Project Scope
In this project we are called upon to design a network for a company. The main users of the network will be sales, engineering, admin, finance and human resource department.
We will be using wireless access points and switches to avail network to the users. Access points will be used to allow wireless handheld devices to access the internet.
Project requirements
This project requires to fulfill the following functional requirements:
- Security: the network to be developed should have a tuff security. That is, no unwanted traffic should escape in or out of the network. Sales and engineering departments will not be able to access finance departments, while accessing print services. However, finance, admin and human resource departments should have access to all network infrastructure resources.
- Network subnets: the network will be subnetted into five subnets and each subnet assigned to a VLAN. The logical divisions will enable us configure security requirements
- The dhcp server will is required to manage IP address issuance.
Network design (user centric approach)
As we are designing a network for a business environment, the network design will be business oriented. That is to say, the network design will focus on the reliability and performance of the network. The design will be simple but meet all user requirements. Additionally, the configurations will not be complex to scare the company’s IT support team.
IP addressing
Device name |
IP address |
Default gateway |
Router |
10.10.100.1 |
255.255.255.255.0 |
AP1 |
10.10.100.249 |
255.255.255.255.0 |
AP2 |
10.10.100.250 |
255.255.255.255.0 |
HR Dep Device |
10.10.100.253 |
255.255.255.255.0 |
Admn Client PC |
10.10.140.253 |
255.255.255.255.0 |
Finance Client PC |
10.10.130.253 |
255.255.255.255.0 |
Sales Depart Client PC |
10.10.150.253 |
255.255.255.255.0 |
Engineering Dept Client PC |
10.10.120.253 |
255.255.255.255.0 |
Server |
10.10.100.252 |
255.255.255.255.0 |
Hardware requirements
Name of Device |
Specification |
How much required |
Justification |
Price US Dollar |
Wireless router |
Model: Cisco router 3500 DRAM : 512 MB Ethernet 0 and 1 Serial interfaces WAN interface: 1 gigabit Flash memory: 256 MB Flash memory: 256 MB Auxiliary port: RJ 45 Single Port Series. LAN interface: 4 fast Ethernet ports. |
2 |
Access points are necessary to support wireless handheld devices |
75*2=150 |
Router |
Compact Flash: 64 MB Network slot module : 1 DRAM: 512 MB Fixed USB 1.1 Ports : 2 Interface Card Slots: 4. |
One |
Router will be routing information in the network |
1651 |
Firewall |
Model: Cyber roam |
One |
The firewall will be sieving both incoming and outgoing traffic |
2110.54 |
Server |
Processor core: 28 Processor family: Intel Processors number: 2 Memory slots: 20 DIMM Cache level: L3 38.50 Network controller: HPE 1 GB 321i 4 adapter-ports Maximum Memory: 2TB, 128 GB DDR# RAM Processor speed:3.6 GHz |
1 |
DHCP and print services will be offered with this server |
21444 |
Switch |
RJ 45 ports: 48 Model: Cisco Switch 2900 series DRAM: 128 MB Flash memory: 64 MB |
2 |
Switches will enhance network expansion. |
2421*2=4942 |
Router configuration
Router>ena
Router#conf ter
Router(config)#inter fa0/0
Router(config-if)#no shu
Router(config-if)#inter fa0/0.100
Router(config-subif)#encapsulation dot1q 100
Router(config-subif)#ip add 10.10.100.1 255.255.255.0
Router(config-subif)#inter fa0/0.120
Router(config-subif)#ip add 10.10.120.1 255.255.255.0
Router(config-subif)#encapsulation dot1q 120
Router(config-subif)#inter fa0/0.130
Router(config-subif)#encapsulation dot1q 130
Router(config-subif)#ip add 10.10.130.1 255.255.255.0
Router(config-subif)#inter fa0/0.140
Router(config-subif)#ip add 10.10.140.1 255.255.255.0
Router(config-subif)#encapsulation dot1q 140
Router(config-subif)#inter fa0/0.150
Router(config-subif)#encapsulation dot1q 150
Router(config-subif)#ip add 10.10.150.1 255.255.255.0
Router(config-subif)#exi
Router(config)#hostname HORouter
HORouter(config)#service password-encryption
HORouter(config)#enable secret admin
HORouter(config)#banner motd *It is our core router. Don’t Interact with it*
HORouter(config)#username admin password admin
HORouter(config)#line vty 0 4
HORouter(config-line)#password admin
HORouter(config-line)#logging synchronous
HORouter(config-line)#logi
HORouter(config-line)#line c 0
HORouter(config-line)#paas
HORouter(config-line)#password admin
HORouter(config-line)#logi
HORouter(config-line)#logging synchronous
HORouter(config-line)#end
HORouter#copy run start
Switch>ena
Switch#conf ter
Switch(config)#inter fa 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport trunk allowed vlan all
Switch(config-if)#inter fa0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 130
% Access VLAN does not exist. Creating vlan 130
Switch(config-if)#inter fa0/4
Switch(config-if)#switchport access vlan 140
% Access VLAN does not exist. Creating vlan 140
Switch(config-if)#switchport mode access
Switch(config-if)#inter fa0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
% Access VLAN does not exist. Creating vlan 100
Switch(config-if)#inter fa0/6
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
Switch(config-if)#exi
Switch(config)#hostname Switch1
Switch1(config)#service password-encryption
Switch1(config)#line vty 0 15
Switch1(config-line)#password admin
Switch1(config-line)#logi
Switch1(config-line)#logg sy
Switch1(config-line)#line c 0
Switch1(config-line)#password admi
Switch1(config-line)#password admin
Switch1(config-line)#logging synchronous
Switch1(config-line)#login
Switch1(config-line)#exi
Switch1(config)#banner motd *This is my Switch1*
Switch1(config)#enable secret admin
Switch1(config)#end
Switch1#copy run startup-config
Configuring Switch 2
Switch>ena
Switch#conf ter
Switch(config)#inter ran f0/1-2
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#switchport trunk encapsulation dot1q
Switch(config-if-range)#switchport trunk allowed vlan all
Switch(config-if-range)#inter f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
Switch(config-if)#inter f0/4
Switch(config-if)#switchport access vlan 120
% Access VLAN does not exist. Creating vlan 120
Switch(config-if)#switchport mode access
Switch(config-if)#inter f0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 100
Switch(config-if)#inter f0/7
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 150
% Access VLAN does not exist. Creating vlan 150
Switch(config-if)#exi
Switch(config)#hostname Switch2
Switch2(config)#banner motd *It is My Switch2*
Switch2(config)#service password-encryption
Switch2(config)#enable secret admin
Switch2(config)#line vty 0 15
Switch2(config-line)#password login
Switch2(config-line)#login
Switch2(config-line)#logging synchronous
Switch2(config-line)#line c 0
Switch2(config-line)#password login
Switch2(config-line)#lo
Switch2(config-line)#logging synchronous
Switch2(config-line)#login
Switch2(config-line)#end
Switch2#copy run start
[5]
Configuring DHCP
HORouter#conf ter
HORouter(config)#service dhcp
HORouter(config)#ip dhcp excluded-address 10.10.100.245 10.10.100.254
HORouter(config)#ip dhcp pool abc
HORouter(dhcp-config)#network 10.10.100.0 255.255.255.0
HORouter(dhcp-config)#lease 1 12 45
HORouter(dhcp-config)#default-router 10.10.100.1
HORouter(dhcp-config)#domain-name abc.com
HORouter(dhcp-config)#end
HORouter#copy run start
Access point configuration
Project Requirements
The following guideline steps show how to configure access points. We assume the access point is powered.
- Connect Cat 6 patch code cable to your pc and wireless router.
- In PC, change the network settings to read those of the access point.
- In the pc’s browser, type the default gateway of the access point printed at the back. Press “Enter”
- Enter credentials as printed at the bottom of the AP
- Click “Quick Setup”.
- In the “Wireless”, in the SSID field, enter business desired SSID name
- In the WPA2-PSK security field, type a standard password. Click “Next”
- Click “Finish”. Wireless access point is ready for use. [6]
Configuring server
We are using windows 2012 server. Below are steps to configure the server: we assume the server is powered and the DHCP role is installed
- Access Run tool by holding windows + R keys, type in the field dhcpmgmt.msc
- Expand the DHCP console and IPv4. Right click the select “New Scope”.
- Click “Next”.
- Type the description and click next
- Assign both start and end IP address. Click next
- Type the excluded range. Click Next
- Leave lease time as default. Click next then yes leaving default values
- Enter router IP address if available, click add.
- Enter the domain name. click next
- Click finish. The server is ready for deployment[7]
Security
The security of our system is achieved by use of firewall. The firewall is configured to filter both the outgoing and incoming traffic. Just in case there are unwanted traffic that is incoming, the traffic will be dropped by the firewall. Additionally, our router is configured with ACLs that limits sales and engineering department from access finance department resources.
Assigning IP address to client computer
HR Deprt PC
C:>ipconfig /ip 10.10.100.253 255.255.255.0
C:>ipconfig /dg 10.10.100.1
Engineering Dprt
Press Enter to begin
C:>ipconfig /ip 10.10.120.253 255.255.255.0
C:>ipconfig /dg 10.10.120.1
Sales department
C:>ipconfig /ip 10.10.150.253 255.255.255.0
C:>ipconfig /dg 10.10.150.1
Admin
C:>ipconfig /ip 10.10.140.253 255.255.255.0
C:>ipconfig /dg 10.10.140.1
Demonstration
In the demonstration section, we are going to perform pings from different departments
Ping of engineering from finance
C:>ping 10.10.120.253
Pinging 10.10.120.253 with 32 bytes of data:
Reply from 10.10.120.253: bytes=32 time=62ms TTL=241
Reply from 10.10.120.253: bytes=32 time=65ms TTL=241
Reply from 10.10.120.253: bytes=32 time=55ms TTL=241
Reply from 10.10.120.253: bytes=32 time=61ms TTL=241
Reply from 10.10.120.253: bytes=32 time=61ms TTL=241
Ping statistics for 10.10.120.253:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 55ms, Maximum = 65ms, Average = 61ms
Ping of HR pc from finance
C:>ping 10.10.100.253
Pinging 10.10.100.253 with 32 bytes of data:
Reply from 10.10.100.253: bytes=32 time=60ms TTL=241
Reply from 10.10.100.253: bytes=32 time=62ms TTL=241
Reply from 10.10.100.253: bytes=32 time=63ms TTL=241
Reply from 10.10.100.253: bytes=32 time=59ms TTL=241
Reply from 10.10.100.253: bytes=32 time=71ms TTL=241
Ping statistics for 10.10.100.253:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 71ms, Average = 63ms
Ping of sales depart PC from finance department
C:>ping 10.10.150.253
Pinging 10.10.150.253 with 32 bytes of data:
Reply from 10.10.150.253: bytes=32 time=48ms TTL=241
Reply from 10.10.150.253: bytes=32 time=70ms TTL=241
Reply from 10.10.150.253: bytes=32 time=62ms TTL=241
Reply from 10.10.150.253: bytes=32 time=53ms TTL=241
Reply from 10.10.150.253: bytes=32 time=55ms TTL=241
Ping statistics for 10.10.150.253:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 70ms, Average = 58ms
Executive summary
In our network design, we have used NetSim Boson network simulator tool to simulate the network to be implemented. Router and switch configurations are done here. For the server and access points, we have provided step by step guideline on how to configure them.
Our router is configured with router-on-stick technology. That is to say, we created virtual sub interfaces on the router to enable the created Vlans access the router. Access of the router by Vlans is necessary because I t the router which will enable communication between the Vlans.
In addition, the router is configured with ACLs to allow finance, human resource and admin departments full access to network infrastructure while denying sales and engineering departments full access but giving them access to the print services.
The switches are configured with five VLANs. Each VLAN represents a department. VLANs are necessary in our network design since these logical divisions enables us control access of resources by sales and engineering department. Furthermore, the vlans comes in handy during network troubleshooting just in case there is a fault.
The DHCP server is configured to lease IP addresses to client computers. This necessary as manual IP address management is too challenging.
The network security is achieved by use of firewall which filters the outgoing and incoming traffic.
References
[1] |
Arad, Nir, T. Daniel and M. Mondaeev, Hardware implementation of network testing and performance monitoring in a network device., 2010. |
[2] |
A. Bianco and F. Neri, Next Generation Optical Network Design and Modelling, New York City: Springer, 2013 . |
[3] |
M. Palmer, Hands-On Networking Fundamentals, Boston: Cengage Learning, 2012. |
[4] |
T. Lammle and . Montgomery, CCNA Data Center: Introducing Cisco Data Center Technologies Study Guide, Hoboken: John Wiley & Sons, 2016 . |
[5] |
M. M. Alani, Guide to Cisco Routers Configuration: Becoming a Router Geek, New York City: Springer, 2017. |
[6] |
M. Duggan, Cisco CCIE Routing and Switching v5.0 Configuration Practice Labs, Indianapolis: Cisco Press, 2014. |
[7] |
L. Wang, . Jajodia and . Singhal, Network Security Metrics, New York City: Springer, 2017 . |
[8] |
TP-Link, “How to Setup a TP-Link WiFi Router,” 23 September 2018. |