Hi everyone, newbie here. Advice needed
wilcochris
Junior MemberBanned Posts: 31 ■□□□□□□□□□
in CCNA & CCENT
Hey everyone, I posted a thread in the general forum but it was suggested it should be in here.
Here is the link to it: http://www.techexams.net/forums/off-topic/87774-advice.html
I was wondering if I could get advice on it. Everything is said in that thread.
Thanks in advance
Here is the link to it: http://www.techexams.net/forums/off-topic/87774-advice.html
I was wondering if I could get advice on it. Everything is said in that thread.
Thanks in advance
Comments
Combination of GNS3 and Cisco equipment if required.
Here is the link to the packet tracer file: cisco.pkt - Speedy Share - upload your files here
Firstly I want to know if this is doable. Also, is this a standard assignment based on what one would learn in LAN switching and WAN modules with Cisco.
What I am mostly struggling with is VLANs. I have read the manual and done the labs and I don't get it.
I will post the assignment below:
The Directorate of Diplomatic Officers has recently agreed a new network infrastructure to connect its 3 international offices in Rome, Cambridge and Chicago. Your task is to complete the design and produce a working prototype configuration to prove the implementation will work. .
The offices in Cambridge, Chicago and Rome will be interconnected via resilient T1 mesh network. The clock rates are provided by Cambridge and Rome.
It is anticipated there are requirements for around 2300 hosts at the Chicago office and a potential 1093 hosts at both the Rome and Cambridge offices. There will be 12 further offices within Europe in the next 2 years each with a minimum of 550 hosts each.
The Cambridge office is used to host a connection to the Internet via a Managed Ethernet Connection (Fast Ethernet) with an allocated address of 209.123.234.5/30.
As the organisation has not previously been connected to the Internet, they have not been allocated a block of addresses to use other than the dedicated Internet link. The new network design must use a configuration to reflect this lack of addresses and utilise appropriate addressing through use of RFC1918 addresses
The organisation needs to implement a security policy on a suitable router to
All security violations must be logged in an appropriate syslog server.
Additional considerations which will need to be addressed include:
- Design, justify and implement a classless based addressing scheme which will implement a VLSM to save spare addresses to encompass both the WAN and local office based LAN’s
- Setup appropriate links to the Internet and ensure anywhere on the network can access the organisations data centre at 199.199.199.199.
- Ensure appropriate secure routing and data-link connectivity between sites is used at all times
- Implement appropriate scaling techniques to allow the organisation to connect to the Internet whilst maintaining their internal addressing strategy.
- Implement the appropriate ACLs or firewall functionality in line with the organisations security policy at the most appropriate place
- Basic Router & Switch Security should be applied to all console and virtual connections. Consider the use of appropriate technologies to help prevent unauthorised eavesdropping
- Configure all network equipment to be queried via SNMP for basic location, contact details and utilisation for serial links. Use only RO communities and test utilising a SNMP tool of choice. - TO DO AFTER EASTER BREAK
Set up a syslog server and configure the equipment chosen to host the security policy to log all security violationsCombination of GNS3 and Cisco equipment if required.
What exactly is the problem you are having then with VLANs? Unfortunately I don't have much time to properly understand the assignment as this weekend I am preparing for a presentation I am doing next week to T-Mobile so rather busy!
Combination of GNS3 and Cisco equipment if required.
They VLANs don't seem to implement properly. When I try and put it on the router fa0/0.1 with an ip address it won't ping. I just don't understand how VLANs work. Like I say I have followed the cisco book and done the labs but i just don't get it.
Maybe I should have opted for something else instead of Cisco
Thanks for looking, T-Mobile must be keeping you busy. Presentations suck. lol
Thanks again
I had a quick look. I'm still unsure of what exactly you are struggling with, you need to give details - device names, ports, IP addresses etc. What I noticed though is that the port the finance server is plugged in to on the switch, the interface needs assigning to the VLAN you set.
You have created a SVI on the Chicago Switch, 200.200.200.202 so if fa 0/2 is on VLAN 20 you will be able to ping that address from the finance server.
I also removed the native VLAN of 20 from int fa 0/1. Now if you had another host connected to Chicago switch, the host would be on VL1 and therefore unable to ping the Finance server. Therefore achieving "Only Chicago users on the Administration VLAN are able to access the Finance Server hosted at an ASP at address 200.200.200.200"
Combination of GNS3 and Cisco equipment if required.
I had VLAN 20 set up as the administration VLAN. I was copying what was set up in the VLAN labs. This is where I am getting confused. I just don't know how to implement it. I get the whole reason for the VLAN. I thought by setting up the way I did with VLAN 20 and port fa0/1 set to use VLAN 20 that I was doing it right. Was I right in doing this and having port fa0/1 as switchport mode trunk using native VLAN 20?
I will implement ACLs to only allow Chicago access to the finance server. As it stands, I am advertising it through OSPF.
Sorry if I am not wording all this right. So confusing. As it says, I am trying to use the VLAN to allow access to the finance server to only Chicago.
I find VLANs so confusing. This is primarily what I am struggling with. I think if I can get my head round that I will be fine.
Again, thanks for looking and the advice. This is more valuable than what the lecturer does. He says get on with it and sits back
Different VLANs use different subnets so you could apply a ACL on the outbound of fa 0/2 which blocks all access if the source host isn't on VLANs 20 subnet. There are probably different ways to do this.
Research more on VLANs, watch some youtube videos and play with them for a bit. Very simple topic to understand and why you would use them.
Combination of GNS3 and Cisco equipment if required.
Would I need to implement the vlan on the router too?
Just one more question. Am I in the right direction by putting the other servers on loopbacks as it doesn't specifically state to use vlans.
Once you learn about VLANs you will learn where they need to be implemented
Combination of GNS3 and Cisco equipment if required.
