Professional Documents
Culture Documents
RonishPokhrel 6365387 ICTNWK603 T2
RonishPokhrel 6365387 ICTNWK603 T2
Assessment Outcome
Not-Yet Assessor
Attempt Competent Date
Competent Signature
Initial attempt
2nd attempt/Re-
assessment
If a student is not happy with his/ her results, that student may appeal against their grade via a written letter, clearly
stating the grounds of appeal to the Chief Executive Officer. This should be submitted after completion of the subject
and within fourteen days of commencement of the new term.
Re-assessment Process:
An appeal in writing is made to the Academic Manager providing reasons for re-assessment /appeal.
ACADEMIC MANAGER will delegate another member to review the assessment.
The student will be advised of the review result done by another assessor.
If the student is still not satisfied and further challenges the decision, then a review panel is formed
comprising the lecturer/trainer in charge and the ACADEMIC MANAGER or if need be an external
assessor.
The Institute will advise the student within 14 days from the submission date of the appeal. The decision of
the panel will be deemed to be final.
If the student is still not satisfied with the result, he / she has the right to seek independent advice or follow
external mediation option with nominated mediation agency.
Any student who fails a compulsory subject or appeals unsuccessfully will be required to re-enrol in that
subject.
The cost of reassessment will be borne by the Institute. The external assessor will base his/her judgement based on
principles of assessment. These principles require assessment to be reliable, fair, practical and valid.
Academic Appeals:
If you are dissatisfied with the outcome of the re-evaluation process, you have a right to appeal through
academic appeals handling protocol.
To appeal a decision, the person is required to complete the WSC- Request for Appeal of a Decision form
with all other supporting documents, if any. This form is available via our website. The completed Request
for Appeal form is to be submitted to the Student Support Officer either in hard copy or electronically via the
following contact details:
Student Support Officer, Western Sydney College (WSC), 55 High St, Parramatta NSW 2150, Email:
Complaints@wsc.nsw.edu.au
The notice of appeal should be in writing addressed to the Chief Executive Officer and submitted within
seven days of notification of the outcome of the re-evaluation process.
If the appeal is not lodged in the specified time, the result will stand and you must re-enrol in the unit.
In emergency circumstances, such as in cases of serious illness or injury, you must forward a medical
certificate in support of a deferred appeal. The notice of appeal must be made within three working days of
the concluding date shown on the medical certificate.
The decision of Chief Executive Officer will be final.
Student would then have the right to pursue the claim through an independent external body as detailed in
the students’ complaint / grievance policy.
Source of the route - it helps to find out how it has been taught.
Destination network - specifies the address of the remote network.
Administrative distance - locates the paths of trustworthiness
Metric - defines the values that are allocated to the virtual network's scope.
Next Hop - Specifies the IPv4 address of the next network to which the packet is
to be forwarded.
Path timestamp - used to discover when the path used has been last identified.
Outgoing interface - connected with the response following for all the packet to
be passed to its endpoint.
Drawings L1/L2
It is important to begin with the network diagrams first. So, to link visually, there will be
L1/L2 sketches and there is a network configuration. This drawing must also be included
with all the network equipment and the firewall needed. And in drawing, if you have an
Ether bridge between two devices, it must also be obvious. And illustration must display
the interfaces at either end of the connection. Therefore, if the forms can be used as
rectangles for switches or other devices, hexagrams can be used as a router for the
firewall and circle. This is very simple to draw, and the shapes can be positioned with
information and data. The host name, system model or management IP may be included
in the details. Our records need to be this sort, it will easily demonstrate how the network
is going to be related. The following are examples:
Drawing L3
Each computer that is in the system with networking must be involved in this layer design.
And if there are computers currently holding off on a router in layer 2, so there is no need
to have them as layer 3. All of this will assist the new reader to view the network. Layer 3
drawings are very useful for troubleshooting any problems or modifications that the
networks might need. Rather than using physical ones, logical graphs are more
advantageous and valuable.
Thus, below is the data to be depicted in layer 3 Drawings;
It is important to understand what form of data is provided in L3. If we don't know what and
how to add or not, then it is possible to mix data and make pointless diagrams. The results
found must be used to construct a useful diagram:
Subnetworks
VLAN IDs
L3 appliances
Routers, firewalls and VPN computers
The users' IP addresses
Interfaces o Interfaces
The most critical servers, such as DNS/ FTP servers.
