NETWORK DESIGN USING

ACCESS CONTROLS AND

VOIP

Saurav Kumar Pandey

CONTENTS
 Abstract
 Network Topology
 Frame – Relay
 DHCP
 Routing Protocol
 VLAN
 Telnet
 ACL
 VoIP
 ABSTRACT
 To deploy well-designed computer networks supporting
converged applications of data, audio, and video.
 To support better performance, resilience, security,
maintainability.
 This is to propose a network model that can be implemented in
different network environments and also be used to implement
MAN, WAN.
 Use of Voice over Internet Protocol technology allows to make a
phone call using an Internet connection or a dedicated network
that uses the IP protocol, rather than go through the normal
telephone line.
 This save bandwidth used. Data packets, containing voice
information are routed over the network, encoded in digital form.
 To filters & check unauthorized traffic that travels across the
network.
 The major objective of this network design is to allow only the
genuine users to access the network and prevent the intruders
from accessing it.
NETWORK TOPOLOGY
 Network description
• This network has a total number of 3 locations
locations; 1 Head office,and other two are Branch
office-A and Branch Office-B.
• The routers used are 2811
• Also have opted for 2960 switches
• Have added PC's as voice functionality can be
added to those if desired and to check whether both
the network could ping each other or not and for
various operational functionalities.
• Have kept IPV4 addressing sceme to the various
networks.
• The Head office and the Branch office-A are
connected via leased line(Frame Relay).
Router configuration
Router 1
Router>en
Router#conf t
Router(config)#int s 0/2/0
Router(config-if)#ip addr 192.168.0.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int s0/3/0
Router(config-if)#ip addr 192.168.1.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int f0/0
Router(config-if)#ip addr 172.21.0.1 255.255.0.0
Router(config-if)#no shut

Router(config)#int f0/1
Router(config-if)#ip addr 172.20.0.1 255.255.0.0
Router(config-if)#no shut
Router2
Router>en
Router#conf t
Router(config)#int s0/2/0
Router(config-if)#ip addr 192.168.0.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int s0/3/0
Router(config-if)#ip addr 192.168.2.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int f0/0
Router(config-if)#ip addr 172.17.0.1 255.255.0.0
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int f0/1
Router(config-if)#ip addr 172.16.0.1 255.255.0.0
Router(config-if)#no shut
Router(config-if)#exit contd…..
Router3
Router>en
Router#conf t
Router(config)#int s0/3/0
Router(config-if)#ip addr 192.168.1.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int s0/2/0
Router(config-if)#ip addr 192.168.2.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int f0/0
Router(config-if)#ip addr 172.19.0.1 255.255.0.0
Router(config-if)#no shut
Router(config-if)#exit

Router(config)#int f0/1
Router(config-if)#ip addr 172.18.0.1 255.255.0.0
Router(config-if)#no shut
Router(config-if)#exit
Frame-Relay
 Frame relay is a telecommunication
service designed for cost-efficient data
transmission for intermittent traffic
between local area networks (LANs) and
between end-points in a wide area
network (WAN). Frame relay puts data in
a variable-size unit called a frame and
leaves any necessary error correction
(retransmission of data) up to the end-
points, which speeds up overall data
transmission.
Frame-relay configuration
Frame-relay config.
Router1 (frame-relay)
Router(config)#int s0/2/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#frame-relay interface-dlci 102
Router(config-if)#no shut

Router3 (frame-relay)
Router(config)#int s0/2/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#frame-relay interface-dlci 201
Router(config-if)#no shut
DHCP
DHCP Config.
Router1
Router(config)#ip dhcp pool R1
Router(dhcp-config)#network 172.20.0.0
255.255.0.0
Router(dhcp-config)#default-router 172.20.0.1
Router(dhcp-config)#exit

contd…
Router2
Router(config)#ip dhcp pool R2
Router(dhcp-config)#network 172.17.0.0 255.255.0.0
Router(dhcp-config)#default-router 172.17.0.1
Router(dhcp-config)#exit

Router3
Router(config)#ip dhcp pool R3
Router(dhcp-config)#network 172.19.0.0 255.255.0.0
Router(dhcp-config)#default-router 172.18.0.1
Router(dhcp-config)#exit
RIP(ROUTING INFORMATION PROTOCOL)

 It is a dynamic routing protocol technique

 RIP prevents routing loops by implementing

a limit on the number of hops allowed in a
path from the source to a destination. The
maximum number of hops allowed for RIP
is 15.
RIP Config.
Router1
Router(config)#router rip
Router(config-router)#network 192.168.0.0
Router(config-router)#network 192.168.1.0
Router(config-router)#network 172.20.0.0
Router(config-router)#network 172.21.0.0

contd…
Router2
Router(config)#router rip
Router(config-router)#network 192.168.0.0
Router(config-router)#network 192.168.2.0
Router(config-router)#network 172.16.0.0
Router(config-router)#network 172.17.0.0

