MOD002630 Networking Technologies
Assignment element 011: Case Study and Live Brief specification
Trimester 2, 2021/2
Module leader: Dr Erika Sanchez-Velazquez
Table of Contents
Introduction…………………………………………………………………………………………………………………………. 3
Background…………………………………………………………………………………………………………………………… 3
Topology and initial configuration………………………………………………………………………………………. 4
Network Design (30%)…………………………………………………………………………………………………………… 9
Implement the network (35%)……………………………………………………………………………………………… 12
Testing the network (25%)………………………………………………………………………………………………….. 12
Report’s quality (10%)…………………………………………………………………………………………………………. 12
What to submit and where?………………………………………………………………………………………………… 13
Introduction
This document describes all the information related to assessment element 011 of the Networking Technologies module. Make sure that you read the whole document and highlight elements that are not clear.
If you have questions about the case study, then please submit them via the Discussion Group “2021/22 Module Assessments, Support, and Your Questions” found in Canvas. Queries made via email will not be answered.
Background
For this assessment, we will incorporate a “Live Brief”, which means that a company has approached ARU with a case study for students to complete as part of the final assessment of the module. This should have been already explained to you during week 1.
Steven Kear, founder of Kear Technology Solutions has brought an exciting opportunity to design, implement and test an Internet of Things (IoT) solution and produce a proof of concept using Packet Tracer.
Together with the other protocols and mechanisms that you will learn through this module, the end product of this assessment element will consist of a:
- network design (30%), including the live brief,
- network implementation (35%), including IoT, and
- test plan (25%).
To implement the protocols and mechanisms, including the IoT solution, you will be given the initial network topology and configuration to work with. The following sections of the document describe this topology as well as the final requirements of the assessment.
Topology and initial configuration
British Land PLC is headquartered (HQ) in York House (West London) and have a new 100 Liverpool Street (East London) office. Figure 1 depicts the current topology of the company’s network.
Figure 1. British Land PCL’s network topology.
The network is structured as follows:
- PUBLIC NETWORK: This network is outside British Land’s management and should not be changed. It has an HTTPS server accessible through the https://google.com/ URL, a PC representing a teleworker (i.e. belongs to the company but works remotely), a PC representing an outsider to the company and, a DNS server that is used by devices belonging to the PUBLIC NETWORK. The ISP router belongs to the PUBLIC NETWORK and therefore should not be modified (assume that ISP has been configured properly).
- DMZ: This is the demilitarized zone of British Land and contains all servers that are public to internal and external areas. This is under the management of the company and should be considered within your network design. It contains the company’s web server (https://britishland.com/) and a DNS server that is used by users of York House (West London) Headquarters and the Liverpool Street (East London) office. The DMZ servers are known externally through their public IP addresses and internally through their private IP addresses, which means that static NAT has been configured in the York House router to perform this translation.
- York House HQ: This is the internal network of the York House (West London) headquarters and is also under the management of the company. Right now, it only contains two PCs that, when connecting to an external device, use a public IP address that is translated via NAT by the York House router. Internally they use the private IP address.
- Liverpool Street: This network has all devices of the Liverpool Street (East London) branch and also uses NAT when connecting to external devices but internally uses the internal IP addresses. This network is also under the management of British Land PLC.
The topology has already been created for you and it has been made available as a Packet Tracer file. Please note that the file was created with version 8.1.1.0022, which means the file won’t open on later versions of Packet Tracer. If you are using a different version and the tutor can’t open your file OR if you submit a file that has removed all restrictions set by the tutor in the original Packet Tracer file then you will receive 0 marks for the network implementation.
The following configurations have already been made for you:
- Interfaces on most of the devices (except for the serial interfaces of the three routers)
- Hostname and passwords (shown in Table 1)
- SSH (username admin password br1t1sh4dm1np4ss)
- NAT in York House and Liverpool Street routers. It is recommended not to modify anything of the existing NAT configuration on those routers unless consulted with the module tutor. Assume that NAT is working properly.
- Static routing in ISP, assume that it has been configured correctly. The other devices have not been configured with any routing protocol.
Where? | Password |
Enable | Br1t1shL3n4p4ss |
Console | Br1t1shLc0np4ss |
Table 1. Passwords configured in the networking devices
Figure 1 and Table 2 show the IP addresses assigned to each device interface.
Device | Interface | Private IP address | Default Gateway | Public IP address | Subnet mask (of internal network) |
York House | S0/0/0 | — | — | 209.165.100.194 | 255.255.255.252 |
G0/1 | 10.0.0.1 | — | — | 255.192.0.0 | |
S0/1/0 | 10.128.0.1 | — | — | 255.255.255.252 | |
S0/1/1 | 10.128.0.5 | 255.255.255.252 | |||
ISP | S0/0/0 | — | — | 209.165.100.193 | 255.255.255.252 |
S0/0/1 | — | — | 209.165.100.197 | 255.255.255.252 | |
Liverpool Street | S0/0/1 | — | — | 209.165.100.198 | 255.255.255.252 |
G0/1 | 10.192.0.1 | — | — | 255.192.0.0 | |
RA | S0/0/0 | 10.128.0.2 | — | — | 255.255.255.252 |
G0/1 | 10.64.0.2 | — | — | 255.192.0.0 | |
RB | S0/0/1 | 10.128.0.6 | — | — | 255.255.255.252 |
G0/1 | 10.64.0.3 | — | — | 255.192.0.0 | |
DMZ-Switch | VLAN 1 | 10.0.0.2 | 10.0.0.1 | — | 255.192.0.0 |
S1 | VLAN 1 | 10.64.0.4 | 10.64.0.1 | — | 255.192.0.0 |
S2 | VLAN 1 | 10.64.0.5 | 10.64.0.1 | — | 255.192.0.0 |
S3 | VLAN 1 | 10.64.0.6 | 10.64.0.1 | — | 255.192.0.0 |
S4 | VLAN 1 | 10.192.0.2 | 10.192.0.1 | — | 255.192.0.0 |
PC1 | Fa0 | 10.64.0.7 | 10.64.0.1 | Dynamic NAT | 255.192.0.0 |
PC2 | Fa0 | 10.64.0.8 | 10.64.0.1 | Dynamic NAT | 255.192.0.0 |
PC3 | Fa0 | 10.192.0.3 | 10.192.0.1 | Dynamic NAT | 255.192.0.0 |
PC4 | Fa0 | 10.192.0.4 | 10.192.0.1 | Dynamic NAT | 255.192.0.0 |
PC5 | Fa0 | 10.192.0.5 | 10.192.0.1 | Dynamic NAT | 255.192.0.0 |
britishland.com | Fa0 | 10.0.0.3 | 10.0.0.1 | 209.165.200.3 | 255.192.0.0 |
Internal DNS Server | Fa0 | 10.0.0.4 | 10.0.0.1 | 209.165.200.4 | 255.192.0.0 |
Table 2. British Land PLC IP address scheme
It is your responsibility to verify that the IP addresses indicated in the table are correct and correspond to the ones configured in the initial topology. Assume that the ones configured are the correct ones and modify the table if needed.
It is also your responsibility to verify connectivity. Right now, all devices don’t have to have connectivity between them, but you should try to understand the current state of the connectivity between the devices. This is important because when ACLs are implemented you will not know if the traffic was stopped because of the security or because there was no communication from the beginning.
It is recommended, although not required at this stage of the assignment, to complete a table like the one shown in Table 3. You could use this table later for connectivity tests after all elements have beenincorporated.
From | To | Is communication successful? | Comments |
PC1 (York House) | britishland.com | Yes | |
google.com | Yes | ||
PC2 | Yes | ||
PC4 | No | Missing configurations in York House and Liverpool Street | |
britishland.com (DMZ) | PC1 | ||
google.com | |||
PC3 | |||
DNS | |||
PC3 (Liverpool Street) | britishland.com | ||
google.com | |||
PC1 | |||
PC4 | |||
Teleworker (PUBLIC NETWORK) | britishland.com | ||
PC1 | |||
PC2 | |||
PC3 | |||
PC4 |
Table 3. Connectivity Tests before security
Other considerations:
- You must not touch the PUBLIC NETWORK, this one is outside your admin rights. Assume ISP is working properly, and you can use the Teleworker and Outsider PCs for testing.
- You must use the Admin laptop to configure the devices, don’t add more laptops to configure other devices, use the same one or use SSH to connect remotely.
- Finally, you must focus on the requirements of the company, not on the current design of the network.
Network Design (30%)
As part of the consulting job, British Land PLC requires you to perform an analysis of their current network and come up with a design to implement the mechanisms needed to achieve secure connectivity. You will write a technical document that describes the networking elements that you would recommend the company to implement supporting your decision with references to best practices and/or industry recommendations. The CCNA curriculum or the slides of any other networking module from your course cannot be used as references but you can use white papers from Cisco or other similar documents.
Your design must consider the following points:
- L2 and L3 redundancy in York House. Including STP, Etherchannel and HSRP. You must explain the design you want to implement and support it with best practices. You must indicate what would be the desired STP configuration, which switch should be the root, which other STP enhancements to include and so on. A similar approach must be used when proposing a design for Etherchannel and HSRP.
- WLAN, you are required to add a wireless router (WRT300N) to the Liverpool Street Office to provide network access to wireless users. Your design and implementation must be secure and efficient. You must explain the design you want to implement and support it with best practices.
- Internet of Things, implement an example on how IoT can be integrated in Packet Tracer. The devices must be connected to a server, located in the DMZ and should be accessible to all users within the company network.
- Dynamic routing protocol and tunnel, for this you will need to consider that administrators want York House and Liverpool Street to see each other as within the same network connected through the GRE tunnel. You must explain the design you want to implement and support it with best practices.
- WAN connectivity to ISP as indicated in the initial topology. ISP has already been configured and it is requesting PAP authentication within a PPP link. Table 4 indicates the passwords that need to be used for PAP link authentication.
From | To | Username | Password |
York House | ISP | YorkHouse | PPPs3cr3tY0rkH0us3 |
Liverpool Street | ISP | LivStreet | PPPs3cr3tL1vStr33t |
ISP | York House and Liverpool Street | ISP | PPPs3cr3tISP |
Table 4. Passwords to use for PAP link authentication
In your analysis and design, you must try to convince the company to move to CHAP authentication. For this, you must indicate the advantages of CHAP over PAP supporting it with valid references. You must then implement WAN protocols as follows:
- Serial links between York House and ISP and Liverpool Street and ISP must implement PAP using the passwords indicated in Table 4.
- Serial links between York House and RA and York House and RB, CHAP authentication. Part of your task is to define the design for this implementation.
- Finally, you must design appropriate ACLs that restrict connection to the company’s network according to best practices. For that you must consider the following restrictions:
- By inside the network, we refer to the York House area.
- By DMZ we refer to the DMZ area.
- By outside network, we refer to everything that is not part of the inside nor the DMZ.
- Traffic from the inside network going to the outside should be allowed.
- Traffic from the inside to the DMZ should be allowed only for the services that are available in the DMZ.
- Traffic from the outside to the DMZ should be allowed only for the services that are available in the DMZ.
- Traffic from the outside to the inside network should be denied. Remember the established option and how it should help to allow the traffic that is initiated from the inside.
- Traffic from the DMZ to the outside should be allowed only for the services available in the DMZ.
- Traffic from the DMZ to the inside should be denied.
The final design must be thorough and can include the addition of new elements to the networks that belong to the company. If your network design is incomplete, then this will also affect your final configuration.
The requirement analysis report MUST NOT include configuration, for each of the bullet points described above you must explain the design you want to implement and support your decisions with best practices or experts’ opinions.
Implement the network (35%)
Once you are happy with the network mechanisms to implement you must configure them as described in the network design. For the configuration, you must use the initial topology provided to you via Canvas (011_MOD002630_2021-2_Case_Study.pka). The implementation must follow the design specified in the Network Requirements Design.
Testing the network (25%)
Finally, you must provide a test plan of the mechanisms implemented. Your test plan should not include screenshots and it should just indicate the test that needs to be done (complete command to use) and the expected result. You MUST use the same test plan format used for Network Routing and Switching Essentials. Please note that show run must NOT be used as a command to verify a protocol and you must demonstrate that the protocol is working and not just that it has been configured. This means that show commands are not the way to test that a protocol is working therefore, show commands will need to be complemented with other tests.
Your test should also include the final connectivity tests.
Report’s quality (10%)
Please note that the quality of your report will also have a 10% weight of the final mark for this assessment element. In this criteria, we will be looking at the language used (it must be proper academic language), the structure of the document, grammar, and spelling, correct use of the Harvard Referencing style, etc. For support on this please refer to the Academic Writing Step by Step guide provided by Study Skills Plus.
To understand how your final mark will be calculated as well as the weight of each of the elements described here please refer to the Marking Scheme of the case study available in Canvas (MOD002630_011_2021-2_Marking_Scheme.xlsx).
What to submit and where?
Before submitting make sure you have all the following and that you are submitting through the Canvas submission page:
- Final Design Report -> The name of the file must be your SID number in 7 digits, i.e. 1234567.docx or 1234567.pdf containing the following:
- A cover page that includes your SID number (NOT YOUR NAME), and the module code. This is not the cover page that is available in e-Vision.
- The network design.
- The test plan.
- Final connectivity tests.
- Final Implementation -> Final Packet Tracer file with your solution. The name of the PT file must be your SID number in 7 digits, i.e. 1234567.pka.
Both the report and the Packet Tracer file must be submitted via the Canvas submission page as separate files which MUST NOT BE ZIPPED. If you zip the files you will be awarded 0 marks for this assessment element.
The submission of everything related to the case study must be done by the dates indicated in e-Vision.
Get expert help for MOD002630 Networking Technologies and many more. 24X7 help, plag free solution. Order online now!