I can't seem to find an answer to a question I have. If I use inter-vlan routing using dot1qt can I use VLANs on different networks? As you can see from the assignment, the servers are on different networks. Would the dot1qt allow Internet access? I know that regularly they have to be on the same network that the gateway is on.
i hope I make sense.
Chris
Vlan1: 192.168.1.0 /24
Vlan2: 192.168.2.0 /24
These are therefore on different networks.
dotlq - 802.1Q is just the standard for VLANs, there is also ISL which is Cisco's own (no one uses it) - you decide which one you want to use, even though everyone goes for dotlq. They do the same thing, they just work differently.
I hope that fills any gaps of confusion.
Combination of GNS3 and Cisco equipment if required.
in theory, the 3 servers could be on separate VLANs and still communicate using the dot1q? Or am I way off the mark?
Gonna read more on inter-vlan routing and try the labs again.
Youve been more helpful than the lecturer. Cheers
Check this file for example https://dl.dropbox.com/u/67409120/Demo.pkt
I just made. VLAN 1 and VLAN 2.
There are 2 methods for inter-vlan routing:
1) Router on a stick - an old method where you need to use a router connected to a switch
2) Layer 3 routing - the new method using layer 3 switches. You configure Switch Virtual Interfaces (SVIs) int vlan 1 .. ip address ..... and then turn on ip routing
Method 2 is the one done in this lab. So there are 2 VLANs, 2 different networks. If you go onto the switch and do a "show vlan brief" you can see that FA 0/1 - 2 are on VL 1 and Fa 0/3 - 4 are on VLAN 2. You can ping between all of the computers as well as inter-vlan routing is turned on.
Now, if you turned off inter-vlan routing (configure mode - no ip routing) then there would be no connectivity across the VLANs. VLANs are cool, currently working on a $13m test lab and just to make life simple there are dozens of VLANs for different purposes.. The top of rack switches are on 1 VL, the terminal servers on another, the IP PDUs on another, OOB management, etc etc etc.
Combination of GNS3 and Cisco equipment if required.
I have fa0/0 on Cambridge with an ip of 10.16.0.254 under the 10.0.16.0 network (as the crazy assignment suggests)
Now, with the address of each of the servers they wouldn't be able to access the Internet as the gateway is on a different network. I was basically wondering how this would work using VLANs and routing.
Would it be possible at all?
I used the loopbacks as I couldn't understand VLANs for one and how connectivity would work with a gateway on a different network for two
Combination of GNS3 and Cisco equipment if required.
Another quick question, ACL's will still be implemented right
Yeah, nothing changes on that side.
Combination of GNS3 and Cisco equipment if required.
Or am I being dumb in thinking that?
I am using the file you posted and I have added a router to the switch but I cannot get any devices to ping it if the router is not on that network - which is what is supposed to happen. Is it going to be a case of 3 routers to achieve this?
The no switchport command makes the port L3, hence being able to give it an IP.
Combination of GNS3 and Cisco equipment if required.
Just not sure how the different networks would get out of the network onto the internet
I really do apologise for sounding so dumb
You need step back a little and understand the most basic things. Do you know why you configure an ip, subnet mask and default gateway in your computer network card? do you know where the DG ip comes from, how a switch knows how to reach another PC, where is the traffic tagged, why is it tagged, what is a tag, how is tagging handled by a switch?.
I'm not sure if we can have a chat in TE, if there is a way i'll be more than glad to help you out with this.
My lecturer alluded to the fact that separate networks can access the network through a gateway on another network by using inter vlan routing
Maybe there is something about a very basic topic that you did not get quite well and that is why you are having such a hard time to undertand more advanced topics.
If you want i can give you an explanation over skype or chat.
If you don't understand ip addressing, how a PC and a switch reach another PC/device you won't understand other topics(like is happening now). You don't know why a l3 port or l2 and how they interact together.
You are asking if i use this IP and this other IP would this work? clearly shows you don't why you input certain ip in your pc which is basic to understand.
If i give you an straightforward answer of how to do it you won't understand what you are doing, the question about the ip addresses of the DG means you don't the get concept yet, but is OK.
I'll try to make an explanation with an example and post it later in a few hours, hope that helps you understand the concept adn solves your issue.
I do understand the basics. It's VLANs that seem to be confusing me. I understand why they are used and why they are a good thing.
I know that a PC sends say a ping packet to another PC and that the router then checks the routing table and forwards out the correct port (after it has learnt the addresses of the network) and that the device that receives the ping then sends a response.
I know L3 deals with the IP addressing and that L2 is MAC and data link.
L2 uses the MAC in the address table and corresponds that with the IP address to send it to the right device.
I guess what confuses me is the professor alluding to 10.0.0.1/8 being able to communicate through a gateway of 192.168.0.1/24 using VLAN.
It makes no sense to me at all that it would do it like that.
It's logical that 10.0.0.1 and 192.168.0.1 are different and that they can't use a gateway that is on a different network. I guess getting mixed knowledge from the professor is confusing me.
What I am trying to do is get the 199.199.199.0, 180.145.22.0 and 194.123.88 networks to get off the switch and onto the router out into the network and internet. This is one of the reasons I though VLAN's and inter-VLAN routing would do what I want.
Looking at the Cisco inter-vlan routing lab, it states that sub interfaces can be used and I was kinda under the impression that these sub interfaces could be used as the DG to get out onto the network.
I guess I am in the wrong direction. I'll PM you my email so we can chat if you want to.
L2 is MAC and L3 is IP right. Isn't that what the OSI model says.
The stuff I had written is what we are being taught by the professor.
Is it really wrong?
This is what I gleaned from Cisco too
My bad. It missed out that switches are L2, and the MAC address table is stored on the switches
I'll add you to google talk.