Design and Implementation Plan for Network Based on the ALOHA Point of Sale System. Proposed by Jedadiah Casey. Introduction

Similar documents
CONFIGURATION DU SWITCH

Lab 8.5.2: Troubleshooting Enterprise Networks 2

Advanced IPv6 Training Course. Lab Manual. v1.3 Page 1

Lab Configuring Dynamic and Static NAT (Solution)

Lab Configuring Dynamic and Static NAT (Instructor Version Optional Lab)

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing (Instructor Version Optional Lab)

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

How to configure MB5000 Serial Port Bridge mode

Lab Configuring Per-Interface Inter-VLAN Routing (Solution)

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Lab Configuring Per-Interface Inter-VLAN Routing (Instructor Version)

Lab Configuring Port Address Translation (PAT) (Instructor Version)

Lab - Troubleshooting VLAN Configurations (Instructor Version Optional Lab)

Chapter 10 Lab 10-2, Securing VLANs INSTRUCTOR VERSION

Lab Configuring Basic RIPv2 (Solution)

Lab Troubleshooting IPv4 and IPv6 Static Routes (Instructor Version Optional Lab)

Chapter 5 Lab 5-1 Inter-VLAN Routing INSTRUCTOR VERSION

when interoperating with a Cisco Layer 3 Switch Situation: VLAN 1 shutdown, no IP on default VLAN on Cisco switch

IOS Router : Easy VPN (EzVPN) in Network Extension Mode (NEM) with Split tunnelling Configuration Example

Chapter 3 Lab 3-1, Assembling Maintenance and Troubleshooting Tools

Lab - Configuring Basic DHCPv4 on a Router (Solution)

Lab Designing and Implementing a VLSM Addressing Scheme. Topology. Objectives. Background / Scenario

QUESTION/SOLUTION SET LAB 4

Sample Business Ready Branch Configuration Listings

Laboration 2 Troubleshooting Switching and First-Hop Redundancy

VPN Connection through Zone based Firewall Router Configuration Example

Lab - Configuring VLANs and Trunking (Solution)

1. Which OSI layers offers reliable, connection-oriented data communication services?

Device Interface IP Address Subnet Mask Default Gateway. Ports Assignment Network

CWA URL Redirect support on C891FW

Lab - Configuring a Switch Management Address

Quick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016

Configure IOS-XE to display full show running-config for users with low Privilege Levels

Chapter 5 Lab 5-2 DHCP INSTRUCTOR VERSION

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)

L2TP IPsec Support for NAT and PAT Windows Clients

Buy full file at

Lab Configuring IPv4 Static and Default Routes (Solution)

Interconnecting Cisco Networking Devices Part 1 ( )

Deployment of Cisco IP Mobility Solution on Enterprise Class Teleworker Network

Cisco Virtual Office: Easy VPN Deployment Guide

Configuring Spanning Tree Protocol

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

CISCO SWITCH BEST PRACTICES GUIDE

CCNA Security 1.0 Student Packet Tracer Manual

Lab Configuring Basic Switch Settings (Solution)

Lab Configuring and Verifying Extended ACLs Topology

Lab Troubleshooting VTP Configuration

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0)

Basic Router Configuration

CCNA Security PT Practice SBA

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

No Service Password-Recovery

IEEE 802.1Q Tunneling (QnQ) and L2PT on L2 Ports

Lab - Troubleshooting ACL Configuration and Placement Topology

Loading Internet Protocol Security (IPSec) (CDR-882/780/790/990 Cellular Router)

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Troubleshooting VLANs and Trunks

CCNA Semester 2 labs. Labs for chapters 2 10

Configuring Dynamic Multipoint VPN Using GRE Over IPsec With OSPF, NAT, and Cisco IOS Firewall

SSG Configuration Example

Implementing IS-IS Routing and DHCP Services in an IPv4 Network

Payload Types At Different OSI Layers: Layer 2 - Frame Layer 3 - Packet Layer 4 - Datagram

IPsec Anti-Replay Window Expanding and Disabling

Configuring FXS Ports for Basic Calls

Lab Troubleshooting Using traceroute Instructor Version 2500

Lab 1: OSPF With Three Routers

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Lab 5: Basic VLAN Configuration

Seattle Cisco Users Group


Basic Router Configuration using SDM

Configuring a Terminal/Comm Server

Three interface Router without NAT Cisco IOS Firewall Configuration

Skills Assessment Student Training

Cisco Unified Communications Manager Express 7921 Push-to-talk

NATIONAL_WATER_CONSERVATION#sh run Building configuration...

