| 102 | | |
| 103 | | ||= **FAC1** =||= **IPv4** =||= **IPv6** =|| |
| 104 | | || VLAN02 || 10.XY.02.1 || - || |
| 105 | | || VLAN05 || 10.XY.05.254 || 2401:DD00:20XY:5::FFFF/64 || |
| 106 | | || VLAN10 || 10.XY.10.254 || 2401:DD00:20XY:1110::FFFF/64 || |
| 107 | | || VLAN20 || 10.XY.20.254 || 2401:DD00:20XY:1120::FFFF/64 || |
| 108 | | || VLAN30 || 10.XY.30.254 || 2401:DD00:20XY:1230::FFFF/64 || |
| 109 | | |
| 110 | | |
| 111 | | ---- |
| 112 | | |
| 113 | | |
| 114 | | ||= **FAC2** =||= **IPv4** =||= **IPv6** =|| |
| 115 | | || VLAN03 || 10.XY.03.1 || - || |
| 116 | | || VLAN60 || 10.XY.60.254 || 2401:DD00:20XY:2160::FFFF/64 || |
| 117 | | || VLAN70 || 10.XY.70.254 || 2401:DD00:20XY:2270::FFFF/64 || |
| 118 | | || VLAN80 || 10.XY.80.254 || 2401:DD00:20XY:2280::FFFF/64 || |
| 315 | | == Distribution Layer == |
| 316 | | |
| 317 | | |
| 318 | | |
| | 298 | == VLAN Structure == |
| | 299 | |
| | 300 | Now we need to create VLANs in each L3 device and configure inter-VLAN routing. We will start with FAC1. |
| | 301 | |
| | 302 | === VLANs for FAC1=== |
| | 303 | |
| | 304 | ||= **FAC1** =||= **VLAN Name** =||= **IPv4** =||= **IPv6** =|| |
| | 305 | || VLAN02 || FAC1_MGT || 10.XY.02.1 || - || |
| | 306 | || VLAN05 || Servers || 10.XY.05.254 || 2401:DD00:20XY:5::FFFF/64 || |
| | 307 | || VLAN10 || Dept1 || 10.XY.10.254 || 2401:DD00:20XY:1110::FFFF/64 || |
| | 308 | || VLAN20 || Dept2 || 10.XY.20.254 || 2401:DD00:20XY:1120::FFFF/64 || |
| | 309 | || VLAN30 || Dept3 || 10.XY.30.254 || 2401:DD00:20XY:1230::FFFF/64 || |
| | 310 | |
| | 311 | * First Create VLANs and provide a suitable description. |
| | 312 | |
| | 313 | {{{ |
| | 314 | Fac1(config)# vlan 2 |
| | 315 | Fac1(config-vlan)# name FAC1_MGT |
| | 316 | Fac1(config-vlan)# exit |
| | 317 | }}} |
| | 318 | |
| | 319 | Repeat the same for other VLAN's as well. |
| | 320 | |
| | 321 | * Then we need to create vlan interfaces and assign routing. |
| | 322 | |
| | 323 | {{{ |
| | 324 | Fac1(config)# interface vlan 2 |
| | 325 | Fac1(config-if)# ip address 10.XY.2.1 255.255.255.0 |
| | 326 | Fac1(config-if)# ip ospf 1 area 2 |
| | 327 | Fac1(config-if)# exit |
| | 328 | }}} |
| | 329 | |
| | 330 | Following illustrates the dual stack connectivity. |
| | 331 | |
| | 332 | {{{ |
| | 333 | Fac1(config)# interface vlan 5 |
| | 334 | Fac1(config-if)# ip address 10.XY.5.254 255.255.255.0 |
| | 335 | Fac1(config-if)# ip ospf 1 area 2 |
| | 336 | Fac1(config-if)# ipv6 address 2401:DD00:20XY:5::FFFF/64 |
| | 337 | Fac1(config-if)# ipv6 ospf 1 area 2 |
| | 338 | Fac1(config-if)# exit |
| | 339 | }}} |
| | 340 | |
| | 341 | * Continue same for the VLAN 10, 20 and 30. |
| | 342 | |
| | 343 | === VLANs for FAC2=== |
| | 344 | |
| | 345 | * Configure above same configurations on FAC2 switch for the following VLAN data |
| | 346 | |
| | 347 | ||= **FAC2** =||= **VLAN Name** =||= **IPv4** =||= **IPv6** =|| |
| | 348 | || VLAN03 || FAC2_MGT || 10.XY.03.1 || - || |
| | 349 | || VLAN60 || Dept4 || 10.XY.60.254 || 2401:DD00:20XY:2160::FFFF/64 || |
| | 350 | || VLAN70 || Dept5 || 10.XY.70.254 || 2401:DD00:20XY:2270::FFFF/64 || |
| | 351 | || VLAN80 || Dept6 || 10.XY.80.254 || 2401:DD00:20XY:2280::FFFF/64 || |
| | 352 | |
| | 353 | |
| | 354 | == Assign Interfaces to VLANs == |
| 651 | | ==== Router Configuration ==== |
