January 7, 2011

Proposal membangun Jaringan

A. Tujuan

Dengan mengikuti perkuliahan ini mahasiswa diharapkan mampu menginstallasi hardware jaringan LAN dengan baik dan benar.
Mahasiswa diharapkan memahami fungsi dan peranan protocol pada jaringan komputer.
Mahasiswa diharapkan mampu melakukan pengalamatan (IP Address) pada komputer jaringan.
Mahasiswa dapat membangun dan mengkonfigurasikan jaringan peer to peer.
Mahasiswa dapat membangun dan mengkonfigurasikan jaringan LAN sederhana.

B. Alat dan Bahan

Personal Computer
LAN Card / NIC
Switch / Hub
Kabel Cross – Over
Kabel Straight / Trough

C. Tinjauan Teoritis

Instalasi Perangkat Keras

LAN terdiri dari elemen dasar yaitu komponen harrware dan software. Komponen hardware yaitu Personal Computer (PC) dan Network Interface card (NIC). Sedangkan softwarenya meliputi: Sistem Operasi Jaringan, Network Adapter Driver, Protokol Jaringan.

Personal Computer

Di dalam jaringan tipe Client-Server, komputer yang difungsikan sebagai server mutlak harus memiliki unjuk kerja lebih tinggi dibandingkan komputer-komputer lain sebagai workstation-nya karena server akan bertugas menyediakan fasilitas dan mengelola operasional jaringan.

Network Internet Card (NIC) / LAN Card

Berdasarkan tipe bus, ada beberapa tipe Network Interface Card (NIC) atau network card, yaitu ISA dan PCI. Kartu Jaringan (NIC/LAN Card) adalah seperangkat papan circuit yang ditancapkan pada motherboard sebuah PC yang berfungsi untuk menghubungkan komputer dengan media jaringan.

Pengkabelan

Jaringan Komputer pada dasarnya merupakan jaringan kabel, menghubungkan satu sisi dengan sisi yang lain. Pemilihan jenis kabel sangat terkait erat dengan topologi jaringan yang digunakan. Contohnya topologi bus banyak menggunakan kabel Coaxial. Kesulitan utama dari kabel coaxial adalah sulit untuk mengukur apakah kabel coaxialyang digunakan benar-benar matching atau tidak, karena hal ini dapat merusak NIC yang dipergunakan dan kinerja jaringan menjadi terlambat, tidak mencapai kemampuan maksimalnya. Berikut ini table Topologi Jaringan dan Jenis Kabel yang umum digunakan:

Topologi Jaringan	Jenis kabel yang umum digunakan
Topologi Bus	Coaxial
Topologi Ring	Twisted pair
Topologi Star	Twisted pair

Ada tiga jenis kabel yang dikenal secara umum yaitu:

Coaxial Cable
Fiber Optic
Twisted Pair (UTP/Unshielded Twisted Pair dan STP/Shielded Twisted Pair)

Cross Over

Straight Trought

Roll Over

Protokol Jaringan / IP Address

IP Address merupakan pengenal yang digunakan untuk membri alamt pada tiap-tiap komputer dalam jaringan. Format IP Addressadalah bilangan 32 bit yang tiap 8 bitnya dipisahkan oleh tanda titik. Adapun format IP Address dapat berupa bentuk ‘biner’ (xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx dengan x merupakan bilangan biner). Atau dengan dengan bentuk empat bilangan decimal yang masing-masing dipisahkan oleh titik, bentuk ini dikenal dengan ‘dotted decimal’ (xxx.xxx.xxx.xxx dengan xxx merupakan nilai dari satu oktet / delapan bit).

IP Address dibagi kedalam lima kelas yaitu:

Kelas A

Format : 0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh

Bit Pertama : 0

Panjang NetID : 8 bit

Panjang HostID : 24 bit

Byte pertama : 0-127

Jumlah : 126 Kelas A (0 dan 127 dicadangkan)

Range IP : 1.xxx.xxx.xxx sampai 126.xxx.xxx.xxx

Jumlah IP : 16.777.214 IP Address pada setiap Kelas A

Deskripsi : Diberikan untuk jaringan dengan jumlah host yang besar

Kelas B

Format : 10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh

Bit Pertama : 10

Panjang NetID : 16 bit

Panjang HostID : 16 bit

Byte pertama : 128-191

Jumlah : 16.384Kelas B

Range IP : 128.0.xxx.xxx sampai 191.155.xxx.xxx

Jumlah IP : 65.532 IP Address pada setiap Kelas B

Deskripsi : Dialokasikan untuk jaringan besar dan sedang

Kelas C

Format : 110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh

Bit Pertama : 110

Panjang NetID : 24 bit

Panjang HostID : 8 bit

Byte pertama : 192-223

Jumlah : 2.097.152 Kelas C

Range IP : 192.0.0.xxx sampai 223.225.225.xxx

Jumlah IP : 254 IP Address pada setiap Kelas C

Deskripsi : Digunakan untuk jaringan berukuran kecil

Kelas D

Format :1110mmmm.mmmmmmmm.mmmmmmmm.mmmmmmmm

Bit Pertama : 1110

Bit Multicast : 28 bit

Byte Inisial : 224-247

Deskripsi : Kelas D digunakan untuk keperluan IP multicasting (RFC 112)

Kelas E

Format :1111rrrr.rrrrrrrr.rrrrrrrr.rrrrrrrr

Bit Pertama : 1111

Bit Multicast : 28 bit

Byte Inisial : 248-255

Deskripsi : Kelas D dicadangkanuntuk keperluan eksperimental

Saat ini juga ada cara pengalokasian IPAddress dalam notasi Classes Inter domain Routing (CIDR) (network/mask). Selain itu ada juga, Network Prefix.

Pengalokasian IP Address

IP Address terdiri dari dua bagian yaitu network ID dan host ID. Network ID menunjukkan nomor network, sedangkan host ID mengidentifikasikan host dalam satu network. Pengalokasian IP Address pada dasarnya adalah proses memilih network ID dan host ID yang tepat untuk suatu jaringan.

Aturan dasar dalam menentukan network ID dan host ID yang hendak digunakan, yaitu:

Network ID 127.0.0.1 tidak dapat digunakan karena ia secara default digunakan dalam keperluan ‘loop-back’. Loop back yaitu IPAddress yang digunakan komputer untuk menunjukkan dirinya sendiri.
Host ID tidak boleh semua bitnya diset 1 (126.255.255.255 pada Kelas A), karena akan diartikan sebagai alamat broadcast. ID broadcast merupakan alamat yang mewakili seluruh anggota jaringan.
Network ID dan host ID tidak boleh sama dengan 0 (0.0.0.0), karena akan diartikan sebagai alamat network. Alamat network adalah alamat yang digunakan untuk menunjukkan suatu jaringan , tidak menunjukkan suatu host.
Host ID harus unik dalam suatu network (dalam satu network, tidak boleh ada host ID yang sama).

IP Address, subnet mask, broadcast merupakan dasar dari teknik routing di Internet.

Alokasi IP Address di Jaringan

Teknik subnet merupakan cara yang biasa digunakan untuk mengalokasikan sejumlah alamat IP di sebuah jarimgan (LAN atau WAN). Contohnyaalokasi alamt IP dari 192.168.1.0 s/d 192.168.1.255 untuk 254 host, maka parameter yang digunakan untuk alokasi tersebut adalah:

192.168.1.255 : broadcast address LAN

255.255.255.0 : subnet mask LAN

192.168.1.0 : network address LAN

192.168.1.25 : contoh IP salah satu workstation di LAN

Walaupun alamat IP workstation tetap, tetapi netmask yang digunakan di masing-masing router akan berubah-ubah bergantung pada posisis router dalam jaringan.

D. Langkah Kerja

Menginstall dan Mengkonfigurasikan Network Adapter Card
Network Adapter Card (kartu jaringan) harus dipasang di dalam computer yang dapat “berinteraksi” di dalam jaringan. Kartu jaringan menggunakan media fisik atau tipe network, media dan protocol. Prosedur yang dilakukan untuk menginstall dan mengkonfigurasikan kartu jaringan:
Control Panel, double klik icon Network
Pilih tab Configuration, klik Add
Setelah itu muncul kotak dialog Select New Component Type, klik Adapter, lalu klik Add
Pilih jenis adapter yang digunakan , setelah itu klik OK
Klik OK untuk menutup kotak dialog Network Properties
Setelah meng-copy file yang dibutuhkan untuk menginstall kartu jaringan, maka komputer akan re-start
Selanjutnya konfigurasi jaringan dari Control Panel dan double-klik icon Network
Pilih Adapter, lalu klik Properties.

Menginstall Protokol Jaringan

Prosedur yang dilakukan untuk menginstall protokol jaringan:

Buka Control Panel dan double-klik Network
Dalam tab Configuration klik Add
Pilih Manufacturer dan Network Protokol dan klik OK
Mengkonfigurasi TCP/IP
Pada Control Panel -> Network Connection akan muncul gambar seperti dibawah ini:
Klik kanan gmbar di atas, pilih disable, kemudian klik kembali gambar di atas dan pilih properties. Maka akan muncul gambar di bawah ini. Klik ganda Internet Protocol
Langkah selanjutnya adalah isi IP Address dan subnet mask
Klik OK, kemudian double-klik gambar no.1 di atas, maka LAN akan enable.
Langkah berikutnya adalah memeriksa apakah komputer telah terhubung ke komputer lain. Yaitu dengan cara menggunakan perintah ping, buka command prompt: RUN->ketikkan cmd dan tekan enter. Misal computer dengan IP Address 192.168.0.2 terhubung dengan 192.168.0.1, jika berhasil akan muncul pesan reply.

E. Evaluasi dan Penugasan

Menghubungkan 2 buah komputer secara peer to peer dengan menggunakan kabel Cross Over. Pada saat praktikum, sudah berhasil dilakukan hubungan antar 2 komputer secara peer to peer. Hubungan ini termasuk pada kelas C karena hanya menghubungkan 2 komputer dalam jaringan. Hubungan kedua komputer ini telah berhasil, berikut informasi yang ditampilkan dari Command Ping:
Menghubungkan beberapa komputer dengan menggunakantopologi Star, menggunakan kabel Straight Trought, sebuah Hub atau Switch sebagai konsentrator. Pada saat praktikum, komputer-komputer sudah saling terhubung. Berikut ini informasi ynag ditampilakan pada Command Ping bahwa komputer sudah saling terhubung:
Melalui command Prompt DOS, dengan mengetikkan ipconfig / all. Maka akan ditampilkan informasi berikut ini:
Hal ini berarti konfigurasi IP Address pada komputer telah berhasil, sehinnga komputer sudah dapat tersambung ke komputer lain dalam satu jaringan.
Melalui Command Prompt DOS, dengan mengetikkan net view. Maka akan ditampilkan informasi berikut ini:
Ini berarti semua komputer yang sudah terhubung dengan baik, sehingga antar client sudah dapat berbagi data dan informasi.

Manfaat dan kegunaan IP Address pada jaringan komputer adalah:

Untuk menghubungkan satu komputer dengan komputer lainnya dalm satu jaringan
Untuk menentukan alamat masing-masing komputer dalam jaringan
Dengan telah ditetapkannya IP Address setiap komputer, maka antar komputer sudah dapat saling berkomunikasi dalam bentuk transfer data maupun berbagi informasi.
Dengan adanya IP Address yang berbeda pada setiap komputer, maka akan memudahkan untuk mengetahui alamat dari masing-masing komputer agar saling terhubung saru sama lainnya.

F. Kesimpulan

Dari hasil praktikum yang telah dilaksanakan, maka dapat ditarik kesimpulan sebagai berikut:

Pembagian Kelas IP Address:

Kelas A : sedikit jaringan, banyak host
Kelas B : jaringan sedang, host sedang
Kelas C : banyak jaringan, sedikit host
Kelas D: grup multicast
Kelas E : grup experiment

Fungsi Internet Protocol (IP) pada Jaringan adalah:

Pengalamatan
Fragmentasi datagram pada antar jaringan
Pengiriman datagram pada antar jaringan.

Dengan adanya hubungan antar komputer dalam jaringan, maka komputer-komputer tersebut dapat saling berbagi data dan informasi. Berikut ini lngkah-langkah pengiriman data (share data):

Pilih folder yang akan dikirimkan
Klik kanan folder tersebut dan pilih Sharing and Security
Lalu contreng Share this folder on the network dan klik OK
Kirim lewat Command dan buat IP Address alamat pengiriman yang dituju.

Posted in CCNA Jobsheet
Leave a comment

January 7, 2011

Tugas CCNA 4 Labskill Chapter 10

Lab 10.0.2.2 Finding the Right Networking Job

Step 1: Perform a Skills Strength and Interest Assessment

Step 2: Search a job website for a possible IT position

Step 3: Create a résumé and cover letter

Step 4: Reflection

What other areas related to applying for a job are not covered in this particular lab?

• Interviews: types of interviews that can be conducted, potential questions asked in interviews, preparing for an interview

· wawancara : tipe wawancara, pertanyaan berbobot yang ditanyakan saat interview, persiapan wawancara

· negosiasi mengenai gaji dan keuntungan yang didapat

Posted in CCNA Jobsheet
Leave a comment

January 7, 2011

Tugas CCNA 4 Labskill Chapter 9

Lab 9.1.2 Editing and Organizing the Existing Information

Step 1: Collate and organize the information

a. Gather and read through all the project documents that you created in previous labs.

b. Ensure that multipage documents are together and that the pages are in the correct sequence.

Step 2: Review the existing information

Ensure that the documents are complete and contain the information specified. Any incomplete documents, or missing information that was not recorded at the time of that lab, now need to be checked and included at this stage.

Step 3: Organize the information

A project proposal typically contains the following sections:

Section	Description
Executive Summary	Discusses the project goals and project scope at a high level. This section demonstrates that the network vendor understands the extent of the project and the role of the network in meeting the business goals. The goal of the summary is to convince the decision-makers of the business benefits of the design. This section is typically one to two pages long.
Network Requirements	Reviews the business goals and network requirements, including users and applications that need to be supported. This section often lists the business goals, in order of priority, with critical goals marked. This section includes the topologies; protocols, hardware, software, and training that are required to meet the business goals.
Current Network Environment	Documents the state of the existing network. This section includes physical and logical diagrams and the IP addressing scheme. The section summarizes the results of the network characterization, including strengths and weaknesses of the existing network. It also documents the user community and applications currently in use, based on the network characterization.
Proposed Physical Design	Describes the physical layout of the proposed design. This section documents trade-offs made to accommodate business goals and technical requirements. The section describes the features and recommended uses for the technologies and devices proposed for the new network design. This section documents the new WAN service and new network equipment. The section also includes proposed network diagrams.
Proposed Logical Design	Describes the logical topology of the proposed network. This section documents any proposed addressing and naming conventions. It describes the routing and switching protocols recommended for the planned network. This section includes recommended security mechanisms and products that support the security policy of the business. The section may include information on recommended network management procedures and applications.
Implementation Plan	Provides a detailed list of the tasks that must be performed to install and implement the new network. This section includes tasks, steps, time required, and proposed schedules.
Cost Proposal	Provides cost proposal for equipment, software, installation, and ongoing

Step 4: Edit and finalize the information

a. Review all the materials to ensure that they are complete. It is important that the FilmCompany management and technical staff are able to easily find and understand the material contained in the proposal. A disorganized or incomplete proposal can cause the customer to choose another contractor to complete the project.

b. Ensure that all the information has a consistent format and style. If necessary, edit or rewrite sections

so that the proposal has the appearance of a single document and not a set of separate documents.

c. Complete diagrams and other graphics and finalize what is to be included in the proposal.

d. Clearly note those sections of the proposal that have to be completed; these sections will be compiled

in the following labs.

e. Save the word processing documents and file the hardcopy information in your portfolio.

Lab 9.2.1 Creating an Implementation Plan

Step 1: Determine the tasks to implement the network design

Implementing a network design requires the completion of a set of tasks, such as installing hardware,

configuring systems, testing the network, and launching the network into production. Each task consists of several steps.

Each task requires the following documentation:

• A description of the task

• References to design documents

• Detailed implementation guidelines

• Detailed rollback guidelines in case of failure

• The estimated time required for implementation

• Completion sign-off

Analyze the FilmCompany network design documentation that you have compiled in previous labs. Determine and list the three main sets of tasks required to be performed to implement the network upgrade. These sets of tasks will be referred to as phases.

Phase 1

Install Distribution and Core Layer equipment

Configure new IP addressing & VLAN scheme

Configure routing

Phase 2

Upgrade the WAN connectivity

Extend the network to the remote site

Configure ACLs & security

Phase 3

Install wireless/mobility network

Step 2: Note identified success and failure criteria

When implementing a design, the possibility of a failure must be considered – even after a successful pilot or prototype network test. Each step of the implementation may require additional testing to ensure that the network operates as designed.

In the Reflection section in Chapter 2, Lab 2.3.3, you considered success criteria when determining the

objectives of the FilmCompany network upgrade. List two or three success or failure criteria for each phase of the project.

Step 3: Include provision for customer approval

The Implementation Plan details the work required to accomplish the project goals. The plan includes the

customer expectations and the success criteria for customer approval and project sign-off. As soon as customer approval of the implementation plan is obtained, the installation can begin. The customer is given a detailed list of all devices required and the work to be completed. This list forms part of the Implementation Plan. A signed copy of this list is kept by the network designer and account manager.

Upon completion of each task, the customer is required to sign off that the work was completed and that the results are as expected.

a. Include in the documentation a signature page for an authorized FilmCompany representative to sign

and approve the Implementation Plan.

b. Include in the documentation a signature page at the end of each task for an authorized

FilmCompany representative to sign and accept the completion of each task.

Step 4: Document Phase 1

Step 5: Document Phase 2

Step 5: Document Phase 3

Lab 9.2.2 Creating a Phased Installation Plan

Step 1: Compare the installation methods

There are three possible installation methods:

• New installation, commonly referred to as a green field installation

• Phased installation into an existing, functioning network

• Complete replacement, commonly referred to as a fork-lift upgrade

Consider and list the advantages and disadvantages of the three installation methods.

New Installation

Advantages:

Semua peralatan dan layanan dapat diinstal dan diuji pada saat yang sama.

Rencana implementasi untuk jaringan baru kurang kompleks dibandingkan dengan dua jenis instalasi.
Jadwal lebih fleksibel daripada ketika jaringan yang ada di tempat.
Ada gangguan minimal terhadap perusahaan.

Disadvantages:

Modal besar karena semua peralatan dan layanan yang diinstal pada waktu yang sama.

Phased Installation into Existing Network

Advantages:

Bagian-bagian dari upgrade jaringan diimplementasikan dalam isolasi dari bagian yang sedang berjalan.
Upgrade jaringan dibagi menjadi potongan-potongan kecil yang dapat diinstal dan diuji dengan cepat.
Instalasi upgrade secara bertahap yang lebih kecil menyebabkan sedikitnya jumlah downtime.

Disadvantages:

Sebuah penerapan secara bertahap membutuhkan perencanaan yang lebih rinci dengan pelanggan.

Complete Network Replacement

Advantages:

Jaringan yang ada bisa tetap beroperasi sepenuhnya sampai jaringan pengganti dibawa ke dalam produksi.

Disadvantages:

Kedua jaringan mungkin beroperasi secara paralel untuk beberapa waktu, yang meningkatkan biaya operasi dan dapat menyebabkan kebingungan dan dukungan bagi pemakai

Step 2: Select the installation method

Two of the FilmCompany requirements are:

• The company network services must be available during the upgrade.

• Existing equipment must be used in the new network design.

Select the appropriate installation approach for the FilmCompany network upgrade.

Pendekatan instalasi bertahap akan digunakan untuk proyek ini

Step 3: Complete the details for the installation phases

Using the charts created in Lab 9.2.1; fill out the information for each of the Installation Phases.

a. On the table created in Lab 9.2.1 for Phase 1, fill in the Task/Step, Description, and Implementation

Details information:

• Install Distribution and Core Layer equipment

• Configure new IP addressing & VLAN scheme

• Configure routing

b. On the table for Phase 2, fill in the Task/Step, Description, and Implementation Details information:

• Upgrade the WAN connectivity

• Extend the network to the remote site

• Configure Access Control Lists & security

c. On the table for Phase 3, fill in the Task/Step, Description, and Implementation Details information:

• Install and configure the wireless and associated mobility network equipment

Lab 9.2.3 Creating a Timeline

Step 1: List and prioritize the factors affecting the timeline

Note issues such as equipment and material availability, skilled personnel, and customer requirements that should be considered for the following factors when developing a project timeline. Consider the possibility that the project might not begin on the proposed start date.

Equipment order and delivery

Service installation, such as WAN links

Customer schedule, including available maintenance and downtime windows

Availability of appropriate technical personnel

Step 2: Complete the time details for each installation phase

The FilmCompany network upgrade is linked to the StadiumCompany network redevelopment. It would be efficient to align the FilmCompany stadium remote site work with that project. The StadiumCompany RFP states that the project must be completed during the off-season for the two teams. This requirement gives the project a timeline of four months, which can be also applied to the FilmCompany upgrade.

a. On the table created in Lab 9.2.1 for Phase 1, fill in the Date information:

• Install Distribution and Core Layer equipment

• Configure new IP addressing & VLAN scheme

• Configure routing

b. On the table for Phase 2, fill in the Date information:

• Upgrade the WAN connectivity

• Extend the network to the remote site

• Configure Access Control Lists & security

c. On the table for Phase 3, fill in the Date information:

• Install and configure the wireless and associated mobility network equipment

Step 3: Consider customer-caused delays

Customers may make changes to the requirements during the installation of a project. When changes occur, the timeline is used to make adjustments to personnel and other available resources. The timeline

documentation can also be used to show the customer how delays affect the project completion date.

Based on the timeline, write a project variation statement showing the possible delay in the project completion date if the FilmCompany decided at this stage to relocate an additional three production staff and their workstations to the stadium.

Step 4: Using project management software (Optional)

Project management tools such as Microsoft Project can be used to create a project timeline. This software can be useful for:

• Tracking the progress of the project

• Keeping the project on schedule

• Identifying milestones

• Tracking labor assignments and costs

• Alerting the designer if the project is falling behind schedule.

If this software is available, enter the resources and timeline for one phase of the Implementation Plan and examine the output.

Lab 9.2.4 Creating an Installation Schedule

Step 1: List and prioritize the tasks that require downtime on the current network

List the tasks that require network downtime.

Step 2: Document the required downtime on the project timeline

Sometimes it is not possible to complete all of the required tasks during an approved maintenance window. If an installation task requires the network, or part of the network, to be down during normal business hours, it is important to obtain permission from the customer. As soon as the time frame is determined and approved, all the people involved need to be notified accordingly.

a. List those tasks that can be completed during a scheduled maintenance window.

b. List those tasks that require the network to be down during normal business hours.

Step 3: Document customer approved downtime

a. Indicate on the Installation Plan Timeline when the network downtime will occur.

b. Include a provision for customer approval to be recorded for this downtime.

c. Include a task that requires that the users who will be affected are notified with adequate advance

notice of the network downtime. Ensure that the users are also notified when the network or service

returns to full operation.

Lab 9.3.4 Creating the Bill Of Material

Step 1: List the items required

a. Use the table below, or create a similar one, to list all the items and equipment that need to be

purchased for the FilmCompany network upgrade project.

b. Search the Internet or use information provided by your instructor to add possible suppliers or

vendors to the BOM table.

c. Add costs to the BOM. Where possible, obtain costs from local vendors and suppliers. If this

information is not readily available, your instructor will provide estimated costs for you to use.

Step 2: Determine the software requirements

a. During the early stages of the network Design Phase, existing applications were identified. Add new

applications required by the network upgrade to the BOM. Categorize these as either Network or Specialist applications.

b. Add the new applications, installation costs, and required training to the BOM with the identified

hardware. Also indicate whether the network upgrade requires additional licenses to be purchased for

existing software applications.

