Project for Information Security Course: Connecting Devices and Configuring DHCP server

17.10.2018

Getting started

I thought that it would be important first step to plan the addressing scheme. I segmented every department in their own VLAN and every VLAN has it’s own host range. For getting known a little better with subnetting math, I didn’t assign easiest /24 bit masks for every subnet. For sake of complexity and training, subnets has /25, /26 or /30 bit long masks.

This is where we started from.

Cabling

We connected all PCs, servers and printers to switch, router to ASA and  switches to routers with straight-trough copper cable.
Router to router connection are connected with cross-over copper cable. Border router is connected with serial DTE cable to ISP.

Assigning IP addresses

First I gave static IP addresses to every server and printer. Then I assigned every FastEthernet port on distribution switches to right VLANs. After that I changed the port connected to the core L3 switch from a access port to a trunk port. On the core L3 switch, the first command I gave was ip routing which enables L3 routing. Then I created VLANs and gave them an IP address. This IP address is also the Default Gateway for the network segment’s devices.

Distribution switch:
Switch(config)#int range f0/1 – 24
Switch(config-if-range)#switchport access vlan 193
Switch(config)#int g0/1
Switch(config-if)#switchport mode trunk

Core L3 switch:
Switch(config)#ip routing
Switch(config)#vlan 193
Switch(config)#int vlan 193
Switch(config-if)#ip address 192.168.1.254 255.255.255.0

VLAN 10 is “inside” the VLAN 212. This I configured like the others, with one exception. I left port F0/24 for VLAN10 in the Switch8. Switch13 in the VLAN10 is configured like the other switches in the example earlier.

Switch8:
Switch(config)#int range f0/1 – 23
Switch(config-if-range)#switchport access vlan 212
Switch(config-if-range)#int g0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#int f0/24
Switch(config-if)#switchport access vlan 10

So, at this point I have a network where I can ping across VLANs 10, 112, 119, 165 and 212.

Only devices with static IP’s are working. We need some dynamic addressing.

InterVLAN DHCP Server

Because in a modern network there will be a need for dynamic IP addressing, we needed a DHCP server which serves the whole network. Because the network is quite large, I figured that it would be better to have a proper server to distribute addresses than a core L3 switch or router. We wanted that routing devices focus on what they do the best – tell packets where to go.

I picked Server4 from Internal Server Segment for this task. In Packet Tracer, making DHCP pools is very easy. Just click on the server, navigate to Services>DHCP, click on Service>On, and give wanted parameters.

Default Gateway what you need here is same what your devices uses in the network segment. Also you need to let some addresses out from the pool for static addresses, so don’t start your from the first address in the host range. At this moment DHCP works only in the same VLAN where the server located. It seems to be that the DHCP request is broadcasted through the whole network, but it is not recognized by the DHCP server.

As seen in this gif (pic w/o marginal is 1st pic), packet is dropped by the Switch6 just before Server4. Packet is sent from VLAN 10 (research team on left) PC5 and should be received by Server4 (Internal Server Segment in middle). Sorry for the bad quality, I don’t know should I just delete this but maybe it helps to understand the problem.

I solved this by giving some commands on the L3 switch. I went to every SVI made for VLANs and told that the DHCP server is found from this address.

Core L3 switch:
Switch(config-if)#int vlan 10
Switch(config-if)#ip helper-address 192.168.1.129

Now the L3 switch knows to target right address when receiving a DHCP request. Every DHCP request is successful after these configurations in Management, Production and Research departments.

Next step is to make a working “Internet” and update Addressing Scheme Excel workbook.

 

Sources:
https://www.computernetworkingnotes.com/ccna-study-guide/cabling-cisco-devices-guide.html                                                                                     (cabling)
http://www.testout.com/                                                               (Needs login)
https://www.youtube.com/watch?v=rJCa6R2VL6o                     (configure DHCP server)

Leave a Reply

Your email address will not be published. Required fields are marked *