Test Project IT Network System Administration
Module C Cisco Environments
TP39_ASC2016_pre_EN
Submitted by :
Name: Mohamad Ropi Abdullah
Member Country : MY
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
1 of 10
Contents
This Test Project proposal consists of the following documentation/files:
1. TP39_ASC2016_pre_EN_Module-C.docx
Description of project and tasks
1. ALL INFRASTRUCTURE, SERVERS AND CLIENTS
a. Configure according to the topology diagram and maps.
2. ALL CISCO EQUIPMENT
a. Configure host name, enable mode password, logging synchronous and two users.
3. ISP ROUTER CISCO 1941
a. For ease of administration, enable SSH with local authentication.
b. Do not configure any kind of static or dynamic routing.
4. HQ / BRANCH ROUTERES
a. Configure static, EIGRPv6 and OSPFv3 routing. OSPFv3 routing serves as a backup routing
protocol. When EIGRPv6 is running then we should only see EIGRPv6 routes in the routing
table.
b. Configure High Availability routing for the LUXWINTOP network. Use a load balancing
protocol. Use authentication.
c. Configure High Availability routing for the MNGT network. Use a protocol that will use only
one of the two routers, preferably the HQ router, but keep in mind that we may migrate this
network to IPv6.
d. Configure an IPv6 over IPv4 Point-to-Point GRE over IPSec Tunnel between the two
routers, going through the ISP router. Authenticate and encrypt all traffic.
e. Configure VoIP system to communicate between HQ and Branch site with the following
settings:
User
Alice
Bob
Carol
John
Site
HQ
HQ
HQ
Branch
Test Project proposal for skills competition
ASC2016_TP39_EN
Line
1
2
1
2
1
1
Extension
101
104
102
104
103
201
Version: 1.0
Date: 16.05.15
Call Waiting
Yes
No
No
No
No
No
Device
IP Phone
Softphone
Softphone
IP Phone
2 of 10
f.
g.
h.
i.
j.
k.
l.
m.
n.
Assign the name HQ-CME and Branch-CME to each site respectively. The name should be
displayed on all IP Phones and IP Communicators once they are registered. Configure the
time zone to be GMT -3.
Customize each IP Phone such that the users name instead of the extension number is
displayed on the phone button. Ensure that when receiving a call, the username is shown on
the caller id instead of the extension number.
Caller-ID and DND must be enabled for all phones.
Users must be able to perform Call-forwarding and transfer their calls to other extensions.
Configure Music-on-hold using the attached MOH.wav file given on both sites.
Bob and Alice shares an extension 104. Enable both Bobs and Alices phones to ring
simultaneously should there be an incoming call to 104. E.g. Carol calls 104 and both Bob
and Alice phone will ring. Bob answers the call and Alice sees 104 is off hook.
Configure Call Park on extension 100 on HQ-CME to allow any user to park the call so that
any user can pick up the call upon dialing the call park extension.
Configure Local Directory Services so that users can lookup other users extension number
in both sites via the Services button.
Configure conferencing services to support at least 3 parties in a conference call.
o. On Alices phone, configure button 3 as a dedicated intercom line to Carol. Upon pressing
button 3, Carols phone will automatically answer the call in speakerphone mode with mute
activated and Carol will hear Alices conversation
5. HQ ROUTER CISCO 2901
a. Enable SSH with public key authentication so that users do not need to enter a password.
b. Restrict SSH access to the MNGT network.
c. Configure time synchronization with the NETLUXSRV NTP server.
d. Send logs to the syslog server at LUXSRV placing the logs in folder /var/log/cisco/ inside
file HQ.
e. Configure a Site-to-Site IKEv2 IPsec Tunnel with the REMOTE site. Authenticate and
encrypt all traffic to and from WINSRV and any other traffic as detailed in the access
permissions map. Use a different set of authentication and encryption protocols from the
tunnel between HQ and BRANCH.
f. Using a Zone-Based Firewall restrict what comes in and goes out, to the Internet, to the bare
minimum necessary according to the topology diagram and maps.
