🏗️ Infrastructure Setup Guide (Enterprise Lab)

This document provides the full infrastructure configuration per device.

🛡️ 1. Core Infrastructure

🖥️ R1-A

📋 General Information

Hostname: R1-A
```
hostname R1-A
```

🌐 Management

Loopback0: 1.1.1.1/32

interface Loopback0
 ip address 1.1.1.1 255.255.255.255

🔌 Interfaces

Gi0/0/0

📟 Connection to R3

IP Address: 192.168.3.1/30

interface GigabitEthernet0/0/0
 description To R3
 ip address 192.168.3.1 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
 cdp enable

Gi0/0/1

📟 Connection to R2

IP Address: 192.168.2.1/30

interface GigabitEthernet0/0/1
 description To R2
 ip address 192.168.2.1 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
 cdp enable

Gi0/0/2

📟 Connection to R4

IP Address: 192.168.4.1/24

interface GigabitEthernet0/0/2
 description To R4
 ip address 192.168.4.1 255.255.255.0
 ip ospf network point-to-point
 negotiation auto
 cdp enable

Gi0/0/5

🔐 Secure Intranet Gateway and VRRP Configuration
IP Address: 192.168.100.1/24
Group: 10
Virtual IP: 192.168.100.254

Priority: 110

interface GigabitEthernet0/0/5
 description To Layer_2
 ip address 192.168.100.1 255.255.255.0
 ip ospf priority 254
 no negotiation auto
 cdp enable
 vrrp 10 ip 192.168.100.254
 vrrp 10 preempt delay minimum 60
 vrrp 10 priority 110

🧭 Routing Configuration (OSPF)

Static Route

ip route 10.100.0.0 255.255.0.0 192.168.100.3

OSPF

Process ID: 1
Router ID: 1.1.1.1

Areas

Area 0 → 🌐 Core Transit
Area 2 → Stub (No-Summary)
Area 3 → Stub (No-Summary)

Area 4 → Stub (No-Summary)

router ospf 1
 router-id 1.1.1.1
 area 2 stub no-summary
 area 3 stub no-summary
 area 4 stub no-summary
 redistribute static subnets
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.2.0 0.0.0.3 area 2
 network 192.168.3.0 0.0.0.3 area 3
 network 192.168.4.0 0.0.0.3 area 4
 network 192.168.100.0 0.0.0.255 area 0

🖥️ R1-B

📋 General Information

Hostname: R1-B
```
hostname R1-B
```

🌐 Management

Loopback0: 11.11.11.11/32

interface Loopback0
 ip address 11.11.11.11 255.255.255.255

🔌 Interfaces

Gi0/0/0

📟 Connection to R3

IP Address: 192.168.3.5/30

interface GigabitEthernet0/0/0
 description To R3
 ip address 192.168.3.5 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
 cdp enable

Gi0/0/1

📟 Connection to R2

IP Address: 192.168.2.5/30

interface GigabitEthernet0/0/1
 description To R2
 ip address 192.168.2.5 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
 cdp enable

Gi0/0/2

📟 Connection to R4

IP Address: 192.168.4.5/24

interface GigabitEthernet0/0/2
 description To R4
 ip address 192.168.4.5 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
 cdp enable

Gi0/0/5

🔐 Secure Intranet Gateway and VRRP Configuration
IP Address: 192.168.100.2/24
Group: 10

Virtual IP: 192.168.100.254

interface GigabitEthernet0/0/5
 description To Layer_2
 ip address 192.168.100.2 255.255.255.0
 ip ospf priority 253
 no negotiation auto
 cdp enable
 vrrp 10 ip 192.168.100.254

🧭 Routing Configuration

Static Route

ip route 10.100.0.0 255.255.0.0 192.168.100.3

OSPF

Process ID: 1
Router ID: 11.11.11.11

Areas

Area 0 → 🌐 Core Transit
Area 2 → Stub (No-Summary)
Area 3 → Stub (No-Summary)

Area 4 → Stub (No-Summary)

router ospf 1
 router-id 11.11.11.11
 area 2 stub no-summary
 area 3 stub no-summary
 area 4 stub no-summary
 redistribute static subnets
 network 11.11.11.11 0.0.0.0 area 0
 network 192.168.2.4 0.0.0.3 area 2
 network 192.168.3.4 0.0.0.3 area 3
 network 192.168.4.4 0.0.0.3 area 4
 network 192.168.100.0 0.0.0.255 area 0

📍 2. Site Routers

🛰️ R2 (Branch Site 2)

📋 General Information

Hostname : R2

Management IP: 2.2.2.2/32

hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255

🔌 Interfaces

Gi0/0/0 (Trunk - Router on a Stick)

Gi0/0/0.1
- 🛠️ MGMT
- VLAN: 1
- IP: 10.2.2.1/24
Gi0/0/0.2
- 💻 WIRED
- VLAN: 2
- IP: 172.20.2.1/24
Gi0/0/0.3
- 📶 WIRELESS
- VLAN: 3
- IP: 172.19.2.1/24

interface GigabitEthernet0/0/0
 description To SW2
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.1
 description MGMT
 encapsulation dot1Q 1 native
 ip address 10.2.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0.2
 description WIRED
 encapsulation dot1Q 2
 ip address 172.20.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0.3
 description WIRELESS
 encapsulation dot1Q 3
 ip address 172.19.2.1 255.255.255.0

🌐 WAN Interfaces

Te0/0/4
- Connected to R1-A
Te0/0/5
- Connected to R1-B

interface TenGigabitEthernet0/0/4
 description To R1-A
 ip address 192.168.2.2 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
!
interface TenGigabitEthernet0/0/5
 description To R1-B
 ip address 192.168.2.6 255.255.255.252
 ip ospf network point-to-point
 negotiation auto

🧭 Routing Configuration (OSPF)

Process ID: 1

Area: 2 (Stub)

router ospf 1
 router-id 2.2.2.2
 area 2 stub
 network 2.2.2.2 0.0.0.0 area 2
 network 10.2.2.0 0.0.0.255 area 2
 network 172.19.2.0 0.0.0.255 area 2
 network 172.20.2.0 0.0.0.255 area 2
 network 192.168.2.0 0.0.0.3 area 2
 network 192.168.2.4 0.0.0.3 area 2

🛰️ R3 (Branch Site 3)

📋 General Information

Hostname : R3

Management IP: 3.3.3.3/32

hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255

🔌 Interfaces

Gi0/0/0 (Trunk)

Gi0/0/0.1
- 🛠️ MGMT
- VLAN: 1
- IP: 10.3.3.1/24
Gi0/0/0.2
- 💻 WIRED
- VLAN: 2
- IP: 172.20.3.1/24

interface GigabitEthernet0/0/0
 description To SW3
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.1
 description MGMT
 encapsulation dot1Q 1 native
 ip address 10.3.3.1 255.255.255.0
!
interface GigabitEthernet0/0/0.2
 description WIRED
 encapsulation dot1Q 2
 ip address 172.20.3.1 255.255.255.0

🌐 WAN Interfaces

Te0/0/4
- Connected to R1-A
Te0/0/5
- Connected to R1-B

interface TenGigabitEthernet0/0/4
 description To R1-A
 ip address 192.168.3.2 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
!
interface TenGigabitEthernet0/0/5
 description To R1-B
 ip address 192.168.3.6 255.255.255.252
 ip ospf network point-to-point
 negotiation auto

🧭 Routing Configuration (OSPF)

Process ID: 1

Area: 3 (Stub)

router ospf 1
 router-id 3.3.3.3
 area 3 stub
 network 3.3.3.3 0.0.0.0 area 3
 network 10.3.3.0 0.0.0.255 area 3
 network 172.20.3.0 0.0.0.255 area 3
 network 192.168.3.0 0.0.0.3 area 3
 network 192.168.3.4 0.0.0.3 area 3

🛰️ R4 (Branch Site 4)

📋 General Information

Hostname : R4

Management IP: 4.4.4.4/32

hostname R4
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255

🔌 Interfaces

Gi0/0/0 (Trunk)

Gi0/0/0.1
- 🛠️ MGMT
- VLAN: 1
- IP: 10.4.4.1/24
Gi0/0/0.2
- 💻 WIRED
- VLAN: 2
- IP: 172.20.4.1/24
Gi0/0/0.3
- 📶 WIRELESS
- VLAN: 3
- IP: 172.19.4.1/24

interface GigabitEthernet0/0/0
 description To SW4
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.1
 description MGMT
 encapsulation dot1Q 1 native
 ip address 10.4.4.1 255.255.255.0
!
interface GigabitEthernet0/0/0.2
 description WIRED
 encapsulation dot1Q 2
 ip address 172.20.4.1 255.255.255.0
!
interface GigabitEthernet0/0/0.3
 description WIRELESS
 encapsulation dot1Q 3
 ip address 172.19.4.1 255.255.255.0

🌐 WAN Interfaces

Te0/0/4
- Connected to R1-A
Te0/0/5
- Connected to R1-B

interface TenGigabitEthernet0/0/4
 description To R1-A
 ip address 192.168.4.2 255.255.255.252
 ip ospf network point-to-point
 negotiation auto
!
interface TenGigabitEthernet0/0/5
 description To R1-B
 ip address 192.168.4.6 255.255.255.252
 ip ospf network point-to-point
 negotiation auto

🧭 Routing Configuration (OSPF)

Process ID: 1

Area: 4 (Stub)

router ospf 1
 router-id 4.4.4.4
 area 4 stub
 network 4.4.4.4 0.0.0.0 area 4
 network 10.4.4.0 0.0.0.255 area 4
 network 172.19.4.0 0.0.0.255 area 4
 network 172.20.4.0 0.0.0.255 area 4
 network 192.168.4.0 0.0.0.3 area 4
 network 192.168.4.4 0.0.0.3 area 4

🔌 3. Access Switches

⌨️ SW2

📋 General Information

Management IP: 10.2.2.2/24

interface Vlan1
 ip address 10.2.2.2 255.255.255.0

🔧 Port Configuration

Gi1/0/1
- Trunk To R2
Gi1/0/2
- Trunk To Access Point
Gi1/0/3-24
- 🔐 VLAN 2 (User)

interface GigabitEthernet1/0/1
 description To R2
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/0/2
 description To AP-01
 switchport mode trunk
 spanning-tree portfast trunk
!
interface range GigabitEthernet1/0/3 - 24
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast

⌨️ SW3

📋 General Information

Management IP: 10.3.3.2/24

interface Vlan1
 ip address 10.3.3.2 255.255.255.0

🔧 Port Configuration

Gi1/0/1
- Trunk To R3
Gi1/0/2-24
- 🔐 VLAN 2 (User)

interface GigabitEthernet1/0/1
 description To R3
 switchport mode trunk
 spanning-tree portfast trunk
!
interface range GigabitEthernet1/0/2 - 24
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast

⌨️ SW4

📋 General Information

Management IP: 10.4.4.2/24

interface Vlan1
 ip address 10.4.4.2 255.255.255.0

🔧 Port Configuration

Gi1/0/1
- Trunk To R4
Gi1/0/2
- Trunk To Access Point
Gi1/0/3-24
- 🔐 VLAN 2 (User)

interface GigabitEthernet1/0/1
 description To R4
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/0/2
 description To AP-02
 switchport mode trunk
 spanning-tree portfast trunk
!
interface range GigabitEthernet1/0/3 - 24
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast

⚙️ 4. Layer 2 Core Switch

🎛️ Layer_2 Core

🏷️ VLAN Configuration

VLAN 10 → 🔑 Cisco ISE
VLAN 20 → 📡 Cisco WLC
VLAN 30 → 💾 DC + AD
VLAN 40 → 📈 Zabbix
VLAN 50 → 🛠️ OPNsense MGMT
VLAN 100 → 🛣️ Transit
VLAN 999 → 🌎 Internet

vlan 10
 name Cisco_ISE
!
vlan 20
 name Cisco_WLC
!
vlan 30
 name DC+AD
!
vlan 40
 name Zabbix
!
vlan 50
 name OPNsense_MGMT
!
vlan 100
 name Transit
!
vlan 999
 name INTERNET

🔗 Physical Interfaces

Gi1/0/1
- 🛡️ OPNsense WAN Trunk
Gi1/0/2
- 🛡️ OPNsense LAN Trunk
Gi1/0/11
- 🌐 ISP Connection
Gi1/0/23 - 24
- 🔗 Uplink to R1-A and R1-B (VLAN 100)

interface GigabitEthernet1/0/1
 description To OPNSense - WAN
 switchport trunk allowed vlan 100,999
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/0/2
 description To OPNSense - LAN
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/0/11
 description To INTERNET
 switchport access vlan 999
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 description To R1-B
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 description To R1-A
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast

✅ Summary

This document includes complete per-device configuration, ensuring:

🧭 Clear OSPF multi-area design
🛡️ Redundant core with VRRP
🧩 VLAN segmentation across all layers

📌 Design Advantages

🔁 High Availability (VRRP Active/Standby)
🧭 Scalable OSPF Stub Area Design
🔐 Centralized Secure Intranet Gateway
🌐 Clean separation of WAN, LAN, and Services

FilesExpand file tree

Infra_setup.md

Latest commit

History

Infra_setup.md

File metadata and controls

🏗️ Infrastructure Setup Guide (Enterprise Lab)

🛡️ 1. Core Infrastructure

🖥️ R1-A

📋 General Information

🌐 Management

🔌 Interfaces

🧭 Routing Configuration (OSPF)

Areas

🖥️ R1-B

📋 General Information

🌐 Management

🔌 Interfaces

🧭 Routing Configuration

Areas

📍 2. Site Routers

🛰️ R2 (Branch Site 2)

📋 General Information

🔌 Interfaces

Gi0/0/0 (Trunk - Router on a Stick)

🌐 WAN Interfaces

🧭 Routing Configuration (OSPF)

🛰️ R3 (Branch Site 3)

📋 General Information

🔌 Interfaces

Gi0/0/0 (Trunk)

🌐 WAN Interfaces

🧭 Routing Configuration (OSPF)

🛰️ R4 (Branch Site 4)

📋 General Information

🔌 Interfaces

Gi0/0/0 (Trunk)

🌐 WAN Interfaces

🧭 Routing Configuration (OSPF)

🔌 3. Access Switches

⌨️ SW2

📋 General Information

🔧 Port Configuration

⌨️ SW3

📋 General Information

🔧 Port Configuration

⌨️ SW4

📋 General Information

🔧 Port Configuration

⚙️ 4. Layer 2 Core Switch

🎛️ Layer_2 Core

🏷️ VLAN Configuration

🔗 Physical Interfaces

✅ Summary

📌 Design Advantages