Sec 1.

Check all the availble interfaces on each device (Sh ip int br) and do no
shut then with cdp draw the topology on paper (Check from PX-North-L3, PX-NORTH-L2,
PX-SOUTH-L2 & PX-South-L3)

Note:- Confirm Putty config (COM?)

Sec 2 : (LAN Switching)

PX-North-L2(config)#vtp mode server

PX-North-L2(config)#vtp domain POD-5
PX-North-L2(config)#vtp pass cisco

PX-North-L2(config)#vtp pruning

PX-South-L2(config)#vtp mode client

PX-South-L2(config)#vtp domain POD-5
PX-South-L2(config)#vtp pass cisco

PX-North-L2(config)#vlan 2
PX-North-L2(config-vlan)#name RED

PX-North-L2(config-vlan)#vlan 3
PX-North-L2(config-vlan)#name GREEN

PX-North-L2(config-vlan)#vlan 4
PX-North-L2(config-vlan)#name BLUE

PX-North-L2(config)#int f0/1
PX-North-L2(config-if)#sw mo acc
PX-North-L2(config-if)#sw ac vlan 2
PX-North-L2(config-if)#spanning-tree portfast

PX-North-L2(config-if)#int f0/3
PX-North-L2(config-if)#sw mo acc
PX-North-L2(config-if)#sw ac vlan 3
PX-North-L2(config-if)#spanning-tree portfast

PX-North-L2(config)#spanning-tree vlan 1,3 root primary

PX-North-L2(config)#spanning-tree vlan 2,4 root secondary

PX-South-L2(config)#int f0/1
PX-South-L2(config-if)#sw mo acc
PX-South-L2(config-if)#sw acc vlan 4
PX-South-L2(config-if)#spanning-tree portfast

PX-South-L2(config)#int f0/3
PX-South-L2(config-if)#sw mo acc
PX-South-L2(config-if)#sw acc vlan 2
PX-South-L2(config-if)#spanning-tree portfast

PX-South-L2(config)#spanning-tree vlan 2,4 root primary

PX-South-L2(config)#spanning-tree vlan 1,3 root secondary

Sec 2 : (WAN Switching)

PX-West-L3(config)#int s1/0
PX-West-L3(config-if)#no shut
PX-West-L3(config-if)#encap fra

PX-West-L3(config)#int s1/0.1 point-to-point

PX-West-L3(config-subif)#frame-relay interface-dlci 111

PX-West-L3(config)#int s1/0.2 multipoint

PX-West-L3(config-subif)#frame-relay interface-dlci 222
PX-West-L3(config-fr-dlci)#exit

PX-West-L3(config-subif)#frame-relay interface-dlci 333

PX-East-L3(config)#int s1/0
PX-East-L3(config-if)#no shut
PX-East-L3(config-if)#encap fra

PX-East-L3(config)#int s1/0.1 point-to-point

PX-East-L3(config-subif)#frame-relay interface-dlci 111

PX-East-L3(config)#int s1/0.2 multipoint

PX-East-L3(config-subif)#frame-relay interface-dlci 222

PX-East-L3(config)#int s1/0.3 multipoint

PX-East-L3(config-subif)#frame-relay interface-dlci 333

PX-South-L3(config)#frame-relay switching

PX-South-L3(config)#int s1/0
PX-South-L3(config-if)#encapsulation frame-relay
PX-South-L3(config-if)#frame-relay intf-type dce

PX-South-L3(config)#int s1/2
PX-South-L3(config-if)#encapsulation frame-relay
PX-South-L3(config-if)#frame-relay intf-type dce

PX-South-L3(config-if)#int s1/2
PX-South-L3(config-if)#frame-relay route 111 int s1/0 111
PX-South-L3(config-if)#frame-relay route 222 int s1/0 222
PX-South-L3(config-if)#frame-relay route 333 int s1/0 333

PX-South-L3(config)#int s1/0
PX-South-L3(config-if)#frame-relay route 111 int s1/2 111
PX-South-L3(config-if)#frame-relay route 222 int s1/2 222
PX-South-L3(config-if)#frame-relay route 333 int s1/2 333

Check PVC Status with #sh frame-relay route on FRSW

Note:- Difference between full mesh topology configuration vs full connectivity

topolgy configuation

PPP Section :-

PX-West-L3(config)#int s1/1
PX-West-L3(config-if)#encap ppp

PX-South-L3(config)#int s1/3
PX-South-L3(config-if)#encap ppp

PX-South-L3(config)#int s1/1
PX-South-L3(config-if)#encap ppp

PX-East-L3(config)#int s1/1
PX-East-L3(config-if)#encap ppp

Section 3A - Network Layer Device Addressing (According to POD 5)

host PX-NORTH-L3

PX-North-L3(config)#int f0/0
PX-North-L3(config-if)#ip add [Link] [Link]

PX-NORTH-L3(config)#int f0/1.1
PX-North-L3(config-subif)#enca dot 1
PX-North-L3(config-subif)#ip add [Link] [Link]

PX-North-L3(config-if)#int f0/1.2
PX-North-L3(config-subif)#enca dot 2
PX-North-L3(config-subif)#ip add [Link] [Link]

PX-North-L3(config-subif)#int f0/1.3
PX-North-L3(config-subif)#enca dot 3
PX-North-L3(config-subif)#ip add [Link] [Link]

