ASSIGNMENT 1

EC4060

JENARTHTHAN A.
2021/E/006
GROUP CG1
SEMESTER 4
14 DEC 2023
These tables outline the components needed for each department, including the number of PCs,
printers, and WIFI access points in each room or place.

1. Management Office:

Room/Place Number of PCs Number of Printers Number of WiFi

CEO Office 1 0 1
Staff Office 1 0 1
Board Room 2 0 1
Lobby 0 0 1
Printing Room 0 2 0

2. Admin Department:

Room/Place Number of PCs Number of Printers Number of WiFi

Finance Section 15 0 0
Human Resource 25 0 0
Assistant Section 10 0 0
Printing Room 0 2 0

3. Technology Department:

Room/Place Number of PCs Number of Printers Number of WiFi

Meeting Room 2 0 1
R&D Section 25 0 0
Design Section 125 0 0
Test Section 20 0 0

4. Operations Department:

Room/Place Number of PCs Number of Printers Number of WiFi

Branding Section 8 0 0
Reporting Section 10 0 0
Sales Section 40 0 2

5. Marketing Department:

Room/Place Number of PCs Number of Printers Number of WiFi

Marketing Strategies 5 0 0
Public Relations (PR) 10 0 0
IP ADDRESS ALLOCATION TABLE FOR COMPANY DEPARTMENTS
Overview:
The table below illustrates the optimal IP address allocation for various departments within the organization,
ensuring efficient utilization of the provided IP address range (10.10.0.0/16). Each department is subdivided
into sections, each assigned a specific VLAN (Virtual Local Area Network) for network segmentation.

• Each department is assigned a unique VLAN for efficient network segmentation.

• Subnet masks are optimized to meet the required sizes for each section within a department.
• The default gateway is specified for each VLAN to ensure proper routing.
• The CIDR notation indicates the subnet size in slash notation.
• The "Usable IP Address Range" represents the range of IP addresses available for devices within
each section.
DETAILED ALLOCATION:

• Technology Department (VLAN 10):

o DESIGN Section:
▪ VLAN ID: 10
▪ IP Range: 10.10.0.0/25
▪ Usable IP Address Range: 10.10.0.1 - 10.10.0.126
▪ Subnet Mask: 255.255.255.128
▪ Default Gateway: 10.10.0.1

• Operations Department (VLAN 20):

o BRANDS, REPORT, SALES Sections:
▪ VLAN ID: 20
▪ IP Range: 10.10.0.128/26
▪ Usable IP Address Range: 10.10.0.129 - 10.10.0.190
▪ Subnet Mask: 255.255.255.192
▪ Default Gateway: 10.10.0.129

• Admin Department (VLAN 30):

o FINANCE, HR, ASSISTANT SECTION, PRINTING Sections:
▪ VLAN ID: 30
▪ IP Range: 10.10.0.192/26
▪ Usable IP Address Range: 10.10.0.193 - 10.10.0.254
▪ Subnet Mask: 255.255.255.192
▪ Default Gateway: 10.10.0.193

• Technology Department (VLAN 40):

o MEETING, R&D, TEST Sections:
▪ VLAN ID: 40
▪ IP Range: 10.10.1.0/26
▪ Usable IP Address Range: 10.10.1.1 - 10.10.1.62
▪ Subnet Mask: 255.255.255.192
▪ Default Gateway: 10.10.1.1

• Marketing Department (VLAN 50):

o PUBLIC RELATION Section:
▪ VLAN ID: 50
▪ IP Range: 10.10.1.64/28
▪ Usable IP Address Range: 10.10.1.65 - 10.10.1.78
▪ Subnet Mask: 255.255.255.240
▪ Default Gateway: 10.10.1.65
• Management Office (VLAN 60):
o CEO, STAFF, BOARD, PRINTING Sections:
▪ VLAN ID: 60
▪ IP Range: 10.10.1.80/28
▪ Usable IP Address Range: 10.10.1.81 - 10.10.1.94
▪ Subnet Mask: 255.255.255.240
▪ Default Gateway: 10.10.1.81

• Marketing Department (VLAN 70):

o MARKETING STRATEGIES Section:
▪ VLAN ID: 70
▪ IP Range: 10.10.1.96/29
▪ Usable IP Address Range: 10.10.1.97 - 10.10.1.102
▪ Subnet Mask: 255.255.255.248
▪ Default Gateway: 10.10.1.97

• Management Office (VLAN 80):

o LOBBY Section:
▪ VLAN ID: 80
▪ IP Range: 10.10.1.104/30
▪ Usable IP Address Range: 10.10.1.105 - 10.10.1.106
▪ Subnet Mask: 255.255.255.252
▪ Default Gateway: 10.10.1.105
BUILDING STRUCTURE AND DEPARTMENT ALLOCATION:
Building Overview:

• The newly constructed three-story building has the following dimensions:

o Length: 60 meters
o Width: 30 meters
o Height: Each floor is 4 meters.

Floor-wise Department Allocation:

1. Ground Floor:
o Management Office:
▪ CEO Office
▪ Staff Office
▪ Board Room
▪ Lobby (Public WiFi)
▪ Printing Room
o Admin Department:
▪ Finance Section
▪ Human Resource (HR)
▪ Assistant Section
▪ Printing Room
2. First Floor:
o Operations Department:
▪ Brands Section
▪ Reporting Section
▪ Sales Section
o Marketing Department:
▪ Marketing Strategies Section
▪ Public Relations (PR)
3. Second Floor:
o Technology Department:
▪ Design Section
▪ Meeting Room
▪ R&D Section
▪ Test Section

Department and Floor Relationship:

• Ground Floor: Management and administrative functions are centralized.

• First Floor: Operational and marketing activities are housed together.
• Second Floor: Technology-related departments, including design and research, are situated on this
floor.

Design Rationale:

• The floor-wise allocation is designed to enhance workflow efficiency and collaboration among
departments with similar functions.
• Each floor has its dedicated VLANs and IP address allocations, optimizing network segmentation
and security.
• Public WiFi is available in common areas like the lobby for guest access.
Full Design Overview:

Overview of the Entire Network Design

Floor-wise Screenshots:

• Floor 1:

Floor 1 Network Topology

• Floor 2:

Floor 2 Network Topology

• Floor 3:

Floor 3 Network Topology

• Department-wise Screenshots:

• Department 1:

Department 1 Network Configuration

• Department 2:

Department 2 Network Configuration

• Department 3:

Department 3 Network Configuration

• Department 4:

Department 4 Network Configuration

• Department 5:

Department 5 Network Configuration

• VLAN-wise Screenshots:

• VLAN 10:

VLAN 10 Configuration
• VLAN 20:

VLAN 20 Configuration
• VLAN 30:

VLAN 30 Configuration

• VLAN 40:

VLAN 40 Configuration
• VLAN 50:

VLAN 50 Configuration

• VLAN 60:

VLAN 60 Configuration
• VLAN 70:

VLAN 70 Configuration

• VLAN 80:

VLAN 80 Configuration
• Main router , server , multi-layer switch
NETWORK DESIGN CONSIDERATIONS AND SECURITY REQUIREMENTS:
1. Interconnectivity within Departments:

• Consideration:
o Each department is interconnected internally for seamless communication and collaboration.

2. Access to Printers:

• Consideration:
o Printers in the Admin Department can only be accessed by computers within the Admin
Department.
o Printers in the Management Office can only be accessed by computers within the
Management Office.

3. Lobby Area (VLAN 80) Restrictions:

• Consideration:
o VLAN 80 (Lobby Area) is separated to ensure that devices in this VLAN cannot access
printers in the Admin Department.

4. Minimizing IP Address Usage:

• Consideration:
o VLAN 50 and VLAN 70 are separated to minimize IP address usage while meeting the
connectivity requirements of these departments.

5. Interlinking VLANs with a Router:

• Requirement:
o VLAN 50 and VLAN 70 must be interlinked using a router to facilitate communication
between these two departments.
o VLAN 10 (Test and Design Section) and VLAN 40 (Technology) should be interconnected to
support collaboration within the Technology Department.

6. Security Measures:

• Requirement:
o Security measures should be implemented to restrict access between different VLANs and
ensure that each department's network is isolated for security reasons.
o Access control lists (ACLs) or firewall rules can be configured to enforce security policies
between VLANs.

7. Traffic Isolation and Optimization:

• Consideration:
o VLAN segmentation and IP address allocation are designed to optimize network traffic,
ensuring that each department has its dedicated network space.

8. Router Configuration for Inter-VLAN Routing:

• Requirement:
o Router configuration should include inter-VLAN routing to enable communication between
VLANs while enforcing security policies.
BRIEF NETWORK DESIGN OVERVIEW:

In our comprehensive network design for the IT center, we have established a structured and secure
infrastructure to meet the specific needs of the organization. Here are key highlights:

1. VLAN Segmentation:
o Implemented 8 VLANs (VLAN 10 to VLAN 80) to isolate network traffic and enhance
security.
2. Core Layer Server:
o Placed a central server at the core layer to streamline data sharing and collaboration across
departments.
3. Multilayer Switch and Access Switches:
o Connected a multilayer switch to the router at the distribution layer.
o Established dedicated access switches for each department at the access layer.
4. End Devices Configuration:
o Assigned specific IP addresses and gateway IDs to PCs, printers, and other devices within
each VLAN.
5. Inter-VLAN Connectivity:
o Configured the router for inter-VLAN routing, allowing seamless communication between
different departments.
6. WiFi Access Points:
o Set up WiFi access points for each section with password protection, ensuring secure wireless
connectivity.
7. Security Measures:
o Enforced security through VLAN segmentation, limiting access between departments for
enhanced network security.
ACCESS CONTROL LIST
INTER-VLAN ACCESS CONTROL LIST (ACL) MATRIX

Visual representation of VLAN communication permissions within the network. Green cells indicate
accessible VLANs, while red cells signify restricted access between VLANs.

NETWORK CONFIGURATION
1.ROUTER CONFIGURATION
A breakdown of the configuration for router interfaces, including VLAN assignments and IP addresses.

ROUTER VLAN CONFIGURATION TABLE

VLAN NO Default Gateway/ Subnet Mask for the Switch Port

Allocated IP Address VLAN
for the Router
10 10.10.0.1 255.255.255.128 GigabitEthernet1/0/4
20 10.10.0.129 255.255.255.192 GigabitEthernet1/0/8
30 10.10.0.193 255.255.255.192 GigabitEthernet1/0/1
40 10.10.1.1 255.255.255.192 GigabitEthernet1/0/5
50 10.10.1.65 255.255.255.240 GigabitEthernet1/0/6
60 10.10.1.81 255.255.255.240 GigabitEthernet1/0/2
70 10.10.1.97 255.255.255.248 GigabitEthernet1/0/7
80 10.10.1.105 255.255.255.252 GigabitEthernet1/0/3
Allocated IP address for the router is the first usable IP address, also known as the default gateway.

A summary of the router's interface status obtained from the show ip interface brief command, highlighting
the operational and protocol status of each interface.
2. CONFIGURING THE MULTILAYER SWITCH

Turning on the Multilayer Switch

VLAN assignments for the specified switch ports:

Switch Port VLAN

GigabitEthernet1/0/1 VLAN 30
GigabitEthernet1/0/2 VLAN 60
GigabitEthernet1/0/3 VLAN 80
GigabitEthernet1/0/4 VLAN 10
GigabitEthernet1/0/5 VLAN 40
GigabitEthernet1/0/6 VLAN 50
GigabitEthernet1/0/7 VLAN 70
GigabitEthernet1/0/8 VLAN 20
Final Configuration: VLAN Assignment on Multilayer Switch
3.CONFIGURING MULTILAYER SWITCH FOR INTERVLAN COMMUNICATION (ROUTER
ON A STICK)
configuring VLAN 10 and VLAN 40 to communicate with each other through a trunk port on the multilayer switch

Configuring Multilayer Switch for InterVLAN Communication (Same Department - VLAN 10 and VLAN
40)
Configure Multilayer Switch:

Configure Router:
Ping from a VLAN10 PC to VLAN 40 PC

EXPLANATION:

• The Multilayer Switch's interface (gigabitEthernet1/0/9) is configured as a trunk port, allowing

VLANs 10 and 40.
• The Router's subinterfaces (gigabitEthernet1/0/0.10 and gigabitEthernet1/0/0.40) are configured with
encapsulation for their respective VLANs.
• IP addresses are assigned to the subinterfaces, facilitating interVLAN routing.
• This configuration allows communication between VLAN 10 and VLAN 40, considering they belong
to the same department.
 4. CONFIGURING THE VLAN SWITCH

Assigning All Ports to VLAN 60 on Switch

For Switch 2 (VLAN 20), Switch 3 (VLAN 30), ..., Switch 8 (VLAN 80), repeated the process with the
corresponding VLAN numbers.
5.CONFIGURING THE ROUTER FOR INTERVLAN CONNECTION FOR MARKETING
DEPARTMENT

For Switch Connected to VLAN 50:

For Switch Connected to VLAN 70:

Configuring Router for VLAN 50 and VLAN 70:

EXPLANATION:

• The Router's subinterfaces (gigabitEthernet0/0.50 and gigabitEthernet1/0.70) are configured with

encapsulation for their respective VLANs.
• IP addresses are assigned to the subinterfaces, facilitating interVLAN routing for VLAN 50 and
VLAN 70.
• FastEthernet0/3 ports of the switches connected to the Router's GigabitEthernet interface via trunk
links will carry both VLANs (50 and 70).
PING FROM VLAN 50 PC TO VLAN 70 (PACKET SENT SUCCESSFUL AFTER CONNECTING
ROUTER)
6.CONFIGURING PC(IP ADDRESS ,SUBNET MASK,DEFAULT GATEWAY)

Configuring PC settings involves setting up the IP address, subnet mask, and default gateway. Below are the
steps for configuring these settings on a PC

Likewise, Each PC in the network was configured with specific IP addresses, subnet masks, and default
gateways according to the department it belongs to.
7.CONFIGURING PRINTER ( IP ADDRESS ,SUBNET MASK,DEFAULT GATEWAY )

Likewise, all the printers in the network were configured according to their allocated IP address.
8.CONFIGURING HOME ROUTER

Configuring Home Router for Tech Meeting Room WiFi:

• Configured WiFi security with WPA2-PSK (Pre-Shared Key) for enhanced security.
• Assigned a unique Pre-Shared Key (PSK) passphrase for the Tech Meeting Room WiFi network.
• Assigned static IP addresses to devices connecting to the Tech Meeting Room WiFi network.
• Successfully connected a laptop to the WiFi network using the assigned passphrase.
Similar configurations were applied to other WiFi networks in different departments to ensure secure and
reliable wireless connectivity.
Wifi name Password
Lobby_WIFI Lobby_abcd_1234
Tech_meeting_WIFI Tech_WIFI
CEO_WIFI CEO_WIFI_1234
STAFF_WIFI STAFF_WIFI_1234
BOARD_WIFI BOARD_WIFI_1234
Each WiFi network is associated with a unique password to ensure secure access. Devices such as laptops
were connected to these networks using the provided passwords.
9.ADMIN BUILDING PRINTER ACCESS

Successful Ping from Same Department (VLAN 30) PC:

Successful Ping from VLAN 30 PC to Admin Department Printer

Explanation: The screenshot shows a successful ping from a PC in the Admin Department (VLAN 30) to
the Admin Department's printer. This verifies that devices within the same department can access the printer.
Unsuccessful Ping from Different Department (Marketing, VLAN 50) PC:

Unsuccessful Ping from VLAN 50 PC to Admin Department Printer

Explanation: The screenshot demonstrates an unsuccessful ping attempt from a PC in the Marketing
Department (VLAN 50) to the Admin Department's printer. This showcases the network's access control,
preventing cross-department communication.
The access control settings ensure that printers in the Admin Department can only be accessed by devices
within the same department (VLAN 30) for enhanced security.
10.MANAGEMENT BUILDING PRINTER ACCESS

Successful Ping from Same Department (VLAN 60) PCs:

Successful Ping from VLAN 60 PCs to Management Department Printers

Explanation: The screenshot demonstrates successful pings from PCs within the Management Department
(VLAN 60) to printers located in the same department. This confirms that devices within the same VLAN
and department can access the printers.
Unsuccessful Ping from Same Department (VLAN 80) PCs (Lobby Public WiFi):

Unsuccessful Ping from VLAN 80 PCs to Management Department Printers

Explanation: The screenshot showcases unsuccessful ping attempts from PCs in the Lobby area (VLAN 80)
to printers in the Management Department. This illustrates the access control, preventing cross-departmental
communication even within the same building.
Unsuccessful Ping from Another Department (VLAN 10) PCs:

Unsuccessful Ping from VLAN 10 PCs to Management Department Printers

The screenshot exhibits unsuccessful ping attempts from PCs in another department (VLAN 10) to printers
in the Management Department. This validates the strict network segmentation, ensuring isolation between
different departments

The access control settings are designed to restrict printer access based on both VLAN and department,
enforcing security measures and maintaining departmental isolation.
Printers available at the management department can only be accessed by the computer installed at the
admin department.
11.MANAGEMENT OFFICE PC ACCESS FROM DIFFERENT DEPARTMENTS

Management Office Pc Access From Admin Department(PING UNSUCCESSFUL)

Management Office Pc Access From Technology Department ( PING UNSUCCESSFUL)

 Management Office Pc Access From Operation Department ( PING UNSUCCESSFUL)

Management Office Pc Access From Marketing Department ( PING UNSUCCESSFUL)

Computers available at management office cant be accessed from other departments such as admin, technology,
operations, marketing
12. ADMIN OFFICE PC ACCESS FROM DIFFERENT DEPARTMENTS

Admin Office Pc Access From technology Department (PING UNSUCCESSFUL)

Admin Office Pc Access From operation Department (PING UNSUCCESSFUL)

 Admin Office Pc Access From marketing Department (PING UNSUCCESSFUL)

Computers available at the admin department can’t be accessed from the technology, operations and marketing
departments

Each network node can only be accessed by the administator, not others.