Telecommunication Company Network System Design & Implementation | Enterprise Network Project #10

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

blessed ladies and gentlemen and peace be upon you I take this chance to welcome you to this video today a video that we're going to cover Advanced Enterprise networking project 10 okay so basically we've been covering Enterprise networking projects using Cisco Packet Tracer and we manage to cover from Project one all the way to the ninth Enterprise networking project okay and suppose you've not accessed the classes or you've not watch the classes kindly I will leave a link on the description part of the video or the first comment make sure you watch the videos first before you come to project 10 because it was designed to start from a very basic or simple Enterprise Network project then the complexity was hurting up so consider predicting more advanced than the previous project okay old so before we go deep into this series of design and implementation allow me to take this opportunity to appreciate you for finding time to click on this link and also to listen to my voice so the first request that I would like to to issue to everyone but the first request I have for everyone is to support me kindly subscribe to this channel uh like the video and share so to subscribe to my channel you just click on subscribe and you've already subscribed okay and also you make sure you like the video and share okay all right so another thing that I would like to discuss is a matter of getting files okay how to get the projects that we've been doing remember we've done how many projects I've done nine projects and how to access the projects let's go to our Channel go check networking training and go to playlists after you're going to playlist just scroll scroll until you see uh until you see Enterprise networking projects this one okay this is a playlist that contains all the projects that we've been doing since we began this journey okay remember we began this journey in 2021 okay and um it's been a long journey of learning the learning and uh improving on our skills and experiences okay all so all of these projects are here for you guys make sure you start from Project one then you uh go up until you reach project nine after every project nine come to project 10 because project 10 is the is one of the advanced Enterprise Network employee okay and if you would like to get the files let's say you want to get a file of any project okay kindly join the channel membership just click on the join okay and if you want you listen to this video okay first then you see which level and how many files to get when you join a level okay and for our members I would like to appreciate you and I'm happy to tell you that you are eligible to get uh this video that you're going to record today free of charge if you're a member who has been one month old one month of one month and above please just write a comment and your email I'll send you the file okay and also if you have joined this channel membership just write a comment on the on this video that I'm recording today so that I can see you with a member sticker and I'll just forward that file to your email okay or so without any further Ado I'll just go back to our Packet Tracer and begin uh reading the case study so basically before we uh we normally design and Implement a networking project we normally get a case studies okay then we analyze the case study we design a network listen I mean we design enter topology and implement the network based on the requirements of the case study so for project 10 that's like a like I've said it's Advanced Enterprise networking project remember in the previous videos we didn't use Technologies for example Rd or tools like firewalls or wireless LAN controllers okay so in this video is where we're going to use those Advanced Technologies so before we may begin please I play with I play with you everyone please if you're new to this Channel or you are my regular uh follow-up please subscribe to this channel like this video just drop a simple comment and if possible share thank you all so I'll open the case study and start reading project basically is dedicated for uh people from Egypt north of Africa okay all right so uh Advanced Enterprise networking project 10 design and implementation of a secure telecommunication company Network system so we have a telecommunication company by the name Cairo Telco who is the first growing telecommunication company in Egypt and it offers Services ID services and solution to its client the company is located in the capital city Cairo and has occupied the fourth and the fifth floor of the pharaoh's Mega Plaza the company has its fourth floor hosting HR and finance department for the users product product brand and marketing for five users and finally admin and corporate Department 35 users the fifth floor is um design for it Network and support department 45 users software software engineering guys 36 users and Cloud engineering department 32 users all right so as a part of ICT infrastructure the company has subscribed to ccom which is at the internet service provider and also has purchased this firewall 5525x Cisco SF firewall one Catalyst uh 38.50 48 put my layer switch okay three cattle is 29 60 40 48 part switches two catalysts 29 68 24 Port switches and one was one Cisco voice Gateway and also we have one Cisco wireless LAN controller plus six lightweight access points okay the company uses Windows Server 2012 2020 to manage the active directory Android server and the service is responsible for DNS services and for allocating ipv4 addresses to DCP OS in the network so meaning uh the active directory server is the one that acts as our DCP server okay all right so the company has internally has an an as an internally hosted Erp system email server and the file server all right okay the company has settled on using Cisco voice gateway to provide VIP or telephony services in the network and also Cisco Wireless line controller to provide Central management for the access points okay so we see that the Cairo Telco leverages using Microsoft Azure Cloud platform to facilitate Change Service delivery that's this is one of the Core Business business functions of the farm the developers and the cloud Engineers use several Microsoft Azure resources like vital machines blob storages networking security among others to ensure seamless business continuity the proposed Network should allow the team to access these resources good all right so due to security requirement it has been dedicated that all learn we learn and the web users will be on a separate Network segment within the same local area network the firewall would be used to set security zones and filter traffic that moves in and out of the zones based on the configured inspection policies you have been hired as a network security engineer to design the network for Cairo Telco according to the requirements said by the Senior Management you'll consult an appropriate robust block design model to meet the this income you are required to design and Implement a secured reliable scalable and robust Network system that is to Safe regarding the confidentiality integrity and availability of data and communication so guys we see that there's a company actually in Egypt and the company is a telecommunication company called Cairo Telco Cairo Telco is intending to build or design and Implement its Network and we see that um basically it has uh occupied flows two floors fourth and fifth floors uh on on this Plaza Faraz Mega Plaza okay and it has almost uh how many departments HR and finance combined this one this one combined exit Etc almost six departments okay so we'll see that as a part of ICD infrastructure the company has already subscribed to an internet service provider ISP okay and also has purchased several devices to be used in the decent and implementation okay all right oh and we see that uh for DCP purposes the company is using active directory server okay all right uh then we see that the cloud is I mean the companies also are using Cloud resources uh with platform Microsoft Azure Cloud platform and you see they are trying to access service like I mean resources like uh Azure virtual machines Microsoft Azure blob storage networking and several uh resources in the cloud okay so the network should uh at least allow the internal users to connect with the cloud okay all right so we've been told that uh in this network we're going to have learn we learn and VOIP users all this means is that learn meaning wired those who are using cable from the ethernet ports to their computer we learn our wireless users okay all right show you the security network security engineer who has been hired to design this network all right so let's go down and we see the requirements okay so uh what are you what are required the company has emphasized IR performance a redundancy scalability and availability hence you are required to provide a complete Cairo Telco Network infrastructure decent and implementation the company will be using the following IPS 10 20 0 0 16 for Wi-Fi people Wireless people Wireless users okay or nine 192 168 10.0 for Wired user those who are using cables I mean from the wall uh from the internet ports to the computers then 172 16 10 0 24 4 voice OIP then we are we have 10 10 10 28 for DMZ and finally public addresses are these for connecting to isps okay all right so let's break this down design tool we are equipped to use Cisco Pocket Edition and at least you know for best practice we should not always use hierarchical Network design ISP is always mandatory in every organization how to access internet then you know we have a lot of access points in the network so we don't want a situation whereby we go uh in every individual access point to manage we just have to we we want a situation by by we have a central management plan where all the access points are managed from there from one place okay then you know people should always call each other using IP fonts in the network okay then vlans so in terms of vlance you know in the in the previous videos we've been doing vlans according to the Departments okay well that's always a kind of a that is always a kind of a traditional approach so the new approach is that you categorize uses based on uh the mood or the method so for example the wired uses those who are using ethernet cable you connect your computer and to the ethernet port on the wall you categorize them under Lan Villa okay then those who are using Wi-Fi the wireless users we contacted them under Wheeland then IP funds VIP so we see that they learn people those who are using uh the word communicate the wired connection uh in VLAN 50 Wi-Fi users we learn 60 all IP phones we learn 101 okay then either Channel either channel is very very important uh in terms of load balancing in terms of uh I have bandwidth exit exit okay so to maximum to maximize um bandwidth we're going to use either Channel and which protocol are we going to use lhp okay all right so we also you know in a normal situation when you try to connect your computer to a switchboard the port will transition from a blocking state 240 I mean through various stages until it reaches forward instead but before it reaches forward instead it normally takes around 30 to 45 seconds which is too much that's a lot of time for uh network engineering so we want to shorten that transitioning State using STP portfast and bpdu guide all right so submitting is normally important in every indoct design and implementation then basic settings very very important so these are the these are basic things that we're going to configure in the devices so being that we're using um so being that we're using valency network intervene routing is