Step of Drawing
1. View all the picked-up data here first. Insert the computer called ASW1, then. It
appears to be a change; we'll use the symbol for the rectangle switch here.
2. 2. After that, you need to draw a subnet as a pipe and supply it with the In-mgmt
VLAN-ID 250 name and the 192.168.10.0/25 network address.
3. 3. Next, ASW1 and subnet indications link together.
4. 4. Then attach the text box on the ASW1 line and apply the subnet symbol to it.
There, just write a conceptual application IP address and name in the text field,
vlan250 will be the name of the interface throughout the given instance and 11
may be the last octet of the IP address.
5. We now know there is another computer that has a subnet connection: In-mgmt.
We don't recognize the device's name here, so we're going to write down the IP
address.
Larger address space—IPv6 addresses are 128 bits, compared to IPv4's 32 bits.
This larger address space provides several benefits, including improved global
reachability and flexibility; the ability to aggregate prefixes that are announced in
routing tables; easier multihoming to several Internet service providers (ISPs);
autoconfiguration that includes link-layer addresses in the IPv6 addresses for "plug
and play" functionality and end-to-end communication without network address
translation (NAT); and simplified mechanisms for address renumbering and
modification.
Simplified header—A simpler header provides several advantages over IPv4,
including better routing efficiency for performance and forwarding-rate scalability;
no requirement for processing checksums; simpler and more efficient extension
header mechanisms; and flow labels for per-flow processing with no need to
examine the transport layer information to identify the various traffic flows.
Support for mobility and security—Mobility and security help ensure compliance
with mobile IP and IP security (IPsec) standards.
Mobility enables people to move around in networks with mobile network devices,
with many having wireless connectivity. Mobile IP is an Internet Engineering Task
Force (IETF) standard available for both IPv4 and IPv6 that enables mobile
devices to move without breaks in established network connections. Because IPv4
does not automatically provide this kind of mobility, supporting it requires additional
configurations.
In IPv6, mobility is built in, which means that any IPv6 node can use it when
necessary. The routing headers of IPv6 make mobile IPv6 much more efficient for
end nodes than mobile IPv4 does.
IPsec is the IETF standard for IP network security, available for both IPv4 and
IPv6. Although the functions are essentially identical in both environments, IPSec
is mandatory in IPv6. IPSec is enabled and is available for use on every IPv6
node, making the IPv6 Internet more secure. IPSec also requires keys for each
device, which implies global key deployment and distribution.
One approach is to have a dual stack with both IPv4 and IPv6 configured on the interface
of a network device.
Another technique uses an IPv4 tunnel to carry IPv6 traffic. One implementation is IPv6-
to-IPv4 (6-to-4) tunnelling. This newer method (defined in RFC 3056, Connection of IPv6
Domains via IPv4 Clouds) replaces an older technique of IPv4-compatible tunneling (first
defined in RFC 2893, Transition Mechanisms for IPv6 Hosts and Routers, which has been
made obsolete by RFC 4213, Basic Transition Mechanisms for IPv6 Hosts and Routers).
Cisco IOS Software Version 12.3(2)T (and later) also allows NAT protocol translation
(NAT-PT) between IPv6 and IPv4, providing direct communication between hosts that are
using the different protocol suites.
Ref: https://www.networkworld.com/article/2298543/chapter-10--implementing-ipv6.html
Dual-Stack Network
Dual stack is a transition technology in which IPv4 and IPv6 operate in tandem over
shared or dedicated links. In a dual-stack network, both IPv4 and IPv6 are fully deployed
across the infrastructure, so that configuration and routing protocols handle both IPv4 and
IPv6 addressing and adjacencies.
Although dual-stack may appear to be an ideal solution, it presents two major deployment
challenges to enterprises and ISPs:
• It requires a current network infrastructure that is capable of deploying IPv6. In many
cases, however, the current network may not be ready and may require hardware and
software upgrades.
