Test Project IT Network System Administration

Module C Cisco Environments

TP39_ASC2016_pre_EN
Submitted by :
Name: Mohamad Ropi Abdullah
Member Country : MY

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

1 of 10

Contents
This Test Project proposal consists of the following documentation/files:
1. TP39_ASC2016_pre_EN_Module-C.docx

Description of project and tasks

1. ALL INFRASTRUCTURE, SERVERS AND CLIENTS
a. Configure according to the topology diagram and maps.
2. ALL CISCO EQUIPMENT
a. Configure host name, enable mode password, logging synchronous and two users.
3. ISP ROUTER CISCO 1941
a. For ease of administration, enable SSH with local authentication.
b. Do not configure any kind of static or dynamic routing.
4. HQ / BRANCH ROUTERES
a. Configure static, EIGRPv6 and OSPFv3 routing. OSPFv3 routing serves as a backup routing
protocol. When EIGRPv6 is running then we should only see EIGRPv6 routes in the routing
table.
b. Configure High Availability routing for the LUXWINTOP network. Use a load balancing
protocol. Use authentication.
c. Configure High Availability routing for the MNGT network. Use a protocol that will use only
one of the two routers, preferably the HQ router, but keep in mind that we may migrate this
network to IPv6.
d. Configure an IPv6 over IPv4 Point-to-Point GRE over IPSec Tunnel between the two
routers, going through the ISP router. Authenticate and encrypt all traffic.
e. Configure VoIP system to communicate between HQ and Branch site with the following
settings:
User
Alice

Bob
Carol
John

Site
HQ

HQ
HQ
Branch

Test Project proposal for skills competition

ASC2016_TP39_EN

Line
1
2
1
2
1
1

Extension
101
104
102
104
103
201

Version: 1.0
Date: 16.05.15

Call Waiting
Yes
No
No
No
No
No

Device
IP Phone

Softphone
Softphone
IP Phone

2 of 10

f.

g.

h.
i.
j.
k.

l.
m.
n.

Assign the name HQ-CME and Branch-CME to each site respectively. The name should be
displayed on all IP Phones and IP Communicators once they are registered. Configure the
time zone to be GMT -3.
Customize each IP Phone such that the users name instead of the extension number is
displayed on the phone button. Ensure that when receiving a call, the username is shown on
the caller id instead of the extension number.
Caller-ID and DND must be enabled for all phones.
Users must be able to perform Call-forwarding and transfer their calls to other extensions.
Configure Music-on-hold using the attached MOH.wav file given on both sites.
Bob and Alice shares an extension 104. Enable both Bobs and Alices phones to ring
simultaneously should there be an incoming call to 104. E.g. Carol calls 104 and both Bob
and Alice phone will ring. Bob answers the call and Alice sees 104 is off hook.
Configure Call Park on extension 100 on HQ-CME to allow any user to park the call so that
any user can pick up the call upon dialing the call park extension.
Configure Local Directory Services so that users can lookup other users extension number
in both sites via the Services button.
Configure conferencing services to support at least 3 parties in a conference call.

o. On Alices phone, configure button 3 as a dedicated intercom line to Carol. Upon pressing
button 3, Carols phone will automatically answer the call in speakerphone mode with mute
activated and Carol will hear Alices conversation
5. HQ ROUTER CISCO 2901
a. Enable SSH with public key authentication so that users do not need to enter a password.
b. Restrict SSH access to the MNGT network.
c. Configure time synchronization with the NETLUXSRV NTP server.
d. Send logs to the syslog server at LUXSRV placing the logs in folder /var/log/cisco/ inside
file HQ.
e. Configure a Site-to-Site IKEv2 IPsec Tunnel with the REMOTE site. Authenticate and
encrypt all traffic to and from WINSRV and any other traffic as detailed in the access
permissions map. Use a different set of authentication and encryption protocols from the
tunnel between HQ and BRANCH.
f. Using a Zone-Based Firewall restrict what comes in and goes out, to the Internet, to the bare
minimum necessary according to the topology diagram and maps.
6. BRANCH ROUTER CISCO 2901
a. Configure aaa to authenticate SSH logins and enable mode access. The radius server is
LUXSRV.
b. Configure time synchronization with the WINSRV NTP server.
c. Use CBAC (Context-Based Access Control) to restrict what comes in and goes out, to the
Internet, to the bare minimum necessary according to the topology diagram and maps.
7. REMOTE ASA 5505
a. For ease of administration, enable SSH with local authentication. It should accessible from
the inside and the outside network, on port 22222.
b. Configure SSH, FTP, HTTP and HTTPS to be accessible on DMZLUXSRV.
c. Configure a Site-to-Site IKEv2 IPsec Tunnel with the HQ site. Authenticate and encrypt all
traffic to and from WINSRV and any other traffic as detailed in the access permissions map.
Use a different set of authentication and encryption protocols from the tunnel between HQ
and BRANCH.

