baptism by fire approach

2»

Comments

  • mikearamamikearama Member Posts: 749
    Okay then, here's another... and it's a tad beyond the basics, so you'll find it challenging. Some of this is CCNA stuff, the rest will just get you thinking... all good CLI practice.

    You are the admin of your single-site network, which is relatively flat. You have 400 users, spread across 6 vlans (Management, HR, Systems, Manu, ShipRec, Acc). Your network has a total of 10 subnets.

    User Vlans
    Management vlan: 10.10.1.0 /24 Systems: 10.10.2.0 /24 Manu: 10.10.3.0 /24 ShipRec: 10.10.4.0 /24 Acc: 10.10.5.0 /24 HR: 10.10.6.0 /24

    Server Vlans
    Prod: 10.20.1.0 /24 Dev: 10.20.2.0 /24 EBiz: 10.20.3.0 /24 DBase: 10.20.4.0 /24

    Layout: lanex

    Your core is a pair of Cat 4506's, doing layer3 switching (don't let this through you... they're routing).

    Connected to the core are your switch stacks... stacks for both users and servers. Configure your core routers to do the following:

    A) Setup an etherchannel using g0/1 and g0/2 on each (if your sim can't do this, just link them and add a description saying so). Trunk this with dot1q.

    B) Assign an int to each switchstack on each core, and set it to trunk (again, dot1q). Create the subints and gateways for each vlan.

    C) Make C1 the server and C2 a client in your VTP domain (name it, and provide a password).

    D) Secure your core.

    E) Use EIGRP for ip routing.

    F) Assign IP to a router acting as Firewall. Create rule on core to send all unknown traffic to firewall. Create rule on firewall router to allow ONLY web access to internet. NAT this puppy to whatever IP is attached to the public interface of router.

    I'd like to see the config of one of the core routers, and the fw router. Sorry if I got a little carried away.

    Mike

    EDIT: I tried to attach a sketch of the lan using visio, but no good (in retrospect, obviously). I'll try to throw one up later that works.
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
    · Share on FacebookShare on Twitter
  • mikearamamikearama Member Posts: 749
    I can't believe I'm having such a hard time getting a network map posted... what are you folks using to get images into your threads?
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
    · Share on FacebookShare on Twitter
  • oliverwoliverw Member Posts: 64 ■■□□□□□□□□
    image shack is normally a good one to use
    · Share on FacebookShare on Twitter
  • mikearamamikearama Member Posts: 749
    Let's see if this works...


    lanexhh0.th.jpg

    or...

    http://www.durhammods.com/lanex.jpg

    EDIT: wow, posting this image was a learning curve!
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.