Implementing VLANs, DHCP For Better Network Management - Essay.

Here, you will simply summarize the site requirements and/or challenges you are attempting to overcome. You will not need to implement solutions or discuss your approach at this point. This information is provided to you and can simply be organized and restated as you understand it. Think of this area as what needs to be corrected. Suggested length would be one or two paragraphs.

Challenges of having one huge VLAN

Currently, Sacramento Site has one huge VLAN. This is challenging when it comes to security concerns and troubleshooting just in case there is a network failure. VLANs are useful as the network is divided into logical segments. The segments are easily manageable at individual levels. More so, each VLAN can be assigned different privileges with respect to administrative needs.

To overcome the above mentioned challenge, we are going to implement the VLANs. Router-on-a-stick technology will be required to enable devices from different VLANs communicate. In addition, DHCP technology will be necessary to relieve administrators from the task of IP addressing. The implementation process is a below.

Assignment of switchport modes:

1. Access port mode: an access port mode carries and it belongs to a single VLAN.  Traffic that arrives and one that leaves an access port is always in a native VLAN format. That is to say, it has no VLAN information.
2. Trunk port mode: this is 100 – 10,000 Mbps point-to-point link connecting 2 switches, switch and router, switch and server and traffic carried can be of multiple VLANs.

Switch port mode is implemented by “switchport mode” command followed by the desired mode. See below demonstration.

Switch(config)#

Switch(config)#inter ran f0/1-4

Switch(config-if-range)#switchport port-security maximum 2

Switch(config-if-range)#switc port violation shutdown

Switch(config-if-range)#inter ra f0/5-24

Switch(config-if-range)#shutdo

Interface	VLAN ID	Name	Switchport mode	Sample configuration
F0/1	Vlan 10	Server	Access mode	Switch(config-if)#vlan 10 Switch(config-vlan)#name Server Switch(config-vlan)#inter fa0/1 Switch(config-if)#switch Switch(config-if)#switchport acc Switch(config-if)#switchport access vl Switch(config-if)#switchport access vlan 10
F0/2	VLAN 20	Instructional	Access mode	Switch(config-if)#vlan 20 Switch(config-vlan)#name Instructional Switch(config-vlan)#inter fa0/2 Switch(config-if)#swi acc vlan 20
F0/3	VLAN 30	Administrative	Access mode	Switch(config-if)#vla 30 Switch(config-vlan)#inter f0/3 Switch(config-if)#swi acc vla 30 Switch(config-if)#
F0/4	VLAN40	Faculty	Access mode	Switch(config-if)#vlan 40 Switch(config-vlan)#name Faculty Switch(config-vlan)#inter fa0/4 Switch(config-if)#swi acc vla 40
G0/1, g0/2, f0/24	VLAN 10,20,30,40	NA	Trunk mode	Switch(config-if)#inter ra g0/1-2 Switch(config-if-range)#switc Switch(config-if-range)#switchport mode tr

Router>ena

Router#conf ter

Router(config)#inter g0/0

Router(config-if)#no shu

Router(config-if)#no ip add

Router(config-if)#inter g0/0.40

Router(config-subif)#

Router(config-subif)#enca dot 40

Router(config-subif)#ip add 10.50.0.1 255.255.255.192

Router(config-subif)#inter g0/0.30

Router(config-subif)#

Router(config-subif)#enca dot 30

Router(config-subif)#ip add 10.50.0.65 255.255.255.192

Router(config-subif)#inter g0/0.20

Router(config-subif)#

Router(config-subif)#enca dot 20

Router(config-subif)#ip add 10.50.0.129 255.255.255.192

Router(config-subif)#inter g0/0.10

Router(config-subif)#

Router(config-subif)#enca dot 10

Router(config-subif)#ip add 10.50.0.193 255.255.255.192

Router(config-subif)#

Purpose

DHCP denotes to a protocol that manage IP addressing automatically. This protocol is really needed since it would be tedious for a network administrator to be assigning IP addresses to devices manually.  

