Configuration Of VLANs, Trunks, DHCP, NAT, ACLs, Static Routes And OSPFv2.

Posted by:

Faith

|

On:

|

IT service work order

Task 2 Skills Assessment (2)Download

Please follow the table provided below to enforce access privilege for different departments in the enterprise network.

 Sales TeamDesign TeamFinance TeamManager Team
CRM ServerAllowDenyAllowAllow
Web ServerAllowAllowAllowAllow
SharePoint ServerDenyAllowDenyAllow

Task

LAB REPORT

Step 1

Correcting devices IP addresses and gateway for end devices

DEVICEIP ADDRESSSUBNET MASKDEFAULT GATEWAY
PC SALE 110.1.1.1255.255.255.010.1.1.250
PC SALE 210.1.1.2255.255.255.010.1.1.250
PC SALE 310.1.1.3255.255.255.010.1.1.250
CRM SERVER10.1.1.100255.255.255.010.1.1.250
PC PT-Design192.168.2.10255.255.255.0192.168.2.1
PC PT-Finance192.168.3.10255.255.255.0192.168.3.1
PC PT-Manager192.168.4.10255.255.255.0192.168.4.1
Web Server192.168.1.80255.255.255.0192.168.1.1
Sharepoint Server192.168.2.100255.255.255.0192.168.2.1

Configuration of interfaces on BDR-RTR

Router>en

Router#show ip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 unassigned YES unset administratively down down

GigabitEthernet0/1 unassigned YES unset administratively down down

Serial0/0/0 unassigned YES unset administratively down down

Serial0/0/1 unassigned YES unset administratively down down

Vlan1 unassigned YES unset administratively down down

Router#

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface g0/0

Router(config-if)#ip address 10.1.1.250 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

Router(config-if)#interface s0/0/0

Router(config-if)#ip address 170.168.2.1 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up

Router(config-if)#do writ

Building configuration…

[OK]

Router(config-if)#

Router(config-if)#

R1 Router Configuration

Router#

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface lo0

Router(config-if)#no ip address 192.168.1.1 255.255.255.0

Router(config-if)#interface g0/0

Router(config-if)#no shut

Router(config-if)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up

Step 2 – Assigning VLANs and access/trunk ports on the multilayer switch

AC Power was connected to power on the switch.

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#interface g1/0/1

Switch(config-if)#switchport mode trunk

Switch(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up

Switch(config-if)#switch

Switch(config-if)#switchport trunk allowed vlan all

Switch(config-if)#

Switch(config-if)#interface gi1/0/3

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access VLAN 20

% Access VLAN does not exist. Creating vlan 20

Switch(config-if)#interface g1/0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access VLAN 10

% Access VLAN does not exist. Creating vlan 10

Switch(config-if)#interface g1/0/20

Switch(config-if)#switchport access VLAN 20

Switch(config-if)#switchport mode

Switch(config-if)#interface g1/0/21

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access VLAN 30

% Access VLAN does not exist. Creating vlan 30

Switch(config-if)#

Switch(config-if)#interface g1/0/22

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access VLAN 40

Configuration for Switch 1

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#interface g0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport a

Switch(config-if)#switchport access VLAN 20

% Access VLAN does not exist. Creating vlan 20

Switch(config-if)#

Switch(config-if)#interface fa0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access VLAN 20

Switch(config-if)#do wr

Building configuration…

[OK]

Switch(config-if)#

Configuration for Switch  2

Switch>en

Switch#conf t

Switch(config)#hostname S2

S2(config)#interface g0/1

S2(config-if)#swit

S2(config-if)#switchport mode access

S2(config-if)#switchport access VLAN 30

% Access VLAN does not exist. Creating vlan 30

S2(config-if)#interface fa0/1

S2(config-if)#switchport mode access

S2(config-if)#switchport access VLAN 30

S2(config-if)#do writ

Building configuration…

[OK]

S2(config-if)#

S2#

%SYS-5-CONFIG_I: Configured from console by console

Configuration for Switch 3

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname S3

S3(config)#interface g0/1

S3(config-if)#switchport mode access

S3(config-if)#switchport access VLAN 40

% Access VLAN does not exist. Creating vlan 40

S3(config-if)#interface fa0/1

S3(config-if)#switchport mode access

S3(config-if)#switchport access VLAN 40

S3(config-if)#do writ

Building configuration…

[OK]

S3(config-if)#

Configuration of sub-interfaces on R1

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface g0/0.10

Router(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.10, changed state to up

Router(config-subif)#encapsulation dot1Q 10

Router(config-subif)#ip address 192.168.1.1 255.255.255.0

Router(config-subif)#interface g0/0.20

Router(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.20, changed state to up

Router(config-subif)#encapsulation dot1Q 20

Router(config-subif)#ip address 192.168.2.1 255.255.255.0

Router(config-subif)#interface g0/0.30

Router(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.30, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.30, changed state to up

Router(config-subif)#encapsulation dot1Q 30

Router(config-subif)#ip address 192.168.3.1 255.255.255.0

Router(config-subif)#interface g0/0.40

Router(config-subif)#

%LINK-5-CHANGED: Interface GigabitEthernet0/0.40, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0.40, changed state to up

Router(config-subif)#encapsulation dot1Q 40

Router(config-subif)#ip address 192.168.4.1 255.255.255.0

Router(config-subif)#

Setup default routing on routers

R1

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#no ip domain-lookup

Router(config)#ip route 0.0.0.0 0.0.0.0 170.168.2.1

Router(config)#do wri

Building configuration…

[OK]

Router(config)#

Router#

BDR-RTR

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip domain-lookup

Router(config)#no ip domain-lookup

Router(config)#ip route 0.0.0.0 0.0.0.0 172.168.2.2

Router(config)#no ip route 0.0.0.0 0.0.0.0 172.168.2.2

Router(config)#ip route 0.0.0.0 0.0.0.0 170.168.2.2

Router(config)#do writ

Building configuration…

[OK]

Router(config)#

Confirmation of connectivity via ping tests from PC-Sale 2 to all servers

Confirmation of connectivity via ping tests from PC-Design to all servers

Confirmation of connectivity via ping tests from PC- Finance to all servers

Confirmation of connectivity via ping tests from PC-Manager to all servers

Configuring and Applying ACLs

Sales team and the CRM server are on the same network so no ACL is needed.

Create ACL named SALES on the BDR-RTR router and apply to interface

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip access-list extended SALES

Router(config-ext-nacl)#permit ip 10.1.1.0 0.0.0.255 host 192.168.1.80

Router(config-ext-nacl)#deny ip 10.1.1.0 0.0.0.255 host 192.168.2.100

Router(config-ext-nacl)#permit ip 10.1.1.0 0.0.0.255 host 192.168.3.10

Router(config-ext-nacl)#permit ip 10.1.1.0 0.0.0.255 host 192.168.4.10

Router(config-ext-nacl)#do writ

Building configuration…

[OK]

Router(config-ext-nacl)#exit

Router(config)#interface g0/0

Router(config-if)#ip access-group SALES in

Router(config-if)#do wri

Building configuration…

[OK]

Router(config-if)#

Create ACL named DESIGN on router R1and apply to interface

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip access-list

% Incomplete command.

Router(config)#ip access-list extended DESIGN

Router(config-ext-nacl)#deny ip host 192.168.2.10 host 10.1.1.100

Router(config-ext-nacl)#permit ip host 192.168.2.10 host 192.168.1.80

Router(config-ext-nacl)#permit ip host 192.168.2.10 host 192.168.2.100

Router(config-ext-nacl)#permit ip host 192.168.2.100 host 192.168.4.10

Router(config-ext-nacl)#interface gi0/0.20

Router(config-subif)#ip access-group DESIGN in

Router(config-subif)#

Create ACL named FINANCE on router R1and apply to interface

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip access-list extended FINANCE

Router(config-ext-nacl)#permit ip hist 192.168.3.10 host 10.1.1.100

^

% Invalid input detected at ‘^’ marker.

Router(config-ext-nacl)#permit ip host 192.168.3.10 host 10.1.1.100

Router(config-ext-nacl)#permit ip host 192.168.3.10 host 192.168.1.80

Router(config-ext-nacl)#deny ip host 192.168.3.10 host 192.168.2.100

Router(config-ext-nacl)#end

Router#

%SYS-5-CONFIG_I: Configured from console by console

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface g0/0.30

Router(config-subif)#ip access-group FINANCE

% Incomplete command.

Router(config-subif)#ip access-group FINANCE in

Router(config-subif)#do writ

Building configuration…

[OK]

Router(config-subif)#

Create ACL named MANAGER on router R1and apply to interface

Router(config)#ip access-list extended MANAGER

Router(config-ext-nacl)#permit ip host 192.168.4.10 host 10.1.1.100

Router(config-ext-nacl)#permit ip host 192.168.4.10 host 192.168.1.80

Router(config-ext-nacl)#permit ip host 192.168.4.10 host 192.168.2.100

Router(config-ext-nacl)#exit

Router(config)#interface g0/0.40

Router(config-subif)#ip access-group MANAGER in

Router(config-subif)#do wr

Building configuration…

[OK]

Router(config-subif)#

Testing connectivity from Sales Team to access CRM and Web but not Sharepoint

Testing connectivity from Design Team to access Sharepoint and Web but not CRM

 Testing connectivity from Finance Team to access CRM and Web but not Sharepoint

Testing connectivity from Manager Team to access all servers

Posted by

Faith

in