| 652 | | Now you have complete most of the IPv4 Configurations. Go to DeptPC1 and try a ping to the DNS server (192.248.1.161). You will not get a reply. That is because your PC have a private IP. There must be a method to connect to the outside using a private IP. What we use here is adding a NAT in !BorderRt router. There are different NAT types what we use here is the method called NAT overload. In this method we can assign set of local(private) IP's and overload it to a interface with a global(public) IP. So the outside the network will see the traffic coming from local IP's as traffic coming from the global IP. Let's add this configuration to your router. |
| 653 | | - Login to !BorderRt Router and switch to config mode |
| 654 | | - Let's define the local IP set in a ACL. |
| 655 | | {{{ |
| 656 | | BorderRt(config)#access-list 1 permit 10.0.0.0 0.0.255.255 |
| 657 | | }}} |
| 658 | | - Then dd the NAT entry. In your router public IP is assign to !FastEthernet 0/1 interface |
| 659 | | {{{ |
| 660 | | BorderRt(config)#ip nat inside source list 1 interface FastEthernet0/1 overload |
| 661 | | }}} |
| 662 | | - Then define NAT inside & NAT outside. NAT inside is your router's LAN port and Nat outside is your router's WAN port. |
| 663 | | {{{ |
| 664 | | BorderRt(config)#interface FastEthernet 0/0 |
| 665 | | BorderRt(config-if)#ip nat inside |
| 666 | | BorderRt(config-if)#exit |
| 667 | | BorderRt(config)#interface FastEthernet 0/1 |
| 668 | | BorderRt(config-if)#ip nat outside |
| 669 | | BorderRt(config-if)#exit |
| 670 | | }}} |
| 671 | | - Finally add a static route in the router so that the traffic coming to our defined network will redirect to !CampusCore switch |
| 672 | | {{{ |
| 673 | | BorderRt(config)#ip route 10.0.0.0 255.255.0.0 10.0.255.253 |
| 674 | | }}} |
| 675 | | - Now try a ping from DeptPC1 to the DNS server. It should give reply |
| 676 | | - Use the following for NAT troubleshooting |
| 677 | | {{{ |
| 678 | | Router#show ip nat translation |
| 679 | | }}} |
| 680 | | |
| 681 | | '''You have successfully complete the IPv4 configurations. save all the configurations in all the routers''' |
| 682 | | |
| 683 | | === Wireshark === |
| 684 | | |
| 685 | | Let's capture some packets and do a analysis. |
| 686 | | - Log in to Dept1PC and and start blackbox. |
| 687 | | {{{ |
| 688 | | sudo startx |
| 689 | | }}} |
| 690 | | - Right click on desktop and open '''xterm''' terminal |
| 691 | | - type '''wireshark''' and press enter |
| 692 | | - On the wireshark interface select the '''enp0s3''' interface and click '''Capture packets''' button |
| 693 | | - While you are capturing. Open another xterm terminal. And type '''midori''' and press enter. |
| 694 | | - You will get midori browser. Click the arrow head at top right corner to get the menu. In the menu select '''New Private Browsing Window''' |
| 695 | | - Browse for '''www.google.com''' from the browser. |
| 696 | | - Go back to wireshark and '''stop''' capturing |
| 697 | | - You will see plenty of broadcast packets. They will look like following |
| 698 | | {{{ |
| 699 | | NO Time Source Destination Protocol Length Info |
| 700 | | 9 0.579325000 00:fe:c9:3e:13:a0 Broadcast ARP 60 Who has x.x.x.x? Tell y.y.y.y |
| 701 | | }}} |
| 702 | | - Click on '''Statistics''' and select '''Summary''' |
| 703 | | - You will get a summary window and it will show you some percentages. You will see a high percentage of ARP messages. |
| 704 | | - Go to '''file''' in main menu and click '''close''' and exit without saving |
| 705 | | - You will get the initial interface. Select '''enp0s3''' interface |
| 706 | | - click on the '''green flag''' in the '''using this filter...''' dropdown list. |
| 707 | | - Select '''New capture filter:icmp6''' |
| 708 | | - Start Capturing |
