 |
| In order: Building A, Central, Building B. |
Monday, 17 November 2014
Physical Network
All cabled up, the network looks like this:
VLC Streaming in a Browser
After creating VLC stream, I was wondering if there was a simpler way to offer streaming to users. Entering an IP address & port may be simple for someone familiar with computers, but for a casual user it may not be practical. To solve this, I decided to research and create a basic webpage to do so.
On the host machine, all I required a VLC plugin to be installed on to each computer being used.
<html>
<head><title>Faculty Video Stream</title></head>
<body>
<h1>Our currently streamed Video</h1>
<embed type="application/x-vlc-plugin"
name="stream"
autoplay="yes" loop="no" hidden="no" width="640" height="360"
target="[IPaddressVideoServer]:[Port]" />
</body>
</html>
By going to this webpage I created, a small window on the screen would automatically open the stream that is currently going through the network.
On the host machine, all I required a VLC plugin to be installed on to each computer being used.
<html>
<head><title>Faculty Video Stream</title></head>
<body>
<h1>Our currently streamed Video</h1>
<embed type="application/x-vlc-plugin"
name="stream"
autoplay="yes" loop="no" hidden="no" width="640" height="360"
target="[IPaddressVideoServer]:[Port]" />
</body>
</html>
By going to this webpage I created, a small window on the screen would automatically open the stream that is currently going through the network.
Monday, 3 November 2014
DOS attacks & LOIC
For my security testing, I decided to use Low Orbit Ion Cannon. A Denial of Server tool.
Firstly, using a portable mobile version, I was able to connect to the web server [faculty.school].
It was then able spam the web-server with false TCP traffic.
On to the server, I installed a network interface traffic tool, IPTraf. This showed the traffic being created to the Ethernet connection. Although the traffic isn't that much, around 2Mb of traffic. Without being stopped, this has the potential to add up vary quickly.
I passed this on to the security person of the network, Nathan, who was able to prevent this by applying storm control.
Firstly, using a portable mobile version, I was able to connect to the web server [faculty.school].
It was then able spam the web-server with false TCP traffic.
On to the server, I installed a network interface traffic tool, IPTraf. This showed the traffic being created to the Ethernet connection. Although the traffic isn't that much, around 2Mb of traffic. Without being stopped, this has the potential to add up vary quickly.
I passed this on to the security person of the network, Nathan, who was able to prevent this by applying storm control.
Saturday, 1 November 2014
DNS & Web Server working together
As shown in the screen shot below, entering the web address [http://faculty.school] it's able to create a connection to the web server via [10.0.2.66]. It also works with the FTP server, but changing "http" to "ftp".
Friday, 31 October 2014
Bind DNS Server on Ubuntu
To control the DNS records that I decided to create for the users of the network, I needed to create a DNS server on my Ubuntu machine. I used BIND DNS server on by Ubuntu server.
I firstly created a network zone, [faculty.school] that would be for the school network.
I firstly created a network zone, [faculty.school] that would be for the school network.
I then had to create the various DNS records for the school. By using the ip address of the web/FTP server [10.0.2.66] I was able to bind it to [faculty.school].
Friday, 24 October 2014
Testing Services in the Full network
In our complete network, I have been testing services.
For performance and security testing reasons, I have moved the DHCP services to a separate device on the network. Using the same address as before, I have connected a stand-alone router to use for DHCP on the central switch. Then the other services have remained on the Ubuntu server but with an updated IP address.
Separating the services has also helped performance has also been improved as the Ubuntu server is under-powered. I may also separate the video services at a later date to also help performance.
For performance and security testing reasons, I have moved the DHCP services to a separate device on the network. Using the same address as before, I have connected a stand-alone router to use for DHCP on the central switch. Then the other services have remained on the Ubuntu server but with an updated IP address.
Thursday, 16 October 2014
Basic VLC Streaming
As a backup alternative to Plex Media server, I also setup VLC streaming. It's much more simple, but of course limited. It is however useful for a local network.
First, starting up VLC I selected to Stream.
I was then lead to the following page where I selected the video(s) that I'l like to stream.
I then hit next to see the streaming options. I was going with http. You can customize the port and URL. I left the default on my network which would be (http://myIpAddress:8080). I can change that to the URL of my server etc.
The next page has options for trans-coding the video(s) being streamed. As I have already made the file to a suitable size/format, there's no need to add the additional processing requirements.
