You Are Setting Up A Small Internal Network With 3 Different

You Are Setting Up A Small Internal Network With 3 Different Workgroup

You are setting up a small internal network with three different workgroups—A, B, and C—and need to configure routers and switches accordingly. The configuration must adhere to specific requirements related to device naming, VLAN assignment, IP addressing, subnetting, device management, security, and network monitoring. This task involves configuring hostnames, domain names, VLANs, IP subnets, DHCP, NTP, syslog, SSH access, user authentication, device security, and configuration backups. Additionally, manual configurations for specific devices, including routers, switches, servers, and PCs, are necessary to ensure proper functionality and security in the network environment.

Paper For Above instruction

Introduction

Setting up an internal enterprise network involves meticulous planning and configuration to ensure functionality, scalability, security, and manageability. When designing a network with multiple workgroups, each with distinct subnet requirements, it is essential to allocate appropriate IP address ranges, VLANs, and device configurations. This paper discusses the systematic approach to establishing a small internal network with three workgroups (A, B, and C), focusing on device naming conventions, IP addressing, VLAN segmentation, device security, management protocols, and redundancy. The goal is to create an efficient, scalable, and secure network infrastructure that can accommodate future growth and provide robust management and monitoring capabilities.

Network Design and Addressing

The network operates within the 172.18.128.0/23 address space, which provides 512 IP addresses, of which the last 16 addresses are reserved for point-to-point links using the last /28 subnet. To optimize address utilization and allow for 25% growth, each workgroup is assigned a subnet with a prefix length tailored to its current and future needs.

For Workgroup A, which requires 31 hosts, the subnet mask chosen is /27 (32 addresses), providing up to 30 usable IP addresses, with room for expansion. Workgroup B, with 16 hosts, is assigned a /28 subnet, offering 14 usable addresses, sufficient for its current and future growth. Workgroup C, requiring 102 hosts, needs a /25 subnet (128 addresses), which provides 126 usable IP addresses, accommodating growth beyond the current size. The last /28 subnet of the /23 network is reserved explicitly for point-to-point links, avoiding overlaps.

Each subnet defines its network address, broadcast address, and range of host addresses. For instance, Workgroup A's subnet might be 172.18.128.0/27, with 172.18.128.1 used for the default gateway, 172.18.128.2 for the switch, and the IT server in Workgroup C's subnet assigned to the first IP address for optimal management.

Device Naming and VLAN Configuration

Following a consistent naming convention enhances network management. Each device is named according to its device type and workgroup (e.g., Switch-A, Router-B). All devices are assigned the domain name 'mis351.edu'. No device should use the default VLAN, and each workgroup’s ports are assigned to their designated VLANs: VLAN 101 for Workgroup A (WrkGrpA), VLAN 102 for B (WrkGrpB), and VLAN 103 for C (WrkGrpC). All ports connecting workstations, servers, and switches are accordingly configured to ensure proper segmentation, with trunk ports configured on switches for inter-switch links.

Host and Gateway Configuration

Each workgroup's default gateway is set to the highest IP address in its subnet. Switches receive IP addresses assigned as the second-to-last IP in the subnet for management access. The IT server in Workgroup C is configured with the first IP address in that subnet. The IT server's NIC operates at 100MB/full duplex, and its connected switch port is configured accordingly to match duplex and speed settings.

PCs within each workgroup acquire IP configuration dynamically from the IT server’s DHCP service, which is configured with scope options aligned for each subnet. This dynamic assignment ensures streamlined IP management and easier device addition.

Security and Management Protocols

All network devices are configured to send logs to the IT server's syslog service, aiding in network monitoring and troubleshooting. The devices’ clocks and calendars synchronize with the IT server’s NTP server to maintain consistent timekeeping, vital for log accuracy and scheduled tasks.

For remote management, SSH is configured on all routers and switches, replacing insecure protocols like Telnet. Access is secured with local username and password authentication, with credentials stored in encrypted formats. Specifically, 'netadmin' with password '$uper@dmin' grants management privileges. Console and SSH access are restricted, enhancing security against unauthorized access.

Device Security and Configuration Backup

The 'netadmin' user account's password is encrypted using service-specific command encryption options. All device configurations are saved to prevent loss upon reboot, with startup configurations copied to the IT server’s TFTP server for centralized management and backup. This process ensures configuration consistency, ease of recovery, and adherence to best practices in network administration.

Implementation Steps

The implementation involves sequentially configuring:

- Routers: hostname, VLAN-related interfaces, routing protocols, clock, NTP, syslog, SSH, and saving configs.

- Switches: hostname, VLANs, port assignments, management IPs, SSH, syslog, save configs.

- Servers and PCs: static or dynamic IP configuration, connect to correct VLAN and port.

- Interconnects: trunk links, point-to-point links designated in the last /28 subnet.

This structured approach guarantees proper segmentation, security, and manageability of the network.

Conclusion

Establishing a small internal network with multiple workgroups requires careful planning of IP addressing, VLAN segmentation, device security, and management practices. Implementing consistent naming conventions, secure remote management, centralized logging, synchronized timekeeping, and reliable backups ensure the network operates efficiently and securely. Proper execution of these configurations leads to a resilient and scalable infrastructure capable of supporting organizational growth and providing a foundation for future network enhancements.

References

  • Cisco. (2020). Cisco IOS Configuration Fundamentals. Cisco Press.
  • Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach. Pearson.
  • Odom, W. (2018). CCNA 200-125 Official Cert Guide. Cisco Press.
  • Lammle, T. (2019). Cisco CCNA Simplified. Sybex.
  • Mitchell, N. (2019). Network Security Essentials. Pearson.
  • Seifert, R. (2020). Network+ Guide to Managing and Troubleshooting Networks. McGraw-Hill Education.
  • Hucaby, D. (2018). Cisco LAN Switching Fundamentals. Cisco Press.
  • Lan, J. (2021). Mastering VLANs and Trunking. Network World.
  • Hunt, R. (2019). Practical Network Security. O'Reilly Media.
  • Stone, C. (2020). Managing Network Infrastructure: Best Practices. Wiley.

Related Assignments