Networks

Introduction
“VikanLitt AS” a fast growing company bought a smaller company “TinyNetwork
LLC”, as experienced network engineers we have been assigned with the task to
refurbish and improve the current network infrastructure that “VikanLitt AS” has,
and design a network solution to merge those companies into one.
“VikanLitt AS” main office is located in Oslo, while “TinyNetwork LLC” office is
located in Bergen. We are tasked to merge the networks of these two companies
and make them act as one. We want these two network to share one public IP
address.
This paper analyzes the thinking process we had to go through in order to design
and create a network topology that suits our customer’s needs. After which we
will configure our routers and switches using proper and recommended
documentation provided by Cisco, a well-known networking hardware seller and
manufacturer.
Further in the paper, we will implement the requirements provided by the
management and create a well-designed, and functional demo using Packet
Tracer, a networking simulation software created by Cisco.
Throughout the paper, we will go over the process on implementing IPv6 as well
as create a DHCP and web server. Later on, we will implement NAT so all our
private IP addresses will share the same public IP address.
The total list of requirements are as follows:
1. The network will use IPv4, but has to be configured for IPv6 as well.
2. Use Static NAT to make it possible for our webserver to get accesses from
the internet.
3. Create a demilitarized zone (DMZ) for the webserver.
4. Create a Wireless guest network that is separated from the rest of the
network.
5. The Network will have the following public IPv4 address 9.25.10.13/30 and
IPv6 3001:db9:b2b::/48
 6. Demonstrate a working environment by adding an outside router and user
to simulate the internet.
7. Configure NAT on the routers so hosts can share the public IPv4 address.
8. Configure DHCP server to automatically distribute IPv4 addresses and use
Stateless Address Auto configure (SLAAC) for IPv6.
9. Secure routers and switches
10. Each network device is to have a unique hostname to easily identify.
11.Configure each router to have a welcome banner when a user connects to
it.

To achieve all the steps mentioned above, it is important to research and follow
the recommended guidelines to assure a functional, well-configured demo to
present to the company later on.

Main Part
Packet Tracer
Cisco Packet Tracer is a cross-platform visual simulation tool design by Cisco
Systems that allows the user to create network topologies and modern computer
networks. The software allows users to simulate the configuration of cisco routers
and switches using a simulated command-line interface. Packet Tracer makes use
of a drag and drop user interface allowing users to add and remove simulated
networked devices as they see fit. (Netacad.com, 2019)

Routers
A computer router is a device that we have to have in order to have a network. A
router takes the data that is being transmitted between the computers and
makes sure it gets routed to the right computers and this is done by a scheme
called addressing and it uses TCP/IP protocol which allows the data to flow over a
cable.

Switches
Switches can be described as intelligent hubs, as switch can learn the physical
addresses (MAC addresses) in its table so when a data packet is sent to a switch,
it’s only directed to the intended destination port. Switches functions on the
second layer of the OSI model. However there does exist multilayer switches
which can do 2 and/or layer 3 switching on the same device and are capable of
routing packets between networks (VLANs) (Cisco, 2019).

Trunking
Trunking is a very important configuration to be able to set up on our switch,
usually a trunk interface is going to be an interface that is going to be used for
switch to switch or basically infrastructure to infrastructure connections. Early on,
Trunking was typically only allowed to be set up on two different ports on our
switches, a lot of our different switches now will support Trunking across all of the
different ports but ideally we still want to trunk with an idea or with a purpose in
mind. We really don’t want to be Trunking down to like a workstation or a server,
that’s just not really the design (Techopedia.com, 2019).
The opposite of Trunking would be an access port, if a port is configured as an
access port then it’s allowed to belong to one VLAN and one VLAN only. A trunk
by default belongs to and carries traffic for all VLAN and an access port carries
traffic for a single VLAN (Techopedia.com, 2019).

NAT
NAT stands for Network Address Translation and this is a service that is used in
routers and its purpose is to translate a set of IP addresses to another set of IP
addresses and the reason for having the NAT service is to help preserve the
limited amount of IPv4 public IP addresses that we have available around the
world. The NAT service translate IP addresses from public to private and vice
versa. In the future, we won’t need NAT or private IP addresses due to the new
generation of an IP address called IPv6 where every single device in the world will
have its own public IP address, so there will be no need for IP address translation
(Csd.uoc.gr, 2003).