Client Side:
This time, as opposed to creating the stream, I need to join it. I navigated to "Open Network Stream".
I entered the URL of the VLC stream followed by the port I specified earlier.
The video(s) being streamed then were able to be opened successfully.
First, starting up VLC I selected to Stream.
I was then lead to the following page where I selected the video(s) that I'l like to stream.
I then hit next to see the streaming options. I was going with http. You can customize the port and URL. I left the default on my network which would be (http://myIpAddress:8080). I can change that to the URL of my server etc.
The next page has options for trans-coding the video(s) being streamed. As I have already made the file to a suitable size/format, there's no need to add the additional processing requirements.
Client Side:
This time, as opposed to creating the stream, I need to join it. I navigated to "Open Network Stream".
I entered the URL of the VLC stream followed by the port I specified earlier.
The video(s) being streamed then were able to be opened successfully.
Friday, 10 October 2014
Everything working and tested this week
So far, I've tested the following services:
DHCP
DNS
FTP
WEB
This are most the services I require on the network from the server and are all working successfully.
I've installed the necessary Mail server services, but will be testing the configuration on them today.
The final service I am needing to offer, is a video streaming service. I have successfully run one in my home testing network using Plex Media center. However, I discovered that to run it, a live internet connection is required for Flash to authenticate. So I will need to find an alternative for the network when running in MIT.
DHCP
DNS
FTP
WEB
This are most the services I require on the network from the server and are all working successfully.
I've installed the necessary Mail server services, but will be testing the configuration on them today.
The final service I am needing to offer, is a video streaming service. I have successfully run one in my home testing network using Plex Media center. However, I discovered that to run it, a live internet connection is required for Flash to authenticate. So I will need to find an alternative for the network when running in MIT.
Friday, 3 October 2014
Kali Linux on School Computers
Unfortunately I am unable to boot to Kali Linux in any form on the school computers.
When trying to boot from a live USB key, it is unsuccessful due to having the BIOS locked down.
Also, when trying to boot as a Virtual Machine, it has an odd error and attempts to load up Windows inside itself.
The default security also does not like the USB thanks to certain boot files:
When trying to boot from a live USB key, it is unsuccessful due to having the BIOS locked down.
Also, when trying to boot as a Virtual Machine, it has an odd error and attempts to load up Windows inside itself.
The default security also does not like the USB thanks to certain boot files:
Apache
Like Plex Media Server, I was able to test my Apache web server by entering the IP address of the server. Here's it tested on my phone below:
As shown, it's just displaying the default index.html; I can edit this later.
Wednesday, 1 October 2014
Plex Media Server
All tested in my home network.
After installing Plex Media Server on to my Ubuntu server, I was successfully able to stream media in my home network on different devices; Using the URL (192.168.1.64:32400/web). This was the current IP address of the computer, the port that the program was using to accept on, and /web to display the web interface of the program.
Once loaded, the interface is nice to use with it's web app, being able to stream (without problem) HD 720p content.
Update 01/10:
Unfortunately, what I did not realize is that the program requires an internet connection to the server to work. It is to authenticate flash which the program relies on. There does not appear to be an easy work around and I will have to find an alternative solution.
After installing Plex Media Server on to my Ubuntu server, I was successfully able to stream media in my home network on different devices; Using the URL (192.168.1.64:32400/web). This was the current IP address of the computer, the port that the program was using to accept on, and /web to display the web interface of the program.
Once loaded, the interface is nice to use with it's web app, being able to stream (without problem) HD 720p content.
Update 01/10:
Unfortunately, what I did not realize is that the program requires an internet connection to the server to work. It is to authenticate flash which the program relies on. There does not appear to be an easy work around and I will have to find an alternative solution.
Friday, 26 September 2014
Webmin
I installed another package, Webmin, which grants me a nice GUI for general settings and viewing what's happening with all my server services.
It's a little similar to the options in Windows server as well.
It's a little similar to the options in Windows server as well.
Friday, 19 September 2014
Apache Server
After installing all the packages for Apache server, I was able to test it on my local (home) network.
By using the IP address of my server, it was also able to work from another device (my phone) in the same network:
By using the IP address of my server, it was also able to work from another device (my phone) in the same network:
Friday, 12 September 2014
Solving the Ubuntu Error
As mentioned in the earlier post, I was getting errors installing packages. This was universal across any sort of packages, whether trying to install via CD or downloaded. This issue was also consistent on different builds of Ubuntu that I was trying.
