Project Work of Computer Network

Sifal,Kathmandu,Nepal

Submitted By: Submitted To:

Name:Dipesh Thakur IT Department,TCMIT
LCID:LC00017002650
Semester:First
Course:BIT
 Index
S.N. Topics Page Number
1. Introduction 3
2. Network Requirements 3-4
3. Network Design 4-5
4. Features of the Network 5-6
5. Security Measures Implemented 6
6. Table of Commands 6-8
7. Configurations done 8-12
8. Results achieved 12-15
9. Summary 15-16
10. Possible Improvements 16
Introduction

XYZ company is a rapidly growing company with 100 employees spread over three
departments (i.e.,Sales, Marketing, Finance). Since they are relocating to a new location,
they require a secure and scalable network which supports facilities like Internet Protocol
telephony, wireless communication and access to the internet. A logical separation is ought
to be made using Virtual LAN and inter-VLAN routing should be possible for secure
communication. These requirements can be deduced into following points:

1. Due to rapid growth of employee numbers in the company, an IP scheme which can
accommodate more employees needs to be implemented in the network of the
company.

2. Security is a priority. Hence, basic device configuration has to be implemented to

secure various interfaces of the networking devices and prevent unauthorised
access. For security reasons, Wi-Fi access needs to be secured as well.

3. Each department needs to be separated from each other logically which requires the
concept of VLAN. This will break the broadcast domain into different segments and
prevent network congestion.

Network Requirements

Many changes have to be implemented in the pre-existing network to accommodate the

requirements of XYZ company. They are discussed below:

1. Subnetting for more employees: Each department needs to have IPs for future
employees. This can be performed by using subnetting concepts. For example: To
accommodate over 200 employees in each department a /24 network needs to be
selected.

2. Selecting routers with IP telephony facility: Not all routers are compatible for IP
telephony services. A router like Cisco 2811 which allows IP telephony configuration
needs to be included in the network. A router has other requirements to fulfil like:
inter-VLAN routing and routing packets of internal network to other network.

3. Selecting appropriate number of Switches: Switches are layer 2 devices which are
required for network segmentation and communication between devices on layer 2.
Creation of VLAN is a core feature of switch which decreases network congestion
and segments network on layer 2.

4. Wi-Fi enabled router for wireless communication: For wireless communication,

specific types of routers are required and it needs to be configured appropriately to
assign IPs dynamically and accommodate all the hosts with its DHCP pool.
 5. Security: It is of paramount importance for a company to secure its network with
passwords and strong encryption to prevent unforeseen circumstances like
unauthorised access, damage to network configuration and accessing sensitive data.

6. Configuring routes to outside network: Router needs to have routes to outside

networks (i.e.,internet) to access data required by the employees and communicate
with customers, possible investors and much more.

Network Design

Extended-Star topology is used in the network to include features like trunking. XYZ
company has multiple departments so a switch is used to connect devices from multiple
departments and are segmented logically by VLAN configuration. Multiple switches are used
to demonstrate the trunking capabilities of Switch and for inter-VLAN routing, switches are
connected to routers. All of these features could be assimilated swiftly using Extended-Star
topology.
Extended-Star topology looks like multiple star topologies connected to each other

.
As it is apparent from the figure, an extended-star topology has multiple star topologies
communicating with each other. In XYZ company, not all devices are connected to the same
switch and devices from different departments are connected to a switch so extended-star
topology is the best option.
 Figure:Network Topology

Features of the network are discussed below:

1. Devices used:
a. Cisco 2811 router: This router is a cornerstone of the network. It performs
tasks inter-VLAN routing and it has IP telephony capability which is different
from many routers. It has 2 fastethernet ports. In this network, Fastethernet
port 0/0 is used for inter-VLAN routing. Sub-interfaces are created for
router-on-stick. Fastethernet 0/1 is used to access the internet. A DHCP
server is created in this router for dynamic IP assignment.

b. Cisco catalyst 2960 switch:Two cisco 2960 switches are used to segment
network into three parts (i.e.,finance, management, sales). It has 24
fastethernet ports and 2 gigabit ethernet ports. It can segment networks into
Virtual LANs and enable devices from multiple departments to use a single
switch in a single location.

c. Wireless router(WRT300N): Acknowledging the requirement to support

wireless communication, a wireless router is used to allow wireless
connection. WRT300N can be configured for dynamic IP assignment through
DHCP and it allows configuration for default gateway. For security, WPA2,
WEP and many other options are available. SSID can also be configured
manually.

d. Server PT: A server is used as a reference to internet access. This device can
be configured to include IP address, default gateway, DHCP server and
access to certain domain names. Servers are used to provide services to end
hosts like access to websites and dynamic IP assignment.
 e. IP telephones (Cisco 7960 series): These are the type of phones which use
IPs to communicate voice data over a network. Dynamic IP is assigned to the
IP telephones using DHCP server configured in cisco 2811 router and voice
VLAN is created for communication of voice data which is time sensitive.

f. PCs: Computers are used to represent end users like employees in different
departments. For communication between the computers, IP is assigned
dynamically through routers and inter-VLAN routing is enabled. These
computers provide you with the option to assign IP dynamically and statically.
We can configure default-gateway and IP of a dns server as well. Like a
normal computer, various features like terminal and command prompt are
also available. Using modules, you can add additional capabilities like
wireless communication.

