4/04/2022 v1.0 INFT 3019 Network Architecture 2022 Assignment 2: Wireless Implementation (25%) Due: Tuesday 14th June 2022 @ 11:59 PM (Week 14) Individual Assignment Submission: via the course website Overview Stelmaria Incorporated has finally finished moving their headquarters to Mawson Lakes Tech Park and now want to upgrade their wireless infrastructure from a standard WPA2 PSK setup to a more enterprise solution with Wireless LAN Controllers (WLCs) and WPA2 Enterprise. They are also looking to learn more about WAN connections that are available to the company to enhance their interconnectivity between branch offices. They will also be looking at implementing more WAN links, currently Stelmaria has a reliance on Mawson Lakes Tech Park to route all traffic from all branch offices to the ISP and back to the branch offices. Stelmaria is looking for other options that give redundancy and scalability for branch offices and its headquarters. In this assignment you will be making use of the skills you have learnt over the entire course to create an IP addressing scheme, a network implementation with wireless and recommend a WAN solution for Stelmaria that meets their needs as a growing enterprise. Deliverables You will be required to complete four deliverables and include them in your submission: IP addressing scheme (Excel Spreadsheet or Word Document/PDF). Test documentation (Excel Spreadsheet or Word Document/PDF). Completed network configuration (Packet Tracer file). Recommended WAN solution, justifications, and assumptions (Word Document/PDF). Do not add these deliverables to a ZIP archive on submission. Submit them as separate files. Weighting The assignment is worth 25% of your overall grade for this course. The following table breaks down each component of the assignment, giving it a percentage out of the 25% for this assignment. The Implementation is worth 17% and the WAN solution is worth 8% IP addressing scheme 2.5% Basic configuration 1% VLANs & VTP 1% IP addressing implementation 1% OSPF & Routing 3% DHCP 2% NAT 2% Wireless 3.5% Testing 1% 4/04/2022 v1.0 WAN Solution 8% Configuration Guide Below you will find some helpful steps to follow in order to assist you with configuring the network. You may find that you do not want to do the steps in the order they are presented in, the order is up to you to determine. The configuration is complete when all steps have been completed in the order presented, or your own order. To start, download the associated Packet Tracer file available on Learnonline. This includes the devices and the layout of the network along with all connections already completed. See Figure 1 for an overview of the supplied Packet Tracer file. Figure 1 – Stelmaria Network Overview Step 1 – IP addressing scheme. This must be done before you start. If the IP addressing scheme documentation is not included in your submission you will get zero for this section. Your IP addressing scheme must include an IP assignment table. See your practicals for an example of this type of table. Use 10.0.0.0/8 for internal addressing: o The second octet represents the location (1 = Tech Park (HQ), 2 = Kensington, 3 = Adelaide CBD, 255 = other IP addressing). o The third octet represents the VLAN. o The fourth octet represents the hosts. 4/04/2022 v1.0 o For example, 10.2.50.5: 2 = Kensington, 50 = VLAN ID, 5 = Host. Step 2 – Implement basic configuration. On switches and routers perform the following: Set hostnames and domain name (stelmaria.com.au) Disable IP domain lookup. Configure enable password (“class”). Configure password for console (“cisco”). Configure a user account named “admin” with password “cisco”. Create RSA key. Configure password for VTY (“cisco”) and only allow SSH connections. Encrypt all passwords. Step 3 – Implement VLANs & VTP. VLANs are implemented as groups of devices, one per group. For example: management – for switch management VLAN, Servers, HR, Auditing, Wi-Fi and so on. Configure the distribution switch in Tech Park with the VLANs and set it as VTP server and the access switches as VTP clients. Configure the access switch in Adelaide and the access switch in Kensington with the VLANs. Configure access ports to be in the correct VLAN. Shut down all unused ports and move them into a blackhole/unused VLAN. Configure management SVI’s on each switch. Configure trunk links as appropriate and change the native VLAN. Step 4 – Implement IP addressing. Configure each interface with their IP address information according to your scheme. Configure sub-interfaces on the Adelaide and Kensington router and SVIs on the distribution switch in Tech Park. The ISP router already has the IP address configured on the serial link to Tech Park. The Tech Park link to the ISP has not been configured. Use private IP addresses for the WAN links between locations excluding the ISP. End devices (PC, laptop, tablet, camera) should not have IP addressing assigned because they will get their IP addresses through DHCP. Configure static IP addresses for the servers and printers as well as the Admin PCs. Admin PCs should be placed into the Management VLAN. Admin PCs can be used to test the management VLAN through SSHing to switches to manage them. Step 5 – Implement OSPF and routing. Configure OSPF on the 3 routers (Tech Park, Adelaide, and Kensington). DO NOT configure OSPF on the ISP router. Configure OSPF on the distribution switch in Tech Park. Configure default routes as appropriate. Use default route propagation where possible. Step 6 – Implement DHCP. DHCP is done from the distribution switch in Tech Park to every device in the network. Configure your DHCP pools according to your subnets defined in Step 1. 