Implementing OSPF in a Small-Scale Cisco Network Design

Team name : Weak-working

Leader’s Name : Opu-an, France Loren D.

Members’ Names : Juguilon, Francis C.

Menes, Jeffrey

Tamayo, Stephanie

1. Introduction

In this project, we designed a small network of three routers using Cisco devices. OSPF (Open Shortest Path
4First) is our primary routing protocol for ensuring efficient and dynamic routing between routers. OSPF is ideal
for this setup because it automatically adapts to network changes, finding the best route for data to travel
across the network. Additionally, we implemented VLANs to segment the network, improving both security and
performance.

To secure the network, we applied Access Control Lists (ACLs) and used Secure Shell (SSH) for secure
remote access to network devices. Our project also integrates essential services like DHCP, DNS, and NAT to
manage IP address allocation, domain name resolution, and internet access for internal devices. Below, we
provide the network design, configurations, and steps for troubleshooting common network issues.

Network Design and topology diagrams

1.1. Logical Topology

 - Router 1 (R1): Manages inter-VLAN routing and connects to Switch 1 (S1).
- Router 2 (R2): Handles DHCP and NAT services and connects to Switch 2 (S2).
- Router 3 (R3): Manages DNS services and connects to Switch 3 (S3).

1.2. Physical Topology

2. IP addressing scheme and subnetting details

IP Addressing Table:

DEVICE INTERFACE IP ADDRESS SUBNET MASK DEFAULT GATEWAY

G0/0 10.10.10.1 255.255.255.0 N/A

R1 S0/0/0 172.16.1.1 255.255.255.252 N/A

s0/0/1 172.16.2.1 255.255.255.252 N/A

G0/0 10.20.20.1 255.255.255.0 N/A

R2 S0/0/0 172.16.1.2 255.255.255.252 N/A

s0/0/1 172.16.3.1 255.255.255.252 N/A

G0/0 10.30.30.1 255.255.255.0 N/A

R3 S0/0/0 172.16.3.2 255.255.255.252 N/A

s0/0/1 172.16.2.2 255.255.255.252 N/A

PC1 NIC 10.20.20.2 255.255.255.0 10.10.10.1

PC2 NIC 10.10.10.2 255.255.255.0 10.10.10.1

PC3 NIC 10.20.20.13 255.255.255.0 10.20.20.1

PC4 NIC 10.30.30.10 255.255.255.0 10.30.30.1

PC5 NIC 10.20.20.3 255.255.255.0 10.10.10.1

PC6 NIC 10.10.10.3 255.255.255.0 10.10.10.1

PC7 NIC 10.20.20.12 255.255.255.0 10.20.20.1

DNS NIC 10.30.30.2 255.255.255.0 10.30.30.1

3. Configuration Files for Each Network Device.

3.1. Network Configuration

R1 Interface Configuration:

● GigabitEthernet0/0
➢ enable
➢ configure terminal
➢ interface GigabitEthernet0/0
➢ ip address 10.10.10.1 255.255.255.0
➢ no shutdown
➢ exit
 ● Serial0/0/0
➢ interface Serial0/0/0
➢ ip address 172.16.3.2 255.255.255.252
➢ no shutdown
➢ exit

● Serial0/0/1
➢ interface Serial0/0/1
➢ ip address 172.16.2.2 255.255.255.252
➢ no shutdown
➢ exit

- This sets up the main network connections on R1. The GigabitEthernet0/0 interface gets an IP address for
local network communication, while Serial0/0/0 and Serial0/0/1 handle connections to other networks. We use
the no shutdown command to turn these interfaces on.

R1 OSPF Configuration:
➢ router ospf 1
➢ network 10.10.10.0 0.0.0.255 area 0
➢ network 172.16.1.0 0.0.0.3 area 0
➢ network 172.16.2.0 0.0.0.3 area 0
➢ exit

- This part configures OSPF, a dynamic routing protocol, on R1. By defining networks like 10.10.10.0/24,
172.16.1.0/30, and 172.16.2.0/30 in area 0, it helps Router 1 share and learn routes automatically, so routers
know how to communicate with each other.

Switch Configuration:

Vlan Configuration
➢ enable
➢ configure terminal
➢ vlan 10
➢ vlan 20
➢ exit

- Here, we're creating VLANs (Virtual LANs) on the switch—VLAN 10 and VLAN 20. VLANs help separate
network traffic into distinct segments. This means that devices in different VLANs are isolated, which improves
security and reduces unnecessary traffic within the network.

Configure Inter-VLAN Routing on R1:

➢ enable
➢ configure terminal

● Vlan10
➢ interface GigabitEthernet0/0.10
➢ encapsulation dot1Q 10
➢ ip address 10.10.10.1 255.255.255.0
➢ exit

● Vlan20
➢ interface GigabitEthernet0/0.20
➢ encapsulation dot1Q 20
➢ ip address 10.20.20.1 255.255.255.0
➢ exit

● GigabitEthernet0/0
➢ interface GigabitEthernet0/0
➢ no shutdown
➢ exit

- Since devices in VLAN 10 and VLAN 20 can’t communicate with each other by default, we set up inter-VLAN
routing on Router 1. This involves creating subinterfaces (GigabitEthernet0/0.10 for VLAN 10 and
GigabitEthernet0/0.20 for VLAN 20) with dot1Q encapsulation, which allows the router to recognize VLAN tags
and route traffic between these VLANs.