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

3 of 10

d. Configure an AnyConnect Remote Access VPN for clients from the Internet to connect
securely.
e. Restrict what comes in and goes out, to the Internet, to the bare minimum necessary
according to the topology diagram and maps.
8. HQSW / BRANCH SWITCHES
a. For ease of administration, enable SSH with local authentication.
b. Configure portfast on all access ports.
c. Configure DHCP snooping where appropriate.
d. Configure an Etherchannel on ports F0/23-F0/24 on both switches. Use a Cisco proprietary
protocol. Load balance should be based on the source mac address.
e. Configure an Etherchannel on ports G0/1-G0/2 on both switches. Use a standards based
protocol. Load balance should be based on the destination mac address.

9. HQSW - C2960 SWITCH

a. Configure port security; WINLAPTOP_2 is the only device allowed on the MNGT VLan.
Upon violation shutdown the port, but recover it in 30 seconds.
b. Any device connected to port F0/10 can only communicate with a layer 3 device.
c. Configure port F0/11 to receive all traffic that is received and sent on port F0/5.
d. The only ports where we have DHCP servers are F0/5 and F0/21.
e. Configure portfast on all access ports.
f. On the Etherchannel on ports F0/23-F0/24, this switch should attempt to negotiate an
EtherChannel.
g. On the Etherchannel on ports G0/1-G0/2, this switch should not attempt to negotiate an
EtherChannel.
10. BRANCHSW - C2960 SWITCH
a. On the Etherchannel on ports F0/23-F0/24, this switch should not attempt to negotiate an
EtherChannel.
b. On the Etherchannel on ports G0/1-G0/2, this switch should attempt to negotiate an
EtherChannel
11. SERVERS
NOTE: Four basic VMs (Linux server, Linux desktop, Windows server, Windows desktop) were provided
to you so that you may save time on tasks that are not subject to evaluation on this Module. Should you
be unhappy with the base VM you are free to install the system from scratch. Considering there are 3
Linux servers in the topology, it is recommended that you configure one server with all the requested
services and clone it, but it is your decision and you may do as you please.
a. Configure the servers according to the topology diagram, maps and what has been
requested up until now.
Congratulations, you have reached the end of this module. You should have a full working data and
voice network. We hope you found it interesting and had fun implementing it.

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

4 of 10

1. Logical and Physical Topology Diagram ( see Appendix A).

2. ISP ROUTER CISCO 1941

ISPROUTERCISCO1941
INTERFACE S0/0/0

S0/0/1

GE0/0

GE0/1

IPADDRESS 1.1.1.1/29 1.1.1.9/29 1.1.1.17/29 1.1.1.65/26

HQ

S0/0/1

BRANCH

S0/0/0

1.1.1.2/29

REMOTE

E0

1.1.1.18/29

NETLUXTOP WINLAPTOP Eth0

NETLUXSRV WINLAPTOP Eth0
WINLAPTOP WINLAPTOP Eth0

1.1.1.10/29

DHCPfromServer:1.1.1.65

1.1.1.126/26assigned from
DHCP Serverat1.1.1.65
DHCPfromServer:1.1.1.65

3. HQ ROUTER CISCO 2901

HQROUTERCISCO2901
GE0/0.12
GE0/1.10
STANDBY
Auto
IPADDRESS 1.1.1.10/29 fdab:cdef:1::1/64 fdab:cdef:2::1/64
10.0.0.1/24
assigned
INTERFACES0/0/1