CCNP TSHOOT. Quick Reference Sheet Exam

Secure ACS Database Replication Configuration Example

Configuring EtherChannel

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Lab Student Lab Orientation

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

How to Configure a Cisco Router Behind a Non-Cisco Cable Modem

Chapter 6 Lab 6-3, Gateway Load Balancing Protocol (GLBP) INSTRUCTOR VERSION

Policy Based Routing with the Multiple Tracking Options Feature Configuration Example

Configuring PPP over Ethernet with NAT

Lab Catalyst 2950T and 3550 Series Basic Setup

Teacher s Reference Manual

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

Lab Troubleshooting IP Address Issues Instructor Version 2500

IPsec Anti-Replay Window: Expanding and Disabling

CISCO EXAM QUESTIONS & ANSWERS

Chapter 6 Lab 6-1, First Hop Redundancy Protocols HSRP and VRRP INSTRUCTOR VERSION

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Lab Managing Router Configuration Files with Terminal Emulation Software

DHCP Server RADIUS Proxy

Lab Configuring IPv6 Static and Default Routes (Solution)

Transcription:

Design and Implementation Plan for Network Based on the ALOHA Point of Sale System Proposed by Jedadiah Casey Introduction The goal of this design document is to provide a framework of suggested implementation for a computer network based on the Aloha Point of Sale software. Aloha uses a central server for all processing and management tasks, which all terminals connect to over the Local Area Network (LAN). By implementing a solid network infrastructure, operational downtime is reduced which increases the return on investment and lowers overall cost. This document explains the current network environment, and the recommended best practices moving forward with the installation of new locations. Many of the topics can be retroactively applied to the current restaurant installations, though certain aspects (such as the physical cabling layout) may not be cost feasible. Design Requirements The requirements of the network design are to provide Layer 2 switched connectivity between the Aloha terminals and the Aloha Back of House (BOH) server. The BOH server must also have access to the Internet for credit card processing. Reliable wireless Internet access must also be provided for the customers on a network that is logically separated from the internal LAN. Aloha terminals must also be able to communicate with serial-based printers over Ethernet cabling. This requires a minimum of two RJ-45 Ethernet ports available per terminal station. Existing Network Infrastructure The physical cabling of the LAN uses Cat5e/6-based Ethernet technology. Communication between the terminals and server occur over Ethernet through a traditional network switch. Communication between the terminals and the printers also travels over the installed Ethernet cable runs; however the communication is electrically an OSI Layer 1 serial connection and does not use OSI Layer 2 frames and does not pass through any switches. All of the terminals are connected to a switch via an Ethernet patch panel in the manager s office. In three of the four COMPANY locations (Location 004 being the exception), all of the serial printer connections that travel over the installed Ethernet cable runs are direct from the terminals to the printers and do not pass through the patch panel. For example, the current Terminal 6 of the 003 location connects to a kitchen printer in the center aisle via an Ethernet cable that runs into the ceiling and passes over the walkway, then terminates on the other side. By having the infrastructure cabled in this manner instead of all cable runs terminating at the manager s office patch panel, only Terminal 6 2012 neckercube.com Page 1 of 15

