CCNA4 Exploration: Accessing the WAN

Guided Case Study

Student: Date: Mark: /12 /14 /14 /12 / 52

Overview and Objectives

This final case study allows students to build and configure a complex network using skills gained throughout
the course. This case study is not a trivial task. To complete it as outlined with all required documentation will
be a significant accomplishment.
The case study scenario describes the project in general terms, and will explain why the network is being built.
Following the scenario, the project is broken into a number of phases, each of which has a detailed list of
requirements. It is important to read and understand each requirement to make sure that the project is
completed accurately.
The following tasks are required to complete the case study:

 Simulate and test the network using the network simulator tool Packet Tracer.
 Correctly configure single-area OSPF
 Correctly configure VLANs and 802.1q trunking
 Correctly configure Frame Relay
 Correctly configure DHCP
 Correctly configure NAT and PAT
 Create and apply access control lists on the appropriate routers and interfaces
 Verify that all configurations are operational and functioning.
 Provide documentation and configuration files as detailed in the following sections.

ENSURE THAT YOU ANSWER ALL THE TESTS AND PROVIDE ONLY THE REQUIRED OUTPUT.

Scenario
The regional electrical utility company, South West Electrical, needs a network to be designed and
implemented. The company supplies electricity over a wide area. Its headquarters is in Exeter with a call-
centre in Plymouth connected via leased line. The Engineering division operates out of Poole whilst the Sales
team have a Sales Office in Bournemouth. The Bournemouth and Poole branches are connected to the
company’s headquarters in Exeter using Frame Relay because of cost considerations. The company’s
networks communicate using the open standard routing protocol OSPF.

The company wants to use private addresses throughout for security reasons and DHCP for the LANs. Access
to the Internet is provided from Exeter using network address translation. The company also wishes to limit
Internet access to Web traffic while allowing multiple protocols within its own WAN. A set of servers are
provided at the company’s headquarters in Exeter although the Engineering division has it own server
connected to its own network. Due to the size and complexity, the company wants to create VLANs to control
broadcasts, enhance security, and logically group users.
Although private addresses (RFC 1918) will be used, the company appreciates efficiency and address
conservation in design. To minimize wasted address space, they have requested VLSM to be used when
appropriate.

652727210.docx YOUR_NAME Page 1 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Requirements
The company has 6 departments / divisions – Engineering, Sales, Customer Services and IT Support. The
offsite sales team are provided with wireless laptops for access to the sales network via the Bournemouth
branch. Your design must provide for
 30 employees in the Engineering division at Poole
 50 wired workstations for Customer Services at Plymouth.
 50 laptops for external mobile Sales staff for access via Bournemouth office.
 5 employees (maximum) in IT Support with direct access at Exeter.
 Lifetime max of two servers for CallCentre and two for Sales.
 Lifetime max of two General Servers for all departments and divisions.
 Expect 100% growth of current IP requirements when determining size of subnets.
 All networking devices must have IP addresses.
 Use the private class B 172.20.0.0 network for internal addressing throughout the company’s WAN
and LAN networks.
 Use VLSM for IP addressing.
 Use subnet 200.1.1.0/24 for connection to the Internet via the EDGE router in Exeter.
 There is a DNS server at address 198.198.1.2/24 connected to the EDGE router.
 Security between the various networks is required to be controlled via firewalls (access control
lists).
 One public address, 199.199.199.1, has been provided external access to the Internet for the
company.