mandatory so if you want to remember during the case study we learned that the company managed to purchase uh to purchase a 38.50 at least 38.50 switch which is a core switch okay so that will be used for routing okay and switching power functionalities okay so for the dstp server we're going to use active directory server okay all right and also we have we have um we have what we have Voiceover IP so Cisco 28 11 router in packet teaser is known for four is Gateway so for voice to Voiceover IP functionality in packets uh we normally use Cisco 28 11 Route okay and you can see here there's something here that says that the void product should be connected to the three switch okay all right okay so static IP address location two server I mean server form devices devices in the DMZ remember we have firewall telephone service so uh we're going to use the voice Cisco voice gateway to allocate devil numbers uh today IP phones okay a routine protocol we normally use ospf in our Network okay or the standard access control is for S uh form access control for SSH well we don't want everyone to act to remotely access the networking devices we just want a specific department or people okay success are the devices to allow only HD Department HD department is so big so you can just say we can just say here allow only the senior Network security engineer we're only going to allow only one person two remotely access the device okay we've seen senior network security engineer okay and finally Cisco SF file configuration we're going to learn how to configure security levels zones and policies Define our resources can be accessed in the network so guys we've broken down the project into parts okay is our culture we normally I like the steps to configure uh to design and Implement every Network decision from a case study so I have already done that already that's all append our just notepad until the step that we're going to do the first step is always Network decent and beautification okay all right so to do that we normally use our Cisco packet remember we've been asked here to use decent tool as Cisco packet design so we go back to after katisa and we open our notepad to alert the steps and before we may begin the configuration or the decent part guys I remain I I remind you for this one time please if you're new to this Channel or if you're my regular follower but you will not subscribe kindly do me that favor I really love I I really love to see uh my Channel Growing and also I really love to see if I provide quality contents like this all right so Network design and beautification we're going back to our case study and at least understand the parts of devices the company is having remember the company is having Cisco AC file where should the firewall be the firewall should be the first device that we should configure I mean that we should consider during the decent part so I just go back to our notepad I'm into a spark Edition and choose the file for the case of firewall choose 5506 X51 5506 x 5 choose this file okay for the case of file choose 55 065 okay so after you've chosen firewall then you know the firewall should connect to ISP okay now let's choose an ISP uh five speed just choose a normal 2911 router and you just put it there okay all right so we've chosen the file let's go back to our case study among the list of uh I I mean devices both I cannot see around here except the Cisco voice Gateway well the first gateway we don't connect it to the firewall okay so in this case uh we're going to use um at at least 48 I mean 38 50 48 per switch okay all right so uh we have a month layer switch here we're going to simultaneous switch here which is 36 50 choose 36 15. okay so we just choose 3650 and put it somewhere there okay all right okay and remember we've been told here also we've been told here also that uh uh there are two there are three catalyst 29 60 48 Port switches so we have three axis layer switches which is 29 60 but remember in packets all of these devices are normally 24 ports but in the decent part I mean in the in the real world but in the case study uh we are going to buy 20 I mean 48 Parts okay all right so these are Catalyst 2960 48 Parts okay that we're going to use all right so when you're using a firewall we normally have the inside Zone the outside Zone and the DMZ okay so we are going to include the DMZ the DMZ is where our servers are stored so when I go back to our uh case study you can see the there are also two catalysts 29 60 24 parts so I'm just going to take another 2960 and put it there okay somewhere there okay all right then let's finish with let's finish with the the DMZ so in the DMZ we mentioned that there is a ad server and there is also an ear Erp system there is email server and file server okay so we have to include how many servers there first servers so I just go here basically there are some aspects here for example one Cisco voice Gateway remember we were told that the voice Gateway will be connected to the multi-layer switch uh it's somewhere here The Voice Gateway will be connected to the um the March layer switch here the VoIP router will be connected there let three switch okay all so we just uh connect the voice Gateway router here for the first gateway we normally is 28 11 or choose 28 11 Route okay and also remember here we have Cisco wireless LAN controller The Cisco and wireless LAN controller will also be connected to the marked layer switch okay [Music] Wireless line controller we just click on the wireless devices and we choose 25.04 w w l c okay all right okay good so what I'm gonna do is just to um connect they already placed devices for example I'm going to start my connection from this switch to the firewall okay then from this firewall to Okay so we've done the first part of a connection so remember we've been told that also here remember that you've been told that um the company is using Microsoft Azure Cloud platform okay so we should do include uh something like a cloud router here so I just choose a normal 2911 router okay all right then uh now the Microsoft Azure are virtual machines a blob storage is uh and other resources like networking are hosted in the cloud so for example let's just say this is azure virtual machine okay and we have a blob storage here okay we're going to do naming later so you just have to know that uh this is our perimeter firewall it connects to SP router then I speed router connects to cloud in the cloud we find our Azure virtual machine Azure blob storage okay okay and all of these users users that we're going to place down here will be able to access the two resources okay all right all right so um it's a time now we place the end devices we place the end devices okay so among the interface the interfaces that we are going to place is a uh we first do with the access points access point for access point we're not going to choose the normal access point we are going to choose what's called lightweight access points okay so we just choose uh there 2 here is to place all devices okay so for example I'm going to place two computers in each day in each department and um a printer and also uh two wireless device okay all right so let me do it very very fast save time okay so what I'm going to do I'm just going to delete this yes I'm going to delete those and also this and change all the option for IP address back to DCP such that when we just configure DCP the device is picks IP address automatically and also for lightweight access points it normally doesn't have power supply okay then it's your responsibility to drag this power supply and put it there okay all right so what I'm gonna do I'm just going to copy this and paste it five times okay so guys we will ensured that each department remember we had six departments each department has at least computers a printer an access point and wireless devices okay and the Magnetic wireless devices we should also include a laptop because most of the users they normally carry laptops okay all right so I'll just for laptop you just click on the laptop then you turn it off first then you remove this card that slot then you put this one which is for wireless WPC 300 for wireless okay wireless card okay and you turn it on again now you copy it five times copy paste all right so we managed to place all the devices in the net in the topology so what is remaining is just to connect them to the multiplayer switch I'm into this access layer switch remember this success layer switches although in packages there's 24 ports but the one that have been purchased are 28 parts so each department at least should have um I mean not 10 Port but 20 pots going to each department 40 airports so let's just say we reserve eight and use 40. 2020 per Department okay so let's say this one uh this department which is uh the first department will take from from this one one two so from three to twelve okay then this one will take from 13 to 24 okay all right being that in packets uh it's only 24 parts we cannot find 48 Parts okay all right so I just do it very very fast for example let's start from four to one to put 2.12 I mean Port 3 to Port 12 because 1 and 2 has been taken by trunk okay so from Port 3 to Port 12 will go to this department then we'll start connecting these from port 13 Port 14 Port 14 I mean 15 and 16 okay something like that so I did very very fast save time thank you okay so we need to connect other devices to the access layer switches so what's meaning what I was forgetting actually was uh IP fonts remember we have voice Gateway here and the voice Gateway basically is from IP files okay so let's include IP funds very very fast so what I'm going to do I'm going to include two IP fonts in each department so just come here and choose a p font just a normal IP phone okay okay so let's just put one you need Department and after putting one just click on it and drag the power supply and put it there okay because they don't have power supplies by default and I copied Okay so we've done the connection and as you can see this is the topology that we are going to use uh to I mean that we're going to implement so we've done with our design and we're just remaining is just cutting out the naming which is very very important and a little bit of beautification okay and that's we're going to do in no minute so for example I start with the server form so I'll just say this is a DMZ switch okay so we're done with naming so we can go ahead uh to separate the borders or do a little bit of uh um beautification so I'll start with the DMZ okay guys so as you can see I've uh my need to complete the decent part of this project and this I can just explain a little bit of this decent part we have the firewall at the center here if I connect the file will connect to ISP which is the outside zone is ISP connects to uh Azure Cloud which contains these resources okay then the firewall connects to our core switch and the cost which connects to our access layer switches through your channel this is a redirected links okay all right and also from the course which we have a Cisco voice Gateway and wireless LAN controller and the access part you can see here the computers we have the voice of IP we have a printer we have uh access points and the wireless devices okay all right so when you go back here you see on the DMZ we have the servers the ad server which is responsible for um several functionalities in every Network infrastructure okay then you have the Erp Server email server and the file sub okay all right so I believe we've done the first part which is um Network decent and beautification so let's go back I mean let's go to the second part of basic settings to all the device okay or so okay so to begin the basic configuration there are some devices that we're going to configure and