This assignment is aimed for a design and developing a small and medium company network using Cisco equipment. The design will be made using the Cisco network simulator packet tracer software. The packet tracer is a software to simulate real network scenarios used on networking teaching and learning program from Cisco.
This report is aimed to designing and developing an office network that will serve to different locations one in Chelsea and the other in Hackney, both buildings will have separate departments. The Chelsea branch will have Management and Human Resources on third floor, the Finance department and Accounting will be located on the second floor, and the Logistics and IT will be in the first floor all connected with different VLANs using. The Hackney branch will operate with three different departments, which will be the Sales department, Marketing, Management, and Administration all locate on the same floor.
Get your grade
or your money back
using our Essay Writing Service!
Both branches will have dedicated servers for DHCP, DNS, WEB, EMAIL SERVER, DATA, BACKUP. Network Printers and wireless access point will be set up in each floor .
I will use packet tracer a cisco development tool to design and deploy this network.
Packet Tracer is a network software simulator that offers a unique combination of realistic simulation and visualization experiences, assessment and activity authoring capabilities and opportunities of competition (Cisco 2008a).
Several Concepts have been applied on cisco switches and routers such as passwords and security features, Virtual LANS, and VLAN Trunking Protocol (VTP), which provide means of exchanging VLAN information between Cisco Switches (Wendell 0. 2008b; p.16).
The aim of this assignment is to design and develop a company network using Cisco Packet Tracer network simulator.
The main purpose of the project is to learn about computer network concepts and apply them on real live.
Literature search on computer networks
Familiarization with packet tracer simulation software
Design an Office network using packet tracer
Set up security features on routers and switches (passwords)
Configure SSH on routers and switches
Configure Virtual Lans on switches
Configure VLAN Trunking Protocol on switches
Configure Spanning Tree Protocol on switches
Configure Dynamic Host Configuration Protocol on router
Configure Domain Name System on router
Configure encryption and advanced security features on switches and routers
Test configurations using an end device
Backup the configurations on an external TFTP Server
Setup Servers DHCP, DNS, WEB, EMAIL SERVER, DATA, BACKUP.
. Working Simulation Software design in packet tracer
. Final Report
5. Technical Background and Context
The office network has been designed and development in Packet Tracer. The equipment configured was eleven Cisco Switches 2060 with 12 different VLANs, two Cisco Router 1841 to connect the two branches, two cisco access points for wireless access on the branch of Chelsea, and eight servers.
This report was undertaken with the purpose of learning how to build and configure a computer network. All the concepts configured had to be applied in a particular order and this is shown in technical approach section of this report.
5.1 Command Line Interface (CLI)
The CLI is a text based interface that exists in all switches and routers that allows the network engineer to type commands to set up different features.
The CLI has three different modes. They are the user mode, the privileged mode and global configuration mode. User Mode is the first mode a user has access to after logging into the router. The user mode can be identified by the > prompt following the router name. This mode allows the user to execute only the basic commands, such as those that show the system's status. The router cannot be configured or restarted from this mode. The Privileged mode allows users to view the system configuration, restart the system, and enter router configuration mode. Privileged mode also allows all the commands that are available in user mode. Privileged mode can be identified by the # prompt following the router name. From the user mode, a user can change to Privileged mode, by running the "enable" command. Also we can keep an enable password or enable secret to restrict access to Privileged mode. An enable secret password uses stronger encryption when it is stored in the configuration file and it is safer. The Privileged mode can be identified as Router#.Global Configuration mode allows users to modify the running system configuration. From the Privileged mode a user can move to configuration mode by running the "configure terminal" command from privileged mode. To exit configuration mode, the user can enter "end" command or press Ctrl-Z key combination. The Global Configuration mode can be identified as Router (config) #.
5.2 Telnet and Secure (SSH)
Always on Time
Marked to Standard
Telnet is a protocol that allows an engineer to remotely connect devices such switches and routers. Telnet transmits all data through the wire in clear text (Wendell O.2008a; p.208).
Secure Shell that is commonly known as SSH is basically and encrypted version of telnet. All data sent is encrypted therefore better security guaranteed. Like telnet, SHH also uses TCP but instead of port 23 it uses port 22 (Wendell. O. 2008a; p.208).
