Scribd
Upload
14 views46 pages

ECE - G2 Thesis

to see how to wright

Uploaded by

filimontsehaye1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views46 pages

ECE - G2 Thesis

to see how to wright

Uploaded by

filimontsehaye1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 46

39/40

MEKELLE UNIVERSITY
MEKELLE INSTITUTE OF TECHNOLOGY
DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING
DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK
Group 2 members Id Number

Kidu Tsigab Mit /ur/051/09


Hailay Tsegay Mit/ur/1071/10
Filimon Tsehaye Mit/ur/1044/10
Tekeste Gebremicheal Mit/ur/10132/10

UNDER GUIDANCE OF: INS.MEARIG AREGAWI


Date 05/01/2024
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Abstract
The thesis focuses on the designing and simulation of a robust and secured computer network for campus LAN network using packet
tracer. Because Security has been an essential issue in the design and distribution of an enterprise and campus network. With the
innovation and diffusion of new technology such as Universal computing, Enterprise mobility, E-commerce and Cloud computing, the
network security has remained as an ever-increasing challenge.
Campus network faces challenges to address core issues of security, which are governed by network architecture. On our way of doing
this thesis, we are going to solve the network security issues building a reliable with highly integrable Network that prevents the
campus from different types of threats and attacks.
The theoretical contribution of our thesis is reference model architecture of the campus network that can be followed or adapted to
build a robust yet flexible network that responds to the next generation requirements.
A hierarchical architecture of the campus network is configured with different types of security issues for ensuring the quality of
service. In this thesis, a tested and secure network design is proposed based on the practical requirements and this proposed network
infrastructure is realizable with adaptable infrastructure.
In order to handle the required secure campuses, we have applied many different techniques to our network design to ensure
reliability, robustness flexibility and scalability. These techniques we have applied are; routing, switching, selection of network
equipment, proper IP addressing, subnetting, creating VLANs, authentication, configuration, area segmentation, inter VLAN routing,
SSH, OSPF routing, DHCP spoofing and enabling communication between user present at remote sites using all facilities & proper
information sharing. As a result, we have obtained an encrypted, authorized, authenticated, redundant and integrable network as we
have proposed.

ii
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Acknowledgment
We would like to thank Mr. Mearig Aregawi for encouraging us to do this project starting from initiation and go through the process
of writing this thesis following up with our progress in order to guide us to the right directions. This process has enabled us to have a
better insight on thesis writing. And this wouldn’t have been possible if it weren’t for Mr. Mearig’s invaluable guidance.

iii
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Table of Contents
1. INTRODUCTION ....................................................................................................................................................................................... 1
1.1 Scope of the thesis: ........................................................................................................................................................................... 2
1.2 Objective ........................................................................................................................................................................................... 2
2. Back ground and related works .............................................................................................................................................................. 2
2.1. Key terminologies and Considerations for Secure Campus LAN Design ......................................................................................... 3
2.2 The Importance of Network Simulation in Secure LAN Design ........................................................................................................ 4
2.3 Literature review:.............................................................................................................................................................................. 4
3. Design and Implementation ................................................................................................................................................................... 6
3.1. Network requirements .................................................................................................................................................................... 7
3.2. Hard ware requirements.................................................................................................................................................................. 8
3.3. Software requirements .................................................................................................................................................................... 8
3.4. Addresses ......................................................................................................................................................................................... 8
3.5. Topology of the Network ................................................................................................................................................................. 9
3.6. Ip subnetting .................................................................................................................................................................................. 10
3.7. Configuration ................................................................................................................................................................................. 12
3.7.1. Configuration requirements; .................................................................................................................................................. 14
3.7.2. Configuration Steps................................................................................................................................................................. 17
4. Results and discussions ......................................................................................................................................................................... 18
5) Conclusions ........................................................................................................................................................................................... 24
6. Reference; ............................................................................................................................................................................................. 25
7. Appendices:........................................................................................................................................................................................... 25

iv
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

ABBREVIATIONS
IP Internet Protocol
TCP Transfer Control Protocol
UDP User Datagram Protocol
LAN Local Area Network
WAN Wide Area Network
HTTP Hypertext Transfer Protocol
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
VLAN Virtual LAN
OSPF Open Shortest Path First
FTP File Transfer Protocol
NAT Network Address Translation
SSH Secure Shell
UTP Unshielded-Twisted-Pair cable
ACL Access Control List