The first step that most online forums were suggesting to try "apt-get update". Unfortunately this also brought errors and had no resolution.
As I was running version 13.04 (as 14+ only supports 64 bit), I decided to try the last .Iso release of 13.10. Once installed, I was successfully able to run the "apt-get update" as well as install packages without error. It appears that there's a problem updating slightly older versions.
I was then successfully able to also install a GUI using "apt-get install ubuntu-desktop".
The first step that most online forums were suggesting to try "apt-get update". Unfortunately this also brought errors and had no resolution.
As I was running version 13.04 (as 14+ only supports 64 bit), I decided to try the last .Iso release of 13.10. Once installed, I was successfully able to run the "apt-get update" as well as install packages without error. It appears that there's a problem updating slightly older versions.
I was then successfully able to also install a GUI using "apt-get install ubuntu-desktop".
Friday, 5 September 2014
Ubunutu Errors
For some unknown reason to me, on the current build of Linux I am using I am receiving package errors. I will try to have this resolved by the end of the week.
I've also tried installing "Kali Linux" to a virtual machine.
Friday, 29 August 2014
Penetration Testing
To help with this testing, I am currently downloading Kali Linux, a Linux designed for penetration testing.
Friday, 22 August 2014
Presentation Practice 2
For the second presentation I recreated my slides from the first one, making sure to include more details on where I'm up to. I thought it went alright, I just need to practice the finer details a little more.
Friday, 15 August 2014
Using DHCP Server in Simple Network #1
To test my DHCP server, I have created a basic network with 2 switches, an access point, and the server.
The server is currently connected to S1 via a layer 3 connection, the rest is layer 2.
After setting up all the parts, I have been able to connection to the wireless connections but been unable to gain an address via DHCP. I started debugging and received the following prompt on S1, the layer 3 switch.
 |
| I've used Packet Tracer to show what the network I've created looks like. |
After setting up all the parts, I have been able to connection to the wireless connections but been unable to gain an address via DHCP. I started debugging and received the following prompt on S1, the layer 3 switch.
Server Creation Part 2
The operating system which I have chosen to run my DHCP service along with others is Ubuntu.
The latest version of Ubuntu Server is currently 14.04. I would be using this, however my spare PC is x86 and this version of Ubuntu (Server) only supports a 64 bit processor. Therefore I have stepped back one edition to 13.04.
Like Windows, I attempted to install Ubuntu using a USB drive. However, a bug with these versions of Ubuntu throw up errors in the installation requesting the image to be inserted via a CD. The only way around this I found unnecessary, so I flashed the image to a CD and installed it that way.
Server Creation Part 1
For the next step in my network, I require the use of a physical DHCP server.
As a back-up to creating my Ubunutu Server, I have a second hard-drive which I will use for Windows Server 2008.
First, I did some testing creating a virtual machine running the O/S I plan on using. This is shows the DHCP service installed and running.
To install Windows on to my machine, I utilized an ISO image and flashed it to a USB drive to install using Microsoft software.
As shown above, there's my working Windows Server with my spare machine.
As a back-up to creating my Ubunutu Server, I have a second hard-drive which I will use for Windows Server 2008.
First, I did some testing creating a virtual machine running the O/S I plan on using. This is shows the DHCP service installed and running.
To install Windows on to my machine, I utilized an ISO image and flashed it to a USB drive to install using Microsoft software.
Friday, 8 August 2014
Solving Cisco Configuration Professional (CCP) not loading Correctly on Internet Explorer
On the school machines, CCP was not able to load correctly with the default Internet Explorer.
To over come this, I closed CCP and opened Internet Explorer separately.
I then hit 'alt', when up to the 'tools' option and selected 'Compatibility View settings'.
I then added the local host address of '127.0.0.1'.
I then restarted CCP successfully.
Current Progress
Using virtual machines, I have been experimenting with two alternatives to Ubuntu, Windows server 2003 & Windows Server 2008.
What I have discovered is that they're much easier to use (initially) when starting to set up, as they can be created with a full desktop experience. That means that I would not need to necessarily rely on CLI. However, I am still choosing to pursue Ubuntu server as it's open-sourced at no cost and is widely supported online. I may use the 'simple' windows servers initially before I have Linux running fully to test DHCP etc.
