UNIVERSITY OF BURAO

FACULTY OF ( ICT )
BACHELOR DEGREE OF INFORMATION & COMMUNICATION
TECHNOLOGY
LOCAL AREA NETWORK ( LAN )

PREPARED STUDENTS :
 USAAME HUSSIEN HASSAN
 HAMSE YUUSUF HASSAN
 MOHAMED ALI HAYBE
 NAJMA C/LAAHI MAXAMUUD
 SAYNAB MAXAMED YUUSUF
 FARXIYA C/RISAAQ NUUR

PROJECT DOCUMENTATION
Supervisor: MAXAMED CABDI CILMI

©JUNE 2025

University of Burao -Somaliland

0
 DECLARATION
We hereby declare that this thesis book is group work . It’s our original work and has been
developed whith clarify , accuracy and integrity in the field Information and Communication
Technology ( I.C.T).All sources of information , referances and contributions from other
researchers have been duly acknowledged and cited in accordance whith academic standards.

Names and signatures

 Usaame Husssien Hassan : __________________________
 Hamse yuusuf Hassan : ___________________________
 Maxamed Cali Haybe : ___________________________
 Najma C/laahi Maxamuud : ___________________________
 Saynab Yuusuf Ibraahim : ___________________________
 Farxiya C/risaaq Nuur : ___________________________

Supervisor :
Maxamed Cabdi Cilmi : ______________________

Date: ______/_______/_________

1
 Approval
We hereby proclaim this project “Local Area Network” has been undertaken
independently by the undersigned researchers under our guidance and supervision. And
that it has not previously formed that project.

SIGNATURE: ___________________ DATE: ____/__/____

Eng. Mohamed Abdi Elmi Jama Dean ,

Faculty of Information & Communication Technology

University of Burao, Burao-Somaliland.

2
 ACKNOWLEDGEMENT
This acknowledgement expresses deep gratitude to all who contributed to the successful
completion of the undergraduate project on [ LAN ].
The team begins by praising Allah (SWT) for providing strength and guidance throughout the
journey.
Heartfelt thanks are extended to the parents for their unwavering support and sacrifices.
Special appreciation is reserved for the project supervisor
Mr. MOHAMED ABDI ELMI , whose expertise and mentorship were pivotal in shaping the
project.
The team also acknowledges the lecturers at the University of Burao for their knowledge and
guidance, as well as the university itself for offering a rigorous curriculum and the opportunity to
undertake this enriching project.
The acknowledgement concludes by recognizing that this achievement was made possible
through collective support and ends with a prayer for divine rewards for all contributors.

3
 Dediction
Every hard work requires honesty, effort and be patient, my hard work and efforts are dedicated
to our honorable lecturers and we also can’t forget our dean Mohamed Abdi Elmi, as well as
any who help us to accomplish this book. They all helped us to achieve our goals day and night.
And encouraged us to achieve our goal.

4
 Abstract
This project develops a secure LAN to protect organizational data from cyber threats like
malware, hacking, and DDoS attacks.

Key security measures include traffic filtering to permit only trusted communications and switch
port security to block unauthorized device connections.
If a violation occurs, the affected port is disabled, and administrators are notified, ensuring a
robust and controlled network environment.

5
 Table of Contents
Decleration ........................................................................................................................1
Approval ............................................................................................................................2
Acknowledgement..............................................................................................................3
Dediction ...........................................................................................................................4
Abstract ..............................................................................................................................5
1.1 Introduction................................................................................................................9
1.2 Types of networks......................................................................................................9
1.3 Local Area Network...................................................................................................9
1.3.1 Baseband , Broadband and Bandwidth......................................................................10
1.4 Wide Area Network…………………………………………………..…………….11
1.5 Basic Hardware Components………………………………………………………11
1.5.1 Network Cables…………………………………………………………...………..11
1.5.2 Routers…………………………………………………………………...…………12
1.5.3 Repeaters ,Hubs and Switches…………………………………………...…………12
1.5.4 Bridges…………………………………………………………………...…………12
1.5.5 Network Interface Card (NIC)…………………………………………...…………13
1.6 Configuration of LAN network settingon SPA3102...………….……….……….....13
1.7 Configuration of WAN network setting on RV215W.…………….…………….…13
1.7.1 Automatic Configuration-DHCP IPV4...………………….………………………..13
1.7.2 Static IPV4………………………………………….…………………………….....13
1.7.3 Automatic Configuration –DHCPV6……………..………………………………....14
1.7.4 Static IPV6……………………………………..………………………………….....14
1.8 Advantage and Dis-advantage of LAN………………………………………………14
1.8.1 Advantages……………………………………..………………………………….....14
1.8.2 Dis-advantages ………………………………..……………………………………...14
1.9 Advantage and Dis-advantage of WAN……………………………………………….15
1.9.1 Advantages……………………………………..……………………………………...15
1.9.2 Dis-advantages ………………………………..………………………………………15
CHAPTER TWO : LITERATURE REVIEW………………………………………………16
2.1 Background ………………………………………………………………………….....16
2.2 History Of Local Area Networks ……………………………………………………....16
2.3 History Of Local Area Networks ………………………………………………………16
2.4 What is the Intranet …………………………………………………………………….17
2.4.1 How the Intranet works ………………………………………………………………..18
2.4.2 Uses of the Intranet …………………………………………………………………….19
2.4.3 Benefits and challenges of the Intranet ………………………………………………….20
2.5 Difference b/w Internet and Intranet …………………………………………………….22
2.6 Reliability and Availability Design issues for LAN …………………………………….23
2.6.1 Reliability ………………………………………………………………………………..25
2.6.2 Availability ……………………………………………………………………………...26
2.7 Reliability and Availability Design issues for WAN …………………………………….26
2.8 Purpose of LAN ……………………………………………………………………..…….27
2.8 Purpose of WAN ………………………………………………………………………….27
2.9 Internet …………………………………………………………………………………….28

6
2.10 OSI referance model ………………………………………………………………………29

7
8
 CHAPTER ONE: INTRODUCTION TO STUDY
1.1 Introduction
 Networks form the backbone of modern communication, enabling data exchange between
devices across different geographical locations. A network consists of interconnected
devices that share resources, such as files, applications, and internet access. This chapter
introduces fundamental networking concepts, including different types of networks,
essential hardware components, and configuration settings for Local Area Networks
(LANs) and Wide Area Networks (WANs).

 The increasing reliance on digital communication has made networking a critical aspect
of business, education, and personal use. Understanding how networks function, their
advantages, and their limitations is essential for efficient network design and
management. This chapter provides a foundation for further exploration of networking
technologies and their applications.

1.2 Types of Networks

 Networks can be categorized based on their geographical coverage, architecture, and
purpose. The primary types include:
 Local Area Network (LAN)– A network confined to a small area, such as a home,
office, or building.
 Wide Area Network (WAN) – A network that spans large geographical distances,
connecting multiple LANs.
 Metropolitan Area Network (MAN) – A network covering a city or large campus.
 Personal Area Network (PAN) – A small network for personal devices (e.g., Bluetooth
connections).
 Virtual Private Network (VPN) – A secure network over a public infrastructure, often
used for remote access.
 Each type serves different purposes, with LANs and WANs being the most widely used
in business and organizational settings.