Switches and Router
In this project routers and switchers have been configured with some common features such as passwords and encryption, banner message of the day and additionally SSH have been enable and telnet disabled. All the configurations were backup to a TFTP server.
Different features were set up on switches such as Virtual LAN's, VLAN trunking protocol, Spanning Tree protocol and advanced security features such as port security, guard root on the Root Bridge Switch0 and storm-control.
6.1Virtual LANs (VLAN)
Switches assume that all their ports belong to a single LAN that is all the ports belong to the same broadcast domain. In order to configure different ports to have different broadcast domains VLANs have to be configured (Wendell O. 2008a; p.187).
This can be useful because it is possible to have people that reside in the same office working for different departments and be on different subnets thus having access to diferent resources
6.2 VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol (VTP) provides means of exchanging VLAN information between Cisco Switches (Wendell O. 2008b; p16). Ports can be configured as trunks or access. Trunk ports are the ones that connect a switch to another switch or to a router and they are the ones to curry VLAN updates and information. Access ports are the ones that are connected to hosts such as PCs, Servers, Printer etc.
The three requirements that should be fulfilled in order for VTP to work between two switches are the following: The switches have to be configured with same domain name; if anyone has a password then the password should match with the rest and lastly the link between them has to be operating as trunk (Wendell O., 2008b; p.19).
Advanced Security Settings
Several securities were configured on switches such as switchport security, which prevents other devices to be connected to the switch. In fact, it stores the MAC address of a device, lets say a switch, and if someone removes it and places another one, the switch will recognize that and prevent the intrusion.
Another security setting that has been configured was Guard Root. This is only applicable on the Root Bridge (switch0) and it prevents someone who's trying to make another switch as the Root Bridge. If another switch becomes the Root Bridge then all network's VLANs might be altered
Different features were configured on router such as Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Access Control List (ACL) and advanced security such as Syslog logging and SNMP.
7.1 Domain Name System (DNS)
Domain Name System (DNS) as the name says it is a naming system which hierarchical and it applies to any resource that is connected to a private network or the Internet. It's most important feature is that it resolves domain names to IP addresses such as www.google.com to 22.214.171.124 and also hostnames to IP addresses.
7.2 Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides IP addresses to hosts. Along with the IP address it provides subnet mask, default gateway and DNS server if available.
7.3 Access Control List (ACL)
Access Control List as the name says it is a list used for access control.
ACLs define rules that can be used to prevent some packets or frames from flowing through the network based on criteria defined by the network engineer. The goal of these filters is to prevent unwanted traffic in the network or whether preventing hackers from penetrating the network or just preventing employees from using systems they shouldn't (Wendell O.2008b; pp.227-231).
7.4 Advanced Security Settings
This Essay is
a Student's Work
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.Examples of our work
Several security settings were configured on router such as SNMP and Syslog logging. SNMP is a network protocol that monitors network devices and it is used for network management purposes. Syslog is a protocol that is used to store log information and is transmitted in clear text. Syslog logging consists of syslog servers and syslog clients where the server stores messages sent by clients. In this scenario the TFTP Server has been configure as syslog server also.
End devices and specifically PCs and Servers were used for testing and troubleshooting. The following commands have been used: ping, tracert, telnet and ssh. Ping is computer network tool used for testing by sending ICMP echo requests to a host and waits to receive ICMP echo replies. Tracert is another tool that sends packets for statistical purpose and is used for determining the route that the IP packets would follow in a network. Telnet and SSH has already been described in section 5.3 of this report.
8 Technical Approach
8.1 Designing in Packet Tracer and accessing CLI
There are several switches, routers, end devices and connection types in Packet Tracer. To design the network in packet tracer we shall start to select the devices from left bottom corner in packet tracer and drag them to the working area. Appendix 1 shows packet tracer GUI as also the network design.
Two 1841 cisco, eleven Cisco Switches 2060 plus computers, servers two cisco access points from the end devices on packet tracer. From connections straight-through cables were used to connect the end devices to the switches, cross-over cables were used to connect switches between them.
