Designing A Business Network Infrastructure

Project Scope

In this project we are called upon to design a network for a company. The main users of the network will be sales, engineering, admin, finance and human resource department.

We will be using wireless access points and switches to avail network to the users. Access points will be used to allow wireless handheld devices to access the internet.

Project requirements

This project requires to fulfill the following functional requirements:

1. Security: the network to be developed should have a tuff security. That is, no unwanted traffic should escape in or out of the network. Sales and engineering departments will not be able to access finance departments, while accessing print services. However, finance, admin and human resource departments should have access to all network infrastructure resources.
2. Network subnets: the network will be subnetted into five subnets and each subnet assigned to a VLAN. The logical divisions will enable us configure security requirements
3. The dhcp server will is required to manage IP address issuance.

Network design (user centric approach)

As we are designing a network for a business environment, the network design will be business oriented. That is to say, the network design will focus on the reliability and performance of the network. The design will be simple but meet all user requirements. Additionally, the configurations will not be complex to scare the company’s IT support team.

IP addressing

Device name	IP address	Default gateway
Router	10.10.100.1	255.255.255.255.0
AP1	10.10.100.249	255.255.255.255.0
AP2	10.10.100.250	255.255.255.255.0
HR Dep Device	10.10.100.253	255.255.255.255.0
Admn Client PC	10.10.140.253	255.255.255.255.0
Finance Client PC	10.10.130.253	255.255.255.255.0
Sales Depart Client PC	10.10.150.253	255.255.255.255.0
Engineering Dept Client PC	10.10.120.253	255.255.255.255.0
Server	10.10.100.252	255.255.255.255.0

Hardware requirements

Name of Device	Specification	How much required	Justification	Price  US Dollar
Wireless router	Model: Cisco router 3500 DRAM : 512 MB Ethernet 0 and 1 Serial interfaces WAN interface: 1 gigabit Flash memory: 256 MB Flash memory: 256 MB Auxiliary port: RJ 45 Single Port Series. LAN interface: 4 fast Ethernet ports.	2	Access points are necessary to support wireless handheld devices	75*2=150
Router	Compact Flash: 64 MB Network slot module : 1 DRAM: 512 MB Fixed USB 1.1 Ports : 2 Interface Card Slots: 4.	One	Router will be routing information in the network	1651
Firewall	Model: Cyber roam	One	The firewall will be sieving both incoming and outgoing traffic	2110.54
Server	Processor core: 28 Processor family: Intel Processors number: 2 Memory slots: 20 DIMM Cache level: L3 38.50 Network controller: HPE 1 GB 321i 4 adapter-ports Maximum Memory: 2TB, 128 GB DDR# RAM Processor speed:3.6 GHz	1	DHCP and print services will be offered with this server	21444
Switch	RJ 45 ports: 48 Model: Cisco Switch 2900 series DRAM: 128 MB Flash memory: 64 MB	2	Switches will enhance network expansion.	2421*2=4942