Router#conf ter

Router(config)#ip dhcp excl

Router(config)#ip dhcp excluded-address 10.50.0.52 10.50.0.62

Router(config)#ip dhc poo Faculty

Router(dhcp-config)#netwo 10.50.0.0 255.255.255.192

Router(dhcp-config)#defaul 10.50.0.1

Router(dhcp-config)#dns-server 10.50.0.1

Router(dhcp-config)#exi

Router(config)#ip dhc exclu 10.50.0.116 10.50.0.126

Router(config)#ip dhc poo Administrative

Router(dhcp-config)#net 10.50.0.64 255.255.255.192

Router(dhcp-config)#defa 10.50.0.65

Router(dhcp-config)#dns 10.50.0.65

Router(dhcp-config)#exi

Router(config)#ip dhc exc 10.50.0.180 10.50.0.190

Router(config)#ip dhcp poo Instructional

Router(dhcp-config)#netw 10.50.0.128 255.255.255.192

Router(dhcp-config)#defa 10.50.0.129

Router(dhcp-config)#dns 10.50.0.129

Router(dhcp-config)#exi

Router(config)#ip dhc exc 10.50.0.244 10.50.0.254

Router(config)#ip dhc poo Server

Router(dhcp-config)#net 10.50.0.192 255.255.255.192

Router(dhcp-config)#defa 10.50.0.193

Router(dhcp-config)#dns 10.50.0.193

Router(dhcp-config)#end

Router#copy run start

Sacramento Router

Sacramento-Router#

Sacramento-Router#copy startup-config tftp:

Address or name of remote host []? 10.40.6.10

Destination filename [Sacramento-Router-confg]?

Sacremento-Switch2#

Sacremento-Switch2#

Sacremento-Switch2#conf ter

Sacremento-Switch2(config)#user user pri

Sacremento-Switch2(config)#user user pri

Sacremento-Switch2(config)#user user privilege 15

Sacremento-Switch2(config)#exi

Sacremento-Switch2#

Sacremento-Switch2#conf ter

Sacremento-Switch2(config)#line vty 0 15

Sacremento-Switch2(config-line)#login local

Sacremento-Switch2(config-line)#privilege level 15

Sacremento-Switch2(config-line)#transport input ss

<cr>

Sacremento-Switch2(config-line)#transport input ssh

Sacremento-Switch2(config-line)#exi

Sacremento-Switch2(config)#crypto key generate rsa

Sacremento-Switch2(config)#crypto key generate rsa 

Sacremento-Switch2#conf ter

Sacremento-Switch2(config)#ip domain name user.com

Sacremento-Switch2(config)#cryp key ge rsa

The name for the keys will be: Sacremento-Switch2.user.com

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes. 

How many bits in the modulus [512]: 1024 

Sacremento-Switch2(config)#do sho cry

*Mar 2 12:53:22.755: %SSH-5-ENABLED: SSH 1.99 has been enabled

Sacremento-Switch2(config)#end 

Sacremento-Switch2#sho cr

mypubkey Show public keys associated with this router

Sacremento-Switch2#sho crypto key mypubkey rsa

% Key pair was generated at: 12:52:30 UTC Mar 2 1993

Key name: Sacremento-Switch2.user.com

Storage Device: not specified

Usage: General Purpose Key

Key is not exportable.

Key Data:

00003c27 00002beb 00005528 00006e03 00002b2c 00004c38 0000506d 00007af1

00004e6d 00003197 00002b2d 0000615a 00007173 000016f9 00001be4 000007de

00000235 00000d0f 000020d1 000022ca 00001696 000079bb 0000519f 4f31

% Key pair was generated at: 12:52:30 UTC Mar 2 1993

Key name: Sacremento-Switch2.user.com.server

Temporary key

Usage: Encryption Key

Key is not exportable.

Key Data:

00006b30 00002bc4 00007444 0000643e 00003f50 000056cd 0000592a 00006ec8

00003241 00000b88 0000428c 00000b27 000005ce 00000027 00005b24 00001146

00006a02 00003d13 00000003 000046fa 00003632 000001e1 000061c0 0c92

Sacremento-Switch2#

Sacremento-Switch2#copy run star

Sacremento-Switch2#conf ter

Sacremento-Switch2(config)#inter vla 1

Sacremento-Switch2(config-if)# 

Sacramento-Router(config)#access-list 151 permit udp 10.50.0.192 0.0.0.63 10.40.6.0 0.0.1.255 eq 69