Step 3: Add maintenance contracts

a. Investigate the maintenance support service contracts available for both the new and existing equipment.

b. Add the details and costs to the BOM.

Step 4: Create the BOM

a. Create the BOM using word processing or spreadsheet software. Using a spreadsheet will facilitate the calculation of total costs and enable easy updating of the document if costs or quantities are amended.

b. Save this file and include it in the proposal document. Add a hardcopy of the file to your portfolio.

Lab 9.4.1 Compiling the Documentation

Task 1: Compile the Project Proposal

Step 1: Finalize the documentation requirements

a. Finalize the documentation created in the previous labs and in your project portfolio.

b. Insert and compile the information under the following headings:

• Executive Summary

• Network Requirements

• Current Network Environment

• Proposed Physical Design

• Proposed Logical Design

• Implementation Plan

• Cost Proposal

Step 2: Prepare the cover page

Include a cover page at the beginning of the proposal. The cover page describes the proposal, including the RFP or solicitation number and date, the customer contact information, and the vendor name and contact information.

Step 3: Prepare the Table of Contents

Develop a Table of Contents for the proposal document.

Step 4: Create the proposal

Complete the proposal document. The proposal layout should be highly readable and should aid the reader in locating information.

• Use graphics to enhance the readability of a proposal and convey information where appropriate.

• Text should be legible, typically a serif typeface such as Times Roman, at 10-point to 12-point type.

• Page margins should be at least 0.5 inches (125mm).

• Page numbers should be included at the top or bottom of each page.

Step 5: Update the Executive Summary

Use information from the completed implementation and costing sections to update the Executive Summary.

Step 6: Organize the Proposal binder

Arrange the proposal components in a binder, based on the order cited in the Table of Contents.

Step 7: Prepare Terms and Signatures page

a. Prepare the terms of agreement and an acceptance page for customer signatures to be included at

the end of the proposal. The terms and conditions describe all relevant legal terms and contracts that

will be required. These terms and conditions support the supply of goods and services related to

network improvements and installations.

Important clauses in the terms and conditions usually include:

• Details about the proposal expiration date

• Obligations of the customer to obtain permission or other consents within their organization

• Obligations of the vendor to provide services and equipment with care and skill

• Dates when completed milestone deliverables are payable

• Interest chargeable on outstanding payments

• The amount of notice the customer must give to cancel their equipment and service orders

• Details about guarantees (if any) provided by the vendor

• Details about escalating and resolving complaints or issues

If the customer accepts the proposal, an appropriate customer representative signs the Terms and

Signatures page.

Your instructor will advise of the standard terms and conditions that will apply to all proposals.

b. Save this file and include in the proposal document.

Task 2: Prepare the Presentation

Step 1: Plan the presentation

After compiling a proposal, network designers review the entire proposal with their management organization by means of a formal presentation. During this stage of the design proposal, the designer must first sell the concept to the internal management and then to the customer.

For your presentation, list the important points to include that illustrate the proposal. A proposal presentation includes slides or other visual aids to graphically represent the proposal. The presentation, along with the proposal document, is vital to ensuring a successful meeting and increasing the probability of a customer sign-off.

Step 2: Create the presentation

This step assumes that the presentation will use MS PowerPoint or equivalent presentation software. Your instructor will advise of the presentation requirements and resources available.

a. The content and presentation format are important in a business environment. Create a presentation

that considers the following points:

• Every slide should have a heading that summarizes the information presented on the slide.

• Computer presentations should not contain full paragraphs of text. Use a bulleted list or

outline format and elaborate on the points during the delivery.

• All type should be legible. Use large fonts, because small fonts are often hard to read.

• Use contrasting colors – either a dark background with light text or a light background with

dark text.

• Keep the format and style consistent throughout the presentation. Do not change text font,

text color, background color, or theme except for an occasional special emphasis.

• Avoid backgrounds that make the text hard to read. Keep the background simple.

• Do not use ALL CAPS! Their use is unprofessional and they are also more difficult to read.

• Include a combination of words, pictures, and graphics. Variety keeps the presentation

interesting.

b. Save the presentation file and any other presentation aids that you created.

Lab 9.4.2 Presenting the Project Proposal

Task 1: Prepare for the Presentation

Step 1: Review the content

a. Ensure that your presentation is complete.

b. Review the content to ensure that there are no technical errors.

c. Rehearse the presentation to become familiar with the flow of the content and develop a sense of the

timing required.

Step 2: Prepare for questions

Your presentation may seem complete and clear to you, but to others there may be points that need clarifying or that contain too much information.

Read through your presentation as if seeing it for the first time, Note the points that you would ask questions about. Remind yourself that you will not be able to prepare for every possible question.

Step 3: Prepare yourself

Your instructor will advise you on the details (time. location, audience) of the presentation class. On the day of the presentation, try to observe the following guidelines:

a. If possible, and appropriate, wear professional attire.

b. Try not to be too nervous. The other students in your class are probably feeling the same as you are.

c. If other students are presenting before or after you, give them your attention and participate in the

class. Do not think too much about your presentation but focus instead on what is happening in the class.

Task 2: Deliver the Presentation

Step 1: Submit your portfolio and proposal

a. Submit your portfolio and proposal to your instructor before delivering the presentation.

Step 2: Begin the presentation

a. Introduce yourself.

b. Deliver the presentation, using your portfolio and a slide presentation such as PowerPoint.

• Speak slowly and clearly.

• Stay with your slide sequence. A common mistake is to introduce material and then continue

to talk about it in detail without advancing from the general overview slide for that topic to the

detailed slides that follow.

c. Demonstrate that you know the content of the proposal and sell it as the one that the customer should

adopt.

d. Be prepared to respond to questions from the instructors and students.

Step 3: Conclude the presentation

a. Invite any final questions from the audience.

b. Finish your presentation by assuring the audience that your proposal meets their requirements and

thank them for the opportunity to present it.

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Labskill Chapter 8

Lab 8.1.3 Simulating WAN Connectivity

Step 1: Connect the PCs to the router console ports

a. Referring to the topology diagram, connect a console cable from PC1 to the console port on R1. Connect a consolecable from PC2 to the console port on R2.

b. Apply power to all PCs and routers.

c. Open a HyperTerminal session on each PC and establish a session to the respective router.

Step 2: Configure the serial interface on R1

Within the global configuration mode of R1, enter the following commands:

Router(config)#hostname Router1

Router1(config)#interface serial 0/1/0

Router1(config-if)#ip address 192.168.1.1 255.255.255.0

Router1(config-if)#no shutdown

Router1(config-if)#end

Router1#

Step 3: Configure the serial interface on R2

Within the global configuration mode of R2, enter the following commands:

Router(config)#hostname Router2

Router2(config)#interface serial 0/1/1

Router2(config-if)#ip address 192.168.1.2 255.255.255.0

Router2(config-if)#clock rate 56000

Router2(config-if)#no shutdown

Router2(config-if)#end

Router2#

Step 4: View the show interface output

a. On Router1, issue the show interface serial 0/1/0 command from the privileged EXEC

mode to view the encapsulation type.

Router1#show interface serial 0/1/0

Serial0/1/0 is up, line protocol is up

Hardware is GT96K Serial

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set

Keepalive set (10 sec)

Last input 00:00:09, output 00:00:08, output hang never

Last clearing of “show interface” counters 00:19:54

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

14 packets input, 980 bytes, 0 no buffer

Received 9 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

14 packets output, 1026 bytes, 0 underruns

0 output errors, 0 collisions, 8 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=up DSR=down DTR=up RTS=up CTS=up

What is the encapsulation type?

HDLC

b. On Router2, issue the show interface serial 0/1/1 command from the privileged EXEC

mode to view the encapsulation type.

Router2#show interface serial 0/1/1

Serial0/1/1 is up, line protocol is up

Hardware is HD64570

Internet address is 192.168.1.2/24

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation HDLC, loopback not set, keepalive set (10 sec)

Last input 00:00:05, output 00:00:06, output hang never

Last clearing of “show interface” counters never

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

9 packets input, 616 bytes, 0 no buffer

Received 4 broadcasts, 0 runts, 0 giants, 0 throttles

2673 input errors, 2673 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort

101 packets output, 4001 bytes, 0 underruns

0 output errors, 0 collisions, 43 interface resets

0 output buffer failures, 0 output buffers swapped out

5 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

What is the encapsulation type?

HDLC

Step 5: Test router connectivity

From Router2, ping Router1 to test connectivity.

Router2#ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms

If the ping is unsuccessful, troubleshoot the routers until connectivity is attained.

Step 6: Change the encapsulation type to PPP

From the privileged EXEC mode, issue the following commands to change the encapsulation type on the

connecting serial interfaces of both routers to PPP.

Router1#config terminal

Router1(config)#interface serial 0/1/0

Router1(config-if)#encapsulation ppp

Router1(config-if)#end

Router1#

Router2#config terminal

Router2(config)#interface serial 0/1/1

Router2(config-if)#encapsulation ppp

Router2(config-if)#end

Router2#

Step 7: View the show interface output

a. On Router1, issue the show interface serial 0/1/0 command from the privileged EXEC

mode to view the encapsulation type.

Router1#show interface serial 0/1/0

Serial0/1/0 is up, line protocol is up

Hardware is GT96K Serial

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Open

Open: IPCP, CDPCP, loopback not set

Keepalive set (10 sec)

Last input 00:00:18, output 00:00:03, output hang never

Last clearing of “show interface” counters 00:01:49

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

31 packets input, 1837 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

40 packets output, 2960 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 output buffer failures, 0 output buffers swapped out

8 carrier transitions

DCD=up DSR=down DTR=up RTS=up CTS=up

b. On Router2, issue the show interface serial 0/1/1 command from privileged EXEC mode to

view the encapsulation type.

Router2#show interface serial 0/1/1

Serial0/1/1 is up, line protocol is up

Hardware is HD64570

Internet address is 192.168.1.2/24

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load

1/255

Encapsulation PPP, loopback not set, keepalive set (10 sec)

LCP Open

Open: IPCP, CDPCP

Last input 00:00:01, output 00:00:01, output hang never

Last clearing of “show interface” counters never

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

54 packets input, 4042 bytes, 0 no buffer

Received 28 broadcasts, 0 runts, 0 giants, 0 throttles

2673 input errors, 2673 CRC, 0 frame, 0 overrun, 0 ignored, 1 abort

137 packets output, 6252 bytes, 0 underruns

0 output errors, 0 collisions, 47 interface resets

0 output buffer failures, 0 output buffers swapped out

5 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

Can the serial interface on Router2 be pinged from Router1?

Can the serial interface on Router1 be pinged from Router2?

If the answer is no for either question, troubleshoot the router configurations to find the error.

Then issue the pings again until the answer to both questions is yes.

Step 8: Configure PPP authentication on R1 with CHAP

a. Configure the CHAP username and password on the R1 router. The username must be identical to

the hostname of the other router. Both the password and usernames are case-sensitive. Define the

username and password to expect from the remote router. On Cisco routers, the secret password

must be the same for both routers.

Router1(config)#username Router2 password cisco

Router1(config)#interface serial 0/1/0

Router1(config-if)#ppp authentication chap

Router1(config-if)#end

Router1#

Step 9: Configure PPP authentication on R2 with CHAP

a. Configure the CHAP username and password on the R2 router. The passwords must be the

same on both routers. The username must be identical to the hostname on the other router. Both

the password and user names are case-sensitive. Define the username and password to expect

from the remote router.

Router2(config)#username Router1 password cisco

Router2(config)#interface serial 0/1/1

Router2(config-if)#ppp authentication chap

Router2(config-if)#end

Router2#

Step 10: Verify that the serial connection is functioning

Verify that the serial connection is functioning by pinging the serial interface of R1.

Was it successful?

yes

Router2#ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms

Why or why not?

Jawab:

Kedua router menggunakan PPP dengan CHAP dan username yang sesuai dan password diatur pada kedua router.

Step 12: Clean up

a. Erase the configurations and reload the routers.

b. Disconnect and store the cabling.

c. For PC hosts that are normally connected to other networks (such as the school LAN or to the

Internet), reconnect the appropriate cabling and restore the TCP/IP settings.

Lab 8.2.2 Creating a WAN Connectivity Test Plan

Task 1: Review the Supporting Documentation

Step 1: Refer to the WAN Design Test Plan document provided for this lab

Download the WAN Design Test Plan. What is the purpose of this WAN design test? Which elements

of the design will be tested using this plan?

The purpose of this prototype is to demonstrate the use of Frame Relay WAN links to connect a remote site router to a central site router through a router that simulates a Frame Relay switch. Backup Ethernet links from the remote site and central site to a 4th router simulate a VPN backup capability and provide an alternate path in the event that one of the Frame Relay WAN links goes down.

a. Document the purpose of the test in the Introduction section of the WAN Design Test Plan.

b.Review the tests that will be run to validate the prototype.

Step 2: Review the equipment needed to perform the tests

Review the list of all equipment needed to build the prototype and to perform the tests. Be sure to include

cables, optional connectors or components, and software. If the recommended equipment is not available in your lab, discuss possible substitutes with your instructor and classmates, based on interface requirements of the topology.

a. If substitute equipment must be used, list the devices here:

b. Determine the amount of each type of cabling necessary to create the prototype test topology. Record the information on the Equipment chart in the WAN Design Test Plan.

c. Document any special configuration or cabling issues that might arise if substitute equipment is used.

Task 2: Document information regarding Test 1

Task 3: Document information regarding Test 2

Task 4: Reflection / Challenge

Why is Frame Relay a good choice as a primary WAN technology?

Ini adalah teknologi yang fleksibel yang banyak didukung oleh peralatan vendor. Layanan ini biasanya tersedia dari sebagian besar penyedia layanan Telecom (TSPS). Memberikan kestabilan data digital link dengan berbagai CIRs tergantung pada kebutuhan pelanggan. Mendukung berbagai topologi. SLA biasanya available.

When is it most important to have a backup link? How does a backup link compare to a redundant link?

Link Backup diperlukan ketika hilangnya link primer yang akan menyebabkan hilangnya akses ke sumber daya kritis. Ini adalah biaya / resiko keputusan yang dibuat oleh sebuah organisasi.

Lab 8.2.5 Configuring and Verifying WAN Backup Links

Task 1: Build the Network. Task Complete

Step 1 Connect devices

a. Connect the routers as shown in the topology diagram. Refer to the Test Plan in Lab 8.2.2 for cabling

required.

b. For each of the routers to be configured, use the erase startup-config and the reload commands from the privileged EXEC prompt, to ensure that you are starting with a clean configuration.

Task 2: Configure Router ISPX as a Backup. Task Complete

Step 1: Perform basic configuration of the ISPX router

Connect a PC to the console port of the router to perform configurations using a terminal emulation

program.

Configure the router with hostname, passwords, message-of-the–day, and no ip domain lookup.

Router(config)#hostname ISPX

ISPX(config)#line console 0

ISPX(config-line)#password cisco

ISPX(config-line)#login

ISPX(config-line)#exit

ISPX(config)#line vty 0 4

ISPX(config-line)#password cisco

ISPX(config-line)#login

ISPX(config-line)#exit

ISPX(config)#enable password cisco

ISPX(config)#enable secret class

ISPX(config)#no ip domain-lookup

ISPX(config)#banner motd #Unauthorized use prohibited#

Step 2: Configure ISPX router FastEthernet interfaces

Configure the FastEthernet interfaces for the backup links to the Edge2 and BR3 routers. Configure a

description and the IP address, and activate each interface.

Step 3: Configure a static route on the ISPX router to the FilmCompany local network

On the ISPX router, configure a normal static route to the BR3 network 172.18.225.0/25 via the Fa0/0

interface on BR3.

Step 4: Configure a static route on the ISPX router to the stadium local network

On the ISPX router, configure a normal static route to the Edge2 network 172.18.3.0/24 via the Fa0/1

interface on Edge2.

Task 3: Configure the Stadium Edge2 Router. Task Complete:

Step 1: Perform basic configuration of the router

Connect a PC to the console port of the router to perform configurations using a terminal emulation program. Erase and reload the router before starting.

Configure the router with a hostname, passwords, message-of-the–day, and no ip domain lookup.

Step 2: Configure stadium router Edge2 interfaces

Configure the Serial 0/1/1 interface with Frame Relay encapsulation. Configure a point-to-point

subinterface for DLCI 110.

Edge2(config)#interface serial0/1/1

Edge2(config-if)#description primary link to BR3

Edge2(config-if)#encapsulation frame-relay

Edge2(config-if)#no shutdown

Edge2(config-if)#interface serial0/1/1.110 point-to-point

Edge2(config-subif)#ip address 172.18.0.9 255.255.255.252

Edge2(config-subif)#frame-relay interface-dlci 110

Edge2(config-fr-dlci)#end

Configure FastEthernet 0/0 interface for the stadium LAN network 172.18.3.0/24.

Configure FastEthernet 0/1 interface for the backup link to the ISPX router per the topology diagram.

Step 3: Configure a dynamic routing protocol on stadium router Edge2

On Edge2, configure the EIGRP routing protocol to advertise the 172.18.3.0/24 network and the

172.18.0.8/30 network. Use EIGRP process ID 10. Disable auto-summary.

Configure EIGRP MD5 authentication to accept updates from the FilmCompany router BR3 on the Frame Relay subinterface.

Sample steps to configure EIGRP authentication are:

Edge2#configure terminal

Edge2(config)#key chain MYCHAIN

Edge2(config-keychain)#key 1

Edge2(config-keychain-key)#key-string securetraffic

Edge2(config-keychain-key)#exit

Edge2(config)#interface serial 0/1/1.110

Edge2(config-subif)#ip authentication mode eigrp 10 md5

Edge2(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN

Edge2(config-subif)#end

Edge2#

Until EIGRP and MD5 configuration are complete on router BR3, no EIGRP updates will be received.

The debug eigrp packet command can be used to view the EIGRP exchange as it is occurring

between the routers.

Task 4: Configure the FilmCompany BR3 Router. Task Complete:

Step 1: Perform basic configuration of the router

Connect a PC to the console port of the router to perform configurations using a terminal emulation

program. Erase and reload the router before starting.

Configure the router with a hostname, passwords, message-of-the–day, and no ip domain lookup.

Step 2: Configure router BR3 interfaces

Configure Serial 0/1/0 interface with Frame Relay encapsulation. Configure a point-to-point

subinterface for DLCI 100.

BR3(config)#interface serial0/1/0

BR3(config-if)#description primary link to Edge2

BR3(config-if)#encapsulation frame-relay

BR3(config-if)#no shutdown

BR3(config-if)#interface serial0/1/0.100 point-to-point

BR3(config-subif)#ip address 172.18.0.10 255.255.255.252

BR3(config-subif)#frame-relay interface-dlci 100

BR3(config-fr-dlci)#end

Configure FastEthernet 0/1 interface for the FilmCompany LAN network 172.18.225.0/25.

Configure FastEthernet 0/0 interface for the backup link to the ISPX router per the topology diagram.

Step 3: Configure the dynamic routing protocol on router BR3

On BR3, configure the EIGRP routing protocol to advertise the 172.18.225.0/25 network and the

172.18.0.8/30 network. Use EIGRP process ID 10. Disable auto-summary.

Configure EIGRP MD5 authentication to accept routing updates from the Edge2 router on interface

serial0/1/0.100.

BR3#configure terminal

BR3(config)#key chain MYCHAIN

BR3(config-keychain)#key 1

BR3(config-keychain-key)#key-string securetraffic

BR3(config-keychain-key)#exit

BR3(config)#interface serial 0/1/0.100

BR3(config-subif)#ip authentication mode eigrp 10 md5

BR3(config-subif)#ip authentication key-chain eigrp 10 MYCHAIN

BR3(config-subif)#end

When authentication is configured, both Edge2 and BR3 should begin accepting EIGRP updates. Use

the show ip route command to verify that the routes to the LAN devices have been learned.

Until EIGRP and MD5 configuration are complete on router BR3, no EIGRP updates will be received

successfully. The command debug eigrp packet shows when EIGRP authentication is

successful. Example output of the debug eigrp packet command once BR3 is correctly

configured is shown below:

BR3#debug eigrp packet

00:47:04: EIGRP: received packet with MD5 authentication, key id = 1

00:47:04: EIGRP: Received HELLO on Serial0/1/0.100 nbr 172.18.0.9

Task 5: Conduct Primary Frame Relay Link Testing Based on the Test Plan. Task

Complete:

Execute the procedures outlined in Test 1 to test the simulated Frame relay network. Record the results of the tests in the Test 1: Results and Conclusions section.

Step 1: Console into routers Edge2 and BR3 and verify the basic configuration, IP addressing, Frame Relay

Issue the show running-config command for each of the routers to verify passwords, IP addressing, and Frame Relay configuration. See end of lab for router configs.

Step 2: Verify the Frame Relay configuration on Edge2, BR3, and FR1

Use show frame-relay commands to verify the Frame Relay configurations. See Lab 8.2.4 for command output.

show frame-relay map – Status of point-to-point links

show frame-relay pvc – Permanent Virtual Circuit (PVC) status and statistics

show frame-relay lmi – Local Management Interface (LMI) statistics

show frame-relay route – DLCI/interface routing (FR1 switch only)

Step 3: Verify routing table contents on router Edge2

Display the routing table for Edge2 using the show ip route command.

Edge2#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS

level-2

ia – IS-IS inter area, * – candidate default, U – per-user static

route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks

C 172.18.0.248/30 is directly connected, FastEthernet0/1

D 172.18.225.0/25

[90/2172416] via 172.18.0.10, 00:09:33, Serial0/0/1.110

C 172.18.0.8/30 is directly connected, Serial0/0/1.110

C 172.18.3.0/24 is directly connected, FastEthernet0/0

Is there an EIGRP route to the FilmCompany LAN 172.18.225.0/25?

What is the AD of this route?

What is the next hop IP address to get to this network?

172.18.0.10 (F/R link)

Does the primary route take the Frame Relay link?

Step 4: Verify routing table contents on router BR3

Display the routing table for BR3 using the show ip route command.

BR3#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS

level-2

ia – IS-IS inter area, * – candidate default, U – per-user static

route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks

C 172.18.225.0/25 is directly connected, FastEthernet0/1

C 172.18.225.248/30 is directly connected, FastEthernet0/0

C 172.18.0.8/30 is directly connected, Serial0/0/0.100

D 172.18.3.0/24 [90/2172416] via 172.18.0.9, 00:11:59,

Serial0/0/0.100

Is there an EIGRP route to the Edge2 network 172.18.3.1/24?

What is the AD of this route?

Step 5: Verify routing table contents on router ISPX

Display the routing table for ISPX using the show ip route command.

ISPX#show ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS

level-2

ia – IS-IS inter area, * – candidate default, U – per-user

static route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.18.0.0/16 is variably subnetted, 4 subnets, 3 masks

C 172.18.0.248/30 is directly connected, FastEthernet0/1

S 172.18.225.0/25 [1/0] via 172.18.225.249

C 172.18.225.248/30 is directly connected, FastEthernet0/0

S 172.18.3.0/24 [1/0] via 172.18.0.249

Are there any EIGRP routes?

Tidak

Why or why not?

ISPX router tidak menjalankan protokol EIGRP.

Are there any static routes and if so, to what network?

Ya, pada BR3 LAN network 172.18.225.0/25 dan pada Edge2 LAN network 172.18.3.0/24

What is the purpose of these static routes?

Menyediakan rute dari Edge2 untuk LAN BR3 melalui router ISPX. Jika ISP tidak akan tahu bagaimana untuk sampai ke sana.

Step 6: Test IP connectivity between routers Edge2 and BR3 via the primary Frame Relay link

Ping from Edge2 to the IP address of host PC2. Was the ping successful?

If not, troubleshoot until successful.

Ping from BR3 to the IP address of host PC1.

Was the ping successful?

If not, troubleshoot until successful.

Verify that traffic is taking the correct path by using the traceroute command.

Turn off all debugging using the undebug all command.

Record all results in the WAN Design Test Plan document in the Test 1: Results and Conclusions section.

