M11Cde Skills-Based Assessment

School of Engineering & Computing Department of Computing Internet Information earnest (M11CDE) layered Security Student Name BUSA ABANG OBI SID4560229 I certify that this is my own work yes/no and that I have discover and understand the University Assessment regulations. Signature pic Submission Details The details below refer what you should submit, when you should submit it and where is should be submitted to. Submission Date and Method Dead railway 11 January 2013 1150pm online submission. Submission Format 1. accept the online prove for the pr spotical test which will be avai research lable 1 week before the last-place fixed deadline. . Download an electronic copy of this atomic number 101ument and where there ar blanks or spaces to complete addressing development etc. , please accommodate them in the document. You submission should include the answers in the document, but do not change the document in any other way If the document has been modified other than to incl ude the essential training your submission will be null and void. 3. Your files should be scream as SID_FIRSTNAME_SURNAME. doc. E. g. coulomb292_FIRSTNAME_SURNAME. doc. 4. Save the manikins from all(a) your intercommunicate devices and embed them into the end of this document. 5.If you have essay to set up VLANs, please overly include a switch variety from any one of your LAN switches. Please note that this mustiness(prenominal) be a switch that you have actually configured VLANs on. 6. If you have implemented the meshwork in Packet Tracer, you may consider submitting a copy of that as well but this is not compulsory. cipher Tolerance for late submission If your work is late it will have to be pronounced adjust according to new university policy. Please ensure you upload your work well before the deadline. You will be able to delete and update your work before the deadline. Plagiarism NoteAs with all assessed work, two the research and written submission should be yo ur own work. When submitting this work you are explicitly indicating that you have read the rules on plagiarism as defined in the University regulations and that all work is in fact your own, debar where explicitly referenced using the accepted referencing style. Feedback and marking The practical work will be marked by using the questions set in the online quiz and number of questions for distributively section will number on the weightings set in the below sections. Feedbacks and marks will be provided once the online practical quiz is submitted.Network topology Whilst the topology immortalizes only two troopss on each LAN, you should configure four soldierys on each LAN. Network Information The WAN IP web address between Dundee and Glasgow is 209. 154. 17. 0 with a subnet masque of 255. 255. 255. 0. The WAN IP network address between Edinburgh and Glasgow is 209. 154. 16. 0 with a subnet mask of 255. 255. 255. 0. This is clearly shown on the network topology. Dundee cul ture The LAN for Dundee has been assigned an IP network address of 192. 168. 6. 0 for each one subnet of the higher up network require to accommodate 14 array addresses. The subnet mask will be 255. 255. 255. 40. This is worked out by borrowing 4 bits from the final octet and is shown in the delay below. Table 1 Custom Subnet veil for Dundee 255 255 255 240 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 Use the 6th usable subnet for the LAN.Do not use subnet zero as the commencement usable subnet. The table below shows how the 6th usable network can be identified. Network Network ID First troops dying emcee Broadcast Mask 0 192. 168. 6. 0 192. 168. 6. 1 192. 168. 6. 14 192. 168. 6. 15 /28 1 192. 168. 6. 16 192. 168. 6. 17 192. 168. 6. 30 192. 168. 6. 31 /28 2 192. 168. 6. 2 192. 168. 6. 33 192. 168. 6. 46 192. 168. 6. 47 /28 3 192. 168. 6. 48 192. 168. 