LAU Network Design

Business Data Communication

ITM 301

Presented by
Omar ITANI
Tarek FAKHRO
Mohamad SALEH

Under the supervision of

Dr. Issam KOWATLI
Introduction

In today’s academic landscape, a reliable and efficient network infrastructure plays a pivotal role
in the day-to-day functioning of any modern university. The Lebanese American University
(LAU), with its multiple campuses and growing technological demands, requires a robust,
secure, and scalable network design capable of supporting a wide range of academic,
administrative, and research activities.

This project aims to develop a comprehensive network solution that effectively connects the
Beirut and Jbeil campuses, Rizk Hospital, and the university’s New York office.

The proposed network will be designed to accommodate the specific needs of different user
groups, including faculty members, students, and administrative personnel. Each building and
department across the campuses will be equipped with the necessary infrastructure to ensure
seamless access to shared resources such as printers, file servers, and web servers, while
maintaining high standards of performance and security.

Both wired and wireless connections will be provided to ensure maximum flexibility and
convenience for all users.

Furthermore, the network will incorporate advanced features such as subnetting for traffic
segregation, high-bandwidth cabling, state-of-the-art networking devices, and comprehensive
security solutions to guard against external and internal threats. Cost-efficiency will also be a
central consideration, ensuring that the proposed design remains financially viable while meeting
LAU’s current and future technological needs.

This report outlines the full scope of the network design, including building requirements,
topology selection, hardware and software specifications, IP addressing schemes, security
architecture, and a detailed budget.

The ultimate goal is to deliver a high-performing, scalable, and secure network infrastructure that
supports LAU’s mission of academic excellence and digital advancement.
WAN components

1. Beirut campus LAN

2. Byblos campus LAN
3. Rizk hospital LAN
4. The university’s New York office LAN

For every school, we will divide the network into two logical subnets:

1. Professors’ subnet

2. Students/Labs subnet (if applicable)

We're given the network block: 185.185.0.0/16. This provides 65,536 total IP addresses.

Beirut Campus Subnetting

1. Business School
- Professors: 5 floors × 20 PCs = 100 PCs
- Students (LABs): 100 PCs
- Suggested:
Professors: 185.185.1.0/25 → 128 Ips
Students: 185.185.1.128/25 → 128 IPs
2. Arts & Sciences (A&S) School
- Professors: 6 floors × 26 = 156 PCs
- Students (LAB): 40 PCs
- Suggested:
Professors: 185.185.2.0/24 → 256 Ips
Students: 185.185.3.0/26 → 64 IPs
3. Pharmacy School
- Professors: 3 floors × 15 = 45 PCs
- Suggested: 185.185.4.0/26 → 64 IPs
4. Education School
- Professors: 2 floors × 10 = 20 PCs
- Suggested: 185.185.5.0/27 → 32 IPs
 5. Administration Department
- Ground Floor: Core servers (no PCs)
- 1st floor: Helpdesk (10 PCs)
- 2nd floor: Dev team (20 PCs)
- Suggested: 185.185.6.0/26 → 64 IPs

Jbeil Campus Subnetting

1. Jbeil Pharmacy
- Professors: 3 floors × 10 = 30 PCs
- Suggested: 185.185.7.0/26 → 64 IPs
2. Medical School
- Professors: 2 floors × 20 = 40 PCs
- Suggested: 185.185.8.0/26 → 64 IPs
3. Engineering School
- Professors: 5 floors × 20 = 100 PCs
- Students (Labs): 200 PCs
- Suggested:
Professors: 185.185.9.0/25 → 128 Ips
Students: 185.185.9.128/24 → 256 IPs

Other Sites

1. Rizk Hospital
- Clinic: 35 PCs
- Surgery: 35 PCs
- Suggested:
Clinic: 185.185.10.0/26 → 64 Ips
Surgery: 185.185.10.64/26 → 64 IPs
2. New York Office
- Total: 35 PCs
- Suggested: 185.185.11.0/26 → 64 Ips
1. Media, Devices & Topology

To build a cost-effective yet reliable network for LAU, the chosen media and devices must
ensure fast inter-building communication, stable internal connectivity, and future scalability.
Since some trenches already exist, we aim to reuse existing infrastructure while ensuring high-
speed communication across campuses. All decisions prioritize affordable, available, and
standard components that are easy to maintain in Lebanon.

Fiber Optic (Single-mode) is used between buildings because it supports long distances and high
speeds (10Gbps+) with low interference—ideal for backbone connections. Trenching is already
available, reducing installation cost.

Cat-6 Ethernet Cables are used within buildings as they're affordable, support 1Gbps speeds, and
are sufficient for normal office or lab PCs.
24-Port Gigabit Switches: These provide power to devices like printers and IP phones while
reducing the need for separate power lines. They’re also widely available and cost-effective.

Layer-3 Core Switches are placed in Beirut Admin and Jbeil Engineering to manage inter-VLAN
routing and network segmentation, reducing the load on routers.

Network Printers and per-floor switches simplify layout and reduce cabling lengths.
Network Requirements

WAN Components

1. Beirut Campus LAN 3. Rizk Hospital LAN

2. Byblos Campus LAN 4. New York Office LAN

Beirut Campus LAN requirements

Further Description of Beirut Campus buildings requirements

Byblos LAN requirements

Further Description of Byblos buildings requirements

Rizk Hospital requirements

New York Office requirements

Cost Estimation

A major goal of this project is to minimize costs without sacrificing essential performance and
reliability. We’ve selected non-proprietary, widely supported equipment (e.g., TP-Link, D-Link,
Fortinet) that’s known for being robust yet affordable. Instead of using enterprise-only brands
(like Cisco Meraki or Aruba), we focused on value-oriented alternatives that still offer VLANs,
routing, PoE, and security.

1. Fiber Cable

Choosing fiber optic cabling to connect the Lebanese American University (LAU) campuses and
buildings is the most logical and future-ready decision due to its long-distance capabilities,
superior bandwidth, and immunity to interference.

Fiber optic cable can transmit data across tens of kilometers without signal loss, unlike copper
cables (like Cat 6), which degrade after 100 meters without repeaters. In the Beirut Campus, the
maximum distance between any school and the administration building is approximately 250
meters, easily handled by fiber without performance loss. Similarly, in the Jbeil Campus, the
engineering building is 600 meters away from the other schools, again exceeding the copper
limit and making fiber the ideal choice for inter-building backbone links.

When considering inter-campus connections, the distance between the Beirut and Jbeil
Campuses is roughly 43 kilometers, and the Rizk Hospital is around 5 kilometers from the Beirut
Campus.

The New York office, though connected through the internet or VPN, also benefits from a fiber
backbone at the Beirut core for high-speed international connectivity. These long distances make
fiber essential, not optional.

Additionally, fiber provides greater resistance to electromagnetic interference, which is critical in

electrically noisy environments like medical labs or engineering labs, where sensitive data
transmission must remain stable. Even if the upfront cost is slightly higher, fiber ensures high
reliability, exceptional speed, and long-term scalability for research, file sharing, centralized web
services, remote learning, and future 10Gbps+ upgrades.
For a university with multiple locations and high data demand, fiber optic is the only choice that
meets both current and future network requirements.

To connect all the campuses and buildings with fiber optic cable,

1. Beirut Campus: 6 buildings

2. Jbeil Campus: 3 buildings

3. Rizk Hospital: 2 buildings

4. New York Office: 1 building (virtually connected, not physically via fiber)

Total physical buildings = 6 + 3 + 2 = 11 buildings

So, we will need at least 1 fiber optic termination box per building to terminate incoming and
outgoing cables bringing the total of Fiber Termination Boxes Needed to 11.

Location Distance (meters)

Beirut Inter-building 1,450 m

Jbeil Inter-building 1,300 m

Beirut ↔ Jbeil (Long-distance) 43,000 m

Beirut ↔ Rizk Hospital (Long-distance) 5,000 m

Total Required 50,750 m

Item Quantity Unit Cost (USD) Total (USD)

Fiber Cable 50,750 m $0.074/m $ 3,806

 2. Cat-6 cabling

Cat 6 (Category 6) cabling is widely used for internal building wiring due to its high data
transmission speed, low crosstalk, and ability to support gigabit Ethernet. In this project, Cat 6
cable is used to connect individual PCs, printers, and servers within each building on both the
Beirut and Jbeil campuses, as well as in the Rizk Hospital and New York office. Each device
requires one Cat 6 drop from a patch panel or switch to its desk location.
The average length of a Cat 6 cable drop is estimated at 30 meters per device. This length covers
the route from the communication room to the device’s physical location.

Using Cat 6 cabling guarantees high-speed internal communication among users, file servers,
and network printers, forming a stable and efficient backbone for both academic and
administrative tasks.

Following a thorough evaluation of all buildings and the number of connected internal devices,
it's important to define what a “drop” refers to: A drop represents a single Cat 6 cable run that
connects a device such as a PC, printer, or server to the network room (switch or patch panel).

Each Cat 6 drop equals one dedicated cable connection to either a PC, network printer, or server.

1. Beirut Campus (6 buildings)

1) Business School (5 floors)

‐ PCs for professors: 20 PCs × 5 floors = 100

‐ Lab on 3rd floor: 80 PCs
‐ Printers: 1 printer/floor = 5
‐ File server: 1

Total = 100 + 80 + 5 + 1 = 186 drops

2) A&S School (6 floors)

‐ PCs for professors: 26 × 6 = 156

‐ Lab on 3rd floor: 40 PCs
‐ Printers: 6
 ‐ File server: 1

Total = 156 + 40 + 6 + 1 = 203 drops

3) Pharmacy School (3 floors)

‐ PCs for professors: 15 × 3 = 45

‐ Printers: 3
‐ File server: 1

Total = 45 + 3 + 1 = 49 drops

4) Education School (2 floors)

‐ PCs for professors: 10 × 2 = 20

‐ Printers: 2
‐ File server: 1

Total = 20 + 2 + 1 = 23 drops

5) Administration (3 floors)

Ground floor: servers/network equipment → assuming that 2 Cat 6 drops to connect local servers
to switches

1st floor Helpdesk: 10 PCs

2nd floor Support: 20 PCs

Total = 10 + 20 + 2 = 32 drops

Beirut Campus Total: 186+203+49+23+32=493 Cat 6 drops

2. Jbeil Campus (3 buildings)

1) Pharmacy School (3 floors)

‐ PCs: 10 × 3 = 30
‐ Printers: 3
‐ File server: 1
Total = 30 + 3 + 1 = 34 drops

2) Engineering School (5 floors + ground lab)

‐ Professors: 20 × 5 = 100
‐ Lab (ground floor): 200
‐ Printers: 6
‐ File server: 1
‐ Web server (ground floor): 1

Total = 100 + 200 + 6 + 1 + 1 = 308 drops

3) Medical School (2 floors)

- PCs: 20 × 2 = 40

- Printers: 2

- File server: 1

Total = 40 + 2 + 1 = 43 drops

Jbeil Campus Total: 34+308+43=385 Cat 6 drops

3. Rizk Hospital

- 35 PCs × 2 = 70

- (No printers or servers mentioned)

Rizk Hospital Total = 70 Cat 6 drops

4. New York Office

- 35 PCs

- (No printers or servers mentioned)

New York Office Total = 35 Cat 6 drops

Total CAT 6 Drops for Entire LAU Network = 983 Cat 6 Drops

The average use of Cat cabling 6 is 30 meters per drop.

 Total Cable Needed: 983 drops×30 meters/drop = 29,490 meters
Each Cat 6 box = 305 meters
29,490
= 97 boxes
305

Total Cost: Each box = $36.00 → Total = 97 × $36 = $ 3,492

Item Quantity Unit Cost (USD) Total (USD)

Cat-6 cabling 29,490 m $0.074/m $ 3,492
 3. 24-port Switches

The decision to use 24-port switches across the network infrastructure is both strategic and
practical, as these switches provide a cost-effective and scalable solution for connecting many
devices including PCs, network printers, and servers within each building. A single 24-port
switch supports up to 24 connections, which reduces the total number of switches required and
minimizes hardware clutter, power consumption, and maintenance efforts. However, in practical
implementations, only 22 of the 24 ports are typically available for end-user devices.

This is because at least one port is reserved for an uplink connection to the core or distribution
switch, allowing communication with the rest of the network and internet. In larger networks or
multi-switch environments, another port is often used to cascade or daisy-chain to a neighboring
switch, facilitating seamless expansion and redundancy. Reserving these two ports ensures
network stability, prevents data congestion, and enhances performance by maintaining dedicated
communication paths between switches and upper network layers.

As a result, when calculating switch requirements, the number of devices in each building is
divided by 22 not 24 to ensure every device has a reliable connection without oversubscribing
the switch. This methodical approach balances efficiency, performance, and future scalability,
making 24-port switches an ideal choice for the university’s campus-wide network design.

Beirut Campus (6 buildings)

Devices (PCs + Printers + Switches Needed (24-port, 22 usable

Building
Servers) ports each)

Business School 186 186 ÷ 22 = 9 switches

A&S School 203 203 ÷ 22 = 10 switches

Pharmacy 49 49 ÷ 22 = 3 switches
School

Education 23 23 ÷ 22 = 2 switches
School
Administration 32 32 ÷ 22 = 2 switches

Jbeil Campus (3 buildings)

Building Devices (PCs + Printers + Switches Needed (24-port, 22 usable

Servers) ports each)

Pharmacy School 34 34 ÷ 22 = 2 switches

Engineering 308 308 ÷ 22 = 14 switches

School

Medical School 43 43 ÷ 22 = 2 switches

Rizk Hospital (2 buildings)

Building Devices (PCs + Printers + Switches Needed (24-port, 22 usable

Servers) ports each)

Clinic Building 35 35 ÷ 22 = 2 switches

Surgery 35 35 ÷ 22 = 2 switches
Building

New York Office (1 building)

Building Devices (PCs + Printers + Switches Needed (24-port, 22 usable ports

Servers) each)

NY 35 35 ÷ 22 = 2 switches
Office
Campus Building Devices Switches Needed

Beirut Business School 186 9

A&S School 203 10

Pharmacy School 49 3

Education School 23 2

Administration Dept 32 2

Jbeil Pharmacy School 34 2

Engineering School 308 14

Medical School 43 2

Rizk Hospital Clinic Building 35 2

Surgery Building 35 2

New York NY Office 35 2

Total 50

Item Quantity Unit Cost (USD) Total (USD)

24 port switches 50 $ 66 $ 3,300
 4. Core Layer-3 switches

In a modern university environment like LAU’s multi-campus structure, Core Layer 3 switches
play a critical role in ensuring high-performance, scalability, and secure networking.

In this project, where the network is logically divided into multiple subnets (e.g., professors vs.
student labs) and spans across Beirut Campus, Jbeil Campus, Rizk Hospital, and the New York
office, Layer 3 switches are essential for handling routing between VLANs internally and for
managing bandwidth and security policies across departments. Additionally, they help to offload
routing responsibilities from central routers, reducing latency and improving overall
performance.

From a topology standpoint, the core switches act as aggregation points that link all access layer
switches within a campus. This allows for centralized routing, enhanced monitoring, and
simplified network management. In our case, placing one core Layer 3 switch in Beirut Campus
(Administration building) and another in Jbeil Campus (Engineering School) provides a
strategic, cost-effective way to optimize routing between subnets, especially since both buildings
already serve as central network hubs in their respective campuses.

This design not only improves efficiency but also offers redundancy, ensuring that each campus
can operate independently if needed.

Layer 3 Switch Requirement and Cost

Location Purpose Quantity

Beirut Campus Core switch in Administration (main hub) 1

Jbeil Campus Core switch in Engineering School (main hub) 1

No Layer 3 switches are needed in Rizk Hospital or NY office, since they connect back to Beirut
through WAN and do not require local inter-VLAN routing at this scale.

Total Cost Estimation

Item Quantity Unit Cost (USD) Total Cost (USD)

Tenda TEG5328P24-410W 2 $333.00 $666.00

 5. FortiGate-60E firewalls

In the context of LAU’s network design, the New York Office requires a secure and reliable way
to connect to the university’s private network in Lebanon. Since it's geographically isolated, the
best method is to establish a site-to-site VPN tunnel over the internet.

The Fortinet FG-60E is the perfect device for this job. It is a next-generation firewall that
combines powerful routing, robust security features (such as intrusion prevention, antivirus, and
web filtering), and built-in IPSec/SSL VPN support, enabling encrypted communication between
the NY office and the Beirut core switch. This ensures that sensitive academic and administrative
data can flow securely across continents without risk of interception.

Moreover, the FG-60E supports up to 150 concurrent VPN tunnels, which is more than sufficient
for the 35 users at the NY office, and allows for potential expansion.

It also provides centralized control, allowing LAU's IT team to monitor and manage the New
York network remotely. With Gigabit WAN and LAN ports, the device can handle high-speed
connections, VoIP, remote desktops, file sharing, and video conferencing with minimal latency.

Since the NY office is a single site, only one FortiGate FG-60E is required. However, if high
availability or failover is desired, a second unit could be used for redundancy, but this is
optional.
 Item Quantity Unit Cost (USD) Total Cost (USD)

FortiGate-60E firewalls 1 $169.99 $169.99

6. Servers:

Mainframes

In this network design, we propose deploying one mainframe per LAU branch Beirut Campus,
Jbeil Campus, Rizk Hospital, and the New York Office to serve as the backbone for local data
processing and high-volume transactional operations.

Mainframes are not widely used in modern universities due to the rise of cloud and enterprise
servers, they remain a powerful solution for organizations that handle large, sensitive, and
mission-critical datasets.

At LAU, each campus manages extensive academic records, financial systems, and potentially
research workloads that require exceptional reliability, speed, and security. Mainframes excel in
this environment due to their unmatched uptime, fault tolerance, and robust encryption protocols.

For instance, Beirut Campus, acting as the administrative headquarters, would benefit from a
mainframe to manage centralized databases and academic systems.
Jbeil Campus home to engineering and medical programs can utilize its unit for processing
research and departmental data, while Rizk Hospital needs high-security data handling for
confidential patient records.

The New York Office, which may host international student records and sensitive
communications, would benefit from local processing and secure synchronization with Lebanon-
based campuses.

The estimated cost per unit is approximately $75,000, leading to a total investment of $300,000
for the four mainframes.

While this represents significant financial commitment, it ensures that each branch can operate
independently with local data access, reduced inter-campus latency, and enterprise-grade security
and performance.

Item Quantity Unit Cost (USD) Total Cost (USD)

IBM z15 T02 4 $75,000 $300,000

Cost Breakdown

Component Quantity Unit Cost (USD) Total Cost (USD)

Fiber Cable 50,750 m $0.074/m $3,806.00

 Cat 6 Cable 29,490 m (97 boxes) $36.00/box $3,492.00

24-Port Switches 50 units $66.00 $3,300.00

Core Layer 3 Switches 2 units $333.00 $666.00

Firewall (FG-60E) 1 unit $169.99 $169.99

Mainframes (IBM z15) 4 units $75,000.00 $300,000.00

TOTAL - - $311,433.99 USD

3. IP Addressing and Subnetting (TCP/IP Table)

For proper device organization, scalability, and security, the LAU network must be well-
subnetted, clearly separating professors, labs, and offices.

We used the 185.185.0.0/16 block to allocate logical subnets per department and purpose. This
also supports VLAN segmentation for internal traffic isolation and future IP tracking.

Subnetting Strategy:

Each subnet is based on number of devices, rounded up to the next subnet block.

We keep students and professors in separate subnets/VLANs to increase security and allow
future traffic shaping.

IPs are assigned in a structured format to simplify documentation and troubleshooting.

You’re given the block: 185.185.0.0/16. Below is a summary table showing how the IPs are
allocated to each department/subnet:

Subnet CID Broadcast Purpose /

# Subnet Mask Host Range
Address R Address Location

Beirut –
255.255.255.12 185.185.0.1 –
1 185.185.0.0 /25 185.185.0.127 Business
8 185.185.0.126
Labs
 185.185.0.129 Beirut –
185.185.0.1 255.255.255.12
2 /25 185.185.0.255 – Business
28 8
185.185.0.254 Instructors

Beirut –
255.255.255.19 185.185.1.1 –
3 185.185.1.0 /26 185.185.1.63 A&S
2 185.185.1.62
Students

Beirut –
185.185.1.6 255.255.255.12 185.185.1.65 –
4 /25 185.185.1.191 A&S
4 8 185.185.1.190
Instructors

Beirut –
255.255.255.19 185.185.2.1 –
5 185.185.2.0 /26 185.185.2.63 Pharmacy
2 185.185.2.62
Instructors

Beirut –
185.185.2.6 255.255.255.22 185.185.2.65 –
6 /27 185.185.2.95 Education
4 4 185.185.2.94
Instructors

Beirut –
185.185.2.9 255.255.255.22 185.185.2.97 –
7 /27 185.185.2.127 Helpdesk &
6 4 185.185.2.126
Support

Jbeil –
255.255.255.19 185.185.3.1 –
8 185.185.3.0 /26 185.185.3.63 Pharmacy
2 185.185.3.62
Instructors

Jbeil –
185.185.3.6 255.255.255.19 185.185.3.65 –
9 /26 185.185.3.127 Medical
4 2 185.185.3.126
Instructors

Jbeil –
255.255.255.12 185.185.4.1 –
10 185.185.4.0 /25 185.185.4.127 Engineering
8 185.185.4.126
Instructors
 Jbeil –
185.185.5.1 –
11 185.185.5.0 /24 255.255.255.0 185.185.5.255 Engineering
185.185.5.254
Labs

Rizk –
255.255.255.19 185.185.6.1 –
12 185.185.6.0 /26 185.185.6.63 Clinical
2 185.185.6.62
Building

Rizk –
185.185.6.6 255.255.255.19 185.185.6.65 –
13 /26 185.185.6.127 Surgery
4 2 185.185.6.126
Building

New York
185.185.8.1 –
185.185.11.25 Office – All
14 185.185.8.0 /22 255.255.252.0 185.185.11.25
5 Department
4
s

4. Network Infrastructure & Configuration

To support the Lebanese American University’s multi-campus network, a robust and well-
configured infrastructure is required to ensure performance, scalability, and security. At the core
of the network are Layer 3 switches, installed in the Beirut Campus (Administration Building)
and the Jbeil Campus (Engineering School), which handle inter-VLAN routing, segment traffic
between different departments (such as professors, students, and administration), and act as
central aggregation points for access switches. 24-port Gigabit PoE switches are deployed within
each building to connect end devices like PCs, printers, and servers, with each switch supporting
up to 22 active connections. Internally, all devices are connected using Cat 6 Ethernet cabling,
which supports high-speed 1Gbps connections for up to 100 meters per run, while fiber optic
single-mode cables are used to connect buildings and campuses due to their ability to transmit
data over long distances (up to 43 km) with minimal signal loss and high resistance to
electromagnetic interference. For secure communication between the New York office and the
Lebanon-based campuses, a FortiGate-60E firewall is installed to establish a site-to-site VPN,
encrypting all data and ensuring remote access to internal systems. Additionally, mainframe
servers are placed at each site Beirut, Jbeil, Rizk Hospital, and New York to manage local data,
reduce latency, and provide high reliability for academic, administrative, and healthcare systems.
The entire configuration is designed around logical subnetting using the 185.185.0.0/16 network
block, with each department allocated its own subnet to enable traffic control, easier
management, and strong network isolation. This setup ensures that LAU’s network remains
efficient, secure, and ready for future expansion.