there's some devices that we're not going to touch for example we don't have control over ISP routers is the internet company that has um the control of their routers okay we don't have control over the uh Cloud platforms I mean Cloud route is the cloud uh provider that has control of their infrastructure right okay so for the basic configuration we're going to configure firewall uh the inside Network and the DMC okay all right so I'll start with the basic configuration of the file so just click on the firewall okay and just come to CLI and Minimate a little bit and just say enable so firewall normally as a password by default a blank password so what you do just hit enter without writing anything okay and just write config t okay then what do you want to configure on the firewall we want to configure the Austin enable password username and password only on the firewall okay all right so uh just say hostname awesome to be let's say perimeter firewall okay in the intender then enable password just write enable password to be uh let's use Gtech one no I'll just use Cisco for passwords okay make it simple then username and password username to be let's say admin now Cisco Cisco okay Cisco password to be Cisco Cisco okay and hit enter another thing that you can configure here can you configure domain name yes you can configure domain name just say domain name domain name to be Cisco .com or cisco.net that's all we can configure on the firewall and let's save the configuration how do we see the configuration of the firewall very simple just say write mem right memory that's all so being that uh the configuration of the routers and the switches are normally similar in terms of basic configuration we just do confirmation on one device then copy and then write commands on the notepad as our culture and copy to all other remaining devices so I'll start with this router here let me start with the access layer switches so let me start with the DMZ switch yes so for the case of DMZ switch uh what do we need to configure we need to configure a lot of things here as you can see uh in the in the requirement part we are required to configure a basic setting basic settings here post names console console passwords enable password Banner messages encrypting all password and disabling IP domain lookup very simple so when I go back here enable uh config so let's start with uh let's start with the hostname so just say awesome name to be this is DMZ switch okay okay then enable password enable password to be we use Cisco everything in Cisco okay then Banner motd Banner motd then we write our message inside two characters so let's say today we want to use uh huh asteric then inside you could come back inside the asterian right uh no unauthorized access this is punishable by law yes and you just eat it another thing that we want to configure here is username and password so just say username everything to be Cisco username to be Cisco password to be Cisco okay then domain name I just say IP domain name to be cisco.net okay and another thing land console password so just say line console land console 0 Ctrl 0 password to be let's say password to be password to be Cisco so everything to be Cisco okay then login whenever the user writes the password authenticate him or her okay and it enter exit exit exit the line then let's go back to our requirements again and see uh among the basic settings we need to encrypt all the passwords and disable IP domain lookup okay so uh-huh so let's just encrypt all the password how do we encrypt all the password before we can clip the password let's uh disable a p domain lookup just say no IP domain domain lookup and do it enter now encrypt all the password how do we encrypt all the password you just say service password encryption and hit enter and do right so that's all basic setting that we can do on the switches so what we're going to do we're going to write these commands on on the notepad then copy to all of the remaining device just write notepad and how do we configure uh first before you enter a device you normally say enabled then you say config okay then you write host name okay host name to be uh this now Cairo access which one you just say Cairo access switch one okay and then another thing that we configured here was um enable password enable password just say enable password to be Cisco then Banner motd I'm just going to copy all of this thing here the way I wrote it otd okay we just copy let's burn a message and sorry another thing that we configured here was a username and password so I just copy username and password and paste today to to our Notepad another thing that you configured here was a domain name IP domain name to be cisco.net and we'll just write on our Notepad another thing that we did here was all about align console so for line console we just write a line console 0 then password to be password to be Cisco okay then logged in the user authenticate the user and exit the line interface right okay so another thing another thing is all about disabling a p domain lookup I just copy it I will just copy uh disable a p domain lookup and finally encrypt all the configure password you encrypt all the configured passwords and you do rights so I copy this and paste to all other devices so when I go to other devices what I only change is the hostname okay for example Cairo access switch 2 switch 3 then you go to Cairo core switch Cairo I mean Cisco Gateway things like that okay all right so I did very very festive time so we are done with the access layer switches and auto adjust remaining with is uh the core switch and this voice Gateway here to configure basic setting but remember we were using 3650 switch for 3653 switch when you click it and try to come to CLI you find this uh prompt here this error here the device must be powered so to power on the device is very very simple you see this one this is a port for this this slot is meant for power supply so just drag this AC power supply and put it there and close give it like uh five seconds and you click again and then now when you come to CLI you can see it's now booting okay all so let's let's wait until it boots then proceed with the confirmation just so you know here okay all right so I'll proceed with pasting the commands okay so we're done with the uh basic device configuration and that's now completed we've done basic configuration the firewall the first router the core router and the four axis layer switches okay all right so let's go back to our Notepad so we go to valence where we're going to configure prevalence wired Wireless and voice vlans okay all right so to configure the vlans basically we need to identify which interfaces to uh to assign the valence IDs okay all right so when you start with the list and we're not going to configure vans on the DMV switch okay we're going to do balance here on the inside we're not going to do vlans on the DMC so when you start here for example any um any port that connects the printer or a computer we are going to send to a wired villain a port that connects to um this lightweight access point we're going to send to wireless Villa a port that connects to uh epiphon we do voice VLAN okay so it's very very simple if the first thing just click on the switch and you create the three vlans so what I'm going to do just say uh VLAN uh they were blend 50 60 and 101. so plan 50 you name us name as uh y land just say LAN then we learn 60. we learn 16 name as Willa debut land okay then finally villain 101 name as VoIP okay exit all right so this has been created on the switch so we need to assign these vlans to interface okay so for example the first thing I do I'll try to separate uh uh the yes that says points and see which part they are connecting to so for example uh huh so this is what six and these computers were connecting from Port 3 to uh 0.5 and the vibe is connecting to Port 7 good so what I'm gonna do what I'm going to do I'm going to write this command here so for example because Port 1 and part 2 will be taken to by track so interface range three to five f is three to five you can see it's uh huh and this and this okay then also seven okay so each spot should be able to contain both data and voice traffic but now this is this will be for wireless so this one for wireless which was the last part uh which was the last part on for the HR and finance I think let me just Uber here the last part there should be Port 12 because you can see from 13 is taken by brand and marketing so let me connect this access point because because it bring chaos here let me connect to the last port okay I will connect the access point here to the last part also on this point I'll try to connect this access point this Express access point to the last spot which is Port 24 here okay so I'll do the same on the other remaining access points make sure make sure you connect the access point to the last pots okay to bring a kind of consistency okay so I'm gonna need to connect the access point to the very last part in that department okay so the last part in the First department is always Part 12 and the last part in the second department is Port 24. so I've connected the access point to patroloff and Port 24. all right so in this case uh we're going to designate from Port 3 to port 11 both data and I mean both wired and um both the data and voice traffic for Lan VLAN and vape villain but part 12 we're going to designate for uh we learn we learn okay all right so this is what I mean so from so interface range from fa 0 3 to 11 now okay good then we just say switchboard mode switchboard mode access good then switchboards access VLAN villain what VLAN for data now for data in this case we use wired VLAN white villain mostly learn uh 50 or villain 60 let me check uh huh VLAN 50 that's for Wired okay good then frequent voice VLAN for voice of Ip villain 101 okay and do it enter and you exit that range then you go to the last port which is point 12 interface for 12 then we just say switch port mod axis then switchboards access VLAN 16 form foreign so you can see it's pretty much fine okay all right okay so we're done with the HR and finance department so let's go to brand and marketing so for the case of brand and marketing so uh we just do the same thing so uh interface will interface range that's that range interface uh let me just go back and copy the range this range here not not actually now it will be from 13 to 23 so interface range interface range fa 0 13 23 okay which which will be in what learn word okay what are the users okay so just a switchboard mode access okay then switch part access access VLAN 50. lens report uh voice villain 101 good exit then you go to uh the last interface which was uh Slash 24 for wait for wireless okay we put mode access then switchboard access VLAN 60. exit and do right so if you can just say do show start again I mean do show villain you see these has been there okay all right so we do the same for the other two switches very very fast save time so let's start with this one the first thing that I'll do I'll just write commands on notepad Okay and we copy paste to all the two switches so I want to do first you create the vlans just single VLAN 50 then we name it uh learn okay we learn uh 60. we name it as uh we learn okay Infinity we learn 101 we name it as uh VoIP okay all right and we said that from part one so interface range foreign okay then switchboards access VLAN 50 for land users that's why I'm going to use a cables to their computers okay then remember a switchboard should be able to carry both data and voice VLAN Source we put voice VLAN 1 1. exit the two interfaces okay all right then we go to uh interface copy add 12 okay switch mode switchboard mode access report access VLAN 60. okay exit that's this is for only one