Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
10 views7 pages

Net 3 Q

This Low-Level Design (LLD) document outlines the technical specifications for a secure and scalable network installation for ABC Company, covering two branch offices and a head office. Key components include hierarchical network design, VLAN segmentation, routing configurations, and security measures to support 500 users at the head office and 20 users at each branch. The document also details device naming conventions, a bill of quantities, and material requirements to ensure the network meets industry best practices.

Uploaded by

yonasgosa6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
10 views7 pages

Net 3 Q

This Low-Level Design (LLD) document outlines the technical specifications for a secure and scalable network installation for ABC Company, covering two branch offices and a head office. Key components include hierarchical network design, VLAN segmentation, routing configurations, and security measures to support 500 users at the head office and 20 users at each branch. The document also details device naming conventions, a bill of quantities, and material requirements to ensure the network meets industry best practices.

Uploaded by

yonasgosa6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Low-Level Design (LLD) Documentation

Network Installation Project for ABC Company

Table of Contents

1. Executive Summary

2. Definitions & Acronyms

3. Introduction

4. Network Infrastructure Design

 Hierarchical Design

 Physical Design

 Logical Design

5. VLAN & IP Addressing Plan

6. Routing Configuration

7. Security Architecture

8. Device Naming Conventions

9. Bill of Quantity (BoQ)

10. Material Requirements

11. Configuration Templates

12. Appendix

1. Executive Summary

This document provides a granular technical blueprint for designing and deploying a secure, scalable
network for ABC Company. It addresses the requirements for two branch offices and a head office (G+5)
with 6 departments, 7 applications, and end-to-end security. Key components include hierarchical LAN
design, VLAN segmentation, static routing, firewall policies, and device hardening.

2. Definitions & Acronyms

 VLAN : Virtual Local Area Network

 ACL : Access Control List


 OSPF : Open Shortest Path First

 NAT : Network Address Translation

 QoS : Quality of Service

 IDS/IPS : Intrusion Detection/Prevention System

 DMZ : Demilitarized Zone

3. Introduction

The network must support 500 users at the head office and 20 users at each branch, with application
access control (e.g., Finance restricted from the internet). The design prioritizes redundancy, security,
and ease of management using a hierarchical model.

4. Network Infrastructure Design

4.1 Hierarchical Design

Head Office (G+5):

 Core Layer : Dual Cisco Catalyst 9500 switches for high-speed backbone connectivity (10Gbps
links).

 Distribution Layer : Cisco Catalyst 9300 series switches with inter-VLAN routing, QoS, and ACL
enforcement.

 Access Layer : Cisco Catalyst 2960-L series switches with PoE for IP phones and end-user devices.

 Firewall : Cisco ASA 5506 with DMZ for public-facing servers (Web, Mail, CBE).

Branch Offices:

 Collapsed Core/Distribution : Cisco ISR 4451 routers with integrated switching modules (Cisco
Catalyst 2960-L).

 Access Layer : Cisco Catalyst 2960-L switches for end-user connectivity.

4.2 Physical Design

 Head Office :

 Redundant fiber links (MMF) between floors.

 Star topology with Core switches as central points.

 Redundant power supply for critical devices.

 Branch Offices :
 Single fiber link to HQ via MPLS.

 Daisy-chained access switches with STP for loop prevention.

4.3 Logical Design

 VLAN Segmentation :

 VLAN 10: Management (192.168.10.0/24)

 VLAN 20: HR (192.168.20.0/24)

 VLAN 30: Finance (192.168.30.0/24) – No Internet Access

 VLAN 40: Engineering (192.168.40.0/24)

 VLAN 50: Administration (192.168.50.0/24)

 VLAN 60: ICT (192.168.60.0/24)

 VLAN 100: Public (Web/Mail/CBE) – DMZ (192.168.100.0/24)

 Routing :

 Static routes for branch offices to HQ.

 Default route on HQ firewall to ISP.

 OSPF for internal routing within HQ.