Perform Test 2: Backup Link Configuration Test

Task 6: Configure floating static routes. Task Complete:

Step 1: Configure a floating static route on Edge2 and BR3 via the primary Frame Relay link.

On Edge2, configure a static route to the FilmCompany LAN (172.18.225.0/25) using the next hop

address of the interface Fa0/1 on router ISPX. Configure the administrative distance on the floating

static routes to be 130, greater than the administrative distance of the EIGRP learned route.

On BR3, configure a static route to the stadium LAN (172.18.3.0/24) using the next hop address of

the interface Fa0/0 on router ISPX. Configure the administrative distance on the floating static route

to be 130, greater than the administrative distance of the EIGRP learned route.

Task 7: Conduct Backup Link Test. Task Complete:

Step 1: Test the backup link though the ISPX router by taking down the primary Frame Relay link

Cause the Frame Relay link from Edge2 to FR1 to fail by shutting down the Serial 0/1/1 interface.

Step 2: Verify routing table contents on router Edge2

Display the routing table for Edge2 using the show ip route command.

Edge2#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS

level-2

ia – IS-IS inter area, * – candidate default, U – per-user

static route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.18.0.0/16 is variably subnetted, 3 subnets, 3 masks

C 172.18.0.248/30 is directly connected, FastEthernet0/1

S 172.18.225.0/25 [130/0] via 172.18.0.250

C 172.18.3.0/24 is directly connected, FastEthernet0/0

Is there an EIGRP route to the FilmCompany network 172.18.225.0/25 now?

Tidak

Is the floating static backup route to the FilmCompany network 172.18.225.0/25 that you defined

earlier now present?

What is the AD of this route?

130

What is the next hop IP address to get to the 172.18.225.0/25 network?

172.18.0.250 (ISPX Fa0/1 link)

Does the backup route take the ISPX link?

Step 3: Verify routing table contents on router BR3

Display the routing table for BR3 using the show ip route command.

BR3#sh ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS

level-2

ia – IS-IS inter area, * – candidate default, U – per-user static

route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.18.0.0/16 is variably subnetted, 3 subnets, 3 masks

C 172.18.225.0/25 is directly connected, FastEthernet0/1

C 172.18.225.248/30 is directly connected, FastEthernet0/0

S 172.18.3.0/24 [130/0] via 172.18.225.250

Continue to issue the show ip route command until the EIGRP route is gone and the floating

static route is installed, otherwise ping responses (echo reply) cannot be sent back to Edge2.

Is there an EIGRP route to the Edge2 network 172.18.3.0/24?

Tidak

Is there a floating static route?

What is the AD of this route?

130

What is the next hop IP address to get to the 172.18.3.0/24 network?

172.18.225.250 (ISPX Fa0/0)

Step 4: Test IP connectivity between routers Edge2 and BR3 via the backup Ethernet link

a. Ping from PC1 on Edge2 to the IP address of host PC2.

Was the ping successful?

If not, troubleshoot until successful.

Verify that traffic is taking the backup link by using the tracert command from PC1 to PC2. Record the results in the WAN Design Test Plan section Test 2: Results and Conclusions.

Turn off any debugging using the undebug all command.

Step 5: Clean up

Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are

normally connected to other networks (such as the school LAN or to the Internet), reconnect the

appropriate cabling and restore the TCP/IP settings.

Task 8: Reflection / Challenge

When is it most important to have a backup link? How does a backup link compare to a redundant link?

Link Backup diperlukan ketika hilangnya link primer yang akan menyebabkan hilangnya akses ke sumber daya kritis. Ini adalah biaya / resiko keputusan yang dibuat oleh sebuah organisasi.

This lab uses the RIP dynamic routing protocol and floating static routes to demonstrate primary and backup routes. Would it be possible to use all static routes and no dynamic routing protocol?

Ya, tapi rute statis untuk semua lokasi jaringan harus ditetapkan untuk komunikasi end-to–end
antara jaringan. Harus ada rute untuk mencapai tujuan jaringan dan rute di tempat tujuan untuk kembali, agar komunikasi dua arah terjadi.

Lab 8.2.6 Evaluating the Prototype Test

Step 1: Identify if weaknesses are present in the design

Is the Frame Relay WAN design able to scale to meet the expected growth?

Ya, layanan Frame Relay biasanya sangat terukur. CIR tambahan dapat dibeli dan sirkuit tambahan dapat ditambahkan jika diperlukan.

Do the results of the prototype test indicate that the Frame Relay configuration will work as expected?

Karena sebuah router bertindak sebagai saklar Frame Relay simulasi, tidak ada cara untuk menguji bandwidth dan kinerja Frame Relay nyata switched jaringan. Karena tidak mungkin untuk menguji kemampuan melalui jaringan Frame Relay TSP sebenarnya ada risiko yang berkaitan dengan desain.

Are there any weaknesses associated with using the VPN connections as backup to the Frame Relay WAN?

Walaupun pengujian memverifikasi bahwa fungsi Ethernet berbasis simulasi backup, ini tidak cukup mensimulasikan penggunaan link VPN sebagai link Fast Ethernet jauh lebih cepat daripada VPN khas. Daerah yang paling kritis risiko adalah kinerja dari link VPN sebagai backup dalam jaringan nyata. Apabila komponen suara dan video dari jaringan ditambahkan ke WAN lalu lintas yang ada, mungkin ada masalah kualitas layanan jika koneksi VPN harus digunakan. VPN arus melalui ISP tidak memiliki tingkat jaminan pelayanan. Selain itu, tidak memiliki mekanisme untuk menyediakan QoS. Akibatnya, link cadangan hanya bisa menyediakan konektivitas terbatas dalam hal kegagalan.

Will a failure of the primary link cause the FilmCompany to lose connectivity to the Stadium LAN?

Tidak, link backup dengan rute statis mengambang akan diaktifkan untuk menyediakan konektivitas ketika F primer / link R gagal.

Does the EIGRP authentication provide for a secure transmission of the routing updates?

Ya, meskipun penggunaan Pesan Digest 5 (MD5). Kombinasi kunci pengenal dan antarmuka yang terkait dengan pesan unik mengidentifikasi algoritma otentikasi dan kunci MD5 otentikasi digunakan.

Step 2: Determine what the risks are of not correcting the weaknesses

If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to

FilmCompany?

Risikonya adalah bahwa jaringan Frame Relay bawah beban aktual pengguna yang sebenarnya tidak akan melakukan serta link disimulasikan dalam prototipe. Juga, link VPN cadangan disimulasikan mungkin tidak bekerja seperti yang diharapkan dalam hal pemulihan menggunakan link VPN nyata bukan link FastEthernet simulasi. Penerimaan akhir dari desain mungkin harus menunggu sampai hasil instalasi pilot diketahui.

Step 3: Suggest ways that the design can be improved to reduce the risk

In what ways could the proposed design be improved to reduce the areas of risk?

Jika waktu dan uang mengizinkan, uji coba dapat dijalankan di mana sirkuit F/R sementara dengan CIR tertentu bisa dipasang dengan kerjasama layanan yang disediakan dan beban uji simulasi dapat dihasilkan pada berbagai waktu untuk memastikan kinerja di bawah tinggi –volume kondisi. Tingkat perjanjian layanan (SLA) juga bisa dinegosiasikan untuk menyediakan asuransi yang rangkaian akan bekerja seperti yang diharapkan selama periode beban puncak. Sehubungan dengan link backup VPN, pilot dapat termasuk penggunaan koneksi VPN aktual melalui link DSL ke lebih akurat menunjukkan kemampuan pemulihan dari desain yang diusulkan.

Step 4: Document the weaknesses and risks on the test plan

In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested improvements.

Step 4: Reflection

Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected?

Adalah penting untuk mengidentifikasi kelemahan dan risiko dalam desain yang diusulkan sebelum menyajikannya kepada pelanggan untuk memastikan bahwa pelanggan memahami keterbatasan prototipe dan tidak mengarah pada memiliki harapan yang tidak realistis berdasarkan prototipe. Mungkin tidak mungkin untuk mengimbangi semua kelemahan yang dapat diidentifikasi karena waktu, uang atau kendala personil. Risiko harus dianalisa dan seimbang terhadap variabel-variabel lainnya.

Lab 8.3.2 Creating a VPN Connectivity Test Plan

Step 1: Review the VPN Design Test Plan

Review the VPN Design Test Plan. Note the tests that the designer indicates are necessary to perform using the prototype network.

Test 1: Description and purpose:

EasyVPN Server Setup Verifikasi

Test 2: Description and purpose:

Konektivitas Test Klien VPN

Step 2: Review the Equipment section

Which device will be used as the VPN server in the prototype network? 1841 Router

What IOS version is necessary to configure the EasyVPN server? Advanced Layanan IP versi 12,4 atau di atas dan Cisco SDM

Is equipment available in your lab with the correct IOS to build the prototype network configuration?

Step 3: Review the Design and Topology section

At the top of this lab, the actual VPN topology is shown, as well as the topology being used in the prototype test. Compare both topologies. Remote workers usually connect to the Internet and then use client software to create the VPN tunnel to the server. In the prototype environment, the connection between the VPN client and the VPN server is a much more direct connection.

What is the risk of testing the VPN operation in a prototype environment?

Kondisi dunia nyata tidak dapat dengan mudah disimulasikan. Server VPN akan memberikan alamat logis ke remote host H1 yang berlaku di jaringan internal. Alamat ini akan ditugaskan secara dinamis, ketika terowongan VPN dibuat.

Step 4: Review the Test 1 Description, Procedures, and Expected Results sections

The designer needs to verify that the EasyVPN server can be configured and managed by the existing

personnel. It is important to document how the Cisco SDM software can be used to configure and manage the VPN server.

Step 5: Review the Test 2 Description, Procedures, and Expected Results sections

Read through the Test 2 information in the test plan. Determine an appropriate goal for Test 2 and fill in the table in the VPN Design Test Plan.

After reading the Procedures section, what do you think would be a successful outcome of completing the

Test 2 procedures?

Successful connection to the VPN server using the external VPN client

Successful tunnel establishment

VPN client has received an internal IP address from the VPN server.

VPN client can ping an internal host or connect to an internal server service

Record your answers in the Expected Results and Success Criteria section for Test 2.

Reflection / Challenge

Why do you think it is important to test the VPN operation in a pilot installation, as well as a prototype test?

Implementasi pilot dapat menguji konfigurasi dan operasi dalam lingkungan dunia nyata.

What are the benefits of managing the VPN server with internal personnel, rather than using the ISP to

manage it?

Hal ini lebih fleksibel. Mengurangi biaya. Lebih mudah untuk menambahkan klien tambahan.

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Labskill Chapter 7

Lab 7.1.6 Analyzing a Test Plan and Performing a Test

Task 1: Analyze the Test Plan

Analyze the test plan shown above and answer the following questions:

a. What are the four main sections of the test plan?

1) Introduction,

2) Equipment,

3) Design / Topology Diagram,

4) Test Descriptions and related testing information. (Test procedure, success criteria, and conclusions subsections repeat for each test within the test plan.)

How many tests are defined within the test plan in this lab?

In which testing subsection would you find the types of commands or analysis tools used to determine

if the test was successful?

Procedures

d. In which main test plan section would you find a description the devices and cabling used to build the

prototype for the test plan?

Equipment

e. In which main testing section would an overall description of the tests to be performed and the

reasons why they are being specified in the test plan?

Introduction

Task 2: Configure the PCs and switch VLANs and perform Test 1

Step 1: Connect devices and configure PC IP addresses

Connect the switch to the router as shown in the Test Plan topology diagram.

Connect the PC1 and PC2 hosts to the switch using the ports indicated in the Test Plan topology table.

Using the IP address information from the Test Plan table, configure PC1 and PC2.

Step 2: Prepare the switch for configuration

Connect a PC with a console cable to the switch to perform configurations using a terminal emulation

program. Confirm that the switch is ready for lab configuration by ensuring that all existing VLAN and general configurations are removed. Remove the switch startup configuration file from NVRAM.

Switch#erase startup-config

Erasing the nvram filesystem will remove all files! Continue? [confirm]

Press Enter to confirm. The response should be:

Erase of nvram: complete

If the switch has previously been configured with VLANs, it will necessary to delete the VLAN

database information file. From the privileged EXEC mode, issue the following commands:

Switch#delete vlan.dat

Delete filename [vlan.dat]?[Enter]

Delete flash:/vlan.dat? [confirm] [Enter]

If there was no VLAN file, this message is displayed.

%Error deleting flash:/vlan.dat (No such file or directory)

It is recommended that the delete command not be issued as: delete flash:vlan.dat.

Accidentally omitting vlan.dat from this command could lead to the complete IOS being deleted

from flash memory. Issuing the reload command to restart the switch may not always clear the previous VLAN configuration; for that reason, the power cycle (hardware restart) step is recommended.

Step 3: Configure VLANs on switch S1

Configure switch S1 with a hostname and passwords.

Switch(config)#hostname FC-ASW-1

FC-ASW-1(config)#enable password cisco

FC-ASW-1(config)#enable secret class

FC-ASW-1(config)#line console 0

FC-ASW-1(config-line)#password cisco

FC-ASW-1(config-line)#login

FC-ASW-1(config-line)#line vty 0 15

FC-ASW-1(config-line)#password cisco

FC-ASW-1(config-line)#login

FC-ASW-1(config-line)#exit

FC-ASW-1(config)#

Configure switch S1 with the VLAN 1 IP address of 10.0.1.2/24.

FC-ASW-1(config)#interface vlan1

FC-ASW-1(config-if)#ip address 10.0.1.2 255.255.255.0

FC-ASW-1(config-if)#no shutdown

FC-ASW-1(config-if)#exit

FC-ASW-1(config)#

Configure switch S1 with the default gateway address of 10.0.1.1.

FC-ASW-1(config)#ip default-gateway 10.0.1.1

FC-ASW-1(config)#

Create VLAN 10 named main-net and VLAN 20 named voice.

FC-ASW-1(config)#vlan 10

FC-ASW-1(config-vlan)#name main-net

FC-ASW-1(config-vlan)#exit

FC-ASW-1(config-vlan)#vlan 20

FC-ASW-1(config-vlan)#name voice

FC-ASW-1(config-vlan)#exit

FC-ASW-1(config)#

Assign interface range Fa0/2 through Fa0/12 to VLAN 10.

FC-ASW-1(config)#interface range fa0/2 – 12

FC-ASW-1(config-if-range)#switchport mode access

FC-ASW-1(config-if-range)#switchport access vlan 10

FC-ASW-1(config-if-range)#exit

FC-ASW-1(config)#

Assign interface range Fa0/13 through Fa0/24 to VLAN 20.

FC-ASW-1(config)#interface range fa0/13 – 24

FC-ASW-1(config-if-range)#switchport mode access

FC-ASW-1(config-if-range)#switchport access vlan 20

FC-ASW-1(config-if-range)#end

FC-ASW-1#

Step 4: Perform Test 1 to determine if the hosts can communicate between VLANs

a. Issue the show running-config commands from the switch and verify all basic configuration

settings. See output at end of lab.

b. Issue the show vlan brief command on the switch to verify what ports are in which VLANs.

Which switch ports are in VLAN 1?

Fa0/1 Gi0/1, Gi0/2

Which switch ports are in VLAN 10?

Fa0/2 – Fa0/12

Which switch ports are in VLAN 20?

Fa0/13 – Fa0/24

FC-ASW-1#show vlan brief

VLAN Name Status Ports

1 default active Fa0/1, Gi0/1, Gi0/2

10 main-net active Fa0/2, Fa0/3, Fa0/4, Fa0/5

Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/11, Fa0/12

20 voice active Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

<*** output omitted ***>

c. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2.

Would you expect the ping to be successful?

Tidak

Why or why not?

PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs.

d. Change the IP address of PC2 to 10.0.10.5 so that the two PCs are on the same network and ping again. Would you expect the ping to be successful?

Tidak

Why or why not?

Alamat IP PC punya alamat jaringan yang sama tapi masih di VLAN yang berbeda

e. Move the cable for PC2 to a port that is in the VLAN 10 range (Fa0/2 to Fa0/12) and ping again.

Would you expect the ping to be successful?

Why or why not?

Alamat IP PC berada pada jaringan dan VLAN yang sama

f. Change the IP address for PC2 back to 10.0.20.2 and move the cable back to Fa0/14 in VLAN 20.

This test demonstrated that the PCs from the main-net cannot communicate with the PCs on the voice net without assistance from a Layer 3 device.

Task 3: Configure the switch and router for VLAN routing and perform Test 2

Step 1: Configure VLAN trunking on switch S1

Configure trunking between switch S1 and the router with 802.1 encapsulation on both devices.

FC-ASW-1#int fa0/1

FC-ASW-1(config-if)#switchport mode trunk

FC-ASW-1(config-if)#end

Step 2: Perform basic configuration of the router.

Connect a PC to the console port of the router to perform configurations using a terminal emulation

program. Configure router R1 with a hostname and console, Telnet, and privileged passwords according to the table diagram.

Router(config)#hostname FC-CPE-1

FC-CPE-1(config)#line con 0

FC-CPE-1(config-line)#password cisco

FC-CPE-1(config-line)#login

FC-CPE-1(config-line)#line vty 0 4

FC-CPE-1(config-line)#password cisco

FC-CPE-1(config-line)#login

FC-CPE-1(config-line)#exit

FC-CPE-1(config)#enable password cisco

FC-CPE-1(config)#enable secret class

FC-CPE-1(config)#no ip domain lookup

Step 3: Configure VLAN Trunking on the Router

Configure router R1 Fa0/0 interface to trunk for VLAN 1, VLAN 10, and VLAN 20 with 802.1Q

encapsulation.

FC-CPE-1(config)#interface fa0/0

FC-CPE-1(config-if)#no shutdown

FC-CPE-1(config-if)#interface fa0/0.1

FC-CPE-1(config-subif)#encapsulation dot1Q 1

FC-CPE-1(config-subif)#ip address 10.0.1.1 255.255.255.0

FC-CPE-1(config-subif)#exit

FC-CPE-1(config)#interface fa0/0.10

FC-CPE-1(config-subif)#encapsulation dot1Q 10

FC-CPE-1(config-subif)#ip address 10.0.10.1 255.255.255.0

FC-CPE-1(config-subif)#exit

FC-CPE-1(config)#interface fa0/0.20

FC-CPE-1(config-subif)#encapsulation dot1Q 20

FC-CPE-1(config-subif)#ip address 10.0.20.1 255.255.255.0

FC-CPE-1(config-subif)#end

FC-CPE-1#

On the router, issue the command show vlans.

What information is displayed?

The 802.1Q trunk subinterfaces, the address configured and the number of packet transmitted and received

FC-CPE-1#show vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.1

This is configured as native Vlan for the following interface(s) :

FastEthernet0/0

Protocols Configured: Address: Received: Transmitted:

IP 10.0.1.1 21 43

Other 0 138

396 packets, 67954 bytes input

181 packets, 51149 bytes output

Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.10

Protocols Configured: Address: Received: Transmitted:

IP 10.0.10.1 94 25

Other 0 12

94 packets, 15324 bytes input

37 packets, 3414 bytes output

Virtual LAN ID: 20 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.20

Protocols Configured: Address: Received:

Transmitted:

IP 10.0.20.1 9781 113

Other 0 14

9781 packets, 939660 bytes input

127 packets, 9617 bytes output

From switch S1, issue the command show interfaces trunk.

What interface on switch S1 is in trunking mode?

Fa0/1

Which VLANs are allowed and active in the management domain?

1, 10, 20

FC-ASW-1#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-4094

Port Vlans allowed and active in management domain

Fa0/1 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,10,20

Step 4: Perform Test 2 to determine if the hosts can communicate between VLANs through the use of inter-vlan routing provide by a router

a. Issue the show running-config commands from the switch and verify all basic configuration

settings. See output at end of lab.

b. Ping from the switch to the router default gateway for VLAN 1.

Was the ping successful?

c. Telnet from the switch to the router.

Where you successful?

d. With PC1 connected to switch port 4 and PC2 attached to port 14, attempt to ping from PC1 to PC2.

Would you expect the ping to be successful?

Why or why not?

PC IP addresses are on different networks (PC1 is on net 10.0.10.0/24 and PC2 is on net 10.0.20.0/24 and in different VLANs but the router is routing packet between the two independent subnets.

e. Telnet from PC1 to the switch and the router.

Would you expect the Telnet to be successful?

Why or why not?

Physical and IP connectivity has been previously verified. As long as there are no VTY restrictions or ACLs in place, each PC should be able to telnet to either the switch using the VLAN1 IP address or to the router using any of the router subinterface addresses.

f. Issue the show ip route command on the router to display the routing table. How many subnet

routes are there?

3 – All directly connected to the subinterfaces defined for Fa0/0.

(10.0.1.0, 10.0.10.0 and 10.0.20.0)

FC-CPE-1#show ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS

level-2

ia – IS-IS inter area, * – candidate default, U – per-user

static route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

C 10.0.10.0 is directly connected, FastEthernet0/0.10

C 10.0.1.0 is directly connected, FastEthernet0/0.1

C 10.0.20.0 is directly connected, FastEthernet0/0.20

Task 4: Reflection

Why is it important to develop a test plan and prototype network behavior?

Sebuah rencana uji menyediakan dokumen terstruktur digunakan untuk menguji dan membutuhkan tester untuk berpikir dengan hati-hati tentang bagaimana fungsi jaringan untuk diuji dan dievaluasi. Ini membantu untuk membuktikan bahwa hasil yang diharapkan adalah nyata dan bahwa jaringan akan tampil seperti yang diharapkan. Ini berfungsi untuk mendokumentasikan hasil dari upaya pengujian.

Lab 7.2.2 Creating a Test Plan for the Campus Network

Task 1: Review the Supporting Documentation

Step 1: Refer to the proposed LAN Design Topology diagram created in Lab 5.2.4

a. Make a list of all the necessary equipment and cables required to build the LAN portion of the

proposed network design.

b. Make a list of all the VLANs required to implement the design.

Step 2: Review the proposed IP Address Allocation spreadsheet created in Lab 6.2.5

Determine the appropriate IP addressing for the devices identified in Step 1a.

Determine an appropriate IP address range for each VLAN identified in Step 1b.

Task 2: Create the LAN Design Test Plan

The format used to create the test plans may vary. The format used for this and subsequent labs is similar to the document used by the Cisco Customer Proof-of-Concept Labs. It is divided into sections to make it easier to read and understand. The test plan is a formal document that can be included in a proposal. It verifies that the design functions as expected. Many times, customer representatives are invited to view the prototype tests. In these cases, the customer can review the design and see for themselves that the network meets the requirements.

Step 1: Review the contents of the test plan document

Download and review the LAN Design Test Plan. Record a description of each section and what types of

information each section requires you to enter.

Introduction:

Equipment:

Design and Topology:

Test Description:

Test Procedures:

Test Expected Results and Success Criteria:

Test Results and Conclusions:

Appendix:

Step 2: Complete the Introduction section of the test plan

In this example test plan, much of the information has already been entered for you.

Enter the purpose of the test.

Think about why you want to test the LAN portion of the design.

Enter what functions of the LAN design you intend to test.

Three tests are entered for you to use with this test plan.

Test 1: Basic Connectivity

Test 2: VLAN Configuration

Test 3: VLAN Routing.

Step 3: Complete the Equipment Section of the test plan

Using the information you recorded in Task 1, Step 1a, fill in the chart in the equipment section. List

all network devices and cables. Two personal computers are already listed to assist in the testing of

the design. If your school lab does not include the required equipment for the design, discuss possible substitute models with your instructor.

Step 4: Complete the Design and Topology Section of the test plan

a. Copy the LAN topology from the diagram created previously in Lab 5.2.4

Enter the IP addressing information recorded in Task 1, Step 2a, in the IP Address Plan chart.

Enter the VLAN names and IDs recorded in Task 1, Steps 1b and 2b, in the VLAN plan.

Enter any additional information that you want the technician performing the test to be aware of

before the test begins.