Various security measures were implemented while configuring the device. They are as
follows:
1. Basic device Configuration:
a. Securing user exec mode: We can secure user exec mode using following
command:line console 0
password <password>
login
This prevents any unauthorised user from accessing user exec mode of
routers and switches to gain knowledge on basic info about the network.

b. Securing privileged exec mode: We can secure privileged exec mode using
two commands which are different in their encryption capabilities. They are:
Type 1: enable password <password>
Type 2: enable secret <password>
Type 1 uses an encryption method that is easy to crack so Type 2 is used to
secure privileged exec mode which uses MD5 encryption.

c. Banner message: A banner message is displayed before accessing user exec

mode in each networking device to inform users about the confidentiality of
the network.

2. WEP for wireless communication: Wired Equivalent Privacy(WEP) is used to provide

security during wireless communication which is comparable to security achievable
during wired communication. It is a part of IEEE Wi-Fi standard 802.11b.

3. All the unused ports in switches are converted into access ports of a VLAN and are
manually shutdown to prevent unauthorised access.

Table of commands and description used during the practical:

S.N Commands Description

.
1. hostname <hostname> This command allows us to change the name
of the device.

2. enable password <password> This command allows us to secure the

privileged-exec mode with a password.

3. line console 0 These commands help us to secure the

password <password> user-exec mode with a secure password.
login

4. line vty 0 <1-?> These commands enable a secure medium of

password <password> telnet and ssh which is protected by password.
login

5. service password-encryption This command encrypts the passwords so that

it is hard to discern the actual password by just
about anybody by using ‘show running-config’.

6. banner motd <prompt> Using this command, a message can be

displayed whenever a networking device is
accessed.

7. copy running-config Both of these commands do the same

startup-config,write thing;i.e., copy the commands in NVRAM of
the device so that they don’t get erased when
device is booted.

8. ip dhcp pool <pool_name> These commands are used to create a dhcp

network <ip address> <subnet-mask> server for automatic ip address assignment.
default-router <ip address>

9. ip dhcp excluded-address This command helps us to exclude ip

<beginning ip> <ending ip> addresses from dhcp server.

10. telephony service In route 2811, this command has to be entered

to enable telephony servie

11. max-dn <number> This command specifies the maximum number

of directory numbers that can be assigned to a
device.

12. max-ephones <number> This command specifies to the router the

maximum number of IP phones that can be
connected to it.

13. ip source-address <ip address> The command "ip source-address <ip address>
port <port number> port 2000" is used in Cisco IOS devices to
specify the source IP address and port number
for certain protocols or services. This
command is often used in scenarios where
network traffic needs to be sent from a
specific IP address and port. Port 2000 is an
unassigned port in the TCP and UDP port
number registry. In networking, ports are
endpoints used by protocols to uniquely
 identify different services or applications
running on a single host.

14. ephone-dn <dn number> ephone-dn <dn number>:This command is

number <number> used to enter the ephone-dn configuration
mode and specify the directory number (DN)
you want to configure. Replace <dn number>
with the directory number you wish to
configure.

number <number>: This command is used

within the ephone-dn configuration mode to
assign a phone number to the directory
number specified. Replace <number> with the
actual phone number you want to assign to the
directory number.

15. ephone <number> ephone <number>: This command is used to

type 7960 enter the configuration mode for a specific
button <ratio> ephone, where <number> is the identifier or
number of the ephone you want to configure.

type 7960: This command is used within the

ephone configuration mode to specify the type
of IP phone. In this case, it specifies that the IP
phone being configured is a Cisco 7960 series
phone. Different phone models may require
different configuration settings, so it's
important to specify the correct phone type.

button <ratio>: This command is used to

assign directory numbers (DNs) to line buttons
on the IP phone. <ratio> refers to the button
number on the phone, typically starting from 1
and increasing. After configuring the button,
you can associate it with an ephone-dn
(directory number) using the number
command.

16. Option 150 ip <ip address> The command "Option 150 ip <ip address>" is
typically used in DHCP (Dynamic Host
Configuration Protocol) server configuration,
particularly in environments where Cisco IP
phones are deployed.

17. ip route <ip address> <subnet This command is used to configure a static
mask> <next-hop> route to a remote network.

Configurations enacted in various networking devices to achieve desired results are as

follows:
a. Basic device configuration:
1. Router0:
line console 0
password cisco_0
login
line vty 0 4
password cisco_1
login
exit
enable secret cisco_2
service password-encryption
banner motd #Warning! Authorized Access Only!#

2. Switch0:
line console 0
password cisco_3
login
line vty 0 4
password cisco_4
login
exit
enable secret cisco_5
service password-encryption
banner motd #Warning! Authorized Access Only!#

3. Switch1:
line console 0
password cisco_6
login
line vty 0 4
password cisco_7
login
exit
enable secret cisco_8
service password-encryption
banner motd #Warning! Authorized Access Only!#

b. Inter-VLAN routing(Router0):
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
interface FastEthernet0/0.50
encapsulation dot1Q 50 native
interface FastEthernet0/0.60
encapsulation dot1Q 60
 ip address 192.168.60.1 255.255.255.0
interface FastEthernet0/0
no shutdown

c. DHCP server (Router0):

ip dhcp pool DATA10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
ip dhcp pool VOICE20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
option 150 ip 192.168.20.1
ip dhcp pool Data_1
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1

d. IP telephony service (Router0):

telephony-service
max-ephones 3
max-dn 3
ip source-address 192.168.20.1 port 2000

ephone-dn 1
number 1010

ephone-dn 2
number 1020

ephone-dn 3
number 1030

ephone 1
device-security-mode none
mac-address 0002.1766.5A17
type 7960
button 1:1

ephone 2
device-security-mode none
mac-address 000D.BD8B.03C8
type 7960
button 1:2

ephone 3
device-security-mode none
mac-address 0040.0BC8.58C2
type 7960
e. Accessing Internet:
ip route 192.168.90.0 255.255.255.0 192.168.70.2 (Router0)
ip route 192.168.10.0 255.255.255.0 192.168.70.1(Router1)
ip route 192.168.60.0 255.255.255.0 192.168.70.1(Router1)

f. Assigning IP address to router interface:

Router1:
interface GigabitEthernet0/0
ip address 192.168.70.2 255.255.255.0
duplex auto
speed auto

interface GigabitEthernet0/1
ip address 192.168.90.1 255.255.255.0
duplex auto
speed auto

Router0:
interface FastEthernet0/1
ip address 192.168.70.1 255.255.255.0
duplex auto
speed auto

g. VLAN configuration:
Switch0:
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 20

interface FastEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 20

interface FastEthernet0/3
switchport access vlan 10
switchport mode access
switchport voice vlan 20

interface FastEthernet0/4
switchport trunk native vlan 50
switchport mode trunk

interface FastEthernet0/5
switchport trunk allowed vlan 10,60
switchport mode trunk
 interface FastEthernet0/6
switchport trunk allowed vlan 10,60
switchport mode trunk

interface FastEthernet0/7
switchport access vlan 60
switchport mode access

interface FastEthernet0/8
switchport access vlan 60
switchport mode access

Switch1:
interface FastEthernet0/1
switchport trunk allowed vlan 10,60
switchport mode trunk

interface FastEthernet0/2
switchport trunk allowed vlan 10,60
switchport mode trunk

interface FastEthernet0/3
switchport access vlan 60
switchport mode access

interface FastEthernet0/4
switchport access vlan 60
switchport mode access

Result of the above given configuration are given below:

1. IP telephony is fully functional:

2. Wireless Communication is enabled:

3. Internet Access is enabled:

The IP address of the server is 192.168.90.2. The below given picture showcases the
reachability to the server through a ping from an end device.
4. Inter-VLAN routing:

We will try to ping a PC with IP address 192.168.60.9 which is in VLAN 60 from a PC

with IP address 192.168.10.8 which is VLAN 10 to showcase inter-VLAN connectivity
through the following picture.

5. Only authorised personnel can access devices on this network:

Due to proper basic device configuration, interfaces in the networking devices of the
network are secured by passwords and strong encryption. Following pictures
showcases these capabilities:
6. DHCP server is fully functional for different VLANs:

For VLAN 10:

For VLAN 60:

Through various configurations in the networking devices, we have achieved following

results (Summary):

1. Segmentation of a LAN into various Virtual LANs for various departments where PCs
of multiple departments are connected through a single switch.

2. Inter-VLAN routing is enabled for communication between devices of various

departments which are segmented through VLAN in layer 2.
 3. Configuring DHCP server for dynamic IP assignment to end devices in multiple
VLANs from specified pool of IPs for different VLANs.

4. Configuring Trunk ports for data transmission of multiple VLANs through an interface
and configuring access ports to various VLANs.

5. Configuring voice VLAN and IP telephony service in switch0 and router0 respectively
for transmission of voice info for communication smoothly. Configuring voice VLAN
provides steady bandwidth for voice communication.

6. Through installation and configuration of Wi-Fi enabled router for wireless

communication which is secured by WEP(Wired Equivalent Privacy).

7. Basic Device Configuration has protected various interfaces of the networking

devices with passwords and strong encryption.

There is always room for improvements in the network. Some of them are as follows:

1. Load Balancing is an important aspect in a network which hasn’t been configured

here. It will optimise the network through improved latency.

2. Fault tolerance is important for high availability in a network. Redundant networking

devices haven’t been installed in this network which can lead to network outages.

3. Provisions for IPv6 transition haven’t been configured in this network which might
limit the scalability of the company’s network in the future.

The End