v
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

1. INTRODUCTION
Nowadays, the network has become the need of most people, especially science seekers. A lot of researchers and scientists are
depending excessively on networks to get more information. Students’ also involved in the case of network-dependent for a lot of
reasons like sharing information, and knowledge between themselves. Thus, the network is an important demand of each community
and organization.
Nevertheless, the network can fall under many threats and intrusions; and the reason behind that is the development of web
technologies and services. Those attacks can occur in many different ways either physically damaging the devices or logically hacking
the codes. That type of intrusion can cause a lot of problems because of the lack of veracity. Therefore, security has a significant
effect in protecting the network from those types of attacks. Network security can be applied in many aspects of the network in order
to keep it from unauthorized access. Thus, network security is now one of the essential issues in many firms like universities.
As consequence, we designed a secure campus network (SCN) which includes many networks and each network consists of many
VLANs’. Those networks are supported by a security system that prevent outside access without authentication. Also, it protects the
sanctity and privacy of each user, so no one can attack their private information.
For our project in section 1, we explained the technologies that we used to implement SCN which is packet tracer. Also, we explained
the SCN structure and the required resources that we used to create the SCN topology. In section 2, we explained internet protocol (IP)
addressing methods, and the connectivity between the devices in entire network. Whereas, virtual local area network (VLAN)
explanation and simulation has been taking part in section 3. After that in section 4, there is a detailed illustration about security and
configurations that we applied in the campus topology using packet tracer. Finally, in section 5 a secure network campus scenario will
be concluded.
The main goal of this project is to present a network infrastructure design suitable for campuses that enables them a guaranteed use of
network. Many campuses are searching for ways to integrate networks that have security, backup, and other features available in a
network. The main problem is a profound budget deficit.

1
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

This Thesis will help these campuses to design a network that employs low-cost solutions without unacceptable compromises in
security or quality. The ability of the network to withstand intense pressure from utilization. Most times, many users that the network
capacity could not handle mainly crowd the networks.

1.1 Scope of the thesis:


Our scope to this thesis is designing and simulating using required soft wares packet tracer or GNS3

1.2 Objective

1.2.1 General Objectives

 Design and simulate a secure and scalable campus LAN network

1.2.2 Specific Objectives

 Design and simulate a network topology by cisco packet tracer


 Design network segmentation to isolate sensitive data and traffic
 Utilize virtualization technologies to improve network flexibility and resource utilization
 Provide IT staff with the training and support they need to effectively manage and maintain the network
 Conduct regular network audits and vulnerability assessments to identify and address potential security weaknesses
It is very important to design a network in such a way to handle many users without failure. This project’s network will be highly
reliable in performance because we have secured every device on this network. Reliability of the security in the network is in high
level. This is because there are many powerful devices used to secure data and the technologies engaged.

2. Back ground and related works


Campuses have undergone a significant transformation in recent years, driven by technological advancements and the increasing
reliance on digital resources for teaching, research, and administrative operations. This transformation has placed immense demands
on campus network infrastructures, which must now accommodate a diverse range of devices, services, and users. While traditional

2
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

campus LANs have served their purpose for decades, the evolving landscape of cybersecurity threats and the increasing complexity of
network environments necessitate a re-evaluation of their security posture.

2.1. Key terminologies and Considerations for Secure Campus LAN Design
 Growing Cybersecurity Threats:

 Data breaches: Campuses house a wealth of sensitive information, including student records, research data, financial records, and
intellectual property. Data breaches can result in significant financial and reputational damage.
 Malware attacks: Malware can disrupt operations, corrupt data, and expose sensitive information.
 Denial-of-service (DoS) attacks: DoS attacks can render networks unusable, disrupting essential services.
 Insider threats: Malicious or careless actions by authorized users pose a significant risk.
 Social engineering attacks: Phishing and other social engineering techniques can trick users into revealing sensitive information or
granting unauthorized access.
 Increased Network Complexity:

 Bring-your-own-device (BYOD) policies: The proliferation of personal devices on campus networks expands the attack surface and
complicates security management.
 Cloud-based services: The adoption of cloud-based applications and storage introduces new security risks and integration challenges.
 IoT devices: The increasing use of IoT devices in research labs, classrooms, and student residences poses unique security challenges
due to their limited security features and potential for vulnerabilities.
 Balancing Security and Usability:

 Network restrictions can hinder productivity and collaboration.


 Complex security measures can frustrate users and lead to non-compliance.
 Finding a balance between security and usability is crucial for a successful campus LAN implementation.

3
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

2.2 The Importance of Network Simulation in Secure LAN Design


 Cisco Packet Tracer provides a valuable tool for designing, testing, and evaluating secure network architectures in a simulated
environment.
 It allows for experimentation with different security configurations and the identification of potential vulnerabilities before real-world
deployment.
 Packet Tracer's visualization capabilities aid in understanding complex network interactions and troubleshooting issues.

2.3 Literature review:


Many researchers invest their time, skill, and knowledge on making secure networks, which enables people to have believe on sharing
their personal information through their networks. These researchers made their paper on different time, which shows how network
security become serious issue as peoples are interested on it and shows their eager to join a network.
As we read and review papers prepared focused on this area of study, they have their own development one over the other and
limitations as well. Communication among users present at remote sites, shares the same campus network. The study provides into
various concepts such as topology design, IP address configuration and how to send information in the form of packets in a single
network and the use of virtual Local Area Network (VLANs) to separate the traffic generated by a different department [1].
The campus uses networking topology implemented with concepts like VLANs in a multiple area networks using Cisco Packet
Tracer. To design the network for campuses produces the substructure for all the service framework such as security of the network,
wireless area network, operational efficiencies, virtual learning environments, and secure classrooms [1].But there are limitations like
limited scalability, potential security vulnerabilities, absence of intrusion detection and preventing systems (ids/ips).
Information and accessing information are important these days. With the advancement of technology, computers have entered in
many areas of our lives. Computer networks and communication fields have become extremely important in our society. A campus
area network is a very important part of campus life. Campus area network is a set of virtual local area network (VLAN), which
covers the entire campus [2].