Phase 1: Network Design (Already Completed)

EDGE

OSPF 0

Plymouth Poole B’mouth

652727210.docx YOUR_NAME Page 2 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

652727210.docx YOUR_NAME Page 3 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

VLSM design.
Networ VLAN Number of host Network Subnet Mask Max Number of Gateway Address
k addresses Address Hosts Possible
Name required

CAL 10 102+(r2) = 104 172.20.0.0 /25 126 172.20.0.1

SAL 20 102+(r2) = 104 172.20.0.128 /25 126 172.20.0.129

ENG 30 61+(r1) = 62 172.20.1.0 /26 62 172.20.1.1

ADM 99 5+(r4) = 9 172.20.1.64 /28 14 172.20.1.65

GEN 100 3+(r4) = 7 172.20.1.80 /28 14 172.20.1.81

SW 2+1+1=4 172.20.1.96 /29 6

PPP 2 172.20.1.104 /30 2 172.20.1.105

ENG- 2 172.20.1.108 /30 2 172.20.1.109

Frame

SAL- 2 172.20.1.112 /30 2 172.20.1.113

Frame

EDGE 2 172.20.1.116 /30 2 172.20.1.117

-
Frame

DNS 2 198.198.1.0 /24 255 198.198.1.1

INTER 2 200.1.1.0 /24 255 200.1.1.1

NET

Examp 2 210.1.1.0 /24 255 210.1.1.1

le

Router Name: RTR_EDGE

Network Description Interface/Sub VLAN Encapsulation Network Interface IP Subnet
Name and Purpose Interface Number Address Mask
Type/Number

CAL Call Centre GbE1/0.1 10 Dot1q 172.20.0.0 172.20.0.1 /25

SAL Sales GbE1/0.2 20 Dot1q 172.20.0.128 172.20.0.129 /25

ENG Engineering GbE1/0.3 30 Dot1q 172.20.1.0 /26

IT Admin GbE1/0.4 99 Dot1q 172.20.1.64 172.20.1.65 /28

GEN General GbE1/0.5 100 Dot1q 172.20.1.80 172.20.1.81 /29

652727210.docx YOUR_NAME Page 4 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Router Name: RTR_CALL

Network Description Interface/Sub VLAN Encapsulation Network Interface IP Subnet
Name and Interface Number Address Mask
Purpose Type/Number

CAL Call GbE1/0.1 10 Dot1q 172.20.0.0 172.20.0.2 /25

Centre

GEN General GbE1/0.2 100 Dot1q 172.20.1.80 172.20.1.82 /29

IT Admin GbE1/0.3 99 Dot1q 172.20.1.64 172.20.1.66 /28

Router Name: RTR_ENG

Network Description Interface/Sub VLAN Encapsulation Network Interface IP Subnet
Name and Purpose Interface Number Address Mask
Type/Number

ENG Engineering GbE1/0.1 30 Dot1q 172.20.1.0 172.20.1.1 /26

GEN General GbE1/0.2 100 Dot1q 172.20.1.80 172.20.1.83 /29

IT Admin GbE1/0.3 99 Dot1q 172.20.1.64 172.20.1.67 /28

Router Name: RTR_SAL

Network Description Interface/Sub VLAN Encapsulation Network Interface IP Subnet
Name and Interface Number Address Mask
Purpose Type/Number

SAL Sales GbE1/0.1 20 Dot1q 172.20.0.128 172.20.0.130 /25

GEN General GbE1/0.2 100 Dot1q 172.20.1.80 172.20.1.84 /29

IT Admin GbE1/0.3 99 Dot1q 172.20.1.64 172.20.1.68 /28

Wireless Access Point Name:

Interface Description and Networ Network SSID Security Interface IP Subn
Type/Port Purpose k Name Number – WEP Address or IP et
key range Mask

Port 0 RTR_SAL Uplink SAL 172.20.0.1 AP_SA 172.20.0.130 /25

(Wired) 28 L

Port 1 SAL Laptops SAL 172.20.0.1 AP_SA DHCP /25

(Wireless 28 L
Wireless AP 172.20.0.133-
)
172.20.0.183

652727210.docx YOUR_NAME Page 5 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

There are two switches with the distribution switch connected to the router. All switches are interconnected
via two trunk links for robustness. Below is the sample layout for the tables for the switches.