GE0/0.12

Tunnel

10.0.1.1/24
10.0.1.254/24 fdab:cdef:4::1/64
fdab:cdef:7::1/64

fdab:cdef:4::1/64

LUXSRV PC1NIC1

fdab:cdef:1::2/64

LUXTOP PC1NIC2

fdab:cdef:2::X/64
from DHCP

10.0.0.Xfrom
DHCPServer:

BRANCH Tunnel

LUXVOIP Eth0

HQSW

GE0/1.99
STANDBY

S0/0/1

GE0/1.99

1.1.1.9/29

ISP

GE0/0.11

F0/23

Test Project proposal for skills competition

ASC2016_TP39_EN

F0/21

Version: 1.0
Date: 16.05.15

10.0.1.3/24

5 of 10

4. BRANCH ROUTER CISCO 2901

BRANCHROUTERCISCO2901
GE0/0.12
GE0/1.99
GE0/1.20
GE0/1.99
Tunnel
STANDBY
STANDBY
Auto
10.0.1.254/2
IPADDRESS 1.1.1.2/29 fdab:cdef:3::1/64 fdab:cdef:2::2/64 assigned 172.16.0.1/24 10.0.1.2/24
fdab:cdef:4::2/64
4
INTERFACES0/0/0

GE0/0.21

GE0/0.12

ISP

S0/0/0

1.1.1.1/29

HQ

Tunnel

fdab:cdef:4::2/64

WINSRV

PC2NIC1

fdab:cdef:3::2/64

WINTOP

PC2NIC2

WINVOIP

Eth0

BRANCHSW

fdab:cdef:3::X/64
fromDHCPServer:
fdab:cdef:1::2/64

172.16.0.Xfrom
DHCPServer:
172.16.0.1

F0/23

F0/21

10.0.1.4/24

5. HQSW and BRANCHSW INTERFACE MAP

HQSWINTERFACEMAP
VLAN9910.0.1.3/24
DEVICE

INTERFACE

LUXVOIP

Eth0

LUXSRV

PC1NIC1

LUXTOP

PC1NIC2

WINLAPTOP Eth0
G0/1
HQ
G0/0
F0/23
F0/24
BRANCHSW
G0/1
G0/2

F0/1 F0/2 F0/2 F0/2

F0/1 F0/5 F0/9
F0/24 G0/1 G0/2
3
1
2
3

BRANCHSWINTERFACEMAP
VLAN9910.0.1.4/24
DEVICE

F0/1 F0/5 F0/9

WINVOIP Eth0
WINSRV

PC2NIC1

WINTOP

PC2NIC2

G0/1
BRANCH
G0/0
F0/23
HQSW
G0/1
G0/2

F0/2 F0/2 F0/2

F0/24 G0/1 G0/2
1
2
3

NOTE:WINTOPcanbeconnectedtoportF0/9ortotheLUXVOIPphone.

6. HQSW and BRANCHSW VLAN ASSIGNMENT

HQSWVLANASSIGNMENT
NETWORK

BRANCHSWVLANASSIGNMENT
VLANID VLANNAME PORTS

NETWORK

10

LUXVOIP

F0/1F0/4

10.0.0.0/24

20

WINVOIP

F0/1F0/4

172.16.0.0/24

11

LUXSRV

F0/5F0/8

fdab:cdef:1::/64

21

WINSRV

F0/5F0/8

fdab:cdef:3::/64

12

LUXWINTOP F0/9F0/12 fdab:cdef:2::/64

12

LUXWINTOP F0/9F0/12 fdab:cdef:2::/64

99

MNGT

99

MNGT

99

NATIVEVLAN

99

F0/24

NOTE:LUXTOPcanbeconnectedtoportF0/9ortotheLUXVOIPphone.