Sacramento-Router(config)#acc

Sacramento-Router(config)#access-list 151 deny udp any any

Sacramento-Router(config)#inter g0/0

Sacramento-Router(config-if)#ip access-group 151 in

Sacramento-Router(config-if)#end 

Sacramento-Router#copy run star

Sacramento-Router# 

Sacramento-Router>ena

Sacramento-Router#sho clock

*0:2:19.739 UTC Mon Mar 1 1993

Sacramento-Router#conf ter

Sacramento-Router(config)#ntp server 10.40.6.10 key 0

Sacramento-Router(config)#do sh clo

Sacramento-Router#conf ter

Sacramento-Router(config)#inter s0/0/0

Sacramento-Router(config-if)#enca

Sacramento-Router(config-if)#encapsulation fram

Sacramento-Router(config-if)#encapsulation frame-relay

Sacramento-Router(config-if)#

Sacramento-Router(config-if)#ip add 10.255.255.253 255.255.255.252

Sacramento-Router(config-if)#ip add 10.255.255.253 255.255.255.252

Sacramento-Router

Sacramento-Router(config-if)#frame-relay interface-dlci 106

Sacramento-Router(config-if)#no shu 

Sacramento-Router(config-if)#

Sacramento-Router(config-if)#exi

Sacramento-Router(config)#exi

Sacramento-Router#

Sacramento-Router#copy run star

LosAngeles Site just like Sacramento Site, has one large LAN, has no DHCP, switcports are not secured, switch clocking system is not standard and the IOS is not backup.

The one huge LAN will be divided into smaller divisions known as VLANs. With the VLANs, it will be easy for the administration to carry troubleshooting exercise just in case there exists a failure. Additionally, the VLANs will also serve as an agent to security measures,  that is to say, a more sensitive department such as Finance will be in its VLAN and this VLAN restricted access by other department.

Additional security will be implemented by using Switchport violation shutdown technology. Swichports which are not in use will be disable.

DHCP is another technology to be implemented as it will strip off from the network administrators the role of IP addressing.

For the purpose of logging, we will be using NTP technology to keep time of all the devices standard. NTP server will be used.

It is also good for an organisation to back up the devices’ running configurations and their IOS, we will FTP to store the configurations of our devices. 

VLANs

Subnet Name	Needed Size	Allocated Size	Spare addresses	Address	Mask	Assignable Range
Instructional VLAN 110	120	126	6	10.40.0.0	255.255.255.128	10.40.0.1 - 10.40.0.126
Administrative VLAN 120	44	62	18	10.40.0.128	255.255.255.192	10.40.0.129 - 10.40.0.190
Faculty VLAN 130	21	30	9	10.40.0.192	255.255.255.224	10.40.0.193 - 10.40.0.222
Server VLAN 100	21	30	9	10.40.0.224	255.255.255.224	10.40.0.225 - 10.40.0.254
Remote VLAN 140	1	510	509	10.40.6.0	255.255.254.0	10.40.6.1-10.40.7.254

Switch>

Switch>ena

Switch#conf ter

Switch(config)#vtp mode server

Switch(config)#vtp dom los

Switch(config)#vtp pass los

Switch(config)#inter ra g0/1-2

Switch(config-if-range)#switc mode tru

Switch(config-if-range)#

Switch(config-if-range)#

Switch(config-if-range)#inter ra f0/1-5

Switch(config-if-range)#inter ra f0/1-4

Switch(config-if-range)#swi mode tr

Switch(config-if-range)#inter f0/24

Switch(config-if)#swi mode tr

Switch(config-if)#

Switch(config-if)#inter ra f0/5-23

Switch(config-if-range)#shutdown

Switch(config-if-range)#exi

Switch(config)#vla 110

Switch(config-vlan)#name Administrative

Switch(config-vlan)#vla 130

Switch(config-vlan)#name Faculty

Switch(config-vlan)#vla 110

Switch(config-vlan)#no name Administrative

Switch(config-vlan)#name Instructional

Switch(config-vlan)#vla 120

Switch(config-vlan)#name Administrative

Switch(config-vlan)#vla 100

Switch(config-vlan)#name Server

Switch(config)#inter ra

Switch(config)#inter range f0/1-4

Switch(config-if-range)#switchport port-security maximum 2

Switch(config-if-range)#swi port-security violation shutdown

Switch(config-if-range)#inter range g0/1-2

Switch(config-if-range)#switchport port-security maximum 2

Switch(config-if-range)#swi port-security violation shutdown

Switch(config-if-range)#inter f0/24

Switch(config-if)#switchport port-security maximum 2

Switch(config-if)#swi port-security violation shutdown

Switch(config-if)#end

Switch(config)#inter ra f0/1-4

Switch(config-if-range)#no swi mode tr

Switch(config-if-range)#inter f0/1

Switch(config-if)#swi acc vla 120

Switch(config-if)#inter f0/2

Switch(config-if)#inter f0/1

Switch(config-if)#no swi acc vla 120

Switch(config-if)#no swi acc vla 110

Switch(config-if)#swi acc vla 110

Switch(config-if)#inter f0/2

Switch(config-if)#swi acc vla 100

Switch(config-if)#inter f0/3

Switch(config-if)#swi acc vla 120

Switch(config-if)#inter f0/4

Switch(config-if)#swi acc vla 130

Switch(config-if)#

Switch(config-if)#do copy run star