1.3 Local Area Network (LAN)

 A Local Area Network (LAN) is a network that connects devices within a limited area,
such as a home, school, or office building. LANs are typically owned and managed by a
single organization and provide high-speed data transfer rates.

9
Key Characteristics of LAN:
 High data transfer speeds (up to 10 Gbps or more with modern Ethernet).
 Low latency due to short distances between devices.
 Private ownership, allowing for better security and control.
 Common topologies include star, bus, and ring configurations.

LANs are commonly used for:

 File sharing among connected devices.
 Printer and peripheral sharing.
 Multiplayer gaming and collaborative applications.

1.3.1 Baseband, Broadband, and Bandwidth

 Understanding network transmission methods is crucial for optimizing performance.

 Baseband:
 Uses a single channel for communication.
 Transmits digital signals.
 Example: Ethernet networks.

 Broadband:
 Uses multiple channels for simultaneous transmission.
 Supports analog signals (e.g., cable internet).
 Enables higher data rates over long distances.

 Bandwidth:
 Refers to the maximum data transfer rate of a network.
 Measured in bits per second (bps).
 Higher bandwidth allows faster data transmission.

10
1.4 Wide Area Network (WAN)
 A Wide Area Network (WAN)connects multiple LANs across large geographical
distances, often using leased telecommunication lines or satellite links. The internet is
the largest example of a WAN.

Key Characteristics of WAN:

 Covers large distances (cities, countries, continents).
 Slower speeds compared to LANs due to longer transmission paths.
 Relies on third-party service providers (ISPs, telecom companies).
 Uses protocols like MPLS, Frame Relay, and VPNs for secure communication.

WANs are essential for:

 Global business communications.
 Cloud computing and remote data access.
 International banking and financial transactions.

1.5 Basic Hardware Components

 Networks rely on various hardware components to function efficiently.

1.5.1 Network Cables

 Cables are the physical medium for data transmission in wired networks. Common types
include:

 Twisted Pair (Ethernet Cable):

 Cat5e, Cat6, Cat7 – Used in most LANs.
 Supports speeds up to 10 Gbps (Cat6a).

11
  Coaxial Cable:
 Used in broadband internet (cable TV networks).
 Higher bandwidth than twisted pair but less flexible.

 Fiber Optic Cable:

 Uses light signals for ultra-high-speed data transfer.
 Immune to electromagnetic interference.
 Used in high-speed internet backbones.

1.5.2 Routers
 Function: Directs data packets between different networks (e.g., LAN to WAN).

Key Features:
 Supports NAT (Network Address Translation).
 Provides firewall and security features.
- Used in homes and enterprises for internet access.

1.5.3 Repeaters, Hubs, and Switches

 Repeaters: Amplify signals to extend network range.
 Hubs: Basic devices that broadcast data to all connected devices (obsolete in modern
networks).
 Switches: Intelligent devices that forward data only to the intended recipient, improving
efficiency.

1.5.4 Bridges
 Connects two LAN segments, filtering traffic to reduce congestion.
 Less common today, replaced by switches.

12
1.5.5 Network Interface Card (NIC)
 Hardware component that connects a device to a network.
 Can be wired (Ethernet) or wireless (Wi-Fi).

1.6 Configuration of LAN Network Setting on SPA3102

 The Cisco SPA3102 is a VoIP router that can be configured for LAN settings.

Steps for LAN Configuration:

1. Access the router’s web interface via default IP (e.g., `192.168.1.1`).
2. Navigate to LAN Settings.
3. Assign a static IP or enable DHCP for automatic IP assignment.
4. Configure subnet mask and default gateway.
5. Save settings and reboot the device.

1.7 Configuration of WAN Network Setting on RV215W

The Cisco RV215W is a wireless-N VPN router used for WAN configurations.

1.7.1 Automatic Configuration – DHCP IPv4

1. Log in to the router admin panel.
2. Go to WAN Settings > IPv4 Configuration.
3. Select DHCP (Automatic IP).
4. Save and apply changes.

1.7.2 Static IPv4

1. Navigate to WAN Settings > IPv4 Configuration.
2. Select Static IP.

13
3. Enter IP Address, Subnet Mask, Default Gateway, and DNS provided by ISP.
4. Save and reboot.

1.7.3 Automatic Configuration – DHCPv6

1. Go to WAN Settings > IPv6 Configuration.
2. Select DHCPv6
3. Apply changes.

1.7.4 Static IPv6

1. In IPv6 Configuration, choose Static IPv6.
2. Enter the IPv6 address, prefix length, gateway, and DNS.
3. Save settings.

1.8 Advantages and Disadvantages of Local Area

Network

1.8.1 Advantages
 High-speed data transfer.
 Cost-effective for small areas.
 Enhanced security and control.
 Easy resource sharing (printers, files).

1.8.2 Disadvantages
 Limited coverage area.
 High setup cost for large installations.
 Requires maintenance.

14
1.9 Advantages and Disadvantages of Wide Area
Network

1.9.1 Advantages
 Global connectivity.
 Centralized data management.
 Supports remote work and cloud services.

1.9.2 Disadvantages
 Higher costs (leased lines, ISP fees).
 Slower speeds compared to LAN.
 Security vulnerabilities (requires VPNs/firewalls).

15
CHAPTER TWO : LITERATURE REVIEW
2.1 Background
Local Area Networks (LANs) and Wide Area Networks (WANs) are fundamental components of
modern communication infrastructure, each serving distinct purposes based on their geographic
scope and technological implementations. LANs facilitate high-speed, localized connectivity
within confined areas such as buildings or campuses, enabling efficient resource sharing and
communication among devices. In contrast, WANs interconnect multiple LANs over extensive
geographic regions, including cities, countries, or even continents, supporting the transmission of
data across vast distances. The evolution of both LANs and WANs has been pivotal in shaping
the digital landscape, influencing how information is exchanged globally.

2.2 History of Local Area Network (LAN)

The inception of LANs dates back to the late 1960s and early 1970s, a period marked by significant
advancements in computing and networking technologies. In 1973, at Xerox's Palo Alto Research Center
(PARC), Robert Metcalfe and his team developed Ethernet, a pioneering technology that laid the
groundwork for modern LANs. Ethernet facilitated high-speed data transmission over coaxial cables,
allowing multiple computers to communicate efficiently within a localized environment. This innovation
was inspired by earlier concepts such as the ALOHAnet packet radio network and the ARPANET, the
precursor to the modern Internet. Ethernet's widespread adoption was further propelled by the publication
of the IEEE 802.3 standard in 1985, which ensured interoperability and set the stage for continuous
advancements in LAN technologies.
Throughout the 1980s and beyond, LAN technologies evolved to meet the growing demands for higher
data rates and more reliable connections. The transition from coaxial cables to twisted-pair wiring and the
introduction of wireless LANs (WLANs) marked significant milestones in this evolution. The
development of Wi-Fi, based on the IEEE 802.11 standards established in the late 1990s, revolutionized
wireless connectivity, enabling mobile devices to access network resources without the constraints of
physical cables. These advancements not only enhanced user mobility and convenience but also spurred
the proliferation of internet-connected devices, contributing to the expansion of the Internet of Things
(IoT).

