Server-PT Fa0 ig0/0 Se0/0/0 PC-PT Internet PC 911 ISP Se0/1/0 Fa0/1 Gig0/1 Gig0/0 2960-24TT HQ_Web_S1 HQWebServer Se0/0/0 Gi Se0/0/1) Se0/0/0 PC-PI Fa0 Fa0/5 R&D1(VLAN30) 2011 HQCore_1 | Gia0/0 Gig0/1 296P-P4TT HQ S1 C~0/1 Fa0/2 F Fa0/4 IF Fa0/4 50/1 Fa0/2 Fa0 Gig Fa0/1 Gig 2911 Branch Gig0/0 -2960-24TT Fa0/1 chFloor1 PC-PT Branch_Accounting(VLAN10) Fa0/2 Fa0 Gig0/2 2960-24TT BranchFloor2 PC-PT Branch_Engineering(VLAN20) Gig Gig0/1 2911 Gigo. Fa0 BranchEdge Se0/0/0 2911 HQCore_2 Gig0/0 Gig0/1 2911 Branch_BLD2 C 0/1 Fa0/5 Fa0 Fa0/2 2960-24TT HP IS2 F F F Fa0/4 PC-PT Mangement(VLAN40) Fa0/2 Fa0/2 29 0-24 Fa0/6 HQ S4 Fa0/5 Fa0 Fa0/5 2960-24TT Fa0/6 HQ_S3 Fa0 Fa0 PC-PT PC-PT PC-PT HR_PC1(VLAN20) PC-PT HR_PC2(VLAN20) SalesPC1(VLAN10$alesPC2(VLAN10) Server-PT BranchWebServer Configure DHCP for all networks utilizing the 172.16.0.0/16 address space 1. DHCP pool names should match (case sensitive) VLAN name Example - VLAN name = SALES, DHCP pool name = SALES 2. Exclude all addresses except for the last two addresses for each network 2. HQ Switches Trunks 1. All trunks should use VLAN 88 as the native VLAN 2. Use dot1q encapsulation 3. Should not negotiate the trunking protocol 4. Only allow configured VLANs across all trunks VLANs 1. VLAN 10 should be named SALES 2. VLAN 20 should be named HR 3. VLAN 30 should be named R&D 4. VLAN 40 should be named MANAGEMENT 5. VLAN 88 should be named NATIVE EtherChannel 1. Fa0/1 & Fa0/2 on all HQ switches should be in channel group 1 2. Fa0/3 & Fa0/4 on all HQ switches should be in channel group 2 3. Set the mode to be desirable on all channel groups 4. All trunk configuration should be done on the port channels Port Requirements 1. SalesPC1 & SalesPC2 should be on VLAN 10 2. HR_PC1 & HR_PC2 should be on VLAN 20 3. R&D1 should be on VLAN 30 4. Management should be on VLAN 40 5. Place port security only on appropriate interfaces 6. Set mac-address sticky 7. Set the maximum number of allowed mac-addresses to be 2 8. Set the violation mode to shutdown 9. Set the port mode to access Branch: 1. Branch Routers Should participate in OSPF 1. Use OSPF ID 10 2. Use area 0 3. All interfaces should not participate in OSPF by default Only interfaces that should participate in OSPF should be activated within OSPF 4. Advertise configured networks into OSPF Configure DHCP on BranchEdge for all networks utilizing the 192.168.20.0/24 address space 1. DHCP pool name should match VLAN name Example - VLAN name = ACCOUNTING, DHCP pool name = ACCOUNTING 2. Exclude all addresses except for the last two addresses for each network Branch_BLD1 1. Should be gateway for VLANS 10 & 20 2. Participates in OSPF (same OSPF settings as Branch Routers) 2. Branch Switches Trunks 1. All trunks should use VLAN 88 as the native VLAN 2. Use dot1q encapsulation 3. Should not negotiate the trunking protocol 4. Only allow configured VLANs across all trunks 2. Branch Switches Trunks 1. All trunks should use VLAN 88 as the native VLAN 2. Use dot1q encapsulation 3. Should not negotiate the trunking protocol 4. Only allow configured VLANs across all trunks VLANS 1. VLAN 10 should be named ACCOUNTING 2. VLAN 20 should be named ENGINEERING 3. VLAN 88 should be named NATIVE Port Requirements 1. Branch_Accounting should be on VLAN 10 2. Branch Engineering should be on VLAN 20 3. Place port security only on appropriate interfaces 4. Set mac-address sticky 5. Set the maximum number of allowed mac-addresses to be 2 6. Set the violation mode to shutdown 7. Set the port mode to access Basic Requirements: 1. All switches and routers should have the proper hostnames set based off of their already set labels 2. Connectivity Requirements All internal devices (not "internet") should be able to ping each other Internet PC should be able to ping HQWebServer via 12.34.5.60 Internet PC should be able to ping BranchWebServer via 12.34.5.67 Internet PC should not be able to ping 192.168.0.0/24 network Internet PC should not be able to ping 192.168.10.0/24 network Internet PC should not be able to ping 10.0.0.x/30 networks