“Network
Design And Security “
A major
project submitted for partial fulfilmentof
requirement for Degree of
Bachelors in Engineering of Information and Technolgy(BEIT).
Project
Submitted by:
KishorMaharjan
..............................
Project Supervisor:
Mr........................
Department
of Computer Science and IT Engineering
Nepal
College of Information and Technology
NCIT
NEPAL
COLLEGE of INFORMATION and TECHNOLOGY
NCIT
CERTIFICATE
OF APPROVAL
The undersigned certify that they have read and
recommended to the Department of Computer Science and IT Engineering for acceptance, a
project report entitled ……………………………………………………….. submitted by …………………….
………………………… ………………….. …………………………… for partial fulfillment for the degree of
Bachelor of Engineering in Information Technology.
…………………………..
(Mr......................)
Supervisor
Nepal College of Information
and Technology
NCIT
Acknowledgement
It gives us immense pleasure to express our deepest
sense of gratitude and sincere thanks to our respected and esteemed guide Er. ……………………….,
for his valuable guidance, encouragement
and help for completing this work. His useful suggestions for this whole work and
co-operative behavior are sincerely acknowledged.
We would like to express our sincere thank to Er……………………………..,
for giving us this opportunity to undertake this project. We would also like to
thank.
We are also grateful to our teachers for their constant support and guidance.
At the end we would like to express our sincere thanks
to all our friends and others who helped us directly or indirectly during this
project work.We are obliged to our
project supervisor , teachers , and
other friend’s who have lended a helping
hand in completion of our final major
project.
Abstract:
Computer network
an abundant part of advancement in computer technology is persistently growing. In simple lay man terms computer networking means
interconnnectionof two or more than two
computers through a physical i.e.(wired/wireless) medium. When the term network pops out , some
technical jargons like router, switch,CAT 6/4/5, routing protocols like
EIGRP,OSPF , RIP , wireless routers , CISCO , hub , IP addressing , Subnetting
..etc. Beside computer networking can be done in various ways , designs like
Enterprise design for private companies , college/school network designs
dedicated for colleges , schools.
Our current project aims towards design of network for
college. We have provided a simple design concept , we have introduced all the
aspects a project should have like
designs prototype . Besides network designs we also have introduced some
security measures like password , ACL ,Encryption, site to site VPN,VLAN. We
are aiming to provide optimal and
efficient design for our college
Table of Contents
Title Page
no
Acknowledgement 4
Abstract 5
List of figures 7
Abbreviation 8
Introduction 9
1.1
Types 10
1.2
Topology 11-13
1.3
Routing 13-18
1.4
VPN 18
1.5
VLAN 18
1.6
ACL 19
1.7
Encryption 19
1.8
Medium 19-20
1.9
Router/switch 21
References 22
Appendices
1.
Appendices I 23-27
2.
Appendices-II 28-51
List of figures
Fig.
number Page.no Figure
I 50 Network
topology
II 51 LAN/MAN
III 52 Physical
design
IV 53 Logical
design
Abbreviation:
EIGRP
Enhanced Interior Gateway Routing Protocol
OSPF Open
Shortest Path First
RIP Routing
Internet Protocol
IP Internet
Protocol
VLAN
Virtual Local Area
Network
VPN
Virtual Private
Network
ACL
Access Control List
SSH Secured
Shell
IEEE Institute of Electrical and
Electronic Engineers
HMAC Header
Mac Authentication Code
MD5 Message
Digest Algorithm
ASN
Autonomous System
Number
TCP/IP Transmission
Control Protocol Internet Protocol
DTE Data Terminal Equipment
DCE Data Circuit-terminating
Equipment
Introduction:
Computer
network is a part of growing and developing , advancement in field of computer
science . It is simply inter connection of two or more computers through a
medium . Internet is a example of extensive networking .Computer networks has list
of advantages
Ø Hardware
sharing
Ø File
sharing
Ø Resource
sharing
Ø Information
Exchange
When
the term network is in consideration there are various headers , constitutes
that overall form a integrated network
.Some constitutes are
·
Types
·
Topology
·
Routing
·
Vpn
·
Vlan
·
Acl
·
Encryption
·
Medium
·
Router/switch
Some
intel on constitutes of network are listed below.
