Final report

Name: Asma Ul Hosna

STU ID: s357484
Contents
1. Abstract...................................................................................................................................................2
2. Introduction.............................................................................................................................................2
a. Background:.........................................................................................................................................2
b. Literature Review:...............................................................................................................................2
c. Aim and Scope:....................................................................................................................................3
3. Design:....................................................................................................................................................4
a. Topology:............................................................................................................................................4
b. Description:.........................................................................................................................................4
c. IP Addressing:.....................................................................................................................................5
4. Results.....................................................................................................................................................7
a. Simulation outcomes............................................................................................................................7
b. Analysis.............................................................................................................................................18
3. Conclusion:............................................................................................................................................18
a. Ethical consideration..........................................................................................................................18
b. Further work......................................................................................................................................19
4. References:............................................................................................................................................19
1. Abstract
This project is a simulation of a university, having a HQ and 2 remote LANs. The major
achievements of this project are implementing secured web server for HQ and external devices,
using IOT devices in the context of a company, having redundant connection, load balancing,
secured access etc. For limitations, in case of large number of devices and scalability, the
network has to be changed a lot for accommodating many devices. Also, in the ISP, OSPF and
static routing is used. ISIS and BGP can be deployed to meet future need.

2. Introduction
The increasing dependence on networked systems necessitates robust and secure network
designs. This project focuses on creating a secure and efficient network for an university,
incorporating modern technologies and best practices. The project aims to provide reliable
connectivity, ensure data security, and facilitate easy management of network resources.

a. Background:
The network is for a university campus, where certain security, reliability, redundancy etc
features need to be implemented with seamless internet connectivity. IOT is used for easy class
and office management in the Remote2 Lan. The DMZ server is kept in such a way that, HQ lan
will be secured from the external PCs, but can also have accessibility with the DMZ web server.
Vlan, stp, etherchannel, switchport security, ACL, FTP, DNS, DHCP, NAT, redundancy, IOT
server etc all things are considered thoroughly.
b. Literature Review:
For the Remote2 LAN, IOT is implemented. I have chosen the scenario, for a university, there
won’t be that much of a networking device, that needs to be controlled by SDN. Instead, for the
sake of smart classrooms and other necessary automated systems, it will be in dire need of IoT
devices. Therefore, I have chosen to implement IoT solution in the Remote2 LAN, which will be
one of the remote campus networks.
Use of digital displays, smart watches, camera, audio recorder etc should be able to communicate
with each other. This interconnection of the development in technology, enabled through IoT
methodologies coins the word ‘smart campus’ [1].
There are 4 main focus points of IoT. They are: Things, people, processes, and data. In this
scenario, for entering in the university campus, RFID can be used, which is also a part of IoT
devices. There are also several benefits of using IoT devices. Like saving time, cost, energy,
water, monitoring environmental situations, etc. Also, all kind of maintenance can be automated,
by using the sensors attached to the IoT devices. By using the computer vision, students, teachers
and staffs can be easily identified. Any kind of security threat can be avoided. Also, in the peak
hour, like in the canteen, any kind of overcrowding or hassle can be avoided by using IoT
devices in a timely manner [2].
As there are a lot of IoT devices, continuously, there are data being collected. So, there will be
BIG data, which can be used to optimize the usage of all the devices and power consumption,
which in result will help cutting the cost [3]. As for every 2 years, data is doubling in size and is
going to reach 44 Zettabytes in the next 4 years [4]. So, it is high time to use the data collected
through it, to maximize efficiency.
There are also some problems in this approach. But there is also a solution to the problems. Like,
there is a problem of addressing scheme. As the number of IoT devices are increasing, uniquely
identifying them with IPv4 addressing is not feasible any more, as IPv4 has already been
exhausted. So, comes IPv6 addressing. But there is also another solution, proposed by [5]. They
designed a lightweight addressing scheme. Here, using virtual domain and multi-encoding, they
have addressed the nodes [5].
Then comes the issue of a huge number of devices. So, designing energy-efficient network
architecture, and supporting intelligent routing mechanisms is one of the biggest challenges in
this kind of design [6]. For the solution of this problem, the authors of this [7] paper, clustered
the sensing field into group. Each group having a message broker, collecting information from
sensors, which results in energy efficiency.
QoS(Quality of Service) is also an important term. If data is not delivered in the intended time
frame, then the data will be valueless. Therefore, a general model for supporting the QoS-aware
deployment of multi-components IoT cloud infrastructure is proposed in the [8] paper.

c. Aim and Scope:

The aim of this project is to design and implement a secure and efficient network for a university
campus, ensuring seamless connectivity between LANs and protection against unauthorized
access. Key features include:

HQ LAN: Redundancy, DHCP, DNS, DMZ, NAT

Remote1 LAN: VLAN, STP, switchport security, ACL, file server, EtherChannel
Remote2 LAN: IoT devices for operational visibility, process automation, and improved
efficiency
Proper IP addressing using VLSM ensures efficient use of IPv4 addresses. Security features like
ACLs and VLANs enhance network protection, while EtherChannel prevents congestion during
high traffic. Wireless connectivity is not included in the project scope.

3. Design:
The design of the network is for a university campus, having HQ and 2 Lans, which are
connected via internet (ISPs). So, we need security for the HQ, but also maintaining DMZ
webserver, so that others can access it.

a. Topology:
The topology consists of 4 isp routers making the cloud (internet). The varsity has 3 Lans,
mainly HQ_Lan, Remote_Lan1 and Remote_Lan2. The HQ_Lan has 6 routers in total. There are
1 DMZ web server, 1 DHCP server, 1 DNS server, 4 Switches and 3 PCs. The router 3 and 4 are
HSRP configured, having the same virtual ip of 192.168.0.70 255.255.255.192 in their
GigabitEthernet 0/0/0.
For the Remote_Lan1, there are 2 routers, the router 5 is for the inter vlan routing, mainly a
‘router on a stick’. There are vlan 10 and vlan 20, and router 5 is used for the communication.
There are also 6 switches and 4 Pcs and 1 file server. The File server is used as FTP server and
used for download and upload file. The switch 5 and switch 4 are configured with Etherchannel
for better connectivity. Also, to prevent layer 2 loop better, Rapid-PVST is used in Switch 4, 0,
1, 3 and 10.
In the Remote_Lan 2, a switch is used to connect with the IOT devices directly and an Access
Point is used to connect the IOT devices wirelessly. There is also an IOT server for controlling
the IOT devices, which can be easily controlled.

b. Description:
The HQ LAN has been configured with Port Address Translation type NAT, for enhanced
security and IP address conserving. In the router HQ_BR, the interface g0/0/0 is used for the
public IP. The DMZ web server is connected with G0/0/1 interface of the HQ_BR. ACL is
configured in such a way that all the devices from inside the HQ and other LANs can access the
DMZ server. Only the 192.168.0.128 network segment of the HQ can communicate with the
Remote LAN1 and Remote LAN2. All the PCs of the HQ can communicate with the web server.
No PC in the Remote LAN1 and Remote LAN2 can communicate with the internal HQ PCs,
except DMZ web server. The DNS server is configured like the WWW server for better DNS
lookup speed in the HQ. The DHCP server is relayed to all the PC for allocating IP address
dynamically to all the PC in the HQ.
In the Remote 1 LAN, there are Vlan 10 and 20 configured and router on a stick method is
applied for inter vlan routing. RPVST is used for fast convergence of layer 2 loop. All the
switches in all the lans are configured with switchport security and all the unused ports are kept
administratively down. The password for all the routers and switches are kept ‘admin’, with
encryption.
The Remote 2 LAN is equipped with IOT devices and an Access Point with SSDI:
HomeGateway and Password: admin@123 is used for connecting the IOT devices. The IOT
server 81.20.20.2 with the username: admin and Password: admin is used for managing the IOT
devices.
The HQ LAN is configured with OSPF single area routing. The ISPs and Remote Lan 1 are also
configured the same individually. The ISPs are configured with static routing with Lans of other
ISP routers. Finally, the HQ_BR, Remote_LAN1 and Remote_LAN2 routers are configured with
default static route to their respective ISP routers. Also, default information originate is used to
make all the internal routers know about the default static route.