Fortunately for Ubuntu, I have found to very helpful pages that shows the setup of many primary resources that I will need to:
Ubuntu 14.04
https://help.ubuntu.com/14.04/index.html
Ubuntu 12.04
https://help.ubuntu.com/12.04/index.html
I have also been researching programs that may be useful to for video streaming, Plex Media Server and VLC media player. Both are supported on Ubunutu & Windows.
For the beginning of my stress testing, I have been looking at DDOS attacks. These I could put through the network using a program called "High Orbit Ion Cannon", a piece of software that generates fake users & connections to the server attempting to overload it.
What I have discovered is that they're much easier to use (initially) when starting to set up, as they can be created with a full desktop experience. That means that I would not need to necessarily rely on CLI. However, I am still choosing to pursue Ubuntu server as it's open-sourced at no cost and is widely supported online. I may use the 'simple' windows servers initially before I have Linux running fully to test DHCP etc.
Fortunately for Ubuntu, I have found to very helpful pages that shows the setup of many primary resources that I will need to:
Ubuntu 14.04
https://help.ubuntu.com/14.04/index.html
Ubuntu 12.04
https://help.ubuntu.com/12.04/index.html
I have also been researching programs that may be useful to for video streaming, Plex Media Server and VLC media player. Both are supported on Ubunutu & Windows.
For the beginning of my stress testing, I have been looking at DDOS attacks. These I could put through the network using a program called "High Orbit Ion Cannon", a piece of software that generates fake users & connections to the server attempting to overload it.
Friday, 1 August 2014
Real-World Network Address Testing
As Nathan and I discussed, giving both our buildings the same address range would create a dis-contiguous network, resulting in lost packets and a confused routing protocol. Because of this, we decided the two separate buildings would have separate networks that both grant the same privileges. The only way to overcome this without having two separate networks would be to use a tunnel, which creates unnecessary stress and overhead to our network.
To check this idea, I went to three separate areas of the MIT wireless network to capture the address information from each block. First the Library, secondly P Block, and lastly JKL Block.
As these three screenshots show, although the network is always "MIT-Wireless", the ip address is actually in different subnets. Most the addresses remain the same, which makes sense, but each separate building is treated as a different network.
DHCP with layer 3
Thanks to the help of Nathan, we were able to solve the issue resolving in DHCP requests/addresses being returned to users through a layer 3 network.
Once turning on debugging on the DHCP server, in our testing case we were using a router for simplicity, it was apparent that the server was receiving the requests from hosts. However, once the request is sent, the reply is not received. It turned out that the problem lied with the routing protocol, not DHCP itself. To solve the issue a redistribute subnets command was applied to the edge layer 3 routers.
So that the users are given the correct address/network, an SVI with a corresponding network address in a vlan is used. So that when the broadcast is sent, it shows as that network, therefore receiving an address from the correct network. There is also a ip-helper command applied to each Vlan.
Friday, 25 July 2014
Ubuntu Server 14.04 x64 with VirtualBox
Before setting up the physical servers, I wanted to create a virtualized scenario so that I can replicate what I'll be needing without having to set up independent machines.
I decided to choose Ubuntu thanks to it's wide support and also being free for anyone to use.
Firstly, I needed the ISO's of the Linux build I'd be using as well as the virtualization software, VirtualBox.
For the installation of the operating system on to the virtual machine, I also needed a virtual disk drive which I could mount the image to.
Lastly shows the VirtualBox with the different "machines" I have created along with their settings.
Gantt Chart Update
I have revised and updated my Gantt Chart for keeping track of my time spent/planned.
Thursday, 17 July 2014
Current Progress
So far, the wireless users are able to connect and receive an ip address automatically with the shrunken network. However, when expanding the network in size. I'm having difficulty getting the ip-helper to correctly function, and will require further research. It's having trouble using encapsulation through layer 3 without address.
The other research I did look up was for the exit routers, HSRP vs GLBP. GLBP has the advantage for being able to easily load balance, however it is not supported by the 3650 switches that we have available to use in our network.
The other research I did look up was for the exit routers, HSRP vs GLBP. GLBP has the advantage for being able to easily load balance, however it is not supported by the 3650 switches that we have available to use in our network.