6. BRANCH ROUTER CISCO 2901
a. Configure aaa to authenticate SSH logins and enable mode access. The radius server is
LUXSRV.
b. Configure time synchronization with the WINSRV NTP server.
c. Use CBAC (Context-Based Access Control) to restrict what comes in and goes out, to the
Internet, to the bare minimum necessary according to the topology diagram and maps.
7. REMOTE ASA 5505
a. For ease of administration, enable SSH with local authentication. It should accessible from
the inside and the outside network, on port 22222.
b. Configure SSH, FTP, HTTP and HTTPS to be accessible on DMZLUXSRV.
c. Configure a Site-to-Site IKEv2 IPsec Tunnel with the HQ site. Authenticate and encrypt all
traffic to and from WINSRV and any other traffic as detailed in the access permissions map.
Use a different set of authentication and encryption protocols from the tunnel between HQ
and BRANCH.
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
3 of 10
d. Configure an AnyConnect Remote Access VPN for clients from the Internet to connect
securely.
e. Restrict what comes in and goes out, to the Internet, to the bare minimum necessary
according to the topology diagram and maps.
8. HQSW / BRANCH SWITCHES
a. For ease of administration, enable SSH with local authentication.
b. Configure portfast on all access ports.
c. Configure DHCP snooping where appropriate.
d. Configure an Etherchannel on ports F0/23-F0/24 on both switches. Use a Cisco proprietary
protocol. Load balance should be based on the source mac address.
e. Configure an Etherchannel on ports G0/1-G0/2 on both switches. Use a standards based
protocol. Load balance should be based on the destination mac address.
9. HQSW - C2960 SWITCH
a. Configure port security; WINLAPTOP_2 is the only device allowed on the MNGT VLan.
Upon violation shutdown the port, but recover it in 30 seconds.
b. Any device connected to port F0/10 can only communicate with a layer 3 device.
c. Configure port F0/11 to receive all traffic that is received and sent on port F0/5.
d. The only ports where we have DHCP servers are F0/5 and F0/21.
e. Configure portfast on all access ports.
f. On the Etherchannel on ports F0/23-F0/24, this switch should attempt to negotiate an
EtherChannel.
g. On the Etherchannel on ports G0/1-G0/2, this switch should not attempt to negotiate an
EtherChannel.
10. BRANCHSW - C2960 SWITCH
a. On the Etherchannel on ports F0/23-F0/24, this switch should not attempt to negotiate an
EtherChannel.
b. On the Etherchannel on ports G0/1-G0/2, this switch should attempt to negotiate an
EtherChannel
11. SERVERS
NOTE: Four basic VMs (Linux server, Linux desktop, Windows server, Windows desktop) were provided
to you so that you may save time on tasks that are not subject to evaluation on this Module. Should you
be unhappy with the base VM you are free to install the system from scratch. Considering there are 3
Linux servers in the topology, it is recommended that you configure one server with all the requested
services and clone it, but it is your decision and you may do as you please.
a. Configure the servers according to the topology diagram, maps and what has been
requested up until now.
Congratulations, you have reached the end of this module. You should have a full working data and
voice network. We hope you found it interesting and had fun implementing it.