6. 49 192. 16 8. 6. 62 192. 168. 6. 63 /28 4 192. 168. 6. 64 192. 168. 6. 65 192. 168. 6. 78 192. 168. 6. 79 /28 5 192. 168. 6. 80 192. 168. 6. 81 192. 168. 6. 94 192. 168. 6. 95 /28 6 192. 168. 6. 6 192. 168. 6. 97 192. 168. 6. 110 192. 168. 6. 111 /28 7 192. 168. 6. 112 192. 168. 6. 113 192. 168. 6. 126 192. 168. 6. 127 /28 You should be able to send the pattern (or misrepresentation number from the subnet mask). If it is not immediately apparent subtract the last non-zero octet from 256. Edinburgh information The LAN for Edinburgh has been assigned an IP network address of 192. 168. 5. 0 Again, each subnet of the above network needs to accommodate 14 host addresses.The subnet mask will be 255. 255. 255. 240. This is worked out by borrowing 4 bits from the final octet and is shown in the table below. Table 1 Custom Subnet Mask for Edinburgh 255 255 255 240 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 Use the quaternary usable subnet for the LAN. Do not use subnet zero as the first usable subnet. You must respect the example for Dundee to complete the table for step 1 planning. You should be able to identify the pattern (or magic number from the subnet mask). If it is not immediately apparent subtract the last non-zero octet from 256. The elements of the coursework are 1. Planning and assign addresses 30 marks 2. Basic var. 40 marks 3. Security ACLs 10 marks 4.Security VLANs 20 marks The basic theme is that Glasgow (GLA) is regional headquarters of the company. Edinburgh and Dundee are branch offices. Each network associate (student) will be responsible for an entire network. This means that using either the lab equipment in EC1-13 or Packet Tracer, you will configure 3 routers, 2 switches and 8 PCs. A network address and specific number of hosts per subnet has been assigned for the local LAN on each network (Edinburgh and Dundee).From the information provided , the subnet address, the subnet mask, the first and last usable addresses and the broadcast address for each site LAN need to be determined. (When using the router or Packet Tracer it is judge that you keep a copy of your router frame at each stage, just in case you run into problems). Step 1 Planning Using the map below, plan the first ten usable subnets of the LAN address assigned to Edinburgh. You have been given the first 6 addresses for Dundee, you are now expected to plan for the first 10 addresses for Edinburgh. Subnet Subnet Subnet First phalanx Last Host Broadcast comprehend Mask (/x) 0 192. 168. 5. 0 28 192. 168. 5. 1 192. 168. 5. 14 192. 168. 5. 5 1 192. 168. 5. 16 28 192. 168. 5. 17 192. 168. 5. 30 192. 168. 5. 31 2 192. 168. 5. 32 28 192. 168. 5. 33 192. 168. 5. 46 192. 168. 5. 47 3 192. 168. 5. 48 28 192. 168. 5. 49 192. 168. 5. 2 192. 168. 5. 63 4 192. 168. 5. 64 28 192. 168. 5. 65 192. 168. 5. 78 192. 168. 5. 79 5 192. 168. 5. 80 28 192. 168. 5. 81 192. 168. 5. 94 192. 168. 5. 95 6 192. 168. 5. 96 28 192. 168. 5. 97 192. 68. 5. 110 192. 168. 5. 111 7 192. 168. 5. 112 28 192. 168. 5. 113 192. 168. 5. 126 192. 168. 5. 127 8 192. 168. 5. 128 28 192. 168. 5. 129 192. 168. 5. 142 192. 168. 5. 143 9 192. 168. 5. 144 28 192. 68. 5. 145 192. 168. 5. 152 192. 168. 5. 159 10 192. 168. 5. 160 28 192. 168. 5. 161 192. 168. 5. 174 192. 168. 5. 175 For the WAN links for annoy and EDN the lowest usable address on the networks must be used. Identify and use the lowest usable WAN address for your S0 larboard assigned to you for the two networks shown 1 Dundee209. 154. 17. 1 Edinburgh209. 154. 16. 1 For security reasons, all of the production work move will be assigned the lower-half of the IP addresses of the assigned subnet. All of the network devices and management stations will be assigned the upper-half of the IP address numbers of the subnet assigned for the LAN. From this upper half affirm of addresses, the Ethernet router emb rasure (the default gateway on each LAN) is to be assigned the highest usable address. Identify the required IP address of the Ethernet interface on your two routers. Address of your Ethernet interface on Dundee 192. 