Department remember a password you have two departments so we must double we must at least copy this so I just copy them I copy and paste here so I think this from 13 to 23 yes 13 to 23 yes good then this one I think to 24. and everything is now okay so this is what I copy in all the two remaining switches okay all right so I believe everything is right here just copy when I come here and paste all right so we're done with the uh valence configuration on the on the access layer switches so it's very very important that the villains that you config on this side are also configured on the Matlab switch and remember this wireless LAN controller should be in the same villain with the access points this wireless controller should be in the same villain with these access points okay so remember the access points for wire wired users were in VLAN 60. so let's get three Valencia it's very very important that the multi-layer switch has the number of villains they access layer switch apps okay okay so you can just see the VLAN 50 and name as LAN I will learn 60 name as we learn uh huh name as we learn uh villain villain 101 name as uh Vape go to show return do show Villa okay so that's done so what what I was saying is that this one is land controller should be in the same villain with access points and remember that this points were in villain 60 number 12 here is in villain 60 okay all right so I'm going to ascend this port which part is this one on the other side uh huh you can see it's give one zero three so we're just going to say uh interface big one plus zero slash three uh mode access Port access Gillan 60 good exit and do right so basically we are done uh with the valence okay all right so uh what's next what's next that we should do uh let's go here assignment plus all access and track ports on layer 2003 switches okay for trunk we are going to do later when you're going to configure either channel uh podcast and beat video guide so basically what I want us to do is to configure uh either Channel between this switch and this switch this one these are and these on this one okay so between uh the multi layer switch and the access layer switches okay so let's do what's called either Channel and we're going to combine that with so let's start we first identify which interfaces are these so this is fa1 and if it too so we just go here and say uh there's a password the password is Cisco so enable uh password is Cisco so config t interface range fa 0 1 to 2 okay then remember we want to configure either Channel how do we configure either Channel we do what's called wicked what's Health Channel group so we just say Channel Channel group Channel group one mod we are going to use lacp remember we were told here to use lacp where is it your channel LCP as the method okay so uh Channel group mode lfcp user switch mods which to uh mods active passive okay all right so we just say active and do it end okay and remember we want to configure um uh huh we also want to configure trunk on these interfaces so we just exit and go to what is called report interface ports Channel Port channel one or channel one you can see interface Port channel one was created because we wrote Channel group one okay then we just say switchboard mode trunk and hit enter exit then how do we configure um podcast and the pdu guide so you can see here we've been asked here to configure spanning to report fast and BPD yogurt all right so what we do here for part first we configure on all the interfaces all the interfaces uh that um that are access that that are in Access mode so all the items that are in Access mode are like interface range three to twenty four and you eaten and we just say spanning three spanning three port first and returned then another thing we just say spanning 3 bpdu guide the uh spanning tree but first deep pdu uh just a minute spanning tree bpdoguard or fast just just a minute query enabled pdu card enabled and hit enter exit and do right so we've done spanning tree protocol podcast and BP do you get and if I can just say do show start you can see the first two parts are in trunk mod trunk and the duration has been there and all of the other remaining parts you can see access villain 50 uh voice villain 101 spanning 3.5 enabled so the difference be the reason why we are configuring bpuger let me just show you when I put this computer here let me just this computer here and take a cable take this one and just just take this one and connect this computer and connect this switch you see this link is still blinking orange it will take around 30 to 45 seconds between before it change to Green so to eliminate that we configured corresponding tree protocol for first and so let me just try to connect this computer to this switch any port on the switch you can see it has turned green immediately okay all right so let's do the same on the toe switches all right so I left the commands on Notepad same commands I write the command stop interface arrange fa 0 1 2 2. one to two either Channel okay just say a channel group Channel then group make sure you write correct English uh Channel group 2 now this is channel group one okay then Channel group two now Channel group 2 mod active okay all right then exit the the range then enter interface port Channel two okay personal two three port switch ports mod trunk we're done there exit there then now we go to podcast and spanning tree protocol bpdu guide okay so how do we do that we just say interface range fa 0 3 to 24 okay then we say switch uh we just say a spanning tree let me just copy what I wrote here save time we just say these two commands we just write these two commands yes and that's all about either Channel and spanning tree protocol yes we just set this to command and exit and do right so I copy these commands to the two switches because they add similar uh interface configuration and assignment so I just copy them we come to this switch okay all right so that's done that's done we've managed to configure purpose BP Dugard and either channel on the two the three switches so let's go here also to configure uh either channel so that either Channel confirm between the multi-layer switch and the access layer switches okay so uh the first thing we're going to read this to uh interface this gig0 form gig one zero form and geek105 so we go to Gig one zero four and one gig0105 and we just say uh interface range uh gig Ops gig one zero one zero four to five okay then we just say a channel group one okay mod to be active and you hit enter okay and exit so we enter interface what Channel One bit Port mode um trunk exit and do not do right now so you see the the links between these two switches will be uh in forwarding State no one none will be in blocking state will be green green okay so let's form between this one and this one so uh this one is a gig 107 gig 106. so I just do the same thing so uh guys have remembered uh while configuring either Channel between this switch I mean when configuring either channel here I made a mistake I wrote as a channel group two remember Channel group two was between this one and this one this one was Channel group one and this one is channel group two this one should be group 3 not group two as I configured so you can see here I kind of figured uh your channel to be Channel group two but it should be Channel group T so let me just correct it very very fast uh huh so I just copy that and uh just a minute so interface range fa zero slash one to two then you just say no we negate that command yes we negate that command and then we right now again we paste and write three Channel group number three yes so uh interface but Channel 3 . mode trunk exit do right so let's go to the multiplayer switch and complete the either Channel formation between the multiplayer switch and the access layer switch here you can see all the links between the two switches are now green green so I just go here again and uh we read the interfaces fast this one is a fs09 and the other one is a fair zero slash eight so eight and nine to the port channel number three so interface sorry okay so H and nine yes eight eight and nine then Channel group number three Channel group number three mode to be active still so challenge of group number three more to be active still you exit and interface for channel number three to be trunk so data channel will come between the multiplayer switch and this access switch and guys I see that uh this interface which is a gig 03 should be in VLAN 60 and you can see it was already placed there and uh also this interface see this interface should be trunk okay it should be trunk because uh we want to allow the passage of multiple villains so we can assign this to a trunk or we just assign it to voice VLAN because you know this route is used for vault so the best thing to do is just to configure it as trunk okay okay so this gig 102 so interface gig 102 to be configured as trunk so uh interface gig one zero two three part mode to be strong good exit yes so when this is trunk uh this is accessport and all of these are either channel uh okay all right so let me just confirm again yes so that's all about Channel podcast and be video guide so let's go back to our notepad and see what's next subjecting and appear dressing guys basically submitting is always uh is is a must in every in every um Network design and implementation so in my case similar netting number takes a lot of time and I've already done subnetting so I'll just show you the subnetting I mean addressing table so this is our addressing table all the Wi-Fi users are going to be this in this network all the wired users those are going to use the ethernet ports on the walls I'm going to get a PLS like this one phones I want to get this ipv I mean IP address all the devices in the DMZ I learned to get these IP addresses okay and you know IP addresses between the firewall routers and the player 3 switch so between our firewall and the Matlab switch we're going to use that one between R51 and the SP we want to use this one uh between the ISP and the cloud we want to use this one then inside the cloud our VMware I mean our virtual machines and blob storages I'm going to take IP address on that range okay okay all right so this one should be zero yes so this is a very simple and straightforward uh addressing table just tell you that Wi-Fi users take that block where where the users take this block IP funds and the servers very simple so uh to do that I'm just going to do a little bit of comment on the on the on the topology so I did very fast save time all right so guys basically um done with the comments about um IP addressing so you can see I was I've even written uh something here like quiet uses to get to take that block Wi-Fi uses that block IP phones that block and finally the DMZ for that blog okay all right so the next thing that we do here you can see uh on number four it was about uh subnetting and a p addressing so we're going to start issuing a peer addressing addresses so let's start with the firewall so for example uh this interface which is a gig one slash one to take 10 10 10 30 one okay so you just go to the firewall and uh I just say so in the firewall guys this is where uh there's always a difference when you're configuring uh IP address on the firewalls interface so just say interface gig one slash one and you can see you can see it's down so just say no shirt and now it's up okay all right so we want to send a p address there we just say the first thing that you do before your sign IP address give the interface a name of the firewall because when you're doing firewall policy we refer to interface with its name so just say name if name if that's how we give it a name name inside copy scraps is inside interface okay and just hit enter and there's something