Step 5: Complete the Test Description, Procedures, and Expected Results sections of the test plan

In the Test Description section, enter the goals for each of the three tests that you plan to perform.

Test 1 is completed as an example of how to fill in the information. In the Test Procedures section, enter the steps that are necessary to perform each planned test. In the Expected Results and Success Criteria section, enter what you expect the results to be if all the steps in the Test Procedures section are followed correctly. Determine what results need to be observed for the test to be considered a success.

Lab 7.2.5 Testing the FilmCompany Network

Step 1: Build the prototype network

Select the necessary equipment and cables as specified in the Equipment section of the test plan.
See your instructor for assistance in identifying the appropriate equipment.
Using the topology diagram and IP address plan contained in the Design and Topology Diagram section of the test plan, connect and configure the prototype network.
Following the procedures in the Test 1: Procedures section, console into one of the devices and verify that you can ping all of the other device addresses. If you are unsuccessful, verify each device configuration. Repeat the connectivity testing.
Copy and paste the initial device configurations into a document using Notepad or a word processing program. Save or print the document to include with the completed test plan.

Step 2: Verify the functionality of the prototype network

Following the procedures in the Test 1: Procedures, execute the various commands and record the

results of the testing.

Copy and paste the output of the various commands into a document using Notepad or a word

processing program. Save or print the document to include with the completed test plan.

Step 3: Record the test results in the Results and Conclusions section of the test plan

Compare the results that you observed during the testing with the expected results listed in the Test

1: Expected Results and Success Criteria section.

Determine if the testing indicates that the network meets the success criteria. If it does, indicate that

the test is successful.

Task 2: Perform Test 2: VLAN Configuration Test

Step 1: Configure the prototype network

Step 2: Verify the VLAN configuration design

Step 3: Record the test results in the Results and Conclusions section of the test plan

Task 3: Perform Test 3: VLAN Routing Test

Step 1: Configure the prototype network

a. Follow the steps you created in the Test 3: Procedures section of the test plan to configure the router

to route between VLANs.

b. Using the topology diagram shown in the Design and Topology Diagram section of the test plan,

configure the appropriate router to route between the VLANs created in Task 2.

c. Following the steps you listed in the Test 3: Procedures section, console into the switch that is directly

connected to the router. Configure the link between the switch and the router as an 802.1q trunk link

and permit all VLANs across the trunk.

d. Console into the router and configure the router interface directly connected to the switch for 802.1q

encapsulation.

e. Configure the router with the appropriate IP addresses for the various VLANs. Verify that the routes

appear correctly in the routing table.

f. Copy and paste the initial device configurations into a document using Notepad or a word processing

program. Save or print the document to include with the completed test plan.

Step 2: Verify the VLAN routing design

a. Verify that the PCs are configured to be in different VLANs and that the IP address configuration on

the PCs is correct. Configure the IP addresses assigned to the router, in Step 1e, as the default

gateway addresses for the PCs. Verify that the default gateway addresses are on the same networks

as the addresses assigned to the PCs.

b. Following the procedures in the Test 3: Procedures, ping from PC1 to PC2. Copy and paste the

results into a document using Notepad or a word processing program. Save or print the document to

include with the completed test plan.

c. Execute the various show commands to verify that the routing is correct.

d. Record the results in the Test 3: Results and Conclusions section of the test plan.

Step 3: Record the test results in the Results and Conclusions section of the test plan

a. Compare the results that you observed during the testing with the expected results listed in the Test 3: Expected Results and Success Criteria section.

b. Determine if the testing indicates that the network meets the success criteria. If it does, indicate that

the test is successful.

Step 4: Reflection

Was the prototype testing of the FilmCompany LAN design successful? Did having a test plan to work from help you organize your testing?

Lab 7.2.6 Analyzing Results of Prototype Tests

Step 1: Identify if weaknesses are present in the design

Is the design able to scale to meet the growth, or do budget constraints limit the types of hardware and

infrastructure that can be included?

Secara umum, desain bersifat scalable. Prototipe menggunakan beberapa switch dan link yang berulang.

Do the IP addressing and VLAN configurations allow for the proposed growth?

Pengalamatan IP menggunakan skema swasta memanfaatkan ruang alamat 192.168.0.0/22 yang menyediakan ruang cukup untuk pertumbuhan. Ke-11 VLAN pasti semua memungkinkan untuk alamat tambahan yang akan ditambahkan. Melakukan pengujian dengan dua PC dan dua VLAN cukup untuk mencapai tujuan pengujian. Jika bekerja dengan dua PC dan dua VLAN itu akan bekerja dengan PC lebih banyak dan lebih VLAN, kecuali kesalahan konfigurasi diperkenalkan.

Can the selected hardware be upgraded easily without a major reconfiguration of the network?

Secara umum, ya. Stackable tetap 2960 konfigurasi switch digunakan dalam prototipe. IOS software dapat ditingkatkan dengan cukup mudah tapi upgrade perangkat keras mungkin tidak menjadi pilihan. Perluasan kepadatan pelabuhan dan penggunaan kecepatan link berbeda dan media yang dapat menyajikan isu-isu.

Can new Access Layer modules be integrated into the network without disrupting services to existing users?

Ya. Switch tambahan dapat ditambahkan untuk meningkatkan jumlah koneksi di desain dengan gangguan minimal.

Does the design provide for the smallest possible failure domains?

Ya, switch menyediakan segmentasi mikro dan VLAN berisi broadcast dengan menggunakan router dan subinterfaces.

Are there multiple paths and redundant devices to protect against losing connectivity to important services?

Ya. Switch memiliki hubungan yang berulang untuk memberikan cadangan.

Step 2: Determine what the risks are of not correcting the weaknesses

If, in Step 1, you identify weaknesses in the proposed design, what risks do these weaknesses present to

FilmCompany?

Sejak stackable switch dengan konfigurasi tetap digunakan dalam prototipe, perubahan kepadatan port, jenis media atau kecepatan link dapat menimbulkan masalah. Selain menambahkan lebih banyak switch, perluasan kepadatan port tidak mudah dilakukan.

Step 3: Suggest ways that the design can be improved to reduce the risk

In what ways could the proposed design be improved to reduce the areas of risk?

Step 4: Document the weaknesses and risks on the test plan

In the Results and Conclusions section of the test plan, record any weaknesses, risks, and suggested

improvements.

Step 5: Reflection

Why do you think it is important to identify weaknesses and risks in the proposed design before presenting it to the customer? What are some reasons that weaknesses cannot be corrected?

Penting untuk mengidentifikasi kelemahan dan risiko dalam desain yang diusulkan sebelum menyajikannya kepada pelanggan untuk memastikan bahwa pelanggan memahami keterbatasan prototipe dan tidak mengarah pada memiliki harapan yang tidak realistis berdasarkan prototipe. Mungkin mustahil untuk mengimbangi semua kelemahan yang dapat diidentifikasi karena masalah waktu, uang atau kendala personil. Risiko harus dianalisa dan seimbang terhadap variabel-variabel lainnya.

Lab 7.3.2 Creating a Server Farm Test Plan

Task 1: Review the Supporting Documentation

Step 1: Before completing the Server Farm Design Test Plan, review the following materials:

• The prototype topology diagram included at the top of this lab
• The IP Address Plan and VLAN Plan for the prototype topology in the Server Farm Design Test Plan provided with this lab
• The Prototype Network Installation Checklist created by the network designer and provided with this lab
• The partially completed Server Farm Design Test Plan provided with this lab

Step 2: Describe the functions of the network that the designer wants to test with this prototype

Konektivitas dasar, konfigurasi VLAN, operasi VTP, VLAN routing, penyaringan ACL.

Step 3: Using the topology diagram, create a list of the equipment necessary to complete the prototype tests

List any cables that are needed to connect the devices as shown in the topology diagram. Use the information from this list to fill out the chart in the Equipment section of the test plan document.

2 Router, 3 switch, 2 PC, 1 Server, 6 Cat 5 Straight-through kabel, 6 Cat 5 crossover kabel, 1 console cable.

Task 2: Determine the Testing Procedures

Using the information contained on the Prototype Network Installation Checklist and the partially completed Server Farm Design Test Plan document, determine what procedures should be followed to perform each test listed on the plan. Using Test 1 as an example, fill out the procedures sections for Tests 2, 3, and 4.

Think about which commands and tools (such as ping, traceroute, and show commands) you can use to verify that the prototype network is functioning as designed. Decide which outputs to save to prove the results of your tests.

Task 3: Document the Expected Results and Success Criteria

Carefully identify what you expect the results of each test to show. What results would indicate that the tests were a success?

Test 2: VLAN Configuration Test

Show vlans, show spanning-tree, show interface, failure of ping between VLANs

Test 3: VLAN Routing Test

Show vlans, show interface, show IP route, traceroute, and successful ping between VLANs.

Test 4: ACL Filtering Test

Show running config, show interface, show IP route, traceroute, attempts to access unauthorized resources denied.

a. Fill in the Expected Results and Success Criteria section for each test, using the information collected above.

b.Save the completed Server Farm Test Plan. It will be used in subsequent labs.

Reflection

Why is it important to think about and document the expected results and success criteria for each of the

individual tests?

Lab 7.3.3 Configuring and Testing the Rapid Spanning Tree Prototype

Task 1: Configure all devices

Step 1: Configure S1 and S2

Configure the host name, access, and command mode passwords on each switch.

Step 2: Configure interface VLAN 1

Configure the VLAN1 IP address and default gateway on each switch.

Step 3: Configure FC-ASW-1 for server and end user VLANs

VLAN Number	VLAN Name
10	Servers
20	Users

Step 4: Configure ProductionSW for server and end user VLANs

VLAN Number	VLAN Name
10	Servers
20	Users

Step 5: Assign ports to VLANs on FC-ASW-1

FC-ASW-1#configure terminal

FC-ASW-1(config)#interface Fa0/5

FC-ASW-1(config-if)#switchport mode access

FC-ASW-1(config-if)#switchport access VLAN10

FC-ASW-1(config-if)#interface Fa0/6

FC-ASW-1(config-if)#switchport mode access

FC-ASW-1(config-if)#switchport access VLAN20

Step 6: Assign ports to VLANs on ProductionSW

ProductionSW#configure terminal

ProductionSW(config)#interface Fa0/5

ProductionSW(config-if)#switchport mode access

ProductionSW(config-if)#switchport access VLAN10

ProductionSW(config-if)#interface Fa0/6

ProductionSW(config-if)#switchport mode access

ProductionSW(config-if)#switchport access VLAN20

Step 7: Configure trunk ports on FC-ASW-1 to the router and ProductionSW

FC-ASW-1(config)#interface Fa0/1

FC-ASW-1(config-if)#switchport mode trunk

FC-ASW-1(config-if)#interface Fa0/2

FC-ASW-1(config-if)#switchport mode trunk

FC-ASW-1(config-if)#interface Fa0/4

FC-ASW-1(config-if)#switchport mode trunk

Step 8: Configure trunk ports on ProductionSW to FC-ASW-1

ProductionSW(config)#interface Fa0/2

ProductionSW(config-if)#switchport mode trunk

ProductionSW(config-if)#interface Fa0/4

ProductionSW(config-if)#switchport mode trunk

Step 9: Configure VTP on both switches

FC-ASW-1#vlan database

FC-ASW-1(vlan)#vtp server

Step 10: Configure ProductionSW to be a VTP client

ProductionSW#vlan database

ProductionSW(vlan)#vtp client

ProductionSW(vlan)#vtp domain ServerFarm

Step 11: Configure Rapid Spanning Tree Protocol

On each switch, configure Per-VLAN Rapid Spanning Tree Protocol.

FC-ASW-1(config)#spanning-tree mode rapid-pvst

ProductionSW(config)#spanning-tree mode rapid-pvst

Step 12: Perform basic router configuration

Configure hostname, passwords, and line access on R1.

Step 13: Configure Subinterface Fa0/0

BR4#configure terminal

BR4(config)#interface Fa0/0

BR4(config-if)#no shut

BR4(config-if)#interface Fa0/0.1

BR4(config-subif)#description VLAN1

BR4(config-subif)#encapsulation dot1q 1

BR4(config-subif)#ip address 10.0.0.1 255.255.255.0

BR4(config-subif)#interface Fa0/0.10

BR4(config-subif)#description VLAN10

BR4(config-subif)#encapsulation dot1q 10.

BR4(config-subif)#ip address 10.10.10.254 255.255.255.0

BR4(config-subif)#interface Fa0/0.20

BR4(config-subif)#description VLAN20

BR4(config-subif)#encapsulation dot1q20

BR4(config-subif)#ip address 10.10.20.254 255.255.255.0

BR4(config-subif)#end

BR4#

Step 14: Configure two hosts for server VLAN, and two hosts for end user VLAN

a. H1 and H3 should be given IP addresses in the Servers VLAN, with a default gateway of

10.10.10.254.

b. H2 and H4 should be given IP addresses in the Users VLAN, with a default gateway of 10.10.20.254.

Task 2: Perform basic connectivity tests

Step 1: Test intra-VLAN connectivity

a. Ping from H1 to H3.

Is the ping successful?

If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.

b. Ping from H2 to H4.

Is the ping successful?

If the ping fails, troubleshoot the configuration on the hosts and the VLAN configuration on the switches.

Step 2: Test inter-VLAN connectivity

Ping from a host on the Servers VLAN to a host on the Users VLAN.

Is the ping successful?

If the ping fails, troubleshoot the router and switch configurations.

Task 3: Introduce link and device failures into the network, and observe results

Step 1: Determine the port status of the spanning tree on the server switch

FC-ASW-1#show span

VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 32778

Address 0030.F2C9.90A0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Address 0090.21AC.0C10

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

—————- —- — ——— ——– ————————–

Fa0/1 Desg FWD 19 128.3 Shr

Fa0/2 Root FWD 19 128.3 Shr

Fa0/4 Altn BLK 19 128.3 Shr

Fa0/5 Desg FWD 19 128.3 Shr

VLAN0020

Spanning tree enabled protocol ieee

Root ID Priority 32788

Address 0030.F2C9.90A0

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)

Address 0090.21AC.0C10

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

—————- —- — ——— ——– ————————–

Fa0/1 Desg FWD 19 128.3 Shr

Fa0/2 Root FWD 19 128.3 Shr

Fa0/4 Altn BLK 19 128.3 Shr

Fa0/6 Desg FWD 19 128.3 Shr

Which port is not currently participating in forwarding data?

Fa0/4 adalah alternatif

Step 2: Induce a link failure on the server switch

Remove the cable from one of the forwarding ports on FC-ASW-1.

Step 3: View the adjustment to the spanning-tree

Re-issue the show span command.

How long did it take the switches to determine and utilize a backup link?

Step 4: Induce a device failure on the network

Turn off the ProductionSW switch.

Ping from H1 to H2.

Was the ping successful?

Yes, both hosts are on the FC-ASW-1 switch and inter-VLAN

routing is still taking place.

Step 5: Reflect on the test results

In a network with multiple branch offices, why is the use of Rapid Spanning Tree Protocol important?

RSTP adalah penting untuk memastikan konektivitas perangkat pada layer akses di setiap kantor cabang dan bahwa sumber daya seperti server yang dapat diakses oleh pengguna di kantor-kantor lain yang bergantung pada mereka, dalam hal terjadi kegagalan switch-terkait setempat.

Why is it important when implementing a server farm?

RSTP akan membantu untuk memastikan bahwa switch dapat sembuh dengan cepat dan menyimpan server diakses oleh pengguna dalam hal link, switch atau kegagalan port.

Lab 7.3.5 Testing a Prototype Network

Task 1: Assemble and connect component devices

Step 1: Review the Topology Diagram and the Equipment section of the test plan

a. Determine which equipment or suitable substitutes will be required to meet the objectives of the lab.

b. Modify the topology diagram as necessary to fit available equipment.

Step 2: Review the Installation Checklist provided in lab 7.3.2.

Accommodate any equipment limitations with the use of loopback addresses.

Task 2: Perform Test 1: Basic Connectivity Test

Step 1: Using the Installation Checklist, perform the steps to connect and configure the

prototype network to perform Test 1.

Step 2: Perform the Test 1 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.

Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.

Task 3: Perform Test 2: VLAN Configuration Test

Step 1: Using the Installation Checklist, perform the steps to connect and configure the

prototype network to perform Test 2.

Step 2: Perform the Test 2 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.

Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.

Task 4: Perform Test 3: VLAN Routing Test

Step 1: Using the Installation Checklist, perform the steps to connect and configure the

prototype network to perform Test 3.

Step 2: Perform the Test 3 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.

Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary.

Task 5: Perform Test 4: ACL Filtering Test

Step 1: Review security goals for the FilmCompany network

Examine the test plan, checklist, and other documentation to determine how ACLs can support the security goals.

Step 2: Examine results of connectivity tests to determine targets for the ACLs

Decide which devices should be permitted, which protocols should be used, and where ACLs should be

placed.

Step 3: Create ACLs

Step 4: Using the Installation Checklist, perform the steps to connect and configure the

prototype network to perform Test 4.

Step 5: Perform the Test 4 procedures according to the Server Farm Design Test Plan and record the results in the Results and Conclusions section.

Determine if the test was successful. If not, discuss your results with your instructor and the other students in your class. Perform the test again if necessary

Task 6 Reflection

Examine the test results and conclusions. How this network would be affected if:

1. The number of servers was doubled?

Lalu lintas di S2 akan meningkat. Mungkin akan bermanfaat menambahkan saklar dan pemecahan server untuk menghindari single point of failure.

2. The S2 switch had a system failure?

Akses ke server akan hilang.

3. A new branch office with 25 new hosts was added?

Beban pada router R2 atau R1 akan meningkat tergantung pada akses apa yang dibutuhkan pengguna terhadap sumber daya.

Now that you have followed the process of prototyping from creating the plan through testing and recording results and conclusions, what are the advantages and disadvantages of using a simulation program, such as Packet Tracer, compared to building the prototype with physical devices?

Penggunaan program simulasi dapat sangat membantu dalam skenario pengujian berbagai koneksi, alamat IP dan isu-isu lainnya. Perangkat lain dapat dimasukkan ke dalam bermain daripada ketika membangun prototipe menggunakan peralatan yang nyata, namun tidak ada pengganti untuk menggunakan perlengkapan nyata, jika tersedia.

Lab 7.3.6 Identifying Risks and Weaknesses in the Design

Task 1: Identify areas of risk and weakness in the server farm implementation

Step 1: Analyze the physical topology

Examine the server farm topology as one entity and as a part of the entire FilmCompany topology. Look for each of the risks and weaknesses listed in the chart. Describe the devices, connections, and issues that you find, or record None found if the design appears to avoid risks in that area.

Weakness	Risk	Description of Location and Devices
Single point of failure	If a device fails, a portion of the network will be inoperable.
Large failure domain	If a device or link fails, a large portion of the network will be affected
Possible bottlenecks	If the traffic volume increases, thereis a potential for response time to degrade.
Limited scalability	If the network grows more rapidly than expected, a costly upgrade will be needed.
Overly-complex design	If the design is too complex, the current staff will not be able to support it properly.
Other possibleweaknesses (specify):

Step 2: Analyze the results and conclusions of the testing

Basic router and switch configurations were modified to support the following protocols and functions.

Evaluate the results and conclusions that were drawn from the testing. Identify any areas where modifications to the configuration would provide better results, both now and in the future.

	No Change Needed	Modifications Possible
VLAN port assignments
VTP client/server assignments
Root bridge designations
Switch security
Traffic filtering through ACLs
Other (specify):

Task 2: Suggest modifications to the design to address identified risks and weaknesses

From the analysis performed in Task 1, list each risk or weakness and suggest possible changes to the

design to minimize or eliminate it.

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Labskill Chapter 6

Lab 6.1.4 Using CIDR to Ensure Route Summarization

Step 1: Cable and configure the network

Referring to the topology diagram, connect the console (or rollover) cable to the console port on the router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port. Ensure that power has been applied to both the host computer and router.

Step 2: Perform basic router configurations

Establish a HyperTerminal, or other terminal emulation program, from PC1 to each of the three routers in turn and perform the following configuration functions:

Clear any existing configurations on the routers.

Configure the router hostname.

Disable DNS lookup.

Configure an EXEC mode password.

Configure a message-of-the-day banner.

Configure a password for console connections.

Configure a password for vty connections.

Step 3: Configure the interfaces on the three routers

Configure the interfaces on the three routers with the IP addresses from the table.

Save the running configuration to the NVRAM of the router.

Step 4: Configure the Ethernet interfaces

Configure the Ethernet interfaces of Hosts PC1, PC2, and PC3 with the IP addresses from the addressing

table provided under the topology diagram.

Step 5: Verify connectivity of routers

Verify that each router can ping each of the neighboring routers across the WAN links. You should

not have connectivity between end devices yet. However, you can test connectivity between two

routers and between an end device and its default gateway. Troubleshoot if connectivity is not achieved.

Step 6: Verify connectivity of Host PCs

Verify that PC1, PC2, and PC3 can ping their respective default gateways. Troubleshoot if connectivity is not achieved.

Step 7: Configure EIGRP routing on router R1

Consider the networks that need to be included in the EIGRP updates that are sent out by the R1 router.

What directly connected networks exist on R1?

172.17.0.0

172.18.0.0

172.19.0.0

What commands are required to enable EGIRP and include the connected networks in the routing updates?

router eigrp 1

network 172.17.0.0

network 172.18.0.0

network 172.19.0.0

Are there any router interfaces that do not need to have EIGRP updates sent out? Ya

If yes, which ones? Fa0/0 and Fa0/1

What command is used to disable EIGRP updates on these interfaces?

passive-interface FastEthernet0/0 and passive-interface FastEthernet0/1

Step 8: Configure EIGRP on router R2

Consider the networks that need to be included in the EIGRP updates that are sent out by the R2 router.

What directly connected networks exist on R2?

172.16.0.0

172.17.0.0

172.20.0.0

What commands are required to enable EGIRP and include the connected networks in the routing updates?

router eigrp 1

network 172.16.0.0

network 172.17.0.0

network 172.20.0.0

Are there any router interfaces that do not need to have EIGRP updates sent out?Ya

If yes, which ones?

Fa0/0 and Fa0/1

What command is used to disable EIGRP updates on these interfaces?

passive-interface FastEthernet0/0

Step 9: Configure EIGRP routing on the R3 router

Consider the networks that need to be included in the EIGRP updates that are sent out by the R3 router.

What directly connected networks exist on R3?

172.20.0.0

10.1.0.0

What commands are required to enable EGIRP and include the connected networks in the routing updates?

router eigrp 1

network 172.20.0.0

network 10.1.0.0

Are there any router interfaces that do not need to have EIGRP updates sent out?Ya

If yes, which ones?Fa0/0 and Fa0/1

What command is used to disable EIGRP updates on these interfaces?

passive-interface FastEthernet0/0

Step 10: Verify the configurations

Ping between devices to confirm that each router can reach each device on the network and that there is

connectivity between all the PCs. If any of the above pings failed, check your physical connections and configurations. Troubleshoot until connectivity is achieved.

Step 11: Display the EIGRP routing table for each router

Are there summary routes in any of the routing tables?

Ya, tetapi hanya untuk jaringan 10.1.0.0. Auto-summary EIGRP diaktifkan secara default dan merangkum subnetwork 10.1.0.0/16 ke jaringan 10.0.0.0 / 8 classful.

Are there any summary routes for the 172.x.0.0 networks?Tidak

Step 12: Remove automatic summarization

On each of the three routers, remove automatic summarization to force EIGRP to report all subnets. A sample command is given for R1.

R1(config)#router eigrp 1

R1(config-router)#no auto-summary

Step 13: Configure manual summarization on R2

On R2, configure manual summarization so that EIGRP summarizes the four networks 172.16.0.0/16,

172.17.0.0/16, 172.18.0.0/16, and 172.19.0.0/16 as one CIDR route, or 172.16.0.0/14.

You are summarizing multiple classful networks, which creates a supernet, and results in a classless (/14)

network address being advertised.