5. VLAN & IP Addressing Plan

Department VLAN ID Subnet Gateway Purpos

Management 10 192.168.10.0/24 192.168.10.1 Admin

HR 20 192.168.20.0/24 192.168.20.1 HR Syst

Finance 30 192.168.30.0/24 192.168.30.1 Restric

Engineering 40 192.168.40.0/24 192.168.40.1 Oil tick

Administration 50 192.168.50.0/24 192.168.50.1 Genera


Department VLAN ID Subnet Gateway Purpos

ICT 60 192.168.60.0/24 192.168.60.1 Networ

Public (DMZ) 100 192.168.100.0/24 192.168.100.1 Web, M

Rationale :

 VLANs isolate traffic for security and reduce broadcast domains.

 Subnets align with department sizes (e.g., /24 supports 254 hosts for scalability).

6. Routing Configuration

Head Office:

plaintext

ip route 0.0.0.0 0.0.0.0 192.168.100.254 (Default route to firewall)

router ospf 1

network 192.168.10.0 0.0.0.255 area 0

network 192.168.20.0 0.0.0.255 area 0

... (repeat for all VLANs)

Branch Offices:

plaintext

ip route 192.168.0.0 255.255.0.0 10.0.1.254 (Static route to HQ)

ip route 0.0.0.0 0.0.0.0 10.0.1.254 (Default route to HQ)

VPN Configuration:
 Site-to-site IPsec tunnel between HQ and branches.

 Pre-shared keys with AES-256 encryption.

7. Security Architecture

 Firewall Rules :

 Deny Finance (VLAN 30) from accessing public IPs (192.168.100.0/24).

 Allow Web, Mail, and CBE servers in DMZ to internet.

 ACLs :

plaintext

access-list 101 deny ip 192.168.30.0 0.0.0.255 192.168.100.0 0.0.0.255

access-list 101 permit ip any any

 Device Hardening :

 Disable unused switch ports.

 Enable SSH (version 2) and disable Telnet.

 Implement SNMPv3 with strong community strings.

8. Device Naming Conventions

 Head Office :

 Core Switch: HQ-CRSW-01, HQ-CRSW-02

 Distribution Switch: HQ-DISW-01, HQ-DISW-02

 Branch Offices :

 Branch 1: BR1-FWRTR-01, BR1-ACSW-01

 Branch 2: BR2-FWRTR-01, BR2-ACSW-01

9. Bill of Quantity (BoQ)


Device Model Quantity Rationale

Core Switch Cisco Catalyst 9500 2 High throughput, redun

Distribution Switch Cisco Catalyst 9300 2 Layer 3 routing, QoS

Access Switch Cisco Catalyst 2960-L 25 Cost-effective, PoE supp

Firewall Cisco ASA 5506 1 DMZ, stateful inspectio

Router Cisco ISR 4451 2 Integrated switching, VP

Wireless Access Point Cisco Aironet 2800 10 Secure Wi-Fi for mobile

10. Material Requirements

 Cabling :

 OM4 Multimode Fiber (500m) for backbone.

 Cat6 UTP for horizontal cabling.

 Racks : 42U server racks with cable management.

 Power : PDU units with surge protection.

11. Configuration Templates

Switch Configuration Example :

plaintext

5
6

hostname HQ-CRSW-01

enable secret StrongPass!

ip domain-name abccompany.local

crypto key generate rsa

line vty 0 15

transport input ssh

Firewall Configuration Example :

plaintext

access-list OUTSIDE_IN extended deny ip 192.168.30.0 255.255.255.0 192.168.100.0 255.255.255.0

access-group OUTSIDE_IN in interface outside

12. Appendix

 Network Diagrams : Logical (Packet Tracer) and physical layouts.

 IP Allocation Spreadsheet : Detailed VLANs, subnets, and gateways.

 Security Policy : Password complexity, patch management, and audit logs.

End of Document

This LLD ensures ABC Company’s network meets scalability, security, and application-specific
requirements while adhering to industry best practices.

You might also like