Router configuration

Router>ena

Router#conf ter

Router(config)#inter fa0/0

Router(config-if)#no shu

Router(config-if)#inter fa0/0.100

Router(config-subif)#encapsulation dot1q 100

Router(config-subif)#ip add 10.10.100.1 255.255.255.0

Router(config-subif)#inter fa0/0.120

Router(config-subif)#ip add 10.10.120.1 255.255.255.0

Router(config-subif)#encapsulation dot1q 120

Router(config-subif)#inter fa0/0.130

Router(config-subif)#encapsulation dot1q 130

Router(config-subif)#ip add 10.10.130.1 255.255.255.0

Router(config-subif)#inter fa0/0.140

Router(config-subif)#ip add 10.10.140.1 255.255.255.0

Router(config-subif)#encapsulation dot1q 140

Router(config-subif)#inter fa0/0.150

Router(config-subif)#encapsulation dot1q 150

Router(config-subif)#ip add 10.10.150.1 255.255.255.0

Router(config-subif)#exi

Router(config)#hostname HORouter

HORouter(config)#service password-encryption

HORouter(config)#enable secret admin

HORouter(config)#banner motd *It is our core router. Don’t Interact with it*

HORouter(config)#username admin password admin

HORouter(config)#line vty 0 4

HORouter(config-line)#password admin

HORouter(config-line)#logging synchronous

HORouter(config-line)#logi

HORouter(config-line)#line c 0

HORouter(config-line)#paas

HORouter(config-line)#password admin

HORouter(config-line)#logi

HORouter(config-line)#logging synchronous

HORouter(config-line)#end

HORouter#copy run start

Switch>ena

Switch#conf ter

Switch(config)#inter fa 0/1

Switch(config-if)#switchport mode trunk

Switch(config-if)#switchport trunk encapsulation dot1q

Switch(config-if)#switchport trunk allowed vlan all 

Switch(config-if)#inter fa0/3

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 130

% Access VLAN does not exist. Creating vlan 130

Switch(config-if)#inter fa0/4

Switch(config-if)#switchport access vlan 140

% Access VLAN does not exist. Creating vlan 140

Switch(config-if)#switchport mode access

Switch(config-if)#inter fa0/5

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 100

% Access VLAN does not exist. Creating vlan 100

Switch(config-if)#inter fa0/6

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 100

Switch(config-if)#exi

Switch(config)#hostname Switch1

Switch1(config)#service password-encryption

Switch1(config)#line vty 0 15

Switch1(config-line)#password admin

Switch1(config-line)#logi

Switch1(config-line)#logg sy

Switch1(config-line)#line c 0

Switch1(config-line)#password admi

Switch1(config-line)#password admin

Switch1(config-line)#logging synchronous

Switch1(config-line)#login

Switch1(config-line)#exi

Switch1(config)#banner motd *This is my Switch1*

Switch1(config)#enable secret admin

Switch1(config)#end

Switch1#copy run startup-config

Configuring Switch 2

Switch>ena

Switch#conf ter

Switch(config)#inter ran f0/1-2

Switch(config-if-range)#switchport mode trunk

Switch(config-if-range)#switchport trunk encapsulation dot1q

Switch(config-if-range)#switchport trunk allowed vlan all

Switch(config-if-range)#inter f0/3

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 100

Switch(config-if)#inter f0/4

Switch(config-if)#switchport access vlan 120

% Access VLAN does not exist. Creating vlan 120

Switch(config-if)#switchport mode access

Switch(config-if)#inter f0/5

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 100

Switch(config-if)#inter f0/7

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 150

% Access VLAN does not exist. Creating vlan 150

Switch(config-if)#exi

Switch(config)#hostname Switch2

Switch2(config)#banner motd *It is My Switch2*

Switch2(config)#service password-encryption

Switch2(config)#enable secret admin

Switch2(config)#line vty 0  15

Switch2(config-line)#password login

Switch2(config-line)#login

Switch2(config-line)#logging synchronous

Switch2(config-line)#line c 0

Switch2(config-line)#password login

Switch2(config-line)#lo

Switch2(config-line)#logging synchronous

Switch2(config-line)#login

Switch2(config-line)#end

Switch2#copy run start

[5]

Configuring DHCP

HORouter#conf ter

HORouter(config)#service dhcp

HORouter(config)#ip dhcp excluded-address 10.10.100.245 10.10.100.254

HORouter(config)#ip dhcp pool abc

HORouter(dhcp-config)#network 10.10.100.0 255.255.255.0

HORouter(dhcp-config)#lease 1 12 45

HORouter(dhcp-config)#default-router 10.10.100.1

HORouter(dhcp-config)#domain-name abc.com

HORouter(dhcp-config)#end

HORouter#copy run start

Access point configuration

Project Requirements

The following guideline steps show how to configure access points. We assume the access point is powered.

1. Connect Cat 6 patch code cable to your pc and wireless router.
2. In PC, change the network settings to read those of the access point.

• In the pc’s browser, type the default gateway of the access point printed at the back. Press “Enter”

1. Enter credentials as printed at the bottom of the AP
2. Click “Quick Setup”.
3. In the “Wireless”, in the SSID field, enter business desired SSID name

• In the WPA2-PSK security field, type a standard password. Click “Next”
• Click “Finish”. Wireless access point is ready for use. [6]

Configuring server

We are using windows 2012 server. Below are steps to configure the server: we assume the server is powered and the DHCP role is installed

1. Access Run tool by holding windows + R keys, type in the field dhcpmgmt.msc
2. Expand the DHCP console and IPv4. Right click the select “New Scope”.

• Click “Next”.

1. Type the description and click next
2. Assign both start and end IP address. Click next
3. Type the excluded range. Click Next

• Leave lease time as default. Click next then yes leaving default values
• Enter router IP address if available, click add.

1. Enter the domain name. click next
2. Click finish. The server is ready for deployment[7]

Security

The security of our system is achieved by use of firewall. The firewall is configured to filter both the outgoing and incoming traffic. Just in case there are unwanted traffic that is incoming, the traffic will be dropped by the firewall. Additionally, our router is configured with ACLs that limits sales and engineering department from access finance department resources.

