Scenario Sport Zone Limited is a health club system company specialising in the development and support of health club member systems. It is a fast-growing small and medium-sized enterprise (SME). The management realises that in order to compete in its market, the company needs a more secured inter-office leased line network infrastructure to increase productivity as well as to have more control of the security frameworks. Your company is required to design the network with the following outline (IP Address to be provided separately): Headquarter Device Interface IP Address Subnet Mask Connected To HQ Colchester Router S0/1/0 (DCE) ISP S0/0/1 (DCE) Sheffield S0/0/0 (DCE) Newcastle Fa0/0 VLANs with Server Farms Branch at Sheffield Device Interface IP Address Subnet Mask Connected To Sheffield Router S0/0/1 Colchester S0/0/0 (DCE) Newcastle Branch at Newcastle Device Interface IP Address Subnet Mask Connected To Newcastle Router S0/0/1 Colchester S0/0/0 Sheffield Requirements: 1) Design and justify a suitable routing mechanism, including the choice of dynamic routing protocol. 2) Implement 3 VLANs at the Colchester to separate the staff of the sales, human resources and accounting team, and configure inter-VLAN routing. 3) Implement wireless support at the Newcastle office. 4) Cable the network according to the scenario requirements. 5) Test and verify full connectivity of your network. 6) Explain recent network security threats and implement security measures for the switches and routers of the company network. 7) Write a report to explain your network design and testing in items 1to 6 with critical evaluations. the report (item 6, 7) (Indicative word count: 2000 words) Reference and Citation In your report you should use information from sources such as your textbook, lab manual, a reference book, and articles published in a science or engineering journal. When you use information from sources, you need to write where the information came from (citations) and where the readers can locate the sources (references) using the Harvard method. Part 1: Initialize Devices Initialize and reload the routers and switches. Task IOS Command Comments Erase the startup-config file on all routers. R1# erase startup-config Reload all routers. R1# reload (Hostnames should be reset back to Router.) Erase the startup-config file on all switches and remove the old VLAN database. S1# erase startup-config S1# del vlan.dat Reload both switches. S1# reload (Hostnames should be reset back to Switch.) Verify VLAN database is absent from flash on both switches. S1# show flash Part 2: Configure Device Basic Settings Configuration Item or Task Specification Comments IP Address 209.165.200.230 Subnet Mask 255.255.255.248 Default Gateway 209.165.200.225 Configure the Internet PC. Configuration tasks for the Internet PC include the following (Refer to Topology for IP address Configuration Item or Task Specification Comments Disable DNS lookup no ip domain-lookup Router name hostname Colchester Encrypted privileged exec password enable secret class Console access password line console 0 password cisco login Telnet access password line vty 0 4 password cisco login MOTD banner banner motd “Unauthorised Access is Prohibited!” Interface S0/0/0 interface s0/0/0 description Connection to Sheffield ip address 172.16.12.1 255.255.255.252 clock rate 128000 no shutdown Interface S0/1/1 interface s0/1/1 description Connection to Newcastle ip address 172.16.23.2 255.255.255.252 clock rate 128000 no shutdown Interface G0/0 (Simulated Internet) interface g0/0 description Connection to ISP ip address 209.165.200.225 255.255.255.248 no shutdown Interface Loopback 0 (Simulated Web Server) interface lo0 description Simulated Server ip address 10.10.10.10 255.255.255.255 Default route ip route 0.0.0.0 0.0.0.0 g0/0 Configure R1 (Colchester). Configuration tasks for R1 include the following: Configure R2(Sheffield). Configuration tasks for R2 include the following: Configuration Item or Task Specification Comments Disable DNS lookup no ip domain-lookup Router name hostname Sheffield Encrypted privileged exec password enable secret class Console access password line console 0 password cisco login Telnet access password line vty 0 4 password cisco login MOTD banner banner motd “Unauthorised Access is Prohibited!” Interface S0/0/1 interface s0/0/1 description Connection to Newcastle ip address 172.16.6.1 255.255.255.252 no shutdown Interface S0/0/0 interface s0/0/0 description Connection to Colchester ip address 172.16.12.1 255.255.255.252 no shutdown Default route ip route 0.0.0.0 0.0.0.0 s0/0/0   Configure R3 (Newcastle). Configuration tasks for R3 include the following: Configuration Item or Task Specification Comments Disable DNS lookup no ip domain-lookup Router name hostname Newcastle Encrypted privileged exec password enable secret class Console access password line console 0 password cisco login Telnet access password line vty 0 4 password cisco login MOTD banner banner motd “Unauthorised Access is Prohibited!” Interface S0/0/1 interface s0/0/1 description Connection to Sheffield ip address 172.16.6.2 255.255.255.252 no shutdown Interface S0/1/1 interface s0/1/1 description Connection to Colchester ip address 172.16.23.1 255.255.255.252 no shutdown Default route ip route 0.0.0.0 0.0.0.0 s0/1/1   Configure S1. Configuration tasks for S1 include the following: Configuration Item or Task Specification Comments Disable DNS lookup no ip domain-lookup Switch name hostname S1 Encrypted privileged exec password enable secret class Console access password line console 0 password cisco login Telnet access password line vty 0 4 password cisco login MOTD banner banner motd “Unauthorised Access is Prohibited!” Configure S2. Configuration tasks for S1 include the following: Configuration Item or Task Specification Comments Disable DNS lookup no ip domain-lookup Switch name hostname S2 Encrypted privileged exec password enable secret class Console access password line console 0 password cisco login Telnet access password line vty 0 4 password cisco login MOTD banner banner motd “Unauthorised Access is Prohibited!” Configure S3 Configuration tasks for S3 include the following: Configuration Item or Task Specification Comments Disable DNS lookup no ip domain-lookup Switch name hostname S3 Encrypted privileged exec password enable secret class Console access password line console 0 password cisco login Telnet access password line vty 0 4 password cisco login MOTD banner banner motd “Unauthorised Access is Prohibited!”   Part 3: Configure Switch Security, VLANS, and Inter VLAN Routing Configure S1. Configuration tasks for S1 include the following: Configuration Item or Task Specification comments Create the VLAN database vlan 31 name Sales vlan 34 name HR vlan 37 name Account vlan 99 name Management Assign the management IP address interface vlan 99 ip address 192.168.99.2 255.255.255.0 Assign the default-gateway ip default-gateway 192.168.99.1 Force trunking on Interface F0/3 interface F0/3 switchport mode trunk switchport trunk native vlan 1 Note: VLAN 1 is the native VLAN by default, the previous command is not necessary. Force trunking on Interface F0/5 interface F0/5 switchport mode trunk switchport trunk native vlan 1 Note: vlan is the native VLAN, the previous command is not necessary. Configure all other ports as access ports interface range F0/1-2, F0/4, F0/6-24, G0/1-2 switchport mode access Assign F0/6 to VLAN 31 interface F0/6 switchport access vlan 31 interface F0/12 switchport access vlan 34 interface F0/18 switchport access vlan 37 Shutdown all unused ports. interface range F0/1-2, F0/4, F0/7-11,F0/13-17,F0/19-24, G0/1-2 shutdown Configure S2. Configuration tasks for S1 include the following: Configuration Item or Task Specification comments Create the VLAN database vlan 31 name Sales vlan 34 name HR vlan 37 name Account vlan 99 name Management Assign the management IP address interface vlan 99 ip address 192.168.99.3 255.255.255.0 Assign the default-gateway ip default-gateway 192.168.99.1 Force trunking on Interface F0/3 interface F0/3 switchport mode trunk switchport trunk native vlan 1 Note: VLAN 1 is the native VLAN by default, the previous command is not necessary. Force trunking on Interface F0/4 interface F0/5 switchport mode trunk switchport trunk native vlan 1 Note: vlan is the native VLAN, the previous command is not necessary. Configure all other ports as access ports interface range F0/1-2, F0/4, F0/6-24, G0/1-2 switchport mode access Assign F0/12 to VLAN 31 interface F0/12 switchport access vlan 34 Shutdown all unused ports. interface range F0/1-2, F0/6-11, F0/13-24, G0/1-2 shutdown   Configure S3. Configuration tasks for S3 include the following: Configuration Item or Task Specification Comments Create VLAN database vlan 31 name Sales vlan 34 name HR vlan 37 name Account vlan 99 name Management Assign the management IP address interface vlan 99 ip address 192.168.99.4 255.255.255.0 Assign default-gateway ip default-gateway 192.168.99.1 Force trunking on Interface F04 interface F0/4 switchport mode trunk switchport trunk native vlan 1 Assign all other ports as access ports interface range F0/1-2, F0/6-24, G0/1-2 switchport mode access Assign F0/18 to VLAN 33 interface F0/18 switchport access vlan 37 Shutdown all unused ports. interface range F0/1-2, F0/7-11, F0/13/17, F0/19-24, G0/1-2 shutdown   Configure R1(Colchester). Configuration tasks for R1 include the following: Configuration Item or Task Specification Comments Configure 802.1Q subinterface .31 on G0/1 interface g0/1.31 description Sales LAN encapsulation dot1q 31 ip address 192.168.31.1 255.255.255.0 Configure 802.1Q subinterface .34 on G0/1 interface g0/1.34 description HR LAN encapsulation dot1q 34 ip address 192.168.34.1 255.255.255.0 Configure 802.1Q subinterface .37 on G0/1 interface g0/1.37 description Account LAN encapsulation dot1q 37 ip address 192.168.37.1 255.255.255.0 Configure 802.1Q subinterface .99 on G0/1 interface g0/1.99 description Management LAN encapsulation dot1q 99 ip address 192.168.99.1 255.255.255.0 Activate Interface G0/1 interface g0/1 no shutdown   Part 4: Configure OSPFv2 Dynamic Routing Protocol Configure OSPFv2 on R1 (Colchester). Configuration tasks for R1 include the following: Configuration Item or Task Specification Comments OSPF Process ID router ospf 1 Router ID router-id 1.1.1.1 Advertise directly connected Networks network 172.16.12.0 0.0.0.3 area 0 network 172.16.23.0 0.0.0.3 area 0 network 10.10.10.10 0.0.0.0 area 0 network 192.168.31.0 0.0.0.255 area 0 network 192.168.34.0 0.0.0.255 area 0 network 192.168.37.0 0.0.0.255 area 0 network 192.168.99.0 0.0.0.255 area 0 Set all LAN interfaces as passive passive-interface g0/1.31 passive-interface g0/1.34 passive-interface g0/1.37 passive-interface g0/1.99 passive-interface lo0 Change the default cost reference bandwidth to support Gigabit interface calculations auto-cost reference-bandwidth 1000 Set the serial interface bandwidths interface s0/0/0 bandwidth 128 interface s0/1/1 bandwidth 128 Adjust the metric cost of S0/0/0 ip ospf cost 7500 Configure OSPFv2 on R2(Sheffield). Configuration tasks for R2 include the following: Configuration Item or Task Specification Comments OSPF Process ID router ospf 1 Router ID router-id 2.2.2.2 Advertise directly connected Networks network 172.16.12.0 0.0.0.3 area 0 network 172.16.23.0 0.0.0.3 area 0 Set the LAN (Loopback) interface as passive passive-interface lo0 Change the default cost reference bandwidth to support Gigabit interface calculations auto-cost reference-bandwidth 1000 Set the bandwidth on all serial interfaces interface s0/0/0 bandwidth 128 interface s0/0/1 bandwidth 128 Adjust the metric cost of S0/0/0 interface s0/0/0 ip ospf cost 7500 Configure OSPFv2 on R3(Newcastle). Configuration tasks for R3 include the following: Configuration Item or Task Specification Comments OSPF Process ID router ospf 1 Router-ID router-id 3.3.3.3 Advertise directly connected Networks network 172.16.23.0 0.0.0.3 area 0 network 192.16.6.0 0.0.0.3 area 0 Set all LAN (Loopback) interfaces as passive Change the default cost reference bandwidth to support Gigabit interface auto-cost reference-bandwidth 1000 Set the serial interface bandwidth interface s0/0/1 bandwidth 128 interface s0/1/1 bandwidth 128 Part 5: Implement DHCP for IPv4 Configure R1 as the DHCP server for VLANs 31, 34 and 37. Configuration tasks for R1 include the following: Configuration Item or Task Specification Comments Reserve the first 20 IP addresses in VLAN 31 for static configurations ip dhcp excluded-address 192.168.31.1 192.168.31.20 Reserve the first 20 IP addresses in VLAN 34 for static configurations ip dhcp excluded-address 192.168.34.1 192.168.34.20 Reserve the first 20 IP addresses in VLAN 37 for static configurations ip dhcp excluded-address 192.168.37.1 192.168.37.20 Create a DHCP pool for VLAN 31 ip dhcp pool SLS network 192.168.31.0 255.255.255.0 dns-server 10.10.10.11 default-router 192.168.31.1 Create a DHCP pool for VLAN 34 ip dhcp pool HR network 192.168.34.0 255.255.255.0 dns-server 10.10.10.11 default-router 192.168.34.1 Create a DHCP pool for VLAN 37 ip dhcp pool ACCT network 192.168.37.0 255.255.255.0 dns-server 10.10.10.11 default-router 192.168.37.1 Configure Static and Dynamic NAT on R2. Configuration tasks for R2 include the following: Configuration Item or Task Specification Comments Create a static NAT to the Web Server ip nat inside source static 10.10.10.10 209.165.200.229 Assign the inside and outside interface for the static NAT interface lo0 ip nat inside interface g0/0 ip nat outside Configure the dynamic NAT inside private ACL access-list 1 permit 192.168.31.0 0.0.0.255 access-list 1 permit 192.168.34.0 0.0.0.255 access-list 1 permit 192.168.34.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.3.255 Define the pool of usable public IP addresses ip nat pool INTERNET 209.165.200.225 209.165.200.228 netmask 255.255.255.248 Define the dynamic NAT translation ip nat inside source list 1 pool INTERNET