can control that particular printer (in this example). If all of the Ethernet cable runs terminated at a patch panel, as they do in the 004 location, printers can quickly and easily be assigned to different terminals by adjusting the patch cable on the patch panel. However, it might not be cost-feasible to upgrade the pre-existing cabling in these locations. Currently, three of the four COMPANY locations (Location 001 being the exception) are configured to rely on the installed router for all communications, even those between the terminals and the server (which do not require Internet access through the router). This configuration has the side effect of temporarily disconnecting the terminals from the server if the router needs to be reset. The recommended practice has been implemented at Location 001 where the Aloha server is dual homed (it has two Ethernet cards installed). This creates two separate networks. The server communicates with the other terminals via Ethernet switch in one network. The server uses the other Ethernet card to connect to the router for Internet access for credit card processing. With this logical separation, resetting the router does not affect the terminals. Currently, the LAN is logically arranged in the following manner: Internet Manager s PC Aloha BOH Server Wireless Router Brighthouse Patch Panel Switch Terminal Kitchen Printer The current infrastructure uses Cisco WRVS4400n Small Business wireless routers at all four locations. While these routers do currently provide adequate functionality, they occasionally require a power cycle to reset them. All installed switches are ordinary non-managed Layer 2 switches. The hardware of all BOH servers has been either been upgraded from the original Radiant hardware, or has been assembled as part of a new server. At least one COMPANY location is currently using an SSD drive for primary storage. We have found this greatly increases network performance and stability due to the fact that rebooting the server can typically be done rapidly enough to prevent the terminals from rebooting. Currently, the routers, servers and terminals all use slightly different IP addressing schemes between each location. For example, the server IP at Location 004 is 192.168.0.100, while the server at Location 002 is 192.168.1.50. This inconsistency does not affect daily operations, however by having addressing inconsistency between locations it can increase the troubleshooting time when problems arise. 2012 neckercube.com Page 2 of 15

Each location, with the exception of 001, are using static IP addresses provided by Brighthouse. These are assigned by Brighthouse in blocks of six addresses. This is an unnecessary expense, as a single dynamic IP address (as configured at Location 001) is all that is required. Design To eliminate or otherwise reduce the problems mentioned previously, the LAN should be designed with physical redundancy and logical separation. To accomplish this, each terminal should have four Ethernet cable runs: two for operation (terminal and printer), and two for redundancy in case the ports go bad (which we have seen happen over time at each of the locations). All physical cable runs should be labeled and terminate to a patch panel in the manager s office. Currently, the 004 location is cabled in this manner, though without the redundancy of four ports at each terminal. By including two extra cable runs per terminal, the initial build cost is higher, but it increases the longevity of the network and reduces the time and cost of repairs in the future, since cables connected to non-working ports can be moved to working ports. This type of connectivity is most likely not cost-feasible to retrofit the existing locations, however it is very strongly recommended for all newly-built locations. The new infrastructure logical plan looks like the following: Manager s PC Aloha BOH Server Patch Panel Cisco Catalyst 2950 Layer 2 Managed Switch Cisco 3725 Router Brighthouse Internet Terminal Kitchen Printer Cisco WRVS4400n Wireless In the above logical diagram, any terminal that connects to a kitchen printer has two connections to the central patch panel. The terminal is then physically routed to the kitchen printer with a short patch cable at the patch panel. If the terminal needs to be replaced, the kitchen printer can be physically rewired to a different terminal temporarily and quickly by adjusting the short patch cable. Currently, this type of adjustment can only be done at the 004 location. The heart of the network resides in a Cisco 3725 model access router, and a Cisco Catalyst 2950 Layer 2 managed switch. The 3725 router connects directly to the Brighthouse cable modem and to the 2950 switch. All other network devices connect to the 2950 through the patch panel. The existing WRVS4400n routers will be repurposed as wireless access points to provide guest wireless access services only. 2012 neckercube.com Page 3 of 15