Wednesday, 2 July 2014
Multiple SSID's & Network addresses
Using the same layer 2 network I have been teaching myself with, I was finally able to create a multi-addressing scheme with more than one SSID being broadcasted.
In my test network, I created a connection between a router, switch and the wireless access point. Both router and access point were connected to the switch via a trunk-ed connection, which allows multiple network ranges to be transmitted over one connection. I then created 3 DHCP pools on the router, the first one for management connections (& native vlans), and the second & third being the two test wireless networks that'll be allocated to different SSID's (Network10 & Network20).
The first step was to create an SSID, allocate a Vlan which it's use, along with setting it's authentication method and password.
Dot11 ssid <NetworkName>
>Vlan <ID>
>Authentication open
>Authentication key-management wpa
>wpa-psk ascii <0/7> <password>
>Mbssid Guest-mode
Next was to go on to the wireless interface, and apply the encryption used on each Vlan. Then the SSID's that'll be broadcasted via the wireless interface. Lastly "Mbssid" to tell the interface that there are to be multiple networks broadcasted.
Interface dot11Radio <0/1>
>encryption vlan <ID> mode ciphers tkip
>ssid <NetworkName>
>Mbssid
As there are all multiple wireless networks sharing single interfaces, I had to enable encapsulation. The "bridge-group" command binds the radio interface with the fastEthernet connection. I used the same numbers as what I used on the Vlans to avoid confusion.
Interface dot11Radio <0/1>.<ID>
>encapsulation dot1Q <ID>
>bridge-group <ID>
Interface fastEthernet 0.<ID>
>encapsulation dot1Q <ID>
>bridge-group <ID>
The last commands I needed to apply was "bridge irb", because the access point doesn't do routing and finally to turn on the interface.
bridge irb
Interface dot11Radio <0/1>
>no shutdown
Next I did the testing.
In my test network, I created a connection between a router, switch and the wireless access point. Both router and access point were connected to the switch via a trunk-ed connection, which allows multiple network ranges to be transmitted over one connection. I then created 3 DHCP pools on the router, the first one for management connections (& native vlans), and the second & third being the two test wireless networks that'll be allocated to different SSID's (Network10 & Network20).
The first step was to create an SSID, allocate a Vlan which it's use, along with setting it's authentication method and password.
Dot11 ssid <NetworkName>
>Vlan <ID>
>Authentication open
>Authentication key-management wpa
>wpa-psk ascii <0/7> <password>
>Mbssid Guest-mode
Next was to go on to the wireless interface, and apply the encryption used on each Vlan. Then the SSID's that'll be broadcasted via the wireless interface. Lastly "Mbssid" to tell the interface that there are to be multiple networks broadcasted.
Interface dot11Radio <0/1>
>encryption vlan <ID> mode ciphers tkip
>ssid <NetworkName>
>Mbssid
As there are all multiple wireless networks sharing single interfaces, I had to enable encapsulation. The "bridge-group" command binds the radio interface with the fastEthernet connection. I used the same numbers as what I used on the Vlans to avoid confusion.
Interface dot11Radio <0/1>.<ID>
>encapsulation dot1Q <ID>
>bridge-group <ID>
Interface fastEthernet 0.<ID>
>encapsulation dot1Q <ID>
>bridge-group <ID>
The last commands I needed to apply was "bridge irb", because the access point doesn't do routing and finally to turn on the interface.
bridge irb
Interface dot11Radio <0/1>
>no shutdown
Next I did the testing.
 |
When scanning for wireless connections, both of my networks "Network10" & "Network20" came up with authentication. Like what I set above, the security was "WPA PSK".
 |
| As shown, when I've connected to each of the wireless networks it allocated different IP addresses and default gateways. |
 |
| Above is a screenshot from the router, showing the addresses that had been given via DHCP. You can see the two different addresses that my phone was allocated, as it has the same MAC address. |
Next step will be to get the same idea working over a layer 3 network.
