hi guys welcome back to my channel and uh really appreciate for finding time to click on this link so um it's been quite some time before I upload new project and today I'm here with a very important and a very complicated uh networking project that will help us learn a lot concerning Enterprise networking projects so this is Enterprise networking project nine financial institution Network day sign and implementation remember in the previous projects we've covered from Project one all the way to the eighth Enterprise networking projects and suppose you've not to access the classes or you've not seen the projects I will leave a link on the description part of the video just click the links and start from Project one because we normally start from a very basic Enterprise networking project and the complexity is increasing as the number of projects are increasing okay so consider project nine much complicated than the previous projects okay and the complexity will proceed that way so it's very important to start from a very basic Network project the way that we always recommend before you come to this project all right another way of accessing the projects just go to our channel uh Guru Tech networking project I mean training and the first thing to do make sure you subscribe after subscribing click on the playlists okay click on the playlist then scroll just scroll and just scroll sidesway sideways okay until you see this uh playlist here Enterprise networking projects using Cisco packet scissor so under this playlist uh there are lots of networking projects that we've done from the first Enterprise product project to the last Enterprise networking project which was uh the eighth the eighth one okay all right so you just have to start from the first one then you just move down you move down to the eighth Enterprise networking project okay all right and another thing guys people normally um inbox me they want this pockets of file they want the documentation part right you can obtain them but if you only join the channel membership just go to our Channel and make sure you join the channel membership okay make sure that you join the channel membership to to get uh sorry make sure that you join our Channel membership to get the bucket is a file but the documentation these documentations for example this of today okay if you want it it's very simple to get it's free just go to our website which is Guru Tech uh that one that's our websites and then you come under project it's loading but no problem you come under projects okay so uh after coming on the projects now all of these are the projects that we've done so far I will I'm going to upload this to our website soon okay so if you want the previous documentations just click on the any on any project that you want for example you want uh this hotel uh the hospital system Network just click on readable and here is the case study documentation free of charge okay but if you want the packages of file now you have to promote teacher just join the channel membership it will only cost you a it will cost you around 1.4 dollars okay and you get the pocket is a fire right all right so without any further ado uh let's go back to our packages of file Enterprise networking project nine in this project we are going to order uh the financial institution Network design and implementation based on the case study and where is the case study um where is it I closed it sorry so here is the case study that we are going to uh dwell on today Enterprise networking project nine so a financial institution Network system design and implementation so guys we have a case study here and we need to read the case study you we analyze the case study evaluate the best networking design that we can employ on this case study and design and Implement that design based on the case study okay so uh we have a one page case study plus uh one page requirements so it's a very a big project that we might do in two parts but I still don't know so let's just hope that we complete it within two hours time frame okay all right so Jubilee Financial Services Limited which is jfsl is a well-established Finance financial service provider in Kenya which is which offers online Finance solution and services to each clients the company operates in the country's capital city Nairobi and is hosted within an 11-story building the company primarily operates from the 7th to the eight floors where on each floor there are at least two departments okay the company the company has the following five Department within its headquarters so we have human resource HR customer service CS a marketing MK legal management LM and information technology I.T the number of users and other devices per Department includes we have seventh floor where we have hrcs and MK Department okay and we see that each department has at least 40 users user devices plus 40 IP fund and at least one Wi-Fi access point okay then on eighth floor we have a legal management and I.T where each each department has at least 20 um devices use a device plus 20p funds with an access point and we see that each user can have an Associated uh IP phone but not a must okay that means that you can just plug in a IP phone on a port then you plug how can I describe this what this means you can associate your iPhone with a computer meaning you plug a cable from my p phone to a port then another cable from my p phone to the computer so it's from the computer by P phone then IP phone to Port it can still work meaning we are going to implement two vlans for data and voice all right on each board all right the network infraction is currently run and managed by a third party from farm called infinity infinity systems Kenya the Senior Management has decided to own its Network infrastructure including Land one and an external server-side location connected via appropriate one technology which with practice prioritizing secure communication between the HQ Network and the external site the server side will host DCP DNS web and email servers the company is intending to subscribe to two isps in bracket use of safaricom and JTL isps to provide redundancy and load balancing in terms of Internet provisions the company has also purchased two Cisco Catalyst 2911 routers one for HQ and another for server side plus one Gateway router Catalyst this one for HQ voice of Ip okay Services telephone service and to I mean two modular switches both for HQ okay HQ will have to Too Much layer switches and six access switches for the Departments remember here we had five departments okay so the sixth one I think is the on the other one on the server side okay all right so due to the security requirement it has been decided that all the five departments will be on a separate Network segment within the same local area network none of the servers is located within the local area network but will be hosted from an external site accessible via a one connection the network security policy will comprehensively dictate the user access to the external site using access control list scl okay you've been hired as a network security engineer to design the network of which you believe Financial Services or jfsl according to the requirements set by the Senior Management you will consult an appropriate robust Network decent model to meet the decent requirement you will also Implement Access Control list and virtual private networks to enable secure communication considering security and network performing performance for performance factors per amounts of regarding the confidentiality integrity and availability of data and communication so um these are very very important project guys it's a very very important guys for good career development very important you know okay so let's move to the requirements the requirements the company has emphasized high performance redundancy scalability and availability and ants who are required to provide a complete dfsl Network infrastructure Edition and implementation the company will be using the following IPS uh this one for data okay vision for voice because we have IP funds and this one for public IPL is this now for isps okay public IP addresses right so requirements sub requirements form number one design tool we are required to use Cisco packages to design implement the network solution very important hierarchical design used hierarchical model provided density at every layer okay isps the network is also connected to is is also expected to connect to two isps to provide emergency and digital is connected to the two ISP is good Wi-Fi each department is equal to a wireless network for the users voice of Ip each department should have IP phones and users in the department should be able to call each other good a department should be in a different Wayland and a different sub Network The Voice will The Voice will an ID number will remain at villain 20 for the entire network okay so this means that uh all the IP phones will be equal at 20. all right in the network okay subnetting um provide the networks above these on this one this one um provided they talks about career submitting to unlock the correct number of IP addresses to each department basic settings configure basic settings such as host names console password enable password Banner messages and crypto password and disable IP domain lookup okay intervene routing devices in all the department are required to communicate with the internet with their respective material switch configured for internet routing very important core switches all the multiplayer switches the multi layer switches are expected to cut out both routing and switching functionalities and that will be assign IP addresses all devices in the network except like the phones I expected to obtain IP address dynamically from the dedicated DCP servers located at the server-side site okay so as you can remember there was a concept of a voice Gateway so the voice git will be responsible for providing IP fonts at IP addresses okay but for all the different all the other devices we have the dedicated DCP server at this server set site okay so Cisco 21 29 28 1 1 router okay ensure to have a router that can support telephone service very important they currently in packages of this director that can support uh telephone service I.E Cisco that one then you're meeting that the router the Voiceover IP router that this gate um or this The Voice Gateway should be connected to any of the layer 3 switches at the HQ okay so what what's that connection what we're going to see during the design static addressing device in the server room are to be allocated ipls statically very important telephone service configure voiceover p on The Voice Gateway router and allocate dial number in the format 4 dot dot okay so it's like uh four zero one four zero two four zero three all the way to 499 of all the IP fonts in the network okay um routing protocol you use ospf for the routing protocol to advertises out both on the routers and monthly switches switchboard security configure switchboard create Security on the server set Department switched to allow only one device to connect to a switchboard then use sticky method to obtain Mac addresses and violation mode of shutdown a very important very important I really like this project SSH configure ssh in all the routers and layer 3 switches for remote login that's very important standard HCL for the search wow configure simple standard um Access Control list on the virtual interface to allow only ICT Department to carry all the remote administrative tasks using SSH wow this project is a very very important project