• IPv6 needs to be activated on almost all the network elements. To meet this
requirement, the existing network may need to be redesigned, posing business continuity
challenges.
Tunneling
Using the tunneling option, organizations build an overlay network that tunnels one
protocol over the other by encapsulating IPv6 packets within IPv4 packets and IPv4
packets within IPv6 packets. The advantage of this approach is that the new protocol can
work without disturbing the old protocol, thus providing connectivity between users of the
new protocol.
Tunneling has two disadvantages, as discussed in RFC 6144:
• Users of the new architecture cannot use the services of the underlying infrastructure.
Translation
Address Family Translation (AFT), or simply translation, facilitates communication
between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or
an edge network) by performing IP header and address translation between the two
address families.
AFT is not a long-term support strategy; it is a medium-term coexistence strategy that can
be used to facilitate a long-term program of IPv6 transition by both enterprises and ISPs.
Ref: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-
solution/white_paper_c11-676278.html
8. Authenticate and test the IPv6 solution. After authenticating IPv6 solution,
make amendments if necessary
Introducing Setup Exercises:
The network, comprising two pods, each with four routers, is imagined in the setup
experiments. Via a backbone, the two pods supported are interconnected. Yet another
aspect is there is no need for contact between different pods. One more aspect is there
is no need for contact between different pods. But if the user has configured it, certain
routes might be accessible from some other pod throughout the routing tables. The
mainline used to have just one router in nearly every exercise, but in a few instances,
the user has to connect another router to the framework.
If the experiment goes through, the X is described as the number of the pod where the
modem number is referred to Y.
Objective visual
The topology that is used in the exercise has been demonstrated in the given picture.
The format used in this IPv6 address exercise is 2001:0410:000x:/64 eui-6, where:
x = pod number
z = 1 for the Fast Ethernet 0/0 interfaces between PxR1 and PxR3
z = 2 for the Fast Ethernet 0/0 interfaces between PxR2 and PxR4
z = 3 for the Serial 0/0/1 interface between PxR1 and PxR2
z = 4 for the Serial 0/0/0 interfaces between PxR3 and PxR4
Command Description
(config)#ipv6 router ospf Enables the OSPFv3 process 100 on the router.
100
(config-if)#ipv6 ospf 100 Identifies the IPv6 prefix assigned to this interface as
area 0 part of the OSPFv3 network for process-id 100 in
#show ipv6 ospf interface Displays IPv6 OSPF information about an interface.
#show ipv6 interface brief Displays a brief list of IPv6 interface information.
Task 1: cleaning-up
Here, the user will remove multicast routing, and the pod will be separated from the
routers that are added to the backbone.
There must be steps to follow:
Delete the multicast setup from all pod adapters by using the No ip multicast-
routing global configuration button. And multicast configuration must be removed
from all configurations that were allowed by using the no ip pim sparse-dense-
mode command.
On PxR1, with the no ip pim send-rp-announce loopback0 scope 3 command
and the no ip pim send-rp-discovery loopback0 scope 3 command, delete the
auto-rp setup.
Disable the join messages with the no ip igmp join-group 224.x.x.x command on
the FastEthernet 0/0 interface on PxR4, where x is your pod number.
Shut down Serial 0/0/0 on edge routers; IPv6 will not be used on the heart.
The Solution:
How to perform the necessary steps on the P1R1 and P1R4 routers is shown below:
P1R1(config)#no ip multicast-routing
P1R1(config)#int loopback0
P1R1(config-if)#no ip pim sparse-dense-mode
P1R1(config-if)#int fa0/0
P1R1(config-if)#no ip pim sparse-dense-mode
P1R1(config-if)#int s0/0/0.1
P1R1(config-subif)#no ip pim sparse-dense-mode
P1R1(config-subif)#int s0/0/1
P1R1(config-if)#no ip pim sparse-dense-mode
P1R1(config-if)#exit
P1R1(config)#no ip pim send-rp-announce Loopback0 scope 3
P1R1(config)#no ip pim send-rp-discovery Loopback0 scope 3
P1R1(config)#int s0/0/0
P1R1(config-if)#shutdown
P1R4(config)#no ip multicast-routing
P1R4(config)#int loopback0
P1R4(config-if)#no ip pim sparse-dense-mode
P1R4(config-if)#int fa0/0
P1R4(config-if)#no ip pim sparse-dense-mode
PxR1
PxR2
PxR3
PxR4
To validate that the required configurations on all routers are configured with an
IPv6 address, show the IPv6 knowledge management.
