assignment1 - laurentianweb.cs.laurentian.ca/.../assets/documents/assignment1.docx · web viewin...
TRANSCRIPT
ASSIGNMENT 1SETTING UP WIFI NETWORK: SECURE AND OPEN
Administrative Info
Mode of delivery Demonstration and ReportDue July 6, 2017Group As assigned by the professor
A. OBJECTIVES
Learn about network simulation Access Point (AP) usage Wireless router usage Setting up WiFi security: WPA2-PSK, WPA2-Enterprise Setting up and usage of AAA server Setting up and usage of DHCP server Setting up and usage of DNS server
B. INTRODUCTION TO PACKET TRACER
In this Assignment, you will be using Packet Tracer, a network simulator software. With packet tracer, you can quickly build network involving cisco networking devices (e.g. routers, switches, hubs, security appliances, etc.) and standard hosts (e.g. desktop PC, laptop PCs, tablets, smartphone, VoIP phones, etc.). Also, the program provides some simulated servers very useful for network operation and testing. In this activity we will be using web (HTTP) server, DNS server, DHCP server, and AAA (Authentication, Authorization and Accounting) server.
For a quick introduction of the software interface and usage, watch any youtube video.
Also, go over the following video tutorial that comes with the software (Help menuTutorial).
a. Getting Started Interface Overviewb. Logical Workspace Creating a Network Topologyc. Configuring Devices Configuring Devices Using the Config tabd. Configuring Devices Configuring Devices Using the Desktop tabe. Configuring Devices Configuring Devices Using the CLI tab f. LinksysWRT300N Topologiesg. LinksysWRT300N Local Loop Connectionsh. LinksysWRT300N Configuring Linksys Security
Refer to help menu for any setup or configuring.
© Khaled Mahmud P a g e 1 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
C. PROCEDURE
In this activity you will create a network for a small organization (any name of your choice) provides WiFi service to its staff, as well as the guest to the office. For testing purposes, you will setup access points (AP) in both secure and open mode. Again, in secure mode, you will setup AP with WPA2-PSK and WPA2-Enterprise authentication. WPA2-Enterprise will use an AAA (radius) server for user authentication.
Additionally, you will setup the access and core network (distribution system), and add necessary servers and networking devices to support the overall deployment.
Note that even though we are providing secure access WiFi, not other security mechanism (e.g. ACL, Firewall, etc.) is implemented in this lab network.
Using the following step, you will gradually build the network, and configure the devices for proper operation.
(I) TOPOLOGY SETUP
(1) Start an empty topology.
(2) From the Devices palette at the bottom of the window, drag and drop the following devices on the topology.
Table 1: Device List for the topology
Device Number Comment
Router (819HGW) 4 1 router for the ISP;
3 for the core network of ABC Co.
Switch (2960-24TT) 4
End Device (Generic, Server-PT)
5 ExtWebSer in the ISP’s network;
IntWebSer in the ABC Co’s LAN1;
DNSSer in the ABC Co’s LAN1;
AAASer in the ABC Co’s LAN1;
DHCPSer in ABC Co’s LAN2
Wireless Devices (Generic, AccessPoint-PT-N)
2 These are pure Access Point, without any routing functionality;
Both are place in LAN2, and will provide secure access to the client
© Khaled Mahmud P a g e 2 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Wireless Devices (WRT300N)
3 These are APs with built-in router;
In addition to routing function, there wireless routers provide NAT and DHCP service.
One will be used for guest without any security
One will be used for internal staff with WPA2-PSK (pre-shared key) security mode.
One will be used for internal staff with WPA2-Enterprise security mode, in conjunction with the AAA server
Note about connecting WRT300N to the uplink. Make sure ‘Internet’ interface is used to connect the uplink device (switch or router). This interface represents ‘WAN’ interface of a usual home router.
End Devices (Generic, PC-PT)
2 For testing purposes
One as DHCP client, placed in LAN2
One with static IP, place in the same LAN with Wireless routers.
End Devices (Generic, Laptop-PT)
2
End Devices (Wireless Tablet, TabletPC-PT)
2 One for WPA2-PSK configuration
One for WPA2-Enterprise configuration
End Devices (Smart Device, Smartphon-PT)
1 For guest access
(3) Use the following diagram to connect the devices and create the network topology for the activity.
(4) Using the annotation tools, label the topology. The wireless connections may not show up until you configure the AP or wireless routers.
(5) IMPORTANT: Make sure you connect between proper interfaces (see the names of interfaces) of the routers as indicated in the diagram; because the configuration codes that follow will use these
© Khaled Mahmud P a g e 3 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
interface names exactly. If you connect to wrong interfaces, your network will not function. Legend used in the diagram as follows.
Table 2: Interface legend
In the diagram In the configuration
f0/0 FastEthernet0
f0/1 FastEthernet1
f1/0 FastEthernet2
f1/1 FastEthernet3
Figure 1: Activity Topology
© Khaled Mahmud P a g e 4 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(II) ROUTER CONFIGURATION
Configure all the routers using Command Line Interface (CLI). First set the router’s hostname and display name.
(1) Click on a router to bring the configuration window. In the ‘Config’ tab, set the Display Name and Hostname as (e.g. as ISPR) according to Fig. 1. See the figure below.
Figure 2: Setting router’s Hostname and display name
(2) Go the ‘CLI’ tab (see Fig. 3), enter the configurations. Note that everything on left of # sign or > sign is displayed by the device. You do not have to type. The required configuration for each router is given in the codeboxes below, (I) through (IV).
Figure 3(a): CLI Console of a router
© Khaled Mahmud P a g e 5 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 3(b): CLI Console of a router
(I) !Configuration of ISP Router
ISPR>enable
ISPR#
ISPR#config terminal
ISPR(config)#interface FastEthernet0
ISPR(config-if)#ip address 10.0.0.1 255.255.255.252
ISPR(config-if)#no shutdown
ISPR(config-if)interface FastEthernet1
ISPR(config-if)ip address 10.20.20.1 255.255.255.0
ISPR(config-if)#no shutdown
ISPR(config-if)#exit
ISPR(config)#
ISPR(config)#ip route 10.0.0.0 255.0.0.0 10.0.0.2
© Khaled Mahmud P a g e 6 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
ISPR(config)#exit
ISPR#
ISPR#copy run start
(II) !Configuration of WAN Router
WANR>en
WANR#config terminal
WANR(config)#interface FastEthernet0
WANR(config-if)#ip address 10.1.0.1 255.255.255.252
WANR(config-if)#no shutdown
WANR(config-if)#interface FastEthernet1
WANR(config-if)#ip address 10.1.0.9 255.255.255.252
WANR(config-if)#no shutdown
WANR(config-if)#interface FastEthernet3
WANR(config-if)#ip address 10.0.0.2 255.255.255.252
WANR(config-if)#no shutdown
WANR(config-if)#exit
WANR(config-if)#
WANR(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.1
WANR(config)#ip route 10.1.0.4 255.255.255.252 10.1.0.2
WANR(config)#ip route 172.16.1.0 255.255.255.0 10.1.0.2
WANR(config)#ip route 10.1.0.16 255.255.255.248 10.1.0.10
WANR(config)#ip route 10.1.1.0 255.255.255.0 10.1.0.10
WANR(config)#ip route 10.1.2.0 255.255.255.0 10.1.0.10
WANR(config)#ip route 192.168.0.0 255.255.255.0 10.1.0.10
WANR(config)#exit
WANR#
WANR#copy run start
(III) !Configuration of Data Centre Router
DCR>
DCR>enable
DCR>
DCR#config terminal
DCR(config-if)#interface FastEthernet0
© Khaled Mahmud P a g e 7 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
DCR(config-if)#ip address 10.1.0.2 255.255.255.252
DCR(config-if)#no shutdown
DCR(config-if)#interface FastEthernet1
DCR(config-if)#ip address 10.1.0.5 255.255.255.252
DCR(config-if)#no shutdown
DCR(config-if)#interface FastEthernet2
DCR(config-if)#ip address 172.16.1.1 255.255.255.0
DCR(config-if)#no shutdown
DCR(config-if)#exit
DCR(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.1
DCR(config)#ip route 10.1.0.8 255.255.255.252 10.1.0.6
DCR(config)#ip route 10.1.0.16 255.255.255.248 10.1.0.6
DCR(config)#ip route 10.1.1.0 255.255.255.0 10.1.0.6
DCR(config)#ip route 10.1.2.0 255.255.255.0 10.1.0.6
DCR(config)#ip route 192.168.0.0 255.255.255.0 10.1.0.6
DCR(config)#exit
DCR#
DCR#copy run start
(IV) !Configuration of End-user Router
ENDR>
ENDR>enable
ENDR#config terminal
ENDR(config)#
ENDR(config)#interface FastEthernet0
ENDR(config-if)#ip address 10.1.0.10 255.255.255.252
ENDR(config-if)#no shutdown
ENDR(config-if)#interface FastEthernet1
ENDR(config-if)#ip address 10.1.0.6 255.255.255.252
ENDR(config-if)#no shutdown
ENDR(config-if)#interface FastEthernet2
ENDR(config-if)#ip address 10.1.1.1 255.255.255.0
ENDR(config-if)#interface FastEthernet3
ENDR(config-if)#ip address 10.1.0.17 255.255.255.248
© Khaled Mahmud P a g e 8 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
ENDR(config-if)#no shutdown
ENDR(config-if)#exit
ENDR(config)#
ENDR(config)#ip route 10.1.2.0 255.255.255.0 10.1.0.18
ENDR(config)#ip route 192.168.1.0 255.255.255.0 10.1.0.19
ENDR(config)#ip route 10.1.0.0 255.255.255.252 10.1.0.9
ENDR(config)#ip route 172.16.1.0 255.255.255.0 10.1.0.5
ENDR(config)#ip route 0.0.0.0 0.0.0.0 10.1.0.9
ENDR(config)#exit
ENDR#copy run start
© Khaled Mahmud P a g e 9 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(II I) ACCESS POINT CONFIGURATION
(1) For both the APs, configure ‘Port 1’ according to the figures below. Set (i) SSID, (ii) Channel, (iii) Authentication, (iv) PSK Pass Phrase, and (v) Encryption Type. Note that there is no option of WPA2-Enterprise security option.
(2) Both the APs will be using WPA2-PSK mechanism.
Figure 4(a): AP Configuration
Figure 4(b): AP Configuration
© Khaled Mahmud P a g e 10 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(IV) WIRELESS ROUTER CONFIGURATION
(1) Configure the Wireless Routers according to the following figures.
(2) Make sure to save the changes in each device.
Figure 4(a): WRGuest: Wireless Router Configuration (Basic Setup)
© Khaled Mahmud P a g e 11 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 4(b): WRGuest: Wireless Router Configuration (Wireless Settings)
Figure 4(c): WRGuest: Wireless Router Configuration (Wireless Security)
© Khaled Mahmud P a g e 12 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 5(a): WRSecPSK: Wireless Router Configuration (Basic Setup)
© Khaled Mahmud P a g e 13 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 5(b): WRSecPSK: Wireless Router Configuration (Wireless Settings)
Figure 5(c): WRSecPSK: Wireless Router Configuration (Wireless Security)
© Khaled Mahmud P a g e 14 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 6(a): WRSecAAA: Wireless Router Configuration (Basic Setup)
© Khaled Mahmud P a g e 15 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 6(b): WRSecAAA: Wireless Router Configuration (Wireless Settings)
Figure 6(c): WRSecAAA: Wireless Router Configuration (Wireless Security)
© Khaled Mahmud P a g e 16 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(V) SMART PHONE CONFIGURATION
(1) This device is to be used in the Guest wireless router that has no security.
(2) Configure the device according to the figures below.
(3) Note in Fig. 7(b) that the device acquired IP address through DHCP.
Figure 7(a): Smart Phone Setting (Wireless Interface Setting)
© Khaled Mahmud P a g e 17 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 7(b): Smart Phone Setting (IP Setting)
(VI) TABLET PC CONFIGURATION
(1) In the topology, tablet PCs are set to use secure access points. Use the following parameters.
Figure 8(a): Tablet PC Setting
© Khaled Mahmud P a g e 18 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(VII) LAPTOP CONFIGURATION
(1) Laptops in Packet Trace do not have built-in wireless interface. Add Linksys-WPC300N module as shown in the figure. (power off, remove LAN interface, add WiFi interface)
Figure 9: MPC2: Laptop Setting (Adding Wireless Card)
(2) From ConfigWireless0, Set IPv4 and security setting of both the laptops according to Fig.10. Leave the default MAC addresses unchanged.
(3) Note that MPC1 will be using WPA-PSK (preshared key). MPC2 will be using WPA2 (Enterprise) access mechanism that requires the user authentication using some AAA server, which you will configure later.
(4) For MPC2, using ‘Desktop’ tab, PC Wireless menu, create different profiles for connecting different wireless routers. See Fig. 10(c).
© Khaled Mahmud P a g e 19 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 10(a): MPC1: Laptop Setting (Wireless Interface and IP Setting)
Figure 10(b): MPC2: Laptop Setting (Wireless Interface and IP Setting)
© Khaled Mahmud P a g e 20 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 10(c): MPC2: Laptop Setting (Create Profiles)
© Khaled Mahmud P a g e 21 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(VIII) TEST PC CONFIGURATION
(1) The test PCs are placed in the network to verify connectivity as well as DHCP operation.
(2) Configure TestPC1 to use DHCP (see the figures below).
(3) Set static IP configuration in TestPC2.
Figure 11(a): TestPC1: Desktop Setting (IP Setting)
Figure 11(b): TestPC2: Desktop Setting (IP Setting)
© Khaled Mahmud P a g e 22 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(IX) WEB SERVER CONFIGURATION
(1) Two web servers are placed in the topology to test application layer communication in the network.
(2) Set the IP address of both to be static.
(3) Modify the html code of both the web servers’ pages to personalize your work (e.g. use your name, company name, your unique message, etc.)
Figure 12(a): ExtWebSer: Web Server Setting (IP Setting)
Figure 12(b): ExtWebSer: Web Server Setting (Customizing the web page)
© Khaled Mahmud P a g e 23 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Modify here.
Figure 12(c): ExtWebSer: Web Server Setting (HTML Code)
Figure 12(d): IntWebSer: Web Server Setting (IP Setting)
© Khaled Mahmud P a g e 24 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(X) DNS SERVER CONFIGURATION
(1) This DNS server is for the hosts inside the network of ABC Co.
(2) While doing static IP configuration, use this DNS server.
(3) For DHCP clients, DHCP server should provide this DNS server’s IP address (see the DHCP server settings below).
(4) In the DNS service setting, add a couple domain names, as shown, in the resource record.
Figure 13(a): DNSSer: DNS Server Setting (IP Setting)
Figure 13(b): DNSSer: DNS Server Setting (DNS Service Setting)
© Khaled Mahmud P a g e 25 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(XI) DHCP SERVER CONFIGURATION
(1) This DHCP server will provide IP address and other IP configuration parameters to the DHCP clients in LAN2.
(2) Set its own IP parameters according to the Fig. 14(a).
(3) Set its DHCP parameters according to the Fig. 149(b).
Figure 14(a): DHCPSer: DHCP Server Setting (IP Setting)
Figure 14(b): DHCPSer: DHCP Server Setting (DHCP Information)
© Khaled Mahmud P a g e 26 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(X) AAA SERVER CONFIGURATION
(1) This AAA server will provide user authentication for AP that uses WAP2-Enterprise. In our topology, WRSecAAA is set up to use this server.
(2) This server will use static IP. Set the IP parameters according to Fig. 15(a).
(3) Set the AAA service parameters according to Fig. 15(b).
(4) For AAA mechanism, we will use Radius protocol.
(5) Client for this server will be WRSecAAA, which was set to use WPA2-Enterprise. Add IP address of WRSecAAA as client with a password (secret) that was set in WRSecAAA also (Fig. 6(c)).
(6) Add some sample users, as shown. One of these user name should be set in MPC2, which we already did in Fig. 10(b) or 10(c).