Distribution Switch Name: DSW0

Switch IP address: VLAN:
Descriptio
Spee Duple VLANs Switchport Encapsulation
Port/Number n and
d x allowed Type (if needed)
Purpose

GbE0/1 Trunk to 1Gb Full 10,20,30 Trunk Dot1q

Router ,99,100

GbE1/1 Trunk to 1Gb Full 10,20,30 Trunk Dot1q

Access ,99,100

GbE2/1 Backup 1Gb Full 10,20,30 Trunk Dot1q

Trunk to ,99,100
Access

Access Switch Name: ASW0

Switch IP address: VLAN:
Interface/Sub Encaps
Descriptio
Interface Spee Duple Networ Network Subne Switchpor ulation
n and VLAN
Type/Port/Numbe d x k Name Number t Mask t Type (if
Purpose
r needed)

GbE0/1 Trunk to 1Gb Full / 10,2 Trunk Dot1q

Dist 0,30
,99,
100

GbE1/1 Backup 1Gb Full / 10,2 Trunk Dot1q

Trunk to 0,30
Dist ,99,
100

GbE2/1 Link to 1Gb Full GEN 172.20. /29 100 Access N/A
Gen ser 1.78

GbE3/1 Link to 1Gb Full CAL 172.20. /25 10 Access N/A

Call ser 0.0

GbE4/1 Link to 1Gb Full SAL 172.20. /25 20 Access N/A

Sales ser 0.128

GbE5/1 Link to 1Gb Full IT 172.20. /28 99 Access N/A

Admin 1.64

652727210.docx YOUR_NAME Page 6 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Configure DHCP on the routers to allocate address dynamically with reserved address groups for the servers
and switches.

For demonstration purposes, the company agrees that it is enough to implement a single representative
example of a server for each VLAN and a PC/workstation for each department/division. Stackable switches
may be needed to accommodate the requirements for the full implementation.

Server / VLA Network

IP address Subnet Mask Gateway
PCs N Number

PC_SAL_0 20 172.20.0.128 172.20.0.133 /25 172.20.0.130

SER_ENG 30 172.20.1.0 172.20.1.2 /26 172.20.1.1

PC_ENG_0 30 172.20.1.0 172.20.1.4 /26 172.20.1.1

PC_CAL_0 10 172.20.0.0 172.20.0.5 /25 172.20.0.4

PC_IT_0 99 172.20.1.64 172.20.1.69 /28 172.20.1.65

SER_GEN 100 172.20.1.80 172.20.1.85 /28 172.20.1.81

SER_CAL 10 172.20.0.0 172.20.0.3 /25 172.20.0.1

SER_SAL 20 172.20.0.128 172.20.0.131 /25 172.20.0.129

DSW0 99 172.20.1.66 172.20.1.67 /29

ASW0 99 172.20.1.66 172.20.1.68 /29

652727210.docx YOUR_NAME Page 7 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Phase 2: Configure Switched Network with VLANs linked to EDGE

Router (12 marks)
Using Packet Tracer, create and connect the access switch, one distribution switch, and the EDGE router.
When these are communicating, connect the servers and PCs together to form a redundant switched
network connected to the EDGE router.

1. Configure Switches
1.2 Name the switches
1.3 On all switches, configure a login password as cisco, an encrypted privileged password as
class, and provide secure telnet login capability. All passwords should be encrypted.
1.4 Assign single ports as access ports with port security for each VLAN on both access switches.
1.5 Create trunk ports assigning the management VLAN as the native VLAN.
1.6 Configure VTP on all switches with version 2, domain to SWElectrical and password cisco with
the distribution switch in server mode and the access switches in client mode.
1.7 Create the VLANs as in your design for the CallCentre servers, Sales servers and General
servers on the distribution switch and propagate with VTP.
1.8 Create a Management VLAN for the switches for access by.IT Support staff.
1.9 Connect the IT Support PC to the Management VLAN.
1.10 Add descriptions on each port stating the VLAN(s) and the network if a LAN link..