Router3
Router(config)#router rip
Router(config-router)#network 192.168.1.0
Router(config-router)#network 192.168.2.0
Router(config-router)#network 172.18.0.0
Router(config-router)#network 172.19.0.0
VLAN
 In computer networking, a single layer-2 network may be
partitioned to create multiple distinct broadcast domains,
which are mutually isolated so that packets can only pass
between them via one or more routers; such a domain is
referred to as a Virtual Local Area Network, Virtual LAN or
VLAN.
Vlan config.
Switch1
Switch>en
Switch#conf t
Switch(config)#vlan 2
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name AC
Switch(config-vlan)#exit
Switch(config)#vlan 2
Switch(config-vlan)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#int f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit contd….
Switch(config)#vlan 3
Switch(config-vlan)#int f0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#int f0/6
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit

Switch(config)#int f0/2
Switch(config-if)#switchport mode trunk

(trunk is used to connect one switch with another switch)

contd…
Switch7
Switch(config)#vlan 2
Switch(config-vlan)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#int f0/3
Switch(config-if)#switchport mode access 83

Switch(config-if)#switchport access vlan 2

Switch(config-if)#exit

contd….
Switch(config)#vlan 3
Switch(config-vlan)#int f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#int f0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit

Switch(config)#int f0/1
Switch(config-if)#switchport mode trunk
TELNET
 Telnet is a user command and an
underlying TCP/IP protocol for accessing
remote computers. Through Telnet, an
administrator or another user can access
someone else's computer remotely.
Telnet configuration on
router2 & router3
Router2
Router(config)#line vty 0 4
Router(config-line)#password ccna1
Router(config-line)#login
Router(config-line)#exit
Router(config)#enable password ccie
Router3
Router(config)#line vty 0 4
Router(config-line)#password ccna2
Router(config-line)#login
Router(config-line)#exit
Router(config)#enable password ccie1
Accessing router 2
ACL(Access Control lists)
 ACLs are basically a set of commands,
grouped together by a number or name that
is used to filter traffic entering or leaving an
interface. An access control list (ACL) is a
table that tells a computer operating system
which access rights each user has to a
particular system object.
Restricting PC10 from
accessing Router2 via
telnet
Router 3(extended ACL)
Router(config)#access-list 101 deny tcp host 172.19.0.2 host
192.168.2.1 eq 23
Router(config)#access-list 101 deny tcp host 172.19.0.2 host
172.17.0.1 eq 23
Router(config)#access-list 101 deny tcp host 172.19.0.2 host
192.168.0.2 eq 23
Router(config)#access-list 101 permit ip any any
Router(config)#int f0/0
Router(config-if)#ip access-group 101 in
Router(config-if)#exit
contd….
Restriction in accessing telnet through PC
10
Restricting PC10 from
accessing network 172.20.0.0
Router1 (standard ACL)
Router(config)#access-list 1 deny host
172.19.0.2
Router(config)#access-list 1 permit any
Router(config)#int f0/1
Router(config-if)#ip access-group 1 out
Router(config-if)#exit
Restriction in accessing the network through
PC10
VOIP
 Voice over IP (voice over Internet
Protocol, VoIP) is a methodology and
group of technologies for the delivery of
voice communications and multimedia
sessions over Internet Protocol (IP)
networks, such as the Internet.
Protocols in Voip
 DHCP
 CALL MANAGER EXPRESS
 PHONE DIRECTORY
 DIAL PEER CONFIGURATION
DHCP Config. In VoIP
Router1
Router(config)#ip dhcp pool voice
Router(dhcp-config)#network 172.21.0.0 255.255.0.0
Router(dhcp-config)#default-router 172.21.0.1
Router(dhcp-config)#option 150 ip 172.21.0.1
Router(dhcp-config)#exit

Router2
Router(config)#ip dhcp pool voice
Router(dhcp-config)#network 172.16.0.0 255.255.0.0
Router(dhcp-config)#default-router 172.16.0.1
Router(dhcp-config)#option 150 ip 172.16.0.1
Router(dhcp-config)#exit
contd…..
Router3
Router(config)#ip dhcp pool voice
Router(dhcp-config)#network 172.18.0.0
255.255.0.0
Router(dhcp-config)#default-router 172.18.0.1
Router(dhcp-config)#option 150 ip 172.18.0.1
Router(dhcp-config)#exit
Call Manager express config.
Router 1
Router(config)#telephony-service
Router(config-telephony)#max-dn 5
Router(config-telephony)#max-ephones 5
Router(config-telephony)#ip source-addr 172.21.0.1
port 2000
Router(config-telephony)#auto assign 4 to 6
Router(config-telephony)#auto assign 1 to 5
Router(config-telephony)#exit

contd…..
Router2
Router(config)#telephony-service
Router(config-telephony)#max-dn 5
Router(config-telephony)#max-ephones 5
Router(config-telephony)#ip source-addr 172.16.0.1 port 2005
77
Router(config-telephony)#auto assign 4 to 6
Router(config-telephony)#auto assign 1 to 5
Router(config-telephony)#exit

Router3
Router(config)#telephony-service
Router(config-telephony)#max-dn 5
Router(config-telephony)#max-ephones 5
Router(config-telephony)#ip source-addr 172.18.0.1 port 2010
Router(config-telephony)#auto assign 4 to 6
Router(config-telephony)#auto assign 1 to 5
Router(config-telephony)#exit

contd……
Switch0
Switch(config)#int range f0/1-5
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport voice vlan 1
Switch(config-if-range)#exit
Switch5
Switch(config)#int range f0/1-5
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport voice vlan 1
Switch(config-if-range)#exit
Switch4
Switch(config)#int range f0/1-5
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport voice vlan 1
Switch(config-if-range)#exit
contd….
Phone Directory config.

Router1
Router(config)#ephone-dn 1
Router(config-ephone-dn)#number 1101
Router(config-ephone-dn)#exit
Router(config)#ephone-dn 2
Router(config-ephone-dn)#number 1102
Router(config-ephone-dn)#exit
contd…..
Router2
Router(config)#ephone-dn 1
Router(config-ephone-dn)#number 2101
Router(config-ephone-dn)#exit
Router(config)#ephone-dn 1
Router(config-ephone-dn)#number 2102
Router(config-ephone-dn)#exit
Router 3
Router(config)#ephone-dn 1
Router(config-ephone-dn)#number 3101
Router(config-ephone-dn)#exit
Router(config)#ephone-dn 1
Router(config-ephone-dn)#number 3102
Router(config-ephone-dn)#exit
contd…
Dial-Peer config….
Router1
Router(config)#dial-peer voice 1 voip
Router(config-dial-peer)#destination-pattern 2...
Router(config-dial-peer)#session target
ipv4:192.168.0.2
Router(config-dial-peer)#exit
Router(config)#dial-peer voice 2 voip
Router(config-dial-peer)#destination-pattern 3...
Router(config-dial-peer)#session target
ipv4:192.168.1.2
Router(config-dial-peer)#exit

contd…
Router2
Router(config)#dial-peer voice 3 voip
Router(config-dial-peer)#destination-pattern 1...
Router(config-dial-peer)#session target ipv4:192.168.0.1
Router(config-dial-peer)#exit
Router(config)#dial-peer voice 5 voip
Router(config-dial-peer)#destination-pattern 3...
Router(config-dial-peer)#session target ipv4:192.168.2.2
Router(config-dial-peer)#exit

Router3
Router(config)#dial-peer voice 4 voip
Router(config-dial-peer)#destination-pattern 1...
Router(config-dial-peer)#session target ipv4:192.168.1.1
Router(config-dial-peer)#exit 80
Router(config)#dial-peer voice 6 voip
Router(config-dial-peer)#destination-pattern 2...
Router(config-dial-peer)#session target ipv4:192.168.2.1
Router(config-dial-peer)#exit
contd….
Dialing phone
Connected phone
Benefits of voip
 The call cost is lower, especially over
long distances
 The infrastructure costs are lower:
When it became available any IP
network infrastructure is required.
 This save bandwidth used. Data
packets, containing voice information
are routed over the network, encoded
in digital form.
BIBLIOGRAPHY
BOOKS
 CISCO CCNA ICND2 official exam certification book
 CCNA study guide access control list standard and
extended.

REFERENCES
 http://www.packettracer.com/ voipconfiguration.html
 http://www.packettracer.com/
VoIP_in_Cisco_Packet_Tracer.htm
 http://www.howstuffworks.com/ ip-telephony.htm
 http://www.wikipedia.com/ Voice_over_IP.html
 http://www.louisvilleuniversity.com/intro.html
 http://www.rogerdarlington.me.uk/VoIP.html
 http://www.baumann.info/public/voip
 Syngress Cisco Internetworking Book
THANK YOU