168. 6. 10 Address of your Ethernet interface on Edinburgh 192. 168. 5. 78 The host (PC) configurations must also be planned. Using the table, complete the host information. relegate DUN IP Address Range Production Host Range 192. 168. 6. 97192. 168. 6. 103 (Lower half) concern Host Range 192. 168. 6. 104192. 168. 6. 10 (Upper half) 5 marks for ranges of addresses Supply addresses for a production and management host. Production Host (1) IP Address192. 168. 6. 97 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 6. 110 Management Host (1) IP Address192. 168. 6. 104 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 6. 110 Branch EDN IP Address Range Production Host Range 192. 68. 5. 65192. 168. 5. 71 (Lower half) Management Host Range 192. 16 8. 5. 72192. 168. 5. 78 (Upper half) Supply addresses for a production and management host. Production Host (1) IP Address192. 168. 5. 65 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 5. 78 Management Host (1)IP Address192. 168. 5. 72 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 5. 78 Step 2 Basic Configuration Apply a basic configuration to the router. This configuration should include all the sane configuration items. You must supply one router configuration file. This will be either Dundee or Edinburgh. The router configuration files will be marked as follows Basic Configuration Router name Console and VTY configuration and passwords (use cisco, class and berril for condole with, secret and VTY passwords respectively) Interface configurations DTE/DCE identified appropriately and clockrates set only on DCE Routing limit and work (RIP is fine) Host tables Banner display before login warn of self-appointed doorway Basic Configuration (40 marks) Sec urity (ACLS Marked as part of step 3) 1. ACLs correct and utilise to correct interface in correct direction 10 2. ACLs correct but not applied to correct interface or direction 7 9 3. ACLs attempted but some errors or wrong placement 4 6 4. ACLs attempted but incorrect and not applied properly 1- 3 5. ACLs not attempted 0ACL Total (Total 10 marks) Step 3 Security There are several security concerns in the Internetwork. Develop Access Control Lists (ACLs) to address security issues. The following problems must be addressed 1. The production hosts in both the Edinburgh and Dundee networks are permitted HTTP access to the 172. 16. 0. 0 network, management hosts are permitted no access to this network. 2. The company has discovered an Internet Web server at 198. 145. 7. 1 that is cognize to contain viruses. All hosts are banned from reaching this site. The ACLs are worth 10 marks. Step 4 VLANsThis step is the final 20% of the coursework mark. To achieve this step you should conside r how you might use a VLAN to separate the production and management LANs. The goal is that neither network should be able to see the other network traffic. There is no additional guidance on this part of the skills test as you are expected to identify 1. An appropriate VLAN number to use for each VLAN. 2. An appropriate VLAN configuration. 