PX-North-L3(config-subif)#int f0/1.4
PX-North-L3(config-subif)#enca dot 4
PX-North-L3(config-subif)#ip add [Link] [Link]

PX-West-L3(config)#int f0/0
PX-West-L3(config-if)#ip add [Link] [Link]

PX-West-L3(config-if)#int f0/1
PX-West-L3(config-if)#ip add [Link] [Link]

PX-West-L3(config-if)#int s1/0.1
PX-West-L3(config-subif)#ip add [Link] [Link]

PX-West-L3(config-subif)#int s1/0.2
PX-West-L3(config-subif)#ip add [Link] [Link]

PX-West-L3(config)#int s1/1
PX-West-L3(config-if)#ip add [Link] [Link]

PX-South-L3(config)#int s1/3
PX-South-L3(config-if)#ip add [Link] [Link]
PX-South-L3(config-if)#int s1/1
PX-South-L3(config-if)#ip add [Link] [Link]

PX-East-L3(config)#int f0/0
PX-East-L3(config-if)#ip add [Link] [Link]

PX-East-L3(config-if)#int f0/1
PX-East-L3(config-if)#ip add [Link] [Link]

PX-East-L3(config-if)#int s1/1
PX-East-L3(config-if)#ip add [Link] [Link]

PX-East-L3(config)#int s1/0.1
PX-East-L3(config-subif)#ip add [Link] [Link]

PX-East-L3(config-subif)#int s1/0.2
PX-East-L3(config-subif)#ip add [Link] [Link]

PX-East-L3(config-subif)#int s1/0.3
PX-East-L3(config-subif)#ip add [Link] [Link]

PX-North-L2(config)#int vlan 1
PX-North-L2(config-if)#ip add [Link] [Link]

PX-North-L2(config)#int f0/2
PX-North-L2(config-if)#sw tr en do
PX-North-L2(config-if)#sw mo tr

PX-NORTH-L2(config)#int ran f0/23 - 24

PX-North-L2(config-if)#sw tr en do
PX-NORTH-L2(config-if-range)#sw mo tru

PX-South-L2(config)#int vlan 1
PX-South-L2(config-if)#ip add [Link] [Link]

PX-SOUTH-L2(config-if)#int ra f0/23 - 24
PX-SOUTH-L2(config-if-range)#sw mo tru

-> Kindly check all directly conected interfaces from PX-NORTH-L3, PX-NORTH-L2, PX-
SOUTH-L3, PX-WEST-L3

Section 3B Network Layer :-

On all Routers

Router rip
ver 2
no auto
netw [Link]
Section 3C Network Layer :-

CORE ROUTER :-

enable secret cisco

username cisco password cisco

interface FastEthernet0/1
ip address [Link] [Link]
no shut

router eigrp 5
network [Link]
no auto-summary
!
router ospf 1
router-id [Link]
log-adjacency-changes
network [Link] [Link] area 0

no cdp run

line vty 0 4
login local

PX-NORTH-L3#sh run | sec eigrp

interface FastEthernet0/0
ip address [Link] [Link]
ip summary-address eigrp 5 [Link] [Link]

router eigrp 5
network [Link]
no auto-summary

Router rip
default-information originate

Section 3D Network Layer :-

Use ip addres from your management VLAN as the router-id's for each router,
according to this statement :-

PX-NORTH-L3 :- [Link]
PX-WEST-L3 :- [Link]
PX-SOUTH-L3 :- [Link]
PX-EAST-L3 :- [Link]

in OSPF Process id & Area-id will be 1 & 5 on all routers respectively.

on PX-NORTH-L3

router ospf 1
router-id [Link]
 network [Link] [Link] area 5
network [Link] [Link] area 0

on PX-WEST-L3

router ospf 1
router-id [Link]
network [Link] [Link] area 5
neighbor [Link]
neighbor [Link]

on PX-SOUTH-L3

router ospf 1
router-id [Link]
network [Link] [Link] area 5

on PX-EAST-L3
router ospf 1
router-id [Link]
network [Link] [Link] area 5
neighbor [Link]

Section 4 :- Security

A. General :-

On All Devices :-

username student pass icp

line console 0
login local
exec-timeout 0 30

line vty 0 4
login local
exec-timeout 0 30

enable secret cisco

service password-encry

no cdp run (Only on PX-NORTH-L3)

B. Layer 2 :-

on PX-NORTH-L2 & PX-SOUTH-L2

int ra f0/1 , f0/3

sw port-sec
sw port-sec max 1
sw port-sec mac-add sticky
on PX-WEST-L3

username PX-South-L3 pass cisco

int s1/1
ppp authen chap

on PX-South-L3

userna PX-West-L3 pass cisco

int s1/3
ppp authent chap

C. Layer 3 :-

on All L3 Devices

ip domain name [Link]

crypto key generate rsa

line vty 0 4
transport input ssh

ip access-list standard REMOTE

permit [Link] [Link]

line vty 0 4
access-class REMOTE in

on PX-NORTH-L3

ip access-list extended HTTP

permit tcp any [Link] [Link] eq 80
deny tcp any any eq 80 log
permit ip any any

int f0/0
ip access-group HTTP out

on All L3 Devices

int f0/0
ip ospf authentication
ip ospf authentication-key cisco