Each 2950 switch port is configurable, and groups of ports can be configured for separate, isolated subnetworks. For example, though all network devices connect to the same switch, the terminals and server will be separated into their own logical private sub-network (VLAN). The repurposed wireless routers connect to another separate private VLAN and cannot reach the terminals or the rest of the network; only the Internet. This dramatically increases security over the current implementation and helps with regards to PCI DSS compliance. Additionally, the Catalyst 2950 is a managed switch, which means it can be logged into (both in-band and out-of-band) for both configuration and monitoring/troubleshooting. For example, if one of the ports is having an issue, the switch is configurable to send an alert. This increases the overall dependability and reliability of the network because one malfunctioning port does not take down the entire system, as it does now. The 3725 router offers similar functionality. If the cable modem or wireless router needs to be reset, it does not affect the rest of the network, as it does now. The Cisco 3725 and 2950 are designed to never need to be reset unless a manual software upgrade occurs, with potential uptime measured in months and even years. The Brighthouse cable modem connects directly the Cisco 3725 router. The 3725 provides Network Address Translation (NAT) and stealth firewall services so the other network segments have configurable protected Internet access via Access Control Lists (ACLs). For example, even though all devices are connected to the same 2950 switch, the VLAN containing the terminals can be prevented from reaching the Internet or the wireless users to maintain data security. The terminals and one of the Ethernet interfaces on the BOH server reside in VLAN 100 on the switch. The BOH servers will be configured with the IP address 192.168.0.100/24, with each terminal being statically configured as 192.168.0.101/24 for T1,.102 for T2, and so on. No gateway or DNS configuration is required for this network, as it will not participate on the Internet or any other part of the LAN. The BOH server s Ethernet interface must be assigned to LAN CARD #0 with LANACFG. Please view the Appendix for more information on configuration. The terminals connect to corresponding port numbers on the 2950 switch. For example, port 1 for T1, port 2 for T2, etc. This aids in troubleshooting. The server connects to the last port in the series. For example, if there are nine terminals, the BOH server connects to port 10. The other Ethernet interface on the BOH server, the manager PC, the office printer, and any other network devices besides the Cisco WRVS4400n wireless router connect to VLAN 20 and use the IP address scheme 10.10.20.0/24. The 3725 router is configured with the in-band management IP address 10.10.20.1/24. The printer is configured as 10.10.20.250/24. The Cisco WRVS4400n is reconfigured to act as a guest wireless access point. The LAN port 1 of the WRVS4400n is connected to the 2950 port 23. The 2950 switch port 23 resides in VLAN 30 and uses the 10.10.30.0/24 network. As a required part of the overall design, extra 3725 routers and 2950 switches must be acquired to use as immediate replacement in case of failure. The ideal replacement plan would be to keep one extra 3725 and 2950 per location, however a more cost-reasonable plan would be to keep 1-2 extras of each 2012 neckercube.com Page 4 of 15

to use across all locations for immediate replacement until new replacements can be ordered. As the number of locations increases, the number of extras should also increase. Proof of Concept Two of the major components of this design have already been proven in the existing operations. With the 004 location, most kitchen printers are not directly connected to the terminals. They pass through the patch panel in the manager s office. This allows a kitchen printer to be connected to different terminals, should the need arise. This is the only location, currently, that has this capability. With the 001 location, the server is multi-homed with the terminals and the server residing on their own private network. This has the two-fold effect of the terminals being unaffected by external network events, such as the Internet going down or the router being reset, as well as isolating the terminals from the rest of the network which helps to prevent malicious damage to the terminals from issues such as viruses. Additionally, we have seen that a BOH server equipped with an SSD instead of a traditional hard drive is able to reboot quickly enough to return to full operation before the terminals are able to time out and reboot themselves. This in itself saves an enormous amount of time when issues arise with the BOH server. To further prove the effectiveness of the new logical network layout, a pilot test using a single location is necessary. Since the 001 location is currently logically arranged closest to this proposed network design, we should install a 3725 router and 2950 switch at this location for a pilot test of perhaps a few weeks. If the test is successful and network reliability is increased, we should implement the changes to the other locations. Physical Cabling For New Restaurant Locations: Implementation Plan Run four Cat5e/6 Ethernet cables to a 4-port wall box at each terminal location (two ports will be unused initially and serve for redundancy purposes). Each port should be punched down to a patch panel containing 48 or more ports in the manager s office. Both ends of the cable must be labeled with the same number. For example, if one of the cables punches down at port 23 on the patch panel, the port at the other end at the wall box must be labeled 23. This aids in troubleshooting issues and eases physical cabling in the manager s office. For each kitchen printer, run two cables: one for active use, and one for redundancy. Use a patch cable to connect the Ethernet port of the terminal to a port in the wall jack. If the patch cable connects to port 23 in the wall jack, locate port 23 at the patch panel in the manager s office. 2012 neckercube.com Page 5 of 15

Connect a patch cable from port 23 on the patch panel to the appropriate port on the 2950 switch. For example, if it is Terminal 3 you just connected, the patch cable connects from port 23 on the patch panel to port 3 on the Catalyst 2950 switch. Use a patch cable with a serial adapter to connect from one of the terminal s COM ports to an RJ-45 port in the wall jack. Use an Ethernet patch cable at the patch panel to connect to the printer. For example, if the patch cable from the terminal s COM3 port connects to the wall jack labeled port 24, and the kitchen printer connects to the wall jack labeled port 37, use a short Ethernet patch cable to connect port 24 to port 37 on the patch panel. This creates a Layer 1 physical serial connection between the terminal and the kitchen printer. Cisco WVRS4400n Configuration: Backup router configuration for rollback purposes Set username and password to XXXXXX / XXXXXX Change device IP to 10.10.30.3/24 Connect LAN Port 1 to Port 23 on the Catalyst 2950 switch. Verify Internet connectivity with a wireless device. Verify the internal VLANs cannot be accessed by pinging 192.168.0.1, 10.10.20.1 (it should fail) Cisco Catalyst 2950 Configuration: Port 1 10: VLAN 100 (Aloha VLAN) Port 11 22: VLAN 20 (Management VLAN) Port 23: VLAN 30 (Wireless VLAN) Port 24: 802.1q Trunk port which connects to 3725 router s F0/1 interface Switch SSHv2 Management IP in VLAN20: 10.10.20.2 Login: XXXXXX / XXXXXX For configuration script, see Appendix. Cisco 3725 Router Configuration: Interface FastEthernet 0/0 either DHCP or Static (depending on location) Interface FastEthernet 0/1.100: 192.168.0.1/24 VLAN 100 Interface FastEthernet 0/1.20: 10.10.20.1/24 VLAN 20 Interface FastEthernet 0/1.30: 10.10.30.1/24 VLAN 30 VLAN 30 Wireless users have 15-minute renewable DHCP lease SSHv2 Management from VLAN20 only: 10.10.20.1 Login: XXXXXX / XXXXXX Stateful firewall configured via Cisco IOS Firewall and Access Control Lists (ACLs) For configuration script, see Appendix. 2012 neckercube.com Page 6 of 15

Server Configuration: Install 2 nd Ethernet card, if necessary Connect ALOHA LAN link to Port 10 on the Catalyst 2950 switch Connect ALOHA Internet link to port 11 on the Catalyst 2950 switch Use LANACFG to set the ALOHA LAN Ethernet card to #0 (if necessary, see Appendix) Set the IP of Card #0 to 192.168.0.100 with no gateway or DNS server. Open a command prompt and verify connectivity with one of the terminals: ping 192.168.0.101 Set the IP of the Internet-facing interface to DHCP. Verify Internet connectivity. Terminal Configuration: Set the IP address to 192.168.0.1xx, where xx represents the terminal number (ie 04 for Terminal 4) Open a command prompt and verify connectivity with the server: ping 192.168.0.100 Miscellaneous Configuration: Reset PRINTER IP address to 10.10.20.250 Connect PRINTER and XXXXXX Server to available ports in the MGMT VLAN (ports 11-22) ==================== Aloha BOH Server LANACFG Instructions: Appendix The Aloha BOH server must use LAN CARD #0 to connect to the terminals. This can be reset with the LANACFG utility (which can be downloaded at http://www.rt-sys.com/lanaw2k.zip as of this writing). To reset the configuration, open a command prompt (in Administrator mode, if the BOH server is running Windows 7), and type: lanacfg showlanapaths If you see a different interface than intended using #0, you must reassign it to an unused number: lanacfg setlananumber 0 9 Verify the change: lanacfg showlanpaths Using the previous command, note the intended network interface that should be set to 0. Using interface 5 as an example, reset it to 0 by typing: lanacfg setlananumber 5 0 Verify the change: lanacfg showlanpaths 2012 neckercube.com Page 7 of 15

Type: exit Reboot the server. ==================== Cisco Catalyst 2950 Switch Configuration: version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption hostname Cat2950 aaa new-model aaa authentication login default local aaa authorization exec default local enable secret <OMITTED> username <OMITTED> privilege 15 secret <OMITTED> ip subnet-zero ip domain-name domain.local ip ssh time-out 120 ip ssh authentication-retries 3 ip ssh version 2 spanning-tree mode rapid-pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id interface FastEthernet0/1 interface FastEthernet0/2 2012 neckercube.com Page 8 of 15

interface FastEthernet0/3 interface FastEthernet0/4 interface FastEthernet0/5 interface FastEthernet0/6 interface FastEthernet0/7 interface FastEthernet0/8 interface FastEthernet0/9 interface FastEthernet0/10 interface FastEthernet0/11 interface FastEthernet0/12 2012 neckercube.com Page 9 of 15