Can you see an IPv6 address on these interfaces that you haven't installed? If so,
what's the address there?
The Solution:
The chapter provides the P1R1 router's sample output. IPv6 addresses with both the
required prefix and application ID in the EUI-64 format have been configured. On the
protocols, a link-local address has also been configured; for example, on P1R1 Fa0/0,
FE80::216:46FF:FE50:C470.0 is the link-local address.
P1R1#show ipv6 interface
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::216:46FF:FE50:C470
No Virtual link-local address(es):
Global unicast address(es):
2001:410:1:1:216:46FF:FE50:C470, subnet is 2001:410:1:1::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF50:C470
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachable are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfigure for addresses.
Serial0/0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::216:46FF:FE50:C470
No Virtual link-local address(es):
Global unicast address(es):
2001:410:1:3:216:46FF:FE50:C470, subnet is 2001:410:1:3::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF50:C470
MTU is 1500 bytes
3. To confirm that you have allowed OSPF for IPv6 on your routers, show the IPv6
OSPF interface information.
The Solution:
The following shows the sample performance on the P1R1 router; on all interfaces,
OSPF for IPv6 is allowed, with process ID 100 in area0.0.
P1R1#show ipv6 ospf interface
Serial0/0/1 is up, line protocol is up
Link Local Address FE80::216:46FF:FE50:C470, Interface ID 7
Area 0, Process ID 100, Instance ID 0, Router ID 10.200.200.11
Network Type POINT_TO_POINT, Cost: 781
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Index 1/2/2, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 mesc, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.200.200.12
Suppress hello for 0 neighbor(s)
FastEthernet0/0 is up, line protocol is up
Link Local Address FE80::216:46FF:FE50:C470, Interface ID 4
Area 0, Process ID 100, Instance ID 0, Router ID 10.200.200.11
Solution:
The following shows sample output on the P1R1 router; both neighbors are displayed.
Solution:
Ref: https://www.hindawi.com/journals/scn/2017/5838657/
In the table listed, commands are displayed. Command syntax is also shown in the
table, usually for PxR1 and PxR3 routers. Here, we have to very closely approach the
router.
Command Description
(config-if)#tunnel source Defines the local IPv4 address used as the source
10.x.0.y address for the tunnel interface.
(config-if)#ipv6 ospf 100 Identifies the IPv6 prefix assigned to this interface as
area 0 part of the OSPFv3 network for process 100 in area 0.
#clear counters tunnel 0 Clears the counters displayed in the show interface
tunnel 0 command.
Solution:
The following shows how to configure the required steps on the P1R1, P1R2, and P1R3
routers.
P1R1(config)#int s0/0/1
P1R1(config-if)#no ipv6 address
P1R1(config-if)#int tunnel0
P1R1(config-if)#ipv6 address 2001:410:1:A::1/64
P1R1(config-if)#tunnel source 10.1.0.1
P1R1(config-if)#tunnel destination 10.1.0.2
P1R1(config-if)#tunnel mode ipv6ip
P1R1(config-if)#ipv6 ospf 100 area 0
P1R2(config)#int s0/0/1
P1R2(config-if)#no ipv6 address
P1R2(config)#int tunnel 5
P1R2(config-if)#ipv6 address 2001:410:1:A::2/64
P1R2(config-if)#tunnel source 10.1.0.2
P1R2(config-if)#tunnel destination 10.1.0.1
P1R2(config-if)#tunnel mode ipv6ip
P1R2(config-if)#ipv6 ospf 100 area 0
P1R3(config)#int s0/0/0
P1R3(config-if)#shutdown
The user will be able to ping over the tunnel at this stage. We need to use the IPv6
address we replicated in the last setup and verify that it is possible for packets to go
through the tunnel.
The Solution:
The following displays production on the routers P1R1 and P1R2. P1R1 pings the Fa0/0
interface of P1R2 in the first sample. P1R2 pinges P1R1's Fa0/0 interface in the second
sample. Both pings were successful.