something that we normally call security levels because inside We Trust our inside Network we give it the highest security level just say security level to be 100 the most trusted okay now we can just um 10.30 .30.1 then uh solid mask is 255.255.255.252 into it enter and exit so we go to the second interface which is the DMZ the DMC you can see it's a gig one or two so we just go to Gig 102 gig one two okay then no shut okay now you can see it as stand up so the same this second thing we do we give it a name very very important if you don't give it a name now you'll have problem in the future name if DMZ the military zone okay then security level we partially trust our DMZ okay so we give it a security level between 1 to 99. so in this case I'm going to give it a screen level of 70 okay because we partially trust our TMZ all right then now we assigned a p address iPad to be 10.10.10.1 okay Third Mask of 255.255.25.255 dot uh flash 28 notation is equivalent to 240 yes to 40 I believe yes and exit that now we go to this outside interface which is gig one three so interface gig one three we do the same thing no shut okay and then we give it a name is outside cups okay then security level we don't trust outside we give it the lowest the list zero being that this is a public IP address I believe that there is pin only takes the first appearance so the firewall should take the second IP address so the firewall will take something like uh 197 iPad to be 197.200.100.2 because.1 is taking is taken by the ISP and the subject I mean the supplements 255.255.255.252 hit enter exit and write memory save the configuration okay all right so guys I'll go ahead to configure IP addresses to this is sub to this interface of the uh the of the core switch so that interface is uh so that interface is a gig 1 0 1 yes so to to configure pair this on this on the monthly switch interface you know you must turn that interface too I mean you must turn that switchboard to imagine uh three interface just say no shot no switchboard it's it's a switchboard by default so make it a layer 3 interface by using which command no switchboard and you eat it now Ascend IP address just say iPad one and two 10 Dot under 30 to 30 30. 30.2 because that one was taken by this interface okay 255 255.255.252 exit and do right all right okay so what's meaning is just to configure iPad S2 the DM the service okay so let's say This Server will take 10 10 10 uh 10 10 10 10.5.6.7 1.8 and the default gate will be the appear deserve this interfaces okay all right so let me do let me do it very very first step time okay so I've done IP addressing on the servers and remember at the ad server here is our DCP server and it's also our DNS server so it will act as the dnsr4 all the devices in the network okay all right so what is remaining just to config IP address on the sitcom uh ISP Azure Cloud router and the two resources the VM and the blog story which I'll do it very very fast save time remember this interface will take 187 200 100.1 because the two was taken by this inside okay this this interface I mean okay and this one will take 2021 2022 30 31 and this may be 30 30 10 30 30 20. I did a very very first step time together okay so I've done my care dressing and all the required devices in the topology so I'll go back to um I'll go back to uh the notepad to see what's next all right so it will not routing on the multi-layer switch and to configure a PL per address okay so we're going to do uh interval and routing basically in the uh in the in the in in the month in the month later switch okay all right so we're going to the internet routing for how many villains well for this case we're only concerned about the wired and the wireless because the voice Gateway the first gateway is responsible for communication of the IPA funds in the network so we're going to only going to create how many uh this voice Gateway will hacked as the the Gateway for the IP fund so we don't need to create an svi we don't need to do internal routing form uh for for the IP phones or the for the VoIP villain on the multi-layer switch we'll do it here on there Cisco voice Gateway so on the multitask you're only going to do carry out to calculate two svis one for who will learn another one for WLAN wired and wireless all right so I'll be do internal routing with create what's called fzis okay it was called SV highs so uh how many SVS do you want to create only two four plan and one one Wireless so we can say interface VLAN 54 wired users for uh learn users okay all right and we assign it IP address remember we said that um just a minute for what for Wired users they should add this block of address okay so just say IP address the first thing that you do is always make sure no shut okay then I send the appear this appeared as 192.168 uh Dot 10.1255.255.255.0 and do it then tab exit 60 which is from Wireless users no shirt not shut so for wireless users for wireless users just write IP address to be you see this wi-fi users is uh 10.20.0.1 the first appeared is solid muscle 255.255.0.0 okay exit and do it and when you go back here or we forgot to write IPL address so let's go inside each svi and uh configure the IPL address remember address allows the uh and allows those devices to reach the DHCP server so we are telling that we forget with that whenever they receive any requests for IP address or location please for that request to the to our DHCP server so let's go to inside each svi and just configure IP Alpha address to B the P address of DHCP server remember our DCP server is located here in the DMZ so it's 10 10 5. so we just go back here and write 10.10.10.5 okay then exit let's go to the other svi which is 50 and configure the same command yes do do right and do show start so you can see uh We've created how many sbis two svis send them a PRS and uh configure the configure Dems dscp relay agent so that they convert the request to uh their DHCP server good so let's go back to our notepad and see what's next configure static IP address to the DMZ server or server from devices I have done that so DHCP server configuration we need to configure DHCP server uh so that it can allocate IP addresses to our devices so here we're going to configure how many pools two pools wire and Wireless tools okay word for Wired users Wireless for wheel and users okay so just go to a d server which is uh is acting as our dsap server then come to services uh then come to DCP okay and the first thing you do make sure you turn the service on and the second thing turn everything to zero zero zero everything that you find here turn them to zero zero zero okay after you've done everything to zero zero zero just click save all right so that pool is will not be used all right so let's start with why wired uses our wired users remember that you forget we for Wired users is 192.168.10.1 we reference this here okay 10.1 which was the IP address of the svi DNS server is just the ad server which is 10.10.10.5 good when we want the DCP support to start giving a periods let's say from one and two uh 168 10. let's say from dot 11 yes that 11 is okay select mask of uh of a line here you can see it's two five five uh two five five uh two two five five dot zero then how many units do we want let's say we want how many users in our Network even 220. and you just click out before that you modify the pool name let's say this is a learn learn users okay just click add okay then let's modify this learn users and let's make it as WLAN and whatever you learn uh you can see they were using this block 10 10 10 10 .20.0.1 you can remember that was the P address of the svi and DNA server Remains the Same now startup here is 10 20. [Music] 0.7 let's say we want it to start from dot 30 okay dot 30 okay then select much you can see it's Class B good then how many users do you want we only want 1000 users in our Network and uh let's save Wi-Fi users you you know you never predict how many Wi-Fi devices or wireless devices you will have in your network okay all right so you have to be very scalable and I click save good so we have uh Weiland you uh wheel and Pull and learn pool so in this wheel and pull remember the villain pool the villain pool uh the the device that is responsible for connecting wireless users are the access points okay and the access points are control for them to connect Wi-Fi users because you cannot configure this and access points you have to manage them you have to control them you have to configure them from a controller which is wireless LAN controller so for you to configure them then this must be there so we just go back to our ad server okay and underwear let's pull you see this this place where we will see addresses now here we write the P address of wireless LAN controller of which I didn't do so let me configure wireless LAN controller to have this IP address just click on one let's click on controller click on config then come to management and under management uh you can see our IP address is like 10 Dot 20 20. 0.10 let's type.10 Okay then our solid mass is 0.0 and the default gateway is uh 10.20.0.1 DNA server is a periods of ID servers so this IP address which belongs to Cisco wlc is what we call we include during DCP server configuration so we just come here edit server then under wheel and pool we write that IP address here 0.10 the IP address of Wireless Lan controller here okay good and I just write save good okay so that's done that's done we go again and ospf on the firewall routers and the switch so guys basically uh isps is very very important uh because uh it enables uh the devices to fire routes so SPF is a routing protocol so we're going to configure SPF here on the mat layer switch here and how many networks are we going to advertise here we are going to advertise um let's say two networks only wired and wireless okay because uh for voice is a responsible responsibility of this Cisco voice Gateway okay we didn't create svi for voice Vibe here so is this router that should advertise uh The Voice subnet okay all right so let's configure ospf here I click on that switch and the first thing I do remember these are much layer switch a monthly switch acts both as a router and a switch so before I text the router you have to enable that functionality so just say IP routing now it can be a route and we can be able to configure uh or ospf or any other routing protocols okay all right so uh let's just say router or SPF let's use a process ID of um uh 30 35 okay then the route ID route ID to be aha router ID to be let's say 1.1 Dot 2.2 then the networks networks to be 192 the networks are two only two networks dot 168 Dot 10.0 uh with the welcome 0.0.255 area zero another network is so uh wireless network the network 10.20.0.0 the market must go 0.0.255.255 area zero good exit and do right right so we go to the firewall and advertise how many networks we are going to advertise uh three Networks one two three so we just go to the firewall we just go to the firewall and advertise three Networks so we just say router router ospf 35 okay and then route ID rotate it to be one dot 1.3.3 okay then the network of uh we have we have how many networks here we have listed with 10 oh sorry guys in this smart layer switch we were supposed to advertise three Networks wired Wireless and these one so let me advertise that that remaining Network very very fast before I go to the firewall sorry for that so we'll just go back to just go back to Orlando SPF 35 then we advertise which network here yes wherever ties 10.30 just a minute 10.30 .30.0 the worker mask of uh zero uh here is three days three because let's start Innovation hit enter and exit do right now so we are done with that we're done with that then we go to the firewall go to the firewall and advertise this network first which