4/04/2022 v1.0 Configure a DHCP pool for Wi-Fi devices in each location. Configure excluded addresses to ensure no IP conflicts occur. Configure the IP helper address in the Adelaide and Kensington locations so devices there can receive their IP addressing information from the distribution switch in Tech Park. Configure all end devices (excluding printers and servers) to obtain their IP addressing information through DHCP. Step 7 – Implement NAT. Packets destined for the ISP must be passed through NAT to avoid leaking private IP addresses to the ISP. Use the external IP address of the network (209.162.125.10) and implement PAT. Add a static NAT for the file server in Tech Park using the IP address 209.162.125.12. Ensure all traffic coming from the Internet cannot access any internal end device (only the file server in Tech Park using the external IP address above). Step 8 – Implement Wireless Network. Add a WLC-2504 to your network and attach it to the appropriate switch in each location (3 WLCs in total). Ensure the management network is configured on the “Configure” tab, use the management VLAN and assign it to an appropriate IP address. Set up AAA (RADIUS) on the Auth Server (“Services” tab) in each location. Use an appropriate secret and add a test user to the database. Use the Admin PC’s browser to configure the WLC. Create a WPA2 Enterprise network in each location with SSID “Stelmaria Staff – ”, replace “” with an appropriate value. Add a LAP-PT (Lightweight Access Point) and connect it to the appropriate switch in each location. The IP address for the LAP-PT (see the “Configure” tab) should be DHCP. Create a new DHCP pool for management on the Router/L3 Switch in each location, set option 150 to the IP address of the WLC management interface. Verify that the AP has an IP address assigned to it. Configure an AP group named “Stelmaria-Wireless-”, add the “Stelmaria Staff – ” WLAN and the created AP to the group. Add a tablet and smart phone in each location and configure wireless settings to connect appropriately. Step 9 – Verify the network connectivity. The ISP server can be used to test the network connectivity (192.168.1.2). Use it to effectively test the network and server access. You can also use the Admin PCs to test the management VLANs and SSH connectivity to switches. Your tests should demonstrate the NAT, DHCP and Wireless features of the network, along with general connectivity. Tests should be documented and included in your submission. If no testing is documented, you will receive zero for this section. It is recommended to test at the end of each step to ensure configuration is working before proceeding to the next step. Tests should be documented in a table like the following: 4/04/2022 v1.0 Test Name Source Destination Result Expected Result Reason Ping from ISP Server to HR PC ISP Server HR PC Fail Fail Cannot access because it is an internal device. WAN Solution As a part of your submission, you need to include a recommended WAN solution for connecting branch offices to the Internet (currently through the HQ) that is scalable, redundant, and cost- effective. You need to research WAN solutions available in Adelaide that are suitable to a medium enterprise and write a recommendation report for Stelmaria to consider. Consider proposing multiple options (with diagrams for each) so that Stelmaria can choose the most appropriate one for them. You may also like to include backup technologies such as cellular network access if all WAN links are unavailable. You do not need to find prices from Internet Service Providers, use the knowledge gained from the WAN week to judge whether the solution would be expensive or reasonable. You will be marked on how relevant the WAN technology is, how suitable it is for Stelmaria and whether it is justified appropriately in your report. You will also be marked on your proposal quality (spelling, grammar, flow, references and so on). There is no defined length for this report, nor page count. It is expected that it is of high quality if you wish to achieve a High Distinction. Academic Integrity You are warned that the University’s policies on academic integrity will be strictly adhered to. This is an individual assignment and the work you submit must be entirely your own: no part of your submission can be anybody else’s work or work that you did together with another student or students. You must not make your work available to another student. All use of outside assistance, e.g., “essay farms” on the Web or work written for you by a friend, is strictly forbidden and will attract a minimum penalty of zero for the assignment. To defend yourself in the case of any suspicion of academic misconduct, you are strongly urged to retain all evidence of how you developed your assignment, such as rough work sheets, notes, drafts, copies of reference material, minutes of meetings etc. You are free to discuss the report with others, and to give and receive help, including references and general discussion of the main arguments and conclusions, as long as the text of your report is written by yourself and is not made available to others. Your submission will be subject to automated checks for plagiarism, including, but not limited to, Turnitin. If you have any doubts about the academic integrity requirements, please discuss them with us. Refer to the University’s academic integrity policy for further information. Extension to Assessment Task Deadlines There will be NO extensions to the assessment task deadline unless arranged prior. If you submit the assignment late for whatever reason, the late penalty described below will apply. If for some reason you need to take extended leave from this course, such as jury duty or Defence Force leave, please 4/04/2022 v1.0 see the course coordinator BEFORE taking such leave otherwise no extensions will be granted. Extension requests must be submitted through the Learnonline site. Late Submissions If you submit your assignment after the specified deadline without a pre-arranged extension, a penalty of 20% of the total mark per day (including Saturday and Sunday) will be incurred. For example, if you are 2 days late and you are awarded 10/15 your actual mark will be 7/15.