R2(config)#interface s0/0/1

R2(config-if)#ip summary-address eigrp 1 172.16.0.0 255.252.0.0

Step 14: Confirm that R2 is advertising a CIDR summary route

Examine the routing table of each router using the show ip route command.

R1#show ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

ia – IS-IS inter area, * – candidate default, U – per-user static

route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/0/0

D 172.16.0.0/16 [90/2172416] via 172.17.0.2, 02:13:05, Serial0/0/0

C 172.19.0.0/16 is directly connected, Loopback0

C 172.18.0.0/16 is directly connected, FastEthernet0/0

D 172.20.0.0/16 [90/2681856] via 172.17.0.2, 02:05:21, Serial0/0/0

10.0.0.0/16 is subnetted, 1 subnets

D 10.1.0.0 [90/2684416] via 172.17.0.2, 00:04:25, Serial0/0/0

R2#show ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

ia – IS-IS inter area, * – candidate default, U – per-user static

route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

C 172.17.0.0/16 is directly connected, Serial0/0/0

C 172.16.0.0/16 is directly connected, FastEthernet0/0

D 172.19.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0

D 172.18.0.0/16 [90/2172416] via 172.17.0.1, 02:14:37, Serial0/0/0

C 172.20.0.0/16 is directly connected, Serial0/0/1

10.0.0.0/16 is subnetted, 1 subnets

D 10.1.0.0 [90/2172416] via 172.20.0.1, 00:05:57, Serial0/0/1

D 172.16.0.0/14 is a summary, 00:11:55, Null0

R3#show ip route

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP

D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2

ia – IS-IS inter area, * – candidate default, U – per-user static

route

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

C 172.20.0.0/16 is directly connected, Serial0/0/1

10.0.0.0/16 is subnetted, 1 subnets

C 10.1.0.0 is directly connected, FastEthernet0/0

D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1

Which router has a summarized route to the 172.x.0.0 networks in its routing table?

D 172.16.0.0/14 [90/2172416] via 172.20.0.2, 00:13:32, Serial0/0/1

Step 15: Clean up

Erase the configurations and reload the routers. Disconnect and store the cabling. For PC hosts that are

normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.

Reflection

In this lab, automatic summarization was used. Could route summarization still be applied if more effective use of the IPv4 address space had been made by using VLSM for those networks requiring fewer addresses, such as the serial links between routers?

Lab 6.2.1 Determining an IP Addressing Scheme

Step 1: Consider VLAN issues

The initial step in determining the required VLANs is to group users and services into VLANs. Each of these VLANs will represent an IP subnet.

A VLAN can be considered to be a group of switch ports assigned to a broadcast domain. Grouping the

switch ports confines broadcast traffic to specified hosts so that bandwidth is not unnecessarily consumed in unrelated VLANs. It is therefore a recommended best practice to assign only one IP network or subnetwork to each VLAN.

When determining how to group users and services, consider the following issues:

Flexibility

The employees and hardware of the former AnyCompany will move into the building with the FilmCompany in the near future. The network from this newly acquired company needs to be tightly integrated with the FilmCompany network and a structure put in place to enhance the security of the network.

To support this integration, with improvements in security and performance, additional VLANs need to be

created on the network. These VLANs will also allow the personnel to move to the buildings without additional network changes or interruption in network services.

Security

Security can be better enforced between VLANs than within VLANs.

• Access control lists can be applied to the Distribution Layer router subinterfaces that interconnect the

VLANs to enforce this security.

• The interfaces on the switches can be assigned to VLANs as appropriate to support the network for

the connected device.

• Additional Layer 2 security measures can also be applied to these switch interfaces.

WANs and VPNs

The contract with StadiumCompany adds a number of new requirements. Some FilmCompany personnel will be located at the stadium. Additional personnel and contract workers will also be present at the stadium during live events. These employees will use laptops and the wireless LAN at the FilmCompany branch as well as the wireless LAN at the stadium. To provide network connectivity for these laptops, they will be in their own VLAN. At the stadium, the FilmCompany laptop users will connect to a secure wireless VLAN and use a VPN over the Frame Relay connection between stadium and the FilmCompany branch. With this connection, the laptop users can be attached to the internal FilmCompany network regardless of physical location. To support the video feeds, FilmCompany will need resources available at the stadium. Some of the servers providing these resources will be located at the stadium. Other servers will be located at the branch office of the FilmCompany. For security and performance reasons, these servers, regardless of location, will be on secured VLANs. A separate VPN over the Frame Relay link will be created to connect the servers at the stadium to the servers located at the FilmCompany office.

What are the advantages and disadvantages of using a VPN to extend the wireless and video server

networks over the Frame Relay connection from FilmCompany to the stadium?

Advantages:

Memperluas VLAN melalui VPN di WAN memiliki keuntungan dari keamanan tindakan yang dilakukan terhadap VLAN yang juga sedang diterapkan pada semua host di manapun lokasinya.

Disadvantages:

Kerugiannya adalah bahwa semua siaran VLAN juga melintasi bandwidth sempit pada WAN link, yang mungkin mempengaruhi throughput data

Redundancy

The VLAN structure will support load balancing and redundancy, which are major needs of this new network design. With such a large portion of the FilmCompany operations and revenues dependent on the network operation, a network failure could be devastating. The new VLAN arrangement allows the FC-ASW1 and FCASW2 switches to share the load of the traffic and be backups for each other.

This redundancy is accomplished by sharing the RSTP primary and secondary root duties for the traffic for the different VLANs:

• FC-ASW1 will be the primary root for approximately one-half of the VLAN traffic (not necessarily one half of the VLANs) and FC-ASW2 will be the secondary root for these VLANs.
• The remaining VLANs will have FC-ASW2 as the primary root and FC-ASW1 as the secondary root.

Step 2: Group network users and services

Examine the planned network topology. Applying the issues considered in Step 1, list all the possible

groupings of users and services that may require separate VLANs and subnets.

default VLAN for the Layer 2 devices

voice VLAN to support Voice over IP

VLAN for management hosts and secure peripherals (payroll printer)

VLAN for administrative hosts

VLAN for support hosts

VLAN for high performance production workstations (stationary)

VLAN for mobile production hosts

VLAN for stadium to FilmCompany mobile access VPN

VLAN for network support

VLAN for peripherals for general use (printers, scanners)

VLAN for servers to support video services and storage

VLAN for stadium to FilmCompany video services VPN

VLAN for servers that are publicly accessible

VLAN for terminating unwanted or suspicious traffic

VLAN for undefined future services

Block of addresses are required for NAT pool for BR4

DSL link to the ISP

Addresses for the Frame Relay link to the stadium

Step 3: Tabulating the groupings

The new addressing design needs to be scalable to allow easy inclusion of future services, such as voice.

The current addressing scheme does not allow for managed growth. Correcting this scheme will mean that most devices will be placed on new VLANs and new subnets. In some cases, a device address may not be able to be changed; for example, some of the servers have software registered to their IP addresses. In such cases, the server VLAN will keep its current addressing even though it may not be consistent with the remaining addressing scheme. Other addresses that cannot be changed are the addresses used with the WAN links and the addresses for NAT pool used to access the Internet.

This table shows a possible grouping and addressing scheme. The number of hosts required for the

FilmCompany branch office, including growth, has been determined. Assigning one subnet to each VLAN, the host count for each has been rounded up to the next logical network size supported by the binary patterns used in the subnet mask. Rounding up prevents underestimating the total number of host addresses required

VLAN number	Network name	Nomor alamat host	PredeterminedNetwork Address	Deskripsi
1	default	14		Default VLAN for the Layer 2 devices
10	voice	254		Voice VLAN to support Voice over IP
20	management	14		Management hosts and secure peripherals (payroll printer)
30	administrative	62		Administrative hosts
40	support	126		Support hosts
50	production	126		High performance production workstations (stationary)
60	mobile	62		Mobile production hosts
70	net_admin	14		Network support
80	servers	65534	172.17.0.0 /16	Servers to support video servicesand storage
90	peripherals	62		Peripherals for general use (printers,scanners)
100	web_access	14		VLAN for servers that are publiclyaccessible
120	future	126		VLAN for future services
999	null	126		VLAN for terminating unwanted orsuspicious traffic
NA	NAT_pool	6	209.165.200.224/29	Addresses for NAT pool for BR4 orinterface to ISP4
NA	DSL_Link	2	192.0.2.40 /30	DSL link to the ISP
NA	Frame_Link	2	172.18.0.16/30	Address of the FR link to thestadium

Step 4: Determine the total number of hosts to be addressed

To determine the block of addresses to be used, count the number of hosts. To calculate the addresses,

count only the hosts that will receive addresses from the new block. Use the information in the table in Step 3 to complete this chart to calculate the total number of hosts in the new FilmCompany network requiring addresses.

Reflection / Challenge

This lab provided a step-by-step process for determining an addressing scheme for a corporate network.

Discuss and consider the issues that would arise if this planning process was not methodically used.

Lab 6.2.2 Determining the Number of IP Networks

Task 1: Review Address Block Size

Review and record the total number of hosts to be addressed.

Complete this table with the information determined in Lab 6.2.1.

Network/VLAN Name	#Number of host addresses
Default	14
Voice	254
Management	14
Administrative	62
Support	126
Production	126
Mobile	62
Peripherals	62
Net_admin	14
Web_access	14
Future	126
Null	126
Total	1000

What is the smallest address block size that can potentially satisfy the FilmCompany network needs?

1024

Task 2: Choose or Obtain an Address Block

Step 1: Choose public or private addresses?

A block of addresses needs to be acquired to support the addressing scheme. This block of addresses could be private space addresses or public addresses. In most cases, the network users require only outbound connections to the Internet. Only a few hosts, such as web servers, require public addresses. These often exist on the local LAN with private addresses and have static NAT entries on the border router to translate to public addresses. Public address, however, are expensive and often difficult to justify. Can you make a justification of the use public addresses in this network?

Tidak

If so, write this justification to forward to the ISP:

Step 2: Ensure that the private space addresses do not conflict

Although you are allowed to use private space addresses any way you choose, you must make sure that the addresses used do not conflict with another private space address to which this network will be connected. You must identify other networks to which you are connected and make sure that you are not using the same private addresses. In this case, you need to examine the addresses used by the StadiumCompany.

What address private space block does the StadiumCompany use?

172.18.0.0 /16

What address blocks are used by the WAN links?

172.18.0.16/30

192.0.2.40 /30

Are there other devices or connections that need to be excluded from use?

What types?

servers

What address block?

172.17.0.0 /16

Step 3: Ensure that the private space addresses are consistent with policy

The company should have a network policy and method of allocating addresses. This is true even when using

private addresses. You should contact the FilmCompany network administrators to request a block of

addresses. In this case, ask your instructor if there is a preferred set of addresses to use.

Did your instructor assign a block of addresses?

If so, what block?

If your instructor does not assign addresses, you may choose any private space block that does not conflict.

What block of addresses are you using for this FilmCompany Branch?

192.168.0.0 /22

Task 3: Allocate Addresses for the Network

When assigning addresses to the different networks, start the assignments with the subnet that requires the largest address block and progress to the network that requires the smallest.

Step 1: Order the networks from largest to smallest

Using the information from Lab 6.2.1, list the networks in order of size, from the network that requires the

largest address block to the network that requires the smallest block.

Network/VLAN Name	Number of host addresses
Voice	254
support	126
production	126
Future	126
Null	126
administrative	62
Mobile	62
peripherals	62
Web_access	14
Default	14
management	14
Net_admin	14

Step 2: Assign address blocks to the networks

From the address block chosen in the previous task, begin calculating and assigning the address blocks to these networks. You should use contiguous blocks of addresses when making these assignments.

Network/VLAN Name	Number of host addresses	Network address
Voice	254	192.168.0.0 /24
support	126	192.168.1.0 /25
production	126	192.168.1.128 /25
Future	126	192.168.2.0 /25
Null	126	192.168.2.128 /25
administrative	62	192.168.3.0 /26
Mobile	62	192.168.3.64 /26
Peripherals	62	192.168.3.128 /26
web_access	14	192.168.3.192 /28
Default	14	192.168.3.208 /28
management	14	192.168.3.224 /28
net_admin	14	192.168.3.240 /28

Step 3: Complete the address planning table

Using the addresses you calculated in the previous step, complete this table from Lab 6.2.1. This plan will be used in future labs.

VLAN #	Network/VLAN Name	Number of host addresses	Network Address	Description
1	default	14	192.168.3.208 /28	Default VLAN for the Layer 2 devices
10	voice	254	192.168.0.0 /24	Voice VLAN to support Voice over IP
20	management	14	192.168.3.224 /28	Management hosts and secureperipherals (payroll printer)
30	administrative	62	192.168.3.0 /26	Administrative hosts
40	support	126	192.168.1.0 /25	Support hosts
50	production	126	192.168.1.128 /25	High performance productionworkstations (stationary)
60	mobile	62	192.168.3.64 /26	Mobile production hosts.
70	net_admin	14	192.168.3.240 /28	Network support
80	servers	65534	172.17.0.0 /16	Servers to support video services and storage.
90	peripherals	62	192.168.3.128 /26	Peripherals for general use (printers, scanners)
100	web_access	14	192.168.3.192 /28	VLAN for server that are publiclyaccessible
120	future	126	192.168.2.0 /25	VLAN for future services
999	null	126	192.168.2.128 /25	VLAN for terminating unwanted orsuspicious traffic
NA	NAT_pool	6	209.165.200.224/29	Addresses for NAT pool for BR4 or interface to ISP4
NA	DSL_Link	2	192.0.2.40 /30	DSL link to the ISP
NA	Frame_link	2	172.18.0.16/30	Address of the FR link to the stadium

Reflection / Challenge

This lab specifically used private IPv4 addresses. Discuss the issues to be considered if it was decided to use public IP addresses throughout the network. Are there any situations that would require this?

Alamat IP versi 4 (sering disebut dengan Alamat IPv4) adalah sebuah jenis pengalamatan jaringan yang digunakan di dalam protokol jaringan TCP/IP yang menggunakan protokol IP versi 4. Panjang totalnya adalah 32-bit, dan secara teoritis dapat mengalamati hingga 4 miliar host komputer atau lebih tepatnya 4.294.967.296 host di seluruh dunia, jumlah host tersebut didapatkan dari 256 (didapatkan dari 8 bit) dipangkat 4(karena terdapat 4 oktet) sehingga nilai maksimal dari alamt IP versi 4 tersebut adalah 255.255.255.255 dimana nilai dihitung dari nol sehingga nilai nilai host yang dapat ditampung adalah 256x256x256x256=4.294.967.296 host. Alamat publik adalah alamat-alamat yang telah ditetapkan oleh InterNIC dan berisi beberapa buah network identifier yang telah dijamin unik (artinya, tidak ada dua host yang menggunakan alamat yang sama) jika intranet tersebut telah terhubung ke Internet. Ketika beberapa alamat publik telah ditetapkan, maka beberapa rute dapat diprogram ke dalam sebuah router sehingga lalu lintas data yang menuju alamat publik tersebut dapat mencapai lokasinya.

Lab 6.2.5 Creating an Address Allocation Spreadsheet

Step 1: Record the network address block

In the first column, record the address block used for the entire FilmCompany network chosen in the previous lab.

Step 2: Define the 254-host networks

Based on the requirements for the FilmCompany network, the address block is divided into twelve separate networks using four different masks.

In the second column of the table above, record the network blocks that will support 254 hosts per

network. In the last column, record the names of the networks that need to be assigned to these blocks.

The CIDR notation mask for the 254-host network is /24. What is the dotted decimal equivalent mask?

255.255.255.0

Step 3: Define the 126-host networks

In the third column of the table above, choose the first unused 254 host address block to subdivide

into 126-host networks. In the last column, record the names of the networks assigned to these 126-host blocks.

The CIDR notation mask for the 126-host network is /25. What is the dotted decimal equivalent mask?

255.255.255.128

Step 4: Define the 62-host networks

In the fourth column of the table above, choose the first unused 126-host address block to subdivide

into 62-host networks.

In the last column, record the names of the networks assigned to these 62-host blocks.

The CIDR notation mask for the 62-host network is /26. What is the dotted decimal equivalent mask?

255.255.255.192

Step 5: Define the 14-host networks

In the fifth column of the table above, choose the first unused 62-host address block to subdivide into

14-host networks. In the last column, record the names of the networks assigned to these 14-host blocks.

The CIDR notation mask for the 14-host network is /28. What is the dotted decimal equivalent mask?

255.255.255.240

Task 2: Define the Host Address Assignments

For each network, determine and document the host addresses and broadcast addresses. Use the table

below to document these networks and host information.

Step 1: Record the network names and addresses in the addressing table

In the table below, record the network names for the FilmCompany in the first column and the corresponding network address in the second column.

Step 2: Calculate the lowest host address in the addressing table

The lowest address for a network is one greater than the address of the network. Therefore, to calculate the lowest host address, add a 1 to the network address. For each of these networks, calculate and record the lowest host address in the second column of the table.

Step 3: Calculate the broadcast address in the addressing table

The broadcast address uses the highest address in the network range. This is the address in which the bits in the host portion are all 1s. To calculate the broadcast for each of the networks listed, convert the last octet of the network address into binary. Then fill the remaining host bits with 1s. Finally, convert the binary back to decimal. For each of these networks, calculate and record the broadcast address in the last column.

Step 4: Calculate the highest host address in the addressing table

The highest address for each address is the network address is one less than the broadcast address for that network. Therefore, to calculate the highest host address, subtract a 1 from the broadcast address. For each of these networks, calculate and record the highest host address in the second column.

Network Names	Network Address	Lowest HostAddress	Highest HostAddress	Broadcast Address
voice	192.168.0.0 /24	192.168.0.1	192.168.1.254	192.168.1.255
support	192.168.1.0 /25	192.168.1.1	192.168.1.126	192.168.1.127
production	192.168.1.128 /25	192.168.1.129	192.168.1.254	192.168.1.255
future	192.168.2.0 /25	192.168.2.1	192.168.2.126	192.168.2.127
null	192.168.2.128 /25	192.168.2.129	192.168.2.254	192.168.2.255
administrative	192.168.3.0 /26	192.168.3.1	192.168.3.62	192.168.3.63
mobile	192.168.3.64 /26	192.168.3.65	192.168.3.126	192.168.3.127
peripherals	192.168.3.128 /26	192.168.3.129	192.168.3.190	192.168.3.191
Web_access	192.168.3.192 /28	192.168.3.193	192.168.3.206	192.168.3.207
default	192.168.3.208 /28	192.168.3.209	192.168.3.222	192.168.3.223
management	192.168.3.224 /28	192.168.3.225	192.168.3.238	192.168.3.239
net_admin	192.168.3.240 /28	192.168.3.241	192.168.3.254	192.168.3.255

Task 3: Examine Address Blocks for Overlapping Addresses

One of the major issues of planning network addresses is overlapping addresses. This is especially true when using VLSM addressing. Examine the table in the previous step to ensure that each network has a unique address range.

Are there any overlapping addresses in the networks?Tidak

If there are any overlapping addresses, recalculate the addressing plan for the FilmCompany network.

Lab 6.2.6 Diagramming the Network

Step 1: Identify the appropriate VLAN

In the previous labs, you identified VLANs and subnets to be used in the FilmCompany network expansion. For each device listed in the table in the final section of this lab, assign each host the appropriate VLAN based on its description. Record these VLAN assignments in the third column of the table in Step 5.

Step 2: Assign addresses to the devices

In the previous lab, an address range was established for each subnet and VLAN. Using these established ranges and the VLAN assignments to the devices in the previous step, assign a host address to each of the selected hosts. Record this information in the last column of the table in Step 5 of this lab.

Step 3: Define the codes for device naming

From the device information, develop and apply a naming convention for the hosts.

A good naming scheme follows these guidelines:

• Keep the names as short as possible; using fewer than twelve characters is recommended.
• Indicate the device type, purpose, and location with codes, rather than words or abbreviations.
• Maintain a consistent scheme. Consistent naming makes it easier to sort and report on the devices,

and to set up management systems.

• Document the names in the IT department files and on the network topology diagrams.
• Avoid names that make it easy to find protected resources.

For each naming criteria, assign a code for type. You will use these codes in different combinations to create device names. In the tables below, create codes for the elements of the device names. Use as many or as few codes as needed.

Device Type	Type code	Device Purpose	Purpose code	Device Location	Location code
Laptop	LT	Management	MGMT	Stadium	STAD
Desktop PC	PC	Production	PROD	1st Floor	1FLR
Workstation	WS	Netadmin	NETA	3rd Floor	3FLR
Printer	PT			ServerRoom	SVRM
Scanner	SC
Server	SV

Step 4: Establish the naming convention

In the spaces below, indicate the order and the number of letters to be used in the device naming. Again, use as many or as few letters as necessary. List the criteria in the blanks and draw a line to indicate the number of letters used. You may also choose to use hyphens (-) or underscores (_) to separate fields.

Step 5: Apply a naming convention

For each of the twelve devices shown in this table, apply the naming convention. Then add these device

names in the appropriate boxes in the topology at the beginning of the lab.

Number	Device Name	VLAN	Description	IP Address
1		servers	Server for capturing raw video feeds from stadium
2		servers	Server for storing finished (postproduction) video
3		web_access	Public web server for on demand video access
4		management	Branch manager’s computer
5		production	Live event production worker (switched)
6		support	Human resource clerk
7		support	Payroll Manager
8		mobile	Live event mobile worker (audio producer)
9		mobile	Live event mobile worker (camera coordinator)
10		support	Receptionist’s computer
11		management	Financial Manager’s computer
12		net_admin	Information Technology manager’s computer

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Labskill Chapter 5

CCNA 4 Chapter 5 Oleh Irma Permata Sari

Lab 5.1.1.4 Applying Design Constraints

Step 1: Identify possible project constraints

a. Use word processing software to create a new Project Constraints document.

b. The identified constraints that set limits or boundaries on the network upgrade project should be

entered into the Gathered Data field of the constraints document. Brainstorm ideas with other

students to identify additional constraints.

Classify each constraint as one of the following four types:

• Budget
• Policy
• Schedule
• Personnel

Step 2: Tabulate comments based on the identified constraints

a. Using the list of constraints discovered from the FilmCompany case study, apply appropriate

comments on how the constraints affect the design.

b. Enter the comments into a table

FILM	COMPANY	CONSTRAINTS
CONSTRAINT	GATHERED DATA	COMMENTS
	to IT personnel • Training needed for new hires on company security policy	of a failure.
Schedule	• Project must be completed within 4 months of project start. • Maintenance windows are between 2am and 6am Monday through Friday.	• Less than 4 months to get the project completed.
Personnel	• Looking to hire 6 temporary and parttime production staff and at least 1 IT technician. • Training on new equipment for IT personnel is needed.	• Will new personnel affect security policy? • Do the new personnel need training on the equipment? • Do existing personnel need training?

c. Save your Project Constraints checklist.

Step 3: Identify trade-offs

a. Use word processing software to create an addition to the Project Constraints document.

b. The identified constraints that set limits or boundaries on the network upgrade project will require

potential trade-offs. Discuss ideas with other students regarding trade-offs for proposed designs.

Mungkin tidak mendapatkan peralatan baru karena keterbatasan anggaran, sehingga peralatan yang ada mungkin perlu upgrade. Layanan ISP mungkin tidak optimal untuk jenis lalu lintas yang dihasilkan, sehingga sebuah ISP baru mungkin diperlukan. Anggaran tidak dapat mendukung penggantian infrastruktur yang ada; alternatif perlu dikembangkan untuk ekspansi masa depan.

c. Record the trade-offs in your Project Constraints checklist.

d. Save your Project Constraints checklist.

Step 4: Reflection

The constraints imposed on this network design project are determined by the internal requirements of the FilmCompany. Consider and discuss the identified constraints and potential trade-offs. Do the trade-offs pose a significant obstacle to the design? Are there alternate methods that can be employed to achieve the success criteria without a significant budget?

