Network Layout
IP Topology
Amidala
| Interface
|
IP
|
Type
|
Description
|
| FA 0/1 + FA 0/2
|
|
Etherchannel
|
Trunked link to Anakin
|
| FA 0/3
|
|
Switched
|
Trunk link to Leia
|
| FA 0/4:
|
|
Switched
|
Trunk link to Luke.
|
| FA 0/21
|
172.16.10.6 /30
|
Routed
|
Link to R7 (Cloud)
|
| FA 0/22
|
192.168.254.21 /30
|
Routed
|
Link to HanSolo
|
| FA 0/23
|
|
Switched
|
Trunk link to MaceWindu
|
| FA 0/24
|
192.168.254.29 /30
|
Routed
|
Link to QuiGon
|
| Loopback 0
|
192.168.45.1 /30
|
Routed
|
Management interface
|
| Network
|
Wilcard/Netmask
|
Protocol
|
| 192.168.254.8
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.16
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.20
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.28
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.36
|
0.0.0.3
|
EIGRP 1337
|
Anakin
| Interface
|
IP
|
Type
|
Description
|
| FA 0/1 + FA 0/2
|
|
Etherchannel
|
Trunked to Amidala
|
| FA 0/3
|
192.168.254.5 /30
|
Routed
|
Link to Luke
|
| FA 0/4
|
192.168.254.1 /30
|
Routed
|
Link to Leia
|
| FA 0/21
|
172.16.10.2 /30
|
Routed
|
Link to R4 (Cloud)
|
| FA 0/22
|
192.168.254.25 /30
|
Routed
|
Link to Palpatine
|
| FA 0/23
|
192.168.254.13 /30
|
Routed
|
Link to MaceWindu
|
| FA 0/24
|
192.168.254.33 /30
|
Routed
|
Link to ObiWan
|
| Loopback 0
|
192.168.45.5 /30
|
Routed
|
Management interface
|
&nbps;
| Network
|
Wilcard/Netmask
|
Protocol
|
| 192.168.254.0
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.4
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.12
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.24
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.32
|
0.0.0.3
|
EIGRP 1337
|
QuiGon
| Interface
|
IP
|
Type
|
Description
|
| S 0/3/0
|
192.168.50.1 /30
|
Routed
|
DTC (128.000) link to ObiWan
|
| S 0/3/1
|
192.168.50.5 /30
|
Routed
|
DTE link to ObiWan
|
| FA 0/0
|
DHCP
|
Routed
|
NAT w/ ACL 1 Link to Mercantec (WAN)
|
| FA 0/1
|
192.168.254.30 /30
|
Routed
|
Link to Amidala
|
| Loopback 0
|
192.168.45.9 /30
|
Routed
|
Management interface
|
&nbps;
| Network
|
Wilcard/Netmask
|
Protocol
|
| 192.168.50.0
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.28
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.40
|
0.0.0.3
|
EIGRP 1337
|
&nbps;
| IP
|
Wilcard/Netmask
|
Type
|
Access List
|
| 172.42.10.0
|
0.0.0.255
|
permit
|
1
|
| 172.42.20.0
|
0.0.0.255
|
permit
|
1
|
ObiWan
| Interface
|
IP
|
Type
|
Description
|
| S 0/1/0
|
192.168.50.6 /30
|
Routed
|
DCE (128.000) link to QuiGon
|
| S 0/1/1
|
192.168.50.2 /30
|
Routed
|
DTE link to QuiGon
|
| FA 0/0
|
DHCP
|
Routed
|
NAT w/ ACL 1 Link to Mercantec (WAN)
|
| FA 0/1
|
192.168.254.34 /30
|
Routed
|
Link to Anakin
|
| Loopback 0
|
192.168.45.13 /30
|
Routed
|
Management interface
|
&nbps;
| Network
|
Wilcard/Netmask
|
Protocol
|
| 192.168.50.0
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.32
|
0.0.0.3
|
EIGRP 1337
|
&nbps;
| IP
|
Wilcard/Netmask
|
Type
|
Access List
|
| 172.42.10.0
|
0.0.0.255
|
permit
|
1
|
| 172.42.20.0
|
0.0.0.255
|
permit
|
1
|
MaceWindu
| Interface
|
IP
|
Type
|
Description
|
| FA 0/1
|
192.168.254.14 /30
|
Routed
|
Link to Anakin
|
| FA 0/2
|
192.168.254.18 /30
|
Routed
|
Link to Amidala
|
| FA 0/24
|
|
Switched
|
Link to Cisco Call Manager
|
| Loopback 0
|
192.168.45.33 /30
|
Routed
|
Management interface
|
&nbps;
| Network
|
Wilcard/Netmask
|
Protocol
|
| 192.168.22.73
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.12
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.16
|
0.0.0.3
|
EIGRP 1337
|
HanSolo
| Interface
|
IP
|
Type
|
Description
|
| FA 0/0
|
192.168.254.22 /30
|
Routed
|
Link to Amidala
|
| Loopback 0
|
192.168.45.53 /30
|
Routed
|
Management interface
|
Palpatine
| Interface
|
IP
|
Type
|
Description
|
| FA 0/0
|
172.42.10.1 /24
|
Routed
|
Gateway for wireless clients
|
| FA 0/1
|
192.168.254.26 /30
|
Routed
|
Link to Anakin
|
| Loopback 0
|
192.168.45.17 /30
|
Routed
|
Management interface
|
| Wlan-Controller
|
192.168.45.21 /30
|
Routed
|
Management interface
|
| AP-Management
|
192.168.45.25 /30
|
Routed
|
AP Management interface
|
&nbps;
| Network
|
Wilcard/Netmask
|
Protocol
|
| 172.42.10.0
|
0.0.0.3
|
EIGRP 1337
|
| 192.168.254.24
|
0.0.0.3
|
EIGRP 1337
|
VLAN Topology
Predefined VLAN assocations
While only a few of these VLANs are actually in use,
the VLAN ranges will allow our network to scale almost indefinitely.
- 1: Not in use; clear from all trunks. This is a Cisco best practice implementation (not required).
- 2-99: Management VLAN on all switches.
- 100–399: Access layer devices.
- 400–599: Data center devices.
- 600–699: Internet and partner connections.
- 700–899: Reserved for future use.
- 900–999: Point-to-point links between switches (Layer 3).
VLANs currently in use
- VLAN 45: Management VLAN used on all switches in the network.
- VLAN 102: Skywalker Enterprises.
- VLAN 400: Wireless.
- VLAN 401: Wide-Area Network.
- VLAN 402: ISDN/PSTN.
Configuration of VLAN Layer-2 Security
vlan access-map NAME 10
match ip address <telnet access list>
action drop
vlan access-map 20
match ip address <ssh access list>
action forward
switchport mode access (default)
N/A (default)
no cdp enable
udld port disable
interface vlan <management vlan>
switchport trunk allowed vlan remove 1
Configuration of Interface Security
switchport mode access (default)
N/A (default)
no cdp enable
udld port disable
spanning-tree portfast
spanning-tree portfast bpduguard default
spanning-tree guard root
vtp mode transparent
no mls qos trust {default}
shutdown