Port Configuration:

● FastEthernet0/ 1
➢ configure terminal
➢ interface FastEthernet0/ 1
➢ switchport mode access
➢ switchport access vlan 10
➢ exit

● FastEthernet0/ 2
➢ interface FastEthernet0/ 2
➢ switchport mode access
➢ switchport access vlan 20
➢ exit

- This part assigns specific ports on the switch to their respective VLANs. For instance, FastEthernet0/1 is set
up for VLAN 10, and FastEthernet0/2 for VLAN 20. This ensures that devices connected to these ports are
placed in the correct VLAN and get the right network access.

Security Configuration:

SSH Configuration
➢ enable
➢ configure terminal
➢ username admin privilege 15 secret sshpassword123
➢ ip domain-name myproject.com
➢ crypto key generate rsa
➢ ip ssh version 2
➢ line vty 0 4
➢ transport input ssh
➢ login local
➢ exit
➢ logging console
➢ logging buffered 10000
➢ exit
➢ ssh -l admin 10.10.10.1

- Configures secure SSH access on all routers (R1, R2, R3) for remote management. A local admin user is
created, RSA keys are generated for encryption, and SSH version 2 is enabled. Only SSH access is allowed
on vty lines, ensuring secure, encrypted logins.

ACL Configuration
➢ enable
➢ configure terminal
➢ access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.20.0 0.0.0.255
➢ access-list 100 deny ip 10.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
➢ access-list 100 permit ip any any
➢ interface GigabitEthernet0/0
➢ ip access-group 100 in

- On all three routers (R1, R2, and R3), we're setting up ACLs to manage traffic between VLANs. This lets us
control what kind of traffic is allowed to pass through. For example, traffic from VLAN 10 to VLAN 20 might be
permitted, but the reverse traffic could be blocked based on the rules. This adds an extra layer of security by
defining who can communicate across the network.

3.2. PC Configuration:

PC Configuration Overview
Each PC is configured with specific IP addressing, subnet masks, and default gateways to ensure proper
communication within the network. Here’s a breakdown of each component:

- IP Address
Each PC is assigned a unique IP address within its designated subnet. This allows devices to communicate
with each other on the same network.

- Subnet Mask
The subnet mask defines the network portion and the host portion of the IP address. In this case, all PCs use a
subnet mask of 255.255.255.0, which allows for up to 254 hosts in each subnet.

- Default Gateway
The default gateway is the IP address of the router interface that connects to the subnet. It allows PCs to
communicate with devices outside their local network. Each PC's default gateway corresponds to the router's
IP address for its subnet.

3.3. Network Services:

DNS set-up:
- DNS device: Set up the IP address for the DNS. Go to the DNS service, and turn it on. Add a record
with the IP address of PC4, the domain name myproject.com, and set the type to "A" record.
 - PC4:
IP Address 10.30.30.10

Subnet Mask 225.255.255.0

Default Gateway 10.30.30.1

DNS Server 10.30.30.2

DHCP configuration:
➢ enable
➢ configure terminal
➢ ip dhcp excluded-address 10.20.20.1 10.20.20.10
➢ ip dhcp pool VLAN20
➢ network 10.20.20.0 255.255.255.0
➢ default-router 10.20.20.1
➢ dns-server 8.8.8.8
➢ exit

- We configure DHCP on two PCs, PC3 and PC7, to automatically receive their IP addresses. This setup
ensures that these PCs can join the network without manual IP configuration, streamlining network access for
these devices.

NAT Configuration:

● GigabitEthernet0/0
➢ enable
➢ configure terminal
➢ interface GigabitEthernet0/0
➢ exit

● Serial0/0/0
➢ interface Serial0/0/0
➢ ip nat outside
➢ bad secrets
➢ exit

● Serial0/0/1
➢ interface Serial0/0/1
➢ ip nat outside
➢ exit
➢ ip nat inside source static 10.20.20.11 172.16.1.2
➢ show ip nat translation

- Lastly, we set up NAT on Router 2. NAT allows devices inside the local network to access external networks
(like the internet) by translating their private IP addresses into a public one. Here, we configure
GigabitEthernet0/0 as the internal interface and Serial0/0/0 as the external, and map a specific internal IP to an
external one for easier management and access.
4. Troubleshooting steps and resolution.

4.1 Network problems:

● Routing issues due to OSPF misconfiguration.
● VLAN misconfigurations preventing communication.
● Connectivity problems between PCs.

4.2 Troubleshooting steps:

● Routing issues due to OSPF misconfiguration.
○ Verify OSPF Configuration: Check OSPF settings with show run config and ensure correct
network statements.
○ Check OSPF Neighbors: Use show ip ospf neighbor to confirm neighbor relationships.
○ Verify OSPF Routes: Use show ip route ospf to ensure routes are learned correctly.

● VLAN misconfigurations preventing communication.

○ Verify VLAN Configuration: Use show vlan brief to ensure correct VLANs and port
assignments.
○ Check Trunk Ports: Use show interfaces trunk to verify trunks are carrying the right VLANs.
○ Verify Inter-VLAN Routing: Ensure the router's subinterfaces are correctly configured for
VLANs

● Connectivity problems between PCs.

○ Check Physical Connections: Ensure all cables are properly connected and link lights are
active.
○ Verify IP Configuration: Use ipconfig to ensure correct IP, subnet mask, and gateway
settings.
○ Test Connectivity: Ping the gateway and other PCs.
○ Check VLAN Configuration: Use show vlan brief on the switch to ensure PCs are in the
correct VLAN.
○ Check ACLs: Ensure there are no ACLs blocking communication.