In order to access the cli of a switch or router, we should double click on the switch or router to see the options. Three options will appeared, one is Physical the other is Config and finally CLI. The first message we received after being inside the CLI is asking if we want to use the configuration dialog. I had choice no in order to do it manually. Next step is to go to privileged mode using the command enable, after being in privileged mode we have to go to the next security level that is configuration mode using configure terminal command, in this mode we going to be able to change the router/switch settings.
8.2 Initial Configuration Hostname and Banner MOTD, Passwords and Encryption
In both routers' configuration mode hostname command was typed to assign the router names also on the switchers.
Moreover, in all switch and router #banner motd $ Private router /switch. Unauthorized use prohibited$ was setup to assign the message of the day. This message appears every time someone logs in a switch or router
8.3 Configuring Passwords and Encryption and Configuring SSH
To configure passwords to router and switches the following were typed in conf mode:
Line con 0
exec-timeout 30 10
line vty 0 4
exec-timeout 30 10
Line con 0
exec-timeout 30 10
line vty 0 4
exec-timeout 30 10
line vty 5 15
exec-timeout 30 10
The above configuration assigns the console and vty ports to require password and also sets the password cisco. Additionally, sets timeout to 30 minutes and 10 seconds so that if someone is logged in but inactive for the amount set it will automatically disconnect him due to security reasons. In real time networks this internal can be even less maybe 5 or 10 minutes.
The aforementioned configuration sets up a password for accessing the user mode. In order to configure a privileged mode password type in conf mode enable password cisco. However, this is not encrypted password and appears in clear text when typing show running-config in privileged mode. The same applies for the passwords in console and vty ports. In order to use encryption, type in conf mode service password-encryption.
The command enable secret cisco was used instead of enable password because it assigns a must stronger encrypted password that uses much stronger encryption; called MD5 hash encryption.
SSH was only configured on router since packet tracer does not support the commands needed to configure the switches. To configure SSH on router and at the same time disable Telnet the following were typed in conf mode.
username nuno secret cisco123
ip domain-name nuno.co.uk
crypto key generate rsa
How bits in the module : 1024
Ip ssh version 2
Ip ssh authentication-retries 2
line vty 0 4
transport input ssh
The command Ip ssh authentication-retries 3 ensures additional security since it terminates the connection if a user who tries to connect uses a wrong password for mode than two twice.
9 Switch Configurations
9.1 Configuration of VLANs
In order to configure different VLANs the following took place in Switch Chelsea privileged mode:
Switch Chelsea, Chelsea v2, Chelsea v3:
vlan 120 name Management
vlan 130 name Human Resources
vlan 140 name Accounting
vlan 160 name Finance
vlan 170 name logistics
vlan 180 name IT
vlan 99 name servers
Then VTP was configured in order to carry the VLAN information to other Switches instead of configuring the rest four switches with the same VLANs. To Configure VTP the requirements indicated in Section 5.3.2 shall be fulfilled.
Switch Configuration on Hackney Branch.
Switch Hackney central V2, Hackney Central, Hackney West.
vlan 50 name Managment
vlan 20 name Administration
vlan 30 name Sales
vlan 40 name Marketing
vlan 10 name Servers
9.2 Configuration of VTP
In conf mode of switch Chelsea the following configuration was assigned:
Usrname nuno secret cisco123
vtp domain nuno.co.uk
vtp password cisco123
vtp version 2
vtp mode server
The above configuration took place to the rest of the switches but instead of vtp mode server command, the command vtp mode client was used. Last thing that needed to be configured for VTP to work was the links as either trunks or access. The ports that were connected to host need to be configured as access ports using the command switchport access vlan x where x is vlan's number. Additionally, the command switchport mode trunk was used for links that were connected to other switches or the router (see Appendices 3-7).
9.3 Configuration of Advanced Security on Switches
To ensure better security the following settings were applied to all ports of all switches in conf mode:
Interface range fa0/1 - fa/24
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation shutdown
There are three violations available: restrict, protect and shutdown.
Another setting that was configures was storm control. In order to do that the following command took place in all switches in conf mode:
Interface range fa0/1 - fa0/24
Storm-control broadcast level 80
10. Router Configuration
10.1 Configuration of Router's Interfaces
In order to use the different VLANs router's interface that is connected to switch Chelsea V3, shall be configured with different sub interfaces. The following shows the configuration of a sub interface for VLAN 99 :
encapsulation dot1Q 99
ip address 172.17.99.1 255.255.255.0
The configuration used for vlan 120 name Management, vlan 130 name Human Resources, vlan 140 name Accounting, vlan 160 name Finance, vlan 170 name logistics, vlan 180 name IT is similar to the one shown above it can be found Appendix xxx.
In order to use the different VLANs router's interface that is connected to switch Hackney Central V2, shall be configured with different sub interfaces. The following shows the configuration of a sub interface for VLAN 10:
encapsulation dot1Q 10
ip address 172.17.10.1 255.255.255.0
The configuration used for vlan 50 name Management, vlan 20 name Administration, vlan 30 name Sales, vlan 40 name Marketing is similar to the one shown above it can be found Appendix xxx.
Both routers Chelsea and Hackney have been set up to each other with a serial cable with a clock rate of 9600.
Chelsea network 172.17.0.0
Hackney network 172.16.0.0
Routers route 192.168.3.0
10.2 Configuration of DNS and DHCP on Hackney Router
The router could not be configured as an authoritative DNS Server due to the fact that ip dns server command was not supported. However, the router could be configured as a caching/forwarding DNS that is, it forwards DNS queries to another DNS which is in this case a Server.
Therefore, DNS service on Hackney branch DNS Server shown in Appendix XX was enabled and the server was assigned the IP address of 172.16.10.8. The following configuration took place in router conf mode in order to configure both DNS and DHCP Services.
Ip domain-name nuno.co.uk
Ip name-server 172.16.10.8
Ip dhcp pool vlan10
network 172.16.10.0 255.255.255.0
default router 172.16.10.1
dns server 172.16.10.8
ip dhcp excluded-address 172.16.10.1 172.16.10.15
The configuration shown above configures the router to forward DNS queries to DNS server with IP of 172.16.10.8. Additionally, a pool was created for vlan10 that assigns hosts an IP in the range 172.16.10.16 to 172.16.10.254 since an exclusion range 172.16.10.1 to 172.16.10.15 was left for static IP address such servers, printers and additional routers .
Similar pools were created for vlan 50 name Management, vlan 20 name Administration, vlan 30 name Sales, vlan 40 name Marketing, are shown in appendix XXX
10.3 Configuration of DNS and DHCP on Chelsea Router
On Chelsea router I have used a different approach, I had implemented a dedicated DHCP server with the IP 172.17.99.100, in order to archive this I had used the command IP helper-address on cisco router.
10.4 Configuration of Advanced Security on Router
The router was configured with Logging and also SNMP. A way to configure logging on a router is by logging buffered 4096 in conf mode. However, this command logs messages to an internal buffer. In order to have centralised logging a Server is needed and has to be configured as Syslog Server. In this scenario, TFTP Server shown in Appendix xxx was configured as a Syslog Server also. The command logging 172.17.99.3 was used in Chelsea router in conf mode to point the server and also the command logging trap to set different logging levels. The only available level in Packet Tracer is debugging. Lastly, to configure SNMP on the router, snmp-server community nuno ro was used.
11. Back Up Configuration
In order to backup configurations, an external TFTP was needed. This TFTP is shown in Appendix xxx . In order save configurations on the TFTP the following commands were used in privileged mode.
Copy run tftp
Address or name of remote host ?
destination filename [Chelsea-config]?
Chelsea Router config
Copy run tftp
Address or name of remote host ?
destination filename [Chelsea V3-config]?
Chelsea V3 switch config
Similar configurations took place on Hackney Branch.
This report was written in an amateur user's perspective therefore can be used as a manual of how to configure a small network in Packet Tracer. Thus Technical Approach section of this report presents the right order of how configurations should take place when developing a network.
However, several problems aroused during software's development that are not mentioned in earlier sections in order to avoid user's confusion. One problem was that when trying to configure router as an Authoritative DNS Server, the command IP DNS server was not supported. Therefore, the router could not be configured as an Authoritative DNS Server but it was configured, as a Caching/Forwarding DNS were all queries are sent to an external Server that had the DNS Service enabled.
Another issue was that after configuring the Switches with VLANs, VTP and STP the network stopped functioning. The program crushed several times and prompted different error messages. After several attempts the problem was found to be that all the switches hadn't been configured with a default gateway thus any traffic generation caused the software to crush.