Assigning IP address to client computer

HR Deprt PC

C:>ipconfig /ip 10.10.100.253 255.255.255.0

C:>ipconfig /dg 10.10.100.1

Engineering Dprt

Press Enter to begin

C:>ipconfig /ip 10.10.120.253 255.255.255.0

C:>ipconfig /dg 10.10.120.1

Sales department

C:>ipconfig /ip 10.10.150.253 255.255.255.0

C:>ipconfig /dg 10.10.150.1

Admin

C:>ipconfig /ip 10.10.140.253 255.255.255.0

C:>ipconfig /dg 10.10.140.1

Demonstration

In the demonstration section, we are going to perform pings from different departments

Ping of engineering from finance

C:>ping 10.10.120.253

Pinging 10.10.120.253 with 32 bytes of data:

Reply from 10.10.120.253: bytes=32 time=62ms TTL=241

Reply from 10.10.120.253: bytes=32 time=65ms TTL=241

Reply from 10.10.120.253: bytes=32 time=55ms TTL=241

Reply from 10.10.120.253: bytes=32 time=61ms TTL=241

Reply from 10.10.120.253: bytes=32 time=61ms TTL=241

Ping statistics for 10.10.120.253:

     Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

     Minimum = 55ms, Maximum =  65ms, Average =  61ms

Ping of HR pc from finance

C:>ping 10.10.100.253

Pinging 10.10.100.253 with 32 bytes of data:

Reply from 10.10.100.253: bytes=32 time=60ms TTL=241

Reply from 10.10.100.253: bytes=32 time=62ms TTL=241

Reply from 10.10.100.253: bytes=32 time=63ms TTL=241

Reply from 10.10.100.253: bytes=32 time=59ms TTL=241

Reply from 10.10.100.253: bytes=32 time=71ms TTL=241

Ping statistics for 10.10.100.253:

     Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

     Minimum = 59ms, Maximum =  71ms, Average =  63ms

Ping of sales depart PC from finance department

C:>ping 10.10.150.253

Pinging 10.10.150.253 with 32 bytes of data:

Reply from 10.10.150.253: bytes=32 time=48ms TTL=241

Reply from 10.10.150.253: bytes=32 time=70ms TTL=241

Reply from 10.10.150.253: bytes=32 time=62ms TTL=241

Reply from 10.10.150.253: bytes=32 time=53ms TTL=241

Reply from 10.10.150.253: bytes=32 time=55ms TTL=241

Ping statistics for 10.10.150.253:

     Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

     Minimum = 48ms, Maximum =  70ms, Average =  58ms

Executive summary

In our network design, we have used NetSim Boson network simulator tool to simulate the network to be implemented. Router and switch configurations are done here. For the server and access points, we have provided step by step guideline on how to configure them.

Our router is configured with router-on-stick technology. That is to say, we created virtual sub interfaces on the router   to enable the created Vlans access the router. Access of the router by Vlans is necessary because I t the router which will enable communication between the Vlans.

In addition, the router is configured with ACLs to allow finance, human resource and admin departments full access to network infrastructure while denying sales and engineering departments full access but giving them access to the print services.

The switches are configured with five VLANs. Each VLAN represents a department. VLANs are necessary in our network design since these logical divisions enables us control access of resources by sales and engineering department. Furthermore, the vlans comes in handy during network troubleshooting just in case there is a fault.

The DHCP server is configured to lease IP addresses to client computers. This necessary as manual IP address management is too challenging.

The network security is achieved by use of firewall which filters the outgoing and incoming traffic.

References

[1]	Arad, Nir, T. Daniel and M. Mondaeev, Hardware implementation of network testing and performance monitoring in a network device., 2010.
[2]	A. Bianco and F. Neri, Next Generation Optical Network Design and Modelling, New York City: Springer, 2013 .
[3]	M. Palmer, Hands-On Networking Fundamentals, Boston: Cengage Learning, 2012.
[4]	T. Lammle and ‎. Montgomery, CCNA Data Center: Introducing Cisco Data Center Technologies Study Guide, Hoboken: John Wiley & Sons, 2016 .
[5]	M. M. Alani, Guide to Cisco Routers Configuration: Becoming a Router Geek, New York City: Springer, 2017.
[6]	M. Duggan, Cisco CCIE Routing and Switching v5.0 Configuration Practice Labs, Indianapolis: Cisco Press, 2014.
[7]	L. Wang, ‎. Jajodia and ‎. Singhal, Network Security Metrics, New York City: Springer, 2017 .
[8]	TP-Link, “How to Setup a TP-Link WiFi Router,” 23 September 2018.