• Kurang dari empat bulan untuk menyelesaikan proyek akan membutuhkan alokasi personel lebih banyak.
• Pelatihan personil mungkin perlu dilakukan secara bertahap.
• Tidak tersedianya peralatan atau kabel dari spesifikasi teknis yang diperlukan
• Kurangnya akomodasi ke rumah usaha yang diperluas dan infrastruktur jaringannya sejak proyek dapat mengkonsolidasikan ke dalam satu lokasi.
• keterbatasan ISP mungkin memerlukan perubahan dalam desain. Haruskah ISP lain digunakan?

Lab 5.1.2.4 Identifying Design Strategies for Scalability

Step 1: Identify the areas that will be used for designing a strategy that facilitates scalability

a. Use word processing software to create a new document called “Design Strategies.”

b. Use the identified constraints that set limits or boundaries on the network upgrade project and the

potential trade-offs to assist in the discussion with other students.

The strategy should cover the following areas:

• Access Layer modules that can be added
• Expandable, modular equipment or clustered devices that can be easily upgraded
• Choosing routers or multilayer switches to limit broadcasts and filter traffic
• Planned redundancy
• An IP address strategy that is hierarchal and that supports summarization
• Identification of VLANs needed

Step 2: Create an Access Layer module design

Using the list developed from the group discussion, create an Access Layer module (design only).

a. Create your design using the existing equipment.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

Several servers

1 x Linksys WRT300N Wireless Router (FC-AP)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support

new features and devices without requiring major equipment upgrades.

c. Save your Design Strategies documentation.

Step 3: Select Distribution Layer devices

a. Use word processing software to create an addition to the Design Strategies document.

b. Use the identified Access Layer module diagram to create the Distribution Layer design. Equipment

selected must include existing equipment. Use Layer 3 devices at the Distribution Layer to filter and

reduce traffic to the network core.

c. With a modular Layer 3 Distribution Layer design, new Access Layer modules can be connected

without requiring major reconfiguration. Using your documentation, identify what modules can be

added to increase bandwidth.

d. Save your Design Strategies document.

Step 4: Reflection

The constraints and trade-offs identified for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

• Mengembangkan skema pengalamatan IP menggunakan jaringan 10.xxx benar-benar menantang.
• Memisahkan VLAN
• Rancangan ACL unik mengingat penyaringan tidak diidentifikasi oleh klien.

Lab 5.1.3.5 Identifying Availability Strategies

Step 1: Identify the areas that will be used for designing a strategy that facilitates availability

a. Use word processing software to create a new document called “Availability Strategies.”

b. Use the identified constraints that set limits or boundaries on the network upgrade project and the

potential trade-offs to assist in brainstorming ideas with other students.

The strategy should cover the following areas:

Availability strategies for switches:

• Redundant power supplies and modules
• Hot-swappable cards and controllers
• Redundant links
• UPS and generator power

Availability strategies for routers:

• Redundant power supplies, UPS, and generator power
• Redundant devices
• Redundant links
• Out-of-band management
• Fast converging routing protocols

Availability strategies for Internet/Enterprise Edge:

• Dual ISP providers or dual connectivity to a single provider
• Co-located servers
• Secondary DNS servers

Step 2: Create availability strategies for switches

a. Using the list developed from the brainstorming session, create a list of equipment that will be

incorporated into the availability strategy.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

Several servers

1 x Linksys WRT300N Wireless Router (FC-AP)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules and redundant power supplies that will increase

availability for the switches.

c. Identify potential hot swappable cards and controllers that can be used. Create a list that identifies

each with cost and features.

d. Develop a diagram that shows potential redundant links that can be incorporated into the network

design.

e. Identify at least two possible UPS devices that can be incorporated into the design. Create a list that

identifies the cost and features of each.

f. Save your Availability Strategies document.

Step 3: Create availability strategies for routers

a. Use word processing software to create an addition to the Availability Strategies document.

b. Using the list of equipment, identify redundant power supplies that will increase availability for the

switches.

c. Identify potential redundant devices and links that can be used. Create a list that identifies each with

cost and features.

d. Create a diagram that displays the redundant connections.

e. Develop a list of potential routing protocols that will facilitate fast convergence times.

f. Save your Availability Strategies document.

Step 4: Create availability strategies for Internet/Enterprise Edge

a. Use word processing software to create an addition to the Availability Strategies document.

b. Identify options available that would allow for dual ISP or dual connectivity to a single provider.

c. Create a design that will co-locate the servers to allow for redundancy and ease of maintenance.

d. Save your Availability Strategies document.

Step 5: Reflection

The creation of availability strategies poses many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

• Berbagai modul dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai perangkat UPS dapat dibeli dengan berbagai fitur dan biaya.
• Beberapa protokol routing dapat dipilih, tetapi mana yang paling sesuai desain?

Lab 5.1.5.2 Identifying Security Requirements

Step 1: Identify potential security weaknesses within the FilmCompany topology

a. Use word processing software to create a new document called “Security Strategies.”

b. Using the documents created in previous labs and the existing topology; identify potential

weaknesses in the existing design. (No firewalls, no VPNs)

c. Create a list of recommended security practices that should be employed in the FilmCompany

network.

d. Save your Security Strategies document.

Step 2: Create a security practices list

a. Using the list developed from the brainstorming session, create a finalized list of recommended

security practices for the FilmCompany.

Recommended security practices include:

• Use firewalls to separate all levels of the secured corporate network from other unsecured

networks, such as the Internet. Configure firewalls to monitor and control the traffic, based on

a written security policy.

• Create secured communications by using VPNs to encrypt information before it is sent

through third-party or unprotected networks.

• Prevent network intrusions and attacks by deploying intrusion prevention systems. These

systems scan the network for harmful or malicious behavior and alert network managers.

• Control Internet threats by employing defenses to protect content and users from viruses,

spyware, and spam.

• Manage endpoint security to protect the network by verifying the identity of each user before

granting access.

• Ensure that physical security measures are in place to prevent unauthorized access to

network devices and facilities.

• Secure wireless Access Points and deploy wireless management solutions.

b. Identify what devices and software will need to be purchased to facilitate the recommended security

practices. (Hardware firewalls, intrusion detection systems etc.)

c. Save your Security Strategies document.

Step 3: Create a security strategy

a. Use word processing software to create an addition to the Security Strategies document.

b. Using the list of identified equipment, develop a chart of costs and features of the recommended

devices.

c. Using the list of identified software needed, develop a chart of costs and features of the

recommended software.

d. Save your Security Strategies document.

Step 4: Create a security design

a. Use word processing software to create an addition to the Securities Strategies document.

b. Identify which types of access to the network should be secured by incorporating VPNs.

c. Identify methods for controlling physical security at the FilmCompany building and at the stadium.

d. Identify potential ACLs that can be created to filter unwanted traffic from entering the network.

(Standard ACLS or Extended need to be identified.)

e. Identify methods for securing the wireless Access Points. Determine the best method for the

FilmCompany network. (128 bit encryption etc.)

f. Save your Security Strategies document.

Step 5: Reflection

The creation of a security strategy creates many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified challenges. Do all of the proposed strategies accomplish the task the

same way?

Would one be less expensive or less time-consuming than the other?

How could implementing a physical security plan into an existing company be difficult?

• Berbagai perangkat keras dapat dibeli dengan berbagai fitur dan biaya.
• Berbagai software keamanan dapat dibeli dengan berbagai fitur dan biaya.
• karyawan yang ada mungkin tidak menerima perubahan kebijakan keamanan mereka, jadi siapa yang perlu memastikan bahwa rencana itu ditegakkan?
• ACL dapat menyaring lalu lintas, tapi apa dampaknya pada arus lalu lintas yang akan mereka miliki? Apakah ACL diterapkan pada Akses Layer atau Pembagian Layer atau keduanya?

Lab 5.2.3.3 Designing the Core Layer

Step 1: Identify Core Layer Requirements

a. Use word processing software to create a new document called “Core Layer Diagram.”

b. Use the identified topology and associated equipment to determine Core Layer design requirements.

Design requirements for the Core Layer network include:

High-speed connectivity to the Distribution Layer switches

24 x 7 availability

Routed interconnections between Core devices

High-speed redundant links between Core switches and between the Core and Distribution Layer

devices

c. Brainstorm with other students to identify areas that may have been missed in the initial requirements

document.

Step 2: Create an Access Layer module design

Using the list developed from the group discussion, create an Access Layer module (design only).

a. Create your design using the existing equipment.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support

new features, such as redundancy.

c. Save your Core Layer Diagram document.

Step 3: Select Core Layer devices

a. Use word processing software to create an addition to the Core Layer Diagram document.

b. The identified Core Layer module diagram will be used to adjust the Distribution Layer design.

Equipment selected must include existing equipment. Use Layer 3 devices at the Core Layer in a

redundant configuration.

c. Save your Core Layer Diagram document.

Step 4: Design Redundancy

a. Use word processing software to create an addition to the Core Layer Diagram document.

b. Design a redundancy plan that combines multiple Layer 3 links to increase available bandwidth.

c. Create a design that incorporates redundancy

d. Save your Core Layer Diagram document.

Step 5: Reflection / Challenge

The design strategies for the FilmCompany pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat yang dapat digunakan sebagai pengganti Layer 3 switch? Dapatkah perangkat tersebut memberikan kinerja yang sama?
• Apa kelemahan potensial untuk diagram yang diusulkan?

Lab 5.2.4.2 Creating a Diagram of the FilmCompany LAN

Step 1: Identify LAN Requirements

a. Use word processing software to create a new document called “LAN Diagram.”

b. Use the identified topology and associated equipment to determine LAN design requirements.

Design requirements for the LAN include:

High-speed connectivity to the Access Layer switches 24 x 7 availability

High-speed redundant links between switches on the LAN and the Access Layer devices

Identifying available hardware for the LAN

The current network has two VLANs.

1. General VLAN consisting of:

12 Office PCs

2 Printers

This VLAN serves the general office and managers, including reception, accounts and administration.

Addressing:

Network 10.0.0.0/24

Gateway 10.0.0.1

Hosts (dynamic) 10.0.0.200 – 10.0.0.254

Hosts (static) 10.0.0.10 – 10.0.0.20

2. Production VLAN consisting of:

9 High Performance Workstations

5 Office PCs

2 Printers

c. Brainstorm with other students to identify areas that may have been missed in the initial requirements

document.

Step 2: Determine equipment features

Using the list developed from the brainstorming session create a LAN based on technical requirements

(design only).

a. Create your design using the existing equipment.

The FilmCompany network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify modules that can be added to the existing equipment to support

new features, such as redundancy.

c. Save your LAN Diagram document.

Step 3: Select LAN devices

a. Use word processing software to create an addition to the LAN Diagram document.

b. The identified LAN diagram will be used to adjust the Access Layer design. Equipment selected must

include existing equipment.

c. Save your LAN Diagram document.

Step 4: Design Redundancy

a. Use word processing software to create an addition to the LAN Diagram document.

b. Design a redundancy plan that combines multiple Layer 2 links to increase available bandwidth.

c. Create a design that incorporates redundancy.

d. Save your LAN Diagram document.

Step 5: Reflection / Challenge

The design strategies for the FilmCompany LAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Would the chosen LAN design allow for future growth and the addition of the WLAN?

• Apa kelemahan potensial untuk diagram yang diusulkan?

Lab 5.4.2.2 Selecting Access Points

Step 1: Identify WLAN requirements

a. Use word processing software to create a new document called “WLAN Diagram.”

b. Use the identified topology and associated equipment to determine WLAN design requirements.

Design requirements for the WLAN include:

• Scalability
• Availability
• Security
• Manageability

c. Brainstorm with other students to identify areas that may have been missed in the initial requirements

document.

Step 2: Determine equipment features

Using the list developed from the brainstorming session create a WLAN based on technical requirements

(design only).

a. Begin by creating your design using the existing equipment.

Network equipment includes:

2 x 1841 Routers (FC-CPE-1, FC-CPE-2)

3 x 2960 Switches (FC-ASW-1, FC-ASW-2, ProductionSW)

1 x Network and Business Server

1 x Linksys WRT300N Wireless Router (FC-AP)

1 x ADSL Modem for Internet Access

b. Using the list of equipment, identify the model of wireless router. Identify the features and range of the

device. Identify whether there are upgrades that can be made to extend the range, security, and existing features.

c. Create a list of features and potential upgrades and compare them to other models of wireless router.

Determine the device that can easily meet the technical requirements of the WLAN. (Standalone

Access Points for ease of installation or wireless controllers for security and management)

d. With the previous list estimate the range of coverage available with the existing wireless router.

Determine if the wireless router can provide thorough coverage of the work area. Determine if standalone access points or wireless controllers are needed for the design.

e. Save your WLAN Diagram document.

Step 3: Select WLAN devices

a. Use word processing software to create an addition to the WLAN Diagram document.

b. The identified WLAN diagram will be used to determine the type of wireless device that will be

included into the proposed network.

c. Ensure that the chosen wireless equipment meets the following requirements:

Design requirements for the WLAN include:

• Scalability
• Availability
• Security
• Manageability

d. Save your WLAN Diagram document.

Step 4: Design the WLAN

a. Use word processing software to create an addition to the WLAN Diagram document.

b. Design a WLAN that provides scalability. Annotate on the WLAN Diagram document how the design

provides scalability.

(Scalability – New lightweight Access Points can be added easily and managed centrally)

c. Design a WLAN that provides availability. Annotate on the WLAN Diagram document how the design

provides availability.

(Availability – Access Points can automatically increase their signal strength if one Access Point fails)

d. Design a WLAN that provides security. Annotate on the WLAN Diagram document how the design

provides security.

(Security – Enterprise-wide security policies apply to all layers of a wireless network, from the radio

layer through the MAC Layer and into the Network Layer. This solution makes it easier to provide

uniformly enforced security, QoS, and user policies. These policies address the specific capabilities of

different classes of devices, such as handheld scanners, PDAs, and notebook computers.

Security policies also provide discovery and mitigation of DoS attacks, and detection and denial of

rogue Access Points. These functions occur across an entire managed WLAN.)

e. Design a WLAN that provides manageability. Annotate on the WLAN Diagram document how the

design provides manageability.

(Manageability – The solution provides dynamic, system-wide radio frequency (RF) management,

including features that aid smooth wireless operations, such as dynamic channel assignment,

transmit power control, and load balancing. The single graphical interface for enterprise-wide policies

includes VLANs, security, and QoS.)

f. Save your WLAN Diagram document.

Step 5: Reflection / Challenge

The design strategies for the FilmCompany WLAN pose many challenges for the designer. What were a few of the more difficult challenges you encountered?

Consider and discuss the identified strategies. Do all of the strategies designed or hardware identified

accomplish the task the same way?

Would one be less expensive or less time-consuming than the other?

Would the current topology allow for future growth and the addition of the WLAN?

• Apakah keterbatasan throughput WLAN?
• Apakah peralatan yang ada mampu menangani lalu lintas jaringan yang diusulkan? Jika demikian, bagaimana? Jika tidak, mengapa?
• Apa perangkat dapat digunakan sebagai pengganti akses poin mandiri?

• Apa kelemahan potensial untuk diagram yang diusulkan?

Lab 5.5.3 Developing ACLs to Implement Firewall Rule Set

Step 1: Cable and connect the network as shown in the topology diagram

NOTE: If the PCs used in this lab are also connected to your Academy LAN or to the Internet, ensure that you record the cable connections and TCP/IP settings so that these can be restored at the conclusion of the lab.

a. Connect and configure the devices in accordance with the given topology and configuration.

Routing will have to be configured across the serial links to establish data communications.

b. Configure Telnet access on each router.

c. Ping between Host1, Host2, and Production Server to confirm network connectivity.

Troubleshoot and establish connectivity if the pings or Telnet fail.

Step 2: Perform basic router configurations

a. Configure the network devices according to the following guidelines:

• Configure the hostnames on each device.
• Configure an EXEC mode password of class.
• Configure a password of cisco for console connections.
• Configure a password of cisco for vty connections.
• Configure IP addresses on all devices.
• Enable EIGRP on all routers and configure each to advertise all of the connected networks.
• Verify full IP connectivity using the ping command.

b. Confirm Application Layer connectivity by telneting to all routers.

Step 3: Create firewall rule set and access list statements

Using the security policy information for the FilmCompany remote access, create the firewall rules that must be implemented to enforce the policy. After the firewall rule is documented, create the access list statement that will implement the firewall rule. There may be more than one statement necessary to implement a rule.

Security Policy 1: Remote users must be able to access the Production Server to view their schedules

over the web and to enter new orders.

Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP

port 80.

Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80

Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be

placed close as possible to the source of the traffic). For each of the following security policies:

a. Create a firewall rule.

b. Create an access list statement.

c. Determine the access list placement to implement the firewall rule.

Security Policy 2: Remote users must be able to FTP files to and from the Production Server.

Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP

ports 20 and 21.

Access List statement(s): permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range

20 21 or two separate access-list statements, each permitting one of the ports.

Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be

placed close as possible to the source of the traffic)

Security Policy 3: Remote users can use the Production Server to send and retrieve email using IMAP

and SMTP protocols.

Firewall Rule: Permit users on the 10.1.1.0/24 access to the Production Server (172.17.1.1) on TCP

ports 143 and 25

Access List statement(s):

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143

Access List placement: Inbound on router SR1 Fa0/1 (remember that extended ACLs should be

placed close as possible to the source of the traffic)

Security Policy 4: Remote users must not be able to access any other services available on the

Production Server.

Firewall Rule: Deny all other IP protocols between users on the 10.1.1.0/24 network to the

Production Server (172.17.1.1)

Access List statement(s): deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1.

Access List placement: Inbound on router SR1 Fa0/1

Security Policy 5: No traffic is permitted from individual workstations at the main office to remote worker

workstations. Any files that need to be transferred between the two sites must be stored on the

Production Server and retrieved via FTP.

Firewall Rule: Deny all IP protocols from users on the 10.3.1.0/24 to the 10.1.1.0/24 network.

Access List statement(s): deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255

Access List placement: Inbound on router BR4 Fa0/1

Security Policy 6: No traffic is permitted from workstations at the remote site to workstations at the main

site.

Firewall Rule: Deny all IP protocols from users on the 10.1.1.0/24 to the 10.3.1.0/24 network.

Access List statement(s): deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255

Access List placement: Inbound on router SR1 Fa0/1

Security Policy 7: No Telnet traffic is permitted from the remote site workstations to any devices,

except their local switch.

Firewall Rule: Deny all TCP traffic from users on the 10.1.1.0/24 network on port 23.

Access List statement(s): deny tcp 10.1.1.0 0.0.0.255 any eq 23

Access List placement: Inbound on router SR1 Fa0/1

Step 4: Create Extended ACLs

a. Review the access list placement information that you created to implement each of the

FilmCompany security policies. List all of the different access list placements that you noted above.

Inbound on router SR1 Fa0/1

Inbound on router BR4 Fa0/1

Based on the placement information, how many access lists do you have to create?

On Router SR1

On Router Edge2

On Router BR4

b. Based on the access list statements you developed in Task 3, create each access list that is needed

to implement the security policies. When creating access lists, remember the following principles:

• Only one access list can be applied per protocol, per direction on each interface.
• Access list statements are processed in order.
• Once an access list is created and applied on an interface, all traffic that does not match any access

list statement will be dropped.

c. Use a text file to create the access lists, or write them here. Evaluate each access list statement to

ensure that it will filter traffic as intended.

Access list to be placed on SR1 Fa0/1 inbound:

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 80

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 range 20 21

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 25

permit tcp 10.1.1.0 0.0.0.255 host 172.17.1.1 eq 143

deny ip 10.1.1.0 0.0.0.255 host 172.17.1.1

deny ip 10.1.1.0 0.0.0.255 10.3.1.0 0.0.0.255

deny tcp 10.1.1.0 0.0.0.255 any eq 23

permit ip any any

Access list to be placed on BR4 Fa0/1 inbound:

deny ip 10.3.1.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip any any

Why is the order of access list statements so important?

untuk mengurangi beban prosesor router dan menurunkan latency

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Labskill Chapter 4

Lab 4.1.2 Characterizing Network Applications

Step 1: Cable and configure the current network

a. Connect and configure the devices in accordance with the topology and configuration given.

For this lab, a PC workstation can substitute for a Discovery Server.

b. Ping between Host 1 and Discovery Server to confirm network connectivity.

Troubleshoot and establish connectivity if the pings fail.

Step 2: Configure NetFlow on the interfaces

NetFlow is configured to monitor data flows in or out of specific router interfaces. Ingress captures traffic that

is being received by the interface. Egress captures traffic that is being transmitted by the interface. In this lab,

the traffic will be monitored on both router interfaces and in both directions from within the console session.

a. From the global configuration mode, issue the following commands:

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow ?

Note the two options available:

egress Enable outbound NetFlow

ingress Enable inbound NetFlow

Which option captures traffic that is being received by the interface? ingress

Which option captures traffic that is being transmitted by the interface? egress

b. Complete the NetFlow configuration.

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#exit

FC-CPE-1(config)#end

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode, issue the show running-configuration command.

For each FastEthernet interface, what statement from the running-configuration denotes that NetFlow

is configured?

interface FastEthernet0/0:

ip flow ingress

ip flow egress

interface FastEthernet0/1:

ip flow ingress

ip flow egress

b. From the privileged EXEC mode, issue the command:

FC-CPE-1#show ip flow ?

Note the three options available:

export Display export

Statistics

interface Display flow

configuration on Interfaces

top-talkers Display top talkers

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

Step 4: Create network data traffic

a. The captured data flow can be examined using the show ip cache flow command issued from

the privileged EXEC mode.

FC-CPE-1#show ip cache flow

Issuing this command before any data traffic has flowed should produce output similar to the example

shown here.

IP packet size distribution (0 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 0 bytes

0 active, 0 inactive, 0 added

0 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec)

Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP

Pkts

b. List the seven highlighted column headings and consider what use this information may be in

characterizing the network.

Protocol

Total Flows

Flows per Second

Packets per Flow

Bytes per Packet

Packets per Second

Seconds of active flow

Seconds of no flow (idle)

c. To ensure that flow cache statistics are reset, from privileged EXEC mode issue the command:

FC-CPE-1# clear ip flow stats

d. Ping the Business Server from Host 1 to generate a data flow.

From the command line of Host 1, issue the command ping 172.17.1.1 -n 200

Step 5: View the data flows

a. At the conclusion of the data flow, the details of the flow can be viewed. From privileged EXEC mode,

issue the command:

FC-CPE-1#show ip cache flow

Output similar to that shown below will be displayed. Some values and details may be different in

your lab.

IP packet size distribution (464 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .900 .096 .000 .000 .000 .000 .002 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

5 active, 4091 inactive, 48 added

1168 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 17416 bytes

0 active, 1024 inactive, 0 added, 0 added to flow

0 alloc failures, 0 force free

1 chunk, 1 chunk added

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec)

Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow

/Flow

UDP-DNS 31 0.0 1 72 0.0 0.0

15.5

UDP-other 10 0.0 2 76 0.0 4.1

15.2

ICMP 2 0.0 200 60 0.3 198.9

15.3

Total: 43 0.0 10 61 0.3 10.2

15.5

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP

Pkts

< output omitted >

b. Examine your output and list details that indicate data flow.

Protocol

Total Flows

Flows per Second

Packets per Flow

Bytes per Packet

Packets per Second

Seconds of active flow

Seconds of no flow (idle)

Step 6: Stop the NetFlow capture

a. To deactivate NetFlow capture, issue the no ip flow command at the interface configuration

prompt.

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#no ip flow ingress

FC-CPE-1(config-if)#no ip flow egress

FC-CPE-1(config)#interface fastethernet 0/1

FC-CPE-1(config-if)#no ip flow ingress

FC-CPE-1(config-if)#no ip flow egress

b. To verify that NetFlow is deactivated, issue the show ip flow interface command from the

privileged EXEC mode.

FC-CPE-1#show ip flow interface

FC-CPE-1#

No output is displayed if NetFlow is off.

Step 7: Clean up

Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts

that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the

appropriate cabling and restore the TCP/IP settings.