2.3 History of Wide Area Networks (WANs)

Wide Area Networks (WANs) have played a pivotal role in the evolution of networking, enabling
communication over extensive geographic areas and connecting disparate locations. Their development
has been marked by significant milestones and technological advancements:

Early Developments:

16
  Late 1950s: The U.S. Air Force developed the first known WAN to interconnect sites within the
Semi-Automatic Ground Environment (SAGE) radar defense system. This network utilized an
extensive array of dedicated telephone lines, modems, and telephones to link various sites.

 1960s: The Advanced Research Projects Agency Network (ARPANET) was established as the
first wide-area packet-switching network with distributed control and the first to implement the
TCP/IP protocol suite, laying the groundwork for the modern Internet.

Technological Progressions:
 Pre-1990s: Initial WANs connected offices with terminals to mainframe and minicomputer
systems using point-to-point connections. Protocols like X.25 and T1/E1 circuits, operating at 1.5
Mbps, were standard during this era.

 1990s: Frame Relay technology emerged, simplifying X.25 protocols and offering higher speeds,
becoming a popular choice for telecommunications companies.

 2000s: Multiprotocol Label Switching (MPLS) replaced Frame Relay, enhancing support for
voice, video, and data traffic with improved Quality of Service (QoS) features.

Emergence of Software-Defined WAN (SD-WAN):

 Around 2009: SD-WAN technology was introduced, allowing companies to leverage various
transport services to connect users to applications securely. This innovation provided more
flexible and responsive network solutions.

 2014: The term SD-WAN gained traction, describing networks that combined multiple
technologies to create comprehensive private networks with dynamic bandwidth sharing, central
controllers, zero-touch provisioning, integrated analytics, and on-demand circuit provisioning.

Modern Developments:
 2020s: The rapid shift to remote work during the COVID-19 pandemic accelerated the adoption
of SD-WAN, facilitating secure and efficient connections for remote workers.

The evolution of WANs reflects a continuous adaptation to the growing demands for faster, more secure,
and flexible communication networks, underpinning the interconnected nature of today's digital world.

2.4 What is the Intranet?

The intranet is a private, internal network used by organizations to securely share information,
resources, and tools exclusively with authorized members (e.g., employees, stakeholders). Unlike
the public internet, it is restricted to a specific group and hosted on local servers or cloud
infrastructure.
Key Features:
 Controlled Access: Requires authentication (e.g., login credentials, VPN).

17
 Centralized Resources: Hosts internal tools like:

o Document management systems (e.g., SharePoint).

o Employee portals (HR, payroll, training).

o Communication platforms (forums, chat tools).

 Security: Protected by firewalls, encryption, and access controls.

 Scalability: Adapts to organizational size and needs.

Purpose:
 Facilitates internal communication (e.g., announcements, updates).

 Enables collaboration (shared calendars, project management).

 Streamlines resource sharing (databases, policies, templates).

2.4.1 How the Intranet Works?

The intranet operates through a combination of hardware, software, and protocols to ensure
secure, efficient internal communication:

1. Network Infrastructure
 Servers: Host intranet content (on-premises or cloud-based).

 Clients: User devices (computers, smartphones) access the intranet via browsers or apps.

 Firewalls/VPNs: Secure remote access and block unauthorized external traffic.

2. Protocols & Technologies

 HTTP/HTTPS: Delivers web content securely.

 TCP/IP: Manages data transmission.

 LDAP/Active Directory: Manages user authentication and permissions.

3. Hosting Platforms
 CMS: Tools like WordPress or SharePoint organize and update content.

 Databases: Store employee records, documents, and resources.

4. Workflow Example:
1. User logs in via credentials/SSO.

2. Requests data (e.g., a policy document) through the intranet interface.

18
3. Server authenticates the user and retrieves the file from the database.

4. Encrypted data is sent back to the user’s device.

Security Measures:
 Encryption: SSL/TLS for data in transit.

 Access Controls: Role-based permissions (e.g., HR vs. engineering).

 Audit Logs: Track user activity for compliance.

Maintenance:
 Managed by the organization’s IT team.

 Regular updates, backups, and scalability adjustments.

2.4.2 Uses of the Intranet

Intranets serve diverse organizational needs, including:
1. Internal Communication

o Announcements: Company-wide updates, newsletters.

o Forums/Teams Channels: Discussion boards, feedback loops.

2. Collaboration

o Document Sharing: Centralized repositories (e.g., SharePoint, Google Drive).

o Project Management: Tools like Asana or Trello integrated for task tracking.

3. HR & Employee Services

o Self-Service Portals: Payroll, leave requests, benefits enrollment.

o Training: E-learning modules, certification tracking.

4. Knowledge Management

o Wikis/FAQs: Institutional knowledge bases (e.g., Confluence).

o Policy Libraries: Access to compliance documents, SOPs.

5. Operational Efficiency

o Workflow Automation: Approvals, forms, and ticketing systems.

o Dashboards: Real-time metrics (sales, IT status).

19
2.4.3 Benefits and Challenges of the Intranet
Benefits
1. Enhanced Communication

o Facilitates real-time updates, announcements, and discussions, reducing reliance on

fragmented email threads.

o Example: A company uses an intranet blog for leadership updates, ensuring consistent
messaging across departments.

2. Improved Collaboration

o Centralized platforms for shared documents (e.g., Wikis, SharePoint) enable teams to co-
edit and track changes.

o Tools like integrated calendars and project boards streamline teamwork.

3. Centralized Information Management

o Single source of truth for policies, SOPs, and training materials, minimizing version
control issues.

o Example: HR departments host onboarding resources, ensuring new hires access up-to-
date guides.

4. Cost Efficiency

o Reduces printing and physical storage costs by digitizing documents.

o Supports remote work, lowering overhead expenses for office space.

5. Security and Access Control

o Role-based permissions restrict sensitive data to authorized personnel (e.g., finance or

HR teams).

o Encrypted channels protect internal communications from external threats.

6. Workflow Automation

o Digital forms and approval processes (e.g., leave requests, purchase orders) reduce
administrative bottlenecks.

7. Employee Engagement

o Recognition platforms, surveys, and feedback tools foster a connected workplace culture.

20
 Challenges
1. User Adoption and Training

o Resistance to change or lack of tech literacy can hinder usage.

o Example: Employees revert to emails if the intranet interface is unintuitive.

2. Maintenance Costs

o Ongoing expenses for server hosting, software updates, and IT support.

o Cloud-based solutions (e.g., SaaS intranets) may offset infrastructure costs but require
subscription fees.

3. Security Risks

o Internal threats (e.g., accidental data leaks) or cyberattacks targeting weak authentication
protocols.

o Requires regular audits, multi-factor authentication (MFA), and employee cybersecurity

training.

4. Content Management

o Risk of "content bloat" with outdated or redundant files, leading to user frustration.

o Mitigation: Version control, archiving policies, and CMS governance.

5. Integration Complexity

o Compatibility issues with legacy systems (e.g., outdated CRM tools) may require costly
middleware or APIs.

6. Performance Issues

o High traffic or resource-heavy applications (e.g., video conferencing) can strain

bandwidth.

7. Scalability Limitations

o Rapid organizational growth may outpace the intranet’s capacity, necessitating

infrastructure upgrades.

Here’s a clear, structured explanation of the difference between the Internet and an
Intranet.

21
2.5 Differences Between Internet and Intranet
The terms "Internet" and "Intranet" refer to two distinct types of networks that, while sharing certain
technologies, serve different purposes and audiences. Understanding their differences is crucial for
organizations and individuals alike.

1. Accessibility
 Internet: A global network accessible to anyone with an internet connection, allowing users
worldwide to access information and services.

 Intranet: A private network restricted to authorized users, typically within an organization,

ensuring controlled access to internal resources.

2. Security
 Internet: Publicly accessible, necessitating robust security measures such as firewalls, encryption,
and secure protocols to protect data from unauthorized access and cyber threats.

 Intranet: Designed with a focus on security, intranets are protected by firewalls and require user
authentication, limiting access to sensitive internal information.

3. Purpose
 Internet: Facilitates global communication, information sharing, and access to a vast array of
services and resources across various sectors.

 Intranet: Serves as a centralized platform for internal communication, collaboration, and resource
sharing within an organization, enhancing productivity and information dissemination among
employees.

4. Content
 Internet: Hosts a wide range of content, including websites, social media, news, and
entertainment, catering to diverse interests and industries.

 Intranet: Contains content relevant to the organization's operations, such as internal news,
employee directories, and proprietary documents, ensuring that information is pertinent and
accessible to authorized personnel.

5. Management and Control

 Internet: Managed by multiple entities, including governments, private organizations, and
international bodies, with standardized protocols ensuring global connectivity.

22
  Intranet: Managed internally by an organization's IT department, allowing customization of
features and access controls to align with the organization's specific needs and policies.

6. Scalability
 Internet: Designed to support an extensive number of users and devices, continually expanding to
accommodate global growth.

 Intranet: Scalability is typically limited to the organization's requirements, expanding as needed

to support additional users or resources within the internal network.

7. Examples of Use
 Internet: Accessing websites, streaming media, participating in online forums, and engaging in e-
commerce.

 Intranet: Collaborating on internal projects, accessing company policies, and utilizing internal
communication tools among employees.

In summary, while both the Internet and intranets utilize similar networking technologies, they differ
significantly in terms of accessibility, security, purpose, content, management, scalability, and usage. The
Internet offers broad, public access to information and services, whereas intranets provide secure,
controlled environments for internal organizational communication and resource sharing.

2.6 Reliability and Availability Design Issues for LAN

Key Definitions

1. Reliability:
- The ability of a LAN to perform consistently without failures over time.
- Focuses on minimizing downtime caused by hardware/software errors.

2. Availability:
- The percentage of time a LAN is operational and accessible to users.
- Measured as uptime (e.g., "five nines" = 99.999% availability).

Reliability Design Considerations

Strategies to Improve Reliability:
1. Redundancy:
- Duplicate critical components (e.g., switches, routers, servers) to eliminate single points of failure.

23
 - Example: Dual power supplies in switches.

2. Error Detection/Correction:
- Use protocols like CRC (Cyclic Redundancy Check) to detect data errors.
- Implement retransmission mechanisms (e.g., TCP) to recover lost packets.

3. High-Quality Hardware:
- Invest in enterprise-grade equipment (e.g., Cisco switches) with longer lifespans.

4. Preventive Maintenance:
- Regularly update firmware, replace aging cables, and monitor performance.

5. Fault Tolerance:
- Design networks with self-healing capabilities (e.g., Spanning Tree Protocol for loop prevention).

Availability Design Considerations

Strategies to Maximize Availability:
1. Failover Systems:
- Automatically switch to backup systems during failures (e.g., redundant servers).
2. Load Balancing:
- Distribute traffic across multiple paths/devices to prevent congestion.
- Example: Using multiple switches to handle traffic in a large office.
3. Disaster Recovery Planning:
- Uninterruptible Power Supplies (UPS): Protect against power outages.
- Data Replication: Mirror critical data to off-site or cloud backups.
4. Scalability:
- Design networks to handle growth (e.g., adding new users/devices) without downtime.
5. Proactive Monitoring:
- Use tools like SNMP (Simple Network Management Protocol) to detect issues early.

24
Relationship Between Reliability and Availability
- Reliability reduces the frequency of failures.
- Availability ensures quick recovery when failures occur.
- Example:
- A reliable LAN avoids crashes due to redundant components.
- A highly available LAN restores connectivity within seconds using failover systems.

Key Challenges in LAN Design

1. Cost vs. Performance: High redundancy and quality hardware increase costs.
2. Complexity: Managing failover systems and load balancing requires expertise.
3. Environmental Factors: Power surges, physical damage, or overheating can disrupt both
reliability and availability.
Best Practices

 Aim for 99.9% (three nines) or higher availability for critical networks.
 Test redundancy and disaster recovery plans regularly.
 Document network topology and update it as the LAN evolves.

Summary
 Reliability = Preventing failures.
 Availability = Minimizing downtime.
 Both require redundancy, quality components, and proactive maintenance to ensure a robust
LAN.

Here's a more detailed explanation of each topic:

2.6.1 Reliability
Reliability in networking refers to the ability of a system or network to function correctly and consistently
over time, even in the presence of faults or failures. It ensures that data is transmitted accurately without
loss or corruption.
Key factors affecting network reliability include:
 Redundancy – Having backup devices and connections to prevent failures.

 Fault tolerance – The ability to continue operating despite hardware or software malfunctions.

25
  Error detection and correction – Mechanisms such as checksums and parity checks that ensure
accurate data transmission.

 Load balancing – Distributing traffic evenly across network devices to prevent congestion.

A reliable network minimizes downtime, ensuring continuous communication for businesses, education,
and daily activities.

2.6.2 Availability
Availability refers to the percentage of time a network or system remains operational and accessible to
users. High availability is crucial for organizations that rely on uninterrupted access to data and services.
Factors influencing network availability include:
 Uptime vs. Downtime – Availability is often measured as a percentage of uptime, e.g., "99.99%
uptime."

 Redundant power supplies and backup systems – Protects against power failures.

 Failover systems – Automatically switches to a backup system if the primary one fails.

 Disaster recovery plans – Strategies to restore services after failures.

High availability is critical in banking, healthcare, and e-commerce, where network downtime can result
in significant losses.

2.7 Reliability and Availability Design Issues for WAN

Wide Area Networks (WANs) connect geographically distant networks, making them more complex than
Local Area Networks (LANs). Ensuring both reliability and availability in WAN design involves several
challenges:
 Latency – Delays in data transmission due to the long distances data must travel.

 Network Congestion – Excessive traffic can slow down or disrupt network performance.

 Security Threats – WANs are vulnerable to cyberattacks such as Distributed Denial of Service
(DDoS) attacks.

 Hardware Failures – Routers, switches, and cables can fail, causing disruptions.

 ISP Dependency – WANs rely on Internet Service Providers (ISPs) for connectivity, making
them susceptible to external failures.