1.1 Types:
There
are primarily three types of network
1. Lan
2. Wan
3. Man
LAN:
ü it
abbreviates for local area network
ü it
covers less geographical area
ü speed
is measured in kbps
ü bit error
rate is 1bit in 10^9 bits
ü it
is suitable for a building, small offices
WAN:
ü it
abbreviates for wide area network
ü it
covers more geographic area
ü speed
is measured in mbps
ü bit
error rate is 1 in 10^12 bits
ü it
is suitable for large scale organization
MAN
ü it
abbreviate for metropolitan area network
ü it
interconnects multiple LAN’s
ü it
provides uplink facility to WAN, internet
1.2 Topology:
There
are various types of topologies
ü bus
ü ring
ü star
ü tree
ü mesh
Bus
In local area networks where bus topology is
used, each node is connected to a single cable. Each computer or server is
connected to the single bus cable. A signal from the source travels in both
directions to all machines connected on the bus cable until it finds the
intended recipient. If the machine address does not match the intended address
for the data, the machine ignores the data. Alternatively, if the data matches
the machine address, the data is accepted. Since the bus topology consists of
only one wire, it is rather inexpensive to implement when compared to other
topologies. However, the low cost of implementing the technology is offset by
the high cost of managing the network. Additionally, since only one cable is
utilized, it can be the single
point of failure. If the
network cable is terminated on both ends and when without termination
data transfer stop and when cable breaks, the entire network will be down.
Star
In local area networks with
a star topology, each network host is connected to a central hub with a
point-to-point connection. In Star topology every node (computer workstation or
any other peripheral) is connected to central node called hub or switch. The
switch is the server and the peripherals are the clients. The network does not
necessarily have to resemble a star to be classified as a star network, but all
of the nodes on the network must be connected to one central device. All
traffic that traverses the network passes through the central hub. The hub acts
as a signal
repeater. The star topology is considered the easiest
topology to design and implement. An advantage of the star topology is the
simplicity of adding additional nodes. The primary disadvantage of the star
topology is that the hub represents a single point of failure.
Ring
A network topology that is
set up in a circular fashion in which data travels around the ring in one
direction and each device on the right acts as a repeater to keep the signal
strong as it travels. Each device incorporates a receiver for the incoming
signal and a transmitter to send the data on to the next device in the ring.
The network is dependent on the ability of the signal to travel around the
ring.
Mesh
The value of fully meshed
networks is proportional to the exponent of the number of subscribers, assuming
that communicating groups of any two endpoints, up to and including all the
endpoints, is approximated by Reed's
Law.
Tree
The type of network
topology in which a central 'root' node (the top level of the hierarchy) is
connected to one or more other nodes that are one level lower in the hierarchy
(i.e., the second level) with a point-to-point link between each of the second level
nodes and the top level central 'root' node, while each of the second level
nodes that are connected to the top level central 'root' node will also have
one or more other nodes that are one level lower in the hierarchy (i.e., the
third level) connected to it, also with a point-to-point link, the top level
central 'root' node being the only node that has no other node above it in the
hierarchy (The hierarchy of the tree is symmetrical.) Each node in the network
having a specific fixed number, of nodes connected to it at the next lower
level in the hierarchy, the number, being referred to as the 'branching factor'
of the hierarchical tree.This tree has individual peripheral nodes.
1.3 Routing:
It is simply technique in
networking by which we expose networks inclined to others routers in connected
to primary router. There are two types
of routing
ü Static
routing
ü Dynamic
Routing
Static
routing is preferred when there are just
two routers in connection
Dynamic
routing is preferred when there are multiple routers in converged network. It
uses various protocols
ü EIGRP
ü OSPF
ü RIP
Open Shortest Path First (OSPF) is a
link-state routing protocol for Internet Protocol (IP) networks. It uses a link
state routing algorithm and falls into the group of interior routing protocols,
operating within a single autonomous system (AS). It is defined as OSPF Version
2 in RFC 2328 (1998) for IPv4.[1] The updates for IPv6 are specified as OSPF
Version 3 in RFC 5340.
OSPF is perhaps the most widely used interior
gateway protocol (IGP) in large enterprise networks. IS-IS, another link-state
dynamic routing protocol, is more common in large service provider networks.
The most widely used exterior gateway protocol is the Border Gateway Protocol
(BGP), the principal routing protocol between autonomous systems on the
Internet.
OSPF is an interior gateway protocol that
routes Internet Protocol (IP) packets solely within a single routing domain
(autonomous system). It gathers link state information from available routers
and constructs a topology map of the network. The topology determines the
routing table presented to the Internet Layer which makes routing decisions
based solely on the destination IP address found in IP packets. OSPF was
designed to support variable-length subnet masking (VLSM) or Classless
Inter-Domain Routing (CIDR) addressing models.
OSPF detects changes in the topology, such as
link failures, very quickly and converges on a new loop-free routing structure
within seconds. It computes the shortest path tree for each route using a
method based on Dijkstra's algorithm, a shortest path first algorithm.
The OSPF routing policies to construct a
route table are governed by link cost factors (external metrics) associated
with each routing interface. Cost factors may be the distance of a router
(round-trip time), network throughput of a link, or link availability and
reliability, expressed as simple unitless numbers. This provides a dynamic
process of traffic load balancing between routes of equal cost.
An OSPF network may be structured, or
subdivided, into routing areas to simplify administration and optimize traffic
and resource utilization. Areas are identified by 32-bit numbers, expressed
either simply in decimal, or often in octet-based dot-decimal notation,
familiar from IPv4 address notation.
By convention, area 0 (zero) or 0.0.0.0
represents the core or backbone region of an OSPF network. The identifications
of other areas may be chosen at will; often, administrators select the IP
address of a main router in an area as the area's identification. Each
additional area must have a direct or virtual connection to the backbone OSPF
area. Such connections are maintained by an interconnecting router, known as
area border router (ABR). An ABR maintains separate link state databases for each
area it serves and maintains summarized routes for all areas in the network.
OSPF does not use a TCP/IP transport protocol
(UDP, TCP), but is encapsulated directly in IP datagrams with protocol number
89. This is in contrast to other routing protocols, such as the Routing
Information Protocol (RIP), or the Border Gateway Protocol (BGP). OSPF handles
its own error detection and correction functions.
RIP
routing protocol
The Routing Information Protocol (RIP) is a
distance-vector routing protocol, which employs the hop count as a routing
metric. RIP prevents routing loops by implementing a limit on the number of
hops allowed in a path from the source to a destination. The maximum number of
hops allowed for RIP is 15. This hop limit, however, also limits the size of
networks that RIP can support. A hop count of 16 is considered an infinite
distance and used to deprecate inaccessible, inoperable, or otherwise
undesirable routes in the selection process.
RIP implements the split horizon, route
poisoning and holddown mechanisms to prevent incorrect routing information from
being propagated. These are some of the stability features of RIP. It is also
possible to use the so called RMTI[1] (Routing Information Protocol with
Metric-based Topology Investigation) algorithm to cope with the
count-to-infinity problem. With its help, it is possible to detect every
possible loop with a very small computation effort.
Originally each RIP router transmitted full
updates every 30 seconds. In the early deployments, routing tables were small
enough that the traffic was not significant. As networks grew in size, however,
it became evident there could be a massive traffic burst every 30 seconds, even
if the routers had been initialized at random times. It was thought, as a result
of random initialization, the routing updates would spread out in time, but
this was not true in practice. Sally Floyd and Van Jacobson showed in 1994[2]
that, without slight randomization of the update timer, the timers synchronized
over time. In most current networking environments, RIP is not the preferred
choice for routing as its time to converge and scalability are poor compared to
EIGRP, OSPF, or IS-IS (the latter two being link-state routing protocols), and
(without RMTI) a hop limit severely limits the size of network it can be used
in. However, it is easy to configure, because RIP does not require any
parameters on a router unlike other protocols (see here for an animation of
basic RIP simulation visualizing RIP configuration and exchanging of Request
and Response to discover new routes).
Versions
There are three versions of the Routing
Information Protocol: RIPv1, RIPv2, and RIPng.
RIP
version 1
The original specification of RIP, defined in
RFC 1058,[4] uses classful routing. The periodic routing updates do not carry
subnet information, lacking support for variable length subnet masks (VLSM).
This limitation makes it impossible to have different-sized subnets inside of
the same network class. In other words, all subnets in a network class must
have the same size. There is also no support for router authentication, making
RIP vulnerable to various attacks.
RIP
version 2
Due to the deficiencies of the original RIP
specification, RIP version 2 (RIPv2) was developed in 1993[5] and last
standardized in 1998.[6] It included the ability to carry subnet information,
thus supporting Classless Inter-Domain Routing (CIDR). To maintain backward
compatibility, the hop count limit of 15 remained. RIPv2 has facilities to
fully interoperate with the earlier specification if all Must Be Zero protocol
fields in the RIPv1 messages are properly specified. In addition, a
compatibility switch feature allows
fine-grained interoperability adjustments.
EIGRP
routing protocol
Enhanced Interior Gateway Routing Protocol -
(EIGRP) is a Cisco proprietary routing protocol loosely based on their original
IGRP. EIGRP is an advanced distance-vector routing protocol, with optimizations
to minimize both the routing instability incurred after topology changes, as
well as the use of bandwidth and processing power in the router. Routers that
support EIGRP will automatically redistribute route information to IGRP
neighbors by converting the 32 bit EIGRP metric to the 24 bit IGRP metric. Most
of the routing optimizations are based on the Diffusing Update Algorithm (DUAL)
work from SRI, which guarantees loop-free operation and provides a mechanism
for fast convergence.
EIGRP Composite and Vector metrics
EIGRP associates six (6) different vector
metrics with each route and considers only four (4) of the vector metrics in
computing the Composite metric:
Vector metric:
·
Minimum bandwidth is 64 Kbit
·
Total delay is 25000 microseconds
·
Reliability is 255/255
·
Load is 197/255
·
Minimum MTU is 576
·
Hop count is 1
1.4
VPN:
ü It abbreviates for virtual private networks
ü It is a security measure adopted in to secure communication channel
ü To support vpn router must support version CES-K9
ü Vpn is done site to site
1.5 VLAN:
ü It is a type of security measure applied in switch
ü It is represented by a unique number
ü Computers connected in one vlan cannot access
computers in another vlan
ü Vlan is represented by unique number and a name.
1.6 ACL:
ü Access lists are implemented in router interfaces
ü ACL is applied on either inbound traffic or outbound
traffic
ü Access list are useful in a traffic filtering
ü There are various types of access lists
1.
Standard access
list
2.
Extended access
list
1.7 Encryption:
ü It is a type of security measure adopted for security
purpose.
ü It encodes plain messages with a encryption key transforming it into encrypted message and
thus same encrypted key must be used for
decoding.
ü Algorithms like rsa, md5 , hmac
1.8 Medium:
ü In computer network
there are two types of medium wired and wireless.
ü Referring to wired medium twisted pair, crossover Ethernet wires, co
axial cable belong to this category
ü Referring to wireless medium wifi belongs to this
category
Optical fiber
An optical
fiber (or
optical fiber) is a flexible, transparent fiber made of glass (silica) or plastic, slightly thicker than a human hair. It
functions as a waveguide, or “light pipe”,[1]
to transmit light between the two ends of the fiber.[2]
The field ofapplied science and engineering
concerned with the design and application of optical fibers is known as fiber
optics. Optical fibers are widely used in fiber-optic
communications, which permits
transmission over longer distances and at higher bandwidths (data rates) than other forms of communication.
Fibers are used instead of metal wires because signals travel along them with less loss
and are also immune to electromagnetic
interference. Fibers are also used for illumination, and are wrapped in bundles so that they may be
used to carry images, thus allowing viewing in confined spaces. Specially
designed fibers are used for a variety of other applications, including sensors and fiber lasers.
Optical
fibers typically include a transparentcore surrounded by a transparent cladding material with a lower index of
refraction. Light is kept in the core
by total
internal reflection. This
causes the fiber to act as a waveguide. Fibers that support many propagation paths or transverse modes
are called multi-mode fibers (MMF), while those that only support a single mode
are called single-mode
fibers (SMF). Multi-mode fibers
generally have a wider core diameter, and are used for short-distance
communication links and for applications where high power must be transmitted.
Single-mode fibers are used for most communication links longer than 1,050
meters (3,440 ft).
Ethernet wires are also mode of
wired communication which uses four pair of wires , it has data transfer rate
from 10 mbps to 1 gbps. There are also two types of standards in Ethernet
wiring ,
T568A/B to T568 A/B
T568A/B to T568 B/A
1.9 Router:
Ø it is a
layer 3 device
Ø it resides
in network layer
Ø its key
functions are to send and receive packets from one network to another network
Ø it
constitute of Ram, NVram , Rom , Processors , routed ports
Ø there are
different vendors of routers like cisco, huawei ..etc
Switch:
Ø switch does the job of bridging two different devices
of different domain/same like router-àPC,
router àrouter
Ø it routes packet at datalink layer (layer 2)
Ø some switches routes
packet at network level , commonly known as L3 switches.
Ø It isolates collision domain but extends broadcast
domain
Ø Some features of switches are listed below
ü port security
ü trunking
ü security features like sticky mac
References:
— A
project titled “JWD Network update” by Rosalie Murphy Marcus Wilson,Jonathan
Kisor Juan Hernandez with Joseph H. Schuessler, Ph.D. as
project manager(2011)
— Http://cisco.netacad.com [accessed on 17/12/2012]
— Http://www.fortinet.com [accessed on 27/11/2012]
Appendix-I
Main
switch
!
version 12.2
no service timestamps log
datetimemsec
no service timestamps
debug datetimemsec
no service
password-encryption
!
hostname Switch
!
enable secret 5
$1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
username admin secret 5
$1$mERr$vTbHul1N28cEp8lkLqr0f/
usernamekishor secret 5
$1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport trunk allowed
vlan 60,70,80
!
interface FastEthernet0/4
switchport access vlan 90
switchport trunk allowed
vlan 60,70,80
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
switchport trunk allowed
vlan 60,70,80
switchport mode access
!
interface FastEthernet0/9
!
interface
FastEthernet0/10
!
interface
FastEthernet0/11
!
interface
FastEthernet0/12
!
interface
FastEthernet0/13
!
interface
FastEthernet0/14
!
interface
FastEthernet0/15
!
interface
FastEthernet0/16
!
interface
FastEthernet0/17
!
interface
FastEthernet0/18
!
interface
FastEthernet0/19
!
interface
FastEthernet0/20
switchport trunk allowed
vlan 60,70,80
switchport mode trunk
!
interface
FastEthernet0/21
switchport access vlan 50
switchport mode access
!
interface
FastEthernet0/22
switchport access vlan 50
switchport mode access
interface
FastEthernet0/23
switchport access vlan 50
switchport mode access
interface
FastEthernet0/24
switchport trunk allowed
vlan 50,60,70,80
switchport mode trunk
!
interface
GigabitEthernet1/1
!
interface
GigabitEthernet1/2
!
interface Vlan1
noip address
shutdown
!
line con 0
login local
!
linevty 0 4
login local
linevty 5 15
login
end
Appendix II
Main Router Block A
Current
configuration : 3114 bytes
!
version
12.4
no
service timestamps log datetimemsec
no
service timestamps debug datetimemsec
no
service password-encryption
!
hostnamerouterA
!
enable
secret 5 $1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
ipdhcp
excluded-address 192.168.10.100
!
ipdhcp
pool SERVERPOOL
network
192.168.10.0 255.255.255.252
default-router
192.168.10.2
!
username
admin privilege 15 secret 5 $1$mERr$vTbHul1N28cEp8lkLqr0f/
usernamekishor
privilege 0 secret 5 $1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
cryptoisakmp
policy 10
encr
3des
hash
md5
authentication
pre-share
group
2
!
cryptoisakmp
policy 11
encr
3des
hash
md5
authentication
pre-share
group
2
!
cryptoisakmp
key vpn@#key address 172.16.2.1
cryptoisakmp
key vpn1@key address 172.16.2.6
!
cryptoipsec
transform-set vpnset esp-3des esp-md5-hmac
cryptoipsec
transform-set vpnset1 esp-3des esp-md5-hmac
!
crypto
map vpnmap 10 ipsec-isakmp
! Incomplete
set
peer 172.16.2.1
set
transform-set vpnset
match
address 100
!
crypto
map vpnmap1 11 ipsec-isakmp
! Incomplete
set
peer 172.16.2.6
set
transform-set vpnset1
match
address 100
!
ip
domain-name router.com
!
spanning-tree
mode pvst
!
class-map
type inspect match-any cmap-1
match
protocol http
match
protocol telnet
match
protocol icmp
!
policy-map
type inspect pmap-1
class
type inspect cmap-1
inspect
!
zone
security inside
zone
security outside
zone-pair
security in-out source inside destination outside
service-policy
type inspect pmap-1
!
interface
Loopback0
ip
address 2.2.2.2 255.255.255.255
!
interface
FastEthernet0/0
ip
address 192.168.10.2 255.255.255.252
zone-member
security outside
duplex
auto
speed
auto
!
interface
FastEthernet0/1
ip
address 172.16.1.5 255.255.255.252
zone-member
security inside
duplex
auto
speed
auto
!
interface
Serial0/0/0
ip
address 172.16.2.2 255.255.255.252
zone-member
security inside
clock
rate 2000000
crypto
map vpnmap
!
interface
Serial0/0/1
ip
address 172.16.2.5 255.255.255.252
zone-member
security inside
crypto
map vpnmap1
!
interface
Vlan1
noip
address
shutdown
!
routereigrp
100
redistribute
rip metric 1 0 1 1 1
redistributeospf
1 metric 1 1 1 1 1
network
2.2.2.2 0.0.0.0
network
192.128.10.0
network
172.16.2.0 0.0.0.3
network
192.168.1.0
network
192.168.2.0
network
100.10.1.0 0.0.0.3
no
auto-summary
!
routerospf
1
log-adjacency-changes
redistribute
rip metric 10 subnets
redistributeeigrp
100 metric 10 subnets
network
2.2.2.2 0.0.0.0 area 0
network
192.168.10.0 0.0.0.255 area 0
network
172.16.1.4 0.0.0.3 area 0
network
192.168.5.0 0.0.0.255 area 0
network
192.168.6.0 0.0.0.255 area 0
network
192.168.7.0 0.0.0.255 area 0
network
192.168.8.0 0.0.0.255 area 0
network
192.168.51.0 0.0.0.255 area 0
network
192.168.50.0 0.0.0.255 area 0
!
router
rip
version
2
redistributeeigrp
100 metric 1
redistributeospf
1 metric 1
network
2.0.0.0
network
172.16.0.0
network
192.168.3.0
network
192.168.4.0
network
192.168.10.0
network
192.168.52.0
!
ip
classless
!
nocdp
run
!
line
con 0
login
local
linevty
0 4
login
local
transport
input ssh
!
end
Router A
Current configuration :
2212 bytes
!
version 12.4
no service timestamps log
datetimemsec
no service timestamps
debug datetimemsec
no service
password-encryption
!
hostnamerouterA
!
enable secret 5
$1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
ipdhcp excluded-address
192.168.5.100
ipdhcp excluded-address
192.168.8.100
ipdhcp excluded-address
192.168.6.100
ipdhcp excluded-address
192.168.7.100
!
ipdhcp pool STAFFPOOL
network 192.168.8.0
255.255.255.0
default-router
192.168.8.100
ipdhcp pool RECPPOOL
network 192.168.7.0
255.255.255.0
default-router
192.168.7.100
ipdhcp pool OFFICEPOOL
network 192.168.6.0
255.255.255.0
default-router
192.168.6.100
ipdhcp pool LABPOOL
network 192.168.5.0
255.255.255.0
default-router
192.168.5.100
!
username admin privilege
15 secret 5 $1$mERr$vTbHul1N28cEp8lkLqr0f/
usernamekishor privilege
0 secret 5 $1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
ip domain-name
routerA.com
!
spanning-tree mode pvst
!
interface Loopback0
ip address 4.4.4.4
255.255.255.255
!
interface FastEthernet0/0
noip address
duplex auto
speed auto
!
interface
FastEthernet0/0.50
description connection
from VLANLAB
encapsulation dot1Q 50
ip address 192.168.5.100
255.255.255.0
!
interface
FastEthernet0/0.60
description connection
from OFFICEVLAN
encapsulation dot1Q 60
ip address 192.168.6.100
255.255.255.0
!
interface
FastEthernet0/0.70
description connection
from RECPVLAN
encapsulation dot1Q 70
ip address 192.168.7.100
255.255.255.0
!
interface
FastEthernet0/0.80
description connection
from STAFFVLAN
encapsulation dot1Q 80
ip address 192.168.8.100
255.255.255.0
!
interface FastEthernet0/1
ip address 172.16.1.6
255.255.255.252
duplex auto
speed auto
!
interface Vlan1
noip address
shutdown
!
routerospf 1
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0
area 0
network 172.16.1.4
0.0.0.3 area 0
network 192.168.5.0
0.0.0.255 area 0
network 192.168.6.0
0.0.0.255 area 0
network 192.168.7.0
0.0.0.255 area 0
network 192.168.8.0
0.0.0.255 area 0
network 192.168.50.0
0.0.0.255 area 0
network 192.168.51.0
0.0.0.255 area 0
!
router rip
!
ip classless
!
nocdp run
!
line con 0
login local
linevty 0 4
login local
transport input ssh
!
end
Ø
Router
B
Current configuration :
2464 bytes
!
version 12.4
no service timestamps log
datetimemsec
no service timestamps
debug datetimemsec
no service
password-encryption
!
hostnameRouterB
!
enable secret 5
$1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
ipdhcp excluded-address
192.168.1.100
ipdhcp excluded-address 192.168.2.100
!
ipdhcp pool EXAMPOOL
network 192.168.1.0
255.255.255.0
default-router
192.168.1.100
ipdhcp pool
STUDENT_LAB_POOL
network 192.168.2.0
255.255.255.0
default-router
192.168.2.100
ipdhcp pool EXAMSERVER
network 100.10.1.0
255.255.255.252
default-router 100.10.1.1
!
username admin privilege
15 secret 5 $1$mERr$vTbHul1N28cEp8lkLqr0f/
usernamekishor privilege
0 secret 5 $1$mERr$9d8ljQ53KL8GWUrgU49rp.
!
cryptoisakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
cryptoisakmp key vpn@#key
address 172.16.2.2
!
cryptoipsec transform-set
vpnset esp-3des esp-md5-hmac
!
crypto map vpnmap 10
ipsec-isakmp
! Incomplete
set peer 172.16.2.2
set transform-set vpnset
match address 100
!
!
!
spanning-tree mode pvst
!
interface Loopback0
ip address 1.1.1.1
255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.1.1
255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
noip address
duplex auto
speed auto
!
interface
FastEthernet0/1.10
description connection
from EXAMVLAN
encapsulation dot1Q 10
ip address 192.168.1.100
255.255.255.0
!
interface
FastEthernet0/1.20
description connection
from STUDENTVLAN
encapsulation dot1Q 20
ip address 192.168.2.100
255.255.255.0
!
interface Serial0/0/0
ip address 172.16.2.1
255.255.255.252
crypto map vpnmap
!
interface Serial0/0/1
noip address
clock rate 2000000
!
interface Ethernet0/1/0
ip address 100.10.1.1
255.255.255.252
ip access-group 1 in
ip access-group 1 out
duplex auto
speed auto
!
interface Vlan1
noip address
shutdown
!
routereigrp 100
network 1.1.1.1 0.0.0.0
network 172.16.2.0
0.0.0.3
network 192.168.1.0
network 192.168.2.0
network 100.10.1.0
0.0.0.3
auto-summary
!
router rip
!
ip classless
!
access-list 1 deny
192.168.2.0 0.0.0.255
access-list 1 deny
192.168.3.0 0.0.0.255
access-list 1 deny
192.168.5.0 0.0.0.255
access-list 1 deny
192.168.7.0 0.0.0.255
access-list 1 deny
192.168.8.0 0.0.0.255
access-list 1 deny
192.168.51.0 0.0.0.255
access-list 1 deny
192.168.52.0 0.0.0.255
access-list 1 deny
192.168.50.0 0.0.0.255
access-list 1 permit any
!
line con 0
login local
linevty 0 4
login local
!
End
Router D
Current configuration :
1927 bytes
!
version 12.4
no service timestamps log
datetimemsec
no service timestamps
debug datetimemsec
no service
password-encryption
!
hostnameRouterD
!
enable secret 5
$1$mERr$vTbHul1N28cEp8lkLqr0f/
!
ipdhcp excluded-address
192.168.3.100
ipdhcp excluded-address
192.168.4.100
!
ipdhcp pool BBAPOOL
network 192.168.4.0
255.255.255.0
default-router
192.168.4.100
ipdhcp pool STAFFPOOL
network 192.168.3.0
255.255.255.0
default-router
192.168.3.100
!
username admin privilege
15 secret 5 $1$mERr$vTbHul1N28cEp8lkLqr0f/
usernamekishor privilege
0 secret 5 $1$mERr$9d8ljQ53KL8GWUrgU49rp.
username login privilege
15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
cryptoisakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
!
cryptoisakmp key
vpn1@#key address 172.16.2.5
!
cryptoipsec transform-set
vpnset1 esp-3des esp-md5-hmac
!
crypto map vpnmap1 11
ipsec-isakmp
! Incomplete
set peer 172.16.2.5
set transform-set vpnset1
match address 100
!
spanning-tree mode pvst
!
interface Loopback0
ip address 3.3.3.3
255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.1.3
255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.100
255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1.30
description connection
from VLANBBA
encapsulation dot1Q 30
ip address 192.168.3.100
255.255.255.0
!
interface
FastEthernet0/1.40
encapsulation dot1Q 40
ip address 192.168.4.100
255.255.255.0
!
interface Serial0/0/0
noip address
clock rate 2000000
!
interface Serial0/0/1
ip address 172.16.2.6
255.255.255.252
clock rate 2000000
crypto map vpnmap1
!
interface Vlan1
noip address
shutdown
!
router rip
version 2
network 3.0.0.0
network 172.16.0.0
network 192.168.3.0
network 192.168.4.0
network 192.168.52.0
no auto-summary
!
ip classless
!
line con 0
login local
linevty 0 4
login local
end
Network
Topologies:
Fig no. I
LAN/MAN:
Fig no II
Physical network
design
Fig no. III
Logical design
Fig no. IV
