An introductory and albeit brief overview of my submission for my CCNA class. Hopefully to help someone out their with similar frustrations such as archaic static routing and on what constitutes an efficient IP Addressing Scheme. Not that my word should be considered anywhere near gospel - at least until I am certified.

The Assignment referenced below is the accumulation of various, advanced TCP/IP methodologies and Networking protocols covered within the first semester of my CCNA class


Assignment Brief

To create a functional LAN Topology based upon a given scenario within Cisco Packet Tracer. In this instance, the scenario summary was a LAN that met the following requirements:

Design a network infrastructure for a medium-sized financial institution based in London and New York. They employ 30 staff in London and 30 in New York. The company manages financial products and investments for high net worth customers.

London has 3 departments, sales and marketing, accounts and legal and HR. New York have two departments. One department for sales and marketing and legal and HR.

  1. Naming Convention of all types of Devices
  2. IP Addressing Scheme (Marks awarded upon efficency of this scheme)
  3. VLANS and Departmentation - Only the workstations in the sales and marketing departments at both the New York and London offices should be able to ping each other, other workstations should not be able too, and only ping their respective sites' Servers.
  4. Router Encapsulation
  5. Static Routing
  6. Implement DHCP IP Addressing for the Workstations
  7. Implement DNS, all workstations should be able to DNS lookup their sites servers. E.g. LON-PC-WORKSTATION-SALES-01 -> LON-SERVER-WWW-01
  8. Standard Security

Alongside these requirements, justification, tehnical analysis and reflection of implemented designs and alternatve was required within a 2500 word report. Required configuration code was not considered within respect to this cap. And finally, a 15 minute video showing working evidence of all of the above, and explaining intricate details of the LAN Topology.


Implemented Design

To summarize - with pretty colors and text boxes, here was what my topology looked like moments before submission:

2019-03-22-01_30_36-Cisco-Packet-Tracer---Nextcloud_Semester-1_CT

Blinky blinky! Blimey more like, "Achieving above a 1st Mark, my ego thinks I'm qualified enough to publish this." Maybe I am, I definitely will after I sit my CCNA in July (Yikes!)

Let's quickly run through the requirements and how I thought was the most efficient (scoring the marks) interpretation of the brief - almost of which I directly copied and pasted. Yeah, It took me hours to get my head around it too.

  1. Naming Convention of all types of Devices

I decided on using the exact same naming convention we used at work - purely because it worked! And it made sense. Consisting of a three-letter truncated formatting of Site-Device Type-Device Location/Purpose-Number

E.g. LON-WKS-SAM-01 translates too... London Site, Sales and Marketing, Computer 01

I could apply this from mere workstation to backbone routing equipment. very nice

  1. IP Addressing Scheme

The most efficient addressing scheme that I could think of was using Classless Inter-Domain Routing CIDR and Variable-Length Subnet Masks VLSM

Allowing me to split a subnet mask (CIDR Notation /24) of 255.255.255.0/24 containing 254 hosts (incl. Gateway) into a departmentated and logically divisoned subnets, each with a subnet mask allowing the smallest amount of hosts possible. In a real world you'd allow a sensible amount of room for expansion, but we had to be as efficient as possible - and assume that the number of Workstation would never ever change...ever.

                       For example, New York Site:
Subnet Name Subnet Assignable IP Address Range CIDR Notation
Nyc-SAM 192.168.20.1 - 192.168.20.30 /27
Nyc-LHR 192.168.20.33 - 192.168.20.62 /27
Nyc-Servers 192.168.20.65 - 192.168.20.70 /29
Nyc-Management 192.168.20.73 - 192.168.20.78 /29
Nyc-Routing 192.168.20.81 - 192.168.20.82 /30

With the best-practice of fitting the largest host ranges into the subnet first, and the smallest at the back. E.g. Nyc-SAM Department with 30 devices took precedence over Nyc-Routing, as only two IP Addresses were needed.

  1. VLANS and Departmentation

Pretty standard stuff, Layer-2 Access Switches were all connected via Trunk ports, allowing only specified VLANS to traverse.

VLAN-Showcase-1
just to break the wall of text

  1. Router Encapsulation

dot1q was used on the core routers (LON-COR-ROU-01) in a "router on a stick" configuration (I chose to use "router on a stick" to give me something to write about, as well as a vector I could improve for Assignment 2, as well as emphasise my use of encapsulation.)

  1. Static Routing

5.-Static-Routing

Fairly run of the mill stuff, just like the showing part of showing and telling - just minus the telling!

Here shows the implementation of a "Router on a Stick". Where sub-interfaces are configured on the physical interface, to allow VLANS to communicate between eachother (Access Control Lists were utilized on the Layer-3 Switch to prohibit VLANS that weren't supposed to communicate from communicating via packet inspection)

5.-Static-Routing---Router-on-a-stick

  1. Implement DHCP IP Addressing for the Workstations

Again, fairly average stuff. Nothing much to say other then letting the pictures speak a few hundred words. Or so that's what I squeezed out of them in the report...

6.-DHCP

  1. Implement DNS, all workstations should be able to DNS lookup their sites servers.

7.-DNS

Green shows DNS working as expected, the Yellow box shows that the PC at New York is not able to communicate with Londons Web Server, as per the brief.

  1. Standard Security

8.-Trunk-Port
This photo shows a trunk port, having the sticky-mac address policy applied, as well as highlighting the native vlan (100) being different to the default VLAN (1), as well as the whitelisting of trunk VLANS.

Standard Security was up to us to figure out! However, I went with what I thought is necessary security implementations to a LAN Topology. For example, to name a few:

  • Sticky MAC Addresses on acess switch ports - Port will shutdown if a new MAC Address is detected
  • Only specified VLANS allowed to traverse trunk ports, and Native VLAN was changed from 1 (Default) to another number.
  • MD5 Encryption (I believe MD5 is all that Packet Tracer supports) on Console, tty and SSH access. SSH connectivity is only available from the Management-PC's designated at each site. (Or any device placed on the relevant Management VLAN)
  • Shutdown of any ports that were not being used.

...You know, standard stuff right??

Conclusion

I hope this provided an insightful overview of two LAN topologies representing remote sites, being connected together with static routing over a WAN. With logical divison for security. E.g. Only certain departments / devices being able to communicate across the WAN via Access Control Lists.

Packet tracer file and configuration files will be provided, once I've ported everything over on the back-end of the Website(s) just fine! Stay tuned for Assignment 2 (it is awful!!!)