network 204 week 7 course project PHASE111 ..

Task 1: Configure the NY router as a DHCPv4 server for the executive and engineering VLAN.

Task 2: Restrict Access to the VTY Lines to only come from Native&Management VLAN

Task 3: Configure static and dynamic NAT on NY

Task 4: Secure the network services

Task 5: Verify that your project meets the above requirements. Write a summary of what you did and explain what you have learned in the process.

PHASE III (70 Points Total)Due Week 7 Task 1: Configure the NY router as a DHCPv4 server for the executive and engineering VLAN. (4 points) Configuration Task Required Information Points Reserve the first 10 IP addresses in VLAN 15 for static configurations. (1 point) Reserve the first 10 IP addresses in VLAN 25 for static configurations. (1 point) Create a DHCP pool for VLAN 15. Name: EXECUTIVE DNS-Server: 192.168.1.45 Domain-Name: hitech.net Set the default gateway. (1 point) Create a DHCP pool for VLAN 25. Name: ENGINEERING DNS-Server: 192.168.1.45 Domain-Name: engineering.com Set the default gateway. (1 point) Task 2: Restrict Access to the VTY Lines to only come from Native&Management VLAN. (15 points) Configuration Task Configure a named access list to only allow Native&Management VLAN to SSH to the routers. Required Information ACL Name: NETMGMT Points 5 Apply the named ACL to the VTY lines. 5 Verify ACL is working as expected. 5 Task 3: Configure static and dynamic NAT on NY. (25 points) Configuration Task Required Information Points Create a local database with one user account. Use the command username webadmin privilege 15 secret cisco123. Username: webadmin Password: cisco123 Privilege level: 15 5 Enable HTTP server service. ip http ? 2 Configure the HTTP server to use the local database for authentication. ip http authentication ? Create a static NAT to the web server. Inside Global Address: 209.107.23.66 --> 2 Configure NY's Loopback 0 interface with the following IP address. This is a simulated internal web server. 192.168.1.200/32 Assign the inside and outside interface for the static NAT. 192.168.1.200 209.107.23.66 /26 2 1 1 Configure the dynamic NAT inside private ACL. Access List: 10 Allow the executive and engineering networks on NY to be translated. Allow a summary of the LANs (loopback) networks on IL and CA to be translated. Do not allow the Services and Native&Management VLANs to be translated. 5 Define the pool of usable public IP addresses. Pool Name: THE_NET Pool of addresses include: 209.107.23.68 - 209.107.23.75 5 Define the dynamic NAT translation. 2 Task 4: Secure the network services. (16 points) Configuration Task Configure an extended ACL to allow Internet hosts WWW access to the simulated web server on NY by accessing the static NAT address (209.107.23.66 /26) that you configured in Task 3; allow Internet hosts DNS access to the simulated web server on NY by accessing the static NAT address (209.107.23.66 /26) that you configured in Task 3; and prevent traffic from the Internet from pinging internal networks, while continuing to allow LAN interfaces to ping the Internet hosts. Apply ACL to the appropriate interface(s). Required Information ACL No.: 105 Points 10 6 Task 5: Verify that your project meets the above requirements. Write a summary of what you did and explain what you have learned in the process. (10 points)