P1R1#ping 2001:410:1:2:216:46FF:FE10:FC00 2001:410:2:216:46
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:410:1:2:216:46FF:FE10:FC00, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms
P1R1#
P1R2#ping 2001:410:1:1:216:46FF:FE50:C470
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:410:1:1:216:46FF:FE50:C470, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
P1R2#
Then, it is essential to validate that traffic is passing through the tunnel and that the
monitors on the tunnel interface must be visible. View the tunnel details again, and try to
ping the IPv6 address again and then display the tunnel information one more time.
The Solution:
The following shows the P1R1 router's sample output. Following the ping, the counters
on the interface increased.
P1R1#clear counters tunnel 0
Clear "show interface" counters on this interface [confirm]
10. Create an IPv4 or IPv6 redistribution implementation plan. After that verify
the plan based on the outcomes of a network redistribution analysis
When using the IPv4 IOS version, the transformation process consists of two stages. Now
we have to presume that we are supposed to reallocate the OSPFv2 and RIPv2 under the
OSPF method by issuing the 'redistribute rip subnets' order. The first thing we need to do
is verify by adding the "show ip route rip" output command to the router. All of the prefixes
that are accessible are all candidates for redistribution in the OSPF process. You need to
check and send the command "Show connected ip route" output after this router. The
routes that are related to the RIPv2 interfaces are also recognized as candidates for
redistribution from this production run.
Because although, the action mentioned situation is often not involved in the older IOS
models. But in most networking protocols, especially in the service provider setting, in the
network packet, the transit links itself are not provided as described. So, with the concept.
Traffic is sent only "through" the network, while the "to" network can not be sent. However,
with the revised version, the redistribution of the linked interface can be easily performed,
except for IS-IS.
But if IOS IPv6 occurs, whether or not linked links are included, all the redistribution
depends on the preference when the setup is completed. When we convert IPv4 to IPv6,
the actions won't be exactly the same. In this redistribution, it is possible to issue a
different "redistribution connected" command under OSPFv3 to get the interface linked.
And it will automatically connect all the interfaces to IPv6. This design is the first choice as
it is very versatile for the particular networks we select for ads as opposed to others
11. After discussing with the client, configure and verify the redistribution
solution for the network
Route redistribution runs on the router that connects two networks. It's really the main
"shared" location between the two networks that translates protocols and routes for
seamless integration. When working with routing protocols and redistribution, you might
hear it referred to as mutual redistribution. Route redistribution is the process in which one
shared resource maps and translates each route — regardless of the protocol used on
different network segments. Typically, route redistribution is only needed on larger
networks. But even small office networks can grow into massive segments that need route
redistribution. Think about your own network and its connection to the internet. Why
configure your router when its protocols can handle redistribution and find the best path
for its network traffic?
When you redistribute one protocol into another, remember that the metrics of each
protocol play an important role in redistribution. Each protocol uses different metrics. For
example, the Routing Information Protocol (RIP) metric is based on hop count, but Interior
Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol
(EIGRP) use a composite metric based on bandwidth, delay, reliability, load, and
maximum transmission unit (MTU), where bandwidth and delay are the only parameters
used by default. When routes are redistributed, you must define a metric that is
understandable to the receiving protocol. There are two methods to define metrics when
redistributing routes.
Ref: https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-
protocol-eigrp/8606-redist.html
To virtualize the bridging table of second layer switches, the VLAN is used. And it
helps to create virtual switching topologies, which overlays the physical network. The
traffic cannot be going through another topology, which is already travelling in one
topology i.e. VLAN. So, this is the way where traffic can be kept secure and isolated
from one group of devices to another.
Suppose that, there is two VLAN”s connected to each terminate of router and that router
has IP address for every VLAN, therefore, the devices in that network are free to
communicate with each other while going via the router. To maintain the traffic isolation in
layer 3, there is a way. Which is called virtual routing a forwarding. In layer 3, router and
switch to be virtualized through VRF that allow in the routing table. Each virtualized table
available there will have unique set of entries that were forwarding. Following are 3 main
concepts of VRF:
Access control
Shared services
Path isolation
Access control
Access control refer the term that at the edge of network, how end devices are segmented
and identified. In both wireless and wired networks access methods, access control must
take as first consideration. Two of the most common methods for segmenting wired end
`devices is by static VLAN assignment and 802.1X Network Access Control. Static VLAN
assignment is where a VLAN is configured on an edge port and that VLAN does not
change regardless of who or what is plugged in.
the method that we talked about it is very simple to implement, but it is proved costly for
the maintenance of it. There are chances to change in the VLAN, when any new device is
plugged in the new port. If the port is in office of someone then there is last chance to
happen. but if the port has located in a meeting room it can be a nightmare if you have a
mixture of employees and guests plugging in. Additionally, if the port is left on the
employee VLAN and a guest plugs in, they are now on the employee network and can
access the same network resources as employees. This is well known risk. Moreover, it is
difficult to maintain, whereas, assignment of VLAN is easy to maintain and not very costly.
There is no need of any additional equipment or training.
If we talk about advanced alternative for the static VLAN assignments, there is need to
employ of 802.1X on all ports of edges. This method is for authenticating the devices that
are on the backend to the network. But it is one of the complex methods. As there is need
to add some more equipment to implement the authentication and to execute the policy
And for the wireless one, end devices can be segmented by way of separate SSIDs for
different groups of users. The method SSIDs is able to create for guests, customers and
employees, where each of them is bound with its own VLAN on the side of the uplink
wireless controller. 802.1x is a mechanism can also be employed as wireless connections.
13. What are the differences between implementing an IPv4 and an IPv6
redistribution solution
IPv6
IPv6 has 128-bit address length
It supports Auto and renumbering address configuration
In IPv6 end to end connection integrity is Achievable
Address space of IPv6 is quite large it can produce 3.4×1038 address space
IPSEC is inbuilt security feature in the IPv6 protocol Address Representation of
IPv6 is in hexadecimal
In IPv6 fragmentation performed only by sender
In IPv6 packet flow identification are Available and uses flow label field in the
header
In IPv6 checksum field is not available In IPv6 multicast and any cast message
transmission scheme is available
In IPv6 Encryption and Authentication are provided
Ref: https://www.geeksforgeeks.org/differences-between-ipv4-and-ipv6/
Suppose that, there is two VLAN”s connected to each terminate of router and that router
has IP address for every VLAN, therefore, the devices in that network are free to
communicate with each other while going via the router. To maintain the traffic isolation in
layer 3, there is a way. Which is called virtual routing a forwarding. In layer 3, router and
switch to be virtualized through VRF that allow in the routing table. Each virtualized table
available there will have unique set of entries that were forwarding. Following are 3 main
concepts of VRF:
Access control
Shared services
Path isolation
Access control
Access control refer the term that at the edge of network, how end devices are segmented
and identified. In both wireless and wired networks access methods, access control must
take as first consideration. Two of the most common methods for segmenting wired end
`devices is by static VLAN assignment and 802.1X Network Access Control. Static VLAN
assignment is where a VLAN is configured on an edge port and that VLAN does not
change regardless of who or what is plugged in.
the method that we talked about it is very simple to implement, but it is proved costly for
the maintenance of it. There are chances to change in the VLAN, when any new device is
plugged in the new port. If the port is in office of someone then there is last chance to
happen. but if the port has located in a meeting room it can be a nightmare if you have a
mixture of employees and guests plugging in. Additionally, if the port is left on the
If we talk about advanced alternative for the static VLAN assignments, there is need to
employ of 802.1X on all ports of edges. This method is for authenticating the devices that
are on the backend to the network. But it is one of the complex methods. As there is need
to add some more equipment to implement the authentication and to execute the policy
engine which determines thing like VLAN.
And for the wireless one, end devices can be segmented by way of separate SSIDs for
different groups of users. The method SSIDs is able to create for guests, customers and
employees, where each of them is bound with its own VLAN on the side of the uplink
wireless controller. 802.1x is a mechanism can also be employed as wireless connections.
At the end, what is needed to do the solutions segregate the end devices by changing
Path isolation
This term is referred to the method that is used to keep all the VRF traffic isolated within
one core of network. As we mentioned above, that layer 3 device, once hits by the traffic,
as normal it will be forwarded between interfaces, which m ay give the permission to route
between the VLANs. The methods of the path isolation, each method keep the traffic
inside the assigned VRF and always travel between layer 3 devices.
If we talk about alternative that has more scalability to hop-by-hop is for encapsulating an
each VRFs traffic inside the tunnel. Since in the tunnel, there is nothing will be touch to the
core of the network, as that can be provisioned directly between two edge routers. It all
will help to minimise the risk, where mistake can be made on a core router while
provisioning. If the process of provision is completed accurately, then tunnel helps to
provide the built-in path redundancy. It is not possible that tunnelling can perform all type
of devices or hardware, even sometime protocols also not support tunnelling.
Edge-to-Edge tunnels
Shared services
Some things like DNS, DHCP or access to the internet are very common things for all the
VRFs. Here, user stand up with only one set of servers which can provide the service to
everyone, rather than implementing and executing the set of DNS server or set of DHCP
server for each virtual network. Here will be the same internet access. It is normally share
among all the VRFs, as execution of several internet services is very expensive and also
wasting of time.
Generally, these services have their own location that are little module which hangs of the
edge of the network. The module often known as tricky or can be said risky part for
enabling VRF network, because in it, it is very easy foe happening an accident that
leaking of traffic between VRFs, if there is no one is caring properly. It would be really
easy to accidentally allow routes from VRF A to be advertised through the shared services
module into VRF B (and vice-versa) thus allowing devices in A and B to freely
communicate.
The big challenge that can be face in shared services is the fact that VRFs can have issue
of overlapping the space of IP address. In this case it may be necessary to have multiple
servers that serve a subset of VRFs or even just an individual VRF.
15. Design and verify layer 3 path control for the network
When Layer 3 switches use SVIs, the physical interfaces on the switches act like they
always have: as Layer 2 interfaces. That is, the physical interfaces receive Ethernet
frames. The switch learns the source MAC address of the frame, and the switch forwards
the frame based on the destination MAC address. To perform routing, any Ethernet
frames destined for any of the SVI interface MAC addresses trigger the processing of the
Layer 2 switching logic, resulting in normal routing actions like stripping data-link headers,
making a routing decision, and so on.
Alternately, the Layer 3 switch configuration can make a physical port act like a router
interface instead of a switch interface. To do so, the switch configuration makes that port a
routed port. On a routed port, the switch does not perform Layer 2 switching logic on that
frame. Instead, frames arriving in a routed port trigger the Layer 3 routing logic, including
1. Stripping off the incoming frame’s Ethernet data-link header/trailer
This third major section of the chapter examines routed interfaces as configured on Cisco
Layer 3 switches, but with a particular goal in mind: to also discuss Layer 3
EtherChannels. The exam topics do not mention routed interfaces specifically, but the
exam topics do mention L3 EtherChannels, meaning Layer 3 EtherChannels.
You might recall that Chapter 10, “RSTP and EtherChannel Configuration,” discussed
Layer 2 EtherChannels. Like Layer 2 EtherChannels, Layer 3 EtherChannels also treat
multiple links as one link. Unlike Layer 2 EtherChannels, however, Layer 3 EtherChannels
treat the channel as a routed port instead of switched port. So this section first looks at
routed ports on Cisco Layer 3 switches and then discusses Layer 3 EtherChannels
The following image is showing that we are going to use RIPv2 and OSPF in our network.
RouterA#show run
!
hostname RouterA
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 1.1.2.1 255.255.255.0
!
interface Loopback2
ip address 1.1.3.1 255.255.255.0
!
interface Loopback3
ip address 1.1.4.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0
https://www.ciscopress.com/articles/article.asp?p=2990405&seqNum=4
Ref: https://www.computerworld.com/article/2546283/what-you-need-to-know-about-vpn-
technologies.html
Practicals
EIGRP Configutation
OSPF Configuration
Outcomes
Satisfactory
Did the student
Yes Yes
Performance indicators
Satisfactory
Does the candidate meet the following criteria
Yes Yes
Ronish Pokhrel
Student Signature:
Assessor Signature: