| | | | |

| | | | |

Network Implementation Plan
Network Implementation Plan

Table of Contents Implementing IPv6 3
Great Clips: Implementing a Network Plan
Configuring IPv6 on a Juniper Router Network Infrastructure Design 6
Installing Ubuntu on Virtual Box Linux Networking 9
Linux Network Commands Analyzing Network Traffic 14
Network Sniffer Applications: Compare and Contrast
Installing Wireshark: Running a TCP Packet Trace Network Security 16
Access Control Lists (ACL)
ACL Command Examples
To configure an ACL on a router
To configure an ACL on a switch References 18

Implementing IPv6
Great Clips: Implementing a Network Plan

Great Clips is a hair salon franchise through the United States and Canada. The first salon opened in 1982 and the first franchise opened in 1983 both in the state of Minnesota. In 1988, there were 150 franchises and by 2014, there are now well over 3000. Because of this tremendous growth, I have selected this company for which I will implement a network plan that will support seamless sharing and connection between various company locations.

The routing protocols for IPv6 are similar to IPv4 but have been adjusted accordingly. There are two forms of routing protocols, Distance Vector routing and Link-State routing protocols. Distance Vector rules consider distance between nodes and the number of hops data must travel through before it reaches its destination. Distance Vector protocols require very little configuration and are popular among small to midsize organizations. Common Distance Vector protocols are Routing Information Protocol (RIP) and Boarder Gateway Protocol (BGP) which is the standard routing protocol used for the internet. RIP includes authentication to verify source, it needs a network address and number of hops (max of 15 hops) and is very automatic. BGP is used by all ISPs, is very flexible, allows for internal and external and allows multiple links to the same network.

Link-State routing protocols govern how information is passed between routers by determining the best paths of available connections. Routing protocols in this category include Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS). OSPF will govern that data will follow the shortest, the most cost-effective and reliable path. This protocol is typically used on large networks and can be grouped logically into areas. ISIS is not as popular as OSPF but is typically implemented in large scale networks such as ISPs.

Configuring IPv6 on a Juniper Router

You configure IPv6 on a Juniper Network router much like you do with IPv4. For router interfaces to support IPv6, they must be configured to specific properties, types and addresses. Interface family type inet6 and logical interface protocol families must be configured as well. Below is an example of the steps to configure IPv6 on a Juniper Network.

2001:db8::1/128 2001:db8::5/128

A E 2001:db8:0:1::/64

Log into your device running Junos OS and the CLI

Step 1: Enter configuration mode
Upon logging in, you will be in operation mode: “user@host>”
You must get into configuration mode by enter “configure” “user@host> configure”
This changes to “user@host#” when place in configuration mode.

Step 2: Edit interfaces
“[edit interfaces ] Fe-1/2/0 unit 1 description to –E
Fe1/2/0 unit 1 family inet6 address
2001:db8:0:1:2a0:a502:0:1da/64
Unit 1 family inet6 address 2001:db8::1/128 primary
2001:db7::2/128
2001:db87::3/128
Device A
[edit routing-options]
Set rib inet6.0 static route 2001:db8::5/128 next-hop
2001:db8:0:1:2a0:a502:0:19da
[edit interfaces] user@host# commit
Device E
Fe-1/2/0 unit 25 description to –A
Fe-1/2/0 unit 25 family inet6 address
2001:db8:0:1:2a0:a502:0:19da/64
2001:db8::5/128
[edit routing-options]
Set routing-options rib inet6.0 static route ::/0 next-hop
2001:db8:0:1:2a0:a502:0:1da
[edit] user@host# commit” (Configuring IPv6 Static Routes, 2012)

Network Infrastructure Design
Installing Ubuntu on Virtual Box

Linux Networking
Linux Network Commands

The ifconfig command is a system admin tool used for network interface configuration. Using this command, a report is generated listing all running and recognized network interfaces on the system. Also listed are configurations such as IP addresses, net masks, broadcast addresses, gateway and the status of the loopback.
The ifconfig command can be used to troubleshoot networking issues by allowing a view of all network settings, all network interfaces, enabling and disabling network interfaces, assigning IP addresses and net masks among other capabilities.
Examples:
ifconfig –a: displays all information for active and inactive interfaces on the network ifconfig eth0 netmask : allows admin to define a net mask for a specific interface ifconfig eth0 broadcast: allows admin to set certain broadcast address for a specific interface ifdown and ifup are additional troubleshooting commands used for interface configurations allowing the administrator to shutdown or bring back online a specific interface. This is extremely helpful in the event of a malicious attack.
The nslookup command is a query command used to find information about a named domain. Running this command will provide the IP address for a specific domain name. This search can also be reversed, using the IP address to search for the domain name. This command is helpful when troubleshooting DNS servers.
Example:
Nslookup www.google.com
The ping command is a basic command that lets the administrator test for network connectivity. Using the ping command, the administrator can send a test packet of data to a certain host on a network in an attempt to get a reply and to determine how long it takes for the data to be exchanged.
Example:
Ping 192.168.1.122
The File Transfer Protocol is a program allowing users to transfer data to and from remote network sites. It is the fastest and most easy way to send files from your machine to another machine.
The Domain Name System is used on Linux to resolve computer IP addresses into readable host names. Users would never be able to remember computer IP addresses; however they have an easier time remember names such as Google. It can also do the reverse and convert a name into an IP. This is important because the IP address is used to route information, not the readable name.
The SSH application on Linux is used for logging into a machine remotely for administration and work through secure encrypted communication channels.

