This document summarizes a networking project completed from November 2010 to October 2012 in Pakistan. The project involved:
1. Designing, implementing, and deploying Cisco switches and routers across three major cities to link local and regional offices to headquarters.
2. The engineer encountered issues including misconfigured firewall policies allowing unrestricted traffic, incorrect multicast routing commands preventing communication between routers, and disabled VTP pruning. These were all addressed promptly.
3. Additional minor issues involved typing errors, frame relay misconfigurations, and incorrect IP addresses, which the engineer was usually able to resolve quickly due to experience and certifications.
1. A) INTRODUCTION:
Datesand Durationof the Project:
November2010 – October2012
It tookme exactly18 monthsto complete the Projectatall three sitesIwasworkingon.
Location:
Pakistan(MajorCities..I.e Islamabad,Lahore,Karachi)
Name of Organization:
AGCN
Title:
NetworkEngineer
B) BACKGROUND:
Nature of overall EngineeringProject:
Design,implementationandDeploymentof CiscoSwitchesand Routers.
Objective of the Project:
Linkingall the local andregional officeswithHeadquarters
Nature of your particularworkArea:
Survey, Installation,Configuration,Troubleshootingof NetworkingEquipment, Deployment,
Monitoring,O& M, DocumentationandInventoryManagement
Issue#1:
The firstissue I wentthroughwasthe zone basedfirewallswere notconfigured properly. Iwent
throughthe configurationsbygoinginside the zone basedfirewallsandsaw thatthere were two
faultsone that Inspectwasnotconfiguredafterdefiningthe class.Belowisthe complete
configuration.The boldone wasthe errorthat wascorrectedon time byme.
Secondlythe zone-membersecurityoutsidewasconfiguredona wronginterface whichwasalso
correctedon time. If twointerfacesare notinthe zone trafficflowsfreelybetweenthem.If one
interface isthe zone andotheris notthan the trafficwill neverflow betweenthem. Andfinally
a policyisrequiredif twointerfacesare indifferentzonestoallow the traffictoflow between
them.
2. class-maptype inspectmatch-anycmInside
match protocol tcp
match protocol udp
match protocol icmp
class-maptype inspectmatch-anycmOutside
match protocol http
match protocol icmp
policy-maptype inspectpmInside2Outside
classcmInside
inspect
policy-maptype inspectpmInside2DMZ
classcmInside
inspect
policy-maptype inspectpmOutside2DMZ
classcmOutside
inspect
zone securityinside
zone securityoutside
zone securityDMZ
intfa 0/0
zone-membersecurityinside
int ser 2/0
zone-membersecurityoutside
intfa 0/1
zone-membersecurityDMZ
zone-pairsecurityzIOsource inside destinationoutside
3. service-policytype inspectpmInside2Outside
zone-pairsecurityzIDsource insidedestinationDMZ
service-policytype inspectpmInside2DMZ
zone-pairsecurityzODsource outside destinationDMZ
service-policytype inspectpmOutside2DMZ
Issue # 2:
While Configuringthe Multicastingbetweenthe routers(RDandRC) I saw that the ip multicast-routing
commandon RD was notconfiguredbefore definingthe modes(Sparse orDense andthe interface.
secondlythe IPaddressof RC of ip pimrp-addresswaswrongwhichiscoloredinRED below.
Issue # 3:
A B
C E
D F
Source 1
IP =
10.1.0.1
Group =
224.1.1.1
Receiv
er 1
Receiv
er 2
Rendezvo
us Point
(RP)
RD(config)#ip
multicast routing
RD(config)#interface
fa0/0
RD(config-if)#ip pim
dense-mode
or
RD(config-if)#ip pim
sparse-mode
or
RD(config-if)#ip pim
sparse-dense-mode
Fa0/0
192.168.0.0 0.0.255.255
192.168.1.50
RC(config)#ip multicast
routing
RC(config)#interface fa0/0
RC(config-if)#ip pim
sparse-dense-mode
RC(config-if)#exit
RC(config)#ip pim rp-
address 192.168.1.50
Fa0/0
4. Thirdissue wasof VTP. VTPpruningwas disabledwhenIcheckedthroughthe show VTPStatus
Commandon the desiredswith.The onlymethodwastoconfigure the VTPPruningcommandonthe
switchand checkedthatitenabledafterwards.
Plentyof commandsandconfigurationsanderrorcan be discussedhere butIdiscussedthe issuesthat
were oncorrectedin spotand efficientlyotherissuesof some timesTypingsometimes frame-relayand
alsowrongconfigurationsof IPaddresses.ButIusuallywasgoodat configurationsdue topractice and
certaincertifications.