end
SW3#
Switch 4
SW4# sh run
Building configuration...
Current configuration : 1310 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW4
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
!
Vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 172.168.1.40 255.255.255.0
no ip route-cache
!
ip http server
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end
SW4#
Switch 5
SW5# sh run
Building configuration...
Current configuration : 1310 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW5
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
!
Vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.35.2 255.255.
You might also like to view...
A ‘null’ RMI that takes no parameters, calls an empty procedure and returns no values delays the caller for 2.0 milliseconds. Explain what contributes to this time.
In the same RMI system, each 1K of user data adds an extra 1.5 milliseconds. A client wishes to fetch 32K of data from a file server. Should it use one 32K RMI or 32 1K RMIs?
For a const object with no _________ data members, operator ________ must be used every time a member is to be modified.
Fill in the blank(s) with the appropriate word(s).
The URL of a web page can be copied to the clipboard by right-clicking in the ________ and clicking Copy on the shortcut menu
Fill in the blank(s) with correct word
________ allows workbooks to be shared among different users
A) Conditional formatting B) Printing workbooks C) Collaboration D) Copying workbooks