VLANID VLANNAME PORTS

INTERFACE

F0/13F0/16 10.0.1.0/24

NATIVEVLAN

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

F0/13F0/16 10.0.1.0/24

6 of 10

7. REMOTE ASA 5505

REMOTEASA5505
INTERFACE E0
IPADDRESS 1.1.1.18/29
ISP

G0/0

E1

E2

192.168.0.1/25

192.168.0.129/25

1.1.1.17/29

REMWINTOP PC2NIC3

DHCP fromServer:192.168.0.1

REMWINTOP CiscoIPC DHCPfromServer:1.1.1.10

DMZLUXSRV PC1NIC3

192.168.0.130/25

8. VIRTUAL MACHINE TO NETWORK INTERFACE CARD MAP

NIC1
PC1

NIC2

NIC3

Bridge Bridge Bridge

NIC1

NIC2

NIC3

PC2

Bridge Bridge Bridge

Eth0

Eth0

Eth0

WINLAPTOP
Bridge Bridge

LUXSRV

Eth0

WINSRV

Eth0

NETLUXTOP Eth0

LUXTOP

Eth0

WINTOP

Eth0

NETLUXSRV Eth0

DMZLUXSRV Eth0

REMWINTOP Eth0

WINLAPTOP Eth0

9. IPv4 / IPv6 MAP

IPv4 / IPv6 MAP
FQDN
IP ADDRESSING

www
*
Private
IPv4
Public
IPv4
Private IPv6
PublicIPv6

NETLUXSRV www.skills.com
skills.com
1.1.1.126/26
2001:db8:0:1::1/64
DMZLUXSRVwww.brazil.com
brazil.com
2001:db8:0:1::2/64
192.168.0.130/25 1.1.1.19/29
WINSRV
www.saopaulo.com saopaulo.com 172.17.0.1/24
fdab:cdef:3::2/64
LUXSRV
www.rio.com
rio.com
1.1.1.13/29 fdab:cdef:1::2/64
10. DNS SERVERS

DNSSERVERS
RECORD
RECORD
ADDRESS
www.skills.com
skills.com
1.1.1.126/26
ISP
www.brazil.com
brazil.com
1.1.1.19/29
www.rio.com
rio.com
1.1.1.13/29
www.skills.com
skills.com
2001:db8:0:1::1/64
www.brazil.com
brazil.com
2001:db8:0:2::1/64
WINSRV
www.saopaulo.com saopaulo.com
fdab:cdef:3::2/64
www.rio.com
rio.com
fdab:cdef:1::2/64
NOTE:Forwardallother requests to the ISP DNS server.
www.saopaulo.com saopaulo.com
172.17.0.1/24
DMZLUXSRV
NOTE:Forwardallother requests to the ISP DNS server.
SERVER

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

7 of 10

11. VOIP EXTENSION MAP

VOIPEXTENSION MAP
HOST
User VOiPDEVICE EXTENSION
LUXVOIP
Alice Cisco7960
101, 104
REMWINTOP Bob
CiscoIPC
102, 104
WINLAPTOP_1 Carol CiscoIPC
103
WINVOIP
John Cisco7960
201