is [Music] 10.30.30.0 then in firewall we don't write 12 cut mask we just write submit mask 255.255.255.252 area zero another Network is for DMZ so I'll just write Network is 10.10.10.0 then the world column is 255.255.255.240. area zero and the final Network is for the public IP address just so it Network 197 .200 that's 100.0 with the service master 255.255.255.252 area 0. exit and do right good oh sorry if I will write write memory you can see it has from this this that the file is form a neighbor with a fast router okay which was one one two two two okay idea right okay so if I will we don't try to do right we just say right memory good so guys I'm going to configure ospf on this router in this data very very fast step time because I believe in how to configure SPF you only advertise the directly connected networks very very fast okay so before I may be by proceed I can see there's a duplicate address here I configured two interfaces with the same IP address so 2021 2021 is uh is also a playlist of this yes so on this side also there is a 2021 so let me change this this IP address to 2020 gig0012 2022 instead because these are duplicates okay so we just sent this to two good that's all so I'll proceed with the ospf configuration very very fast now to save time all right so basically guys I've done a SPF configuration in all the devices in the network so we've enabled routing in the network and to test that before we test that let's go back to our notepad and see what's next firewall firewall interface the critical zones and levels that's already done you can remember that was done uh during uh IP address allocation where you are a writing uh interface names like inside we give it a security level or maybe 100 but outside uh in the race we give it a skilled level of zero percent okay okay so we go to firewall inspection policies as per now this firewall here although it has been configured with basic settings it cannot allow any traffic to go through it unless we specify by default firewall will deny average traffic unless you allow it so let's let's allow traffic let's allow fast let's allow all these hosts here to go to access I mean to access IP address home the ad server okay all right so it's very very simple very very simple so just click on the firewall and the first thing that we want to do we want to enable Nat said that when when this host here is trying to access uh the cloud resources they use not so let's configure nut on the firewall to translate the private appearance into public IP address when the developers or Cloud Engineers are trying to access the Microsoft Visual resources okay all right so what we do we will do what is called we create object object Networks on the firewall and bend not there so we just say object object just a minute object Network then we give it a name let's say we want from inside to outside so just say inside to out okay and do it enter then we specify the subnet that is going to use uh the summary that is going to use um these nut so the first subject that we want to use we want to use this nut is the wired people the white people as a as appearance of 10.0 the server mass of 255.255.0 okay all right sorry 255.255.0 then we're at Nat okay we write not here so the nut here will be from inside to uh outside okay so nuts to apply between inside to outside inside interface remember the inside interface is just a name of which interface of this interface so the nuts should be applied between this nut inside this is not outside okay and that's the importance of giving the interfaces name then what to say now we just say dynamic uh-huh sorry just say here Dynamic interface and hit enter exit so so let's create another object Network for uh for wireless users we just go here and we say object uh Network outside too okay and now here we write the subnet for wireless users so you can see the wireless users add with subnet you can say subnet subnet was uh 10.20.0.0 okay with the separate password 255.255.255 no the class B address okay and hit enter now not nice to apply we just use the same because both ins both wired and wireless users are inside so we just use that one hit enter exit then another object network will be applied between DMZ and outside when they want to go outside okay all right so uh-huh we'll create another object Network all right so you can see the third the third object network was between TMZ and outside good so we just hit enter and that's all okay so after editing the three object networks remember the first object network was for uh between uh inside and outside to utilize which subnet the wired people the wired subnet okay wired uses the second object that of course between inside and outside to utilize which subnet the wireless wi-fi users the third object was to between the DMZ demilitation and outside to utilize we subnet the DMV subnet okay orders so the second thing that we do here the second thing that we do here after uh We've highlighted this object networks now it's at the time that now we configure default static crowd because we never know the destination that our inside host will request maybe that destination the firewall doesn't know that destination so we must tell the file that whenever it receives a request or destination that it doesn't know please for that request to ccom ISP route okay so let's do the philosophy crowds there so we just say a route a route outside route yes in firewall we don't say IP route we just say route through each interface outside the interface so route through outside interface okay which is gig one zero three route through outside interface then any IP address when you receive a request from any FP address that matches any separate mask any appearance with any subnet mask please route it outside to ccom router so you take the pr desk of ccom router which is uh which is a 197 201 101 okay just write IP address of of the ccom router that's all about the philosophy cloud in the firewall all right now that you've created the object Networks and specified how uh the addressing I mean I the private appear this will be translated when they go outside it's now a time that now we create inspection policies and enable this inside host to receive appear this home the DSP is over here okay now let's do that now click on the firewall and just go down we create tools called extended Access Control list a named extended Access Control list here when in when we want to create inspection policies okay how do we do that we just say access list access list uh access list let's name it from insert to DMS we just say in side hyphen DMZ then this axis is called access list uh inside DMG okay then it's extended Access Control list and permit permit icmp now we give the resources okay and I mean we give the services now icmp service icmp to Ping uh from any network from inside to any IP address on the DMC access code access list DMZ instead extended permit ping icmp is to normal list for Ping okay any appear this home inside okay then nap I address on the teams and we just eat it that's only for Ping remember we need to con to access uh the DHCP and DNS services and also web services email services and file storage Okay so we're done with the Ping let's go to DHCP the function that we must ask ourselves which Port do DCP utilize DCP utilizes uh is it TCP or UDP portrait 68 and 67. so I'll just go back here and con check on the internet so dhcpus utilizes support UDP Port 67 and UDP 668 okay all right so what we just say just the same access control is access control is the access control I just copy and tell this place okay all right so access control is to that one the same Access Control list permit UDP UDP uh-huh UDP any appearance in the inside to any appears on on the DMZ to access uh which service for DCP is 67 the port number okay then another port number is 68. so we are done with gcp Access Control list and inside DMZ accelerated permit UDP from any IP address in the inside Network to any appear Less on the DMZ and which resources should direct so which results are they allowed to access Port 67 and Port 68 which are for DCP now let's do for DNS so DNS is a DNS I think it's a TCP DNA spots first 53 but I don't know whether certificate uh huh okay so DNS uses both UDP and TCP Port 53. so in that case I just copy I just paste that access list inside DMZ permit uh UDP first any any equals to put 53 for DNS that's for TCP now now remember that DNS uses both TCP and UDP so you change that to TCP also into it enter then another thing that you want to allow here is web Erp system Erp system let's say it hosts uh the it's a kind of a website let's just see that okay so with a permit website website normally uh web normally uses switchboards uh put 80 for HTTP and put one one for 443 for https let me check https port https Port is 443. and 8443 okay so we're going to allow a lot to port and these all all these are TCP okay it's a TCP port web is always a TCP okay so as permit permit TCP any any equals to Port 80 for HTTP 80dp and also 88 for HTTP okay then for https we write 443 443 and 8443 okay all right then we go to email server so when email normally has a email normally has how many uh application I mean Services uh SMTP simple mail transfer protocol POP3 and high mark so for that one kindly do that because I don't want to write all of the three here now for file storage we normally have two parts port 21 and Port 20 yeah so you can you can complete for the case of email and file storage at your convenience time so it's very very easy all right so we've in we've explained uh the inspection policies here the access control list so remember we've just configured them but we've not applied them to any interface okay so it's a time that now we apply them to interface such that whenever a traffic gets into induct interface that traffic is inspected against all these policies okay all right so what we just say just say access group access group inside DMZ access group inside DMZ we just paste it there then uh to get inside which interface uh huh is it inside or outside to get inside uh no to get outside all right so how can this be yes outside to the DMZ when it's time to get to the DMS okay outside and interface DMZ into it enter and right memory you can just say show start and you will see the inspection policies firewall configuration is normally interesting but you have to be very very keen remember we started with creating object networks then we did start I mean the photostatic routing then we created the access control list to specify what resources should be accessed and link the access group to the TMZ interface such that whenever traffic traffic is trying to go outside this interface it's trying to leave firewall to this interface through this interface all these policies are inspected okay all right so such that now that we have explained the inspection policies I think uh these devices should be able to access should be able to get ipv4 addresses so let's try to try to request again okay so uh huh you can see it's so unfortunate that none of the computers are getting ipv4 address uh it's so unfortunate that none of the PV none of the computers are getting ipv4 address so we need to start troubleshooting where the problem is the problem definitely is in the firewall so let me just go to the firewall and see what we did wrong object policies object object networks were created successfully I can see uh all of them are correct default route is okay Access Control list I can see all of them and that's okay uh boot PS and boot PCR for um DHCP domain domain DNS ww for ITT http and exit Etc then access group DMZ out interface DM access group inside DMZ out interface DMZ so I think this is where the problem is it should be in ins I mean access group inside DMZ in interface DMZ yes so I'm going to negate this command this is where the problem is I believe so firewall is so hard to deal with you have to be very very keen on what to configure so don't configure correctly nothing will work so I'm just going to negate that command and make it in so that this is what I've done no access group inside DMZ out interface DMC okay all right so I'm just going to paste it again and change that sorry I'm going to paste it and change this to in yes access groupings at DMZ in interface DMC good right meme so if I can just say show start just want to see if it has changed yes so it should be this way access group inside DMZ in interface so if you can just go to that computer again why is it the computer that refused to pick IP address this one is so when we try to request so let's just give it some time if it will pick good so guys you can see uh we have successfully troubleshoot the problem I'll manage to enable these computers to obtain a pv6 address you can see all even this one has taken so and this one let me try to okay it will be DCP work here let me just see good it has worked so what about the uh the access points so let me check on the access points if they have taken ipf okay so you can see also access points have been configured ipv for addresses from the DHCP server so you can just see delft ipv4 address here all right so uh the DSP option has been enabled successfully so I just want to try to Ping uh the DHCP server and this uh wireless LAN controller uh-huh before that let me just try to Ping the word it's so important because I can see uh the couple of status between Texas points and the Access Wireless and controller has not been formed okay so if you can see I'm trying to move over this Wireless line controller and you can see it has taken it has picked a p address of 10 20 054 and what's important here is a cup of status you can see the couple of status is still not connected that's very very uh you can't configure the access points until that cupboard status is is synchronized to the wireless LAN controller so what I'm going to do I'm going to try to log into this one cool wireless LAN controller and configure it so how do you log into the wireless Nano controller there's something that I want to show you guys when I go back to our case study here we were told somewhere here that allow only senior network security engineer to carry out remote tasks so I'm going to designate one computer here let's say this is senior this is senior so let's say this is senior net engineer senior network engineer okay good so this is the computer of senior network engineer and I want to configure static IP address here I just want to configure static IPR this year I want to configure static IPR this year 182.168.10. let's see cineon network Engineers appearance of uh dot six okay and the full Gateway you can see it's uh 10.1 okay all right so just do it very very fast 10.1 the next server you remember is 10.10.10.5 the appearance of our um our ID server the appearance of our ID server okay so before we can configure uh the wireless LAN controller it's very very important to Ping it from the computer that you want to access okay all right so let's try to Ping well it's land controller ping uh 10.20.0.10 yes it's ping so we can access successfully configure wireless LAN controller so when I go back to our Notepad when I go back to our notepad uh we have been has to configure standard ACL for SSH this one I'll do later let's do wireless network configuration we need to configure manage this Wireless line controller so that all of these computers all of these uh are lightweight access points can be synchronized to the wireless LAN controller because if you can just over you can see if I just put my cash customer over that that led to it AP you can see IP address is configured successfully but cap up status is still not connected so we just go to the our cinem network engineer PC then you come you go to web browser okay after going to web browser now you write the P address up there wireless LAN controller so the appearance is 10.20.0.0 Dot 10 and you can see it enter you wait for around 20 to 30 seconds before it loads yes so uh you have to be very patient because um this is Packet Tracer and uh um the device like Wireless line controller normally load very slowly so you have to be very very patient like 30 to 1 minute 30 seconds to one minute so this is the interface over wireless LAN controller the first thing that we do we create a username let's say our username is Gtech and password is Gtech one two three here is did you take one two three and we just write start now we give the name of our wireless LAN controller so let's say it's a Gtech uh uh we learn good and then here we give our management appears the management IP address will remain our IPS that we configured there is 10.20.0.10 okay so every month you can remember it's a Class B address 245 255.255 uh all right Class B 0.0 okay and another thing that we do here is the default gateway default gateway don't forget 10.10.10 oh sorry 10.20.0.1 okay good then management VLAN just leave it there it is okay leave it the way it is and click next let me expand this yes so when you reach here when you reach here uh it's no way you start uh configuring the Wi-Fi names sicid so for example let's say we we want to create employees Wi-Fi and guest Wi-Fi so we just say employees employee employees for employees let's just say uh it's a Cairo tell code just say uh Cairo teleco just to say Telco amp okay for employees and this password will remain let's say uh Gtech one two three Gtech one two three and next good leave these divisions and click next so you can see our wife and I mean our username is Gtech and the device name is Gtech wheelan and the country is here uh the time is there and also the management IP address should be the appear days of the one that we used to access it management IP subnet submit mask and the default gateway then we have this way we create Wi-Fi names the first Wi-Fi name that we have created is called Telco amp foreign we shall have uh entered inside this uh the interface okay and just click apply so wait until you receive a prompt this is packages I have to know that so you just have to wait yes so after you've received this prompt that's you have to wait until you receive this prompt if you don't wait then you're going to destroy a lot of things you're going to place that device will be corrupted and you have to place it again so wait until you see this prompt and just click okay and also wait this is Packet Tracer it will take time you can see it's not even now responding so this is a bug in pocket so that needs to be corrected so you can see it's now booting so it's now booting so don't do it until it boots because uh uh it will not show you that it has finished booting just close this just click on close here and try to Ping it again try to Ping it extended ping iPhone t okay so you can see it has no it has now it is uh rebooted so you can go ahead let's cancel the extended pin you cannot now go ahead and log in again this is called Wireless line controller very interesting although pocket is disappointing because it's uh it's not responding every time uh when it comes to wireless LAN controller I don't know where the problem is normally coming on Pocket Edition it normally hangs okay so we'll just write the FPS 20 0.10 and we just hit enter you will receive this problem here which tells you that server reset connection so when you see this problem just include s here so that it becomes https and it enter and now we are able to login our username was Gtech the password was Gtech one two three and hit enter okay good so this is the interface of the wireless LAN controller this is the interface of wireless LAN controller and if you can go back to the well access points then I think they are they should click on wireless and see if any wireless LAN I mean access points have come here good so you see when you click on the acquire list you can see all the access points that you have in our networks are here plus their IP addresses now if you go to each other access point let's say let's minimize this if you go now to access points let's say you click on this one Cloud AP now you see uh the gigabit internet has taken IP address the cup of status is connected to 10 20 0 10 which is uh the pH of wireless LAN controller and the Wi-Fi that is available now is called Telco amp for Telecom Telco employees any any I mean that that applies to any access point in the in the network okay very very simple so let's create another let's create another um Wi-Fi for for guests now so to create another Wi-Fi for guest you just climb on under wheelands and to give it time this is Wireless line controller and Pocket Edition normally have problems with wireless LAN controller okay so to create another wireless I mean because let's create another Wi-Fi just click on go you click on go and you give it some time to load yes so let's say this is meant for Telco Telco employees okay Telco guests quests so this one is called Telcom Quest okay Telco guests and you apply and give me time to some time to load all right so when you come here when it's it has loaded just click on enable this one after enabled come to security reset password and choose this WPA peer2 okay then under WPF WPA2 parameters click on WPA2 policies all right then under authentication Key Management click on enable and write your password there of the guest Wi-Fi let's say the guest will be used uh the guest will use uh Gtech one two three still okay let's just make it simple good all right so apply and wait click on apply here and do it good annual Supply all right so when you go back under so when you click under we have to uh Wi-Fi networks this one for Telco employees another Telco guest okay always and if you now we go back to access points let's say we go back to this one you can see that now there are two Wi-Fi networks Telco amps and Telco guests okay we can change this to Telco we can change this just click on that one and you edit it just give it some time to load yes so now in the under profile name you can just change to Telco employees employees okay and you click apply and give it some time to load okay so that's okay so when I go back to the access points again and try to hover you can now see the providing Wi-Fi valence Telco employees providing Telco amp Telco guest providing Telco guest okay all so we can connect our employees and guests to any network so in this case a device will connect to uh a wireless LAN control I mean wireless access point which is near it or the one that has uh uh that has a strongest strength okay for example let me just like try to connect this Smartphone here okay we just go to this Smartphone come to config here come to ls0 okay and then we try to connect it to uh it's Telecom Telecom Telco amp okay then WPA to psk to B it was a Gtech one two three the password okay and we just try to close this one it will connect to that one which is it just is strength or the one near it you see it has connected to this one because it considers this one as highest strength than the rest okay so if we just try to hover over this smartphone you can see it has taken which which which appearance 10 20 0 dot something the one that we asked is to take okay let's try to connect this laptop to see which device it will connect to for laptop you can do config then you find this one as zero and now let's connect it to guest Wi-Fi we say sld is Telco Telco sorry Telecom guests and the password will always remain uh detect one two three and we close it will connect to a DL well I mean access point which which has the strongest strength all the one near it so it can consider this Cloud lap to as strong as strength than