Nat plus scl configure part to use the the respective outbound router interface pv4 address and implement the necessary Access Control list and a very important that is because we have ISP so we have to use a nut um 0.20 ipsec VPN wow plus scl Access Control list configure side to side ipcqvpn between HQ router and the services router and implement the necessary scl rule very important guys finally test communication and ensure everything is working perfectly fine as as expected well so guys this is a very big project this is a very very big project a very important project and as you can see um there's a company company actually that is um it's a it's a finance uh service provider in the country called Kenya and uh the company is located in the capital city and it's operating from Seventh to eighth floor so it has how many departments um five departments uh on the on the SQL network and on the other side of the server set there's only that one Department sorry about Department okay and we have been provided with everything that we need to start the Edition so guys that new further Hadoop is a very big project let's go back to our pocket reserve and start the decent part okay okay so um depending on the uh on the case study here we've learned that there are some devices that have already been purchased for example uh the company has subscribed to isps and also the company has purchased two these routers um the company has purchased uh this one Gateway router and two monthly switches for um for HQ and six axis uh layer switches for for the Departments all right so basically what I'm going to do um I'm going to start with the um the SP to routers so if ysp routers let me just choose 29 uh 2911 router and I put it somewhere here one one and two okay all right so after doing this after doing this I'll go back here and learn about the HQ Network we've been told that there are two routers there are two routers this one for HQ another one for server side so I go here I put one for HQ 2911 router still it is so let's assume this is for HQ and another one from Subway let's put it somewhere there okay all right and then when we move down just a bit somewhere here somewhere there okay then we'll move down here we see that there's one uh Gateway router uh this one for HQ for voice of Ip this route so for this router I'll kind of post it I'll do it later and let's move to layer three switches layer three switches uh for HQ okay so we need to let three switches for SQ I put two three switches for HQ and folder three switches and just click on the switches you choose 36 50 switch that's one and another one is here somewhere there okay right then we've been told we've been told that there are how many how many access layer switches six of them so as you can remember in the in in the HQ Department in the HQ Network we add um how many departments five Department HR uh CS MK LM and it so under the server side does site so we need five departments five so that's the first switch go to there okay so what's remaining here is just connection I'm going to use serial connection between uh the these routers and the SPs routers okay but the normal connection between the routers modular switches and the switches okay and as you can see here um we were told that where is the ISP side they were told that each letter is supposed to connect to two isps at least two SPS okay all right so what we're going to do we are going to use serial connection between uh the uh the institution routers and the isps with the HQ or the server-side router and the asps so uh by default this router don't have a Serial module so we need to add them so just click on any router then you turn off the router there's a button here just click on the button turn off the router and add this module HW I see iPhone 2D drag it and place it there then turn on the route again do the same for the remaining routers okay I've managed to insert zero models on the router so what I do is just connect them just click automatic cable connection click on the first uh the HQ router to a fast SP then click on the SQ rat again to the second ISP then choose automatic steel from this router to the SP also from this router here to the SP okay then let's move let's connect uh the SQ Network just use connection the way you like it okay so I've managed to connect the devices the intermediate devices the switches and the multiplayer switches and the routers and the SPs so I left one point here about uh I left one point about um yeah this one Gateway one Gateway router four voice of Ip 28 11 router okay and there was something here that was listed I just want to show you hit ensure that the router can support telephone service example this router then we bring to the VoIP router should be connected to any of the layer 3 switches so I don't know it's going to be but we can just for example let's choose that router let's take that data 2011 we went router here it is okay all right so if we're going to connect it to any of the um any of them sorry any of them switch monthly switches all right so let's just connect it there and that's just 10. okay so can we put it inside somewhere there um although I already said it's going to look a little bit progress but uh it has to be there for telephone service because it's the only route that is responsible for providing that service on Packet Tracer and we can't use this router because it's not it's not it cannot provide that service okay so let's just go according to the instruction which is very important oh I choose the wrong router I choose is this um 36 this switch should not be here you are supposed to choose 36 50 switch but this one is 3560. I chose the wrong switch so I'll put this on here take that one from that point I plug it in there and what I do I just delete this switch and connect all of them to the switch okay so that's done uh now the next thing that we do uh let's turn on the switches just drag in power supply that's all come to this one uh drag on the power supply that's all all right so let's go to the in to also I mean to the end devices let's go and connect the end devices we should now connect the end devices we should now connect the end devices so for example being told that each department should have a Wi-Fi network an IP phone a printer computer you know those kind of devices so for example uh here I'll just come then I put for example two P two computers like that one uh somewhere there and remember this network we can use both [Music] we are going to use two vlans one for data and one for voice and uh we can associate each PC to uh to IP phone okay then for wireless uh sorry I forgot to take printer so you have here delete that I put printer okay so we can add the associate IP phone to a computer or just leave the way we were told that means you connect a cable from from the switch creepy phone then another cable from my p12 the computer although it's connected to the one to one port so that Port should provide both the both data and voice traffic and then finally we need an access point to connect uh let's say laptop you want laptop uh we want tablet and a smartphone okay so we provide a wireless access point AP the first one okay put it somewhere there all right so what I'm what should I do I just need to connect them all of them for example connect that to that edit them very very fast save time okay so now for the laptop you know laptop doesn't uh the packages laptops doesn't have a Wi-Fi card by default so I just have to insert that module just turn it off turn it off until you see the the yellow icon is gone then drag out that module until the CI is black then drag this WPC what and what okay then turn on the [Music] um develop again okay then I don't want this uh devices to connect right now so I'm just going to change password because the password is default so I'm just going to change it something like that so that they don't connect good rather than connect right now so guys we should uh we are going to copy um we're going to copy this to all the department message to the remaining four departments before that let's turn on uh let's uh put the power adapter to the IP fonts good you can see my setup is quite clear you can see my setup is quite clear okay you can use uh one port two four IP phone and computer okay all right any of them any of them good so what I need to do what I need is just to copy I'll just copy paste and do the necessary so I'll do it very very fast save time I copy I paste now I drag it to somewhere here I believe that's the right thing [Music] okay so I I've copied and pasted all all the davises as you can see each department that is it's at least having the required devices so I just do the connection very very fast save time also okay so as you can see I've included all the devices in every Department and every department is having at least the device that are required um so let's do for server side so I said we wait for service okay so uh I think our design is a little bit complete and now what you just need is to um make it beautiful do the naming and the borders so what I'll do I'll first do the naming for example isps uh SQ data server side router xq monthly sh1 HQ material switch 2 and so on so to so forth so this one was safaricom okay now for the switches we name them as per department for example this HR department switch so just say HR depth or HR switch okay guys so um I've done the naming of all the devices in the network for example these are the aspirators they we were told that there are two ISP routers this one safaricom and JTL isps so this is safaricom that's a tlsp and this is a SQ router this is our set router and in terms of multilia switches let's say HQ let's switch one and qlhq multi sh2 then this is HQ for web router we were told to attach it to any of the layer switches then for um for the access layer switches you can see HR switch CSS switch MK LM which is low level management and it switch in terms of house devices you can see clearly we have for example a PC in HR is called hrpc a printer at CS is called cspc IP phone at MK department is called MK phone with the number one two three and an access point that um law management legal Management Department is called lmft and the naming is consistent and kind of a very identical Department and this was devices also I.T laptop by this month from things like that okay all right so basically what's remaining is just to divide this network to show that this is um HQ Network this is our side Network okay all right so just a minute okay so I'll proceed and divide this network as HQ and server side Network so I'll just take that first I minimized it minimize it so that you become I mean I zoom out I zoom out so that it become that and uh just a little bit okay I still big it's still big so just do that okay then I take that and I start doing this now okay so I just do reset okay now it's okay all right so that size HQ Network HQ Network and remember we had how many departments we had two floors seventh floor and eighth floor so the three of these will be on seventh floor and the two of these will be on eighth floor so just do this just want to name them I just want to name here as uh what was the company it was Jubilee something Jubilee jfsl so I just say this is uh j f s l HQ Network then when I come here I'll say this is jfsl jfsl server side Network okay so and I give it a very bright color what I do now let's separate uh seventh floor from eighth floor now let's separate seven from from eighth floor just do a little bit of that okay the three of these should be on seventh floor let's show this