CME SERVER
HQCME
HQCME
HQCME
BRANCHCME

12. HOST IP ADDRESS MAP

HOSTIPADDRESSMAP
HOST

IPADDRESS/MASK

DEFAULT GATEWAY

DNSSERVER

NETLUXSRV

1.1.1.126/26assignedfromDHCPServerat1.1.1.65

1.1.1.65assignedfromDHCPServerat1.1.1.65

ISP

WINLAPTOP_1 1.1.1.X/26assignedfromDHCPServerat1.1.1.65

1.1.1.65assignedfromDHCPServerat1.1.1.65

ISP

NETLUXTOP

1.1.1.X/26assignedfromDHCPServerat1.1.1.65

1.1.1.65assignedfromDHCPServerat1.1.1.65

ISP

LUXVOIP

10.0.0.XfromDHCP Server:10.0.0.1

10.0.0.1assignedfromDHCPServerat10.0.0.1

LUXSRV

fdab:cdef:1::2/64

fdab:cdef:1::1/64

WINSRV

LUXTOP

fdab:cdef:2::X/64fromDHCPServer:fdab:cdef:1::2/64

Automaticlinklocalassignedbyrouter

WINSRV

WINLAPTOP_2 DHCPfromServer:10.0.1.3

10.0.1.XassignedfromDHCPServerat1.0.1.3

WINSRV

WINVOIP

DHCPfromServer:172.16.0.1

172.16.0.1assignedfromDHCPServerat172.16.0.1

WINSRV

fdab:cdef:3::2/64

fdab:cdef:3::1/64

WINSRV

WINTOP

fdab:cdef:2::X/64fromDHCPServer:fdab:cdef:1::2/64

Automaticlinklocalassignedbyrouter

WINSRV

DMZLUXSRV

192.168.0.130/25

192.168.0.129/25

DMZLUXSRV

192.168.0.1assignedfromDHCPServerat192.168.0.1

DMZLUXSRV

REMWINTOP 192.168.0.XfromDHCPServer:192.168.0.1

NOTE:WINLAPTOP_1andWINLAPTOP_2isthesamephysicalmachine,thelaptop.

13. VTP AND SPANNING TREE INFORMATION

VTPINFORMATION
VTPDOMAIN:
skills.org
VTPPASSWORD: Skills39
VTPSERVER:
HQSW
VTPCLIENT:
BRANCHSW

SPANNINGTREEINFORMATIONFORVLAN99
PRIMARYROOTBRIDGE
HQSW
SECONDARYROOTBRIDGE
BRANCHSW
HQSWLINKS
F0/23, F0/24
BRANCHSWLINKS
F0/23, F0/24
VLANSALLOWEDON LINKS
99
NATIVEVLAN
99

SPANNINGTREEINFORMATIONFORVLAN12
PRIMARY ROOT BRIDGE
BRANCHSW
SECONDARY ROOT BRIDGE
HQSW
HQSWLINKS
G0/1,G0/2
BRANCHSWLINKS
G0/1,G0/2

14. USER ACCOUNTS

CISCO EQUIPMENTMANAGEMENTACCOUNTS
ACCOUNT
PASSWORD PRIVILEDGELEVEL
root
Skills39
15
cisco
Skills39a
1
enablesecret Skills39

LINUXUSERACCOUNTS
PASSWORD
ACCOUNT
root
Skills39
luxadmin

RADIUSUSERACCOUNTS
ACCOUNT
PASSWORD PRIVILEDGELEVEL
super
Skills39
15
basic
Skills39a
1
enablesecret Skills39

WINDOWS USER ACCOUNTS

PASSWORD
ACCOUNT
Administrator
Skills39
winadmin

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

REMOTEACCESSVPNUSERACCOUNTS
PASSWORD
ACCOUNT
vpn1
Skills39
vpn2
vpn3

8 of 10

15. HOSTS / SERVICES MAP

HOST
SERVICES

HTTP

HTTPS

NETLUXSRV
NTPSTRATUM1SERVER
SSH

HOST

SERVICES
SSH
RADIUS
LUXSRV
DHCP
SYSLOG

HOST

SERVICES
HTTP
WINSRV HTTPS
DNS

HOST

SERVICES
SSH
DMZLUXSRV HTTP
HTTPS

16. ACCESS PERMISSIONS MAP

HOST

NETLUXSRV

HOST

LUXSRV

HOST

SERVICES
HTTP
HTTPS
NTPSTRATUM 1SERVER
SSH
ICMP
SERVICES
SSH
RADIUS
DHCP
SYSLOG
ICMP
SERVICES
HTTPS
DNS
ICMP

HOST

DMZLUXSRV

WINTOP WINLAPTOP_2REMWINTOP

NETLUXTOP WINLAPTOP_1 LUXTOP WINTOP WINLAPTOP_2REMWINTOP

SERVICES

NETLUXTOP WINLAPTOP_1 LUXTOP WINTOP WINLAPTOP_2REMWINTOP

SSH

HTTP
HTTPS
ICMP

NETLUXTOP WINLAPTOP_1 LUXTOP

HTTP
WINSRV

ACCESS PERMISSIONS MAP

NETLUXTOP WINLAPTOP_1 LUXTOP WINTOP WINLAPTOP_2REMWINTOP

SECUREDACCESSONLY

LEGEND:

Duetolicense
limitations.

ACCESSALLOWED

ACCESSDENIED

NOTE:BesidesthisHostAccessPermissionsMap,youmusttakeintoaccounttheaccesstoandfromtheinfrastructureequipment.

Test Project proposal for skills competition

ASC2016_TP39_EN

Version: 1.0
Date: 16.05.15

9 of 10

PUBLICINTERNET
ISPROUTERCISCO1941

1.1.1.126/26

1.1.1.XfromDHCP
Server:1.1.1.65

1.1.1.XfromDHCP
Server:1.1.1.65

Cisco 1900 Series

SYS ACT POE

REMOTEACCESSVPNFORINTERNETCLIENTS
ADDRESSPOOL:192.168.100.32192.168.100.47

Cisco 1941 Series

NETLUXSRVskills.com

NETLUXTOP

WINLAPTOP_1
CiscoIPC:103

S0/0/11.1.1.9/29
eHWIC 1

G0/01.1.1.17/29
S

eHWIC 0
SERIAL 1
SYS ACT POE

AUX

G0/0

SEE

HWIC HWIC

HWICD

MANUAL
BEFORE
INSTSAELRLAA
I TLIO0
N

9ESW

LNK
PW R

PWR
LNK PWR
LNK PWR
LNK PW R
LNK PWR
LNK PW R
LNK PWR
LNK

2A/S 2SHDSL
CONN

LNK

EN

L0
L1
CONN

1
USB

EN

EN

CF 0

S0/0/01.1.1.1/29

CF 1

CONSOLE

ISM/WLAN

G0/1 G0/11.1.1.65/26

SitetoSiteIKEv2IPsecTunnelbetweenHQandtheASAREMOTEsite

IPv6overIPv4PointtoPointGREoverIPSecTunnel

fdab:cdef:4::1/64

fdab:cdef:4::2/64

BRANCHROUTERCISCO2901

HQROUTERCISCO2901
Cisco 2900 Series

Cisco 2900 Series

100-240V~
2-1A

50-60 Hz

SYS

ACT

S0/0/11.1.1.10/29

POE
EHWIC 3

EHWIC 2

EHWIC 1

EHWIC 0

SYS

ACT

EHWIC 3

EHWIC 2

EHWIC 1

EHWIC 0
S2

2901

S1

1
HWIC-4T

CONN
EN
CF 1
ISM

G0/0.12fdab:cdef:2::1/64

10

11

13
19
1X

VLAN99
10.0.1.3/24

ST
R

F0/21

12

14
20

CF 0

15
21

16
22

17
23

F0/23Catalyst 2960

18
24

G0/1.9910.0.1.2/24

G0/0.12fdab:cdef:2::2/64

BRANCHSWC2960SWITCH
RP

1
7

2
8

3
9

4
10

5
11

6
12

S
MA

4X

10.0.1.4/24

54

65

34

E2 E1 E0

VLAN3dmz192.168.0.129/25

VLAN1inside192.168.0.1/25

F0/21
15
21

16
22

17
23

F0/23

Catalyst 2960
SERIES

18
24
2
3
X

14X

24X

1
2X

F0/24

14
20

13X

1
2

ST

DU

13
19
1
1
X

1X

78 Power over Ethernet67

G0/0.12STANDBYAuto
assignedlinklocaladdress

SERIES

ST
AT

RESET
2

G0/0.21fdab:cdef:3::1/64

G0/1.99STANDBY10.0.1.254/24

VLAN99

G0/0

G0/1.20172.16.0.1/24

SYST
1

1
3X

2X

Power
48VDC

CONSOLE
S
L

PVDM1 PVDM0

G0/0.12STANDBYAutoassigned
linklocaladdress

Console

G0/1

G0/0.11 fdab:cdef:1::1/64

G0/1.9910.0.1.1/24

HQSWC2960SWITCH
3

SB
EN

G0/0

G0/1.1010.0.0.1/24

G0/1.99STANDBY10.0.1.254/24

Power Over Ethernet (POE)

To Console Port.
Doing so may result in damage to the unit.

