ENTERPRISE NETWORK FOR MULTI BRANCH

ORGANIZATION
A Project Report Submitted to

SRM INSTITUTE OF SCIENCE AND TECHNOLOGY

In Partial Fulfilment of the Requirements for the Award of the Degree of

MASTER OF COMPUTER APPLICATIONS

By

NIRMALRAJ M

Reg.No. RA2332241010085
Under the guidance of

Mr. J. VENKATA SUBRAMANIAN MCA.,M.Phil.,M.S.,PH.D

DEPARTMENT OF COMPUTER APPLICATIONS

FACULTY OF SCIENCE AND HUMANITIES

SRM INSTITUTE OF SCIENCE AND TECHNOLOGY

Kattankulathur – 603 203

Chennai, Tamilnadu

APRIL – 2025
 BONAFIDE CERTIFICATE

This is to certify that the project report titled “ENTERPRISE

NETWORK FOR MULTI BRANCH ORGANIZATION” is a bonafide
work carried out by NIRMALRAJ M (RA2332241010085) under my
supervision for the award of the Degree of Master of Computer Applications.
To my knowledge the work reported herein is the original work done by this
students.

Mr. J. VENKATA SUBRAMANIAN Dr. R. JAYASHREE

Assistant Professor Associate Professor and Head

Department of Computer Applications Department of Computer

Applications

( GUIDE )

INTERNAL EXAMINER EXTERNAL EXAMINER

 DECLARATION OFASSOCIATION OF RESEARCH PROJECT

WITH SUSTAINABLE DEVELOPMENT GOALS

This is to certify that the research project entitled “ Enterprise Network

for Multi-Branch Organization ” carried out by Mr. NIRMALRAJ M under
the supervision of Dr. J. VENKATA SUBRAMANIAN in partial fulfillment
of the requirement for the award of the Post-Graduation program has been
significantly or potentially associated with SDG Goal No. 09 (NINE) titled
INDUSTRY, INNOVATION, AND INFRASTRUCTURE.

This study focuses on enhancing connectivity, security, and efficiency in

enterprise networks across multiple branches. By implementing advanced
networking solutions, such as cloud-based systems, SD-WAN, and
cybersecurity protocols, the project ensures seamless communication and data
exchange between branches. It supports digital transformation, improves
operational efficiency, and fosters sustainable infrastructure for businesses. The
research contributes to resilient network architectures, innovation in enterprise
solutions, and robust IT frameworks, aligning with the above-mentioned SDG
on both national and international levels.

SIGNATURE OF THE STUDENT GUIDE

HEAD OF THE DEPARTMENT

 ACKNOWLEDGEMENT

With profound gratitude to the ALMIGHTY, I take this chance to thank the people
who helped me to complete this project.

I take this as a right opportunity to say THANKS to my parents who are there to stand
with me always with the words “YOU CAN”.

I are thankful to Dr. T. R. Paarivendhar, Chancellor, and Prof. A. Vinay Kumar,

Pro Vice-Chancellor (SBL), SRM Institute of Science and Technology, who gave us the
platform to establish me to reach greater heights.

I earnestly thank Dr. A. Duraisamy, Dean, Faculty of Science and Humanities, SRM
Institute of Science and Technology, who always encourage us to do novel things.

A great note of gratitude to Dr. S. Albert Antony Raj, Deputy Dean, Faculty of
Science and Humanities for his valuable guidance and constant Support to do this Project.

I express our sincere thanks to Dr. R. Jayashree, Associate Professor and Head, for
her support to execute all incline in learning.

It is our delight to acknowledge Dr. J. Venkata Subramanian, Assistant

Professor, Department of Computer Applications, for her help, support, encouragement,
suggestions, and guidance, which have helped to establish us to greater heights throughout
the development phases of the project.

I convey our gratitude to all the faculty members of the department who extended
their support through valuable comments and suggestions during the reviews.

Our gratitude to friends and people who are known and unknown to me who helped in
carrying out this project work a successful one.

NIRMALRAJ M (RA2332241010085)
COMPANY OFFER LETTER
PLAGIARISM CERTIFICATE
 TABLE OF CONTENT

CHAPTER TOPIC PAGE.

NO NO

ABSTRACT 1
INTRODUCTION
CHAPTER 1 1.1 Analysis and Requirements 2
1.2 Problem Description

CHAPTER 2 BUSINESS SCENARIO ANALYSIS 7

PROPOSED NETWORK DESIGN AND IMPLEMENTATION
CHAPTER 3 3.1 The Layered Hierarchical Network Design 10
3.2 Redundancy and Scalability in the Network
3.3 Security in the Company Network
ADDRESSING SCHEME DESIGN
CHAPTER 4 4.1 Existing System 14
4.2 Proposed System
4.3 Feasibility Study
NETWORK PROTOCOLS AND DESIGN STRATEGIES
CHAPTER 5 DISCUSSION 17
5.1 Devices Choice and Naming System
5.2 Design IP Addressing and Allocation
5.3 Basic Device Configurations or Settings
5.4 VLAN Configuration
5.5 Inter-VLAN Routing
5.6 EtherChannel or Link Aggregation Configuration
5.7 Server Farm Static IPv4 Addressing
5.8 DHCP Server Configuration and Hosts Allocation
5.9 OSPF Routing Protocol Configuration
5.10 Default Static Route Configuration
5.11 Site to Site IPsec VPN Configuration
5.12 Cisco ASA Firewall Configuration
5.13 Wireless Network using Access Points
5.14 Communication in the Network

CHAPTER 6 NETWORK REDUNDANCY PROTOCOLS 27

CHAPTER 7 SECURITY THREAT EVALUATOIN AND SOLUTIONS 43

CHAPTER 8 SECURE INTERNET AND COMMUNICATION DESIGN 49

CHAPTER 9 ROUTING PROTOCOL SELECTION 55

CHAPTER 10 NETWORK MANAGEMENT METHODS 61

CHAPTER 11 IMPLEMENTATION AND TESTING 68

CHAPTER 12 CONCLUSION 73

CHAPTER 13 REFERENCES 77

APPENDIX 79
 ABSTRACT

This project focuses on the design and implementation of a Scalable

Enterprise Network for Multi-Branch organization to support seamless
communication and collaboration across multiple branch offices. Leveraging
Cisco Packet Tracer and EVE-NG, the project adopts a hierarchical network
design model to ensure scalability, high availability, and efficient resource
utilization. The network topology integrates core, distribution, and access
layers, with proper cabling and basic device configurations to create a reliable
foundation. VLAN segmentation is utilized to isolate traffic, with both data and
voice VLANs configured and ports assigned accordingly. Subnetting and IP
addressing are meticulously planned to optimize network performance and
minimize conflicts. Inter-VLAN routing is implemented using both Switch
Virtual Interfaces (SVIs) and Router-on-a-Stick methods to ensure smooth
communication between VLANs. Advanced network configurations include the
use of a dedicated DHCP server for dynamic IP allocation in data VLANs, and
routers configured as DHCP servers for voice VLANs to support IP telephony.
EtherChannel with LACP is deployed for link aggregation, enhancing
bandwidth and fault tolerance. Secure remote access is achieved using SSH,
with access restrictions enforced via standard ACLs on VTY interfaces. To
enable efficient inter-branch communication, OSPF is configured as the
dynamic routing protocol. Additionally, Port Address Translation (PAT) is
implemented for NAT, with ACLs ensuring secure and controlled access. VoIP
services are configured on routers for seamless voice communication, while
site- to-site IPsec VPNs are deployed to secure inter-branch connectivity over
public networks. This project serves as a comprehensive guide to building a
robust network infrastructure for multi-branch organizations, addressing both
current and future needs.

1
 CHAPTER : 1

INTRODUCTION

2
1. Introduction

Networking is a fundamental aspect of modern computing, enabling

seamless communication between devices, applications, and services. A well-
structured network plays a crucial role in ensuring efficient data transmission,
reducing latency, and maintaining security within an organization. As
businesses and institutions rely heavily on digital infrastructure, the need for a
scalable, reliable, and secure network topology becomes essential.

This project focuses on designing and implementing a network topology

that meets organizational requirements, optimizes performance, and enhances
security. The network will integrate various networking devices such as routers,
switches, firewalls, and end-user devices to establish a robust infrastructure that
ensures uninterrupted communication and resource sharing. A key objective of
this project is to develop a topology that minimizes downtime, supports future
scalability, and incorporates redundancy to prevent single points of failure.
Security is also a primary consideration, as cyber threats continue to evolve,
making it imperative to implement protective measures such as firewalls,
VLAN segmentation, and access control policies. The development process
for this network topology involves multiple stages:

1) Requirement Gathering and Analysis – Understanding the needs of the

organization and identifying key components for the network.
2) Network Topology Design – Creating a structured layout based on best
practices to ensure efficient data flow and scalability.
3) Implementation of Networking Devices – Configuring routers, switches,
firewalls, and other necessary hardware/software components.
4) Testing and Validation – Ensuring the network functions correctly,
troubleshooting issues, and optimizing performance.
5) Documentation and Finalization – Recording configurations,
documenting
3
findings, and preparing for deployment and maintenance.

4
1.1 Analysis and Requirements

A thorough analysis was conducted to identify user needs and technical

constraints, ensuring that the network topology meets the required performance,
security, and scalability standards. The analysis phase involved evaluating
existing infrastructure, identifying key challenges, and formulating a network
design that optimizes data flow while maintaining security and reliability. To
enhance the design process, a UML-based model was developed to represent the
network architecture visually. This model provides a structured overview of
how different components interact, ensuring clarity in implementation and
future scalability.

System-Level Requirements

The network topology must fulfill the following system-level

requirements:

1) High-Speed Connectivity: The network should ensure minimal latency

and high bandwidth for seamless communication between devices.
2) Secure Access Control Mechanisms: Only authorized users and devices
should be able to access specific network resources, preventing
unauthorized intrusions.
3) Scalability: The architecture should be designed to support future
expansion without requiring a complete overhaul.
4) Redundancy: Failover mechanisms should be in place to prevent
disruptions in case of hardware failure or unexpected downtime.
5) Network Segmentation: Logical segmentation of departments using
VLANs for better traffic management and security.
6) Cloud and Remote Access Integration: Support for cloud-based
services and remote access using VPN technologies.

5
 7) Efficient Routing Protocols: Dynamic routing protocols should be
implemented to optimize data flow and ensure efficient packet delivery.
8) Load Balancing: Traffic should be distributed evenly across the network
to avoid congestion and ensure optimal performance.

Software-Level Requirements

In addition to system-level requirements, the network also relies on

various software configurations to ensure security, monitoring, and efficient
operation. These include:

1) Configuration of VLANs: VLAN segmentation should be implemented

to isolate network traffic and enhance security.
2) Implementation of Dynamic Routing Protocols: Protocols like OSPF
and EIGRP should be used to ensure fast and reliable routing decisions.
3) Firewall Configurations: Firewalls should be deployed with predefined
security rules to prevent unauthorized access and cyber threats.
4) Access Control Lists (ACLs): ACLs should be configured to restrict
access based on user roles and device permissions.
5) Network Monitoring and Logging: Tools such as SNMP, NetFlow, and
Syslog should be integrated for real-time performance assessment and
troubleshooting.
6) VPN Implementation: Secure VPN tunnels should be established for
remote access and encrypted communications.
7) Intrusion Detection and Prevention Systems (IDS/IPS): Security
systems should be in place to detect and mitigate potential threats.
8) Automated Configuration Management: Network automation tools
should be utilized to streamline device configurations and updates.
9) Backup and Disaster Recovery: Regular backups and a disaster
recovery plan should be in place to restore the network in case of failures.

6
1.2 Problem Description/Modules Description

The project is divided into multiple modules, each addressing specific

aspects of network design and implementation:

1) Network Design Module: Focuses on creating a logical and physical

topology, selecting appropriate devices, and defining IP addressing
schemes.
2) Implementation Module: Involves configuring network devices such as
routers, switches, and firewalls according to the design specifications.
3) Security Module: Implements access control mechanisms, firewalls, and
encryption protocols to enhance security.

7
 CHAPTER : 2

BUSINESS SCENARIO ANALYSIS

8
2. Business Scenario Analysis
1) Overview

The organization requires a robust and secure network infrastructure to

support its growing operations across multiple branches. The existing network
faces challenges in handling increased traffic, maintaining reliability, and
ensuring data security. Therefore, a new network design is necessary to enhance
performance, improve security, and accommodate future expansion.

2) Scalability Requirements

With the anticipated growth of the organization, the network must be designed
to handle an increasing number of devices and users without affecting
performance. Proper IP addressing and VLAN segmentation will ensure
efficient traffic management and reduce network congestion.

3) Ensuring Redundancy and High Availability

To prevent service disruptions, redundancy mechanisms such as multiple

routers, switches, and backup links will be implemented. Protocols like HSRP
(Hot Standby Router Protocol) and EtherChannel will be used to maintain
network availability during hardware failures or link disruptions.

4) Addressing Security Challenges

Protecting sensitive data is a top priority. The network will incorporate

security measures like firewalls, access control lists (ACLs), and site-to-site
IPsec VPNs to safeguard communications and prevent unauthorized access.

5) Facilitating Seamless Communication

Seamless communication between branches is crucial for business

operations. Inter-VLAN routing will enable communication between different
departments while maintaining traffic control. VPNs will ensure secure access
for remote users.
9
6) Implementing Effective Network Management

The IT team needs centralized control to monitor and manage the network
efficiently. Network management tools will be deployed to enable real-time
monitoring, fault detection, and performance optimization.

7) Planning for Future Expansion

The network design must support future expansion, allowing new

branches, users, and devices to integrate smoothly. Dynamic routing protocols
like OSPF will adapt to network changes, ensuring scalability without requiring
major reconfiguration.

8) Key Considerations

The proposed network addresses the organization’s need for scalability,

reliability, security, and ease of management. This analysis lays the groundwork
for a future-proof network that aligns with the organization's evolving business
requirements.

10
 CHAPTER : 3

PROPOSED NETWORK DESIGN AND IMPLEMENTATION

11
3. Proposed Network Design and Implementation

A study Hamid (2015) states that the possibility that every network is
rated to be perfect and error-free is very minimal supposed it is subjected to
proper expert analysis and evaluation or the attacker’s penetration capabilities.
Hence, IT administrators should always be vigilant, careful, not be too confident
and unrelactant after implementing networks because the network might seem
complete to them in terms of information security principles but when this
network is evaluated by experts or whitehat hackers, it turns out to be highly
vulnerable. Therefore, IT guys should always try to take into considerations the
disaster recovery plans, continuous updates to new technologies, managed
security solutions among other network security preventive measures.

For a sample case study, the CyberNet Ltd company is intended to

implement its network to connect the headquarters and the three branches so
that users in these branches can communicate and share network resources and
services. This network should be developed with scalability in mind since the
company expects to employ more people in future. Therefore, to achieve this
future-oriented topology that upholds the information security principle of
confidentiality, integrity, and availability (CIA), the network is required to be of
high performance, more redundant to eliminate a single point of failure, and is
more secured from attackers or any other factors that may compromise the
network system. Therefore, the following strategies were employed in the
telephony network design;

The Layered Hierarchical Network Design

Danilo (2018) states that the layered network design gives a three
conceptual layers of the network design and implementation in order to
improve performance, security, and to easen the network maintenance (Danilo,
2018). These three layers includes the core, distribution, and the access

12
layers that

13
provides various and different functions in the layered architecture to achieve a
specific network objective. With the help of the layered network architecture,
network engineers will have a good understanding of how to build a high
performance, scalable, secure, and easy to manage network (Sinket, 2019).
Therefore, the CyberNet Network hierarchical model is fostered together with
mesh topology that includes all nodes cooperating to distribute data amongst
each other, and also while connecting the end devices, there is star topology that
includes all nodes connecting to a central device.

The following attached is the proposed network design;

3.1 Redundancy and Scalability in the Network

To prevent a single point of failure in any network, it is best to have

availability and reliability in mind during the design and implimentation. For
example, the access switches are connected to two multilayer switches and in
event one core switch is down, the second one will carry on with the
communication. The term redundancy in networking is term used to describe
strategy including more than one or multiple links in the network such that
14
when

15
one is down, the other redundant link is applicable (Mas-Machuca, 2016). In
this network sytem, redundancy was implemented through the use of
etherchannel and also more than two core switches/routers/firewalls and
multiple links between the devices i.e. between the access and multilayer
switches as shown in the topology.

Future expansion is also very vital design, therefore, the CyberNet

network was designed to support future expansion, since more modules can be
added without affecting the network performance.

3.2 Security in the Company Network

Security is a very important aspect in every network and in this telephony

company network, the following security measures were put in; only authorized
users have access because all the devices have passwords (for line console,
VTY, and privilege EXEC), SSH for remote login, the Virtual Local Area
Network (VLAN) provides segmentation and security. Site-to-site IPsec VPN
was also implemented to create a secure tunnel for communication between the
branches and the headquarters. Finally, the Cisco ASA firewall has been
implemented to create different security levels between the inside and outside
networks and ensure that only the inside network can initiate communication.
Traffic originating from outside to inside the network will be denied

16
 CHAPTER : 4

ADDRESSING SCHEME DESIGN

17
4. Addressing Scheme Design

A well-structured IP addressing scheme is crucial for ensuring efficient

network management, scalability, and security. In this project, the addressing
scheme was carefully designed to meet organizational needs while simplifying
future expansion and troubleshooting.

1) IP Addressing Structure

The network uses a hierarchical addressing model, dividing the IP space

into multiple subnets based on department, branch location, and device type.
Private IPv4 addresses were chosen according to RFC 1918 standards to
enhance security and avoid IP conflicts with public networks.

2) Subnet Allocation

Each department and branch was assigned a dedicated subnet to optimize

traffic flow and minimize broadcast domains. The subnet mask was carefully
selected to balance address space utilization and minimize wastage. For
example:

 Headquarters: 172.16.1.0,172.16.2.0,172.16.3.0/24
 Branch 1: 172.16.5.0,172.16.5.128/25
 Branch 2: 172.16.6.0,172.16.6.128/25
 Branch 3: 172.16.7.0,172.16.7.128/25
3) VLAN Assignment

Separate subnets were assigned to different VLANs, ensuring logical

segmentation of network traffic. This improves security by isolating
departments and reduces congestion by limiting broadcast traffic. VLAN IDs
were mapped to IP subnets for easy identification.

18
4) Address Reservation

Critical devices such as routers, switches, servers, and firewalls were

allocated static IP addresses to ensure stability and ease of management.
Dynamic Host Configuration Protocol (DHCP) was configured to assign IP
addresses dynamically to end devices such as desktops, laptops, and mobile
devices.