2 Configure EDGE Router for VLANs

2.1 Name the router and create the sub-interfaces with descriptions.
2.2 Configure the DHCP pool for the IT Support network with excluded address ranges for the
switches and gateway.
2.3 Connect the servers and PCs as in your design to the access switches.
2.4 Connect the DNS Server at 198.198.1.2 to the EDGE router

3 DO NOT connect the EDGE router to any other routers

Tests

1. Has the VLAN database propagated to the access switches? [Y/N] _______
2. List the configurations received by the PCs from the DHCP pools?
_____________________________________________________________

3. Can the router:-

ping the switches? [Y/N] _____

ping the servers and the IT Support PC? [Y/N] ______

ping the PCs? [Y/N] _______

4. Can the IT Support PC ping all the switches, PCs, the department servers and the DNS server?
[Y/N] ___

5. RTR_EDGE sh ip route

6. DSW0 sh int trunk

7. ASW0 sh int trunk

8. DSW0 sh vtp status

9. ASW0 sh vtp status

652727210.docx YOUR_NAME Page 8 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

10. Show run configuration : RTR_EDGE

11. Show run configuration : DSW0

12. Show run configuration : ASW0

.

652727210.docx YOUR_NAME Page 9 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Phase 3: Configuring the WAN links and OSPF (14 marks)

Using Packet Tracer, create the WAN links and configure the encapsulations.

1 Configure the WAN link between the EDGE router and the Plymouth router.
1.1 Connect the routers using dedicated serial WAN link at 64Kbps.
1.2 Assign IP addresses to the serial ports on the link.
1.3 Configure ppp encapsulation between EDGE router and Plymouth
1.4 Configure chap authentication with password cisco.

2 Configure Frame Relay between the EDGE router and the routers at Poole and
Bournemouth.
2.1 Configure a Frame Relay switch with connections between serial port 0 to serial ports 1
and 2. (Packet Tracer provides sublinks for this).
2.2 Connect the serial WAN link between the EDGE router and serial port 0 on the frame relay
switch.
2.3 Connect serial WAN links from the frame relay switch to the Poole and Bournemouth
routers.
2.4 Configure the WAN links and assign IP addresses as per the design with descriptions..
3 Configure the Poole and Bournemouth LANs with descriptions.
4 Configure a wireless access point with SSID SWElectrical and WEP key 0123456789 on the
Bournemouth LAN and a wireless PC.
5 Add OSPF area 0 routing protocol to the EDGE, Plymouth, Poole and Bournemouth
routers.
6 Provide a website over the Internet link for browsing from any PC.
6.1 Provide a default route from the EDGE to the ISP and static route from the ISP to the
company EDGE.
6.2 Setup the appropriate services for browsing to the website example.com at the ISP.
6.3 Propagate the default route within OSPF.

Tests

1. Can the EDGE router ping the Poole and Bournemouth routers? [Y/N] ___

2. Check the EDGE routing table. Can the EDGE router see the LANs of Plymouth, Poole and
Bournemouth? [Y/N] ____

3. Can the PCs on the LANs of Poole and Bournemouth reach the servers on the EDGE LAN network?
[Y/N] ____

4. Can the IT Support PC reach the PC’s at Plymouth, Poole and Bournemouth? [Y/N] ___

5. Can you browse the website from any PC? [Y/N] ___

6. Record the wireless access point configuration with the security settings.

652727210.docx YOUR_NAME Page 10 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

7. EDGE RTR_EDGE#sh run

8. PLYMOUTH RTR_CAL#sh run

9. POOLE RTR_ENG#sh run

10. BOURNEMOUTH RTR_SAL#sh run

11. EDGE RTR_EDGE#sh ip route

12. PLYMOUTH RTR_CAL#sh ip route

13. POOLE RTR_ENG#sh ip route

14. BOURNEMOUTH RTR_SAL#sh ip route

652727210.docx YOUR_NAME Page 11 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Phase 4: Configuring DHCP, NAT and PAT, and ACLs (14 marks)
The private network of South West Electrical requires access to the Internet restricted to browsing. In
addition, security is required between the various departments and divisions as follows:

1. Configure DHCP pools on Call Centre, Engineering and Sales Routers for user workstations
excluding any fixed addresses for servers and gateway addresse.
2. IT Support network must be able to access all devices in all subnets.
3. All departments and divisions require access to their own servers and the General Server at EDGE.
4. Internet access is restricted to going through EDGE router at which network address translation
(NAT) and Port Address Translation (PAT) is required. All internal addresses must be mapped to
IP address 199.199.199.1 when outside access is required. A DNS server is provided at address
198.198.1.2 at EDGE.
5. Telnet is denied to all users except from IT Support workstations.
6. ping and HHTP access is allowed by all users to their own servers plus the General Server.

Steps

7 Configure DHCP pools on Call Centre router, Engineering router, Sales router to dynamically
allocate IP addresses to users excluding gateways and any servers.
8 Configure NAT with overload to translate all communication from the company to the single IP
address 199.199.199.1 with overload..
9 Configure Access Control Lists
9.1 Permit only HTTP access for all networks to the Internet. Test all PCs can browse to the
test website, example.com, on the ISP server.
9.2 Create a firewall to allow only established communication i.e. replies for web pages into the
company’s network from example.com
9.3 Deny all other protocols to the Internet.
9.4 Permit all access (ping, HTTP, FTP and telnet) from IT Support throughout the company’s
network.
9.5 Permit FTP and HTTP from workstations on subnetworks to their own servers.

Tests

1. Can the Sales, Engineering, CallCentre PCs browse to the ISP website? [Y/N] ___

2. Can IT Support browse to the ISP website? [Y/N] ___

3. Is access denied between subnetworks except for IT Support and access to the General Server?
[Y/N] ____

4. Can the PCs on the LANs all ping and reach their own and General Servers via with HTTP and ping
but fail when not their own or General? [Y/N] ____

652727210.docx YOUR_NAME Page 12 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Record the final configurations with ACLS and NAT and DHCP pools of routers for (1) EDGE, (2) Plymouth,
(3) Poole and (4) Bournemouth.

5. RTR_EDGE#sh ip route

6. RTR_CAL#sh ip route

7. RTR_ENG#sh ip route

8. RTR_SAL#sh ip route

9. Record the Network Address Translations. RTR_EDGE#sh ip nat translations

(5 marks)

652727210.docx YOUR_NAME Page 13 / 14

 CCNA4 Exploration: Accessing the WAN
Guided Case Study

Phase 5: Verification and Testing (12 marks)

Use the following instructions to complete Phase 5:
Verify communication between various hosts in the network. Troubleshoot and fix any problems in the network
until it works properly. Document the results of the tests in the table below and add screenshots:

Test Source Destination Protoco Expected Reference

l Result Screen Shot
1 Host on Sales example.com HTTP Success
2 Host on example.com HTTP Success
Engineering
3 Host on IT support example.com HTTP Success
4 Host on IT Support Host on Sales, ping Success x 5
Engineering,
CallCentre
All switches
5 Host on Sales, Host on IT Support ping Failure x 3
Engineering,
CallCentre
6 Host on CallCentre General Server and ping Success x 2
CallCentre Serve at
EDGE
7 Host on General Server and ping Success x 2
Engineering Engineering Server at
Poole
8 Host on Sales General server and ping Success x 2
Sales Server at EDGE
9 Host on Sales, To Internet ping, Failure x 3
Engineering,
CallCentre
10 Host on CallCentre General Server and HTTP Success x 2
CallCentre Serve at
EDGE
11 Host on General Server HTTP Success
Engineering
12 Host on Sales Sales server HTTP Success x 2

Record and log* all ACL output and ping, browser and ping tests for future reference.

652727210.docx YOUR_NAME Page 14 / 14