eighth floor so I still take that one and say no fill and run this way the three of this to be seventh floor okay somewhere there and the two of these to be eight flow yes no problem that's okay all right so on the eighth floor we had uh before that let me just comment here as eighth floor uh say it was jfsl head flow and copy and come up this seventh floor sorry seventh floor and this is FSL eighth floor good now same thing I'll give them a bright color I want to give them or that one oh no no still feel yes okay so also it needs the on on each floor we have departments so let's separate the borders of each department so to do that we're not going to use bread too much bright colors but oh I did the fonts are left so it will force me to drag it a little bit somewhere here so that uh this device is accommodated although it's not um no problem I'll just leave it at that point although these devices are not inside the circle but no problem no problem no problem all right so uh let's separate the boundaries of each Department so for example this is a HR department I'll do it very very fast save time okay guys so as you can see I have uh given a background color for each department so that they can be easily identified so it's not that much bright colors so that's pretty much okay and now what I'm going to do oh let me give color for this department also for server side uh apartment so for services department I'm going to give a circle it's a call with um green color green color is okay too much green is not okay but uh yeah that kind of green so just give a circle like that okay so I'm going to give a description of each line of which departments give the name and uh I'm going to give the name yes I'm doing that so that I can find Space to write the names I'm going to do reset good okay so everything's just looking perfectly fine now okay person for example this is a HR department so I'll just say HR depth HR Department [Music] and I copy paste this one to be CS okay so um I've named all the Departments so the design is looking perfect to find very very good you know very very well and also this side let's name it as server server site alarm okay that's okay and for the isps let me give colors for this piece something like a circle or a background color and which color should I use okay so here I will name a size p and name as a ISP area ISP area okay all right so so I think our design is complete so we're just remaining is just um some comments some additional comment don't worry although this is making our design to look a little bit not much beautiful but it's okay we're just following instruction we were told to call to attach it to any of the uh much layer switches and that's the thing that you've done we're following instruction it's okay perfectly fine okay all right so um let me go back to our case study so this is the question that we read earlier and uh as always my culture I normally I like the step that you are going to follow when we are doing any networking project and here are the steps that I listed Network design and beautification Network design and beautification very very important we've done that as you can see we've done what's called Network descent and beautification we've designed everything and uh We've beautify the the network such that it has different colors for identity and for differentiating departments devices flaws etc etc okay and basically now the next step to go is we are going to start configuration basic settings to all devices plus sh on the routers and layer 3 switches so let's go back to our case study basic settings we are two basic settings basic settings just some okay configure host names uh consort password enable password Banner messages we need to encrypt all the password and disable IP domain lookup very very important and as I always do we call we do configuration on one device then copy I mean write commands on a notepad and copy to all other devices very very important you know and so I'll begin with the access layer switches uh to configure basic settings and among the basic settings that we're going to configure are listed here so uh these are the basic settings host names console password enable passwords Banner messages encrypting our password and disable IP domain lookup so let's do the configuration on this switch for a demo and now for the remaining switches just write no commands on notepad and copy to all other switches so enable uh conflicting config team just write hostname hostname as this is HR department so just just write HR so iPhone 6 okay and uh another thing we do uh enable password enable password is the enable password listed here really and it should be there enable password is very very important anymore sorry for privilege exact mode so I start with the enable password enable password in my configuration I always use Cisco as everything be it username or password okay um sorry enable password to be Cisco and land console we need to configure and console password so just enter that line learn concern uh Ctrl 0 then we just issue a command called password to be Cisco okay then we log in the user we authenticate the user then exit I are there any other thing that has been listed here on um okay that's all that's all exit okay and another thing is Banner message so just like Banner motd uh message of the day then any character let's see just use uh this one then inside that character just say uh no unauthorize axis that's all okay hit enter another another basic setting that we need to configure is um [Music] um an IP domain lookup and encrypt all the passwords just so you know IP a domain lookup that's all and now we encrypt all the password that you just configured you just say service password encryption that's all and what's remaining on on the on the basic settings um we've just done those name console enable password Banner messages encrypting and disabled free domain lookup that's all about basic settings and what I just say do right okay so we're done on the first switch so I want to copy this message of the I want to copy this in our authorize access so that I'll paste it later copy that okay so it's the time to write commands on notepad and copy to all other remaining um devices so uh just write enable then config the first thing Optimum for this case this is CS switch CS I send switch then what we do now enable password enable password make sure that you type correct English enable password to be Cisco okay then line console zero console uh zero then password to be password to be Cisco to then we log in the user authenticate then we exit the Lan interface okay all right then what's up Banner message Banner motd then the two characters then it said the two character I paste the message that I just copied right then what's remaining here now uh or they say by P domain lookup no IP domain looked up look up just like that and what's remaining also um encrypting uh encrypting the passwords so there is a comma that's called service password encryption make sure your English is correct you type you write correct English encryption okay and encryption okay that's okay then do right okay so I'll just modify those name for all the leverages and copy to all the devices okay I just modify hostname for all the devices so I copy first for CS switch okay so I've done the basic settings on all the access layer switches and definitely I'll move to the distribution layer switches and as you can see on the config guide we were told to do basic settings on all the devices plus SSH on the routers and layer three switches so what among what am I going to do I'm just going to copy this these commands for example I'm just going to change this as it's too much let's switch one HQ Asus name matte layer ml switch one okay switch one and I copy everything come and paste to this switch here okay now we've done the basic settings but we are told to add SSH on the routers and the L3 switches so let me write let let us configure SSH on this multi-layer switch the first thing the first step to configure is a sage Ensure you configure hostname so the first step is to configure hostname whenever when you want to configure SSH make sure it's configure hostname then the second step make sure you configure username and password edit enter third step you configure IP domain name IP domain name to be let's say Cisco dot com okay and you eat enter and now is the time to generate crypto Keys crypto key generate RSA when you hit enter and then how many bits in the modulus let's use 10 24 okay very important okay you will see the name of the keys will be HQ um much less H1 dot cisco.com okay then this one the domain name that we just listed then you just hit enter okay okay now SSH is enabled so let's give SSH a version let's say a p SSH there's a switch version 2. sorry IP SSH um version two okay give it a version all right so we've just uh generated a crypto keys and given SSH a version so it's the time to bind this SSH to a vty interface okay although it's configured but we've not applied it on the v2i interface so let's do that line video 0 to 15 okay then we say a login local to use the local database login local to use the local database then transport input only SSH because uh we've been told to configure SSH we don't want to input all because when you input all event Talent will be you will be used but till it is not secure so we just say transport input or I mean as I said sorry and hit enter exit and do right so we've configured SSH on this multi-layer switch okay so I want us to uh write SSH com configuration here because the basic setting will be just a similar to all the devices so I change this to that one much less with two then I proceed down I proceed down here to write SSH configuration the first thing that to make we have to make sure uh make sure that the device are Source name then this one thing create a username and password so username Cisco and the password of password of Cisco Okay the third thing create IP domain name like P domain name let's cisco.com cisco.com okay very important then let's generate crypto Keys how do you do that very important which I say keep to t uh just a minute crypto key generate RSA then we hit enter and it prompt us how many bits do we want to use we we hit enter then we say 10 24 bits okay all right so that will enable SSH after SSH it's enabled we give the version of SSH we just say IP assh SSH version true okay all right so sh has been enabled with the version two so it's the time to apply them to the interface so we just say line v2y 0 to 15 okay then we say login local Tuesday log local database okay then transport input SSH transport input as it basically means uh the bit weight of it should only use assh as the method of remote access then exit good so I believe this will work and I guess I will copy and copy but when I come to the routers I'll just change uh the host name okay very important so I'll do it very very fast save time for example click here a complete CLI and I just paste right no no error meaning uh it was perfectly configured I wrote correct English the problem might come when you don't write the correct English word okay all right okay so I've done the basic setting plus I searched on all the devices in the network access less which is multi-layer switches and the routers okay all right so let's go back to other config guide to see what's the next step okay so the next step is to configure valence for example for date and uh Voice Plus all access and trunk ports only at 2 and layer 3 switches okay all right so guys as you can see we need to configure vlans so before that