5) Gateway and DNS Configuration

Each subnet has a default gateway assigned to its respective router

interface, ensuring proper routing between subnets and to the internet. DNS
servers were centrally managed, providing hostname resolution across the entire
network.

6) Future Scalability

The addressing scheme was designed with scalability in mind, reserving

unused IP blocks for future expansion. Additional subnets can be added without
requiring significant reconfiguration of the existing infrastructure.

7) Documentation and Management

A detailed IP addressing plan was documented, including device names,

assigned IPs, and purpose. This documentation ensures efficient network
management, simplifies troubleshooting, and aids in onboarding new IT staff.

-keeping ensures a smooth workflow for both donors and NGOs. Given these
operational advantages, the system is expected to be widely accepted by users.

19
 CHAPTER : 5

NETWORK PROTOCOLS AND DESIGN STRATEGIES

DISCUSSION

20
5. Network Protocols and Design Strategies Discussion
5.1 Devices Choice and Naming System

In the network, all the devices including the switches, routers, firewall,
computers, printers, access points, IP Phones, tablets, and smartphones were
chosen after a thorough evaluations and all were named as per the company
naming conventions as shown below;

 Firewall- Cisco ASA 5506 firewall was used in the network and was named
PERIMETER-FIREWALL
 Routers- 2811 Cisco Router was chosen and has been named according to
the purpose i.e., CORE-ROUTER.
 Multilayer Switches- 3650-24PS layer-3 switches were chosen and have
been named according to the purpose i.e., CORE-SW1, CORE-SW2.
 Access Switches- 2960 layer-2 switches were chosen and have been
named according to the department: for example; MK-SW, HR-SW,
FIN-SW, SNM-SW, etc.
 Access points- Cisco AP-PT devices were used in the network and were
named according to the departments; MK-AP, HR-AP, FIN-AP etc.
 All the PCs have been named according to the department i.e., MK-PC,
HR-PC, etc

21
 .5.2 Design IP Addressing and Allocation

Concerning the network requirement, we evaluated the device

requirements and made the following addressing schemes to satisfy the need.

Between the Routers, ISPs, Firewalls, Core Swiches

Network Address Broadcast

No. Devices & Subnet Mask Usable Addresses Address
1 CLOUD to ISP-Router-1 200.100.50.8/30 200.100.50.9 and 200.100.50.11
200.100.50.10
2 CLOUD to ISP-Router-2 200.100.50.12/30 200.100.50.13 and 200.100.50.15
200.100.50.14
3 ISP-Router-1 to Firewall-1 200.100.50.0/30 200.100.50.1 and 200.100.50.3
200.100.50.2
4 ISP-Router-2 to Firewall-2 200.100.50.4/30 200.100.50.5 and 200.100.50.7
200.100.50.6
5 Firewall-1 to Core-Router-1 10.10.4.76/30 10.10.4.77 and 10.10.4.79
10.10.4.78
6 Firewall-1 to Core-Router-2 10.10.4.84/30 10.10.4.85 and 10.10.4.87
10.10.4.86
7 Firewall-2 to Core-Router-1 10.10.4.80/30 10.10.4.81 and 10.10.4.83
10.10.4.82
8 Firewall-2 to Core-Router-2 10.10.4.88/30 10.10.4.89 and 10.10.4.91
10.10.4.90
9 Core-Router-1 to HQ-Router-1 10.10.4.60/30 10.10.4.61 and 10.10.4.63
10.10.4.62
10 Core-Router-1 to HQ-Router-2 10.10.4.68/30 10.10.4.69 and 10.10.4.71
10.10.4.70
11 Core-Router-1 to Lagos-Router 10.10.4.56/30 10.10.4.57 and 10.10.4.59
10.10.4.58
12 Core-Router-1 to OGUN-Router 10.10.4.48/30 10.10.4.49 and 10.10.4.51
10.10.4.50
13 Core-Router-1 to ABIA-Router 10.10.4.40/30 10.10.4.41 and 10.10.4.43
10.10.4.42
14 Core-Router-2 to HQ-Router-1 10.10.4.64/30 10.10.4.65 and 10.10.4.67
10.10.4.66
15 Core-Router-2 to HQ-Router-2 10.10.4.72/30 10.10.4.73 and 10.10.4.75
10.10.4.74
16 Core-Router-2 to Lagos-Router 10.10.4.52/30 10.10.4.53 and 10.10.4.55
10.10.4.54
17 Core-Router-2 to OGUN-Router 10.10.4.44/30 10.10.4.45 and 10.10.4.47
10.10.4.46
18 Core-Router-2 to ABIA-Router 10.10.4.36/30 10.10.4.37 and 10.10.4.39
10.10.4.38
19 HQ-Router-1 to HQ-MLSW1 10.10.4.0/30 10.10.4.1 and 10.10.4.2 10.10.4.3
20 HQ-Router-1 to HQ-MLSW2 10.10.4.4/30 10.10.4.5 and 10.10.4.6 10.10.4.7
21 HQ-Router-2 to HQ-MLSW1 10.10.4.8/30 10.10.4.9 and 10.10.4.10 10.10.4.11
22
 22 HQ-Router-2 to HQ-MLSW2 10.10.4.12/30 10.10.4.13 and 10.10.4.15
10.10.4.14
23 Lagos-Router to Lagos-MLSW1 10.10.4.12/30 10.10.4.13 and 10.10.4.15
10.10.4.14
24 Lagos-Router to Lagos-MLSW2 10.10.4.16/30 10.10.4.17 and 10.10.4.19
10.10.4.18
25 Ogun-Router to Ogun-MLSW1 10.10.4.20/30 10.10.4.21 and 10.10.4.23
10.10.4.22
26 Ogun-Router to Ogun-MLSW2 10.10.4.24/30 10.10.4.25 and 10.10.4.27
10.10.4.26
27 Abia-Router to Abia-MLSW1 10.10.4.28/30 10.10.4.29 and 10.10.4.31
10.10.4.30
28 Abia-Router to Abia-MLSW2 10.10.4.32/30 10.10.4.33 and 10.10.4.35
10.10.4.34

The Departmental LANs

No. BRANCH Network Usable Addresses Broadcast

Address & Address
Subnet Mask
1 HQ-SOFTWARE DEPT LAN 10.10.0.0/24 10.10.0.1 to 10.10.0.254 10.10.0.255
2 HQ-RESEARCH DEPT LAN 10.10.1.0/26 10.10.1.1 to 10.10.1.62 10.10.1.63
3 HQ-ADMIN/MANAGEMENT 10.10.1.64/26 10.10.1.65 to 10.10.1.126 10.10.1.127
LAN
4 HQ-SALES/MARKETING 10.10.1.128/26 10.10.1.129 to 10.10.1.190 10.10.1.191
LAN
5 HQ-HR/FINANCE LAN 10.10.1.192/27 10.10.1.193 to 10.10.1.222 10.10.1.223

6 LAGOS-SALES/MARKETING 10.10.2.0/26 10.10.2.1 to 10.10.2.62 10.10.2.63

LAN
7 LAGOS-SERVICE LAN 10.10.2.64/26 10.10.2.65 to 10.10.2.126 10.10.2.127

8 OGUN-SALES/MARKETING 10.10.2.128/26 10.10.2.129 to 10.10.2.190 10.10.2.191

LAN
9 OGUN-SERVICE LAN 10.10.2.192/26 10.10.2.193 to 10.10.2.254 10.10.2.255

10 ABIA-SALES/MARKETING 10.10.3.0/26 10.10.3.1 to 10.10.3.62 10.10.3.63

LAN
11 ABIA-SERVICE LAN 10.10.3.64/26 10.10.3.65 to 10.10.3.126 10.10.3.127

23
5.3 Basic Device Configurations or Settings

In the network, we have carried out basic device settings using the CLI
and configured settings such as the hostnames, banner messages, line console
password, priviledge mode password, line vty password and SSH, username and
password, domain name, disabling IP domain lookup, exec timeout and logging
synchronous, and finally, encrypted all the configured passwords. The following
are a sample of basic configuration results in one of the switches.

N/B--Using this command on preiviledge exec mode: show startup-config

24
5.4 VLAN Configuration

For improved security, segmentation and easy maintenance, each

department in every branch in the network is in a different VLAN and assigned
to a different subnet. Several VLANs were implemented for example VLANs
10, 20, 30, 40 , 50, 60, 70, 80, 90, 100, 110, and 199. The following are a
sample of VLAN configuration results in one of the switches.

N/B--Using this command on preiviledge exec mode: show vlan brief

25
5.5 Inter-VLAN Routing

By default, the devices in different VLANs will not communicate unless

an inter-VLAN protocol is implemented for communication. During the
configuration, we used Switch-Virtual Interface (SVI) as the protocol for inter-
VLAN routing, in which the technique was applied to all the two core switches
by creating VLAN interfaces and assigning them IP addresses and encapsulation
VLAN ID to enhance the process. The following are a sample of inter-VLAN
routing configuration results.

26
N/B--Using this command on preiviledge exec mode: show startup-config

27
5.6 EtherChannel or Link Aggregation Configuration

Link aggregation technique allows multiple switch links to combine into

one logical channel and act as a single channel of forwarding data. Wikipedia
states that a maximum of 8 links can be aggregated to form a single logical link.
This allows load sharing of traffic among the links in the channel as well as
redundancy in the event that one or more links in the channel fail. Though the
use of this technology, the network will have no wastage of bandwidth, no
loops, and there is redundancy. In the topology, we used a standard LACP
protocol (Link Aggregation Control Protocol) to create the etherchannel. The
following are a sample of LACP configuration results in one of the switches.

N/B--Using this command on preiviledge exec mode: show etherchannel or

show etherchannel port-channel

28
5.7 Server Farm Static IPv4 Addressing

All the server devices in the server room or data center are allocated IPv4
addresses statically using the address 10.10.1.224/27. The server room devices
were configured with the static IPv4 addresses and the connecting HQ-Switches
VLAN 199 interface IP address acted as the default gateway to the server room
LAN.

The diagram below show the static IPv4 assignment on three of the the
servers.

29
5.8 DHCP Server Configuration and Hosts Allocation

All the host devices in the the network except the server room devices are
allocated IPv4 addresses dynamically. The host devices are allocated IPv4
addresses dynamically by the dedicated DHCP server device located at the
server farm. The diagrams below show DHCP server configurations on the
DHCP server dedicated device, plus the evidence of automatic IPv4 assignment
on the host devices.

a) DHCP Server Setup on the Dedicated Server

30
b) Automatic IP Address Assigment

c) Windows DHCP Server in PNET Lab

31
 d) Automatic IP Address Assignment for PC in PNET

5.9 OSPF Routing Protocol Configuration

To advertise routes in the network, a dynamic routing and link-state

protocol called OSPF was employed during configuration to create an algorithm
for forwarding traffic based on the created routing table. During this
configuration, OSPF was applied in the router, core switches and the firewall to
advertise the directly attached networks. The following shows OSPF
configuration results in the router;

32
N/B--Using this command on preiviledge exec mode: show ip ospf neighbor

33
5.10 Default Static Route Configuration

To facilitate route of the packets that do not match routing table entry in
the firewall, the following default route was implemented to route packets
outside. In this project, the firewall serves as the gateway between the internal
network and the external environment. To ensure seamless traffic flow, a default
static route was configured to direct packets towards the next-hop router (often
an ISP router) when no other routes match the destination IP address.

 0.0.0.0: Represents all unknown destinations.

 <next-hop-ip>: IP address of the next-hop router.
 <administrative-distance>: Optional value used to prioritize routes when
multiple routes to the same destination exist. Lower values indicate
higher preference.

34
5.11 Site to site IPsec VPN Configuration

According to GeeksforGeeks (2020), Virtual Private Networks or VPNs

allows network users to access a private network over the Internet securely and
privately. The VPN technology will tend to create an encrypted connection
called a VPN tunnel, and all Internet traffic and communication is passed
through this secure tunnel. Therefore, the IPsec VPN will provide secure
internet communication over the IP network. IPsec will secure the IP
communication by verifying the session and encrypting all data packets during
the communication.

For security purposes in our network, a site-to-site VPN was

implemented between the HQ and server-side routers to enable the secure
communication between the HQ network and the servers. This will ensure that
all traffic between the HQ and the Server-side networks are encrypted and
cannot be read by sniffers. The implemented ACL species has a rule of allowing
only the HQ subnets to have secure communication with the servers. The
diagrams below show a sample of IPsec VPN configuration plus an indication
of encrypted traffic.

N/B--Using this command on preiviledge exec mode: show crypto ipsec sa

35
5.12 Cisco ASA Firewall Configuration

In the network, the firewall was configured to provide more security and
it’s first interface connecting to our internal network was placed at a security of
100 while the outside zone at security level 0. Hence, a zone at a lower security
level cannot initiate communication to a zone at a higher security level, as the
reverse can happen. The internal hosts were permitted to access ICMP and TCP
HTTP services from the internet. The diagram below shows firewall
configuration in the network.

N/B--Using this command on preiviledge exec mode: show startup-config

36
5.13 Wireless Network using Access Points

In the network, each branch has a designated wireless access point to

enable users to connect to the network wirelessly. The sample screenshot shows
AP configurations with evidence of connected devices. The wireless network
implemented in this project ensures reliable and secure wireless access across
all branches. The combination of strategic AP placement, robust security
protocols, and performance optimization techniques results in a highly available
and secure wireless infrastructure. Regular monitoring and proactive
management ensure continued performance and rapid issue resolution.

37
5.14 Communication in the Network

After all the good design and configurations, the network is fully
functional and of high performance. All hosts in the network can communicate
with each other including the IP Phones. Sending a ping request from one PC is
seen receiving a ping reply from that PC as shown below; Also IP phones can
call each other

PC> ping 8.8.8.8 Reply from 8.8.8.8: bytes=32 time=20ms TTL=117

The results confirmed that all hosts can communicate across the network, inter-
VLAN routing is functioning correctly, and internet access is stable. This
validates the overall network design and implementation.

38
39
 CHAPTER : 6

NETWORK REDUNDANCY PROTOCOLS

40
6. Network Redundancy Protocols

In modern networking, redundancy plays a vital role in ensuring high

availability, fault tolerance, and uninterrupted connectivity. Redundancy
protocols are implemented to prevent single points of failure by providing
alternate paths for data transmission. This section explores the key redundancy
mechanisms employed in the proposed network design.

6.1 Importance of Network Redundancy

Network redundancy is critical to maintaining business continuity. It

ensures that if a primary device, link, or path fails, traffic is rerouted through
backup pathways, minimizing downtime and maintaining service availability. In
enterprise environments, even a few minutes of downtime can result in
significant financial losses and disruptions to operations.

Benefits of network redundancy include:

 High availability of network services

 Minimized downtime during hardware failures or link disruptions
 Enhanced load balancing and traffic distribution
 Improved fault tolerance and reliability

6.2 Redundancy Protocols Implemented

Several redundancy protocols have been implemented in this project to

ensure continuous operation and optimize data flow. Key protocols include:

6.2.1 Hot Standby Router Protocol (HSRP)

HSRP is a Cisco proprietary redundancy protocol that provides network

resilience by ensuring continuous availability of the default gateway. In the
proposed design, HSRP is configured between core routers at the headquarters
and between distribution routers at the branch offices.

41
  One router is elected as the Active Router, handling traffic under normal
conditions.
 A second router is designated as the Standby Router, monitoring the
Active Router’s status.
 If the Active Router fails, the Standby Router takes over as the default
gateway, ensuring uninterrupted communication.

Configuration Example

 interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 standby 1 ip 192.168.1.254
 standby 1 priority 110
 standby 1 preempt

6.2.2 Virtual Router Redundancy Protocol (VRRP)

VRRP is a vendor-neutral protocol that provides the same functionality as

HSRP but can be implemented on multi-vendor networks. In this project, VRRP
has been used in scenarios where non-Cisco devices are integrated with Cisco
routers, ensuring interoperability and high availability.

6.2.3 Gateway Load Balancing Protocol (GLBP)

GLBP enhances redundancy by not only providing failover capabilities

but also load balancing between multiple gateways. Unlike HSRP and VRRP,
GLBP actively uses multiple routers simultaneously, distributing incoming
traffic across all available paths.

 Each router is assigned a virtual IP address, shared among the group.

 GLBP elects an Active Virtual Gateway (AVG) to assign traffic to Active
Virtual Forwarders (AVFs), ensuring balanced traffic distribution.

42
6.3 Link Redundancy with EtherChannel

EtherChannel (also known as Port Aggregation) bundles multiple

physical links into a single logical connection between switches or routers,
increasing bandwidth and providing fault tolerance. If one physical link fails,
the remaining links continue to handle traffic, ensuring uninterrupted
communication.

Benefits

 Increased bandwidth by aggregating multiple links

 Automatic failover if one link fails
 Prevents Spanning Tree Protocol (STP) loops by presenting multiple
links as one logical connection

Configuration Example

 interface Ethernet0/2
 channel-group 5 mode desirable
 interface Ethernet0/3
 channel-group 5 mode desirable

6.4 Spanning Tree Protocol (STP)

STP prevents broadcast storms and loops in Layer 2 networks by

dynamically blocking redundant links. In the proposed design, STP is
configured on switches to ensure a loop-free topology while allowing redundant
paths for failover.

 Root Bridge Election: Ensures a central switch is selected to manage STP

decisions.
 Path Cost Calculation: Determines the best path for data flow.
 Rapid Spanning Tree Protocol (RSTP) is used for faster convergence in
case of link failures.

43
6.5 Dual ISP Redundancy

For internet access, the headquarters is equipped with dual ISP

connections. If the primary ISP fails, traffic automatically switches to the
secondary ISP, ensuring continuous connectivity to cloud services and remote
users.

6.6 Testing Redundancy

Redundancy mechanisms were thoroughly tested in Cisco Packet Tracer

to ensure proper failover and load balancing:

6.6.1 Test Scenarios

1) Simulating Router Failures

 Disabled the primary router to test HSRP and VRRP failover times.
 Verified that the standby router took over as the active router instantly,
maintaining connectivity.

2) EtherChannel Failover

 Disconnected one physical link in the EtherChannel bundle, confirming

that traffic seamlessly shifted to the remaining links without packet loss.

3) STP Convergence

 Disconnected a redundant link to observe STP’s reaction time.

 RSTP reconverged in less than 10 seconds, enabling backup paths
without noticeable downtime.

4) ISP Failover Testing

 Simulated primary ISP failure by disabling the primary router’s interface.

 Confirmed that traffic automatically switched to the secondary ISP,
maintaining internet access.

44
5) Load Balancing Verification

 Monitored traffic distribution across redundant links using show

etherchannel summary and show spanning-tree commands.