3. Implement the VLAN and provide the switch configuration file(s) to show that the VLAN has been implemented. VLAN Marks The VLAN component will be marked as follows VLAN configured and correct configuration supplied 20 VLAN identified but configuration incomplete or incorrect 10 15 VLAN attempted 5 10 depending on aim of attempt VLAN not attempted 0 VLAN (Total 20 marks) Appendix Network device configurations pic pic pic pic pic pic pic pic pic pic Press RETURN to get started Routerenable Routerconfigure terminal go far configuration commands, one per line. end with CNTL/Z. Router(config) Router(config)hostname EDINBURGH EDINBURGH(confi g)line console 0 EDINBURGH(config-line)password ciscoEDINBURGH(config-line)login EDINBURGH(config-line) put across EDINBURGH(config)line vty 0 4 EDINBURGH(config-line)password cisco EDINBURGH(config-line)login EDINBURGH(config-line) croak EDINBURGH(config)enable password cisco EDINBURGH(config) consequence EDINBURGH %SYS-5-CONFIG_I configured from console by console EDINBURGHconfigure terminal Enter configuration commands, one per line. devastation with CNTL/Z. EDINBURGHen Password EDINBURGHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGH(config)enable secret class EDINBURGH(config) depart EDINBURGH SYS-5-CONFIG_I Configured from console by console pic pic EDINBURGHconfigure terminal Enter configuration commands, one per line. End with CNTL/Z. EDINBURGH(config)interface serial2/0 EDINBURGH(config-if)ip address 209. 154. 16. 1 255. 255. 255. 0 EDINBURGH(config-if)no conclusion %LINK-5-CHANGED Interface Serial2/0, changed recount to up EDINBURGH(conf ig-if)exit %LINEPROTO-5-UPDOWN Line communications protocol on Interface Serial2/0, changed state to up EDINBURGH(config)interface fastethernet0/0 EDINBURGH(config-if)ip address 192. 168. 5. 78 255. 255. 255. 240 EDINBURGH(config-if)no closedown LINK-5-CHANGED Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN Line protocol on Interface FastEthernet0/0, changed state to up EDINBURGH(config-if)exit EDINBURGH(config)router rip EDINBURGH(config-router)network 172. 16. 0. 0 EDINBURGH(config-router)network 192. 168. 6. 0 EDINBURGH(config-router)network 192. 168. 5. 0 EDINBURGH(config-router)network 209. 154. 16. 0 EDINBURGH(config-router)network 209. 154. 17. 0 EDINBURGH(config-router)exit EDINBURGH(config) banner motd warn of unlicensed access EDINBURGH(config) banner login do not enter if you are not authorized EDINBURGH(config)ip host DUN 209. 54. 17. 1 192. 168. 6. 110 EDINBURGH(config)ip host GLA 172. 16. 1. 254 209. 154. 16. 2 209. 154. 17. 2 EDINBURGH(config)exit EDINBURGH %SYS-5-CONFIG_I Configured from console by console EDINBURGHcopy running-config startup-config Destination filename startup-config? edifice configuration OK EDINBURGH EDINBURGHshow host Default bowl is not set Name/address lookup uses domain service Name servers are 255. 255. 255. 255 Codes UN unknown, EX expired, OK OK, revalidate temp temporary, perm permanent NA Not Applicable None Not definedHost style Flags Age Type Address(es) DUN None (perm, OK) 0 IP 192. 168. 6. 110 209. 154. 17. 1 GLA None (perm, OK) 0 IP 172. 16. 1. 254 209. 154. 16. 2 209. 154. 17. 2 EDINBURGH pic pic pic EDINBURGHshow r Building configuration Current configuration 1291 bytes magnetic variation 12. 2 no service timestamps log datetime msec no service timestamps debug datetime msec o service password-encryption hostname EDINBURGH enable secret 5 $1$mERr$9cTjUIEqNGurQiFU. ZeCi1 enable password cisco ip host DUN 192. 168. 6. 110 209. 154. 17. 1 ip host GLA 172. 16. 1. 25 4 209. 154. 16. 2 209. 154. 17. 2 interface FastEthernet0/0 ip address 192. 168. 5. 78 255. 255. 255. 240 ip access-group 100 in duplex auto speed auto interface FastEthernet1/0 no ip address duplex auto speed auto shutdown interface Serial2/0 ip address 209. 154. 16. 1 255. 255. 255. 0 ip access-group 10 out interface Serial3/0 no ip address shutdown interface FastEthernet4/0 o ip address shutdown interface FastEthernet5/0 no ip address shutdown router rip network 172. 16. 0. 0 network 192. 168. 5. 0 network 192. 168. 6. 0 network 209. 154. 16. 0 network 209. 154. 17. 0 ip classless access- listen 100 disavow tcp 192. 168. 5. 72 0. 0. 0. 7 172. 16. 0. 0 0. 0. 255. 255 eq www access-list 100 permit ip any any access-list 10 permit any access-list 10 deny host 198. 145. 7. 