before that for example let me go back to the case study I saw something with an assignment okay this one each department should be in a different villain and a different sub Network the green ID number will remain will an id120 for entire network The Voice sorry sorry The Voice should remain fill an ID that one for the entire network so any villain avoid or IP phone should be 120 okay all right so for let's say I just want to do a quick comment the valence will be only applicable on HQ network not not the server side okay all right so I'll just do a quick command comment I mean for example I'll say just say villain I want the data villain on an HR department to be Valentine so just say villain sorry villain okay then I hit enter data to be 10 then voice we were told to uh 120 for the entire network okay 120. so I'll just copy this and paste in all the requirements change it to 20. okay so as you can see uh the villains have been listed there as the comments and you can see each department as a different villain uh not only for I mean only for voice villain is the same in all the departments okay so it's upon us uh to configure this switch so it's upon us to configure every switch to have both data and voice villain every port on a switch should be associated with the two villains for data and for voice so pretty much simple you know the first thing to know the first thing to know identified trunk boards and access ports we only configure um uh the sealants on the access ports okay all right so let's come to this switch here I normally do my configuration in a holy manner so the first two the first two connections should should attach to 501 501 and faster than a zero two on all the switches so that when I write the commands on part it's consistent in all the switches so for example if I hover over this you see it's a 501 f802 and the same case applies to this all of this I normally do my things in a harder Leaf manner okay so that they have consistency with the interfaces okay it's the same in all in all the devices okay so I come to this switch first oops need password Cisco I've got I'm not enter the password just come to config and click any interface and come back here and exit all right so is it the time to um um assign a villain numbers to interfaces the first thing that we do we create the valence after we have identified which parts are trunk and which Port should be accessed now we create um a valence okay now let's say uh VLAN VLAN 10 let's name it name data give it a cups okay then we learn VLAN 120 now if we run 120 okay name name to be voice okay good then we exit then let's assign Parts a rows of trunk or access okay for example the first two right so I said the first two are Trunk because you can see they're connected to other switches okay they should be drunk right because they will be passing multiple vlans they cannot be accessed because access can only access one will at a time so the only person multiple villains so we need to make them trunk so interface range foreign [Music] hit enter very good exit now we are done with the two interfaces so let's go back to the access interfaces so for the axis interfaces uh it should range from uh interface 3 2 24 because these switchings have 24 ports but the first two ports have been taken by a trunk so let's assign the remaining parts and rolls of access okay interface range that one to that one okay very important under Ethan No No it should be from three not two three to twenty four because two should be trunk okay two and one fa1 and Fa 2 should be 10. now from 3 to 24 to beat access okay then we say switchboard mode access okay then we have Valentine and VLAN 20. now first thing let's assign the data villain how do you send the data villain very simple just say switchbox access VLAN 10 very simple then you just see 10th okay very simple then how do we now assign The Voice VLAN very simple just say switch switchboard voice now we start with the voice VLAN 120. how do I send data VLAN switch Port access VLAN 10 how do I send a voice VLAN a switchboard voice VLAN 20 and it enter exit and do right okay to show start you will see fa 0 1 and 2 are truck the way we expected but now from effects 3 to 24 you can see a interface uh I mean switchboard access villain 10 switchboard mode access then switchboard voice VLAN 120. now that's pretty much okay now is the time that now we write commands on notepad and copy to all the remaining switches to save time so I'll open Notepad what did we do the first thing was to create villains I just create villain we learned 20 now for Force um CS Department and I name it uh data okay then we'll learn 120 also I name it uh voice okay all right exit the VLAN interface first now we go back to assigned Parts rules of trunk and access for example this one this one should be trunk okay so I come here and say interface range essay one to two then it says report mode trunk exit be very careful when you're writing your English I'm normally Perfect When I'm writing English because I'm from Kenya and the Kenya we speak Queen's language you know the British the British English so it's very important to write the correct English word okay all right so um the two are now Trump okay so it's upon us to ascend the other remaining ports the role of access and I send them villain numbers both for data and voice so another another range so I'll just try to copy this I'll copy that and let me just copy all of it and interface range now from 3 okay from 3 to 24 because we have 24 ports so it put more access now okay right then switchboard access VLAN 20 we created real intent here okay for data then switchboard voice we learn 120 very important very important then we get done do right okay now what we will change uh uh for the three remaining switches just as the villain I mean the villain ID here and here okay everything just remain the same so I'll just copy and go very very fast without wasting much time okay so uh guys I have managed to assign uh all the pause roles of access and tracks and the same the access supports a villain numbers both for data and for voice so it's uh it's uh it's okay now let me see uh additional information on the config guide um accessible on layer 2 and layer three switches okay so um so now it's upon us to go to let three switches now for the three switches we're going to be very very easy we just identify which parts should be Trunks and which part should be accessed and which part should be a layer 3 interfaces so let me discuss this on the too much layer switches we are only going to have to uh browse for example this interface this interface this spot will be a layer 3 interface okay no switchboard it's going to be a sign IP address so okay so as per now we are not going to interfere with it okay and also this one but for the remaining one this one and this one to be drunk and also this part is going to be drunk okay because we want it to pass a voice villain to this uh HQ uh voice Gateway so when we are configuring a trunk we are going to consider this interface this interface and this interface okay all of these but not this one okay in this case all of these interfaces but not this one the reason why I want to configure this interface of strength although it's connected to another router is because I want this to pass um the The Voice traffic to this router because this router will act as a default gateway of all the IP phones in the network okay so from this point they don't there's all of this to be trunk okay okay so let's do that so for example that's a gig02 uh this geek07 uh three uh for five and finally six so from gig from gig one zero two two gig one zero seven should be trunk gig one zero two two gig one zero seven should be trunk okay and I want to put password so as I said uh interface range it was from gig one zero okay one gig102 gig one slash zero two to seven okay so let's put mode because uh this is gig one one big one one okay okay switchboard mode trunk trunk and hit enter exits now let's create the vlans all the vlans in this switch so it says it's very very simple uh I'll just go here for example um now I'll create freelance sorry let me just do it here um yes that's why I have this uh notepad here so for example I want to create VLAN 10 and rename it we learn them now we name it as the department HR okay then we create another villain we learn 20 we name it as a department uh we name it as uh uh CS foreign we name it as a department which was a marketing MK name it as MK I will create another villain villain 40 we name it does uh name as um legal management and M then finally they land 50 then we name it as i t okay okay okay so and uh we create villain 120 for voice okay all right so I just copy all of this copy all of this to this switch here okay so do right on that switch so we are done with this switch we are done with this switch so let's go back to this monthly switch and configure uh trunk interfaces so the trunk interfaces mm-hmm that's it so the trunk interfaces here are from this one which is geek02 to AI is geek06 because uh he added this final interface that was connected to the VoIP route okay so interface range sorry interface range gig one zero slash two to six switchboard mode track okay exit then we paste the vlans that you just copied this one okay I just paste them there and do right so it's okay in terms of valence on multi-layer switches and access layer switches we are done so let's go back to see what's next in the config guide switch for security to server side site server side Department wow switchboard security to server side Department here so um being this uh external uh Department you know we don't want any other device to connect to those spots apart from our devices okay all right so uh we are going to configure switchboard security to this switch here okay so this is switch interface in this one okay uh let's say 0 1 so from fa 0 2 that one fa 0 2 2 f805 we should configure switchboard security there okay and how do you configure switchboard security very very simple uh exit the first thing we do we check on the documentation the requirements such as switchboard security configure switchboard security data to allow only one device to connect to a switchbot use sticky method to obtain Mac address and a violation mode of shutdown okay so we say that pots are the first thing we do we check the interesting interfaces the ones that are connected to um this one the one that are connected to [Music] um the devices okay and uh because this is an external uh server side someone can can infiltrate and plug their own devices so we just want to say interface range fa 0 2 5. then we just say so we put mode access Okay so uh just a minute then after uh making them access boards now we initiate the process of configuring um of of configuring switchboard circuit we just say switchboard switchboard Port security what City that's all then switchboard post security maximum we've been told to allow only one device to connect to a port at a time maximum one okay right then switchboards Port security Mac address to obtain through words command sticky command here the instruction where is it this one to allow only one device we've done that and use sticky method to obtain Mac address and the violation mode of shutdown very important Market is to Sticky command Okay edit enter Then switchboard security violation violation mode to be shut okay exit and do right so guys with the keyword this switch okay but what if someone comes and uh plug uh a device to the port that you will not say keyword so you know that's the security principle there will be uh will be broken so we need to uh there are other ports that are connected to this that are not connected to any device and they are not secured so you know when you try to plug in any device the port will turn up so maybe an attacker might plug in a a very malicious DCP server to that Port so we need to turn we need to turn off all those spots that are not connected to the DC to the servers okay so interface for example you can see here these are the only parts that are connected with the servers okay this one okay so from 0 6 to 24 are not connected to the servers so interface range before that do shows that so you can see from 6 to 24 they are not connected to anything okay and the other quotes from uh these two poles Giga zero one and gig0 so I'll just say um interface range fa 0 6. to 24 okay and another range of gig zero slash one to two these two okay we want to turn them we want to shut them down and Ascend them to a very strange villain so that and that VLAN we will not allow communication with that freelance so even if you plug in any device that VLAN is not allowed for communication note that traffics will be blocked okay we tender and just say switchboard switchboard uh mode access then switchboards access VLAN and 90 let's say one that's 99 let's get for a very thick villain okay and uh shut down we want to shut them down good exit do right so we just says do show start so we'll see from Port 6 you see from 46 uh to all the way to 24 until you reach gig01 and geek02 they are in shutdown State and they have been assigned a villain 99 we are not going to allow Villa a communication of any villain 99 so even if an attacker comes and plug a device to any of the ports you know that Port is by default in shutdown State and it's in a villa that cannot communicate so this this department is a keyword very important guys very important so and if you go if you go up you can see from portrait 2 to Port 6 they have switchboard security okay with a maximum I mean uh uh sticky method of obtaining markets and in fact I can just say do do show about security you will see how many points have been secured only four from two to five and we can see only one device can connect to a port at a time and the valuation mode is shut down so very important okay that's done guys very important method of security all right so um another step that you need to do is subnetting an IPA addressing so IP addressing and subnetting very important but you know um submitting normally takes a lot of time we were given um a block networks here for this one is for data um this one's for voice and finally this one is for the public IP address the isps so uh I took my time in the background and did some netting and came up with this table here okay so this is the table that we're going to use for example um um [Music] I said the battery love this network kind of separate mask so uh for the valido studies will be this one the default gateway should be this one and the broadcast ID should be this one so the same applies to all other departments so if you want to use this addressing table you can just screenshot this page and use it the way you like it and now the server side will have this um addressing for the submitted mass network and this one should be blocked subnet Mass yes and now between the routers and then layer three switches you can we are going to use this one and uh between the uh the routers and isps we are going to use this one so guys without any further Ado I'm going to start commenting on the networks okay so for example the HR department is going to have that Network um CS MK MLM and between uh the devices for example routers and bullet 3 switches and the routers and isps so I'll start with the Departments so just go to the decision and give a comment uh for the the network of uh the voice I didn't I didn't include it here I didn't include it here because I'll just rate it somewhere here because it was just given five full one full one block okay for all the devices in the in the network so irrespective of which which devices in which department they will have uh IP address from this router one will they will be the same subnet all the devices or the uh voice of all the IP fonts in the network will be the same subnet okay so there's no need to submit it okay so I just do that and comment here for example this one is network net to be 192.168.20.0 slash 26. copy oh this one should be capital correct so um I think um my accessibility thing is perfectly fine because we were told that HR Cs and MK Department should have at least 40 devices so you can see a slash 26 notation uh provides how many addresses I appeared at 62. so 62 can accommodate all the 14 um addresses and we're also told that uh loan management and IT department should have at least 20 divas and slash 27 provides that 30 IP addresses and 38 PLS can accommodate 20 addresses so that's okay so I'll just go very very fast same time okay so I've done the uh the comments on the on the Departments you can see from uh HR department Cs and MK they have class 26 okay but LM and I think they are 27 right okay so let's go to server side Department I'll check on the IP address of the service and department and command it this one happy and come this side Okay now what's remaining on top of Ip addressing oh the network between there the routers and the layer 3 switches such as 4B HQ and modulus which one uh do it very fast and now um what's remaining the network between um [Music] routers and SPS I do it very very fast okay so I'm done um I'm done with the comments of a network a teacher I teach department and between the devices so uh oh for for voice of IP voice over IP I just want to make it our color first and then IP needs to be net was uh we were 1 10 or 10 10 0 34 okay okay that's Voice key doing so guys basically I've done the comments based on on the pr dressing scheme and the subnetting results that we did that I did earlier based on these tables so uh that's the only thing that's remaining is to assign IP address to the interfaces very very important you know so our how am I going to do that so I'll just start I'll start from the monthly switches or I just start from this router here so this router the interface of this router oh sorry first ethernet 0 0 so the first thing I do to first item is zero zero I turn it on or I just do go using CLI no shot now it's on then sniper address paste that change it to 1 255.255.255.0 okay exit um I think I need to do something yes you know uh before I do that the voice the The Voice traffic as a villain now we must implement we must assign uh we must create intervene routing on this route for it to work so we are going to create a sub interface and assign it this IP address note this interface so um I should create a sub interface I'm just say no IP address first good now I create the sub interface dot 120 okay for voice traffic this now eye level I didn't I didn't think I should do it at the lower level I should have done it uh I could I should have done it later but now because I've started it let me just finish it off this now for voice traffic it should have you know associate the villain number okay then we just say encapsulation dot 1q 120 for VLAN for for voice villain okay then we are sending that IP address and exit and do right now we are done ascending a peer test to that interface for voice this is a very delicate router here because if you mess up with it the IP phones will not are not going to work so the first thing to do because we know I defaults are assigned a villain 120. now you create a sub interface for Interval and routing and assign it encapsulation document Q the villain ID and your centerpie address okay and if I try to mobile it now you should see faster than 800.120 with that IP address okay so let's assign IP address to this interface first gig 0 0. interface gig one zero I mean one zero one IP address sorry sorry can't make it and I'll let three interface first make it let three interface fast how do we do that no sweet points into e Delta okay and we are saying it appear this of uh put it somewhere here one eight two to 168.21.17 because the network is dot 16 okay so that mask of appeared so the mask of uh 255.255.255.252 [Music] okay no shut do right so we're done as configuring [Music] um appears this interface now let's do it for this interface which is a gig one one gig one zero gate goes this one no secret first 102.68 21. 255.255.255 no it's okay so guys I'll proceed to configure appears to the routers interface very very fast save time so I think uh if you have mastered that way do it this one took 21.17 this one took 21.21 so this one should take uh 21.22 this one should take 21.18 this one should take 20 I mean 100.5 then I should take 100.1 this one should take 100.2 100.6 and so on and so forth so I'll do it very very fast to save time so it's upon you to know how to configure it correctly because it's very very simple I have specified the network between them now make sure you did correctly foreign to all the interfaces so I'm just going to check them okay they're okay everything is okay everything's looking perfectly fine so I'm done configuring IP address to all the interfaces so it's economy it's upon us to check on what's next on the config guide I'll go to the config guide open it ospf on the routers on the layer three switches wow very important very very important so we need to do ospf on the routers and the layer 3 switches so I'm just going to go to this switch because this switch and this this you're going to advertise the same I mean almost the same 10 Network only this one this one will be different so go to this it first okay now this is a material Stitch and the first thing to do before you do any routine is to enable IP routing how do you do that just write IP routing let's start come back to this switch also and enable routing let's say exit IP route that's done so let's advertise let's advertise Networks um let's advertise Networks so in this case guys I'm going to do what's called route summarize summarization I don't want to uh I don't want to advertise too many Networks what I want to do is just to do route summarization because this network here this one this one this one this one can be summarized into one network okay because this one takes dot dot I mean the first one it also I did here is 20.1 and the last valid host ID here is 20.255 so meaning when you summarize those two net all the networks and the same router ospf 10 then we want to give this router ID let's give it them a router SD at a deal let's start 1.1.1.1 okay it's very important to give routers IDs okay for easy identification okay so you given that switch a route ID of 1.1 okay now let's advertise networks how many networks are we going to advertise for voice and for data and this connecting network okay so let's start the first Network let's advertised for Voice network 10 or 10. 10.0 and Wildcat mask of 0.0.0.3 area let's use the zero okay the second Network that you should advertise is this one that is connected directly okay uh 192 network network 0.0. 0.0 Dot 3 area 0. there's something I went wrong this one should not be this way it should be dot 255 because uh you can see it here so let's say no to that one to remove it first and we correct it now I connect it to 255. and finally the last Network that you're going to configure to advertise is the a summarized network of the four of the five okay what's that Network Network that network is this one if you summarize this five Network we're going to get this online at 2 168.20.0 then 0.0.0.255 if you summarize all these Networks you're going to get this one okay hit enter exit and direct so let's advertise a network see also uh then first just select router or SPF 10 then Route 80 don't forget shout ID very important uh two two two okay that is a kind of as it's like a PS4 updates okay that is two bits then we have to test this looks the first network is 10 10.10.0 and work that must go 0.0.0.255 area zero okay another network is this one that is connected 21.20 uh 21 or 20. 192 168.21.20 I welcome 0.000.3 and finally the summarized network of the five which was uh here was 255. and here was Zero and there was 20. exit and do right so let's go to this route I also to advertise for the one network let's go to that router testimony.exit uh router or SPF 10. then route ID let's give it 3.3.3.3 okay and network oh it's only one then then oh sorry so that's zero two five five two five five two five five mask 0.0.0.255 area exit and do right okay okay so we advertised um the routes in this router this much less switch this my classic so we're done we are only remaining with the advertising routes on this router these are these are this one let them do it very very fast so um exit route ID I mean router SPF 10 then route ID very important uh let's make it 4.4.4 so that's just like a button I made this one 1.1.1 2.2.2.2 3.2 T3 now folder for that 4.4 okay Network I'm going to attach this window this one this one this one and this one okay all right so it's that one and two one sixty eight for 21. 16 0.0.0.3 area zero then another network is 21.20 area zero okay 2120 area zero uh and then another Network you can see there are four more adjacency they should form two adjacency that's okay with neighbor of 1.1 and 2.2 okay IDs okay for easy identification very important now let's advertise this one this one very very fast um so I will change this to it was 190. 200.100.0 okay then another one is uh dot four uh exit and two let's have done a script there so let's do SPF on on this is ISP router exit so router SPF or SPF 10 then route ID 5.5.5 network list advertise networks uh 190 or 200 100.0 this one the direct contributed this one and this one okay and 0.0.0.3 area zero okay the form adjacency another one is uh dot eight okay exit do right rotate is this one the one that's between this router and the server side router now let's do SPF on this router too very simple SPX is the best one that we should use so router SPF 10 then route ID let's make it 6.6.6.6 than the network uh 190.200.100. 4 and Dot 12. for 0. 0.0.0.3 area zero okay I'll just enlight this okay you can see it is from adjacency and uh another network is about 12. okay exit exit do right now let's go back to this route and vertize how many talks through our Networks the direct depleted Network this one this one and this one so I go to this router exit exit um analyze it a little bit Proto SPF then then route ID let's make it 7.7.7.7 okay then the networks are uh let's advertise this one first we wanted to 168 dot into 21.0 and welcome to his eight notation is equivalent to two five five two five five two five five one two four four zero so two five five minus two four zero is fifteen so that becomes 0.0.0.15 area zero okay and another network is uh dot 8 and Dot 12 will do it very very fast and it Network 190. 200 to 100.8 that's 0.0.0.3 area zero then another little kiss dot uh sorry another network is the 12th okay exit and do rights ah it does not form a destiny with that with one router oh it has done now it has done now so that's okay do it how do we test uh if the their formal adjacency for example just go to this router here and I guess say do show ipospf neighbor let me expand and hit enter and you can see there there are four neighbors 2.21.2606 and 5.5 okay all right so guys we're done with the ospf configuration now we can go ahead and um you can go ahead and check on the next step on the config guide uh the next type on the conflicts that guide is the static IP address uh to server room devices which is very very easy I'll do it very very fast save time because we have seen that the default gateway of the servers at land should be appeared at this interface which is a which is um you can see it's x00 IP address it one and two one six eight two one dot two one dot I mean slash two one two slash 28 I mean so even server let's email server to our let's start with the JCP I think let's start with the DHCP um you come to desktop you come to AP configuration and uh 192.108.21. let's make it around um 25 good and the submit must be 240. because it was 28 notation okay and the default gateway default gateway should be dot one sorry I think uh I'm making a mistake I'm making a mistake actually is dot 21. now meaning DHCP should be notified okay dot five and DNS I want DNS to be 1.6 okay so just copy this uh yes node.221 120 something is dot five okay that's okay we should respect this last 28 notation meaning there are only 16 14 IP addresses but we we gave out something like 20 something which is above 14. so um that's DNS DNS I want this to be dot 60.6 I mean and submit must don't forget that 240. DNS I mean default gateway that's that one then that is test.60 DNS just.60 let me try if it can reach default gateway pin that's all web server web server let's give it 1.7 uh don't forget uh the default gateway the subject was coming and this one is uh 0.6 DNS uh email server don't forget uh let's give it 37 I mean then 40. um hit that one six okay now everything that's okay and we're done with that step so let's see what's the next thing to do the next thing to do is there's a piece of a configuration remember we've been told we've been told here that this episode all devices in the network except IP phones I expect to obtain IP address dynamically from dedicated DCP server located in the server side site whoa very important so let's go here and configure this TCP server to provide a peer address a location too HQ networks okay so what I do just click on DCP server come to services and come to TCP the first thing just have to turn it on and turn this to zero zero you'll find some figures there just turn them to zero zero and Save okay all right so and also this will take to zero they can also turn to zero and just save okay now let's start um creating pools let's start creating pools this is the DHCP server okay I bring it here let's set with HR so for HR I'll just say HR pool feature pool so for example uh the default gateway should be 182.168.20.1 because you can see this network okay 20.1 the DNS we saw DNS was 1.6 DNS is there I appeared as the next server that was located on the other side okay now starting IP address one is one and two then 168 then here should be you know 20 okay 20 and we want to set it from let's say five okay and the subject Mass should be slash 26 notation so this notation is equivalent to 192. okay and the number of post devices let's say uh 60. something like uh even 60 see and we add okay so that's HR pool you see HR pool has been added successfully Richard pool has been added successfully so what's just remaining let's proceed and add other pools for example CS pool so we just edit this say CS pool and let you forget we should start from 20.65 20.65 DNS server Remains the Same then the start IP address I want to start from let's say 69 or 17 17 okay everything Remains the Same I say add now I don't say because it will override uh HR pool now add you can see CS pool is given here okay all right so let's go back and configure MK for Mk you can see this is the IP address the uh the network address meaning defaulted from dot one to nine okay one two nine one two nine okay then let's remain the same the starting IP address should be let's say one thirty four one thirty five four thirty five okay uh something must remain the same and you are don't say but we will override okay good then now we go back to LM Department LM LM Department starts from 90 20.192 that's the network now uh default gateway should be 193. very simple guys 193 okay then when I scroll up a little bit 183 DNS remain the same then let's start from 196 setting API disk then now here we've been told that the summit mass is Schnucks 27th Edition so 27 notation is equivalent to 2 to 4. okay then oh this one was LM Department LM pool okay and you add so you see LM has been added there successfully okay all right then let's go file it to it pulled it pulled start from two to four now two to five now the the default gradation should be two to five two two five two two five okay now let's set it from let's say just say 230 okay uh so it must remain the same and we add good so guys basically we're done with that one we are actually done that one we are done that one so what's the meaning just to uh DCP server controller then with that one internal routing on all the three switches plus ipgcp helper code so it's upon us to go and do Interline routing on this layer 3 switches so that um these computers here can be able to reach a contribute to communicate and also get a key addresses from this DCP server okay so we are supposed to do interval routing for how many valence five we don't do for first because uh the first gateway is just right here so it's able to provide appears to these devices we only do four data 10 20 30 40 and 50. so how do we do internal routing we create sub interfaces we create sub interfaces uh we create sub interfaces exit because we already do show VLAN we already have these valence okay with the five of them we don't do for voice now we already have these five valence so what you do do surgery we create a villain interfaces and assign them IP addresses so the IP address that we are going to assign each field and interface should correspond to the default gateway of the respective field for example the reference of HR department was 20.1 now because HR department belongs to VLAN 10. this is the interface of VLAN 10 should have IP address of 20.1 so for example interface VLAN 10 okay okay IP address should be 192.106a Dot um dot 20 .1 okay seven mass of 255.255.255.182 the separate Mass then we've been told that there's something here I've learned routing do there's something here under concept config guide there's something here and configured plus ipdcpl addresses we are going to tell this interface we never receive gcps discover messages from villain 10 hosts then for that message to the DHCP server so I just I will just go here and copy the AP address of that the DCP server this one okay all right I close it and come back to this switch here so we are going to tell it if you find any hose needing IP address then for that that request to gcp server so IP Alpha address to be IP address of DCP server okay and it enter exit now we proceed to VLAN 20. we'll add 20 inter 520 and you assign it appeared as of 20.65 IP address 20.65 and ipdcpl very important my periods of the other distribution okay that's it then we go to interface should be 1.1 29 you see there okay then idcp ipdcp helper correct good then we go to Eta physical and 40. okay IP address should be should be 193 then the summer class is 27 now it becomes 224 I think this one to two to four because of Slash 27 and then I come here and change it to 193. okay then don't forget the pl part address which is very important exit now we go back to the last the last interface of VLAN we learn 50. interface will at 50 and IP address should be two to five okay two two five two two five and uh pdcpl for address don't forget very important exit and do right that's done guys that's done guys so let's let's write the commands on notepad and copy to this this um switch here for example I just want to copy something like this copy no this would probably where's the start one something like this for villain 10. then I come here so uh interface VLAN 10 that's how to write a to do a tablet routing on a much layer switch then you assign I Theory test that to that interface uh it should be dot one here okay fulfill and 10 this one okay and I copy exit in line 20 now becomes 1.65 then don't forget the IPL address which is very important exit paste the 30 I mean interface Within 30. and plan 30 should be 129 I believe so 129 good and um now we learn 40 and 50 exit we learn for 1050 with the Brazilian 40. uh it should be sorry it should be 193 now I feel it should be 193. but because the subnet mask is slash 27 this one will change to two to four so netting very important if you don't understand subnetting I have already recorded a class that will help you understand it better copy copy copy then paste it there now we run 50. um 150 should be two to five you see here two to five two five copy everything copy and come here and then paste it here exit and paste telling okay exit do right so it's the time to test if DCP is working it's the time that we go and test if DCP is working um for example go to this PC and change this to DCP I'll close it so I go to this printer I'll do it very very fast then come back and check okay so uh if the time that I go back and check if every PC in every department has picked the correct IP address I'll start with the HR department and Hoover and see oh they have picked IP address you can see uh you can see clearly that um it has taken IP from dot five and the default gate is the 2021.1 I mean 20.1 and the DNS isn't changed 21.6 Also let's go to CS Department as it picked oh it has not picked let me try to request again well it has picked now you can see you can see it's a second IP address in that range okay default gateway is uh 20.65 DNS is unchanged let's go to MK Department see if it has picked anything wow that's MK aspectively as expected you can see it expected appearance in that ring dot 135 then this default gateway is 2.129 DNS is unchanged 21.6 LM Department wow it has picked you can see 20.196 in that range and the default gateways.193 DNS is unchanged and finally here on it Department everything just working guys everything is working guys okay because if I just click and you see desktop IP is JCP I could take it to the static and request again it will still pick from the DHCP server so guys basically our DCP server is working perfectly fine and what's remaining is just to carry out with further configuration what's the next step Wireless configuration very important so guys I'll do wireless configuration on one device then I do quickly on other devices to save them so for example this is HR AP so I just go there and to config you come to config then click report one and let's say let's name it HR okay sir then I copy I copy that name I come to password you come to password and choose this one WPA2 psk okay uh you place them it should be eight in length one two three four five six okay I copy that password then I come to the laptop um I come to boiler zero and I write the name as HR and the password was that way close come to this one come to this come to ls0 password I mean the US name was I mean the SSD was HR and the password was tracked on that I copied and they should pick IP addresses in that range zero okay guys so I managed to uh configure all the all the access points and connect them to every house device and the other device have picked IP addresses so I believe we're done with that step so I'll check on what the next step and proceed with it telephony service very important guys very very important so we are going to configure telephone service on this router so I'll click on this router here so I have said okay all right so I'm just a minute okay exit and now I want to assign first of all we create a pool for the IP fonts okay pools for the IP phone we create a pool by the name uh let's say voice first of all service DCP to enable that service suppose it was disabled okay then IP uh gcp pool DCP pool let's say voice okay and then um let's issue the network for The Voice pool network is 10.10.10 [Music] Dot dot two one I mean sorry sorry that zero then 255.255.255.0 okay default this way default router should be IP address of this interface which was um let me hover it was 10 I mean IP address of the uh the sub interface that we uh created earlier it was 10.10.10 [Music] 10.10.10.1 okay then for uh for IP phones for creating DC people 5p phone we issue something that is called option option option 150 okay 150 then we issue this IP address this is normally used for IP phone configuration telephone service configuration okay oh sorry sorry option 150 then IP let me query yes IP uh that one and you hit enter you exit but now you can even do uh for DNS let's say DNS for this one to be uh the that IP address okay then we exit okay so basically we have created a the pool for the voice the IP forms so what we need to do here is also to exactly exclude uh the various number of IP address that you don't want that DCP server to assigned to the uh the devices for example I'll create DHCP excluded addresses so we don't want this uh router to or to assign the IP phones these IP address okay and you intent all right so let's initiate the process of configuring IP fonts the telephone service we just read telephony telephony telephone service and then you issue maximum number of phones marks uh iPhone to be let's say um just for a test 20. 20 11 30 no problem 20 then maximum number of directory to be created to be also 20 should be equal to the number of maximum number of funds okay so you create number of phones to be 20 then number of directories to be also to it okay all right and now here you do you say what is called you link it to you link it to the IP source so it's the saip source to be to be the IP address of this interface which was 10.10.1 okay and you say put they normally spot two thousand Island like this okay normally spot two thousand okay and hit enter and now you say just Auto sign or to sorry or to acai or to assign go to assign a one two twenty okay and you exit okay so let's let's specify uh uh the E for numbers let's specify the IP dial number so let's say even a phone directory number one so IP for number one should have this to should have this number should have this dial number number we wanted to use this format we were told to use this from twice the VoIP configuration we were told to use this format 4. okay so let this take four zero one okay exit then the second IP phone to take a 4 0 2 exit the third IP form to take four zero three exit default IP phone uh to take uh for zero four [Music] and do right so with the time with the time this get a voice Gateway router will be able to distribute IP address to all these IP phones in the network so as you can see uh they have picked a p address so they have not picked the dial number although they'll pick their P addresses you can see they have IP addresses there or they have IP addresses you can see clearly they have IP addresses although the dial number has not come so uh it's in the process we just have to give it some time this router here will be able to uh assign the epiphons the dial numbers with time okay all right so I'll just go back to the config steps see what's next oh the standard scl4 SSH remember we've configured as such in all the devices and we can search from any of the devices so we just want uh for example let me just test sh I want to test a search on this on this router so we just take appearance of that router any appear this way let's take one and two one six eight Twenty One Dot one then I type SSH from this laptop here which is on HR department so you just issue command SSH then space hyphen L then the username that we created with a Cisco and then type the address that I've just copied I just want it to be 192.168.21.1 and you see now Cisco and this is server side router okay we can configure it from HR department any Department even from IIT Department we can do the same but now we want to scenar aware that it can only be done in IT department because it's very risky that everyone can search to those devices 192.168 Dot dot one dot uh 2.21.1 just give its time did that computer really pick the IP address why is it taking long uh just try to copy uh let me shoot again I'll just try to copy there's a problem in that called laptop copy yes Cisco and you see so uh we just wanted to know where the uh estate can only done from IT department in all the devices so what I'll do I'll just uh do it on only one device and copy uh on all other demons so let me start with this device um I'll just demo here uh relevant this one okay so this doesn't want to assign uh the earphones directory numbers do reload yes so uh meanwhile let me start with this one to uh configure access control is a standard Access Control list for securing SSH or the visual interface okay so what I do there I will just say uh access list access list let's say 10 okay permit permit only this network okay this network only this network which is 20.224 uh Slash 27 so access list permit 192 or just a minute yes 192.168 times just don't mean it good the 2 168 good 20.224 and we now issue a wildcat mask or just a peer desk so the World Cup mask 224 will be like 0.0.0.31 okay then we say access list 10 deny any that's just okay that's just enough because we're not going to bind it to a v2y interface we are going to bind access list 10 to v2i interface meaning uh it's only this IP that will be permitted through the vty interface okay all right so I want to test I want to test before I I complete my configuration I want to SSH to this switch let's take any effect of that set which is uh we can just take any API address for example 20.1 okay let's just search from this laptop here uh SSH iPhone L Cisco what's the username and then I play this is one and two one six eight Dot 20.1 you can see a current SSH exit now I exit and go back and complete my configuration good then I'll come back later now I want to bind these access list to a virtual interface access list 10. so just say line which way line v2y is 0 to 15. then access class 10 to be in exit and do right we are just done now let's go back and try to SSH this one I just try to switch again and do right you can see connection refused by a remote OS that's the function of Access Control list on the v2y axis v2i interfaces so I'm going to try to search on from ICT Department this this computer is bringing a lot of problem this laptop I tried it till earlier oh it didn't pick IP address okay okay let it now pick it afresh good oh you can't pick IP address let's use this one let's use that one exit um what's wrong and six is not working good now let's as such you can see it's not working okay so we are going to write commands or notepad and copy paste to all other switches so how do we uh configure a standard access control is control list for uh virtual interface you first specify that access list access list 10 then permit commit this the only Network that you've been uh told to do 20 102.168 Dot 20 dot dot two to four and welcome 0.0.0.31 okay then access list 10 deny any okay all right so let's enter line v2i 0 to 15. then access class 10 to be in okay exit and do right I copy to all others remaining devices for example start with this one start with this router here paste it there oh there's a problem access list we should have um a little bit of uh oh access this they should have an iPhone sorry iPhone is very important here iPhone copy then I go back to this and now I paste okay now that's okay then I do for all other devices very very festive time so let's meet later foreign this router from HR department using this laptop I want to repeat the same step exit you can see connection refused by a remote so that's the concept of Access Control is so that's done now port address translation port address translation very important now so before configuring that um IP phones were not working and now let me check if this has been resolved remember I I tried to uh I can see something good news here I decided to reload this router so whenever something doesn't work just reload it or just save the market is a file close it and reopen it again let me check if the epiphons have picked the uh the dial numbers wow that has picked you can see it it has an IP address and uh the dial number and the IP address is correct responding to VLAN 120 as you can see there okay all right so I even this one good good good good this one is the first one that I took you can see it took a dial number four zero one what about this one this one two four zero five and what about this one what about this one this one took four zero four this one took uh four zero ten wow four ten I mean oh good so I I just want to test if the IP phones are working I just had to Ping from this one uh notifications just to call this one 406 and the other one is uh four zero fourteen I mean so I put it here come here okay and I want to call four zero six from four ten four zero six and of course you can see this one is calling this this one is ring okay and you see now they are connected we can hang up and now let's say to call 410 from 10. you see this one is new and you can pick up and you see our log connected so let's proceed to configure our portrait translation so we are going to use port address transition on this router here okay okay on the HQ router so while configuring that we have to identify which interfaces are not inside and not outside so for example this one and this one are not inside without going interface are not outside so I'm just going to configure that very very fast this one is the gig00 and big zero two foreign gig zero zero two to one I mean okay my peanut inside okay exit but the two interfaces above this one serial uh serial serial zeros to one and zero two zero so interface range [Music] to one now there's a problem in the serial so just write 0 2 0 oh serial interface well where's the problem serial zero to zero interface serial 0 2 0 okay I peanut outside then 0 to 1 also IP not outside exit so let's create another Access Control list to be used during that okay so uh we want to create another let's say uh we want uh this router to translate the internal Network which is uh when we summarize all these networks the five networks we were getting so we just see access list now let's use this one as 50 okay access list 50 permit permit uh this network this is the summarize Network 2.168 .20.0 then 2 0 then 0.0.0.255 the summarize Network okay this network represents all the five departments it's the summarize network of the five okay so this is the access control is to be used during not we are going to use part part spot address translation or not overall so let's bind and access control list to a match okay so we just say access list access list 50 is 50. okay then access list 50 sorry sorry sorry sorry now I'm saying let's bind this access list to tonight so we just say a peanut like peanut inside source shows to be uh the for the access list okay because the access list access list is is permitting this one so source is uh 50. okay 50 then we say uh source is Success list 50. access list 50. uh so this is uh just just uh just a minute so should be at least 50 note access list yes list 50 okay then um we give we give the interface interface then interface interface we can say serial zero two zero overload okay you can say 0 2 0 overload okay or even this one 0 2 1 overload because those are the outgoing interface okay so the first thing you you create interfaces as not inside not outside then you uh permit you create the access control list then you bind the access control list or not so do right okay so I'm going to try to Ping a DCP server or sorry I'm going to try to paint any host that is uh that that the traffic must pass through this route let's say uh even the appearance of this router or even a the mail server here 21.8 so I want to Ping 21.8 from this PC here pin I wanted to 168.21.8 so just give it some time it will pin it will pay into the pain it should be good so that's that's that that's that's enough for us to test or not translations so we just go to this uh router here and say do show IP not translations translations and eat and and as you can see we paint from which which PC we've been from which PC was designed it was this one okay uh it was pinging 21.8 and the appearance of that PC was uh 20.75 and now you will see it here icmp passing through this router then the inside local is the prds.pc then outside Global outside local is the IP address of the destination plus the outside Global so this is the not translated IP address it has taken uh the outgoing interface and assign port number so very very important not is working so let's go ahead and check what's remaining um side to side ipsec VPN guys set to set ipsec VPN is one of the most uh challenging part uh in in packages a configuration and I'll show you how to configure it so uh the first thing we want to understand is uh the security part of it because you've been told that the SQ Network should only packet from HQ Network to uh to the service department should be encrypted okay now because uh the traffic is passing through the SP routes and they are running unencrypted you know someone can sniff and read the content we don't want to execution where our traffic is hijacked at this uh at the ISP Zone okay we just want them to pass through SP Zone and encrypt it so that's why we must configure side to side I preset within between this router and this router such that any traffic any traffic from this router from this network to this network is encrypted and also from this network to this network is encrypted so that no one can interfere with the traffic right so I'll just do this uh so IP said when we will create as a keyword tunnel and encrypt any data that is passing through uh this router to this route okay all right so let's embark on configuring ipsec VPN which is one of the most uh challenging part so um as I always do when I find something challenging I normally write some codes on notepad and share okay so I have already written some pop commands on notepad for preset PM so um just go to that directly and uh so if I can just open the code so uh these are the uh the commands that I use to configure ipsec VPN between the routers so this is just the command for one router which is the SQ router the first thing that I did was to create an access control list okay an extended Access Control list and you permit to specify the interesting um traffic which is from uh the summarized Network to the server side Network okay that's for HQ router then you create policy crypto map crypto is comma policy then with the encryption uh algorithm of 8 AES with the length 256 256 then authentication to be pre-shared and definitely a defi element group five okay then we exit and now here you give a create a crypto as per map uh with the key you specify the key the pre-shared key and the address to be IP address of the server set router so it's a little bit challenging but that's why I decided to write them because I can't master all of these commands in my head and now you create a action form set and you name it to use this parameters and you create a a crypto map okay you name it to use ipsec as a map Okay Internet Security Association Key Management protocol and then you give a description of that a VPN for example a connection to server site then you set peer the peer should be the same as this address the IP any IP address of this router the one that is outgoing okay for example for this one right and now another thing that I need to explain there uh and now you associate that uh crypto map to the outgoing interface okay so in this case outgoing interface should be any of this but I've decided to use 2 0 2 0 okay so I'm just going to copy I'm going to copy these commands and paste in all these routers and before I do that guys uh by default the 2911 routers they doesn't have a security key mode module so it's upon us to import the license so I just have to go to that shelter and exit and we just say license a boot module uh C9 the version the version of the router you can see it's a Cisco 29 1100 29 11 I mean then technology package technology package will be yesterday Technologies forget to be security K9 okay security K9 very important and you hit enter and it it will ask this do you want to do that yes I want to activate the security license and say yes and hit enter and now we have to give it some time we say do reboot do reload yes yes so we go back to this router also because we want to only Implement a set VPN on this router and on this router so we do both for both there are two routers exit Let's uh enable the security license module so just say license and boot module see that nine then say technology is the package to be security aligned okay and hit enter and you say yes and uh uh next reboot level okay now just do so do reload sorry and yes okay so um I can proceed to configure uh to configure to paste all these commands that I have configured here that I wrote earlier okay so I can just copy all of them I copy all of them then I come to this router here and I'll say exit and I paste so everything is just working perfectly fine I didn't see any error now I have configured ipsec with the end on this router I'll proceed to configure ipsec VPN on this router so what I'll do I'll just modify this this uh this configuration for example the access control is should now be from server side to to HQ Network so I just remove this on this side I remove that side and I take it this side so it's from server side to HQ okay then we come all you want to change is there and also here okay IP address IP address now should be IP address of this router the outgoing interface the one that you wrote it was two zero zero the appearance of zero two zero appeared 0 to 0 was 190 200 100.1 so I change it there 100.1 so if we change it there make sure you change it here okay and also description change description uh the parent connection to uh HQ Network so that's that's enough that's just enough because we still we still want to use this outgoing interface okay all right so I'll just copy and come to this router and uh I paste I'll try to remark the end of ipsec VPN configuration good so that marks the end of my PC configuration okay guys so I'm glad we've configured everything as uh as expected and at this under this uh config steps and now and we have verified and tested everything so and thank you so much for paying attention to my video although it was a long video but I'm glad that if you follow it to the end you've learned a lot as opposed to have any queries you have any doubt kindly let me know in the comment section please if you need this packet as a file join the channel membership and don't uh don't close the video before you subscribe to our Channel share our videos encourage us with comments and visit our website to see more projects thank you so much and let's let's meet again when we are going to handle the the 10th Enterprise Network project