To enhance WAN reliability and availability, organizations use technologies such as Multiprotocol Label
Switching (MPLS), Software-Defined WAN (SD-WAN), and cloud-based networking solutions.

26
2.8 The Purpose of Local Area Network (LAN)
A Local Area Network (LAN) is a network that connects computers and devices within a limited
geographical area, such as a home, office, or school. LANs are designed for high-speed data exchange
and efficient communication.
Purposes and benefits of LANs include:
 Resource Sharing – Users can share files, printers, and internet connections.

 High-Speed Data Transfer – LANs provide fast communication between devices.

 Centralized Data Management – Businesses can store and manage files on centralized servers.

 Improved Security – LANs allow controlled access to network resources.

Common LAN technologies include Ethernet, Wi-Fi, and Fiber Optic networks.

2.9 The Purpose of Wide Area Network (WAN)

A Wide Area Network (WAN) connects multiple LANs over large distances, allowing businesses and
institutions to communicate across cities, countries, or continents.
Key purposes and benefits of WANs include:
 Interconnecting Remote Locations – Businesses with multiple branches can stay connected.

 Enabling Cloud Services – WANs facilitate access to cloud-based applications.

 Global Communication – Supports email, VoIP calls, and video conferencing.

 Disaster Recovery – Backup data can be stored remotely to prevent data loss.

Common WAN technologies include leased lines, Virtual Private Networks (VPNs), and satellite
communications.

2.10 Internet
The Internet is a global network of interconnected computers and devices, enabling communication,
information sharing, and online services. It functions through protocols like the Transmission Control
Protocol/Internet Protocol (TCP/IP).
Key services provided by the Internet include:
 Web Browsing – Accessing websites and information.

27
  Email Communication – Sending and receiving messages.

 Social Networking – Platforms like Facebook, Twitter, and LinkedIn.

 Cloud Computing – Accessing storage and applications online.

 E-Commerce – Online shopping and financial transactions.

The Internet plays a crucial role in education, business, and entertainment, making it an essential part of
modern life.

2.11 OSI Reference Model

The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes network
communication into seven layers, ensuring different systems can communicate effectively.
The seven layers of the OSI model are:
1. Physical Layer – Handles raw data transmission over cables, fiber optics, or wireless signals.

2. Data Link Layer – Manages data frames and error detection (e.g., Ethernet, MAC addresses).

3. Network Layer – Routes data between networks (e.g., IP addresses, routers).

4. Transport Layer – Ensures end-to-end communication (e.g., TCP, UDP).

5. Session Layer – Manages sessions and connections between applications.

6. Presentation Layer – Translates data formats (e.g., encryption, compression).

7. Application Layer – Provides user-facing services (e.g., HTTP, FTP, email).

The OSI model helps developers and engineers design efficient and interoperable networks.

28
 Chapter 3 : Project desIGn and implementation
3.1 Introduction
This section showcases how the project was actually designed and configured by the researchers
using the Cisco Packet Tracer simulation software. Some of the configured devices included
switches, computers and printers.

3.1.2 Project Goals

 The main goals of the network design project are:
 To establish a hierarchical network model with redundancy at each layer.
 To ensure reliable internet connectivity using dual ISPs.
 To build wireless and wired connections for all departments.
 To use VLANs and subnetting for better network management.
 To implement OSPF routing, DHCP, PAT, and SSH for operational efficiency and security.

3.1.3 Network Design and Topology

 The network follows a hierarchical model with three layers:
 Core Layer: Includes redundant routers and multilayer switches.
 Distribution Layer: Includes switches that connect department-specific VLANs.
 Access Layer: Connects end-user devices and wireless access points.

3.2 Switch security configuration

This section details critical security measures to protect network switches from unauthorized access and
breaches.

3.2.1console password
 This password is when you connect your pc whith the console port of your switch/router
Switch> enable
Switch# conf t
Switch (config )# line console 0
Switch (config-line )# password orbit
Switch (config-line )# login

3.2.2 privilege password

Switch> enable
Switch# conf t
Switch (config )# enable secret orbit

29
 3.2.3 Virtual Teletype (VTY) Password
Switch> enable
Switch# conf t
Switch (config )# line vty 0 15
Switch (config-line )#transport input ssh #Disable Telnet for SSH-only access
Switch (config-line )# login local
Switch (config-line )# exit

3.2.4 Encryption of All Password

 Allows you to encrypt all current and future passwords on your Switch/Router.
Switch> enable
Switch# conf t
Switch (config )# service password encryption

3.3 VLANs
Virtual LANs (VLANs) are employed to logically segment the network into distinct
broadcast domains. In this project, VLANs are used to isolate departments, such as a
Registration (VLAN 10) and Finance (VLAN 20). Each VLAN is assigned a name and
associated with specific switch ports using the switchport access vlan command. This
segmentation enhances network security, reduces broadcast traffic, and facilitates more
efficient network management. The configuration for VLANs is done on each switch,
ensuring a well-organized and secure network infrastructure.

3.3.1 VLAN Configuration

Switch> enable
Switch# conf t
Switch (config )# vlan 10
Switch (config-vlan )# name Registration
Switch (config-vlan )# exit
Switch (config )# vlan 20
Switch (config-vlan )# name Finance
Switch (config-vlan )# exit
Switch (config )# vlan 30
Switch (config-vlan )# name Office-department
Switch (config-vlan )# exit
Switch (config )# vlan 40
Switch (config-vlan )# name ICT-department
Switch (config-vlan )# exit
Switch (config )# vlan 50
Switch (config-vlan )# name Advanced-department
Switch (config-vlan )# exit

30
 Switch (config )# vlan 60
Switch (config-vlan )# name Server-Room
Switch (config-vlan )# exit
Switch (config )# do wr

3.3.2 Assigning Ports On VLANS

Switch> enable
Switch# conf t
Switch (config )# int range fa0/3-24
Switch (config-if )# switchport acces vlan 10
Switch (config-if )# switchport mode acces
Switch (config-if )# exit

3.4 Switch Port Trunking

 Is special switchport configuration that carries traffic for multiple vlans simultaneously.

3.4.1 Switch Port Trunk Configuration

Switch> enable
Switch# conf t
Switch (config )# int range fa0/1-2
Switch (config-if )# switchport mode trunk
Switch (config-if )# exit

3.5 EtherChannel
 EtherChannel is a Cisco technology that allows you to bundle multiple physical Ethernet links
into a single logical link. This logical link behaves like a single interface, which increases
bandwidth and provides redundancy.
Key Benefits of EtherChannel

1. Increased Bandwidth: Combines multiple links (e.g., 2, 4, or 8) to multiply bandwidth.

For example, four 1 Gbps links become a 4 Gbps logical connection.
2. Redundancy: If one link fails, traffic continues to flow on the remaining links, reducing
downtime.
3. Load Balancing: Distributes traffic across all links in the EtherChannel based on
MAC/IP addresses or port numbers.
4. Simplified Management: The bundle is treated as one interface (e.g., Port-Channel1), so
configurations are easier to manage.

31
 3.5.1 EtherChannel Configuration
Switch> enable
Switch# conf t
Switch (config )# int range fa0/1-2
Switch (config-if-range )# channel group 1 mode activity

3.6 Router Hostnames and Password Configuration

Router# conf t # Enters global configuration mode
Router# hostname CORE-R1 # Sets the hostname to CORE-R2
CORE-R1(config)#line console 0 # Enters console line configuration mode
CORE-R1(config-line)#password orbit # Sets the console password to 'cisco'
CORE-R1(config-line)#login # Enables login on the console line
CORE-R1(config-line)#exit # Exits console line configuration mode
CORE-R1(config)# enable password orbit # Sets the enable password to 'orbit'
CORE-R1(config)# no ip domain-lookup # Disables DNS lookup for incorrectly entered
commands
CORE-R1(config)# service password-encryption # Encrypts passwords in the
configuration
CORE-R1(config)# do wr # Writes the configuration to memory

CORE-R1(config)# ip domain name cisco.net # Configures the domain name for DNS
resolution
CORE-R1(config)# username admin password cisco # Creates a local user 'Admin' with
password 'orbit'
CORE-R1(config)# crypto key generate rsa # Generates an RSA key pair for SSH
1024 # Specifies the key size as 1024 bits
CORE-R1(config-line)# line vty 0 15 # Enters VTY line configuration mode
CORE-R1(config-line)# login local # Enables local authentication for
VTY lines
CORE-R1(config-line)# transport input ssh # Allows SSH for remote access
CORE-R1(config-line)# ip ssh version 2 # Specifies the use of SSH version 2
CORE-R1(config-line)# exit # Exits global configuration mode
CORE-R1(config)# do wr # Writes the configuration to
Memory

3.7 Assigning interface on ip address

Multi-layer switch1
Mlt-sw1# conf t
Mlt-sw1(config)#int gig1/0/1-2
Mlt-sw1(config-if)# ip address 10.10.10.0 255.255.255.252
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do wr

Mlt-sw1(config) #int gig1/0/2

32
Mlt-sw1(config-if)# ip address 10.10.10.8 255.255.255.252
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do wr

3.8 What is Erasing Configuration Files in Networking?

Erasing configuration files means deleting saved settings on a router or switch to restore it to its
factory default state.
This is commonly done when:
 Reusing the device in a new network.
 Starting a fresh configuration.
 Fixing configuration problems. Reload device

Switch> enable Switch> enable

Switch# erase startup-config Switch# reload

3.8.1 Erasing NVRAM Configuration Files

 NVRAM (Non-Volatile RAM) stores the startup configuration of a router or switch the
settings that load when the device reboots.
Erasing NVRAM means deleting that saved configuration, effectively restoring the device to
factory default settings.

3.9 Router on Stick

 Router-on-a-Stick is a network design that allows multiple VLANs to communicate
with each other using only one physical router interface. Instead of using multiple
physical connections for each VLAN, the router uses subinterfaces (virtual interfaces)
on a single physical port.

3.9.1 How It Works (In Simple Terms):

1) A switch has multiple VLANs (e.g., VLAN 10, VLAN 20).

2) Devices in VLAN 10 can talk to each other, but not to devices in VLAN 20.
3) A router is connected to the switch using one cable (one port).
4) This port is configured as a trunk, which carries traffic for all VLANs.
5) On the router, that single port is divided into virtual subinterfaces — each one handles
traffic for a specific VLAN.
6) Each subinterface has an IP address, which acts as the default gateway for devices in
that VLAN.
7) When a device in VLAN 10 sends data to VLAN 20, the switch sends the data to the
router, the router routes it, and then sends it back through the same trunk port to VLAN
20.

33
Example Scenario:
VLAN 10 = Registration (192.168.10.1)
VLAN 20 = Finance (192.168.20.1)

 Without a router-on-a-stick, these VLANs can’t talk.

With router-on-a-stick, traffic is routed between them through a single interface on the
router "like many lanes of traffic using one road."

3.9.1 Advantages:
 Saves ports: only one interface is needed for multiple VLANs.
 Simple and cost-effective for small to medium networks.
 Easy to implement and understand.

3.10 What is Inter-VLAN Configuration?

 Inter-VLAN Configuration is the setup process that allows devices in different
VLANs to communicate with each other.

Layer 3 switching using SVIs

 Here Inter-VLAN Routing is implemented by L3 switches. The Inter-VLAN

configuration is done according to this:

Inter-vlan configuration on l3 switch

Mlt-sw1> enable
Mlt-sw1# configure terminal
Mlt-sw1(config)#interface vlan 10
Mlt-sw1(config-if)# ip address 192.168.10.1 255.255.255.0
Mlt-sw1(config-if)# ip helper-address 192.168.60.2
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do write

Mlt-sw1(config)#interface vlan 20
Mlt-sw1(config-if)# ip address 192.168.20.1 255.255.255.0
Mlt-sw1(config-if)# ip helper-address 192.168.60.2
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do write

Mlt-sw1(config)#interface vlan 30
Mlt-sw1(config-if)# ip address 192.168.30.1 255.255.255.0

34
 Mlt-sw1(config-if)# ip helper-address 192.168.60.2
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do write

Mlt-sw1(config)#interface vlan 40
Mlt-sw1(config-if)# ip address 192.168.40.1 255.255.255.0
Mlt-sw1(config-if)# ip helper-address 192.168.60.2
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do write

Mlt-sw1(config)#interface vlan 50
Mlt-sw1(config-if)# ip address 192.168.50.1 255.255.255.0
Mlt-sw1(config-if)# ip helper-address 192.168.60.2
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do write

Mlt-sw1(config)#interface vlan 60
Mlt-sw1(config-if)# ip address 192.168.60.1 255.255.255.0
Mlt-sw1(config-if)# no shutdown
Mlt-sw1(config-if)# exit
Mlt-sw1(config)# do write
3.11 What is Telephone Service Configuration
Telephone service configuration refers to the process of setting up and managing phone
services, especially in a network that uses VoIP (Voice over IP) technology. This configuration
allows phones to work over a computer network instead of traditional phone lines.

It includes settings that control how phone calls are made, received, and handled within the network.
These settings may include assigning extension numbers to phones, setting up voicemail, call
forwarding, call waiting, caller ID, and enabling communication between phones inside and outside the
organization.

In business networks using IP phones and routers or switches, the configuration is usually done
by a network administrator. It helps ensure that all phones are properly connected, can
communicate clearly, and meet the needs of the organization.

Configuration can be done using network devices like routers (e.g., using Cisco’s Call Manager
Express), or through software and web interfaces provided by the service or equipment provider.

The exact configuration options and steps may vary depending on the type of network, devices used,
and the services required

35
3.12 What is Dynamic Host Configuration Protocol
(DHCP)?
DHCP stands for Dynamic Host Configuration Protocol. It is a network service that
automatically gives IP addresses and other network settings to devices (like computers,
phones, printers, etc.) when they connect to a network.

Why is DHCP important?

 When a device joins a network, it needs:
 An IP address (unique number to communicate).
 A subnet mask (to understand the network structure).
 A default gateway (to reach other networks like the internet).
 A DNS server address (to translate website names to IP addresses).

 Without DHCP, all of this would have to be entered manually on each device,
That takes time and leads to errors.
 DHCP makes this easy by automatically assigning all of these settings to
devices.

 DHCP and IP Address Allocation: Dynamic Host Configuration Protocol (DHCP)

functionality and IP address allocation were tested to ensure that devices
received the correct IP addresses dynamically and that devices in the server
room had static IP assignments.

3.13 Port Security

 Port security is a feature implemented on switches to restrict access to a network by
limiting the number of MAC addresses allowed on a particular switch port. This helps
prevent unauthorized devices from connecting to the network. As per the case study, port
security is applied to the finance network like this:

36
 Some common features of switch port security may include:

 MAC address filtering: Allowing only specific MAC addresses to connect to a switch port.
 MAC address limitation: Limiting the number of MAC addresses that can connect to a switch port.
 Port lockdown: Locking down a switch port to a specific MAC address, preventing any
other devices from connecting.
 Violation actions: Configuring actions to be taken when a violation occurs, such as shutting
down the port, sending an alert, or logging the event
3.13.1 port security for Finance department
Finance> enable
Finance# conf t
Finance(config)# interface range fastEthernet 0/3 – 24
Finance(config-if-range)# switchport port-security
Finance(config-if-range)# switchport port-security maximum 1
Switch(config-if-range)# switchport port-security mac-address sticky
Switch(config-if-range)# switchport port-security violation shutdown
Switch(config-if-range)# exit
Switch(config)# do wr

In this configuration:

 interface range fastEthernet0/3-24: This specifies a range of Fast Ethernet

switch ports (from 3 to 24) that are associated with the Finance department.
 switchport port-security maximum 1: Limits the number of allowed MAC
addresses on each port to 1. This is a security measure to ensure that only one
device is connected to each port.
 switchport port-security mac-address sticky: Enables sticky MAC addresses.
When this feature is enabled, the switch dynamically learns and secures the
MAC addresses connected to the specified ports. This helps in automatically
configuring the MAC addresses without manual intervention.
 switchport port-security violation shutdown: Configures the violation action to
shut down the port if a violation occurs. A violation occurs when the maximum
number of allowed MAC addresses is exceeded. Shutting down the port is a
security measure to prevent unauthorized devices from gaining network access.

3.14 Open Shortest Path First (OSPF)

 Open Shortest Path First (OSPF) : is a type of routing protocol used in computer
networks to help routers decide the best path for sending data.
 OSPF is a link-state routing protocol, which means each router shares information
about its direct connections (links) with other routers. This helps all routers build a
complete map of the network.

37
  OSPF uses a math method called Dijkstra’s algorithm to calculate the shortest
path from one router to another. It chooses the path based on something called cost,
which usually depends on the speed or reliability of the link — lower cost = better
path.
 OSPF works at Layer 3 (Internet Layer) of the OSI model, which is the same
layer where IP addresses are used.

Routers using OSPF exchange information by sending special messages called OSPF
advertisements. These messages include:

 The router's IP address

 Subnet mask
 Link cost (the value used to find the best route)

With all this information, each OSPF router creates a network map and figures out the best
path to reach every other device in the network.

Ospf on layer 3 switches and routers

Mlt-sw1# conf t
Mlt-sw1(config)# ip routing
Mlt-sw1(config)# router ospf 10

Mlt-sw1(config-router)# router-id 2.2.2.2

Mlt-sw1(config-router)# network 192.168.10.0 0.0.0.255 area 0

Mlt-sw1(config-router)# network 192.168.20.0 0.0.0.255 area 0

Mlt-sw1(config-router)# network 192.168.30.0 0.0.0.255 area 0

Mlt-sw1(config-router)# network 192.168.40.0 0.0.0.255 area 0

Mlt-sw1(config-router)# network 192.168.50.0 0.0.0.255 area 0

Mlt-sw1(config-router)# network 192.168.60.0 0.0.0.255 area 0

Mlt-sw1(config-router)# network 10.10.10.0 0.0.0.3 area 0

Mlt-sw1(config-router)# network 10.10.10.8 0.0.0.3 area 0

Mlt-sw1(config-router)# end

Mlt-sw1# wr

38
Core router
CORE-R1# conf t

CORE-R1(config)# router ospf 10

CORE-R1(config-router)# router-id 3.3.3.3

CORE-R1(config-router)# network 10.10.10.0 0.0.0.3 area 0

CORE-R1(config-router)# network 10.10.10.4 0.0.0.3 area 0

CORE-R1(config-router)# network 103.133.254.0 0.0.0.3 area 0

CORE-R1(config-router)# network 103.133.254.8 0.0.0.3 area 0

CORE-R1(config-router)# end

CORE-R1# write memory

CORE-R1# exit

ISP
ISP-1# conf t
ISP-1(config)# router ospf 10
ISP-1(config-router)# router-id 5.5.5.5
ISP-1(config-router)# network 103.133.254.0 0.0.0.3 area 0
ISP-1(config-router)# network 103.133.254.4 0.0.0.3 area 0
ISP-1(config-router)# end
ISP-1# write memory
ISP-1# exit

3.15 Cisco IOS Access Control List (ACL)

Access Control Lists (ACLs) in Cisco IOS are rules applied to router interfaces to permit or
deny traffic based on conditions like IP address, protocol, and port number. ACLs help secure
and manage traffic in a network.

39
3.15.1 Standard ACLs

These ACLs filter traffic based only on the source IP address of the packet. They are numbered
from 1 to 99 and use the "access-list" command followed by the ACL number

3.15.2 Extended ACLs

These ACLs filter traffic based on source and destination IP addresses, port numbers, and protocols. They are
numbered from 100 to 199 and use the "access-list" command followed by the ACL number.

3.16 What Does Network Time Protocol (NTP) Mean?

NTP (Network Time Protocol) is a network protocol used to synchronize the clocks of
computers, routers, switches, and other devices over a network.

Feature Description
Purpose Ensures all devices in a network share the same accurate time.
Port Uses UDP port 123.
Hierarchical system of time accuracy. Lower stratum = closer to
Stratum Levels
accurate source.
Source Often synchronizes time with internet time servers or GPS clocks.
Security Can be secured with authentication to prevent spoofed time sources.
3.17 NTP Router Configuration in Cisco IOS
To configure Network Time Protocol (NTP) on a Cisco router, you need to:
 Specify an NTP server
 (Optionally) configure authentication
 Verify synchronization status

3.18 Firewall
A firewall is a security system that monitors and controls incoming and outgoing network traffic
based on predetermined security rules. It acts as a barrier between a trusted internal network
and untrusted external networks, such as the internet.

 Types: Hardware firewall, software firewall, and cloud-based firewall.

 Functions:

40
 o Packet filtering

o Stateful inspection

o Proxy services

o Network address translation (NAT)

3.19 Trusted Network

A trusted network is a network that is considered secure and under administrative control.
Devices on this network are allowed to communicate freely with each other.

 Typically refers to an internal LAN.

 Users and systems are authenticated and monitored.

 Firewalls are configured to allow more open access to/from trusted networks.

3.20 Untrusted Network

An untrusted network is one that is not under administrative control and may pose security
risks. The internet is the most common example.

 Firewalls restrict or filter traffic from untrusted networks.

 Access is limited and monitored.

 Requires stronger authentication and encryption mechanisms.

3.21 What Is Default Routing?

A default route is used when a router does not know how to reach a particular destination
network. It is a "catch-all" route that sends unknown traffic to a specific next-hop IP or exit
interface.

For Routers
CORE-R1# conf t

CORE-R1(config)# ip route 0.0.0.0 0.0.0.0 se0/2/0

CORE-R1(config)# ip route 0.0.0.0 0.0.0.0 se0/2/1 70

CORE-R1(config)# do wr

41
For multi-layer switch
Mlt-sw1# conf t
Mlt-sw1(config)# ip route 0.0.0.0 0.0.0.0 gig1/0/1
Mlt-sw1(config)# ip route 0.0.0.0 0.0.0.0 gig1/0/2 70
CORE-R1(config)# do wr

3.21 Monitoring and Management

 3.21.1 SNMP Configuration

 Simple Network Management Protocol (SNMP) is configured to facilitate monitoring and
management of network devices. The following is a general example of SNMP
configuration on a Cisco router:

# Enable SNMP

snmp-server community <community-string>RO # Set the SNMP community

string for read-only access
snmp-server enable traps # Enable SNMP traps for event
notification

# Configure SNMP traps to be sent to a management server

snmp-server host <management-server-IP> <community-string> # Set the

management server IP and community string for traps

IP ADDRESSING SCHEMA
Provide details about the IP addressing scheme applied to the network

Departments N.Address Subnet-musk Host Address range Broadcast ddress Puplic Ip b/w
CORE and ISP
Registration 192.168.10.0 255.255.255.0/24 192.168.10.1 to 192.168.10.254 192.168.10.255
103.133.254.0/30
Finance 192.168.20.0 255.255.255.0/24 192.168.20.1 to 192.168.20.254 192.168.20.255
103.133.254.4/30
Office-Dep 192.168.30.0 255.255.255.0/24 192.168.30.1 to 192.168.30.254 192.168.30.255
103.133.254.8/30
Ict-Dep 192.168.40.0 255.255.255.0/24 192.168.40.1 to 192.168.40.254 192.168.40.255
103.133.254.12/3
0
Advanced- 192.168.50.0 255.255.255.0/24 192.168.50.1 to 192.168.50.254 192.168.50.255
Server-Room 192.168.60.0 255.255.255.0/24 192.168.60.1 to 192.168.60.254 192.168.60.255

42
CHAPTER FOUR: IMPLEMENTATION AND TESTING
4.1 Introduction
This chapter describes the implementation and testing phases of the network project. The
implementation was carried out using Cisco Packet Tracer, where the full design was built,
configured, and evaluated for proper functionality. The objective was to ensure the designed
network met all predefined requirements, including scalability, redundancy, performance, and
security. The chapter includes screenshots from the simulation as well as detailed testing
results.

4.2 Network Snapshot

4.2.1 Components
The network design for the project incorporates the following devices:
4.2.1.2 Routers (4):
o 2 ISP router for upstream connectivity.
o Positioned at the core layer for redundancy.
o Connect to both ISPs for internet connectivity.
o Configured with static, public IP addresses from ISPs.
4.2.1.3 Multilayer Switches (2):
o Deployed at the core layer to provide redundancy and efficient routing.
o Configured for both switching and routing functionalities.

43
 o Assigned IP addresses to enable inter-VLAN routing

4.2.1.4 Distribution Layer Switches (Multiple):

o Connect individual departments to the core layer.
o Facilitate communication within respective VLANs.

4.2.1.5 End-User Devices (PCs):

o Deployed at the access layer.
o Connected to distribution layer switches for departmental access.

4.2.1.6 Cisco Access Points (APs):

 Positioned at the access layer to provide wireless connectivity.
 Ensure wireless network availability in each department.

4.2.1.7 DHCP Servers (1):

 Located in the server room.
 Dynamically allocate IP addresses to end-user devices.

4.2.1.8 Server Room Devices (Servers, etc.):

 DNS server, HTTP server etc.
 Devices in the server room are allocated static IP addresses.
 These devices may include servers, storage units, and networking
equipment.

 These devices collectively form a structured and well-organized network

architecture, integrating redundancy, efficient routing, and secure communication
to meet the specific requirements of the trading floor support center's operations.

4.3 Testing and Validation

Simulation
Packet Tracer was utilized to simulate and test the designed network. Packet Tracer is
a network simulation tool that provides a virtual environment for designing,
configuring, and testing network scenarios. The simulation process involves:

44
4.3.1 Network Topology Design:
The network topology, including routers, switches, PCs, servers, and other
devices, was designed within Packet Tracer based on the specified
requirements.

4.3.2 Configuration Implementation:

Using the designed topology, configurations were implemented on routers, switches,
and other network devices according to the provided guidelines. Cisco Packet Tracer
allows users to configure devices with a user-friendly interface similar to actual Cisco
devices.

4.3.3 Traffic Simulation:

Packet Tracer allows the simulation of network traffic and communication between
devices. This involves generating traffic, testing connectivity, and ensuring that data
flows as expected.

4.4 Types of Network Testing

 The following types of testing were applied to ensure a thorough evaluation of the
network:
 Functional Testing: Checking basic operations such as IP assignment and
communication.
 Performance Testing: Measuring latency using ping and throughput analysis.
 Security Testing: Validating ACLs and SSH configurations.
 Redundancy and Failover Testing: Verifying network reliability during
device/link failures.
 Simulation Testing: Using Cisco Packet Tracer’s simulation mode to visualize
data flows.

45
CHAPTER FIVE: CONCLUSION AND FUTURE ENHENCEMENT
5.1 Introduction

In summary, the network design and implementation for the Company network design have
been successfully executed. Key achievements include a hierarchical network model with
redundancy at multiple layers, departmental segmentation through VLANs, inter-VLAN
routing, robust security measures, effective NAT and PAT configurations, and Quality of
Service (QoS) prioritization. Thorough testing using Cisco Packet Tracer ensured proper
functionality and alignment with project requirements. The resulting network provides
scalability, security, and efficiency, meeting the specified needs of the organization.

5.2 Lessons Learned

Throughout the project, several valuable lessons have been learned:

 Redundancy is Key: The inclusion of redundancy at various levels is crucial

for maintaining network availability and minimizing downtime.
 Effective VLAN Design: Proper VLAN segmentation enhances security
and facilitates organizational structure, simplifying network
management.
 Thorough Testing Matters: Rigorous testing using simulation tools like
Cisco Packet Tracer is essential to identify and rectify issues before
deployment.
 Security is a Priority: Robust security measures, including ACLs and port-
security, are fundamental in safeguarding the network against unauthorized
access.
 Scalability Considerations: Designing the network with scalability in mind
allows for future growth and expansion without significant overhauls.
 Documentation is Essential: Comprehensive documentation of
configurations, IP addressing, and design decisions streamlines

46
 troubleshooting and future modifications.

5.3 Future enhacement

Potential Improvements

 Network Monitoring Tools

 Enhanced Security Measures
 Virtualization Technologies
 Advanced Routing Protocols
 IPv6 Implementation
 Wireless Network Expansion
 Cloud Integration

 Ongoing Training and Skill Development

 Regular Security Audits
 Energy Efficiency Measures

47