Sie sind auf Seite 1von 3

CCNADiscovery:DesigningandSupportingComputerNetworks Chapter3CaseStudy NetworkDesign Note:ThiscasestudyutilizesPacketTracer.PleaseseetheChapter3PacketTracerfilelocatedin SupplementalMaterials. IntroductionandScenario Youhavenowsuccessfullysetupthespanningtreeprocesssothatthetrafficisflowingacrossthelinks youchose.However,therehasbeenanembarrassingsecurityissueduringwhichanunauthorizeduser intheproductionareamanagedtoaccesspayrolldatainthehumanresourcesdepartment. Understandably,companymanagementissomewhatupsetaboutthis.YouandtheITManagerhave discussedwaysyoumighttightensecurityonthenetwork. OneobviousapproachistoconfigureaseriesofVirtualLANs(VLANs)intheswitches.Ofcourse,there willbeotheradvantagesindoingthis,includingreducingtheeffectofbroadcasttraffic.Onedownside thathasbeenidentifiedisthatyouwillprobablyneedtopurchaseacouplemorerouterstoenable interVLANrouting.(Youcould,ofcourse,performthisfunctiononthegatewayrouteratthecorelayer.

Toprovidepropernetworkefficiencywithinthenetworkinfrastructure,youhaveconvincedtheIT Managerthatitshouldbeperformedatthedistributionlayer.)Luckily,thesecuritybreachhas convincedmanagementtoprovideadequatefundingtosolvethisproblem!

2009 Cisco Learning Institute

CCNADiscovery:DesigningandSupportingComputerNetworks Chapter3CaseStudy YoudecidetogoaheadandplanforsixVLANswhichyoubelievewillbeadequateforthecurrent network.Aspartofthisplanning,youwilladdtwoCisco2811routerstoactasDistributionlayerinter VLANrouters.Ofcourse,therewillalsobesomemajorreconfigurationrequiredonthenetwork switchestosupportthisnewstructure. Task YoumustsetupsixVLANsonthenetwork,numberedVLAN10;20;30;40;50and100.Theywillbe namedVLAN10;VLAN20etc.TheaddressingrangeforeachVLANwillbe192.168.x.0/24wherex= VLANnumber. Reconfigurethe8userPCs(PC0throughPC7)asfollows: PC0VLAN10192.168.10.50/24gateway192.168.10.3 PC1VLAN20192.168.20.50/24gateway192.168.20.3 PC2VLAN10192.168.10.60/24gateway192.168.10.3 PC3VLAN40192.168.40.50/24gateway192.168.40.3 PC4VLAN10192.168.10.70/24gateway192.168.10.5 PC5VLAN50192.168.50.50/24gateway192.168.50.5 PC6VLAN10192.168.10.80/24gateway192.168.10.5 PC7VLAN30192.168.30.50/24gateway192.168.30.5 TheserversintheserverfarmaretobeplacedinVLAN100.Thenewaddressesare: InternalWebServerVLAN100192.168.100.10/24gateway192.168.100.3 InternalDNSServerVLAN100192.168.100.20/24gateway192.168.100.3 Resetthespanningtreeprioritytoitsdefaultvalueoneveryinternalswitchtominimizeconfusion.Add a2811routertoDist#2andDist#4.Connectthefa0/0portontheroutertofa0/22ontherespective switch. NametheroutersDist2andDist4.
2009 Cisco Learning Institute

CCNADiscovery:DesigningandSupportingComputerNetworks Chapter3CaseStudy Thesubinterfacesonfa0/0onDist2willbeconfiguredwiththeIPaddress192.168.x.3/24wherex= VLANnumber. Thesubinterfacesonfa0/0onDist4willbeconfiguredwiththeIPaddress192.168.x.5/24wherex= VLANnumber. NotethatthePCsusetheirrespectivegatewayaccordingtowhichsectorofthenetworktheyare physicallyconnectedto. SetupthenecessarysubinterfacesontheGatewayrouter. SetupRIPVersion2routingacrossthenetwork. SetuptheswitchessothattheynowhandleVLANtraffic. ConclusionandReflection Youshouldbeabletopingbetweenanytwohostsonthenetworkinternallyandexternallyatthe completionofthisreconfigurationexercise. WhatdoesthetrafficpatternlooklikenowyouhavesetupVLANs?Isitacceptable?

2009 Cisco Learning Institute