Step 8: Reflection

Consider the possible range of data flow types across a network and how a tool like NetFlow could be

implemented to assist in analyzing those flows.

List of data flow categories and types: Client to Client, Client to Server, Server to Client, and Server to Server

Email, intranet web, database flows, document file flows

Number of separate flows of each type, size (bytes) of each flow, time each flow is on the network

Daftar kategori dan jenis aliran data: Client untuk Klien, Klien ke Server, Server untuk Client, dan Server ke Server
Email, web intranet, aliran database, file dokumen arus
Jumlah arus yang terpisah masing-masing jenis, ukuran (bytes) dari setiap aliran, waktu setiap aliran pada jaringan

Final Configurations

Router 1

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption!

hostname FC-CPE-1!

boot-start-marker

boot-end-marker!

enable password cisco!

no aaa new-model

ip cef!

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.0

ip flow ingress

ip flow egress

duplex auto

speed auto

interface FastEthernet0/1

ip address 172.17.0.1 255.255.0.0

ip flow ingress

ip flow egress

duplex auto

speed auto

interface Serial0/1/0

no ip address

shutdown

no fair-queue

clock rate 2000000

interface Serial0/1/1

no ip address

shutdown

clock rate 2000000

ip http server

no ip http secure-server

control-plane

line con 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

scheduler allocate 20000 1000

end

Lab 4.2.3 Analyzing Network Traffic

Task 1: Design Network Access to FTP and Email Services

Step 1: FTP network considerations

File transfer traffic can put high-volume traffic onto the network. This traffic can have a greater effect on

throughput than interactive end-to-end connections. Although file transfers are throughput-intensive, they

typically have low response-time requirements. As part of the initial characterization of the network, it is important to identify the level of FTP traffic that will be generated. From this information, the network designers can decide on throughput and redundancy requirements.

a. List possible file transfer applications that would generate traffic on the FilmCompany network.

Document sharing

Video production file transfer

b. List these applications by priority based on response time.

1. Video production file transfer

2. Document sharing

c. List these applications by priority based on bandwidth requirements.

1. Video production file transfer

2. Document sharing

Step 2: Email network considerations

Although customers expect immediate access to their emails, they usually do not expect emails to have

network priority over files that they are sharing or updating. Emails are expected to be delivered reliably and accurately. Generally, emails are not throughput-intensive, except when there are enterprise-wide mail-outs or there is a denial of service attack.

List some email policies that could control the volume of email data and the bandwidth used.

Membatasi ukuran lampiran email

Membatasi nomor penerima pesan email

Memastikan spam terfilter sebelum menjangkau LAN

Step 3: Configure and connect the host PCs

a. Set the IP addresses for PC1 and PC2 as shown in the configuration table.

b. Establish a terminal session to router R1 from one of the PCs, and configure the interfaces and

hostname as shown in the configuration table.

Task 2: Configure NBAR to Examine Network Traffic

Step 1: Enable NBAR Protocol Discovery

NBAR can determine which protocols and applications are currently running on a network. NBAR includes the

Protocol Discovery feature, which identifies the application protocols operating on an interface so that

appropriate QoS policies can be developed and applied. To enable Protocol Discovery to monitor selected

protocols on a router interface, issue the following commands from the global configuration mode:

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip nbar protocol-discovery

Step 2: Confirm that Protocol Discovery is configured

From the privileged EXEC mode, issue the show running-config command and confirm that the following

output appears under interface FastEthernet 0/0:

interface FastEthernet0/0

ip address 10.0.0.1 255.255.255.0

ip nbar protocol-discovery

If protocol-discovery is not confirmed, reissue the configuration commands for interface FastEthernet

0/0.

Task 3: Generate and Identify Network Traffic

Step 1: Generate FTP traffic

The Mozilla Thunderbird email client program will be downloaded from Discovery Server as an example of FTP.

a. On PC1, launch a web browser and enter the URL ftp://server.discovery.ccna,

Alternatively, from the command line, enter ftp server.discovery.ccna. If DNS is not

configured the IP address 172.17.1.1 must be used instead of the domain name.

b. Locate the file thunderbird_setup.exe in the pub directory, download the file, and save it on PC1.

Repeat this step for PC2.

Step 2: Generate Email traffic

If the Thunderbird email client has been installed and email accounts set up on both PC1 and PC2, proceed

to Step 2d. Otherwise, install and set up the email client on PC1 and PC2 as described in Steps 2a through 2c.

a. Install the Thunderbird email client on PC1 and PC2 by double-clicking the downloaded

thunderbird_setup.exe file and accepting the default settings.

b. When the installation has completed, launch the program.

c. Configure email account settings as shown in this table.

1) On the Tools menu, click Account Settings

Complete the required Thunderbird Account Settings.

In the left pane of the Account Settings screen, click Server Settings and complete the

necessary details.

4) In the left pane, click Outgoing Server (SMTP) and complete the proper configuration for the

Outgoing Server (SMTP).

d. Send and receive two emails between accounts on each PC.

Step 3: Display the NBAR results

With Protocol Discovery enabled, any protocol traffic supported by NBAR, as well as the statistics associated

with that protocol, can be discovered.

a. To display the traffic identified by NBAR, issue the show ip nbar protocol-discovery

command from the privileged EXEC mode.

FC-CPE-1#show ip nbar protocol-discovery

b. List each protocol identified and the Input and Output information.

Output:

ftp 18 16

1295 1288

0 0

c. Although the data traffic in this lab may not be sufficient to generate values for the 5min Bit rate

(bps) and 5min Max Bit Rate (bps) fields, consider and discuss how these values would be applied

to designing an FTP and email network.

Dapat membantu menentukan rata-rata dan puncak kebutuhan bandwidth jaringan.

Step 4: Use NBAR to monitor other data traffic

NBAR can identify and monitor a range of network application traffic protocols.

From the privileged EXEC mode of the router, issue the command show ip nbar port-map and note the output displayed.

FC-CPE-1#show ip nbar port-map

List some protocols that you consider should be monitored and policies applied to.

Output

port-map bgp udp 179

port-map bgp tcp 179

port-map bittorrent tcp 6881 6882 6883 6884 6885 6886

6887 6888 6889

port-map citrix udp 1604

port-map citrix tcp 1494

port-map cuseeme udp 7648 7649 24032

port-map cuseeme tcp 7648 7649

port-map dhcp udp 67 68

port-map directconnect tcp 411 412 413

port-map dns udp 53

port-map dns tcp 53

port-map edonkey tcp 4662

port-map exchange tcp 135

port-map fasttrack tcp 1214

port-map finger tcp 79

port-map ftp tcp 21

port-map gnutella udp 6346 6347 6348

port-map gnutella tcp 6346 6347 6348 6349 6355 5634

port-map gopher udp 70

port-map gopher tcp 70

port-map h323 udp 1300 1718 1719 1720 11720

port-map h323 tcp 1300 1718 1719 1720 11000 – 11999

port-map http tcp 80

port-map imap udp 143 220

port-map imap tcp 143 220

port-map irc udp 194

port-map irc tcp 194

port-map kerberos udp 88 749

port-map kerberos tcp 88 749

port-map l2tp udp 1701

port-map ldap udp 389

port-map ldap tcp 389

port-map mgcp udp 2427 2727

port-map mgcp tcp 2427 2428 2727

port-map netbios udp 137 138

port-map netbios tcp 137 139

port-map netshow tcp 1755

port-map nfs udp 2049

port-map nfs tcp 2049

port-map nntp udp 119

port-map nntp tcp 119

port-map notes udp 1352

port-map notes tcp 1352

port-map novadigm udp 3460 3461 3462 3463 3464 3465

port-map novadigm tcp 3460 3461 3462 3463 3464 3465

port-map ntp udp 123

port-map ntp tcp 123

port-map pcanywhere udp 22 5632

port-map pcanywhere tcp 65301 5631

port-map pop3 udp 110

port-map pop3 tcp 110

port-map pptp tcp 1723

port-map printer udp 515

port-map printer tcp 515

port-map rcmd tcp 512 513 514

port-map rip udp 520

port-map rsvp udp 1698 1699

port-map rtsp tcp 554

port-map secure-ftp tcp 990

port-map secure-http tcp 443

port-map secure-imap udp 585 993

port-map secure-imap tcp 585 993

port-map secure-irc udp 994

port-map secure-irc tcp 994

port-map secure-ldap udp 636

port-map secure-ldap tcp 636

port-map secure-nntp udp 563

port-map secure-nntp tcp 563

port-map secure-pop3 udp 995

port-map secure-pop3 tcp 995

port-map secure-telnet tcp 992

port-map sip udp 5060

port-map sip tcp 5060

port-map skinny tcp 2000 2001 2002

port-map smtp tcp 25

port-map snmp udp 161 162

port-map snmp tcp 161 162

port-map socks tcp 1080

port-map sqlnet tcp 1521

port-map sqlserver tcp 1433

port-map ssh tcp 22

port-map streamwork udp 1558

port-map sunrpc udp 111

port-map sunrpc tcp 111

port-map syslog udp 514

port-map telnet tcp 23

port-map tftp udp 69

port-map vdolive tcp 7000

port-map winmx tcp 6699

port-map xwindows tcp 6000 6001 6002 6003

Step 5: Clean up

Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings

Challenge

This lab considered only the volume of FTP and email data traffic and its impact on network design. Reliable

access to servers is also important. In the space below, sketch a revised topology for this lab that would

provide redundancy for these services.

Lab 4.3.3 Prioritizing Traffic

Step 1: Gather the data traffic information

a. Read through the StadiumCompany case study curriculum.

List the current types of data traffic carried by the StadiumCompany network as well as the types

planned for the future.

b. Refer to the topology diagram and the stadium network diagram information

List the possible data sources and destinations on the StadiumCompany network. For example, there

is likely to be data communications between the stadium management and the vendor management,

but not between Team A and Team B.

Step 2: Prioritize the data traffic

List the source, destination, and traffic type that will be assigned the High priority queue.
List the source, destination, and traffic type that will be assigned the Medium priority queue.
List the source, destination, and traffic type that will be assigned the Normal priority queue
List the source, destination, and traffic type that will be assigned the Low priority queue.

Step 3: Finalize the Data Priorities

a. Discuss and review your data priority assignments with another student to ensure that it addresses allnpossible data. Modify your priorities as necessary.

b. Highlight on the StadiumCompany topology diagram the device or devices where data traffic priority policies are likely to be configured.

Step 4: Reflection

Ideally, it may seem that all data traffic should be given a priority and queued accordingly. Consider and

discuss the potential for network performance to be negatively affected if this policy were implemented

everywhere on the network.

Delay data sensitif akan melihat prioritas yang sama sebagai non-delay data sensitif. Suara, video, diberi prioritas yang sama sebagai lalu lintas lainnya, dll

Lab 4.3.4 Exploring Network QoS

Step 1: Cable and configure the network

a. Connect and configure the devices in accordance with the given topology and configuration.

Routing will have to be configured across the serial WAN link to establish data communications.

Configure Telnet access on each router.

b. Ping between Host1 and Discovery Server to confirm network connectivity.

1) Confirm Application Layer connectivity by telnetting from R2 to R1.

2) Troubleshoot and establish connectivity if the pings or Telnet fail.

c. After confirming the initial configurations, maintain a console terminal session connection with R2.

Step 2: Examine priority queue commands

Configuring Priority Queueing

Configuring priority queueing (PQ) has two required steps and an optional third step:

1. Define the priority list (Required)

2. Assign the priority list to an Interface (Required)

3. Monitor priority queueing lists (Optional)

A priority list contains the definitions for a set of priority queues. The priority list specifies which queue a

packet will be placed in and, optionally, the maximum length of the different queues. To perform queueing

using a priority list, you must assign the list to an interface. The same priority list can be applied to multiple interfaces. Alternatively, you can create many different priority policies to apply to different interfaces.

Defining the Priority List

The priority list is defined by:

1. Assigning packets to priority queues

2. Specifying the maximum size of the priority queues (Optional)

Packets are assigned to priority queues based on the protocol type and the interface where the packets enter the router. The priority-list commands are read in order of appearance until a matching protocol or interface type is found. When a match is found, the packet is assigned to the appropriate queue and the search ends. Packets that do not match other assignment rules are assigned to the default queue. The following global configuration mode commands are used to specify in which queue a packet is placed. The command format is priority-list list-number Use a list-number of 1 and note the options available.

a. Enter the following command and note the options available.

FC-CPE-1(config)#priority-list 1 ?

default Set priority queue for

unspecified datagrams

interface Set priorities for packets

from a named interface

protocol priority queueing by protocol

queue-limit Set queue limits for

priority queues

b. Note some of the protocol options available.

FC-CPE-1(config)#priority-list 1 protocol ?

arp IP ARP

bridge Bridging

cdp Cisco Discovery Protocol

compressedtcp Compressed TCP (VJ)

http HTTP

ip IP

llc2 llc2

pad PAD links

pppoe PPP over Ethernet

snapshot Snapshot routing support

c. Note the IP protocol options available.

FC-CPE-1(config)#priority-list 1 protocol ip ?

high

medium

normal

low

d. Note the HTTP protocol options available.

FC-CPE-1(config)#priority-list 1 protocol http ?

high

medium

normal

low

e. Note the IP protocol high priority options available.

FC-CPE-1(config)#priority-list 1 protocol ip high ?

fragments Prioritize fragmented IP

packets

gt Prioritize packets greater

than a specified size

list To specify an access list

lt Prioritize packets less than a

specified size

tcp Prioritize TCP packets ‘to’ or

‘from’ the specified port

udp Prioritize UDP packets ‘to’ or

‘from’ the specified port<cr>

f. Note the IP protocol high priority TCP options available.

FC-CPE-1(config)#priority-list 1 protocol ip high tcp ?

<0-65535> Port number

domain Domain Name Service (53)

echo Echo (7)

ftp File Transfer Protocol (21)

ftp-data FTP data connections (20)

irc Internet Relay Chat (194)

nntp Network News Transport Protocol

(119)

pop3 Post Office Protocol v3 (110)

smtp Simple Mail Transport Protocol

(25)

telnet Telnet (23)

www World Wide Web (HTTP, 80)

Over 30 port/service options are available.

Step 3: Configure an example priority queue

From the global configuration mode, issue the following commands.

FC-CPE-1(config)#priority-list 1 protocol http high

FC-CPE-1(config)#priority-list 1 protocol ip normal tcp ftp

FC-CPE-1(config)#priority-list 1 protocol ip medium tcp telnet

What do these commands establish?

Sebuah daftar prioritas (nomor “1″) yang menetapkan paket HTTP yang akan ditandai sebagai prioritas tinggi, paket FTP rendah prioritas, dan Telnet paket sebagai prioritas menengah.

Step 4: Assign the priority list to an interface

a. From the global configuration mode, issue the following commands to assign the priority list to

interface serial 0/1/0.

FC-CPE-1(config)#int s0/1/0

FC-CPE-1(config-if)#priority-group 1

b. Confirm the priority list configuration. From the privileged EXEC mode, issue the show runningconfig

command.

Which statements in the configuration show that the priority list has been configured and applied

correctly?

interface Serial0/1/0

ip address 10.10.0.2 255.255.255.252

priority-group 1

priority-list 1 protocol http high

priority-list 1 protocol ip normal tcp ftp

priority-list 1 protocol ip medium tcp telnet

c. Confirm that issuing the show queueing priority command from the privileged EXEC mode

produces the following output:

FC-CPE-1#show queueing priority

Current DLCI priority queue configuration:

Current priority queue configuration:

List Queue Args

1 high protocol http

1 normal protocol ip tcp port ftp

1 medium protocol ip tcp port telnet

Step 5: Examine the priority queues operation

a. On Host1, launch a web browser and enter the URL http://172.17.1.1 to access the web

services configured on the server.

b. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL

ftp://172.17.1.1, or from the command line issue ftp 172.17.1.1

c. Download a large file from the server; for example, the Thunderbird setup program file.

d. From the privileged EXEC mode, issue the following command:

FC-CPE-1#show queueing interface s0/1/0

Output similar to this should be displayed:

Interface Serial0/1/0 queueing strategy: priority

Output queue utilization (queue/count)

high/94 medium/0 normal/106759 low/0

Note the packet count for each queue:

High

Medium

Normal

Low

e. Initiate a Telnet session from R2 to R1 and issue some show commands on R1.

f. Close the Telnet session.

g. Issue the following command from the R2 privileged EXEC mode:

FC-CPE-1#show queueing interface s0/1/0

Note the packet count for each queue:

High

Medium

Normal

Low

What is the significant difference when compared to the previous output form this command in

Step 5d?

Antrian Menengah sekarang memiliki jumlah paket, ini adalah prioritas yang ditugaskan untuk paket Telnet.

Step 6: Determine the priority queue requirements for the case study

a. Using the FilmCompany case study, what would you expect the priority queue requirements to be?

b. Discuss and compare your priorities with other students.

c. Amend your priority list statements to include traffic associated with the proposed network upgrade.

Step 7: Clean up

Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts

that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the

appropriate cabling and restore the TCP/IP settings.

Challenge

The following privileged EXEC command displays the contents of packets inside a queue for a particular

interface:

show queue interface-type interface-number

However, in this lab, it is not likely that sufficient data traffic was generated at one time for the interface

queues to hold packets long enough to be inspected. Discuss how a network has to be load tested to ensure that all traffic priorities are met.

Lab 4.4.4 Investigating Video Traffic Impact on a Network

Step 1: Cable and configure the network

a. Connect and configure the devices in accordance with the given topology and configuration.

Set clock rate on the serial link to 56000.

Routing will have to be configured across the serial WAN link to establish data communications.

Step 2: Observe data traffic

In this step, you will generate concurrent data traffic and observe the time the flows take.

a. From Host1 command line, issue the command ping 172.17.1 1 –n 500 to generate a large

number of pings to Discovery Server.

b. While the pings are being generated on Host1, launch a web browser and enter the URL

http://server.discovery.ccna or http://172.17.1.1 to access the web services

configured on the server.

c. Use FTP to download a file. On Host1, launch a new web browser window and enter the URL

ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command

line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.

d. Download a large file from the server; for example, the Thunderbird setup program file.

Note the total time taken to complete the pings, access the web page, and download the file.

Step 3: Stream the video file

Before beginning to stream the video ensure that QuickTime Player is installed on Host1, and that the video streaming service has been enabled on Discovery Server. See your instructor for advice if you are unsure. Launch QuickTime Player. Under File menu, go to Open URL

Enter URL rtsp://172.17.1.1/MWO.sdp, or a URL as provided by the instructor.

Note rate at which it plays back and the video and sound quality.

Video Quality

Sound Quality

Step 4: Observe both video and data traffic

a. From Host1 command line, issue the command ping 172.17.1 1 –n 500 to generate a large

number of pings to Discovery Server.

b. While the pings are being generated, use QuickTime Player to access the streaming video URL

again.

c. While the video is being played, launch a new web browser window on Host1 and enter the URL

http://server.discovery.ccna or http://172.17.1.1 to access the web services

configured on the server.

d. On Host1, launch another web browser window and enter the URL

ftp://server.discovery.ccna, or issue ftp server.discovery.ccna from the command

line. If DNS is not configured, the IP address 172.17.1.1 must be used instead of the domain name.

e. Download a large file from the server; for example, the Thunderbird setup program file.

Note the total time taken to complete the pings, access the web page, and download the file.

Note rate at which it plays back and the video and sound quality.

Video Quality

Sound Quality

Step 5: Observe the data flows with a different serial link clock rate

a. Change the serial link clock rate to 250000 on the router with the DCE interface.

b. Repeat Step 4 and record your observations.

Note the total time taken to complete the pings, access the web page, and download the file.

Note rate at which it plays back and the video and sound quality.

Video Quality

Sound Quality

c. Change the serial link clock rate to 2000000 on the router with the DCE interface.

d. Repeat Step 4 and record your observations.

Note the total time taken to complete the pings, access the web page, and download the file.

Note rate at which it plays back and the video and sound quality.

Video Quality

Sound Quality

Instructor Note: The Cisco 1841 router with WIC 2T Serial interfaces can support clock rates up to

4 000 0000 bits per second (4Mbps); other platforms and WIC 2A/S Serial interfaces may have a lower maximum clock rate.

Step 6: Record your general observations

Compare the different download times and video quality.

Step 7: Clean up

Step 8: Reflection

Consider and discuss how video and other data traffic can share network resources while maintaining

acceptable performance.

Video dan lalu lintas data dapat berbagi sumber daya jaringan yang sama jika bandwidth yang memadai tersedia atau jika lalu lintas yang diprioritaskan. Data lalu lintas dapat ditunda sedikit untuk memungkinkan lebih banyak waktu trafik video sensitif untuk memanfaatkan bandwidth yang tersedia.

Lab 4.5.1 Identifying Traffic Flows

Step 1: Cable and configure the current network

a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the

router and the other cable end to the host computer with a DB-9 or DB-25 adapter to the COM 1 port.

Ensure that power has been applied to both the host computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the router.

c. From the command prompt on Host1, ping between Host1 and Discovery Server to confirm network

connectivity. Troubleshoot and establish connectivity if the pings fail.

Step 2: Configure NetFlow on the interfaces

From the global configuration mode, issue the following commands to configure NetFlow:

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode, issue the show ip flow interface command.

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-1#clear ip flow stats

Step 4: Create network data traffic

A range of network application data flows is to be generated and captured. Generate as many of the data

flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.

a. Ping the Discovery Server from Host1 to generate a data flow.

From the command line of Host1, issue the command ping 172.17.1.1 -n 200

b. Telnet to the Discovery Server from Host1.

If Discovery Server is being used, issue the command telnet server.discovery.ccna from the

command prompt of Host1.

If Discovery Server is not being used, DNS is not configured , or if a terminal program such as

HyperTerminal or TeraTerm is being used, telnet from Host1 to 172.17.1.1.

c. On Host1, launch a web browser and enter the URL http://server.discovery.ccna

If Discovery Server is not being used or DNS is not configured, then use http://172.17.1.1 to access

the web services configured on that server.

d. Use FTP to download a file.

On Host1, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue

ftp server.discovery.ccna from the command line. If DNS is not configured use the IP

address 172.17.1.1 instead of the domain name.

Download a file from the server.

e. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,

send an email using one of these accounts.

Step 5: View the data flows

At the conclusion of the data flow, view the details by issuing the show ip cache flow command from privileged EXEC mode.

FC-CPE-1#show ip cache flow

Output similar to this will be displayed.

IP packet size distribution (3969 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .351 .395 .004 .011 .001 .005 .009 .001 .002 .005 .001 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .013 .000 .195 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

2 active, 4094 inactive, 1368 added

22316 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 17416 bytes

0 active, 1024 inactive, 0 added, 0 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 02:50:15

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 9 0.0 13 47 0.0 5.2 10.8

TCP-FTP 28 0.0 7 62 0.0 0.8 10.4

TCP-WWW 64 0.0 7 138 0.0 0.3 2.1

TCP-other 16 0.0 75 840 0.1 0.0 4.1

UDP-DNS 878 0.0 1 72 0.0 0.0 15.4

UDP-other 347 0.0 3 88 0.1 4.5 15.5

ICMP 26 0.0 1 70 0.0 0.8 15.4

Total: 1368 0.1 2 318 0.3 1.2 14.6

< output omitted >

From your output, list the name of each protocol with the number of flows. Answers vary. Examples shown.

Telnet 9 flows

FTP 28 flows

WWW 64 flows

DNS 878 flows

ICMP 26 flows

TCP other 16 flows

UDP other 347 flows

What was the total number of packets generated? 3969 packets

Which protocol generated the most packets? TCP other (75 x 16 = 1200)

Which protocol produced the most bytes per flow? TCP other (75 x 840 = 63000)

Which protocol’s flows were on the network the longest time? Telnet 5.2 sec

Which protocol used the longest amount of network time? UDP other (4.5 x 347 = 1561.5 sec)

Step 6: Clean up

Step 7: Reflection

Create a projected applications document listing the applications planned to use the network.