interface FastEthernet0/13 interface FastEthernet0/14 interface FastEthernet0/15 interface FastEthernet0/16 interface FastEthernet0/17 interface FastEthernet0/18 interface FastEthernet0/19 interface FastEthernet0/20 interface FastEthernet0/21 interface FastEthernet0/22 2012 neckercube.com Page 10 of 15

interface FastEthernet0/23 switchport access vlan 30 interface FastEthernet0/24 switchport mode trunk switchport nonegotiate interface FastEthernet0/25 shutdown interface FastEthernet0/26 shutdown interface Vlan1 no ip address no ip route-cache shutdown interface Vlan20 ip address 10.10.20.2 255.255.255.0 no ip route-cache ip default-gateway 10.10.20.1 no ip http server access-list 1 remark BLOCK_NON_MGMT access-list 1 permit 10.10.20.0 0.0.0.255 line con 0 password <OMITTED> logging synchronous line vty 0 4 access-class 1 in password <OMITTED> transport input ssh line vty 5 15 access-class 1 in password <OMITTED> transport input ssh ntp clock-period 17179876 ntp peer 128.138.141.172 2012 neckercube.com Page 11 of 15

end ==================== Cisco 3725 Router Configuration: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname Cisco3725 boot-start-marker boot system flash: <OMITTED> boot-end-marker enable secret <OMITTED> aaa new-model aaa authentication login default local aaa authorization exec default local aaa session-id common memory-size iomem 50 ip cef ip inspect name FIREWALL tcp ip inspect name FIREWALL udp no ip dhcp use vrf connected ip dhcp excluded-address 10.10.30.1 10.10.30.10 ip dhcp excluded-address 10.10.20.1 10.10.20.200 ip dhcp pool WIRELESS dns-server 8.8.8.8 8.8.4.4 network 10.10.30.0 255.255.255.0 default-router 10.10.30.1 lease 0 0 15 ip dhcp pool MGMT 2012 neckercube.com Page 12 of 15

dns-server 8.8.8.8 8.8.4.4 network 10.10.20.0 255.255.255.0 default-router 10.10.20.1 ip domain name domain.local ip name-server 8.8.8.8 ip name-server 8.8.4.4 multilink bundle-name authenticated username <OMITTED> privilege 15 secret <OMITTED> archive log config hidekeys ip ssh version 2 interface FastEthernet0/0 description BRIGHTHOUSE ip address dhcp ip access-group FIREWALL in ip inspect FIREWALL out ip nat outside ip virtual-reassembly duplex auto speed auto interface FastEthernet0/1 no ip address duplex auto speed auto interface FastEthernet0/1.20 description MGMT encapsulation dot1q 20 ip address 10.10.20.1 255.255.255.0 ip nat inside ip virtual-reassembly 2012 neckercube.com Page 13 of 15

interface FastEthernet0/1.30 description WIRELESS encapsulation dot1q 30 ip address 10.10.30.1 255.255.255.0 ip access-group BLK_WLAN in ip nat inside ip virtual-reassembly interface FastEthernet0/1.100 description ALOHA encapsulation dot1q 100 ip address 192.168.0.1 255.255.255.0 no ip forward-protocol nd no ip http server no ip http secure-server ip nat inside source list 1 interface FastEthernet0/0 overload ip access-list standard MGMT_SSH permit 10.10.20.0 0.0.0.255 ip access-list extended BLK_WLAN remark Deny Wireless From Other VLANs deny ip any 10.10.20.0 0.0.0.255 deny ip any 192.168.0.0 0.0.0.255 permit ip any any ip access-list extended FIREWALL permit udp any eq bootps any eq bootpc permit gre any any permit icmp any any echo-reply permit icmp any any traceroute access-list 1 permit 10.10.20.0 0.0.0.255 access-list 1 permit 10.10.30.0 0.0.0.255 access-list 101 deny ip any any control-plane line con 0 password <OMITTED> logging synchronous 2012 neckercube.com Page 14 of 15

line aux 0 line vty 0 4 access-class MGMT_SSH in password <OMITTED> transport input ssh line vty 5 15 access-class MGMT_SSH in password <OMITTED> transport input ssh ntp peer 128.138.141.172 end 2012 neckercube.com Page 15 of 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback