ClubEnsayos.com - Ensayos de Calidad, Tareas y Monografias
Buscar

Mini-Lab- Network Topology Overview


Enviado por   •  15 de Febrero de 2017  •  Informe  •  2.079 Palabras (9 Páginas)  •  318 Visitas

Página 1 de 9

[pic 2]                                              Last Update: 13 Nov 2016

Mini-Lab Training Manual 

 

[pic 3]

Introduction

You have recently been hired to manage the IT systems for a local, doctor’s office group in San Francisco. Nightingale Medical Associates has managed to survive with a consumer ISP-provided gateway for many years, but recent Electronic Medical Records (EMR) mandates, HIPAA compliance, more patients, and the demand for guest Internet access has them excited about an enterprise solution.

As their new IT admin, you suggest that Nightingale Medical Associates try Cisco Meraki as a solution that will not only meet their needs now, but can also scale with them as they grow their existing location or expand to multiple locations.

In order to get started, you’ve decided to equip them with some Meraki gear.


Network Topology Overview

[pic 4] 


[pic 5]

How to perform lab work

  1. Navigate to http://dashboard.meraki.com  and use the credentials provided by the proctor
  2. Verify that your pod’s equipment is up and running
  3. You can use Cisco Meraki knowledge base articles and documentation to assist with lab exercises. They can be found on the Internet at:
  1. http://documentation.meraki.com

LAB 1 | Small / Medium Site

To get started, let’s set up the Meraki MX assigned to you. Meraki Support and Grupo Dice have already set up a Dashboard account and added the gear to a network. In this lab you will create an initial configuration for a doctor’s office, create a baseline security policy, configure a guest wireless network, and interconnect all of the remote branches.

1.1.1 Initial MX Setup (5 minutes)

  1. Verify that your MX is operational (i.e. WAN uplinks are healthy, MX is green in dashboard, etc.)

  1. Edit the name of your MX and apply the tag(s) and address from your handout
  1. At the “address” fied, use your Company’s name and the physical address of your local office
  1. Enable VLANs and create VLANs 1 (Corp), 30 (Voice) and 100 (Guest) per the diagram above
  1. Ensure that non-tagged traffic will be part of VLAN1 (native vlan)
  2. Under DHCP configuration:
  1. For VLAN 1 (Corp) Reserve IP addresses .150 through .250 under DHCP Settings
  2. For VLAN 30 (Voice), set the leasing time for 1 week and use upstream router as the DNS server
  3. For VLAN 100 (Guest), set the leasing time for 1 hour and use OpenDNS Servers

1.1.2 Setting a Security Policy (15 minutes)

  1. Apply the following global default policies (Hint: Below section does not use group policies)
  1. Using L7 Firewall rules, completely block BitTorrent
  2. Maximum bandwidth of 5Mbps per client
  1. Allow bursting if bandwith is available
  1. For Netflix and Pandora, shape traffic to 1M down, 500 K up.  Ensure they are low priority.
  2. For all voice and video conferencing, remove all bandwidth restrictions and ensure they are high priority
  3. Configure Content Filtering rules including:
  1. Adult and Nudity websites
  2. Phishing sites
  3. HTTPs Proxy and Anonymizers

  1. At Threat Management option:
  1. Enable Malware detection
  2. IDS/IPS powered by SourceFire
  1. Enable Prevention
  2. Select Security as the protection level (full IPS signatures)
  1. Create a group-policy called “Guest” to ensure that guest users will conform to below restrictions
  1. Guest group policies will only be turned on during working hours 8am–5pm M-F
  2. Guests will be restricted to 2M per client
  3. No traffic can communicate to North Korea
  4. Add another content filtering category for all website deemed as “Illegal”
  5. Apply the “Guest” group policy to the “Guest” VLAN
  1. Hint: This Group Policy will apply to the guest network only, while the global restrictions configured previously affect to the rest of the VLANs by default

1.1.3 Interconnect All Sites with Full-Mesh Auto VPN (5 minutes)

  1. Configure a split-tunnel VPN between all sites
  1. Hint: Navigate to Site-to-site VPN and configure your site as a hub
  2. Enable VPN for only VLAN 1 & 30

  1. Refresh your screen and navigate to VPN Status to verify connectivity to other branches
  1. What is your average latency to other branches? R. ______________ms
  1. Verify connectivity by pinging your neighbor’s lab station from the Live tools on the Appliance Status screen
  1. Hint: Use Corp VLAN default gateway IP of any other pod

1.3.1 Configuring a Guest and Corporate Wireless Network (10 minutes)

  1. In the Security Appliance – Configure - Wireless Settings menu:
  1. Enable SSID1 and name it as “Corporate”
  2. Enable SSID2 and name it as “Guest”

  1. On your corporate SSID:
  1. Use the PSK “ikarem123”
  2. Place all traffic on your Corp VLAN and use the MX as the DHCP server
  1. On the guest SSID:
  1. Place all traffic on you Guest VLAN 100 and use MX as DHCP server
  2. Ensure users in Guest VLAN sign on via a splash page that refreshes every half hour (customize and preview your splash page)

LAB 2 | Large Site / Campus

Since deploying their enterprise network, Nightingale Medical Associates has continued to grow. They’ve just acquired another medical group that has a legacy private network interconnecting all of their sites. In order to increase collaboration during the acquisition, Nightingale Medical Associates has rolled out the private network to all sites. Also, to protect their new Electronic Medical Records (EMR) system, Nightingale Medical Associates wishes to increase the security of their wired and wireless network.

...

Descargar como (para miembros actualizados) txt (12 Kb) pdf (226 Kb) docx (1 Mb)
Leer 8 páginas más »
Disponible sólo en Clubensayos.com