In this Capstone Project activity, you will demonstrate your ability to:
- Design and implement an IPv4 VLSM addressing scheme that fulfills the requirements
- Design and implement an IPv6 VLSM addressing scheme that fulfills the requirements
- Design, configure, verify, and secure EIGRP for the necessary networks
- Design, configure and verify Link Aggregation, RapidPVST+, FHRP, Port Fast, Edge Ports
- Create detailed design documentation for your proposed network
- Implement an operational network based on your network design
- Explain your implementation and demonstrate its operation
- Produce documentation of your testing and network configuration for use by others to maintain and expand the network.
You are a network engineering specialist at a consulting firm. You have been hired by a client firm (ACME International) to complete the design and setup a multisite network for their new Canadian operations. The sites client has already selected 4 sites in Canada; 2 branch offices and their head office sites. The client will link their Canadian operations to their international network via an IPSec tunnel connection over the Internet from the Canadian head office, after you have completed your work.
The client current is running an IPv4 and IPv6 dual-stack network using EIGRP routing protocol and requires that your design will be able to connect with their existing international network.
Prior to you being hired, the client had started work on the required connectivity. They have purchased the links between their offices and require you use the existing links (and only these links) in your design. In addition, all equipment you have available to you has also been purchased. The client is providing you with 5 routers and 4 Gigabit Ethernet switches (One router will be setup as your Internet cloud – configure a loopback address of 184.108.40.206/32 to emulate the ISP connection). All routers have 2 Gigabit Ethernet ports and 2 Serial ports. Each switch has 24 Gigabit Ethernet ports. You are allowed to deploy this equipment as you need to meet the requirements from the client.
The client company has its head office in Oshawa, ON. The HQ is spread out between 2 buildings that are across from each other. HQ1 hosts the organizations various departments, while HQ2 hosts the organization Data Centre. They have purchase leased lines (serial connections) between the Head office locations and their 2 Branch Offices – one located in Thunder Bay, ON and the other located in Sudbury, ON. They have also purchased a Metro
Ethernet link between Sudbury and Thunder Bay. To accommodate for maximum redundancy – the organization has addition Metro Ethernet links available – you are asked to use these at your discretion to ensure that you do not have any single point of failure between any the various locations. The company wishes to make ongoing use of all paths between facilities even though they may not be the same bandwidth. Finally, the Internet connectivity for all sites is being provided through the head offices and is provided through a pair leased line (serial) connections at 1024kbps. Use the IP addresses 220.127.116.11/32 and 18.104.22.168/32 respectively to connect to the ISP. A default static route for all non-local traffic should be provided and redistributed throughout the network.
Each site is required to support a different number of end-user systems. The numbers provided do not include IP addresses for any required networking equipment. The company policy dictates that the last 5 IP address within each segment be utilized for equipment addressing.
Implement the network you have designed.
The client has provided additional details to assist as you configure the network.
1) Advertise directly connected networks (IPv4 & IPv6) using the wildcard mask.
2) Disable automatic summarization.
3) Disable routing updates where appropriate.
4) Modify the EIGRP hello-timers.
5) Modify the bandwidth of the interfaces.
6) Require EIGRP authentication on all routers. (Bonus)
7) Configure accurate link speeds as outlined in the network design. Implement load balancing where appropriate as outlined in the design.
Configure network security to the client requirements
1) Configure all passwords as encrypted.
2) Require a username and password for all login.
3) Restrict access to the console connection.
4) Restrict access to the VTY connections.
a) Allow SSHv2 connections only. (Use the company domain acme.com)
b) Allow connections originating only from the Head offices network.
5) Disable AUX port access.
6) Configure a banner warning.
7) Close all switch ports not in use. (For this assignments, Ports 22 - 24 are not to be used)
8) Register the first two MAC address learnt per open switch port. Attempts by other devices to use the open switch port must be logged and violations counted but the port should not stop functioning.
Verify the network.
1) Validate connectivity between all networks and devices.
2) Validate dynamic routing functionality through routing tables and traceroutes. Use at least five commands to verify dynamic routing configuration.
3) Verify all security restrictions have been correctly implemented.