Network

Create and Configure Network for Small Business

Share this post

This chapter will show you what you need to create and configure Small Businesses Network. On the beginning we will start with hardware. In this tutorial we use only Cisco hardware, this is maybe expensive solution but working stable and most important have a loot of materials and guide how to configure and maintain your hardware in the future.

On the picture below you see topology of the network we work with.

Small Business - Network Topology
Small Business – Network Topology

Step 1. On the beginning you need to create Addressing Table. In this tutorial i create one but you can change all numbers and names if you wish.

Device Interface Network/Address
R1 Gi0/0.20 172.16.20.254/24
Gi0/0.40 172.16.40. 254/24
Gi0/0.60 172.16.60. 254/24
Gi0/0.88 172.16.88. 254/24
Gi0/1.250 172.16.250. 254/24
Gi0/1.254 172.16.254. 254/24
S1 SVI 172.16.88. 253/24
S2 SVI 172.16.88. 252/24
S3 SVI 172.16.88. 251/24
PC1 NIC 172.16.20.10/24
PC2 NIC 172.16.40.10/24
PC3 NIC 172.16.60.10/24
PC4 NIC 172.16.20.11/24
PC5 NIC 172.16.40.11
PC6 NIC 172.16.60.11
DNS Server NIC 172.16.254.252

Step 2. Create VLAN Assignment Table – You need to decided how many VLAN you wish and with which restrictions.

VLAN Number VLAN Name Device/Ports
20 VLAN20 Sale S2: Fa0/1 – Fa0/5
S3: Fa0/1 – Fa0/5
40 VLAN40 Finance S2: Fa0/6 – Fa0/10
S3: Fa0/6 – Fa0/10
60 VLAN60 IT S2: Fa0/11 – Fa0/15
S3: Fa0/11 – Fa0/15
88 VLAN88 Management S1: SVI
S2: SVI
S3: SVI

Step 3. Configure initial device settings on all devices and create VLANs on the switches. In this course i will use basic security configurations with basic password ( cisco ).

Router

Router>
Router>en
Router#conf t
Router(config)#hostname R1
R1(config)#no ip domain-lookup 
R1(config)#enable secret cisco
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#line vty 0 15
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#service password-encryption 
R1(config)#

Switch 1, Switch 2 and Switch 3 – Same Configuration, only hostname is different

Switch>
Switch >en
Switch #conf t
Switch (config)#hostname S1
S1(config)#no ip domain-lookup 
S1(config)#enable secret cisco
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#exit
S1(config)#service password-encryption 
S1(config)#vlan 20
S1(config-vlan)#name VLAN20 Sale
S1(config-vlan)#vlan 40
S1(config-vlan)#name VLAN40 Finance
S1(config-vlan)#vlan 60
S1(config-vlan)#name VLAN60 IT
S1(config-vlan)#vlan 88
S1(config-vlan)#name VLAN88 Management
S1(config-vlan)#

Step4. Configure FastEthernet interfaces on S2 and S3 according to Assignment Table.  Configuration is the same for both devices.

S3(config)#int range fa0/1-5
S3(config-if-range)#switchport mode access 
S3(config-if-range)#switchport access vlan 20
S3(config-if-range)#int range fa0/6-10
S3(config-if-range)#switchport mode access 
S3(config-if-range)#switchport access vlan 40
S3(config-if-range)#int range fa0/11-15
S3(config-if-range)#switchport mode access 
S3(config-if-range)#switchport access vlan 60
S3(config-if-range)#

Step 5. Configure SVIs of the S1 , S2 and S3 switcher using information from Addressing Tables. Configure the IP address for the management VLAN and the default-gateway IP address. Configure the SVIs so that they will be reachable by devices on other networks after the network has been fully configured.

S1(config)#int vlan 88
S1(config-if)#
S1(config-if)#ip address 172.16.88.253 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#ip default-gateway 172.16.88.254
S2(config)#int vlan 88
S2(config-if)#
S2(config-if)#ip address 172.16.88.252 255.255.255.0
S2(config-if)#no shutdown
S2(config-if)#exit
S2(config)#ip default-gateway 172.16.88.254
S3(config)#int vlan 88
S3(config-if)#
S3(config-if)#ip address 172.16.88.251 255.255.255.0
S3(config-if)#no shutdown
S3(config-if)#exit
S3(config)#ip default-gateway 172.16.88.254

Step 6. Configure VLAN trunking between the S1, S2, and S3 switches and configure VTP domain name to Business

S1(config)#vtp domain Business
S1(config)#int g0/1
S1(config-if)#switchport mode trunk 
S1(config-if)#int range fa0/23-24
S1(config-if-range)#switchport mode trunk 
S2(config)# vtp domain Business
S2(config)#int fa0/23
S2(config-if)#switchport mode trunk 
S3(config)# vtp domain Business
S3(config)#int fa0/24
S3(config-if)#switchport mode trunk 

Step 7. Now we use the information in the Addressing and VLAN tables to configure inter-VLAN routing on R1Configure inter-VLAN routing among VLANs 20, 40, 60 and 88 through Gi0/0 subinterfaces and inter-VLAN routing for VLANs 250 and 254 through Gi0/1 subinterfaces.

R1(config)#int g0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 172.16.20.254 255.255.255.0
R1(config-subif)#int g0/0.40
R1(config-subif)#encapsulation dot1q 40
R1(config-subif)#ip address 172.16.40.254 255.255.255.0
R1(config-subif)#int g0/0.60
R1(config-subif)#encapsulation dot1q 60
R1(config-subif)#ip address 172.16.60.254 255.255.255.0
R1(config-subif)#int g0/0
R1(config-if)#no shutdown
R1(config-if)#int g0/1.250
R1(config-subif)#encapsulation dot1q 250
R1(config-subif)#ip address 172.16.250.254 255.255.255.0
R1(config-subif)#int g0/1.254
R1(config-subif)#encapsulation dot1q 254
R1(config-subif)#ip address 172.16.254.254 255.255.255.0
R1(config-subif)#int g0/1
R1(config-if)#no shutdown

After we finish this we need to configure all Hosts including two Servers ( see on topology picture ). For this job we can use Addressing table. When we finished our network is probably working but with no restrictions.

Step 8. Create restrictions – Configure Access Control Lists. You will configure two access control lists on the R1 router. The ACL to restrict access to the vty lines on R1 and allow only hosts on the VLAN60 IT VLAN to access the vty lines of R1. We need to create standard ACL using number 10 and apply this ACL to VTY 0 15.

R1(config)#access-list 10 permit 172.16.60.0 0.0.0.255
R1(config)#line vty 0 15
R1(config-line)#access-class 10 in
R1(config-line)#exit

After that we need to restrict access to the internal web server create a named standard ACL using the name INT-WEB and allow hosts on the VLAN40 Finance and VLAN60 IT VLANs to reach the internal administrative web server at www.int.comNo other internal and Internet hosts should be able to access the internal administrative web server.

R1(config)#ip access-list standard INT-WEB
R1(config-std-nacl)#permit 172.16.40.0 0.0.0.255
R1(config-std-nacl)#permit 172.16.60.0 0.0.0.255
R1(config-std-nacl)#exit
R1(config)#int g0/1.250
R1(config-subif)#ip access-group INT-WEB out

Now we can check what we created. If all works good we can access internet from all VLANs, can access web server from VLAN40 and VLAN60. We can access each other through VLANs and only VLAN60 can access to Router.

Related Stories