Shulou(Shulou.com)06/01 Report--

Classic Enterprise Campus Network Construction Scheme

Comprehensive practical Test of Omni-directional net Workers in Primary and Intermediate level

Qian Yitang Ande (Brother Jun)

Version 1.3

April 2019

1. Network architecture planning and design

Figure 1

1.1 Planning description

Figure 1 implements a typical enterprise network where AS1 (including R1, SW1, SW2, and SW3) is the enterprise main campus network, AS2 is the enterprise branch network, and the cloud represents Internet devices (8.8.8.8). Readers need to complete the basic network functions of AS1 and AS2, access the Internet (8.8.8.8) and enable terminals located in two AS to communicate across the wide area network through GRE × ×.

1.2 overall architectural design

In AS1, R1, as the exit of the enterprise gateway, is responsible for accessing the Internet and interconnecting with R3, while acting as the core router within the AS; SW1 and SW2 are the aggregation layer switches of the AS1, and the SVI interface on them is shown in figure 1; and SW3 is the access layer switch.

In AS2, R3 serves as the gateway exit of the branch network. Due to the small number of personnel in the branch office, there is only one SW4 in the AS2 as an access layer 2 switch, connecting the terminal equipment and the router.

1.3 overall requirements

Plan and implement the network according to the IP address in the topology. There will be at most one static route for each AS in the two AS.

With a total score of 60, you can study NP and IE courses with a score of more than 40, and if you have a score below 36, you are advised to retake the QCNA course.

two。 Switched network section (17 points)

Switching network is the key content of a campus network. Please implement layer 2 network first, and then adjust layer 3 network and other features.

2.1 VLAN planning and access (2 points)

Sw1-e0/1 VLAN11

Sw2-e0/2 VLAN12

Sw3-e0/0 VLAN8

Sw3-e0/1 VLAN9

Sw3-e0/2 VLAN10

Sw4-e0/1 VLAN20

Sw4-e0/2 VLAN30

Table 1

 creates VLAN8, 9, 10, 11, 12, 99 on the switch in AS1

 creates VLAN20 and 30. 0 on the switch in AS2. Access to VLAN according to Table 1

2.2 implementation of Trunk encapsulation (3 points)

 implements Trunk links in standard encapsulation format on switch interconnection interfaces within AS1

All VLAN except VLAN1 is allowed to pass through all Trunk in  AS1, and all VLAN traffic must carry TAG

 implements Trunk on the switch within AS2, and only the corresponding VLAN is allowed to pass during the security period

2.3 implementation of spanning Tree Protocol (6 points)

 implements 802.1s spanning tree in AS1 and AS2

 SW1 has the greatest possibility of becoming the root of VLAN8, 10, 11 in instance 1, while SW1 is the backup root of other VLAN (instance 2).

On the contrary,  SW2 becomes the backup root of VLAN8, 10, 11 and the main root of other VLAN.

The  area is named ender and the revision number is 1

 uses only one command on each device of SW1,SW2 and SW3, so that the interface connecting the terminal can quickly enter the forwarding state.

 configures commands under the interface of SW4 to enable interfaces connected to other devices to quickly enter the forwarding state

In order to protect the switching network,  shuts down the interface on the access layer switch (SW3, SW4) upon receipt of illegal BPDU

2.4 implement Ethernet aggregation links (2 points)

In order to ensure sufficient bandwidth between aggregation switches,  implements manual Ethernet link aggregation between aggregation switches.

 Ethernet link aggregation uses load sharing based on source-destination IP

2.5 transition from layer 2 network to layer 3 network (4 points)

Figure 2

 is shown in figure 2. Configure IP addresses on all routers to ensure directly connected IP address communication between routers and between routers and switches

 is shown in figure 2. Configure IP addresses on all switches to ensure directly connected IP address communication between routers and between routers and switches

3. Routing part (20 points) 3.1 build AS2 internal network (3 points)

 as shown in figure 2, configure the IP address of PC3 and configure the correct gateway

 as shown in figure 2, configure the IP address of S2 and configure the correct gateway

 configures R3 to ensure communication between PC3 and S2

3.2 build AS1 internal network (5 points)

Figure 3

, as shown in figure 3, implements OSPF multiarea (area0 and area1) networks within AS1 with process number 110,

The ID of the OSPF router of the  configuration device is 0.0.0.1 and 0.0.0.3 respectively

Loopback interface 0 of  R1 (please create it yourself, address 11.1.1.1go 32) runs in area 0

Other APIs in  AS1 are running in area1. Please implement the corresponding APIs.

 ensures that all hosts within the AS1 (including 11.1.1.1) communicate with each other

3.3 implementation of network boundaries (6 points)

The gateway device of  AS1 is configured with 2 default routes. The next hop is the operator address. Please use the Ethernet link as the primary path.

The gateway device of  AS2 is configured with a default route, and the next hop is the operator address.

 ensures that R1 and R3 can communicate with 8.8.8.8

 ensures that R1 and R3 can communicate with each other

 ensures that PC1 and PC3 can send data to 8.8.8.8 (not necessarily ping)

3.4 headquarters and branch network communications (6 points)

Figure 4

 as shown in figure 4, IP protocol 47 is implemented between AS1 and AS2, and the addresses of the two gateway devices are configured as 10.1.13.1 and 10.1.13.2, respectively.

, please make sure that the two tunnel addresses can communicate.

 R1 is configured with BGP, its AS number is 1PowerR3 configured BGP, its AS number is 2, and its tunnel address is used to establish eBGP neighbors.

 generates BGP routes from within AS1 on R1. What is the origin code of these routes?

 generates BGP routes for AS2 on R3 with the origin code I

After the implementation of BGP,  ensures that all PC and servers can communicate.

4. Internet access and network security (23 points) 4.1 VRRP protocol (6 points)

 SW1 responds to the ARP request of the terminal in vlan8, 10, as the backup of vlan9

 SW2 responds to the ARP request of the terminal in vlan9 as the backup of vlan8, 10

All  Master devices track uplinks, and if they fail, they will switch between master and standby.

4.2 access layer switch adjustment (6 points)

Management of  SW3 IP:vlan 99verse 10.1.99.99 IP:vlan 24 SW2 Vlan99 Vlan99 10.1.99.254 Universe 24 so that it can only be managed remotely by Telnet protocol

 uses the protocol with port number 23 for remote management, and SW3 only allows networks with 10.1.0.0 and 202.100.1.0 for management.

The user name of  management SW3 is qytang, and the password is qytang123. You cannot see the password directly through configuration.

4.3Security measures for SW3 (6 points)

In order to prevent customers from accessing other unauthorized devices without authorization,  should implement it in the access device SW3.

The  interface allows access to up to 2 devices

 does not shut down the interface if there is a violation.

 secure MAC must be implemented as stick to facilitate troubleshooting

4.4 NAT access to the Internet (5 points)

Users of  service networks VLAN8, 9, 10 can access the Internet

 Internet devices can remotely manage SW3 through telnet port 1234

 remote administration succeeded, administrative log must be displayed (one-time behavior)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.