Thursday, 26 June 2014
Simple Wireless Connection & SSID
Using the help of Cisco Support, I was able to create a simple SSID to broadcast from the access point as well as have a wireless device to connect to it. Here's some of the code used:
Dot11 ssid test
>Vlan 1
>Authentication open
>Mbssid Guest-mode
Int dot11 0
>ssid test
>Mbssid
>encryption vlan 1 mode wep mandatory
>encryption vlan 1 key 1 size 40bit 0 0123456789
interface Dot11Radio0.1
>encapsulation dot1Q 1 native
>bridge group 1
interface FastEthernet0.1
>bridge group 1
>encapsulation dot1Q 1 native
bridge irb
bridge 1 route ip
wr
Dot11 ssid test
>Vlan 1
>Authentication open
>Mbssid Guest-mode
Int dot11 0
>ssid test
>Mbssid
>encryption vlan 1 mode wep mandatory
>encryption vlan 1 key 1 size 40bit 0 0123456789
interface Dot11Radio0.1
>encapsulation dot1Q 1 native
>bridge group 1
interface FastEthernet0.1
>bridge group 1
>encapsulation dot1Q 1 native
bridge irb
bridge 1 route ip
wr
Combined with the network I created earlier, of a router and switch, the router was able to give out addresses via DHCP.
Scanning with my phone, I was able to discover the SSID of "test".
 |
| This was the status notification on the access point when my phone connected/disconnected. |
 |
| As shown on the screen shot above, shown and checked using a networking application, the phone was automatically allocated an IP address and default gateway. (Ignore the DNS info, that's not set on the router as of yet) |
 |
| The phone was also able to successfully ping the default gateway. |
Thursday, 19 June 2014
Cisco Aironet 1200 Wireless Access Point GUI access
The key concern that was causing me issue was being unable to access the GUI via an internet browser like what most Cisco resources referred to, Generally being very brief such as "Enter 10.1.10.1 etc" in to your browser.
Firstly, I created a basic network with the access point, a computer, a switch, and a router. It's visually replicated on Packet Tracer below to show the rough layout.
ip dhcp excluded-address 192.168.1.254
ip dhcp pool TEST
>network 192.168.1.0 255.255.255.0
>default-router 192.168.1.254
This allocated the PC connected a basic address and was able to communicate with the router.
(The switch does not need any configuration for this basic network, which is used for access testing.)
This network so far was working, accept for the access point. It was not communicating although the interface was up. At first I attempted to give the Fast-Ethernet connection a address manually, but this did not let it connect to the network correctly. What I discovered was for the physical connection, you apply the address to the "BVI 1" interface. I used the following code so that it acquired an address for the DHCP server:
interface BVI1
>ip address dhcp
This gave the interface an address automatically for the sake of testing the GUI. In a final network I would be using static address. After the address were applied, it brought up the interface and I was then able to connect to the access point via a GUI (Using the address provided by the DHCP server). All default passwords/usernames were "Cisco".
Progress Report
I spent last week focusing on my mid-project progress report, of which I handed in on time before the due date without requiring an extension.
Monday, 9 June 2014
Current Wireless State
With the help of a Cisco Wireless chapter, I have managed to configure the wireless Lan controller.
Although guides have not been help thus far, next step is to configure the wireless access point for end user connectivity.
Although guides have not been help thus far, next step is to configure the wireless access point for end user connectivity.
Tuesday, 27 May 2014
Routing - OSPF
Using a simple OSPF configuration, we are able to get full adjacency to the backbone network. This setup has the suitable network & wildcard mask.
ip routing
router ospf 1
network 10.0.2.0 0.0.0.63 area 1
ip routing
router ospf 1
network 10.0.2.0 0.0.0.63 area 1
Monday, 26 May 2014
Beginning Wireless Configuration pt1
Starting my wireless configuration.
As the interface is modular, the name is: (service-module Integrated-Service-Engine 1/0)
Will continue learning to configure correctly tomorrow.
As the interface is modular, the name is: (service-module Integrated-Service-Engine 1/0)
Thursday, 22 May 2014
My Components
Wireless:
Cloud Services/Servers:
Penetration Testing:
Additional:
- The wireless will be provided for guests & staff.
- The guest wireless is only for access to the internet
Cloud Services/Servers:
- Services
- File, mail & web servers.
- Video on demand (with prioritization)
- The location
- The physical connections in relation to other hardware
Penetration Testing:
- Breaking the network
- Exploits
- Software
- Documenting
Additional:
- Creating an interface for the cloud services.
Creating the baseline network pt1
The first part we needed to decide upon and create was the physical topology & accompanying addressing scheme.