The third problem that occurred was DHCP and DNS. Firstly, these two services were configured at an earlier stage than they should and more specifically they were configured before VLANs; thus only one pool of addresses was assigned on DHCP. The whole had to be changed since different VLANs had to use different pools of addresses that is, to be on a different subnet.
Additionally, DNS had to be configured before DHCP and not the other way around which happened at an early stage of network's development. Last issue that came up with these two services was solved by disabling all services apart from DNS on DNS server and disabling all services apart from DHCP on the DHCP Server. What made the problem was that the DNS had also DHCP service enabled and they were both on the same subnet therefore allowing duplication to occur.
Another problem that took place was when trying to back up Switches' configurations on TFTP server. Router's configuration had not problem to be backed up. The problem with Switches was solved by assigning IP addresses one each VLAN for every Switch.
Lastly, the command ip ssh authentication-retries 3 was configured at a later stage and not the one mentioned. This ensures additional security since it terminates the connection if a user who tries to connect uses a wrong password for more than two times. Another thing that was realized is that username nuno password cisco was used which has no encryption thus not secure; it was cancelled using no username nuno and then username nuno secret cisco was used to assign a more secure password.
All the aforementioned problems made network's development more difficult however all have been solved. Additionally, they are shown in Final Project Planning section of this report, which differs from Initial Planning, since predicted time was altered.
14. Conclusions and Recommendations for Further Work
â€¢ The aims and objectives of the project were clearly defined.
â€¢ Literature review on computer networks had been conducted.
â€¢ Initial Project Planning was carried out.
â€¢ All necessary software has been gathered.
â€¢ Research into different networking concepts has been carried out.
â€¢ Packet Tracer's capabilities have been utilized throughout.
â€¢ Design and development of a small network has been done.
â€¢ Testing took place throughout the course of this project.
â€¢ Simple Websites were created using HTML code.
â€¢ Working simulation software has been produced.
The application was produced using initially Packet Tracer 5.2 and then Packet Tracer 5.3, which supports advanced security features. Several different solutions were investigated aiming to make the software work in line with project's expectations and to troubleshoot all identified issues.
All objectives have been achieved however one of them was slightly altered. That was to configure the router as a DNS server. Since commands needed were not available the router has been configured as a Caching/Forwarding DNS instead of an Authoritative DNS.
Further work can be done on this project such as Authentication Authorization and Accounting (AAA) configuration, which is another network security feature.
Another point to be mentioned is that the current network is an internal network with no Internet access since not all VLANs use private addresses. For future work all internal VLANs can be configured with private addresses, an ISP can be added and NAT can be applied on the router to translate all private addresses to one public address.
Last recommendation for future work is to add more routers to the network; maybe creating different branches of a company to different countries.
Byrne J. (1999) Network+ Certification Study System lOG Books Worldwide: USA
Castano, V. (2009) March 2009 [Online]
Available from: http://lmu2008a.blogspot com/2009 03 01 archive.html
[Accessed 17 November 2012]
CertBible (2009) Packet Tracer 5.2 [Online]
Available from: http://www.certb1ble.org/packet-tracer-5-2/
[Accessed 16 November 2012]
Cisco (2008a) Frequently Asked Questions: Packet Tracer 5. 1 [Online]
http://www.cisco.com/web/learning/netacad/downloads/pdf/PT5 1 FAQ Dec08.pdf
[Accessed: 03 November 2012]
Shannon, R. (2007) what is HTML? [Online]
Available from: http://www.yourhtmlsource.com/starthere/whatishtml.html
[Accessed 30 November 2012]
Tanenbaum A. (2003) Computer Networks (4th Edition) Pearson Education: USA
Wendell 0. (2008a) CCENT/CCNA ICND1: Official Exam Certification Guide
2nd Edition Indianapolis: USA
(2008b) CCNA ICND2: Official Exam Certification Guide 2nd Edition
Willard, W. (2003) HTML A Beginner's Guide (2nd Edition) McGraw Hill: USA
Xiao P. (2012) Lecture Notes Week 1 and Week 9 Network Technologies and Design London: London South Bank University