4
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Campus area network can be designed and approved by network device using Cisco packet tracer simulator software. This design also
the hierarchical network design as a hierarchical design is used to group device into multiple layers. Campus Network (CN) is a set of
Virtual Local Area network (VLAN), which covers the entire university [2].
To sophisticate the campus network service, Smart Campus Network Design (SCND) is proposed by integrating internet of thing
device with classically network device in campus network and each smart device for different application must be registered to IOT
server and controlled by legitimate user. To design the proposed campus network design, cisco packet tracer simulator software is
used. To improve the campus network service, proposing Smart Campus Network Design (SCND) by assimilating internet of thing
device with classically network device. Integrating IOT to the classical network can be taken as network security development [2].
Hierarchical Network Design is used to group devices into multiple layers. CNS Stands for the college network scenario. To Design
the network outlook for the community college network scenario produces the substructure for all other exposure in the service
framework such as security of the network, wireless area network, mobility as well as putting the justification to provide safety and
security, operational efficiencies, virtual learning environments, and secure classrooms. This provides a general overview of network
design principles [3]. However, it has the limitations like having limited scalability which unable to handle the increasing number of
users and devices on growing the network, limited network segmentation, and absence of intrusion detection and prevention systems
(ids/ips).
The network design scenario can be approved by Cisco, and we can apply these scenarios within the various locations of a community
college network. Finally, key network foundation services such as switching, routing, multicast, and high availability are given for the
full college network scenario [4].
This provides a foundation for designing a college network but fails to address several critical security considerations. To enhance the
security posture of the proposed network, of stronger authentication mechanisms, network segmentation, IDS/IPS implementation,
comprehensive security audits, and a more thorough evaluation of real-world implementation [4].
A network can be achieved to its advanced network structure through integrating IOT devices with classical device. Using
CISCOPACKET Tracer simulation software version 7.0 The Virtual Local Area Network (VLAN) and IOT devices likes software
sensors, actuator for virtual communication and others can be integrated [5]. However, the count of device numbers is more, so to
avoid large number of devices we are replacing router with layer 3 switches can be the solution. By which the count of router and
switches will reduce and hence the cost of network.
Various security issues and common threats are experienced in wireless LAN. This contains information of attacks like
confidentiality, integrity, availability, access control and authentication. So, the main focus is on to prevent the network from the
5
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

unauthorized person and hackers [6]. But by using WLAN the risk of hacking and attacks of threats increases, hence to avoid these
and to make the network more secure we can implement Network Address Translation (NAT) which will hide the private IP address.
Network security is serious issue to protect the digital information, by creating LAN network and preventing the network from
unauthorized user by using firewall. Due to use of hardware firewall, the design of network becomes a bit complicated so to solve this
issue we can use protocol likes Access Control List (ACL) that is used to filter network traffic such a routers and firewalls [7].
Because the world community is interested more on gaining information through networking, we should be focused on the core issues
of the security of the network architecture. This can be done by applying simple network design, so that able to maintain the network,
increased the security with the result of the network. the technology used to do this can be LAN and WAN technologies and for
security firewall or other protocols can be used [8].
Generally, we studied regarding network, such as how different universities design a network with high quality security and low cost
by using DHCP, network used WLAN technology so that the authorized individuals must access data. But while studying these we
came through some drawbacks like increased congestion on a particular group of IP’s not necessary/optional, various cost minimized
in order to maximize the quality of the network, we can have greater availability of wireless LAN etc. also the protocols used were
less, by using various protocols the network can becomes more enhanced and hence we can obtain the required network with more
security more life span of network and encryption will be more secure. By analyzing we came with the solution with includes better
routing protocol (EIGRP), various protocols like HSRP, NAT, ACL, and PORT SECURITY and tried to minimize the count of the
devices so that the cost of network would become less costly.

3. Design and Implementation


Before we go to design we have figured out what the network should fulfill (List the network requirements). Then when we are going
to design, the network that full fills the requirement we use the hierarchy system, which we call Network model.

Network model-is the model to design (put) networking devices based on their Layer division.
From the network model concept, there are three layers described as follows;
A. Access Layer:

 Function: Provides initial connectivity for end-user devices (computers, printers, IP phones, etc.).
 Key devices: Layer 2 switches, wireless access points.

6
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

 Focuses on: User access, security, traffic prioritization.


B. Distribution Layer:

 Function: Acts as a bridge between the access and core layers, providing aggregation and policy-based connectivity.
 Key devices: Routers, multilayer switches.
 Focuses on: Routing, filtering, security, WAN access, load balancing.
C. Core Layer:

 Function: Forms the backbone of the network, providing high-speed, reliable transport for data between distribution layers.
 Key devices: High-performance routers and switches, often with redundant links.
 Focuses on: Speed, redundancy, fault tolerance.
Relationship between layers:

 Access layer connects to distribution layer.


 Distribution layer connects to core layer.
 Hierarchical design improves scalability, manageability, and security.

3.1. Network requirements


On the way of designing our project, we did it considering a campus with 600 users with different job positions. For the sake of
management system, we have divided these users in to three floors according to their department.
1) First floor (Floor-1): consists 2 departments
A) Sales and marketing department-120 users expected
B) Human resource and logistics department -120 users expected
2) Second floor (Floor-2): consists 2 departments
7
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

A) Finance and accounts department-120 users expected


B) Administrator and public relations department-120 users expected

3) Third floor (Floor-3): consists 2 departments

A) ICT department-120 users expected

B) Server room-12 devices expected

3.2. Hard ware requirements


 Cisco router-2811………………………... ISPs (2 in number)
 Cisco router-2911………………………...Routers @ the Core layer (2 in number)
 Cisco switches-3650-24PS………………………... layer 3 switches @ the distribution layer (2 in number)
 Cisco switches-2960………………………... ……...layer 2 switches @ the Access layer (6 in number)
 Connectors;
 Serial DCE connection for the connection between routers
 Straight line cable connection for the connection routers and layer three switches
 Cross over cables for the connection between Multilayer(layer-3) switches and access layer(layer-2) switches
 Other hosts (PC, LAPTOP, TABLET, ACCESS POINTS, PRINTER…………………...)
3.3. Software requirements
The software we have used to simulate our network connection is;
 Packet tracer
3.4. Addresses
This is about assigning an IP address we have been using for our network before configuration
 172.16.1.0……………… Base network address (class B network)
 195.136.17.0/30, 195.136.17.8/30, 195.136.17.4/30, 195.136.17.12/30…………. Static public address to
which the Campus is connected (addresses of the interfaces between the core routers and isp)

8
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

3.5. Topology of the Network


Network topology refers to the arrangement of nodes (devices like computers, servers, and switches) and links (connections like
cables or wireless channels) that make up a network. It essentially describes how these elements are connected to each other, similar to
how a map shows the layout of roads and buildings in a city.
There are two main types of network topology:

1) Physical topology:

This refers to the actual physical layout of the network, including the location of the nodes and the type of cabling used to connect
them. Common examples include:

2) Logical topology:

This describes how data flows through the network, regardless of the physical layout. It defines the paths data takes to travel between
nodes, which may not always follow the physical connections. Common logical topologies include:

 Broadcast: Data is sent to all devices on the network simultaneously.


 Point-to-point: Data is sent directly between two specific devices.
 Switched: Data is only sent to the intended recipient, reducing network traffic.

The figure below shows the whole network structure (Physical Topology)

9
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

3.6. Ip subnetting
An IP address, short for Internet Protocol address, is a numerical label assigned to each device connected to a computer network that
uses the Internet Protocol for communication. It serves as a unique identifier for devices, allowing them to send and receive data over

10
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

the internet or a local network. An IP address consists of a series of numbers separated by periods (e.g., 192.168.0.1) and can be either
IPv4 (32-bit) or IPv6 (128-bit) format. IPv4 addresses are more commonly used and limited in availability, while IPv6 addresses
provide a larger address space to accommodate the growing number of devices connected to the internet. IP addresses are essential for
routing traffic across networks and enabling communication between devices.
Considering the number of users mentioned and our base network address the address partition of each floor is as follows.
Floor-1
Department Network address Subnet mask Host address range Broad cast address
Sales and marketing 172.16.1.0 255.255.255.128/25 172.16.1.1 to 172.16.1.127
172.16.1.126
HR and logistics 172.16.1.128 255.255.255.128/25 172.16.1.129 to 172.16.1.255
172.16.1.254
Floor-2
Department Network address Subnet mask Host address range Broad cast address
Finance and accounts 172.16.2.0 255.255.255.128/25 172.16.2.1 to 172.16.2.127
172.16.2.126
Admin add public 172.16.2.128 255.255.255.128/25 172.16.2.129 to 172.16.2.255
relation 172.16.2.254
Floor-3
Department Network address Subnet mask Host address range Broad cast address
ICT 172.16.3.0 255.255.255.128/25 172.16.3.1 to 172.16.3.127
172.16.3.126
Server room 172.16.3.128 255.255.255.240/28 172.16.1.129 to 172.16.3.143
172.16.3.142

11
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Between Routers and Layer-3 switches


R1-MLSW1 172.16.3.144 255.255.255.252/30 172.16.3.145 to 172.16.3.147
172.16.3.146
R1-MLSW2 172.16.3.148 255.255.255.252/30 172.16.3.149 to 172.16.3.151
172.16.3.150
R2-MLSW1 172.16.3.152 255.255.255.252/30 172.16.3.153 to 172.16.3.155
172.16.3.154
R2-MLSW2 172.16.3.156 255.255.255.252/30 172.16.3.157 to 172.16.3.159
172.16.3.158

Between Routers and ISPs


Public ip addresses: 195.136.17.0/30, 195.136.17.8/30, 195.136.17.4/30, 195.136.17.12/30.

3.7. Configuration
There are Key words we should have to know before we are going to configure because these are basic to well configuration of the
network.
1. DNS (Domain Name System):

Meaning: DNS is a decentralized naming system that translates domain names (e.g., www.example.com) into IP addresses
(e.g., 192.168.1.1). It enables users to access websites using human-readable domain names.
Advantages: DNS provides a scalable and distributed method of resolving domain names, making it easier for users to
navigate the internet. It also allows for load balancing, redundancy, and efficient management of domain name mappings.
2. DHCP (Dynamic Host Configuration Protocol):
 Meaning: DHCP is a network protocol that automatically assigns IP addresses, subnet masks, default gateways, and
other network configuration parameters to devices on a network. It simplifies network administration by eliminating the
need for manual IP address configuration.
 Advantages: DHCP reduces the administrative burden of managing IP addresses, improves network scalability, and
allows for efficient allocation and reuse of IP addresses. It also supports dynamic updates, ensuring that devices can
easily obtain updated network configurations.

12
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

3. NAT (Network Address Translation):


 Meaning: NAT is a technique that modifies IP address information in IP packet headers while they are in transit across
a routing device. It enables the translation of private IP addresses used within a local network to a public IP address
assigned by the ISP.
 Advantages: NAT enables multiple devices on a private network to share a single public IP address, conserving IP
address space. It also provides a level of security by hiding internal IP addresses and preventing direct access from the
internet to devices within the network.
4. ACL (Access Control List):
 Meaning: ACL is a set of rules or filters that determines the traffic allowed or denied on a network device, such as a
router or firewall. It defines which packets are permitted or denied based on source/destination IP addresses, ports,
protocols, or other criteria.
 Advantages: ACLs provide network security by controlling and filtering traffic flow. They allow administrators to
enforce restrictions, block malicious traffic, and permit only authorized communication, thereby protecting the network
from unauthorized access and attacks.
5. Port Security:
 Meaning: Port security is a feature that allows network administrators to control access to network ports on Ethernet
switches. It restricts the number and type of devices that can connect to a port based on MAC addresses.
 Advantages: Port security helps prevent unauthorized devices from connecting to the network and protects against
MAC address spoofing. It enhances network security by ensuring that only authorized devices are allowed access to the
network.
6. DHCP Helper:
 Meaning: DHCP Helper (or DHCP Relay) is a networking feature that allows DHCP requests and responses to be
forwarded between different network segments or VLANs. It enables DHCP clients to obtain IP configurations from a
DHCP server located on a different subnet.
 Advantages: DHCP Helper eliminates the need for a DHCP server on every subnet, simplifying network management.
It allows centralized DHCP server deployment and configuration, making it easier to manage IP address allocation in
large networks with multiple subnets.
7. OSPF (Open Shortest Path First):
 Meaning: OSPF is a dynamic routing protocol used by routers to determine the best paths for forwarding IP packets in
an IP network. It calculates the shortest path based on metrics such as bandwidth, delay, and reliability.
 Advantages: OSPF provides fast convergence, efficient routing, and load balancing in large networks. It supports
scalability and adaptability to network changes, making it suitable for complex network topologies. OSPF also offers
features like route summarization, authentication, and support for virtual links.

13
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

3.7.1. Configuration requirements; before we have to configure the devices, we have figured out the following requirements to
which enables the network to be flexible and robust.
1) Packet tracer to design and implement the network
2) Applying hierarchical model providing redundancy at every layer. (I.e. Two routers and Two multi-layer switches are required to
provide redundancy).

14
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

3) The network is also required to be connecting at least two ISPs, so the two core routers are connected to the ISPs.

4) Each department is required to have a wireless network for the users.


5) Each department should be in different VLAN and in different sub network.

15
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

6) Provide a base network of IP 172.16.1.0 to carry out subnetting to allocate the correct number of IP addresses to each department.
7) The campus (network) is required to connect to the static public ip addresses 195.136.17.0/30, 195.136.17.8/30, 195.136.17.4/30,
195.136.17.12/30.This is to connect the core routers to the ISPs.
8) Configuring basic devices settings such as, host name, console password, enable password, banner messages, disable ip domain
look up.
9) Device in all departments are required to communicate with each other with the respective multi-layer switch configured for
INTER-VLAN routing.
10) The multi-layer switches are expected to carry out both routing and switching functionalities, thus will be assigned IP address.

16
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

11) All devices in the network are expected to obtain an IP addresses dynamically from the dedicated DHCP servers located at the
server room.
12) Devices in the server room are to be allocated IP addresses statically.
13) Use OSPF as the routing protocol to advertise routes both on the routers and on the Multi-layer switches.
14) Configure SSH in all the routers and layer switches for remote login.
15) Configure port security for the finance and account departments to allow only the device to connect to a switch port, using sticky
method to obtain MAC-address and violation mode shutdown.
16) Configure NAT to use-to-use the respective out bound router interface IPv4 address, implement necessary ACL rule.
The above listed requirements are requirements that fit to our project.

3.7.2. Configuration Steps


The following are the brief and order-oriented steps we have used during our configuration and their intended code is written with in
the Appendices.
1) Basic settings to all devices and plus SSH on the routers and layer-three switches.
2) VLANs assignment plus all access and trunk ports on layer-2 and layer-3 switches.
3) Switch port security to finance department.
4) Subnetting and ip addressing.
5) OSPF on the routers and layer-3 switches.
6) Static ip addressing to server room devices.
7) DHCP server device configurations.
8) INTER-VLAN routing on the Layer-3 switches plus ip DHCP helper address.
9) Wireless network configurations.
10) NAT plus ACL
17
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

11) Verifying and testing configurations.

4. Results and discussions


After we have finished all necessary configurations, we have tested what we expected and what happened.as a result we have built a
successful network design.
1) Basic settings have been sated that asks or requires password to login. This is to mean any unauthorized person can’t
Access. As we can see from the figure below the device requires Access verification to access. This is to all devices on the network.

2) VLAN is working properly, which is important concept on network security.it helps to allow easy management on the network, and
reduces hardware requirements to create another network (i.e. it enables us to create multiple networks with one switch). As we can
18
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

see at the figure resulted from the simulation we do have created 6 VLANs (10-60) and are connected to the multilayer switch (make
connection).

19
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

3) At our network requirement we have mentioned that port security is necessary to the finance department, to block connection of un
authorized interfaces to the switch. This also applied successfully.

20
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

4) The access control list (ACL) which enhances high network security by controlling network traffic is also applied and work
properly on our network.
Network .

21
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

5) Secure shell (SSH) is also a cryptographic network protocol used to secure communication over a computer network. It is
commonly used for remote access to servers and networking devices, allowing users to securely log in and execute commands on a
remote machine. We have considered this protocol and configured to our network. this also works successfully. We can consider from
the figure below.

22
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

6) Interconnection between routers and other subnets are also enabled.

23
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

From the figure above, we can understand which network parts of the whole network are connected to the router core-1.
Finally, the results on our network simulation were as we expected. Key words that we do not have discussed here like DHCP, NAT,
DNS, OSPF are also success to this network.

5) Conclusions
The understanding of potential threats in a network is not only a requirement but also it is a conservative task. The rapid changes in
technologies and services are major driving and leading concerns to the network security, requiring reassessment and renewal of
standardized designs to counter the vulnerabilities.
On our thesis, the problems we were identified have solved successfully but on our way we have understand that security matters are
growing with in technology. As technology evolves through the generation security issues are created. So the solution have to be
develop in progress. Securing a network completely is a vast topic this is becoming more important because the world is becoming
highly interconnected, with networks being used.

24
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

6. Reference;
[1] Md. Anwar Hossain & Mahabuba Zannat. “Simulation and Design of University Area Network Scenario (UANS) using Cisco
Packet Tracer”. Global Journal of Computer Science And Technology: G Interdisciplinary, Volume 19 Issue 3 Version 1.0 Year
2019.
[2] Khaing Khaing Wai , Thuzar Khin , Khin Thet Mar. “Design and Simulation of Campus Area Network Using Cisco Packet
Tracer”, International Journal of New Technologies in Science and Engineering Vol. 6, no. 5, 2019, ISSN 2349-0780.
[3] Isa Shemsi. "Boosting Campus Network Design Using Cisco Packet Tracer." International Journal of Innovative Science and
Research Technology, vol. 2, no. 11, November 2017, ISSN 2456-2165.
[4] Paulami Pathak, Sayanti Majumder, Chandra Mondal, Prof. Manikandan K. "College Network Scenario Implementation by
Using Cisco Packet Tracer." International Journal of Advanced Research in Computer and Communication Engineering, vol.
7, no. 1, January 2018, ISO 3297:2007 Certified.
[5] Jagdish K.P, and Pavan Kumar. "Enhancing the College Network." Department of Computer Science and Information Science
Engineering, Sri Krishna Institute of Technology, Bangalore. IJIRSET-International Journal of Innovative Research in Science,
Engineering, and Technology, vol. 7, May 20, ISSN (online): 2319-8753.
[6] Md. Waliullah,‟wireless LAN Security Threats & Vulnerabilities‟, Department of Computer Science &Engineering, IJACSA-
International Journal of Advanced Computer Science & Application, Vol.5,2014.
[7] Shivam Adke & Rutuja Bhawar, „College Campus Network Design and Security‟, Department of Electronics &
Telecommunication Engineering, Sandip Institute of Technology & Research Centre, Nashik, IJAREEIEInternational Journal
of Advanced Research in Electrical, Electronics and Instrumentation Engineering, ISSN (online):2278-8875, Vol.7, March
2018
[8] Mohammed Nadir Bin Ali, Mohammed Emran Hossain & Md. Masud Parvez, „Design and Implementation of a Secure
Campus Network‟, Daffodil International University, IJETAE-International Journal of Emerging Technology and Advanced
Engineering, ISSN:2250-2459, Vol.5, July 2015

7. Appendices:
This is consisting of the codes to each configuration step

25
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Configuring main settings for the layer-2 switches exit


For HR-SW enable password Kind@@
en service password-encryption
config t do write
hostname HR-SW For FINANCE
line console 0 en
password Kind@ config t
login hostname FINANCE
exit line console 0
enable password Kind@@ password Kind@
service password-encryption login
do write exit
For SALES-SW enable password Kind@@
en service password-encryption
config t do write
hostname SALES-SW For ADMIN
line console 0 en
password Kind@ config t
login hostname ADMIN

26
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

line console 0 enable password Kind@@


password Kind@ service password-encryption
login do write
exit
enable password Kind@@ For SERVER-ROOM
service password-encryption en
do write config t
hostname SERVER-ROOM
For ict line console 0
en password Kind@
config t login
hostname ICT exit
line console 0 enable password Kind@@
password Kind@ service password-encryption
login do write
exit

27
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

Configuring Multi-layer switches (main settings as the layer-2 configuration and in addition SSH)
transport input ssh
For MULTI-SW1 ip ssh version 2
en exit
config t dowrite
hostname MULTI-SW1 For MULTI-SW2
line console 0 en
password Kind@ config t
login hostname MULTI-SW2
exit line console 0
enable password Kind@@ password Kind@
service password-encryption login
do write exit
ip domain name Cisco.com enable password Kind@@
username ADMIN password Kind@@ service password-encryption
crypto key generate rsa do write
1024 ip domain name Cisco.com
line vty 0 15 username ADMIN password Kind@@
login local crypto key generate rsa

28
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

1024 username ADMIN password Kind@@


line vty 0 15 crypto key generate rsa
login local 1024
transport input ssh line vty 0 15
ip ssh version 2 login local
exit transport input ssh
do write ip ssh version 2
For CORE-R1 exit
en do write
config t For CORE-R2
hostname CORE-R1
line console 0 en
password Kind@ config t
login hostname CORE-R2
exit line console 0
enable password Kind@@ password Kind@
service password-encryption login
do write exit
ip domain name Cisco.com enable password Kind@@

29
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

service password-encryption line vty 0 15


do write login local
ip domain name Cisco.com transport input ssh
username ADMIN password Kind@@ ip ssh version 2
crypto key generate rsa exit
1024 do write

configuring VLANs

For SALES-SWITCH switchport mode access


switchport access vlan 10
int range fa0/1-2 exit
switchport mode trunk do write
exit vlan 99
vlan 10 name BlackHole
name SALES exit
exit int range g0/1-2
do write switchport mode access
int range fa0/3-24 switchport access vlan 99

30
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

shutdown exit
exit int range g0/1-2
do write switchport mode access
switchport access vlan 99
for the HR department shutdown
int range fa0/1-2 exit
switchport mode trunk do write
exit
vlan 20 for the finance
name HR int range fa0/1-2
exit switchport mode trunk
do write exit
int range fa0/3-24 vlan 30
switchport mode access name FINANCE
switchport access vlan 20 exit
exit do write
do write int range fa0/3-24
vlan 99 switchport mode access
name BlackHole switchport access vlan 30

31
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

exit do write
do write int range fa0/3-24
vlan 99 switchport mode access
name BlackHole switchport access vlan 40
exit exit
int range g0/1-2 do write
switchport mode access vlan 99
switchport access vlan 99 name BlackHole
shutdown exit
exit int range g0/1-2
do write switchport mode access
switchport access vlan 99
for the ADMIN shutdown
int range fa0/1-2 exit
switchport mode trunk do write
exit
vlan 40 For the ICT
name ADMIN int range fa0/1-2
exit switchport mode trunk

32
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

exit For the server room


vlan 50 int range fa0/1-2
name ICT switchport mode trunk
exit exit
do write vlan 60
int range fa0/3-24 name SERVER-ROOM
switchport mode access exit
switchport access vlan 50 do write
exit int range fa0/3-24
do write switchport mode access
vlan 99 switchport access vlan 60
name BlackHole exit
exit do write
int range g0/1-2 vlan 99
switchport mode access name BlackHole
switchport access vlan 99 exit
shutdown int range g0/1-2
exit switchport mode access
do write switchport access vlan 99

33
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

shutdown switchport port-security violation shutdown


exit exit
do write do write
do show port-security

port security for the finance and account department


int range fa0/3-24
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
Because layer-3 interfaces are by default a switch ports, we must be making it layer- 3 interface for both layer-3 switches
Multi-1
int range g1/0/1-2 int range g1/0/1-2
no switchport no switchport

Multi-2

34
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

no shutdown
do write
Assigning ip address Router-core1
multi-1 int gig0/0
int gig1/0/1 ip address 172.16.3.146 255.255.255.252
ip address 172.16.3.145 255.255.255.252 no shutdown
no shutdown do write
do write int gig0/1
int gig1/0/2 ip address 172.16.3.154 255.255.255.252
ip address 172.16.3.149 255.255.255.252 no shutdown
no shutdown do write
do write int se0/1/0
Multi-2 clock rate 64000
int gig1/0/1 ip address 195.136.17.1 255.255.255.252
ip address 172.16.3.153 255.255.255.252 no shutdown
no shutdown do write
do write int se0/1/1
int gig1/0/2 clock rate 64000
ip address 172.16.3.157 255.255.255.252 ip address 195.136.17.5 255.255.255.252

35
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

no shutdown ip address 195.136.17.13 255.255.255.252


do write no shutdown
exit
Router core-2 do write
int gig0/0
ip address 172.16.3.150 255.255.255.252
no shutdown configuring isps
do write
int gig0/1 ISP-1
ip address 172.16.3.158 255.255.255.252 int se0/3/0
no shutdown ip address 195.136.17.2 255.255.255.252
do write no shutdown
int se0/2/0 do write
clock rate 64000 int se0/3/1
ip address 195.136.17.9 255.255.255.252 ip address 195.136.17.10 255.255.255.252
no shutdown no shutdown
do write exit
int se0/2/1 do write
clock rate 64000 ISP-2

36
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

int se0/3/0 network 172.16.2.128 0.0.0.127 area 0


ip address 195.136.17.6 255.255.255.252 network 172.16.3.0 0.0.0.127 area 0
no shutdown network 172.16.3.128 0.0.0.15 area 0
do write network 172.16.3.152 0.0.0.3 area 0
int se0/3/1 network 172.16.3.156 0.0.0.3 area 0
ip address 195.136.17.14 255.255.255.252 do write
no shutdown Multi-layer-1
exit ip routing
do write router ospf 10
router-id 2.2.2.2
ospf configuration on the layer-3 switches network 172.16.1.0 0.0.0.127 area 0
network 172.16.1.128 0.0.0.127 area 0
Multi-layer-2 network 172.16.2.0 0.0.0.127 area 0
ip routing network 172.16.2.128 0.0.0.127 area 0
router ospf 10 network 172.16.3.0 0.0.0.127 area 0
router-id 1.1.1.1 network 172.16.3.128 0.0.0.15 area 0
network 172.16.1.0 0.0.0.127 area 0 network 172.16.3.144 0.0.0.3 area 0
network 172.16.1.128 0.0.0.127 area 0 network 172.16.3.148 0.0.0.3 area 0
network 172.16.2.0 0.0.0.127 area 0 do write

37
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

network 195.136.17.12 0.0.0.3 area 0


do write
Router core-1 exit
router ospf 10 FOR ISP1
router-id 3.3.3.3 router ospf 10
network 172.16.3.144 0.0.0.3 area 0 router-id 5.5.5.5
network 172.16.3.152 0.0.0.3 area 0 network 195.136.17.8 0.0.0.3 area 0
network 195.136.17.0 0.0.0.3 area 0 network 195.136.17.0 0.0.0.3 area 0
network 195.136.17.4 0.0.0.3 area 0 do write
do write exit
exit FOR ISP2
Router core-2 router ospf 10
router ospf 10 router-id 6.6.6.6
router-id 4.4.4.4 network 195.136.17.4 0.0.0.3 area 0
network 172.16.3.148 0.0.0.3 area 0 network 195.136.17.12 0.0.0.3 area 0
network 172.16.3.156 0.0.0.3 area 0 do write
network 195.136.17.8 0.0.0.3 area 0 exit
Inter-VLAN routing on the layer-3 switches plus ip DHCP helper address
Multi-1

38
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

int vlan 10 int vlan 40


no shutdown no shutdown
ip address 172.16.1.1 255.255.255.128 ip address 172.16.2.129 255.255.255.128
ip helper-address 172.16.3.130 ip helper-address 172.16.3.130
exit exit
int vlan 20 int vlan 50
no shutdown no shutdown
ip address 172.16.1.129 255.255.255.128 ip address 172.16.3.1 255.255.255.128
ip helper-address 172.16.3.130 ip helper-address 172.16.3.130
exit exit
int vlan 30 int vlan 60
no shutdown no shutdown
ip address 172.16.2.1 255.255.255.128 ip address 172.16.3.129 255.255.255.128
ip helper-address 172.16.3.130 ip helper-address 172.16.3.130
exit exit
configuring NAT and ACL
Router-cour-1 ip nat inside source list 1 int se0/1/0 overload
configuring NAT ip nat inside source list 1 int se0/1/1 overload

39
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

configuring ACL ip nat inside source list 1 int se0/2/0 overload


Access-list 1 permit 172.16.1.0 0.0.0.127 ip nat inside source list 1 int se0/2/1 overload
Access-list 1 permit 172.16.1.128 0.0.0.127 Access-list 1 permit 172.16.1.0 0.0.0.127
Access-list 1 permit 172.16.2.0 0.0.0.127 Access-list 1 permit 172.16.1.128 0.0.0.127
Access-list 1 permit 172.16.2.128 0.0.0.127 Access-list 1 permit 172.16.2.0 0.0.0.127
Access-list 1 permit 172.16.3.0 0.0.0.127 Access-list 1 permit 172.16.2.128 0.0.0.127
Access-list 1 permit 172.16.3.128 0.0.0.15 Access-list 1 permit 172.16.3.0 0.0.0.127
Making the serial interfaces not in side Access-list 1 permit 172.16.3.128 0.0.0.15
int range g0/0-1 Making the serial interfaces out not out side
ip nat inside int range g0/0-1
Making the serial interfaces not out side ip nat inside
int se0/1/0 int se0/2/0
ip nat outside ip nat outside
int se0/1/1 int se0/2/1
ip nat outside ip nat outside
exit exit
do write do write
Router-cour-2
NAT and ACL Default static -routing

40
THESIS ON THE DESIGN AND SIMULATION OF SECURE LAN CAMPUS NETWORK

For multi-1
ip route 0.0.0.0 0.0.0.0 gig1/0/1
ip route 0.0.0.0 0.0.0.0 gig1/0/2 70
FOr Muli-2
ip route 0.0.0.0 0.0.0.0 gig1/0/1
ip route 0.0.0.0 0.0.0.0 gig1/0/2 70
FOr Router core-1
ip route 0.0.0.0 0.0.0.0 se0/1/1
ip route 0.0.0.0 0.0.0.0 se0/1/0 70
FOr Router core-2
ip route 0.0.0.0 0.0.0.0 se0/2/1
ip route 0.0.0.0 0.0.0.0 se0/2/0 70

41

You might also like