ENTERPRISE NETWORK PROJECT

Case Study and Requirements:

A trading floor Support center employs 600 staff. They have recently
expanded and as a result, need to move to a new building. A building has
been identified but has no network. This means that before they can make to
move out, new network service needs to be designed and implemented in
the new building. Existing Network comprises of the following elements: The
new building is expected to have three floors with two departments in each
for example:

1. First floor- (Sales and Marketing Department-120 users expected, Human

Resource and Logistics Department-120 users expected).
2. Second floor- (Finance and Accounts Department-120 users expected,
Administrator and Public Relations Department-120 users expected).
3. Third floor- (ICT-120 users expected, Server Room-12 devices expected).
Therefore, as a key member of the Networks Team, you have been tasked to
design a network for the new building. At this stage, logical design is
required, which shows the measures that you would put in place to ensure
that the new network meets the current business need and is future-proofed:

 Use Cisco Packet Tracer to design and implement the network solution.
 Use hieratical model providing redundancy at every layer i.e. two
routers and two multilayer switches are expected to be used to provide
redundancy.
 The network is also expected to connect to at least two ISPs to provide
redundancy and each router to the connected to the two ISPs.
 Each department is required to have a wireless network for the users.
 Each department should be in a different VLAN and in different
subnetwork.
 Provided a base network of 172.16.1.0, carry out subnetting to allocate
the correct number of IP addresses to each department.
 The company network is connected to the static, public IP addresses
(Internet Protocol) 195.136.17.0/30, 195.136.17.4/30, 195.136.17.8/30
and 195.136.17.12/30 connected to the two Internet providers.
 Configure basic device settings such as hostnames, console password,
enable password, banner messages, disable IP domain lookup.
  Devices in all the departments are required to communicate with each
other with the respective multilayer switch configured for inter-VLAN
routing.
 The Multilayer switches are expected to carry out both routing and
switching functionalities thus will be assigned IP addresses.

Network Design : « Topology »

The network configuration simulated in Packet Tracer for the "Company
System Network Design" project adheres to a hierarchical model,
prioritizing efficiency, scalability, and redundancy. The design
encompasses three layers: the core layer, distribution layer, and access
layer. In the core layer, redundancy is established by deploying two
routers and two multilayer switches, interconnected to facilitate seamless
data routing. The distribution layer features switches responsible for
linking distinct departments, each assigned to its dedicated Virtual Local
Area Network (VLAN). Finally, the access layer accommodates end-user
devices, such as PCs and wireless access points, connecting to the
switches. This topology ensures a well-organized and structured network
layout, fostering effective management and facilitating future expansion.

Components
The network design for the project incorporates the following devices:
1. Routers (4):
 2 ISP router for upstream connectivity.
  Positioned at the core layer for redundancy.
 Connect to both ISPs for internet connectivity.
 Configured with static, public IP addresses from ISPs.
ISP: Internet Service, it is a company or organization that provides
services for accessing, using, or participating in the Internet.
HWIC-2T: Interface card used in Cisco routers to provide two serial
ports for connecting to WAN
2. Multilayer Switches (2):
 Deployed at the core layer to provide redundancy and efficient routing.
 Configured for both switching and routing functionalities.
 Assigned IP addresses to enable inter-VLAN routing.
Active AC Power Supply
3. Distribution Layer Switches (Multiple):
 Connect individual departments to the core layer.
 Facilitate communication within respective VLANs.
4. End-User Devices (PCs):
 Deployed at the access layer.
 Connected to distribution layer switches for departmental access.
5. Cisco Access Points (APs):
 Positioned at the access layer to provide wireless connectivity.
 Ensure wireless network availability in each department.
6. DHCP Servers (1):
 Located in the server room.
 Dynamically allocate IP addresses to end-user devices.
7. Server Room Devices (Servers, etc.):
 DNS server, HTTP server etc.
 Devices in the server room are allocated static IP addresses.
 These devices may include servers, storage units, and networking
equipment.
 These devices collectively form a structured and well-organized network
architecture, integrating redundancy, efficient routing, and secure
communication to meet the specific requirements of the trading floor
support center's operations.
 Switch Configuration
FOR ACCES AND MULTILAYER SWITCH 1&2 AND CORE1&2
We should be applied to all access switches in our network to ensure
they are secure, properly configured, and ready for operation. Here's a
summarized explanation of each command:
#Defines the switch’s unique
hostname hostname
Namedepartment/MUTILAYER1&2/CORE1&2-
# Sets a password for accessing the
SW
console of the switch to protect it,
line console 0 from unauthorized access.

password cisco # Sets a password to enter

privileged mode on the switch. This
login prevents unauthorized users from
exit making changes to the switch
configuration.
enable password cisco
#Disables DNS lookup to prevent
no ip domain-lookup the switch from trying to resolve
banner motd #No Unauthorised Acces!!!# incorrectly typed commands as
domain names, which can cause
service password-encryption delays.
do wr # Displays a message of the day
(MOTD) when users log into the
switch, warning them that
unauthorized access is prohibited.
Customize this message as needed.
FOR MULTI LAYERSWITCH 1&2, #Configures the domain name for the
CORE 1&2 device. This is required to generate
RSA keys for SSH.
# Creates a local user account for
ip domain name cisco.net SSH login. The username is "admin"
and the password is "cisco". This user
username admin password cisco
account will be used for
crypto key generate rsa authenticating SSH connections.

1024 # Generates an RSA key pair (public

and private) with a size of 1024 bits
line vty 0 15 for SSH encryption. The RSA keys are
login local essential for establishing secure SSH
sessions.
transport input ssh
# Configures the VTY (Virtual
exit Terminal) lines, which are used for
remote access (SSH or Telnet) to the
 ip ssh version 2
do wr

Configuration VLANs:
Virtual LANs (VLANs) are employed to logically segment the network into
distinct broadcast domains. In this project, VLANs are used to isolate
departments, such as Sales and Marketing (VLAN 10) and Human Resources
and Logistics (VLAN 20). Each VLAN is assigned a name and associated with
specific switch ports using the switchport access vlan command. This
segmentation enhances network security, reduces broadcast traffic, and
facilitates more efficient network management. The configuration for VLANs
is done on each switch, ensuring a well-organized and secure network
infrastructure.

FOR ALL ACCESS SWITCH FOR MULTI

LAYERSWITCH 1&2, CORE 1&2

int range fa0/1-2 int range gig1/0/3-8

switchport mode trunk switchport mode trunk
exit vlan 10
vlan (10-20-30 ……) name Sales
name Department name vlan 20
vlan 99 name HR
name BlackHole vlan 30
exit name Finance
int range fa0/3-24 vlan 40
switchport mode access name Admin
switchport access vlan 30 vlan 50
exit name ICT
int range gig0/1-2 vlan 60
switchport mode access name ServerRoom
switchport access vlan 99 exit
shutdown do wr

exit
 IP Addressing Scheme
Provide details about the IP addressing scheme applied to the network.
FIRST floor:
Department Network Address Subnet mask Host Address Range Broadcast Address

Sales & Marketing 192.168.10.0 255.255.255.0/24 192.168.10.1 to 192.168.10.255

192.168.10.254

HR and Logistic 192.168.20.0 255.255.255.0/24 192.168.20.1 to 192.168.20.255

192.168.20.254

SECOND floor :
Department Network Subnet mask Host Address Broadcast
Address Range Address

Sales & 192.168.30.0 255.255.255.0/24 192.168.30.1 to 192.168.30.255

Marketing 192.168.30.254

HR and Logistic 192.168.40.0 255.255.255.0/24 192.168.40.1 to 192.168.40.255

192.168.40.254

THIRD floor :
Department Network Subnet mask Host Address Broadcast
Address Range Address
ICT 192.168.50.0 255.255.255.0/2 192.168.50.1 to 192.168.50.255
4 192.168.50.254
Server 192.168.60.0 255.255.255.0/2 192.168.60.1 to 192.168.60.255
4 192.168.60.254
Core Router and L3 SW :
No Network Subnet mask Host Address Broadcast
Address Range Address
Core R1- 10.10.10.0 255.255.255.252 10.10.10.1 10.10.10.3
MLTSW1 to 10.10.10.2
Core R1- 10.10.10.4 255.255.255.252 10.10.10.5 10.10.10.7
MLTSW2 to 10.10.10.6
Core R2- 10.10.10.8 255.255.255.252 10.10.10.9 10.10.10.11
MLTSW1 to 10.10.10.10
Core R2- 10.10.10.12 255.255.255.252 10.10.10.13 10.10.10.12
MLTSW2 to 10.10.10.14

Public IP between Core

and ISP
103.133.254.0/30
103.133.254.4/30
103.133.254.8/30
103.133.254.12/30
We used command

Clock rate 64000

Ip address …………….

For ISP
 OSPF on L3 Switches and routers
OSPF (Open Shortest Path First) is a widely used link-state routing protocol
designed for IP networks. It dynamically discovers routes, calculates the
shortest path to each network, and updates routing tables. OSPF is part of
the IGP (Interior Gateway Protocol) family, operating within a single
autonomous system.
IN MLSW-1(L3): IN MLSW-1(L3):
ip routing ip routing
router ospf 10 router ospf 10
router-id 1.1.1.1 router-id 2.2.2.2
network 192.168.10.0 network 192.168.10.0
0.0.0.255 area 0 0.0.0.255 area 0
network 192.168.20.0 network 192.168.20.0
0.0.0.255 area 0 0.0.0.255 area 0
network 192.168.30.0 network 192.168.30.0
0.0.0.255 area 0 0.0.0.255 area 0
network 192.168.40.0 network 192.168.40.0
0.0.0.255 area 0 0.0.0.255 area 0
network 192.168.50.0 network 192.168.50.0
0.0.0.255 area 0 0.0.0.255 area 0
network 192.168.60.0 network 192.168.60.0
0.0.0.255 area 0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.3 network 10.10.10.4 0.0.0.3
area 0 area 0

Remark :
For 10.10.10.0/30 network we add 0.0.0.3 area 0 because the subnet is
255.255.255.252.
And 255.255.255.255 - 255.255.255.252 = 0.0.0.3
IN CORE 1 ROUTER: IN CORE 2
router ospf 10
ROUTER: router ospf 10
router-id 3.3.3.3 router-id 4.4.4.4
network 10.10.10.0 0.0.0.3 network 10.10.10.8 0.0.0.3
area 0 area 0
network 10.10.10.4 0.0.0.3 network 10.10.10.12 0.0.0.3
area 0 area 0
network 103.133.254.0 0.0.0.3 network 103.133.254.4 0.0.0.3
area 0 area 0
network 103.133.254.8 0.0.0.3 network 103.133.254.12
area 0 0.0.0.3 area 0
do wr do wr

exit
IN ISP-1 ROUTER: IN ISP-2
ROUTER:
router ospf 10
router-id 5.5.5.5 router ospf 10
network 103.133.254.0
router-id 6.6.6.6
0.0.0.3 area 0
network 103.133.254.12
network 103.133.254.4
0.0.0.3 area 0
0.0.0.3 area 0
network 103.133.254.8
do wr
0.0.0.3 area 0
exit do wr
exit

CONFIGURTION DHCP SERVER

 INTER-VLAN ROUTING

IN MLTW1&2
we used the helper address as DHCP SERVER
 int vlan 10 int vlan 40
no shutdown no shutdown
ip address 192.168.10.1 ip address 192.168.40.1
255.255.255.0 255.255.255.0
ip helper-address ip helper-address
192.168.60.2 192.168.60.2
exit exit
int vlan 20 int vlan 50
no shutdown no shutdown
ip address 192.168.20.1 ip address 192.168.50.1
255.255.255.0 255.255.255.0
ip helper-address ip helper-address
192.168.60.2 192.168.60.2
exit exit
int vlan 30 int vlan 60
no shutdown no shutdown
ip address 192.168.30.1 ip address 192.168.60.1
255.255.255.0 255.255.255.0
ip helper-address exit
192.168.60.2
do wr
exit

WIRELESS NETWORK CONFIGURATION

We need to configure all wireless networks in each department and
ensure PCs are connected and logged into these networks.