VLANs
By design network hosts connected to the same local network topology whether
by means of an access point or switch can pass traffic back and forth
transparently. Often, a flat transparent network topology can be undesirable
especially if users with different access privileges such as guests and admins send
and receive data on the same LAN (Cisco.com, 2015).
By contrast, Virtual LANs, or VLANs logically divide a local network topology in
order to isolate traffic to separate broadcast domains. Conceptually speaking,
deploying two different LANs is the same as configuring two different VLANs on
the same hardware, however VLANs consolidate hardware like in a “router-on-a-
stick” topology (Cisco.com, 2015).
For example, three hosts connected to the same switch can reach each other via
broadcast but once assigned to a VLAN, hosts can only broadcast to other hosts in
that same VLAN. Inter-VLAN traffic therefore requires a router or a layer 3 switch
capable of moving packets between networks (Cisco.com, 2015).

Now that we have gone over the different hardware differences and technologies,
we can start to lay out our bare bone network topology.

Our Topology
Our finished design will look something like this:
As it is clearly shown, we have successfully managed to create 2 networks in
different physical locations that still act as a one network when accessing the
internet, in this case our public IP address is 9.25.10.12/30 as shown in the figure
above.
Furthermore, we have created VLANs according to the requirements shown in the
table below. We will discuss how we managed to configure our routers later on.
Site Department Max devices VLAN
VikanLitt Office 52 10
VikanLitt Developers 100 30
VikanLitt Servers 5 (will grow) 50
VikanLitt & TinyNettwork Guest network 20 (in total) 20
 Site Department Max devices VLAN
TinyNetwork Office 11 10
TinyNetwork Developers 23 30
TinyNetwork Research 15 (will grow) 40

We have also configured redundancy between all the switches. For Routers there
is no redundancy as it was mentioned that single link is fine for router
connectivity.

Configuring our Network

Security
We secure our routers and switches by adding a username and password to
prevent unauthorized access as well as encrypt the password to make it harder
for any malicious users.

As shown above, we create username “admin” with password “cisco” and save
the configuration so that users will get the prompt to enter the username and
password each time they try to access it. (https://ipcisco.com/, 2015)
Now, if we were to run “show running-config” on our router, we will be able to
view the password in plain text, which beats the point of having a password in the
first place. However we can encrypt it using by running the command “enable
secret cisco” and then run “service password-encryption”. Here is how it will look
in the configuration file. (https://ipcisco.com/, 2015)

After securing our devices, we add a banner that pops up when somebody tries to
connect remotely by executing and running the following command “banner
MOTD” and then type our desired message (Cisco, 2018). In this case it looks
something like this.

IP addressing
We perform IPv4 addressing and configure it and subnet it accordingly. Detail of
all the IP addresses assigned on all the devices is given below in the table.
Routing has been performed between the devices for end to end connectivity. RIP
protocol has been configured for the purpose. Between ISP and company network
no routing protocol has been used, a default static route is configured between
ISP and Company networks.

DHCP
We have placed the DHCP server in DMZ zone, and configured DHCP services
accordingly. We have also configured DCHP pools for all the VLANs except Server
VLAN (VLAN50). We use static IP addressing server network (VLAN 50). Down
below is a screenshot of our configuration. (Cisco.com, 2019)
In our network layout, we only have 1 DHCP server that is located on VikanLitt
premises, and distributes IP addresses accordingly depending on the VLAN the
user connects to. (Cisco.com, 2019)
Stateless Address Auto configure (SLAAC)
There are two methods of giving out IP addresses to the clients, the traditional
way using DHCP servers and the new way using SLAAC which allows routers to
hand out IPv6 addresses automatically. Down below we can see how we
configured our router to enable this feature. (Cisco.com, 2019)
We can see that we first enable IPv6 and then configure it to run automatically.
Now after we finish setting up the router, we can see that our client that is
connected to that router receives both IPv4 and IPv6 dynamically. (Cisco.com, 2019)
DMZ
A demilitarized zone is a physical or logical subnet that separates the internal LAN
from the internet. In our situation, our DMZ is located right infront our server so
that any external access will be limited to those resources and the rest of the LAN
will remain unreachable.

Static NAT
Static NAT (Network Address Translation) is one-to-one mapping of a private IP
address to a public IP address. Static NAT is useful when a network device inside a
private network needs to be accessible from internet. (Cisco.com, 2019)
In our scenario, in order for our webserver to be accessed from the internet, we
configure static NAT on our router as follow. (Cisco.com, 2019)
VLANs
VTP is configured on the all switches in network, number of desired VLANs are
also configured. (Cabrillo.edu, 2019)
SVIs created on Multi-layer switches and IP addresses also assigned to them.
(Cabrillo.edu, 2019)

Redundancy
Redundancy has been configured between all the switches. HSRP is configured on
MLS-1 and MLS-2 for gateway redundancy. For Router there is no redundancy as
it was mentioned that single link is fine for router connectivity. (Cisco, 2019)
Conclusion
Cisco Packet tracer, a simulation networking software has made it possible for us
to demonstrate our new renovated network to the management of VikanLitt. We
have showed the most optimal configurations to achieve a good functioning
design.
This paper have successfully discussed different networking devices and how each
excel on its own, furthermore we have showed how to implement security
measures to prevent unauthorized access and secure our network. We sub netted
our network successfully and created VLANs as requested by the management
and configured Switches and routers accordingly so that for example VLAN 20
(guest network) won’t access any of the devices on the other VLANs.
TinyNetwork infrastructure was totally refurbished and it shows how VLANs can
organize clients much easier and restrict their access to either other and also
improve the overall performance of the network by redirecting packets and traffic
according the configuration made by us.
While even though these two networks were two different physical locations, we
have still managed to configure our VLANs so that devices in the same VLANs will
be able to talk to each other.
As easy as it was creating this network in Packet Tracer, the costs of the hardware
needed hasn’t been thought off, and I am sure we would have to cut lots of the
hardware used in our demo just to achieve a better performance per dollar ratio.
As network engineer, there is always something new to learn about how devices
communicate with each other and through lots of trial and error, and after
reading tons of documentation and guides provided by cisco and other websites,
it has been fun working on this project and I hope the management likes it.

References :
Netacad.com. (2019). Cisco Packet Tracer - Networking Academy. [online] Available at:
https://www.netacad.com/en/web/about-us/cisco-packet-tracer [Accessed 31 Mar. 2019].

Cisco. (2019). What Is a Network Switch vs a Router? Know the Differences. [online] Available at:
https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/network-switch-
what.html [Accessed 31 Mar. 2019].

Techopedia.com. (2019). What is a Trunk Port? - Definition from Techopedia. [online] Available at:
https://www.techopedia.com/definition/27008/trunk-port [Accessed 31 Mar. 2019].

Csd.uoc.gr. (2003). A Practical Look at Network Address Translation. [online] Available at:
https://www.csd.uoc.gr/~hy435/material/whitepaper_technicalnetworkaddresstranslation.pdf [Accessed 31
Mar. 2019].

Cisco.com. (2015). Virtual Local Area Networks. [online] Available at:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-
1SY/config_guide/sup2T/15_1_sy_swcg_2T/vlans.pdf [Accessed 31 Mar. 2019].

https://ipcisco.com/. (2015). Basic Cisco Router Security Configuration. [online] Available at:
https://ipcisco.com/lesson/basic-cisco-router-security-configuration/ [Accessed 31 Mar. 2019].

Cisco. (2018). banner_motd.html. [online] Available at:

https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/banner-motd.html [Accessed
31 Mar. 2019].

Cisco.com. (2019). [online] Available at:

https://www.cisco.com/c/en/us/td/docs/routers/access/800/819/software/configuration/Guide/819_SCG/10
dhcpvlan.pdf [Accessed 31 Mar. 2019].

Cisco.com. (2019). [online] Available at:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ipv6/configuration_
guide/b_ipv6_3se_3850_cg/b_ipv6_3se_3850_cg_darya_chapter_0100.pdf [Accessed 31 Mar. 2019].
Cisco.com. (2019). Configuring Static NAT. [online] Available at:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3548/sw/interfaces/b_N3548_Interfaces
_Config_503_A1/b_N3548_Interfaces_Config_503_A1_chapter_0101.pdf [Accessed 31 Mar. 2019].

Cabrillo.edu. (2019). Configuring VLANs and Trunking. [online] Available at:

http://www.cabrillo.edu/~rgraziani/cis82/labs-v6/6-2-2-5-Lab-ConfiguringVLANsandTrunking.pdf
[Accessed 31 Mar. 2019].

Cisco. (2019). Configuring Redundant Connections. [online] Available at:

https://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/csms/1-1-
1/configuration/guide/redun.html [Accessed 31 Mar. 2019].