Figure 15(a): AAASer: AAA Server Setting (IP Setting)
© Khaled Mahmud P a g e 27 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Figure 15(b): AAASer: AAA Server Setting (AAA parameters setting)
© Khaled Mahmud P a g e 28 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
(XI) TESTING
If all the configuration steps are done correctly, you will see that all the mobile devices are successfully associated with appropriate APs. Also, the devices should have acquired IP addresses from corresponding DHCP servers.
After implementing all the router configurations given in the codeboxes above, the mobile devices should be able to reach any other device in the network. Note, however, that the devices that are behind a NAT will not be reachable from other devices that are not within the same NAT. For example, if MPC1 is connected to WRSecPSK and MPC2 is connected to WRSecAAA, they are not reachable from each other, as they behind different NATs.
Now that your network is ready and functional, perform extensive reachability and verification tests. Do at least the followings.
a. From all the mobile devices ping both the web servers.b. From all the mobile devices browse both the web servers.c. Investigate the IP configuration of all DHCP clients. Verify if they are acquiring IP addresses
properly. d. You can login to the Linksys router using web interface. Demonstrate.e. For all the wireless routers, show the status and client list.f. From mobile device in one LAN, ping other mobile devices in other LANs.g. From the ISP router, ping the mobile devices.
Perform some tests of your own. You can add new devices, modify the configuration of existing devices, test different protocols etc. To get full marks in this section, you will be required to add 3 new tests, explain reason for each of them and present results with explanation.
Make sure whole network is ready for demonstration to the professor.
© Khaled Mahmud P a g e 29 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
D. REPORT SUBMISSION
1. Prepare an appropriate cover page for the report.
2. Start the report body with a short ‘Introduction’, outlining the objectives of the activity.
3. Provide a clean screen capture of your topology. Make sure the figure is adequately labeled. Refer to this topology diagram when you explain your test scenario/results.
4. Prepare the rest of the report in sections according to the tests you performed. a. Describe the scenario of the test.b. Describe your test action.c. Present the result/output (e.g. screen capture)d. Give your observation/comment on the result.
5. Give a ‘conclusion’ section summarizing the learning.
6. The report should be submitted in MS Word or PDF. Make sure everything is clearly visible.
7. Put names of all members on the cover page. The file name of the word document should be as below.
TeamName-Assign1.docx
10% marks deduction for wrong file naming or format.
8. Send the report by email, by due date.
9. Save all your work for future reference.
10. Demonstrate your work when asked by the professor.
© Khaled Mahmud P a g e 30 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
E. MARKING SCHEME
Important: Marking will be done after successful demo.
Max Mark Your Mark1 Introduction 102 Topology Screenshot 103 Test 1: From all the mobile devices ping both the
web servers.50
4 Test 2: From all the mobile devices browse both the web servers.
20
5 Test3: Investigate the IP configuration of all DHCP clients. Verify if they are acquiring IP addresses properly.
10
6 Test4: You can login to the Linksys router using web interface. Demonstrate.
10
7 Test 5: For all the wireless routers, show the status and client list.
10
8 Test 6: From mobile device in one LAN, ping other mobile devices in other LANs.
10
9 Test 7: From the ISP router, ping the mobile devices. 1010 Own investigation (do something interesting) 30
11 Conclusion 10Total 180
© Khaled Mahmud P a g e 31 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
F. APPENDIX
Here are some output of my test.
Fig A.1: Internal web server access from Smart Phone.
© Khaled Mahmud P a g e 32 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Fig A.2: Dynamic IP address acquisition of MPC2.
© Khaled Mahmud P a g e 33 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Fig A.3: External web server access by MPC2.
© Khaled Mahmud P a g e 34 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Fig A.4 (a): Web interface access of WRSecPSk by MPC1
© Khaled Mahmud P a g e 35 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Fig A.5: Local Network status of WRSecPSk
© Khaled Mahmud P a g e 36 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING
Fig A.6: DHCP client table of WRSecPSK
© Khaled Mahmud P a g e 37 | 37
CS1: WIRELESS COMMUNICATION AND MOBILE PROGRAMMING