With the hardware available to us in the network room, we decided to primarily utilize layer 3 switches for our backbone (core/distribution). This was due to the fact that these switches were both able to do routing (like a router) and the amount of fast Ethernet ports (24) in comparison to the typical (2) on a router. This is both cost effective and still provides good performance.
Using the 10.0.0.0/8 addressing block:
Students: 10.2.0.1 - 10.3.255.254 /15
Academic Staff + WLAN: 10.1.0.1 - 10.1.255.254 /16
Registry: 10.0.0.1 - 10.0.0.126 /25
Payroll: 10.0.0.129 - 10.0.0.254 /25
Management: 10.0.2.1 - 10.0.3.254 /23
Guest WLAN: 10.100.0.1 - 10.100.255.254 /16With the hardware available to us in the network room, we decided to primarily utilize layer 3 switches for our backbone (core/distribution). This was due to the fact that these switches were both able to do routing (like a router) and the amount of fast Ethernet ports (24) in comparison to the typical (2) on a router. This is both cost effective and still provides good performance.
 |
| BAS="Building 'A' Switch" CENS="Central Switch" BBS="Building 'B' Switch" |
For each of the two buildings in our network, there'll be two switches at the core. For redundancy, there are multiple connections between each switch. The central switches will then have connections to two routers, one as a backup connection.
Creating the baseline network pt3
Left to configure:
VLAN configuration:
VLAN configuration:
- CENS1 will be a VTP Server (running Version 3, as Primary Server, if possible) as well as CENS2 (also running Version 3, as secondary server.). All other switches will be configured as VTP Clients in order to propagate VLAN's across the network.
Spanning Tree:
- Setting up Rapid-PVST to quickly propagate information
Creating the baseline network pt2
To increase the speed of each connection between each device in our core network, we have utilized Etherchannel. This treats each group of multiple connections as one, therefore creating a faster connection.
Here's an example of the configuration that we can insert in to one of our central switches.
#CenS1
interface port-channel 1
no switchport
ip address 10.0.2.1 255.255.255.252
exit
interface range fastethernet0/1-2
no switchport
channel-group 1 mode active
exit
interface port-channel 2
no switchport
ip address 10.0.2.5 255.255.255.252
exit
interface range fastethernet0/3-4
no switchport
channel-group 2 mode active
exit
interface port-channel 3
no switchport
ip address 10.0.2.9 255.255.255.252
exit
interface range fastethernet0/5-6
no switchport
channel-group 3 mode active
exit
interface port-channel 4
no switchport
ip address 10.0.2.13 255.255.255.252
exit
interface range fastethernet0/7-8
no switchport
channel-group 4 mode active
exit
interface port-channel 5
no switchport
ip address 10.0.2.17 255.255.255.252
exit
interface range fastethernet0/9-10
no switchport
channel-group 5 mode active
exit
Here's an example of the configuration that we can insert in to one of our central switches.
#CenS1
interface port-channel 1
no switchport
ip address 10.0.2.1 255.255.255.252
exit
interface range fastethernet0/1-2
no switchport
channel-group 1 mode active
exit
interface port-channel 2
no switchport
ip address 10.0.2.5 255.255.255.252
exit
interface range fastethernet0/3-4
no switchport
channel-group 2 mode active
exit
interface port-channel 3
no switchport
ip address 10.0.2.9 255.255.255.252
exit
interface range fastethernet0/5-6
no switchport
channel-group 3 mode active
exit
interface port-channel 4
no switchport
ip address 10.0.2.13 255.255.255.252
exit
interface range fastethernet0/7-8
no switchport
channel-group 4 mode active
exit
interface port-channel 5
no switchport
ip address 10.0.2.17 255.255.255.252
exit
interface range fastethernet0/9-10
no switchport
channel-group 5 mode active
exit
The Baseline Network
Working together with Nathan, we'll be creating and sharing a baseline network.
The network we're creating is for 2 new buildings in an already existing school network. However, it is treated as it's own individual network.
The parts shared between the two of us are:
The parts shared between the two of us are:
- Designing the topology
- The addressing scheme
- Connectivity
- Choosing baseline protocols
- Building the model
My 2014 Project Focus
For my final year Bachelors project I decided on 3 main research topics.
They are:
Wireless networking
Cloud Computing/Servers
Penetration (Security) Testing
They are:
Wireless networking
Cloud Computing/Servers
Penetration (Security) Testing
Subscribe to:
Comments (Atom)