Analyzing Network Traffic
Network Sniffer Applications: Compare and Contrast
A program that works to intercept, track and log traffic over an interface is known as a network analyzer or sniffer. The sniffer captures the packets of data streaming through the network and decodes the data being sent. These tools can be very helpful for troubleshooting network problems, detecting network intrusions and misuse, monitoring utilizations and debugging along with other additional capabilities. A sniffer would be very helpful in a scenario where a user suspects computer attacks against their network firewall. Using a sniffer, the user could analyze the data packets being sent to the network to determine if they are legit or not. There are quite a handful of different applications and software sniffer tools available in the marketplace today. Let’s look at just two of them, Cain and Abel and Wireshark.
Cain and Abel is a graphical user interface (GUI), created by Massimiliano Montoro and Wireshark, formually Ethereal, is both a command-line interface and GUI both provided free for downloading but whereas Cain and Abel is a freeware, usually with restrictions, Wireshark is a General Public License freeware allowing more freedom. Cain and Abel works on Windows operating systems only and Wireshark works on Windows, OS, Linux, BSDs, Solaris, AIX, HP-UX, IRIX, Tru64 and UNIX. Cain and Abel, a well documented tool, has the ability to analyze routing protocols, recover, decode and/or crack encrypted passwords and record VoIP conversations. Wireshark has the ability to capture packets live and/or read in a file of previously captured packets. Additionally, the interactive interface allows the user to dig deep into the details of the packet as well as reconstruct the flow of a TCP session. I think based upon the research findings comparing and contrasting these two tools, I think the vast versatility that comes with Wireshark makes it a better tool than that of Cain and Abel.
Installing Wireshark: Running a TCP Packet Trace

Network Security
Access Control Lists (ACL)
Access Control Lists (ACL) are the rules governing the flow of traffic on the network by specifying which traffic is allowed to flow in and/or which traffic is allowed to flow out. The rules are set regarding different traffic attributes found in the data packets such as source and destination IP addresses and MAC addresses, port information and protocols. When a data packet is received, the attributes are thoroughly scanned and compared against the ACL, looking for rules that will either allow or prohibit the packet to enter the network. Because of this, ACLs are able to provide a fundamental level of network security by blocking unauthorized traffic and restricting data.
ACLs are created using commands or statements that specify which attributes are permitted and which ones are denied. The attributes are specified in the order in which the list should appear in the ACL using a top-down approach since the ACL reviews the packets from top to bottom. ACLs are applied to interfaces, so you can have an ACL for the outbound interface and/or for the inbound interface. ACLs can be standard, extended or named. Standard ACLs match source addresses, extended ACLs can include additional information such as ports, TCP and UDP information and named ACLs use specified names and numbered lines.
For example: ACL 180
Config access-list 180 permit tcp 192.167.77.0.0.0.0.255 192.167.77.3.0.0.0.0
TCP packet to 192.167.78.1 will be rejected because it is not within the specificed range of the ACL.
TCP packet to 192.167.77.2 will be accepted because it is within the specified range of the ACL.
ACL Command Examples
There are many commands that can be used for ACL implementations. Such commands are:
Config access-list permit
Config access-list deny
Config clear access-list
Config show access-list

To configure an ACL on a router
Example: deny traffic from 192.167.77.3.0.0.0.0
Open the router terminal
En
Conf t
#access-list
<1-99 for standard list>
#access-list 50
#access list 50 de
#access list 50 deny 192.167.77.3.0.0.0.0
To configure an ACL on a switch
Example: permit traffic from 192.167.77.3.0.0.0.0
Open Command prompt
En
Switch#conf t
Switch#(config)#access-list 50
Switch#(config)#access-list 50 permit 192.167.77.3.0.0.0.0

References
Beasley, J. S., & Nilkaew, P. (2013). A Practical Guide to Advanced Networking. Pearson IT Certification.
Cain and Abel (software). (2014, 09 27). Retrieved 12 15, 2014, from Wikipedia: http://en.wikipedia.org/wiki/Cain_and_Abel_%28software%29
Configuring IPv6 Static Routes. (2012, 08 10). Retrieved 11 24, 2014, from Juniper: https://www.juniper.net/documentation/en_US/junos12.1/topics/example/policy-ipv6-static-routes.html
How to install Ubuntu 14.4 LTS on Virtubal box. (2014, 05 14). Retrieved 12 02, 2014, from YouTube: https://www.youtube.com/watch?v=QkJmahizwO4
Methods of Network Access Security. (n.d.). Retrieved 12 22, 2014, from Exam Collection: http://www.examcollection.com/certification-training/methods-of-network-access-security.html
SecTools.Org: Top 125 Network Security Tools. (n.d.). Retrieved 12 15, 2014, from SecTools: http://sectools.org/tag/sniffers/
Wilson, T. (2012, 05 16). Securing Networks: Access Control LIsts (ACL). Retrieved 12 22, 2014, from Pluralsight Blog: http://blog.pluralsight.com/access-control-list-concepts
Wireshark. (2014, 12 1). Retrieved 12 15, 2014, from Wikepedia: http://en.wikipedia.org/wiki/Wireshark