Application Type	Application	Protocol	Prioritas	Comments
Email	MS Outlook	SMTP	Menengah	Semua pengguna
Voice	Call Manager/SIP	VRTP	Tinggi	Semua pengguna
Web	Apache Server	HTTP	Rendah	Semua pengguna
Database	SQL Server	TCP	Menengah	Restricted user

Lab 4.5.2 Diagramming Intranet Traffic Flows

Step 1: Cable and configure the current network

a. Referring to the topology diagram, connect the console (or rollover) cable to the console port on the

router and the other cable end to the PC1 computer with a DB-9 or DB-25 adapter to the COM 1 port.

Ensure that power has been applied to both the host computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the router.

c. Ping between Host1 and Host2 and between the hosts and Discovery Server to confirm network

connectivity. Troubleshoot and establish connectivity if the pings fail.

Step 2: Configure NetFlow on the interfaces

From the global configuration mode, issue the following commands to configure NetFlow:

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#end

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode, issue the show ip flow interface command.

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-1#clear ip flow stats

Step 4: Create network data traffic

A range of network application data flows between the Host1, Host2, and the server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.

a. On Host1, launch a web browser and enter the URL http://server.discovery.ccna

b. On Host2, launch a web browser and enter the URL http://server.discovery.ccna

If Discovery Server is not being used, then use http://172.17.1.1 to access the web services

configured on that server.

c. Use FTP to download a file.

On Host1 and Host2, launch a web browser and enter the URL ftp://server.discovery.ccna,

or issue ftp server.discovery.ccna from the command line. If DNS is not configured, use the

IP address 172.17.1.1 instead of the domain name.

Download a file from the server.

d. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,

send two emails between users on Host1 and Host2 using these accounts.

e. Set up Windows file sharing between Host1 and Host2 and copy a file from one to the other.

Step 5: View the data flows

At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow

command from privileged EXEC mode.

FC-CPE-1#show ip cache verbose flow

Application Type	Source	Destination	Comments
Web	Intranet Web Server	Host1
Web	Intranet Web Server	Host2
File Transfer	Intranet File Server	Host1
File Transfer	Intranet File Server	Host2
Email	Host1	Email Server
Email	Host2	Email Server
File Share	Host1	Host2

Step 6: Clean up

Challenge

This lab simulates LAN data traffic. The LAN data flows of a production network would be much more

extensive and recorded over a greater period of time, perhaps a full working week.

a. On the FilmCompany initial current network topology shown on the next page, add PC host and

printer icons as listed for each VLAN. Draw a circle that encloses the local LAN segments.

b. Then, using the data flows recorded in this lab as a starting point, use different colors to mark the

different LAN data flows between hosts and the server.

Lab 4.5.3 Diagramming Traffic Flows to and from Remote Sites

Step 1: Cable and configure the current network

a. Cable the topology given in the diagram. Ensure that power has been applied to both the host

computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the

hostname and interfaces shown in the table.

c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be

configured on the three routers to establish data communications.

d. From PC1, ping and PC2 and Discovery Server to confirm network connectivity. Troubleshoot and

establish connectivity if the pings fail.

Step 2: Configure NetFlow on the router FC-CPE-1 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface

command.

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-1#clear ip flow stats

Step 4: Configure NetFlow on the router FC-CPE-2 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-

FC-CPE-2(config)#interface fastethernet 0/0

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-1(config-if)#interface serial 0/1/0

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#end

Step 5: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface

command.

FC-CPE-2#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-2#clear ip flow stats

Step 6: Configure NetFlow on the router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:

ISP(config)#interface fastethernet 0/1

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#interface serial 0/0/0

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#end

Step 7: Verify the NetFlow configuration

a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.

ISP#show ip flow interface

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

ISP#clear ip flow stats

Step 8: Create network data traffic

A range of network application data flows between the remote site, the FilmCompany LAN, and the network server is to be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available to be used in this lab.

a. On both PCs launch a web browser and enter the URL http://server.discovery.ccna

If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to

access the web services configured on that server..

b. Use FTP to download a file.

On both PCs, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue

ftp server.discovery.ccna from the command line. If DNS is not configured use 172.17.1.1

instead of the domain name. Download a file from the server.

c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,

send two emails in each direction between the user on the LAN and the Remote User using these

accounts.

d. To simulate data traffic between the two PCs, ping between them. Attempt to establish a Telnet

session between the two PCs. If file sharing has been enabled, copy a file in both directions between

the two.

Step 9: View the data flows

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow

command from privileged EXEC mode on each router.

FC-CPE-1#show ip cache verbose flow

FC-CPE-2#show ip cache verbose flow

ISP#show ip cache verbose flow

Router 1 – Sample Output

FC-CPE-1#show ip cache verbose flow

IP packet size distribution (1050 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .672 .278 .015 .000 .007 .000 .000 .000 .000 .000 .000 .001 .003 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.001 .000 .003 .011 .003 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

1 active, 4095 inactive, 150 added

2280 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

1 active, 1023 inactive, 27 added, 27 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:12:31

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-FTP 8 0.0 7 54 0.0 3.7 12.1

TCP-WWW 8 0.0 5 196 0.0 0.2 1.5

TCP-SMTP 16 0.0 15 72 0.3 15.8 1.7

TCP-other 32 0.0 11 77 0.5 2.2 1.5

UDP-DNS 49 0.0 5 67 0.3 6.1 15.6

UDP-other 38 0.0 1 83 0.0 0.0 15.4

Total: 151 0.2 6 77 1.4 4.3 10.2

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

FC-CPE-1#

Router 2 – Sample Output

FC-CPE-2#show ip cache verbose flow

IP packet size distribution (982 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .665 .164 .016 .000 .008 .000 .000 .000 .000 .000 .000 .002 .004 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.002 .000 .004 .128 .004 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

3 active, 4093 inactive, 145 added

2617 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

2 active, 1022 inactive, 50 added, 50 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:11:43

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7

TCP-FTP 8 0.0 7 54 0.0 3.7 11.8

TCP-WWW 8 0.0 5 196 0.0 0.2 1.7

TCP-SMTP 16 0.0 15 72 0.3 15.8 1.6

TCP-other 32 0.0 11 77 0.5 2.2 1.4

UDP-DNS 8 0.0 1 69 0.0 0.1 15.3

UDP-other 59 0.0 1 55 0.0 0.0 15.4

ICMP 9 0.0 4 60 0.0 4.3 15.4

Total: 146 0.2 5 76 1.2 2.8 9.7

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 120

0044 /0 0 0043 /0 0 0.0.0.0 604 729.9

Se0/1/0 10.10.10.2 Null 224.0.0.9 11 C0 10 1

0208 /0 0 0208 /0 0 0.0.0.0 52 0.0

IPM: 0 0

FC-CPE-2#

Router 3 – Sample Output

ISP#show ip cache verbose flow

IP packet size distribution (502 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .709 .225 .015 .000 .007 .000 .001 .000 .000 .000 .000 .000 .007 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.003 .000 .003 .015 .007 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

1 active, 4095 inactive, 90 added

1274 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

1 active, 1023 inactive, 25 added, 25 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:11:21

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 6 0.0 3 45 0.0 3.6 10.7

TCP-WWW 8 0.0 5 196 0.0 0.2 1.5

TCP-SMTP 8 0.0 18 70 0.2 21.3 1.5

TCP-other 16 0.0 12 83 0.2 4.3 1.5

UDP-DNS 8 0.0 1 69 0.0 0.1 15.4

UDP-other 33 0.0 1 87 0.0 0.0 15.4

ICMP 10 0.0 4 60 0.0 5.4 15.5

Total: 89 0.1 5 85 0.7 3.6 10.1

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

Se0/1/0 10.10.10.1 Null 224.0.0.9 11 C0 10 1

0208 /0 0 0208 /0 0 0.0.0.0 92 0.0

IPM: 0 0

ISP#

b. Examine the output and record the different data flows for each router.

c. Discuss and compare the data flows for each router. Particularly consider how recording these flows

can assist in understanding which network devices and resources are used for particular flows.

Step 10: Clean up

Challenge

This lab simulates the flow of traffic to and from FilmCompany remote sites. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN. On the FilmCompany initial current network topology shown on the next page, add two remote site hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study initially, the FilmCompany remote sites access its network across the Internet.

One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame

Relay for the stadium-based remote sites to access the FilmCompany network.

Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different data flows between the remote hosts and devices on the FilmCompany network.

Lab 4.5.4 Diagramming External Traffic Flows

Step 1: Cable and configure the current network

a. Cable the topology given in the diagram. Ensure that power has been applied to both the host

computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the

hostname and interfaces shown in the table.

c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be

configured on the three routers to establish data communications.

d. From PC1 ping both PC2 and Discovery Server to confirm network connectivity. Troubleshoot and

establish connectivity if the pings fail.

Step 2: Configure NetFlow on router FC-CPE-1 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#end

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface

command.

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-1#clear ip flow stats

Step 4: Configure NetFlow on router FC-CPE-2 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:

FC-CPE-2(config)#interface fastethernet 0/0

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#interface fastethernet 0/1

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#interface serial 0/1/0

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#end

Step 5: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface

command.

FC-CPE-2#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-2#clear ip flow stats

Step 6: Configure NetFlow on router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:

ISP(config)#interface fastethernet 0/1

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#interface serial 0/1/0

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#end

Step 7: Verify the NetFlow configuration

a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.

ISP#show ip flow interface

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are reset:

ISP#clear ip flow stats

Step 8: Create network data traffic

A range of Internet application data flows between PC2 (the Internet) and the FilmCompany network is to be generated and captured. Generate as many of the data flows shown below as it is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.

a. On PC2, launch a web browser and enter the URL http://server.discovery.ccna

If Discovery Server is not being used, or DNS is not configured, then use http://172.17.1.1 to

access the web services configured on that server.

b. Use FTP to download a file.

On PC2, launch a web browser and enter the URL ftp://server.discovery.ccna, or issue ftp

server.discovery.ccna from the command line. If DNS is not configured use the IP address

172.17.1.1 instead of the domain name. (example: http://172.17.1.1 )

Download a file from the server.

c. If email accounts have been configured using the POP3 and SMTP services on Discovery Server,

send two emails from PC2 using these accounts.

Step 9: View the data flows

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow

command from privileged EXEC mode on each router.

FC-CPE-1#show ip cache verbose flow

FC-CPE-2#show ip cache verbose flow

ISP#show ip cache verbose flow

b. Examine the output and record the different data flows for each router.

c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from

Lab 4.5.3 and the implications this has in understanding which network devices and resources are

used for particular flows.

Step 10: Clean up

Challenge

This lab simulates the flow of traffic to and from FilmCompany network and the Internet. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. On the FilmCompany initial current network topology shown on the next page, highlight the network Internet link. Using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different possible data flows between the hosts and devices on the FilmCompany network to and from the Internet.

Lab 4.5.5 Diagramming Extranet Traffic Flows

Step 1: Cable and configure the current network

a. Cable the topology given in the diagram. Ensure that power has been applied to both the host

computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the

hostname and interfaces shown in the table.

c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be

configured on the three routers to establish data communications.

d. From PC1, ping PC2 and Discovery Server to confirm network connectivity. Troubleshoot and

establish connectivity if the pings fail.

Step 2: Configure NetFlow on router FC-CPE-1 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#end

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface

command.

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-1#clear ip flow stats

Step 4: Configure NetFlow on router FC-CPE-2 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:

FC-CPE-2(config)#interface fastethernet 0/0

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#interface fastethernet 0/1

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#interface serial 0/1/0

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#end

Step 5: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface

command.

FC-CPE-2#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-2#clear ip flow stats

Step 6: Configure NetFlow on router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:

ISP(config)#interface fastethernet 0/1

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#interface serial 0/1/0

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#end

Step 7: Verify the NetFlow configuration

a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.

ISP#show ip flow interface

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

ISP#clear ip flow stats

Step 8: Create network data traffic

Ideally, a range of network application data flows between the trusted extranet host PC2 and PC1 on the

FilmCompany LAN should be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.

To simulate data traffic between the two PCs:

a. Ping between them.

b. Attempt to establish a Telnet session between the two PCs.

c. If you have rights, enable file sharing and copy a file in both directions between the two PCs.

Step 9: View the data flows

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow

command from privileged EXEC mode on each router.

FC-CPE-1#show ip cache verbose flow

FC-CPE-2#show ip cache verbose flow

ISP#show ip cache verbose flow

Router 1 – Output

FC-CPE-1#show ip cache verbose flow

IP packet size distribution (12 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

0 active, 4096 inactive, 12 added

192 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

0 active, 1024 inactive, 8 added, 8 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:03:38

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

UDP-DNS 2 0.0 1 70 0.0 0.0 15.7

UDP-other 10 0.0 1 87 0.0 0.0 15.5

Total: 12 0.0 1 84 0.0 0.0 15.5

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

FC-CPE-1#

Router 2 – Output

FC-CPE-2#show ip cache verbose flow

IP packet size distribution (5223 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .303 .030 .142 .031 .034 .001 .002 .001 .000 .000 .004 .000 .075 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .020 .351 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

9 active, 4087 inactive, 62 added

1970 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

0 active, 1024 inactive, 20 added, 20 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:04:31

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 18 0.0 3 45 0.2 3.6 10.9

TCP-other 4 0.0 1 40 0.0 0.0 15.5

UDP-DNS 2 0.0 1 70 0.0 0.0 15.4

UDP-other 22 0.0 1 53 0.0 0.0 15.3

ICMP 8 0.0 14 60 0.4 13.9 15.2

Total: 54 0.2 3 54 0.7 3.2 13.8

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 222

0044 /0 0 0043 /0 0 0.0.0.0 604 1356.9

Fa0/1 10.0.0.200 Se0/1/0 10.20.0.200 06 00 18 1368

01BD /0 0 06AA /0 0 0.0.0.0 970 184.9

Fa0/1 10.0.0.200 Se0/1/0* 10.20.0.200 06 00 18 1368

01BD /0 0 06AA /0 0 0.0.0.0 970 184.9

FFlags: 01

Se0/1/0 10.20.0.200 Fa0/0 172.17.1.1 11 00 10 5

0404 /0 0 0035 /0 0 0.0.0.0 62 4.3

Se0/1/0 10.20.0.200 Fa0/0* 172.17.1.1 11 00 10 5

0404 /0 0 0035 /0 0 0.0.0.0 62 4.3

FFlags: 01

Fa0/0 172.17.1.1 Se0/1/0* 10.20.0.200 11 00 10 5

0035 /0 0 0404 /0 0 0.0.0.0 62 4.3

FFlags: 01

Fa0/0 172.17.1.1 Se0/1/0 10.20.0.200 11 00 10 5

0035 /0 0 0404 /0 0 0.0.0.0 62 4.3

Se0/1/0 10.20.0.200 Fa0/1 10.0.0.200 06 00 18 1152

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

06AA /0 0 01BD /0 0 0.0.0.0 71 184.9

Se0/1/0 10.20.0.200 Fa0/1* 10.0.0.200 06 00 18 1210

06AA /0 0 01BD /0 0 0.0.0.0 71 194.7

FFlags: 01

Fa0/0 10.10.0.1 Null 224.0.0.9 11 C0 10 1

0208 /0 0 0208 /0 0 0.0.0.0 52 0.0

IPM: 0 0

FC-CPE-2#

Router 3 – Output

ISP#show ip cache verbose flow

IP packet size distribution (6724 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .306 .029 .138 .031 .032 .001 .001 .001 .000 .000 .003 .000 .080 .001

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .008 .362 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

5 active, 4091 inactive, 54 added

1881 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

1 active, 1023 inactive, 12 added, 12 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:05:44

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 18 0.0 3 45 0.1 3.6 10.7

TCP-other 4 0.0 1 40 0.0 0.0 15.7

UDP-DNS 4 0.0 3 63 0.0 2.1 15.5

UDP-other 16 0.0 1 77 0.0 0.0 15.4

ICMP 8 0.0 14 60 0.3 13.4 15.5

Total: 50 0.1 4 58 0.6 3.6 13.7

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

Se0/1/0 10.0.0.200 Fa0/1 10.20.0.200 06 00 18 1794

01BD /0 0 06AA /0 0 0.0.0.0 989 245.1

Se0/1/0 10.0.0.200 Fa0/1* 10.20.0.200 06 00 18 1794

01BD /0 0 06AA /0 0 0.0.0.0 989 245.1

FFlags: 01

Fa0/1 10.20.0.200 Se0/1/0 10.0.0.200 06 00 18 1502

06AA /0 0 01BD /0 0 0.0.0.0 69 245.0

Fa0/1 10.20.0.200 Se0/1/0* 10.0.0.200 06 00 18 1502

06AA /0 0 01BD /0 0 0.0.0.0 69 245.0

FFlags: 01

ISP#

b. Examine the output and record the different data flows for each router.

c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from

the previous Labs and the implications this has in understanding which network devices and

resources are used for particular flows.

Step 10: Clean up

Challenge

This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and

customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN.

On the FilmCompany initial current network topology shown on the next page, add two trusted remote site

hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Lab 3.5.5 Analyzing an Existing Network

Lab 3.5.5 Analyzing an Existing Network

Step 1: Document and confirm existing network topology, addressing, and naming schemes

a. Examine the existing network topology diagram.

Record the current addressing scheme in a table.

Associate device names with addresses on the table.

b. Highlight any inconsistencies in the naming and addressing schemes.

For example:

• Naming some devices by location and others by function
• Inconsistent or confusing use of abbreviations
• Some gateway addresses as the first address of a subnet, others as the last address

c. Use word processing software to create a Current Network document.

Step 2: Identify those parts of the existing network that currently meet the project technical requirements

a. Examine the network topology and specifications.

Record which current features meet the technical requirements of the proposed network upgrade.

• Capacity (bandwidth, address ranges, VLANs)
• Redundant links
• Router and switch interfaces and ports
• Router and switch feature sets, memory, and processing capability
• WAN
• Wireless
• QoS

b. Include these strengths and capabilities in your Current Network document.

Potential strengths may include:

• New wiring and adequate communications closets
• Adequate space for a new data center
• Servers and PCs are current models and will not need replacement
• Some existing network switches and routers can be used in the new design

Step 3: Identify those parts of the existing network that can be scaled to meet the project

technical requirements

a. Examine the network topology and specifications.

Record which current features do not meet the technical requirements of the proposed network

upgrade but can be scaled within the capacity of the network to do so.

• Capacity (bandwidth, address ranges, VLANs)
• Redundant links
• Router and switch interfaces and ports
• Router and switch feature sets, memory, and processing capability
• WAN
• Wireless
• QoS

b. Include these scalable features and capabilities in your Current Network document.

Step 4: Identify those parts of the existing network that do not to meet the project technical requirements

a. Examine the network topology and specifications.

Record which current features do not meet the technical requirements of the proposed network

upgrade and what additional networking resources are required.

• Capacity (bandwidth, address ranges, VLANs)
• Redundant links
• Router and switch interfaces and ports
• Router and switch feature sets, memory, and processing capability
• WAN
• Wireless
• QoS

b. Include these weaknesses and shortfalls in your Current Network document.

Possible weaknesses include:

• Flat network design
• Insufficient bandwidth at Distribution Layer, no true Core Layer
• Servers poorly located
• Multiple networks, difficult to maintain
• Poor IP addressing structure
• No dedicated bandwidth for WAN connectivity
• Limited wireless implementation
• Limited security implementations

Step 5: Obtain agreement and authorization from the company to continue with the network upgrade design

a. Finalize the Current Network document so that the strengths and shortfalls are clearly and precisely

presented.

b. Discuss and review your Current Network document with another student to ensure that it clearly

states which parts of the network meet the technical requirements of the upgrade project and which

parts do not. Amend the document as necessary to clarify any areas that could be misunderstood. At

this stage of the network design process, a meeting with the FilmCompany management would be

held to obtain their agreement and authorization to continue with the design of the upgrade.

c. Save and retain your Current Network document so that it can be incorporated with the previous

documents to complete this network design case study.

Step 6: Reflection

Consider the resources and information that will facilitate the task of analyzing a current network.

• Having up-to-date documentation showing such information as addressing, device names,

VLAN allocations, switch port assignments

• Systematic and consistent host names, descriptions, and addressing schemes
• Software tools that record data flows and device identification
• Efficient and accurate fault and incidence reporting and clearance documentation to highlight

and record problems

• sistematis dan nama host yang konsisten, deskripsi, dan skema pengalamatan
• Software tools yang merekam aliran data dan identifikasi perangkat

Posted in CCNA Jobsheet
Leave a comment

January 6, 2011

Tugas CCNA 4 Lab 3.5.4 Developing Network Requirements

Lab 3.5.4 Developing Network Requirements

Step 1: Record the company business goals and constraints that will influence the network design

As the network designer, you need to identify and prioritize the business goals of FilmCompany as defined in the Project Goals document. Develop your understanding of what these goals are from the FilmCompany case study information.

a. List these goals in order of priority.

b. Expand and consider the details of how these goals can be achieved using the network as a platform.

c. Note any constraints that these expanded goals may impose on the network design, such as retaining

the current number of IT and network support staff.

d. Use word processing software to create a Network Requirements document.

e. Clearly state the business goals and constraints in the document.

Step 2: Record the technical requirements that will influence the network design

a. Evaluate each of the business goals and determine the technical requirements to meet the goals.

List these technical requirements under the headings of:

• Scalability
• Availability and Performance
• Security
• Manageability

b. Initially, list all technologies that may be able to meet these technical requirements.

c. Include these requirements in your Network Requirements document.

Step 3: Record the user requirements that will influence the network design

a. Consider the types of users that will influence the network design. These users may be onsite, in the

office, in the video editing room, offsite (at the stadium), or mobile. Which types of users generate the heaviest amount of network traffic? Which types generate the lightest traffic?

How might different types of users be grouped for Access Layer purposes?

b. Include these requirements in your Network Requirements document.

Step 4: Record the application requirements that will influence the network design

a. Consider the type of applications that will influence the network design.

What applications are essentially device-based, with minimal network requirements?

Which applications are network-intensive?

Which applications and services are delivered onsite, in the offices, and which may need to be delivered offsite over the WAN or to mobile users?

b. Include these requirements in your Network Requirements document.

Step 5: Develop the network requirements

a. Refine the technical requirements of the network to match user and application requirements.

What compromises may have to be made to ensure that the project remains within the business

constraints?

b. Finalize the technical requirements of the network that will meet the project goals.

c. Discuss and review your Technical Requirements document with another student to ensure it addresses all the business, user, and application requirements within the Project Scope and does not unnecessarily address out-of-scope requirements. Modify the document as necessary.

d. Save and retain your Technical Requirements document for the next stage of this network design

case study.

Step 6: Reflection

Developing the technical requirements of a network that meets the project goals, while remaining within

scope, requires knowledge of the available and appropriate technologies and services.

Discuss strategies that will ensure that a network design team is up-to-date with networking technologies and their applications.

• Berlangganan ke jurnal teknis dan industri (baik hardcopy dan online)
• Menghadiri peluncuran dan demonstrasi produk
• Menghadiri seminar pelatihan dan kursus
• Menyusun dan melaksanakan rencana pengembangan diri profesional
• Memelihara industri saat ini dan sertifikasi vendor

Posted in CCNA Jobsheet
Leave a comment

Princess Maa Castle

I will try to write, read and shared what I see , I get n I feel

Monthly Archives: January 2011

Proposal membangun Jaringan

Tugas CCNA 4 Labskill Chapter 10

Tugas CCNA 4 Labskill Chapter 9

Tugas CCNA 4 Labskill Chapter 8

Tugas CCNA 4 Labskill Chapter 7

Tugas CCNA 4 Labskill Chapter 6

Tugas CCNA 4 Labskill Chapter 5

Tugas CCNA 4 Labskill Chapter 4

Tugas CCNA 4 Lab 3.5.5 Analyzing an Existing Network

Tugas CCNA 4 Lab 3.5.4 Developing Network Requirements