1 no cdp run banner login Cdo not enter if you are not authorizedC banner motd Cwarn of unauthorised accessC line con 0 password cisco login line vty 0 4 password cisco login endEDINBURGH EDINBURGHshow access-lists configuration EDINBURGH(config)access-list 100 deny tcp 192. 168. 5. 72 0. 0. 0. 7 172. 16. 0. 0 0. 0. 255. 255 eq 80 EDINBURGH(config)access-list 100 permit ip any any EDINBURGH(config)interface fastethernet0/0 EDINBURGH(config-if)ip access-group 100 in EDINBURGH(config-if)exit EDINBURGH(config)access-list 10 permit any EDINBURGH(config)access-list 10 deny host 198. 145. 7. 1 EDINBURGH(config)interface serial2/0 EDINBURGH(config-if)ip access-group 10 out EDINBURGH(config-if)exit EDINBURGH(config)exit EDINBURGH %SYS-5-CONFIG_I Configured from console by consoleEDINBURGHcopy running-config startup-config Destination filename startup-config? Building configuration OK EDINBURGH pic EDINBURGHshow access-lists Extended IP access list 100 deny tcp 192. 168. 5. 72 0. 0. 0. 7 172. 16. 0. 0 0. 0. 255. 255 eq www permit ip any any Standard IP access list 10 permit any deny host 198. 145. 7. 1 EDINBURGH pic EDINBURGHSWITCH CONFIGURATION Switchen Switchconfig t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)hostname EDINBURGHSWITCH EDINBURGHSWITCH(config)line console 0 EDINBURGHSWITCH(config-line)password ciscoEDINBURGHSWITCH(config-line)login EDINBURGHSWITCH(config-line)exit EDINBURGHSWITCH(config)line vty 0 4 EDINBURGHSWITCH(config-line)password cisco EDINBURGHSWITCH(config-line)login EDINBURGHSWITCH(config-line)exit EDINBURGHSWITCH(config)enable password cisco EDINBURGHSWITCH(config)exit EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)enable secret class EDINBURGHSWITCH(config)exit EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCH EDINBURGHSWITCHconfig tEnter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface vlan1 EDINBURGHSWITCH(config-if)ip address 192. 168. 5. 77 255. 255. 255. 240 EDINBURGHSWITCH(config-if)no shutdo wn %LINK-5-CHANGED Interface Vlan1, changed state to up %LINEPROTO-5-UPDOWN Line protocol on Interface Vlan1, changed state to up EDINBURGHSWITCH(config-if)ip default-gateway 192. 168. 5. 78 EDINBURGHSWITCH(config)exit EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHcopy running-config startup-config Destination filename startup-config? Building configuration OKEDINBURGHSWITCH EDINBURGHSWITCHvlan database % Warning It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. EDINBURGHSWITCH(vlan)vlan 10 name production VLAN 10 modified Name production EDINBURGHSWITCH(vlan)vlan 20 name management VLAN 20 added Name management EDINBURGHSWITCH(vlan)exit APPLY completed. EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet0/2 EDINBURGHSWITCH(config-if)switchport mode accessEDINBURGHSWITCH(config-if)switchport access vlan 10 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet0/3 EDINBURGHSWITCH(config-if)switchport mode access EDINBURGHSWITCH(config-if)switchport access vlan 10 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet 0/4EDINBURGHSWITCH(config-if)switchport mode access EDINBURGHSWITCH(config-if)switchport access vlan 20 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet0/5 EDINBURGHSWITCH(config-if)switchport mode a ccess EDINBURGHSWITCH(config-if)switchport access vlan 20 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHshow vlan VLAN Name Status Ports - 1 default active Fa0/1, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig1/1, Gig1/2 10 production active Fa0/2, Fa0/3 20 management active Fa0/4, Fa0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsupVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - - - 1 enet 100001 1500 0 0 10 enet 100010 1500 0 0 20 enet 100020 1500 0 0 1002 fddi 101002 1500 0 0 1003 tr 101003 1500 0 0 1004 fdnet 101004 1500 ieee 0 0 1005 trnet 101005 1500 ibm 0 0 Remote SPAN VLANs Primary Secondary Type Ports - EDINBURGHSWITCH pic pic pic