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
4 of 10
1. Logical and Physical Topology Diagram ( see Appendix A).
2. ISP ROUTER CISCO 1941
ISPROUTERCISCO1941
INTERFACE S0/0/0
S0/0/1
GE0/0
GE0/1
IPADDRESS 1.1.1.1/29 1.1.1.9/29 1.1.1.17/29 1.1.1.65/26
HQ
S0/0/1
BRANCH
S0/0/0
1.1.1.2/29
REMOTE
E0
1.1.1.18/29
NETLUXTOP WINLAPTOP Eth0
NETLUXSRV WINLAPTOP Eth0
WINLAPTOP WINLAPTOP Eth0
1.1.1.10/29
DHCPfromServer:1.1.1.65
1.1.1.126/26assigned from
DHCP Serverat1.1.1.65
DHCPfromServer:1.1.1.65
3. HQ ROUTER CISCO 2901
HQROUTERCISCO2901
GE0/0.12
GE0/1.10
STANDBY
Auto
IPADDRESS 1.1.1.10/29 fdab:cdef:1::1/64 fdab:cdef:2::1/64
10.0.0.1/24
assigned
INTERFACES0/0/1
GE0/0.12
Tunnel
10.0.1.1/24
10.0.1.254/24 fdab:cdef:4::1/64
fdab:cdef:7::1/64
fdab:cdef:4::1/64
LUXSRV PC1NIC1
fdab:cdef:1::2/64
LUXTOP PC1NIC2
fdab:cdef:2::X/64
from DHCP
10.0.0.Xfrom
DHCPServer:
BRANCH Tunnel
LUXVOIP Eth0
HQSW
GE0/1.99
STANDBY
S0/0/1
GE0/1.99
1.1.1.9/29
ISP
GE0/0.11
F0/23
Test Project proposal for skills competition
ASC2016_TP39_EN
F0/21
Version: 1.0
Date: 16.05.15
10.0.1.3/24
5 of 10
4. BRANCH ROUTER CISCO 2901
BRANCHROUTERCISCO2901
GE0/0.12
GE0/1.99
GE0/1.20
GE0/1.99
Tunnel
STANDBY
STANDBY
Auto
10.0.1.254/2
IPADDRESS 1.1.1.2/29 fdab:cdef:3::1/64 fdab:cdef:2::2/64 assigned 172.16.0.1/24 10.0.1.2/24
fdab:cdef:4::2/64
4
INTERFACES0/0/0
GE0/0.21
GE0/0.12
ISP
S0/0/0
1.1.1.1/29
HQ
Tunnel
fdab:cdef:4::2/64
WINSRV
PC2NIC1
fdab:cdef:3::2/64
WINTOP
PC2NIC2
WINVOIP
Eth0
BRANCHSW
fdab:cdef:3::X/64
fromDHCPServer:
fdab:cdef:1::2/64
172.16.0.Xfrom
DHCPServer:
172.16.0.1
F0/23
F0/21
10.0.1.4/24
5. HQSW and BRANCHSW INTERFACE MAP
HQSWINTERFACEMAP
VLAN9910.0.1.3/24
DEVICE
INTERFACE
LUXVOIP
Eth0
LUXSRV
PC1NIC1
LUXTOP
PC1NIC2
WINLAPTOP Eth0
G0/1
HQ
G0/0
F0/23
F0/24
BRANCHSW
G0/1
G0/2
F0/1 F0/2 F0/2 F0/2
F0/1 F0/5 F0/9
F0/24 G0/1 G0/2
3
1
2
3
BRANCHSWINTERFACEMAP
VLAN9910.0.1.4/24
DEVICE
F0/1 F0/5 F0/9
WINVOIP Eth0
WINSRV
PC2NIC1
WINTOP
PC2NIC2
G0/1
BRANCH
G0/0
F0/23
HQSW
G0/1
G0/2
F0/2 F0/2 F0/2
F0/24 G0/1 G0/2
1
2
3
NOTE:WINTOPcanbeconnectedtoportF0/9ortotheLUXVOIPphone.
6. HQSW and BRANCHSW VLAN ASSIGNMENT
HQSWVLANASSIGNMENT
NETWORK
BRANCHSWVLANASSIGNMENT
VLANID VLANNAME PORTS
NETWORK
10
LUXVOIP
F0/1F0/4
10.0.0.0/24
20
WINVOIP
F0/1F0/4
172.16.0.0/24
11
LUXSRV
F0/5F0/8
fdab:cdef:1::/64
21
WINSRV
F0/5F0/8
fdab:cdef:3::/64
12
LUXWINTOP F0/9F0/12 fdab:cdef:2::/64
12
LUXWINTOP F0/9F0/12 fdab:cdef:2::/64
99
MNGT
99
MNGT
99
NATIVEVLAN
99
F0/24
NOTE:LUXTOPcanbeconnectedtoportF0/9ortotheLUXVOIPphone.
VLANID VLANNAME PORTS
INTERFACE
F0/13F0/16 10.0.1.0/24
NATIVEVLAN
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
F0/13F0/16 10.0.1.0/24
6 of 10
7. REMOTE ASA 5505
REMOTEASA5505
INTERFACE E0
IPADDRESS 1.1.1.18/29
ISP
G0/0
E1
E2
192.168.0.1/25
192.168.0.129/25
1.1.1.17/29
REMWINTOP PC2NIC3
DHCP fromServer:192.168.0.1
REMWINTOP CiscoIPC DHCPfromServer:1.1.1.10
DMZLUXSRV PC1NIC3
192.168.0.130/25
8. VIRTUAL MACHINE TO NETWORK INTERFACE CARD MAP
NIC1
PC1
NIC2
NIC3
Bridge Bridge Bridge
NIC1
NIC2
NIC3
PC2
Bridge Bridge Bridge
Eth0
Eth0
Eth0
WINLAPTOP
Bridge Bridge
LUXSRV
Eth0
WINSRV
Eth0
NETLUXTOP Eth0
LUXTOP
Eth0
WINTOP
Eth0
NETLUXSRV Eth0
DMZLUXSRV Eth0
REMWINTOP Eth0
WINLAPTOP Eth0
9. IPv4 / IPv6 MAP
IPv4 / IPv6 MAP
FQDN
IP ADDRESSING
www
*
Private
IPv4
Public
IPv4
Private IPv6
PublicIPv6
NETLUXSRV www.skills.com
skills.com
1.1.1.126/26
2001:db8:0:1::1/64
DMZLUXSRVwww.brazil.com
brazil.com
2001:db8:0:1::2/64
192.168.0.130/25 1.1.1.19/29
WINSRV
www.saopaulo.com saopaulo.com 172.17.0.1/24
fdab:cdef:3::2/64
LUXSRV
www.rio.com
rio.com
1.1.1.13/29 fdab:cdef:1::2/64
10. DNS SERVERS
DNSSERVERS
RECORD
RECORD
ADDRESS
www.skills.com
skills.com
1.1.1.126/26
ISP
www.brazil.com
brazil.com
1.1.1.19/29
www.rio.com
rio.com
1.1.1.13/29
www.skills.com
skills.com
2001:db8:0:1::1/64
www.brazil.com
brazil.com
2001:db8:0:2::1/64
WINSRV
www.saopaulo.com saopaulo.com
fdab:cdef:3::2/64
www.rio.com
rio.com
fdab:cdef:1::2/64
NOTE:Forwardallother requests to the ISP DNS server.
www.saopaulo.com saopaulo.com
172.17.0.1/24
DMZLUXSRV
NOTE:Forwardallother requests to the ISP DNS server.
SERVER
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
7 of 10
11. VOIP EXTENSION MAP
VOIPEXTENSION MAP
HOST
User VOiPDEVICE EXTENSION
LUXVOIP
Alice Cisco7960
101, 104
REMWINTOP Bob
CiscoIPC
102, 104
WINLAPTOP_1 Carol CiscoIPC
103
WINVOIP
John Cisco7960
201
CME SERVER
HQCME
HQCME
HQCME
BRANCHCME
12. HOST IP ADDRESS MAP
HOSTIPADDRESSMAP
HOST
IPADDRESS/MASK
DEFAULT GATEWAY
DNSSERVER
NETLUXSRV
1.1.1.126/26assignedfromDHCPServerat1.1.1.65
1.1.1.65assignedfromDHCPServerat1.1.1.65
ISP
WINLAPTOP_1 1.1.1.X/26assignedfromDHCPServerat1.1.1.65
1.1.1.65assignedfromDHCPServerat1.1.1.65
ISP
NETLUXTOP
1.1.1.X/26assignedfromDHCPServerat1.1.1.65
1.1.1.65assignedfromDHCPServerat1.1.1.65
ISP
LUXVOIP
10.0.0.XfromDHCP Server:10.0.0.1
10.0.0.1assignedfromDHCPServerat10.0.0.1
LUXSRV
fdab:cdef:1::2/64
fdab:cdef:1::1/64
WINSRV
LUXTOP
fdab:cdef:2::X/64fromDHCPServer:fdab:cdef:1::2/64
Automaticlinklocalassignedbyrouter
WINSRV
WINLAPTOP_2 DHCPfromServer:10.0.1.3
10.0.1.XassignedfromDHCPServerat1.0.1.3
WINSRV
WINVOIP
DHCPfromServer:172.16.0.1
172.16.0.1assignedfromDHCPServerat172.16.0.1
WINSRV
fdab:cdef:3::2/64
fdab:cdef:3::1/64
WINSRV
WINTOP
fdab:cdef:2::X/64fromDHCPServer:fdab:cdef:1::2/64
Automaticlinklocalassignedbyrouter
WINSRV
DMZLUXSRV
192.168.0.130/25
192.168.0.129/25
DMZLUXSRV
192.168.0.1assignedfromDHCPServerat192.168.0.1
DMZLUXSRV
REMWINTOP 192.168.0.XfromDHCPServer:192.168.0.1
NOTE:WINLAPTOP_1andWINLAPTOP_2isthesamephysicalmachine,thelaptop.
13. VTP AND SPANNING TREE INFORMATION
VTPINFORMATION
VTPDOMAIN:
skills.org
VTPPASSWORD: Skills39
VTPSERVER:
HQSW
VTPCLIENT:
BRANCHSW
SPANNINGTREEINFORMATIONFORVLAN99
PRIMARYROOTBRIDGE
HQSW
SECONDARYROOTBRIDGE
BRANCHSW
HQSWLINKS
F0/23, F0/24
BRANCHSWLINKS
F0/23, F0/24
VLANSALLOWEDON LINKS
99
NATIVEVLAN
99
SPANNINGTREEINFORMATIONFORVLAN12
PRIMARY ROOT BRIDGE
BRANCHSW
SECONDARY ROOT BRIDGE
HQSW
HQSWLINKS
G0/1,G0/2
BRANCHSWLINKS
G0/1,G0/2
14. USER ACCOUNTS
CISCO EQUIPMENTMANAGEMENTACCOUNTS
ACCOUNT
PASSWORD PRIVILEDGELEVEL
root
Skills39
15
cisco
Skills39a
1
enablesecret Skills39
LINUXUSERACCOUNTS
PASSWORD
ACCOUNT
root
Skills39
luxadmin
RADIUSUSERACCOUNTS
ACCOUNT
PASSWORD PRIVILEDGELEVEL
super
Skills39
15
basic
Skills39a
1
enablesecret Skills39
WINDOWS USER ACCOUNTS
PASSWORD
ACCOUNT
Administrator
Skills39
winadmin
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
REMOTEACCESSVPNUSERACCOUNTS
PASSWORD
ACCOUNT
vpn1
Skills39
vpn2
vpn3
8 of 10
15. HOSTS / SERVICES MAP
HOST
SERVICES
HTTP
HTTPS
NETLUXSRV
NTPSTRATUM1SERVER
SSH
HOST
SERVICES
SSH
RADIUS
LUXSRV
DHCP
SYSLOG
HOST
SERVICES
HTTP
WINSRV HTTPS
DNS
HOST
SERVICES
SSH
DMZLUXSRV HTTP
HTTPS
16. ACCESS PERMISSIONS MAP
HOST
NETLUXSRV
HOST
LUXSRV
HOST
SERVICES
HTTP
HTTPS
NTPSTRATUM 1SERVER
SSH
ICMP
SERVICES
SSH
RADIUS
DHCP
SYSLOG
ICMP
SERVICES
HTTPS
DNS
ICMP
HOST
DMZLUXSRV
WINTOP WINLAPTOP_2REMWINTOP
NETLUXTOP WINLAPTOP_1 LUXTOP WINTOP WINLAPTOP_2REMWINTOP
SERVICES
NETLUXTOP WINLAPTOP_1 LUXTOP WINTOP WINLAPTOP_2REMWINTOP
SSH
HTTP
HTTPS
ICMP
NETLUXTOP WINLAPTOP_1 LUXTOP
HTTP
WINSRV
ACCESS PERMISSIONS MAP
NETLUXTOP WINLAPTOP_1 LUXTOP WINTOP WINLAPTOP_2REMWINTOP
SECUREDACCESSONLY
LEGEND:
Duetolicense
limitations.
ACCESSALLOWED
ACCESSDENIED
NOTE:BesidesthisHostAccessPermissionsMap,youmusttakeintoaccounttheaccesstoandfromtheinfrastructureequipment.
Test Project proposal for skills competition
ASC2016_TP39_EN
Version: 1.0
Date: 16.05.15
9 of 10
PUBLICINTERNET
ISPROUTERCISCO1941
1.1.1.126/26
1.1.1.XfromDHCP
Server:1.1.1.65
1.1.1.XfromDHCP
Server:1.1.1.65
Cisco 1900 Series
SYS ACT POE
REMOTEACCESSVPNFORINTERNETCLIENTS
ADDRESSPOOL:192.168.100.32192.168.100.47
Cisco 1941 Series
NETLUXSRVskills.com
NETLUXTOP
WINLAPTOP_1
CiscoIPC:103
S0/0/11.1.1.9/29
eHWIC 1
G0/01.1.1.17/29
S
eHWIC 0
SERIAL 1
SYS ACT POE
AUX
G0/0
SEE
HWIC HWIC
HWICD
MANUAL
BEFORE
INSTSAELRLAA
I TLIO0
N
9ESW
LNK
PW R
PWR
LNK PWR
LNK PWR
LNK PW R
LNK PWR
LNK PW R
LNK PWR
LNK
2A/S 2SHDSL
CONN
LNK
EN
L0
L1
CONN
1
USB
EN
EN
CF 0
S0/0/01.1.1.1/29
CF 1
CONSOLE
ISM/WLAN
G0/1 G0/11.1.1.65/26
SitetoSiteIKEv2IPsecTunnelbetweenHQandtheASAREMOTEsite
IPv6overIPv4PointtoPointGREoverIPSecTunnel
fdab:cdef:4::1/64
fdab:cdef:4::2/64
BRANCHROUTERCISCO2901
HQROUTERCISCO2901
Cisco 2900 Series
Cisco 2900 Series
100-240V~
2-1A
50-60 Hz
SYS
ACT
S0/0/11.1.1.10/29
POE
EHWIC 3
EHWIC 2
EHWIC 1
EHWIC 0
SYS
ACT
EHWIC 3
EHWIC 2
EHWIC 1
EHWIC 0
S2
2901
S1
1
HWIC-4T
CONN
EN
CF 1
ISM
G0/0.12fdab:cdef:2::1/64
10
11
13
19
1X
VLAN99
10.0.1.3/24
ST
R
F0/21
12
14
20
CF 0
15
21
16
22
17
23
F0/23Catalyst 2960
18
24
G0/1.9910.0.1.2/24
G0/0.12fdab:cdef:2::2/64
BRANCHSWC2960SWITCH
RP
1
7
2
8
3
9
4
10
5
11
6
12
S
MA
4X
10.0.1.4/24
54
65
34
E2 E1 E0
VLAN3dmz192.168.0.129/25
VLAN1inside192.168.0.1/25
F0/21
15
21
16
22
17
23
F0/23
Catalyst 2960
SERIES
18
24
2
3
X
14X
24X
1
2X
F0/24
14
20
13X
1
2
ST
DU
13
19
1
1
X
1X
78 Power over Ethernet67
G0/0.12STANDBYAuto
assignedlinklocaladdress
SERIES
ST
AT
RESET
2
G0/0.21fdab:cdef:3::1/64
G0/1.99STANDBY10.0.1.254/24
VLAN99
G0/0
G0/1.20172.16.0.1/24
SYST
1
1
3X
2X
Power
48VDC
CONSOLE
S
L
PVDM1 PVDM0
G0/0.12STANDBYAutoassigned
linklocaladdress
Console
G0/1
G0/0.11 fdab:cdef:1::1/64
G0/1.9910.0.1.1/24
HQSWC2960SWITCH
3
SB
EN
G0/0
G0/1.1010.0.0.1/24
G0/1.99STANDBY10.0.1.254/24
Power Over Ethernet (POE)
To Console Port.
Doing so may result in damage to the unit.
HWIC-4T
0
CONSOLE
S
L
PVDM1 PVDM0
2901
S0
SB
EN
G0/1
RPS
SYST
MA
WARNING: PLEASE READ BEFORE
CONNECTING! DO NOT Connect
S
L
AUX
S3
S2
S0
CONN
EN
CF 0
G0/1.99fdab:cdef:7::1/64
50-60 Hz
S0/0/01.1.1.2/29
POE
VLAN2outside1.1.1.18/29
REMOTEASA5505
100-240V~
2-1A
S
L
AUX
S3
S1
CF 1
ISM
Lo0fdab:cdef:5::1/64 Lo1fdab:cdef:6::1/64
ST
PL
AT
DU
SP
PL
EE
SP
EE
MODE
MODE
F0/1
F0/5
F0/9
F0/13
Option A
G0/1 G0/2
F0/1
F0/5
F0/9
F0/24
G0/1 G0/2
HAROUTINGSTANDBY:Autoassigned linklocaladdress
2PORTETHERCHANNELSTPTrunkVlan12Only
HAROUTINGSTANDBY:10.0.1.254
2PORTETHERCHANNELSTPTrunkVlan99Only
DMZLUXSRVbrazil.com
192.168.0.130/25
Option A
REMWINTOP
CiscoIPC
Ext:102,104
DHCPfromServer:
192.168.0.1
ABC
DEF
4
GHI
5
JKL
6
MNO
7
PQRS
8
TUV
services
settings
9
WXYZ
i
messages
directories
OptionB
#
OPER
WINLAPTOP_2
LUXVOIP
LUXSRVrio.com
Ext:101,104
10.0.0.XfromDHCP
Server:10.0.0.1
fdab:cdef:1::2/64
LUXTOP
fdab:cdef:2::X/64
fromDHCPServer:
fdab:cdef:1::2/64
fdab:cdef:7::X/64
fromDHCPServer:
fdab:cdef:7::1/64
2
ABC
3
DEF
messages
directories
4
GHI
5
JKL
6
MNO
services
settings
7
PQRS
8
TUV
9
WXYZ
OptionB
#
OPER
WINVOIP
10.0.1.Xfrom
DHCPServer:10.0.1.3
Ext:201
172.16.0.XfromDHCP
Server: 172.16.0.1
WINSRVsaopaulo.com
fdab:cdef:3::2/64
WINTOP
fdab:cdef:2::X/64
fromDHCPServer:
fdab:cdef:1::2/64
fdab:cdef:1::/64
Appendix A - Logical and Physical Topology Diagram
CISCO IP
PHO
NE
7960
CISCO IP
PHO
NE
7960
fdab:cdef:7::/64
HQEIGRP100
Rout ith
Au hentication
fdab:cdef:3::/64
BRANCHEIGRP100
Routingwith
Authentication
fdab:cdef:4::/64
Lo0fdab:cdef:5::1/64
BRANCH
EIGRP200
Routing
HQ O P rea 0
withA hentication
fdab:cdef:4::/64
BRANCH SPF
Area th
A thentication
fdab:cdef:3::/64
EIGRP200Redistributioninto
OSPFArea0andEIGRP100
BRANCH OSPF
Are 1
fdab:cdef:1::2/64
fdab:cdef:4::/64
fdab:cdef:4::/64
Lo1fdab:cdef:6::1/64
fdab:cdef:7::/64
WSC2015_TP39_Module-C_EN
Version: 3.0
Date: 28.04.15
10 of 10