HWIC-4T

0
CONSOLE
S
L

PVDM1 PVDM0

2901

S0

SB
EN

G0/1

RPS
SYST
MA

WARNING: PLEASE READ BEFORE

CONNECTING! DO NOT Connect

S
L

AUX
S3

S2

S0
CONN
EN

CF 0

G0/1.99fdab:cdef:7::1/64

50-60 Hz

S0/0/01.1.1.2/29

POE

VLAN2outside1.1.1.18/29

REMOTEASA5505

100-240V~
2-1A

S
L

AUX
S3

S1

CF 1
ISM

Lo0fdab:cdef:5::1/64 Lo1fdab:cdef:6::1/64

ST

PL

AT

DU

SP

PL

EE

SP
EE

MODE

MODE

F0/1

F0/5

F0/9

F0/13

Option A

G0/1 G0/2

F0/1

F0/5

F0/9

F0/24

G0/1 G0/2

HAROUTINGSTANDBY:Autoassigned linklocaladdress
2PORTETHERCHANNELSTPTrunkVlan12Only

HAROUTINGSTANDBY:10.0.1.254
2PORTETHERCHANNELSTPTrunkVlan99Only

DMZLUXSRVbrazil.com

192.168.0.130/25

Option A

REMWINTOP
CiscoIPC
Ext:102,104
DHCPfromServer:
192.168.0.1

ABC

DEF

4
GHI

5
JKL

6
MNO

7
PQRS

8
TUV

services
settings

9
WXYZ

i
messages
directories

OptionB

#
OPER

WINLAPTOP_2

LUXVOIP
LUXSRVrio.com

Ext:101,104

10.0.0.XfromDHCP
Server:10.0.0.1

fdab:cdef:1::2/64

LUXTOP
fdab:cdef:2::X/64
fromDHCPServer:
fdab:cdef:1::2/64

fdab:cdef:7::X/64
fromDHCPServer:
fdab:cdef:7::1/64

2
ABC

3
DEF

messages
directories

4
GHI

5
JKL

6
MNO

services
settings

7
PQRS

8
TUV

9
WXYZ

OptionB

#
OPER

WINVOIP
10.0.1.Xfrom
DHCPServer:10.0.1.3

Ext:201
172.16.0.XfromDHCP
Server: 172.16.0.1

WINSRVsaopaulo.com
fdab:cdef:3::2/64

WINTOP
fdab:cdef:2::X/64
fromDHCPServer:
fdab:cdef:1::2/64

fdab:cdef:1::/64

Appendix A - Logical and Physical Topology Diagram

CISCO IP
PHO
NE
7960

CISCO IP
PHO
NE
7960

fdab:cdef:7::/64

HQEIGRP100
Rout ith
Au hentication

fdab:cdef:3::/64

BRANCHEIGRP100
Routingwith
Authentication

fdab:cdef:4::/64

Lo0fdab:cdef:5::1/64

BRANCH
EIGRP200
Routing

HQ O P rea 0
withA hentication

fdab:cdef:4::/64

BRANCH SPF
Area th
A thentication

fdab:cdef:3::/64

EIGRP200Redistributioninto
OSPFArea0andEIGRP100

BRANCH OSPF
Are 1

fdab:cdef:1::2/64
fdab:cdef:4::/64

fdab:cdef:4::/64

Lo1fdab:cdef:6::1/64
fdab:cdef:7::/64

WSC2015_TP39_Module-C_EN

Version: 3.0
Date: 28.04.15

10 of 10