College of Engineering

Department of Electrical and Computer Engineering

Group members
1 Abenezer Fikadu ETS059/14
2 Abel Tsegaye ETS030/14
3 Amanuel Bzuayehu ETS0169/14
4 Amha Haileyesus ETS0180/14
5 Azaria Yiheyis ETS0239/14

Submitted ; Esubalew Mulat

 1 Introduction

Effective design and deployment of network infrastructure is essential to the effective operation
of numerous institutions, including universities, in today’s fast-expanding digital landscape.
Strong and scalable network design is essential as universities become more and more reliant on
technology for communication, research, and administrative procedures.

Project Goal: The primary objective was to build a reliable and segmented network using a
basic but effective configuration to simulate real-world institutional inter-networking using Cisco
Packet Tracer, a powerful network simulation tool. This undertaking aims to address the specific
challenges and requirements of each institution while ensuring seamless communication and
resource sharing through hierarchical network topology

Project Scope: The scope of this project includes the entire network design life cycle, from
initial planning and conceptualization to thorough network device configuration. It covers topics
such routing and switching protocols the simulation and implementation of a communication
infrastructure connecting three institutions through a centralized ISP router. The system utilizes
VLAN-based segmentation and supports services such as DHCP, DNS, FTP, SMTP, and
HTTPS. Cisco Packet Tracer was used to design, simulate, and test the functionality of the
network.

This report documents the network architecture, configuration steps, testing procedures, and
observations.
2. Network Overview

Inside Network (LAN); The inside network, also known as the Local Area Network (LAN), is a
part of the network architecture that is primarily focused on internal communication within an
organization. The inside network refers to the portion of a network that is considered the trusted
or internal zone. These can include workstations, application servers, file servers, and more. Key
characteristics of the inside network include.

Outside Network (WAN):The outside network, often referred to as the Wide Area Network
(WAN), the outside network represents the untrusted or external zone of a network. It
encompasses all external entities, such as the public internet, other external networks, and
potentially malicious actors attempting to gain access to an organization’s resources.

We have Core Layer, Distribution Layer, Access layer and End devices.

Access Layer ; The Access Layer, also known as the edge layer, it interfaces directly with
end-user devices such as computers, laptops, printers, and networked appliances. Its primary role
is to provide network access to these devices.

Responsibilities: There are several responsibilities that lie with the access layer, such as: End
Device Connectivity, VLAN Segmentation, IoT Device Integration

Distribution Layer ;Positioned between the Access Layer and the Core Layer, the Distribution
Layer acts as an intermediary for traffic routing and distribution. It plays a pivotal role in
ensuring efficient data flow throughout the network

Responsibilities: There are several responsibilities that lie with the distribution layer, such as:
Routing, VLAN Segmentation, Inter-VLAN Routing, Access Control, WAN Connectivity

Core Layer ;The core of the network hierarchy is also referred to as the network backbone. The
Core Layer is responsible for high-speed data forwarding and routing. It ensures rapid and
efficient transport of data between different parts of the network.
2.1 Topology Design

Each institution includes:

 1 Cisco ISR 4331 router(Distribution Layer)

 1 Layer 2 switch(Access Layer)

 5 VLANs for departmental segmentation

 Admin, Faculty, and Student PCs(End devices)

 One printer(End devices)

 Two IoT devices(End devices)

 One multifunctional server (DHCP, DNS, FTP, SMTP, HTTPS)

Inter-Institution Connection

 The institutions are connected to a central ISP router().

2.2 Design Procedure and ip addressing

Institution 1

 VLAN 10 – Admin (192.168.10.1/24)

 VLAN 20 – Faculty (192.168.20.1/24)
 VLAN 30 – Students (192.168.30.1/24)
 VLAN 40 – Printers (192.168.40.1/24)
 VLAN 50 – IOT (192.168.50.1/24)

The VLANs are implemented using Layer 2 switches, and router-on-a-stick method is used
by creating sub-interfaces on the ISR router.

Each switch port is manually assigned to a specific VLAN, while a trunk link connects the
switch to the router.

! Create VLANs like this

Switch(config)# vlan 10

Switch(config-vlan)# name Admin

Switch(config)# vlan 20

Switch(config-vlan)# name Faculty

Switch(config)# vlan 30

Assign ports to VLANs

( FastEthernet 0/2- FastEthernet 0/7to VLAN 10)

( FastEthernet 0/8 - FastEthernet 0/13to VLAN 20)

( FastEthernet 0/14- FastEthernet 0/9to VLAN 30)

( FastEthernet 0/20to VLAN 40)

( FastEthernet 0/21to VLAN 50)

Assign ports to VLANs

Switch(config)# interface range fa0/2

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 10

Switch(config-if)# exit

Trunk to the router

Each switch port is manually assigned to a specific VLAN, while a trunk link connects the
switch to the router.

Switch(config)# interface range gig0/2

Switch(config-if)# switchport mode trunk

Switch(config-if)# exit

sub-interfaces on the ISR router.

interface GigabitEthernet0/0/0

no shutdown
interface Gig0/0.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

2.2.1 DHCP and Service Configuration

A dedicated server in each institution provides the following services:

 DHCP: Pools configured per VLAN

 DNS: Local resolution
 FTP: File transfer for faculty/admin
 HTTP/HTTPS: Browsing and service portals
 SMTP: Mail services for internal communication

Sample DHCP Pool:

ip dhcp pool VLAN10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 192.168.50.2

Clients successfully obtain IP addresses and access services based on VLAN membership

. What ip helper-address Does

When a client sends a DHCP Discover (broadcast), routers don’t forward broadcasts.
So the ip helper-address tells the router to:

Printer Configuration

Each institution's printer is assigned to VLAN 40 (Services). Access is allowed only from Admin
and Faculty VLANs.

Configuration:

 Assigned to reserved DHCP lease

 Shared access across VLANs with router sub-interfaces
 Enabled print services
 2.2.2 Static Routing Configuration

Each institution’s router is configured with static routes to reach the subnets of the other two
institutions. These are defined based on the internal subnet plans

ip route 0.0.0.0 0.0.0.0 200.0.0.10

The ISP router holds return routes pointing to each institution’s internal VLAN subnets via their
respective WAN IPs.

ip route 192.168.10.0 255.255.255.0 200.0.0.9

! Repeat the above steps for all institutions but with different vlans and ip

IP ADDRESING SCHEME

Institution 1 Institution 2 Institution 3

VLan Starting Gate Interface VLan Starting Gate Interface VLan Starting Gate way
Interface IP way IP way IP
(fa 0/2 _ fa 10 192.168.10.10 192.168.10.1 (fa 0/2 _ fa 16 192.168.16.10 192.168.16.1 (fa 0/2 _ fa 11 192.168.11.10 192.168.11.10
0/7) 0/7) 0/7)

(fa 0/8_fa 20 192.168.20.10 192.168.20.1 (fa 0/8 _ fa 26 192.168.26.10 192.168.26.1 ( fa 0/8 _ fa 22 192.168.22.10 192.168.22.1
0/13) 0/13) 0/13)
(fa 0/14_fa 30 192.168.30.10 192.168.30.1 (fa 0/14 _ fa 36 192.168.36.10 192.168.36.1 (fa 0/14 _ fa 33 192.168.33.10 192.168.33.1
0/19) 0/19) 0/19)
(fa 0/20) 40 192.168.40.10 192.168.40.1 (fa 0/20) 46 192.168.46.10 192.168.46.1 (fa 0/20) 44 192.168.44.10 192.168.44.10

(fa 0/21) 50 192.168.50.10 192.168.50.1 (fa 0/21 _ fa 56 192.168.56.10 192.168.56.1 (fa 0/21 _ fa 55 192.168.55.10 192.168.55.1
0/22) 0/22)
(gig 0/1) - (gig 0/1) - (gig 0/1) -

Logical Diagram

Institution1
Central router
Institution2

Institution 3
 3 SERVICES

A. DHCP

Automatically assigns IP addresses, subnet masks, and default gateways to end devices from a
DHCP server.

Example: "Tested DHCP server by verifying that all VLAN devices received correct IP
configurations dynamically."

B. DNS (Domain Name System)

Resolves human-readable domain names (like www.example.com) into IP addresses.

Example: "Verified DNS resolution by pinging domain names and observing successful
translation to IP addresses."

C. HTTP (Web Service)

Delivers web content to clients through a web browser .

Example: "Accessed hosted web page from internal PC using browser to confirm HTTP service
functionality."

D. SMTP (Simple Mail Transfer Protocol

Used to send emails from client to server or between email servers.

Example: "Tested SMTP by sending emails from a configured client to ensure successful
message delivery."

3.2 Other Criteria

A.VLAN (Virtual LAN)

Segregates network devices into logical broadcast domains at Layer 2.

Example: "Confirmed VLAN separation and inter-VLAN routing by assigning VLANs and
testing communication across them."

B. Inter-VLAN Routing

Allows devices on different VLANs to communicate through a Layer 3 device. Example:

"Tested communication between VLANs via router-on-a-stick or L3 switch routing."

C. Static Routing
Manually defined routes between networks to enable inter-network communication.

Example: "Manually added static routes on routers and verified inter-institution communication
using ping."

D. IoT Device Connectivity

Ensures smart devices are connected and reachable through the network.

Example: "Configured and tested IoT devices verifying if it is reachable."

E. ACL (Access Control List)

Controls traffic flow by permitting or denying packets based on IP addresses, protocols, or

ports.Example: "Implemented ACLs to restrict access between VLANs and tested successful
enforcement of network access policies."