even this one so this is very very beneficial because it doesn't matter where you are even if you belong to IT department and you go to Cloud Engineers your computer will still connect because the cloud AP provides both uh Telco employees Wi-Fi and Telco guest Wi-Fi so I'll proceed to configure a Wi-Fi SSD and password for all the wireless devices very very fast save time all right so guys basically we have done with the code configuring the wireless devices so that they can connect to the access points so what happens is that a device connects to the device that it likes or it considers as a stronger Trend higher strength than the other one okay so you can you can find a device connecting from HR department and connects to S software engineering a piece so there's no problem at all there because it's beneficial maybe your I.T guy you move from that place to this place your device will still connect because you you have the correct username and password Okay so we've achieved um Wireless connectivity in the network and all the devices be itward or wireless devices can let me just log out can obtain IP addresses automatically from the DHCP server okay all right so what's remaining is that remember the main goal of this design is enabled guys to access these resources as per noun the guys here cannot be able to access these resources here okay so how to enable them to access the resources we use firewall so for now let me just try to Ping I'm going to bring uh cancel this I'm going to Ping from our Network kids I mean senior network engineering computer two ping 30.30.30.10 which is the P address of the P address of our minimize a little bit which appeared as of our virtual machine here it's 10 10 I mean 30 30 10 you can see it's 30 30 10. so I'm trying to Ping from our senior network engineer computer but you see all the requests are unsuccessful so to enable communication let me just uh issue extended ping so to to enable communication then we have to go to the firewall and tell the firewall that please allow inside users to access this subnet here okay so let's go to the file we're going we're just going to do the same thing we did here creating uh extended Access Control list and permitting relevant uh services or applications all right so let's create another Access Control let's just say access list access list let's now say uh inside true outside remember the first one was from inside to DMZ now we're going from inside to outside okay then commit uh permit permit uh the first thing is Ping TCP which is I mean icmp icmp icmp any n p so we're drilling the firewall that please permit icmp from any appearance in the inside to any IP address in the outside okay or just hit enter so I copy this one okay I can see I wrote it wrongly so I delete this one you can see this inside is having 2s so I just paste it and edit remove one as and hit enter oops permit uh access list inside outside permit icmp any appears from inside to any IP address from outside okay good so uh we paste the game uh Access Control list access list permit permit now for web permit TCP TCP TCP TCP any from inside to any on outside Network equals to Port 80. then put 8080 then Port 443 443 then port 8443 those for https so I think that's all because we want we just wanted to Ping and access these servers okay so a virtual machine we just try to Ping and access the at least www https okay all right so what we do here on the firewall what you do here on the fire hall now we bind this rule to the outside interface so let me just put this uh remember this thing is still pinging and all of the requests are unsuccessful or the requests are not successful so let's go ahead to Ping let's go ahead to configure let's go ahead to put this policy into the outside interface so I'm just going to say uh-huh I'm just going to say what do I say access group access group access group then I copy this make sure you're you're very very keen and uh I paste it uh it's outside then what do I say we say in which interface outside out access group inside outside in through which interface outside and it enter and just you see the moment we hit enter we've we've started receiving a replies so guys this was a very very important project for you guys so we're done with the firewall I don't want to track this firewall again because we've done configuring the necessary policies so in this video we're just doing a simple policy in the next video we're going to do a very complicated firewall policies all right so let's just close the firewall being that now we've saved and cancel this good all right so just cancel that and what's now remaining go back to our config guide telephone service well I don't think you'll consider this one because it's very very easy it's very very easy and I'm I'm we are running out of time so let's go to telecon telephone service on the router so that these IP funds can get appeared as you can see they still doesn't have IP addresses all right so how do we configure telephone service we use this voice Gateway you just click on The Voice Gateway come to see live very very simple and uh the password is Cisco Cisco enable Cisco good then conflicting then what do we do we configure IP address to this interface so here we do in terminal routing because uh The Voice IP I mean the IP fonts are in a in a VLAN so we have to do intervalent routing so this interface is gig and far00 make sure you choose 28 11 router so we just go to five zero zero interface five zero zero no shot good and exit now let's create a sub interface for voice VLAN so uh interface 500.101 remember voicemail was 101 and we just eaten and we just say encapsulation dot one Q one one okay then iPad IP address should be uh the first app available address here which is uh 172 16 10 1. so we just say very very simple IPR to be 172.16.10.1255.255.255.0 foreign exit good so let's click tools being that the sub interface will be the uh the default gateway of the IP funds now let's get pools to allocate um ipv4 address to their P funds good so we just go here and say uh pdfc people just enable the service first service DCP edit enter IP DHCP pool VoIP okay then the network should be Network should be 172.16.10.0 so it must go 255.255.255.20 then it's very very important uh to or included this this feature option 150 then let me query IP to use the P address of the default gateway with the sub interface that we had here okay and we just paste the sub interface there and do it enter exit and do right so it's the time now we create uh we create the dial number so we configure I mean we do we go into telephony uh configuration we just say telephone service California service hit enter then we say maximum number of Maximum e-funds to be uh we want how many funds in this network yes let's say uh let's just say 20 in the 10 in this case because we have less than 10 and then uh maximum directory numbers maximum the N number should my number of e funds okay and then let me quickly see what's next okay then we write IP source Source address let me query social address should be the P address of the default gateway which was this one okay ipsos address should be this is IP address okay 172 something that's okay so let me just write that then Part Parts to be part two thousand very simple exit so let's allocate the P funds their number because I've seen something like this like this server ping this one uh ldcp address config that's that this meaning that IP phones have started getting before addresses and if you can just over this one you can see it has taken uh we learn 101 has taken 172 16 10 7 we figured when you go to this one this one is not taking any IP address what about this one this one has taken appeared this what about this one this one is taken okay so that's how it's going so let's assign this IP fonts dial number so just say uh iPhone DM number one he found directory number one I'll just say number to be we were told here that the number should be in this format where is it here the number should be like one dot dot dot dot meaning 1001 1002 exact Etc so we just go back here and say number to be to be 1001 exit default external number two uh 1002 so I do it very very positive time okay so I've done uh the telephone service configuration and uh so we'll just wait for this IP funds to Pick n numbers that we've configured so I don't know how long will it take but uh we just have to give it some time thank you okay so I see everything as synchronized so if I try to over any iPhone um now what about the one that has picked uh IP address I can see they have not picked the line numbers so that means there's a problem with this configuration here so I'll try to go back here and say Cisco and now we're going to troubleshoot where the problem is conflict t sure start I want to I want to see my wife configuration this is my pool which is okay that's how it's normally been okay and then we go down until we see where our telephone is service telephone is service maximum number uh 10 maximum real number 10 I piss us that one then if online number okay I missed a command here there should be a command for auto assign okay question automatically so I missed a command below this one I should have done it just below this 200 okay 2000 okay or so what I'm just going to do I'm just going to copy this and paste and say telephone service and say Auto Auto assign let me query Auto assign yes from number one to number 10 because we have 10 phones that's what is because you can now see the phones are now registering so this is the only command that I missed or to assign from number one to number 10. now the phones are now registering and if I can just go here enter two over this one you can see this one what about this one you can see that this one has taken line number of uh zero zero one this one is taking only number of zero zero four okay so let's try to call from having this phone which has a let me go to GUI you can see it's it's having a one zero zero six to the one that is in HR this one and the HR phone you can see it's serving uh when you go to GUI it says it's serving one zero zero three so I put this one in this side and I put the other on this side and we try to call so let's try to call one zero zero six and there is no calling so uh we can just try to pick up and you see it's connected connected from one zero three and you hung up you try to call one zero zero three and four yeah so here you can also pick up and hang up good so IP funds are working wireless LAN controller is working firewall policies are working okay so mark that marks the end of this video uh and I believe this video was really helpful so let me just make this as look as Cloud just click on this thing and I paste it as Azure Cloud okay all right so please guys subscribe to this channel like this video share with friends and drop a comment below and in case you want this file just join the channel membership and drop your email in the comment section I'll email you and send you the file as soon as possible thank you so much and bye see you again in the 11th Enterprise networking project bye

Info

Channel: Gurutech Networking Training

Views: 19,844

Rating: undefined out of 5

Keywords: network, packet tracer, network projects, cisco networking projects, enterprise network projects, real-world projects, #networkengineer, #ccna, #cisco, #ccnp, #cybersecurity, #datacenter, #networksecurity, #networkadmin, #ciscocert, #ciscocertification, #itcertification, #computernetworks, #cisconetworking, #networkdesign, #routing, #networkadministrator, #networkengineering, #ccnacertification, #cisconetworkingacademy, #switching, #telecommunications, #ipnetworks, #gurutech, #gurutechnetworking, #benardotom

Id: w3DfcqZ8xOI

Channel Id: undefined

Length: 150min 12sec (9012 seconds)

Published: Wed Aug 23 2023