Scribd
Upload
47 views

1: Prpoject Overview: Function of Switches, Routers and Firewall

The document outlines the design and implementation of a network for two company offices located in different locations. Key aspects include IP addressing, routing, remote access via SSL VPN, device access via SSH/Telnet, authentication via RADIUS/TACACS+, firewall configuration with zones, and high availability configuration.

Uploaded by

المساعدة الأكاديمية للطلاب
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
47 views

1: Prpoject Overview: Function of Switches, Routers and Firewall

The document outlines the design and implementation of a network for two company offices located in different locations. Key aspects include IP addressing, routing, remote access via SSL VPN, device access via SSH/Telnet, authentication via RADIUS/TACACS+, firewall configuration with zones, and high availability configuration.

Uploaded by

المساعدة الأكاديمية للطلاب
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

1: PRPOJECT OVERVIEW

Introduction:
An employee has been hired by a company and company give him a task to design a
network for two different offices located two different location. Now employee make
it design and then implement it on the cisco packet tracer which is a simulator for
networking. Employee decided to implement AAA server for devices authentication
which may be RADIUS/TACACS.
Employee has been done the following tasks which is given below:
 Network Diagram using Microsoft Visio
 IP addressing using in this network
 Router on Stick technique used for Routing of internal communication
between the Internal Networks
 SSL VPN for remote access
 SSH and Telnet For access devices for their management
 Controlling network Access using RADIOUS and TACACS+
 Firewall configuration in term of ASA and make it there zone.
 Firewall configuration as active/standby with high availability

Function of Switches, Routers and Firewall.


SWITCHES:
Switch is a computer networking device. Switch connects end devices like (computer,
Printers, Cameras, Access Point). Switch Received packet for devices for switching then
process it and forward it to the destination device. Switch is a Layer-2 devices. It have one
broadcast domain and multiple collision domain depending on the number of ports. Switch is
a broadcast device.

ROUTER:
Router is a Layer-3 devices. A router is a Network device which is designed to receive packet
then analyse it and move it to another network. Every port of the router is a layer – 3 and
working on a separate network. Router is a unicast routing device.

Firewall:
Firewall is a layer-3 device. Firewall is used to protect local area network (LAN)/Private
network from outside area which is also known as Internet/WAN. Firewall is available in both
hardware and software. Hardware firewall is more expensive and difficult to configure.
Software firewall is less expensive and easily to configure.
STATIC & DYNAMIC ROUTING
Static Routing
 Provide manual route
 Not recommended for a larger network
 Static route is Better recommendation for specific route

Dynamic Routing

 Configuring Routing Protocols on routers


 Very useful in larger network
 Calculates the best path automatically

Configuration of SSL – Based VPN for Remote access

SSL Based VPN is used when a user sitting out side from the office and he want to use
services like it sitting in the office. SSL is application layer VPN which is more secure and
widely used in the world.

SSL VPN configuration In Cisco Packet Tracer

webvpn
 enable outside
object network LAN
 subnet 192.168.2.0 255.255.255.0

object network LAN


 nat (inside,outside) dynamic interface

group-policy group1 internal


group-policy group1 attributes
 vpn-tunnel-protocol ssl-clientless
 webvpn
  url-list value site1
username test password D35rLrqYJOMRHDCX encrypted
username test attributes
 vpn-group-policy group1

Configuration Of SSH and Telnet

SSH stand for secure shell and its port for TCP-22 telnet use port 23 . SSH and telnet both are
network protocols . SSH and telnet are used for remote access the devices.SSH is very secure
protocol while telnet are not secure protocol. SSH support all the operating system while telnet
only support Linux and windows . SSH is more secure than telnet due to its encryption protocols
which is difficult to decrypt.

So that why we are recommended for SSH .

Telnet Configuration

line vty 0 15
login authentication default
privilege level 15
password cisco@123
rotray 3

SSH Configuration

line vty 0 15
login authentication default
privilege level 15
password cisco@123
transport input ssh
rotray 3

ip domain-name cisco.com
crypto key generate rsa general-keys modulus 1024

username admin privilege 15 password Abacus123


Configuration of RADIOUS & TACACS+ Server

Radious and tacacs+ server are used for AAA services like authentication , authorization and
accounting. Radius is a cisco proprietary while tacacs is a open standard protocols for AAA Server

RADIUS Configuration

username cisco password cisco


enable password cisco
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius local
radius-server host 192.168.6.1 key cisco

TACACS+ Configuration

username cisco password cisco


enable password cisco
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ local
tacacs-server host 192.168.6.1 key cisco
Firewall Technique:
Firewall has the following technique and have different functionality . detail of firewall are
given blow

1. Packet-filtering firewalls.
2. State ful firewalls.
3. Circuit-level firewalls
4. Application-level firewall
5. Next-gen firewall.

We mostly used application level firewall which is used in all type of layer and protect data from
application layer to network layer

Firewall configuration in ZONE

OUTSIDE - ZONE

interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2

INSIDE - ZONE
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0 standby 192.168.1.2
DMZ - ZONE

interface GigabitEthernet1/3
no shutdown
nameif DMZ
security-level 50
ip address 192.168.3.1 standby 192.168.3.2
Firewall Failover and management

Once firewall is configured with active standby or active-active mode there management interface
are sed and ..All the active session are sinked once active firewall goes down then all the session
shift into the secondary firewall without any disruption . active standby mode is recommended so
that why I use this in my topology too. If we configure theses firewall with inline management
then configuration has been done in both firewalls. IF we do it with OOB then any firewall we
have management port and configuration done by any firewall it will effect it on both firewall.

Firewall configuration AS HA (Active/Stanby)


Firewall configuration detail are given below

Primary Firewall

Failover
failover lan unit primary
failover lan interface failover gi1/8
Failover active
failover key 123456789
failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2
failover link failover gi1/8
int gi1/8
no shut
Secondary FW

Failover
failover lan unit secondary
failover lan interface failover gi1/8
failover interface ip failover 1.1.1.1 255.255.255.0 standby 1.1.1.2
failover key 123456789
failover link failover gi1/8
int gi1/8

no shut

Management Interface

interface management1/1
nameif management
security-level 100
ip address 10.1.254.6 255.255.255.0 standby 10.1.254.7
no shut

NETWORK FINAL IMPLIMENTATION

Cisco Packet Tracer Network Implementation

You might also like