This was a multiphase project. The first phase looked at possible design strategies while the second developed curricular materials. During the second phase, an attempt was made to use the minimal setup needed for reasonable labs. While the overall structure of the lab reflected the initial project, for most labs only a subset of the original configuration is needed.
The first figure shows the original overall configuration of relevant portions of the lab as developed at Lander University:
There are several relevant features of this configuration that are worth noting.
The lab was connected to a buffer network between the full campus network and the Internet with a block of available addresses on this network. That is, the networking lab was outside the campus firewall. There were several advantages to this approach. First, the overall structure of the access network added some interesting features that could be used such as looking at routing redirects, etc. Second, having the network outside the firewall gave us freedom to use tools (e.g., network sniffers) that would be political hot potatoes inside the campus network. It also meant that we were responsible for our own security.
Developing our own security policy and procedures, while a fair amount of work, was really an advantage. We were not subject to the whims of folks who didn't understand the basics of security. (E.g., at one time the campus firewall was passing TELNET but blocking SSH.) It also kept us from developing a false sense of security.
Most of the time, the entire network was behind a Cisco Router, supplying basic filtering and NAT. However, a dual-homed computer could easily meet this need. For a few projects, computers were connected directly to the buffer network. I strongly recommend using a secure system such as OpenBSD whenever directly connecting to the Internet.
In practice, a subset of this network should meet the needs for most of the exercises described at this site:
There is one key component in this configuration. While generally a switched network is preferable, if you are going to do packet capture, you need to be able to change to a shared media network. Otherwise, you won't be able to see the traffic.
There are several other features of the original laboratory setup that impact individual assignments. For these assignments, you will need to augment the configuration or change the assignments. Here is a partial list of things to look for:
1. With a couple of the labs, the use of Network Address Translation (NAT) plays an important role. If your gateway doesn't supply NAT, you will need to adjust these labs.
2. For a couple of labs, the internal network is important. Specifically, maud is a dual-homed machine and the existence of a second interface is important. Also, the use of a routing protocol within the lab is important.
3. Finally, being able to connect a machine directly to the buffer network, a network with multiple routers is needed to demonstrate router redirects.
sloanjd@wofford.edu
Last updated:
Friday, September 10, 2004
Copyright © 2003, Dr. Joseph D. Sloan