6.6.2 Test Results

 HSRP/VRRP Failover: Seamless switchover with negligible packet loss.

45
 CHAPTER : 7

SECURITY THREAT EVALUATOIN AND SOLUTIONS

46
7. Security Threat Evaluation and Solutions

7.1 Introduction to Network Security

In today’s digital landscape, network security is crucial for protecting

sensitive data, ensuring uninterrupted service, and preventing unauthorized
access. As organizations grow, the complexity of their network increases,
exposing them to a wide range of security threats. This section evaluates
potential security threats and proposes robust solutions to mitigate risks and
enhance network security.

7.2 Identifying Security Threats

A thorough assessment of the network’s vulnerabilities reveals several

key threats:

1) Unauthorized Access: Attackers gaining access to internal systems through

weak authentication mechanisms.
2) Man-in-the-Middle (MITM) Attacks: Intercepting communication
between devices to steal or alter data.
3) Denial of Service (DoS) and Distributed Denial of Service (DDoS)
Flooding the network with traffic to overwhelm systems and cause service
disruptions.
4) Malware and Ransomware: Malicious software that can encrypt data, steal
sensitive information, or disrupt services.
5) Insider Threats: Employees or contractors misusing access privileges to
compromise security.
6) Phishing Attacks: Social engineering techniques used to trick users into
revealing credentials.
7) Weak Passwords and Credential Theft: Exploiting weak passwords to
gain unauthorized access.

47
8) Lack of Network Segmentation: Allowing unrestricted access across
departments increases the attack surface.
9) Physical Security Risks: Unauthorized physical access to network devices.
10) Unpatched Systems and Software Vulnerabilities: Outdated software
exposing the network to known exploits.

7.3 Implemented Security Solutions

To mitigate these risks, several security mechanisms have been

implemented across the network:

7.3.1 Access Control Mechanisms

Role-Based Access Control (RBAC): Limits access to network

resources based on user roles.

Multi-Factor Authentication (MFA): Adds an extra layer of security

beyond just passwords.

7.3.2 Encryption Techniques

IPsec VPN: Encrypts communication between remote users and

headquarters.

TLS/SSL: Ensures secure web communication.

7.3.3 Network Segmentation

Virtual Local Area Networks (VLANs): Isolates traffic between

departments, reducing the attack surface.

Inter-VLAN Routing: Controlled access between VLANs enhances

security.

48
7.3.4 Threat Detection and Prevention

Intrusion Detection and Prevention Systems (IDPS): Monitors traffic

for malicious activities.

Access Control Lists (ACLs): Filters traffic at router interfaces, blocking

unauthorized access.

7.3.5 Firewall Implementation

Cisco ASA Firewall: Protects the internal network from external threats
and controls inbound/outbound traffic.

Zone-Based Firewall Policies: Segregates internal and external zones to

enforce strict access policies.

7.3.6 Regular Patch Management

Automated Updates: Ensures routers, switches, and servers receive

timely security patches.

7.3.7 Security Awareness Training

Phishing Awareness Campaigns: Educates employees on identifying and

avoiding social engineering attacks.

7.3.8 Physical Security Measures

Biometric Access Control: Restricts physical access to server rooms and

network equipment.

Surveillance Cameras: Monitors access points to detect unauthorized

entry.

7.4 Security Testing and Validation

Comprehensive security testing was conducted to validate the

effectiveness of these solutions:

49
  Penetration Testing: Simulated attacks were conducted to identify
vulnerabilities.
 Vulnerability Scanning: Tools like Nessus scanned the network for
misconfigurations and outdated software.
 Firewall Rule Audits: Ensured ACLs and firewall rules effectively
blocked unauthorized traffic.

7.5 Incident Response Plan

A structured incident response plan was developed to handle potential

security breaches:

 Detection: Monitoring tools alert IT staff in real-time.

 Containment: Immediate isolation of affected devices.
 Eradication: Removal of malware and patching vulnerabilities.
 Recovery: Restoring operations with minimal downtime.
 Post-Incident Review: Identifying root causes and improving defenses.

7.6 Continuous Monitoring and Improvement

Network security is an ongoing process. Real-time monitoring tools such

as SNMP and NetFlow provide continuous visibility into network traffic,
ensuring quick detection of anomalies. Regular audits and penetration tests are
scheduled to keep defenses updated against evolving threats.

7.6.1 Real-Time Monitoring

Real-time monitoring tools were integrated to keep track of network

traffic and system health:

 SNMP (Simple Network Management Protocol): Provided real-time

alerts on device status, bandwidth usage, and potential failures.
 NetFlow: Analyzed traffic patterns to detect anomalies such as
bandwidth spikes, port scans, or potential DoS attacks.

50
7.6.2 Threat Intelligence and Patch Management

 Subscribed to threat intelligence feeds to stay updated on emerging

vulnerabilities and attack techniques.
 Established a patch management process to apply firmware updates and
security patches as soon as they are released.

51
 CHAPTER : 8

SECURE INTERNET AND COMMUNICATION DESIGN

52
8. Secure Internet and Communication Design

In an enterprise network, secure internet access and reliable

communication are essential to ensure data integrity, protect sensitive
information, and facilitate smooth operations across geographically dispersed
branches. This section delves into the strategies and technologies employed to
create a secure and efficient communication infrastructure while providing
controlled access to the internet.

8.1 Importance of Secure Internet and Communication

In today’s interconnected environment, ensuring secure communication is

critical for protecting data while in transit and safeguarding organizational
resources from cyber threats. The primary objectives of this design are.,

 Protecting internal network resources from unauthorized access.

 Enabling secure communication between remote branches and
headquarters.
 Providing controlled internet access to prevent malicious activities.
 Ensuring data privacy through encryption mechanisms.

8.2 Internet Access Architecture

The network design integrates multiple layers of security to protect users

accessing the internet while monitoring and controlling traffic.

 Dedicated Internet Gateway: A centralized internet gateway routes

traffic through firewalls, ensuring that only authorized traffic reaches the
external network.
 Dual ISP Redundancy: Two internet service providers (ISPs) are used to
ensure failover and maintain uninterrupted access if one provider
experiences downtime.

53
  NAT (Network Address Translation): Private IP addresses are
translated into public addresses, enhancing security by masking internal
network structure.

8.3 Virtual Private Network (VPN) Implementation

A VPN was implemented to ensure encrypted communication between

branches and remote workers accessing the corporate network.

 Site-to-Site VPN: Establishes secure tunnels between headquarters and

branch offices, ensuring sensitive data travels securely across public
networks.
 Remote Access VPN: Allows employees to securely connect to the
internal network from remote locations. Authentication mechanisms like
multi-factor authentication (MFA) were implemented to strengthen
security.

VPN Configuration Example

 crypto isakmp policy 10

 encryption aes
 hash sha256
 authentication pre-share
 group 2
 lifetime 86400

8.4 Firewall Deployment

The firewall serves as the primary defense mechanism for controlling

traffic entering and leaving the network.

 Cisco ASA Firewall: Deployed at the perimeter to filter malicious

traffic, enforce policies, and prevent unauthorized access.

54
  Access Control Lists (ACLs): Applied to router interfaces to regulate
traffic, blocking suspicious IP addresses and controlling access to
sensitive resources.

Example ACL Rule

 access-list 101 deny ip 192.168.1.0 0.0.0.255 any

 access-list 101 permit ip any any

8.5 Web Filtering and Content Control

To prevent access to malicious or non-work-related websites.

 Web Filtering Policies: Restrict access to sites categorized as harmful,

ensuring employees only access authorized content.
 DNS Filtering: Blocks known malicious domains by analyzing DNS
requests and filtering out suspicious entries.

8.6 Email Security Measures

Email communication is one of the most common attack vectors.

Measures implemented include.,

 Spam Filters: Automatically filter out phishing attempts and unwanted

emails.
 Email Encryption: Ensures that sensitive email content is encrypted,
protecting it from interception.
 DMARC, SPF, and DKIM: Protect the organization’s email domain
from spoofing and phishing attacks.

8.7 Intrusion Detection and Prevention Systems (IDPS)

An IDPS monitors traffic to detect and prevent unauthorized activities.

 Intrusion Detection Systems (IDS): Alerts the administrator of

suspicious activities.

55
  Intrusion Prevention Systems (IPS): Automatically blocks malicious
traffic before it reaches internal resources.

8.8 Network Segmentation

Network segmentation isolates traffic to prevent unauthorized access

between departments.

 VLANs: Segmented the network into different departments, reducing the

impact of breaches and limiting lateral movement.
 Inter-VLAN Routing: Allows communication between VLANs while
enforcing security policies.

8.9 Secure Communication Protocols

Secure communication protocols were deployed to protect data during

transmission.

 HTTPS: Ensures secure access to web applications.

 SSH (Secure Shell): Provides encrypted access for remote device
management.
 IPsec: Encrypts data at the network layer, securing site-to-site
communication.

8.10 Monitoring and Logging

Continuous monitoring and logging provide visibility into network

activity.

 Syslog Servers: Collect logs from all network devices, providing a

centralized repository for reviewing security incidents.
 SNMP (Simple Network Management Protocol): Monitors device
performance and generates alerts in case of anomalies.

56
8.11 Redundancy and Failover

Redundant paths ensure uninterrupted service.

 HSRP (Hot Standby Router Protocol): Provides a backup router in case

the primary fails.
 Load Balancing: Distributes traffic across multiple links, ensuring
optimal utilization and failover in case of link failure.

8.12 Security Testing and Validation

Testing was conducted to ensure the effectiveness of the security measures.

 Penetration Testing: Simulated attacks were conducted to identify

vulnerabilities.
 Packet Capture Analysis: Tools like Wireshark monitored traffic for
suspicious behavior.

57
 CHAPTER : 9

ROUTING PROTOCOL SELECTION

58
9. Routing Protocol Selection

Routing is the process of determining the best path for data packets to
travel across a network. In a large-scale enterprise network, selecting the
appropriate routing protocol is crucial to ensuring efficient data flow, quick
convergence, scalability, and fault tolerance. This section dives deep into the
factors behind protocol selection, compares various options, and highlights the
configuration of the chosen protocols.
9.1 Importance of Routing in Enterprise Networks
In any complex network, routers make decisions about forwarding data
based on routing tables, which contain information about available routes.
Proper routing is vital to.,
 Optimize Traffic Flow: Ensuring minimal latency and balanced
bandwidth usage.
 Ensure Redundancy: Rerouting traffic in case of link failures.
 Support Scalability: Adapting to network expansion without
reconfiguring the entire system.
 Facilitate Inter-Branch Communication: Managing traffic between
headquarters, branches, and remote sites.
9.2 Types of Routing Protocols
Routing protocols can be broadly categorized into two types:
9.2.1 Static Routing
 Advantages: Simplicity, no overhead, secure since no updates are
exchanged.
 Disadvantages: Doesn’t scale well, requires manual configuration.
 Use Case: Used for defining default routes or for small networks.

59
Example Configuration
ip route 0.0.0.0 0.0.0.0 192.168.1.1
9.2.2 Dynamic Routing
Dynamic protocols automatically update routing tables when network
changes occur. They are divided into:
1) Distance Vector Protocols
 Examples: RIP, EIGRP
 Routing decisions are based on hop count.
2) Link-State Protocols
 Example: OSPF
 Each router maintains a map of the entire network.
3) Path Vector Protocols
 Example: BGP
 Used primarily for internet routing.

9.3 Protocol Comparison

Protocol Type Convergence Scalability Administrative Best For
Distance
RIP Distance Slow Small 120 Small networks
Vector
OSPF Link-State Fast Large 110 Enterprise networks
EIGRP Hybrid Fast Medium 90 Cisco-only
environments
BGP Path Vector Slow Very Large 20 (external) Internet/ISPs

9.4 Protocol Selection Criteria

Several factors influenced the choice of protocol for this project:
 Scalability: The network spans multiple branches, requiring a protocol
that scales efficiently.
 Convergence Time: Faster convergence minimizes downtime during
link failures.
 Load Balancing: Needed to distribute traffic across redundant links.

60
  Vendor Interoperability: The network includes devices from multiple
vendors.
 Security: Protocol authentication prevents unauthorized updates.
After careful evaluation, OSPF (Open Shortest Path First) was chosen
due to its scalability, fast convergence, and support for multi-vendor
environments.
9.5 Why OSPF?
OSPF is a link-state protocol that uses the shortest path first (SPF)
algorithm to calculate the best path. It divides large networks into areas to
optimize performance and reduce resource consumption. Key benefits include:
 Fast Convergence: Reacts quickly to network changes.
 Hierarchical Design: Reduces overhead by organizing routers into areas.
 Load Balancing: Supports equal-cost multi-path (ECMP) routing.
 Authentication Support: Prevents unauthorized route updates.
9.6 OSPF Configuration Steps
1) Enable OSPF Process: router ospf 1
2) Assign Router ID: router-id 1.1.1.1
3) Define OSPF Areas: network 192.168.1.0 0.0.0.255 area 0
4) Configure Authentication
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 secret123
5) Verify Configuration: show ip ospf neighbor
9.7 OSPF Area Design
The network is divided into multiple areas for scalability:
 Area 0 (Backbone Area): Connects all other areas.
 Area 1 (Headquarters): Contains core routers.
 Area 2 (Branches): Connects all branch offices.

This hierarchical design reduces the size of the link-state database

61
(LSDB), ensuring faster convergence.

62
9.8 Failure Detection and Convergence
OSPF employs several mechanisms for fast convergence:
 Hello Protocol: Detects neighbor routers.
 Dead Timer: Declares neighbors down after a specified time.
 SPF Algorithm: Recalculates the best path immediately after detecting
changes.
9.9 Redundancy and Load Balancing
OSPF supports equal-cost multi-path (ECMP) routing, allowing traffic to
be distributed evenly across multiple equal-cost paths, enhancing redundancy
and optimizing bandwidth utilization.
9.10 Security Considerations
To prevent unauthorized updates, the following security mechanisms
were implemented:
 Message Digest Authentication: Ensures OSPF packets are
authenticated.
 Passive Interfaces: Prevents unnecessary OSPF advertisements.
9.11 Performance Testing
Testing was conducted using Cisco Packet Tracer to :
 Simulate link failures and measure convergence times.
 Verify that OSPF re-routed traffic through backup links during failures.
 Ensure optimal load balancing across redundant links.
The results confirmed that OSPF converged rapidly and maintained
network stability during failures.
9.12 Future Scalability
The network design has been meticulously crafted to ensure future
scalability, leveraging OSPF’s hierarchical area structure, modular architecture,
and dynamic routing capabilities. The use of a dedicated Backbone Area (Area
0) allows new branches to be added seamlessly by assigning them to separate
OSPF areas, reducing overhead and ensuring faster convergence. The IP
63
addressing scheme has been planned with reserved address blocks for future
growth, while DHCP facilitates dynamic IP assignment as devices increase.
Redundancy mechanisms, such as HSRP/VRRP and EtherChannel, ensure high
availability and load balancing as traffic demands grow. Security measures,
including extendable firewall rules, scalable ACLs, and site-to-site VPNs, have
been designed to evolve alongside the expanding network. Centralized
monitoring through SNMP, NetFlow, and Syslog provides real-time visibility
into performance, simplifying management as the network scales. the
infrastructure is ready for emerging technologies, supporting IPv6 adoption,
cloud integration, and IoT expansion. Testing validated that OSPF convergence
remained swift, performance stayed stable, and failover mechanisms operated
seamlessly as the network grew, ensuring the design’s long-term reliability and
efficiency.

64
 CHAPTER : 10

NETWORK MANAGEMENT METHODS

65
10. Network Management Methods

Effective network management is crucial for maintaining performance,

ensuring security, and minimizing downtime in an enterprise environment. As
networks grow in complexity, implementing structured management practices
becomes essential to monitor traffic, detect anomalies, and quickly resolve
issues. This section covers the methodologies, tools, and strategies employed
for comprehensive network management.

10.1 Importance of Network Management

In a large enterprise, network management ensures:

 Performance Optimization: Identifying and addressing congestion

points.
 Fault Detection and Resolution: Rapid identification and correction of
network failures.
 Security Monitoring: Detecting unauthorized access and mitigating
threats.
 Resource Allocation: Managing bandwidth, IP addresses, and device
configurations.
 Scalability: Ensuring the network can grow without performance
degradation.

10.2 Key Components of Network Management

Network management encompasses several core functions, often referred

to as FCAPS:

 Fault Management: Identifying, isolating, and resolving failures.

 Configuration Management: Managing device settings and ensuring
consistency.
 Accounting Management: Tracking resource usage and costs.

66
  Performance Management: Monitoring bandwidth, latency, and device
health.
 Security Management: Protecting network infrastructure from threats.

10.3 Tools and Protocols for Network Management

Several tools and protocols are implemented to enable real-time

monitoring, diagnostics, and control over the network infrastructure.

10.3.1 Simple Network Management Protocol (SNMP)

SNMP is a widely used protocol that allows network administrators to

monitor devices, collect performance data, and detect faults.

Components

 Manager: Collects data from devices.

 Agent: Runs on each device, reporting statistics.
 MIB (Management Information Base): Database containing device
information.

Example SNMP Configuration

 snmp-server community public RO

 snmp-server host 192.168.1.100 public

10.3.2 Syslog

Syslog collects logs from network devices, providing a centralized view

of network events. It enables administrators to monitor real-time events and
troubleshoot issues effectively.

Configuration

 logging host 192.168.1.200

 logging trap informational

67
10.3.3 NetFlow

NetFlow collects IP traffic data, providing insights into bandwidth

utilization and traffic patterns. It helps in capacity planning and detecting
anomalies like DDoS attacks.

Configuration

 ip flow-export destination 192.168.1.50 9996

 ip flow-cache timeout active 1

10.3.4 Network Configuration and Change Management (NCCM)

NCCM tools automate configuration backups and track changes to ensure

consistent settings across all devices.

Benefits

 Automates backups.
 Tracks configuration changes.
 Provides rollback options.

10.4 Network Monitoring Methods

Continuous monitoring ensures that network performance remains

optimal, and any potential issues are detected early. The methods include.,

10.4.1 Real-Time Performance Monitoring

 Tracks bandwidth usage, latency, and packet loss.

 Alerts administrators when performance deviates from expected
thresholds.

10.4.2 Fault Detection and Alerts

 Identifies hardware failures and link disruptions.

 Sends automated alerts via email or SMS for immediate action.

68
10.4.3 Traffic Analysis

 Identifies top talkers (devices consuming the most bandwidth).

 Detects unusual spikes in traffic that may indicate security breaches.

10.5 Security Management

Securing the network is a continuous process that involves.,

 Access Control: Restricting access to critical devices using AAA

(Authentication, Authorization, Accounting).
 Encryption: Encrypting management traffic (e.g., SSH instead of Telnet).
 Security Audits: Regular audits to ensure compliance with best practices.

10.6 Configuration Management

Managing device configurations effectively prevents misconfigurations

that can lead to downtime. Key practices include.,

 Version Control: Keeping track of configuration changes.

 Automated Backups: Ensuring device configurations are backed up
regularly.
 Template Deployment: Using templates to ensure consistency across
devices.

10.7 Performance Optimization

Performance management focuses on.,

 Load Balancing: Distributing traffic evenly across multiple links.

 QoS (Quality of Service): Prioritizing critical traffic (e.g., VoIP) over
less time-sensitive data.
 Bandwidth Management: Allocating bandwidth to prevent congestion.

69
10.8 Incident Response

A structured approach to handling incidents minimizes downtime and

data loss. The process includes.,

 Detection: Identifying abnormal behavior.

 Analysis: Diagnosing the cause.
 Containment: Isolating affected devices.
 Resolution: Restoring normal operations.
 Post-Incident Review: Documenting lessons learned.

10.9 Documentation and Reporting

Maintaining accurate records is essential for troubleshooting and

compliance. The documentation process includes.,

 Topology Diagrams: Visual representation of the network.

 IP Address Management (IPAM): Tracking allocated IPs.
 Device Inventory: Keeping track of hardware and software versions.

10.10 Future Scalability and Automation

As the network grows, automation becomes essential.,

 Scripted Configurations: Automate repetitive tasks using Python or

Ansible.
 AI-Driven Analytics: Use machine learning to detect patterns and
predict failures.
 Cloud Integration: Leveraging cloud-based monitoring tools for global
visibility.

70
10.11 Testing and Validation

Before deployment, rigorous testing ensures the management methods

work as expected.,

 Simulated Failures: Testing redundancy and failover mechanisms.

 Load Testing: Ensuring the network can handle peak loads.
 Security Drills: Simulating attacks to test detection and response
capabilities.

71
 CHAPTER : 11

IMPLEMENTATION AND TESTING

72
11. Implementation and Testing
A well-structured implementation and rigorous testing process are
essential for ensuring the reliability, security, and performance of the network.
This section outlines the step-by-step process of deploying the designed
network and the comprehensive testing procedures used to validate its
functionality.
11.1 Implementation Overview
The implementation phase involved translating the network design into a
functional infrastructure. The process was carried out in several stages to
minimize risks and ensure smooth integration into the existing environment.
The stages included:
1) Pre-Implementation Planning: Reviewing the network design, creating
a rollout plan, and ensuring resource availability.
2) Hardware Deployment: Installing routers, switches, firewalls, and
access points across all sites.
3) Initial Configuration: Applying basic configurations to all devices,
including hostname assignments, interface IP addressing, and access
control measures.
4) Routing Protocol Configuration: Implementing OSPF for dynamic
routing across the enterprise.
5) Security Configuration: Applying firewall rules, VPN tunnels, and
intrusion prevention systems.
6) Testing and Optimization: Verifying the network’s performance and
security through comprehensive testing.
11.2 Hardware and Software Installation
 Router and Switch Installation: Installed Cisco ISR routers and
Catalyst switches in the headquarters and branch offices.
 Firewall Deployment: Positioned Cisco ASA Firewalls at the perimeter
to control traffic flow.
 Access Points: Deployed wireless access points to provide mobility for
employees and guests.
 Software Setup: Installed monitoring tools like Cisco Packet Tracer,
Wireshark, and SNMP monitoring utilities for performance tracking.

73
11.3 Device Configuration
Each network device underwent several stages of configuration to ensure
secure and optimal functionality:
1) Basic Device Configuration
 Assigned hostnames.
 Configured IP addresses on interfaces.
 Disabled unused ports to prevent unauthorized access.
2) VLAN Configuration
 Segmented traffic into different VLANs for better security and traffic
management.
 Assigned access ports to appropriate VLANs.
3) Inter-VLAN Routing
 Configured Layer 3 switches to handle inter-VLAN routing.
4) OSPF Configuration
 Set up OSPF across the network for efficient dynamic routing.
5) Access Control Lists (ACLs)
 Applied ACLs on router interfaces to filter unwanted traffic.
6) VPN Configuration
Established site-to-site IPsec VPN tunnels between branches to secure
communication over public networks.
Sample Configuration
 router ospf 1
 network 192.168.0.0 0.0.0.255 area 0
11.4 Security Implementation
Security measures were enforced to protect the network from potential
threats:
 Firewall Configuration: Defined security zones, created NAT rules, and
configured inspection policies.
 SSH Access: Disabled Telnet and enabled SSH for secure remote access.
 Port Security: Restricted MAC addresses per port to prevent
unauthorized device connections.
 Monitoring and Alerts: Configured SNMP and Syslog for continuous
monitoring.

74
 11.5 Testing Methodology
Testing was performed in multiple phases to validate performance,
reliability, security, and redundancy. The key tests included:
1) Connectivity Testing
Verified end-to-end connectivity between devices across VLANs and
between branches using ICMP ping tests.
2) Routing Verification
Ensured OSPF correctly propagated routes across the network using the
show ip route command.
3) Failover and Redundancy Testing
Simulated device failures to ensure redundant links and backup routers
took over without disrupting service.
4) Security Testing
 Tested ACLs by attempting unauthorized access from blocked subnets.
 Verified firewall policies by attempting to access restricted services from
external networks.
5) Load and Stress Testing
 Simulated peak traffic conditions to evaluate performance under load.
 Measured latency, packet loss, and throughput.
6) VPN Verification
Tested VPN tunnels to ensure encrypted communication between remote
sites.
7) Performance Monitoring
Monitored bandwidth usage, CPU loads, and memory utilization during
testing using SNMP and NetFlow.
11.6 Test Results
The testing phase produced the following key findings:
 Connectivity: All devices maintained stable communication across the
network.
 OSPF Convergence: OSPF converged in under 5 seconds during
simulated link failures.

75
  Failover Mechanisms: Redundant links and backup routers took over
instantly upon primary link failure.
 Security Measures: ACLs effectively blocked unauthorized access
attempts.
 VPN Performance: VPN tunnels maintained stable encryption with no
noticeable performance degradation.
 Bandwidth Utilization: Traffic was evenly distributed across redundant
links, preventing congestion.
11.7 Troubleshooting and Optimization
During testing, a few minor issues were identified and resolved:
 VLAN Mismatch: Detected on trunk links and corrected using the
switchport trunk allowed vlan command.
 High CPU Utilization on Core Routers: Optimized OSPF timers and
reduced SPF calculations.
 Redundant Link Configuration: One EtherChannel group showed
intermittent failures, resolved by reconfiguring the port-channel
interfaces.
11.8 Documentation and Knowledge Transfer
To ensure proper network management after deployment.
 Topology Diagrams: Documented the physical and logical topology.
 Configuration Backups: Saved configurations for all devices.
 Standard Operating Procedures (SOPs): Created SOPs for adding new
devices and troubleshooting.
 Training Sessions: Conducted training for IT staff to manage the
network and handle incidents.
11.9 Final Deployment
After resolving identified issues and verifying all test results, the network
was fully deployed. The following steps completed the implementation process:
1) Deployment Sign-Off: Approval from stakeholders after reviewing test
results.
2) Live Migration: Gradual migration of user traffic to the new network.
3) 24-Hour Monitoring Period: Continuous monitoring to ensure stability
post-migration.
4) Handover: Official handover of the project to the IT team.

76
CHAPTER : 12 CONCLUSION

77
12. Conclusion
The design and implementation of this secure enterprise network aimed to
address the organization's growing need for scalability, reliability, and security.
From the initial stages of business scenario analysis to the final deployment and
testing, each phase was meticulously planned to align with industry best
practices. The project not only delivered a functional network but also laid the
groundwork for future growth and resilience in the face of evolving security
threats.
The primary objectives of the project were to
 Establish a secure communication channel across multiple
branches.
 Implement redundancy mechanisms to prevent single points of
failure.
 Optimize network performance with efficient routing protocols.
 Protect sensitive data through multi-layered security measures.
 Ensure scalability to support organizational growth.
12.1 Key Achievements
Several key achievements highlight the project’s success in fulfilling its
objectives:
 Scalable Architecture: The hierarchical design using core, distribution,
and access layers ensures ease of expansion.
 Redundancy and High Availability: Implementation of redundancy
protocols like HSRP, VRRP, and EtherChannel minimizes downtime
during device or link failures.
 Enhanced Security: Deployment of access control lists (ACLs), VPNs,
and Cisco ASA firewalls provides robust protection against unauthorized
access and cyberattacks.
 Optimized Routing: OSPF’s dynamic routing capabilities ensure
efficient traffic management and fast convergence during topology
changes.
 Improved Network Visibility: Integration of SNMP and Syslog allows
real-time monitoring and alerts, enabling proactive management.
12.2 Challenges and Solutions
Several challenges were encountered during the implementation, each
addressed with appropriate solutions:
1) VLAN Misconfiguration
78
 Challenge: Incorrect VLAN assignment on trunk links caused
communication issues.

79
  Solution: Corrected the VLAN mappings and verified using show vlan
brief commands.
2) OSPF Convergence Delays
 Challenge: Suboptimal OSPF timers caused slower convergence during
failover testing.
 Solution: Tuned OSPF hello and dead intervals for faster convergence.
3) Redundant Link Failures
 Challenge: EtherChannel intermittently failed to aggregate links.
 Solution: Reconfigured Port-Channel interfaces and ensured both ends
used the same protocol (LACP).
12.4 Lessons Learned
The project provided several valuable lessons
 Thorough Planning Reduces Errors: Properly planning the IP
addressing scheme and VLAN segmentation prevented potential conflicts
during deployment.
 Redundancy Is Crucial: Implementing backup routes and redundant
devices ensured uninterrupted service during simulated failures.
 Security Is an Ongoing Process: Regular audits and patch management
are crucial to maintaining the integrity of security measures.
 Monitoring Enhances Proactive Management: Integrating tools like
SNMP, NetFlow, and Syslog gave administrators real-time insights into
network performance, allowing them to detect anomalies early.
12.5 Testing and Validation Outcomes
Testing played a pivotal role in validating the network’s performance and
security.
 Connectivity: Verified stable end-to-end communication across all sites.
 Redundancy: Successfully simulated device and link failures, with
HSRP providing seamless failover.
 Security: Confirmed that ACLs and firewalls effectively blocked
unauthorized access attempts.
 Performance: Measured latency, throughput, and packet loss under load,
ensuring the network met expected performance benchmarks.
The testing process confirmed the network’s resilience, with redundancy protocols
ensuring uninterrupted service and security measures effectively protecting
against unauthorized access.
80
12.6 Future Considerations
The current design supports future expansion, but several areas for
enhancement were identified.
 Cloud Integration: Exploring cloud-based monitoring and management
tools can provide enhanced visibility and remote troubleshooting
capabilities.
 Zero Trust Architecture: Implementing a zero-trust model will further
strengthen security by verifying every access attempt, regardless of
origin.
 Automated Configuration Management: Adopting automation tools
such as Ansible or Cisco DNA Center can streamline configuration
updates and reduce human error.
 Machine Learning for Anomaly Detection: Integrating AI-driven tools
can enable the network to detect unusual patterns and automatically
respond to potential threats.
 IPv6 Migration: As the need for global addressing grows, planning for
IPv6 adoption will future-proof the network.
12.7 Final Thoughts
This project successfully delivered a secure, scalable, and high-
performing enterprise network. The implementation of redundancy protocols,
dynamic routing, and multi-layered security measures ensures that the network
is resilient against failures and protected against security threats. Additionally,
the hierarchical network design simplifies future expansion, making the network
adaptable to the organization’s evolving needs. The use of industry-standard
tools and protocols such as OSPF, HSRP, EtherChannel, and IPsec VPN
ensured that the network adhered to best practices. Continuous monitoring and
real-time alerts through SNMP and Syslog give administrators the ability to
identify and resolve issues proactively. From the initial business scenario
analysis to the final testing and validation, this project exemplifies the
importance of a structured, methodical approach to network design. The newly
implemented network not only meets the current needs of the organization but
also provides a solid foundation for future growth and technological
advancements.
In conclusion, the project’s outcomes align with the organization’s vision
of building a secure, reliable, and scalable infrastructure. Moving forward,
regular maintenance, timely software updates, and ongoing training for IT staff
will be essential to maintaining the network’s integrity and performance. The
knowledge and insights gained throughout this project will serve as a valuable
81
reference for future network upgrades and expansions.

82
CHAPTER : 13

REFERENCES

83
13 References

1) Cisco Systems. (2020). Cisco ASA Firewall Configuration Guide. Retrieved

from: https://www.cisco.com
2) Odom, W. (2020). CCNA 200-301 Official Cert Guide, Volume 1. Cisco
Press.
3) Tanenbaum, A. S., & Wetherall, D. J. (2011). Computer Networks (5th ed.).
Pearson.
4) RFC 1918. (1996). Address Allocation for Private Internets. Retrieved from:
https://tools.ietf.org/html/rfc1918
5) Stallings, W. (2013). Foundations of Modern Networking: SDN, NFV, QoE,
IoT, and Cloud. Addison-Wesley.
6) IEEE. (2012). IEEE 802.1Q: Virtual LANs (VLANs). IEEE
Standards
Association.
7) Doyle, J., & Carroll, J. (2005). Routing TCP/IP, Volume I (2nd ed.). Cisco
Press.
8) Mas-Machuca, C. et al. (2016). Technology-related disasters: A survey
towards disaster-resilient software-defined networks. IEEE.
9) Pluralsight. (2019). Access Control Lists (ACLs) in Network Security.
Retrieved from: https://www.pluralsight.com
10) Hamid, G. (2015). Scalable Synchrophasors Communication Network
Design and Implementation for Real-Time Distributed Generation Grid.
IEEE Transactions on Smart Grid, pp. 4–11.
11) Sinket, A. (2019). Hierarchical Network Design Overview. Retrieved
from: https://www.ques10.com
12) GeeksforGeeks. (2020). Introduction to IPsec VPN. Retrieved from:
https://www.geeksforgeeks.org
13) SecureUD. (2020). Network Security Best Practices. Retrieved from:
https://www.secureus.app
14) Vestin, J., Kassler, A., & Akerberg, J. (2015). Resilient Software Defined
Networking for Industrial Control Networks. IEEE Conference on
Information, Communications, and Signal Processing.
15) Cisco Systems. (2018). OSPF Configuration Guide. Retrieved from:
https://www.cisco.com

84
APPENDIX

85
CODE SNIPPETS
**************FIREWALL GUI
CONFIGURATION**************

86
87
****************L3 SWITCH CONFIGURATION****************
R13#show start
R13#show startup-config
Using 992 out of 524288 bytes, uncompressed size = 1623 bytes
!
! Last configuration change at 09:18:17 UTC Fri Mar 21 2025
!
version 15.2
service timestamps debug datetime
msec service timestamps log datetime
msec no service password-encryption
service compress-config
!
hostname R13
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
no ip icmp rate-limit unreachable

88
!
!
!
no ip domain-lookup
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface Port-channel5
!
interface Ethernet0/0
!
interface Ethernet0/1
no switchport
ip address 10.10.4.25 255.255.255.252
!
interface Ethernet0/2
channel-group 5 mode desirable
!
interface Ethernet0/3
channel-group 5 mode desirable
!

89
interface Ethernet1/0
!
interface Ethernet1/1
!
interface Ethernet1/2
--More--
*Mar 23 10:11:25.541: %LINK-3-UPDOWN: Interface Vlan10, changed state
to up
*Mar 23 10:11:25.542: %LINK-3-UPDOWN: Interface Vlan20, changed state to
up
*Mar 23 10:11:26.543: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Vlan10, changed state to up
*Mar 23 10:11:26.543: %LINEPROTO-5-UPDOWN: Line protocol on
Interface Vlan20, changed state to up
!
interface Ethernet1/3
!
interface Vlan10
ip address 172.16.5.1 255.255.255.128
standby 10 ip 172.16.5.3
standby 10 priority 110
standby 10 preempt
!
interface Vlan20
ip address 172.16.5.129 255.255.255.128
standby 20 ip 172.16.5.131
standby 20 priority 90
standby 20 preempt
!
90
router ospf 10
network 10.10.4.24 0.0.0.3 area 0
network 172.16.5.0 0.0.0.127 area 0
network 172.16.5.128 0.0.0.127 area 0
!
ip forward-protocol nd
!
ip tcp synwait-time 5
ip http server
!
ip route 0.0.0.0 0.0.0.0 10.10.4.26
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0

91
privilege level 15
logging synchronous
line vty 0 4
login
*********L2 SWITCH CONFIGURATION*********
R9#show startup-config
Using 759 out of 524288 bytes, uncompressed size = 1181 bytes
!
! Last configuration change at 11:01:37 UTC Thu Mar 20 2025
!
version 15.2
service timestamps debug datetime
msec service timestamps log datetime
msec no service password-encryption
service compress-config
!
hostname R9
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!

92
!
!
no ip icmp rate-limit unreachable
!
!
!
no ip domain-lookup
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
interface Ethernet0/0
switchport access vlan 10
switchport mode access
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
!
interface Ethernet0/2

93
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
ip forward-protocol nd
!
ip tcp synwait-time 5
ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0

94
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
!
End
*******ROUTER CONFIGURATION*******
Router#show startup-config
Using 1046 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime
msec no service password-encryption
!
hostname Router
!
!
!
!
no ip cef
no ipv6 cef
license udi pid CISCO2811/K9 sn FTX1017505Z-
spanning-tree mode pvst

95
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/1/0
ip address 200.100.50.30 255.255.255.252
clock rate 2000000
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Serial0/3/0
ip address 200.100.50.34 255.255.255.252

96
clock rate 2000000
!
interface Serial0/3/1
ip address 200.100.50.38 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
log-adjacency-changes
network 200.100.50.32 0.0.0.3 area 0
network 200.100.50.36 0.0.0.3 area 0
network 200.100.50.28 0.0.0.3 area 0
!ip classless
!
ip flow-export version 9
!
!
!
line con 0!
line aux 0
!
line vty 0 4
login
!
End

97
ScreenShots
CISCO PACKET TRACER TOPOLOAGY

PNET LAB TOPOLOGY

98
COMMUNICATION TEST WITH REAL GOOGLE SERVER

REAL INTERNET WEB PAGE

99
BRANCH TO BRANCH COMMUNICATION

ACCESS WEBSERVER IN PACKET TRACER

10
0