c. IP Addressing:
The IP addressing of the topology is given below.
For HQ lan, 192.168.0.0/24 network segment is used. It is further subnetted with VLSM.
Usage Area and Devices Network segment Devices
DMZ area 192.168.0.0/26 DMZ web server
(192.168.0.2/26), g0/0/1 of
HQ_BR (192.168.0.1/26)
HSRP, DNS, DHCP server 192.168.0.64/26 Virtual IP of HSRP of se0/2/0
and se0/2/1 of HQ_BR
(192.168.0.70/26), PC7
(Dynamic), DHCP server
(192.168.0.67/26), DNS
server (192.168.0.69/26), int
g0/0/0 of router2
(192.168.0.68/26)
PC0 and PC8 192.168.0.128/26 PC0 and PC8 (Dynamic),
router 0 -int g0/0/1
(192.168.0.129/26)
Between HQ_BR & Router 3 192.168.0.240/30 HQ_BR int se0/2/1
(192.168.0.245/30) and
 se0/1/0 of router 3
(192.168.0.242/30)
Between HQ_BR & Router 4 192.168.0.244/30 HQ_BR int se0/2/0
(192.168.0.241/30) and
se0/1/0 of router 4
(192.168.0.246/30)
Between Router 1 & 2 192.168.0.248/30 Router 2 int g0/0/1
(192.168.0.249/30) and router
1 int g0/0/1
(192.168.0.250/30)
Between Router 1 & 0 192.168.0.252/30 Router 1 int g0/0/0
(192.168.0.253/30) and router
0 int g0/0/0
(192.168.0.254/30)
HQ_BR & ISP1 60.20.20.252/30 HQ_BR g0/0/0
(60.20.20.253/30) and ISP1
Other networks of the 192.168.0.0 segments are kept away for future upgrade and scalability.

For the Remote Lan 1

Usage Area and Devices Network segment Devices
Remote1_BR to Router 5 90.20.20.0/26 File server (90.20.20.2/26)
Vlan 10 90.20.20.128/26 PC3 (90.20.20.129/26), PC4
(90.20.20.130/26), g0/0/0.10
of router 5 (90.20.20.131/26)
Vlan 20 90.20.20.66/26 PC 1 (90.20.20.65/26) and PC
2 (90.20.20.66/26), g0/0/0.20
of router 5 (90.20.20.67/26)
Remote1_BR and ISP3 70.20.20.252/30 Remote1_BR g0/0/0
(70.20.20.254/30) and ISP3
Other networks of the 90.20.20.0 segments are kept away for future upgrade and scalability.

For Remote Lan 2

Usage Area and Devices Network segment Devices
IOT devices 81.20.20.0/24 All IOT devices, IOT server
(81.20.20.2/24)
Remote2_BR & ISP2 80.20.20.252/30 Remote2_BR g0/0/0
(80.20.20.254/30)
4. Results

The Packet Tracer simulation demonstrates successful configuration of all required components.
Screenshots and configuration files show the network's connectivity, security measures, and
correct implementation of the design.
a. Simulation outcomes

Fig: Redundant active router

 Fig: Redundant standby router

Fig: PC7 can ping DMZ, meaning HQ can access DMZ

 Fig: PC1 of Remote1 lan can ping DMZ, meaning external pc can access DMZ

Fig: PC1 of Remote1 Lan can’t access PC0 of HQ, meaning outside PCs can’t access inside the
HQ lan.
Fig: PC5 of remote 2 lan can ping DMZ. But the reply from DMZ shows 60.20.20.253, meaning
it is NAT correctly
 Fig: PC0 can access WWW server via its URL, using DNS server.

Fig: PC8 can have ip address dynamically, from the DHCP server 192.168.0.67/26
Fig: dynamic and static routing in HQ

Fig: dynamic and static routing in ISPs

Fig: PC7 can’t access Remote 2 IOT server (as only PC0 and PC8 can access Remote1 & 2 Lan)

Fig: PC0 can access Remote 2 IOT server (as only PC0 and PC8 can access Remote1 & 2 Lan)
Fig: Inter Vlan routing from PC3 to PC1, via 90.20.20.131 of Router 5

Fig: Etherchannel, RPVST, Password encryption of Switch 4

Fig: Switchport security and administratively down ports
Fig: Uploading file in file server
 Fig: Downloading file from file server

Fig: PC3 of Remote 1 can access WWW server

 Fig: PC8 from HQ lan, (outside of Remote 2) can access IOT devices

b. Analysis
The network meets all design requirements, providing redundancy at HQ, secure
and segmented traffic at Remote1, and innovative IoT/SDN solutions at Remote2.
Security configurations effectively block unauthorized access and protect against
potential threats.

3. Conclusion:
The use of IOT devices in our day to day life is increasing rapidly. Secured and reliably
connecting and integrating them in our Home and offices/industries is very crucial. The
following project showcases the simulation of this real life scenario, in a secured, reliable and
efficient manner. Which in terms, meets the need of a university campus.

a. Ethical consideration
The ACS code of Ethics are strictly maintained, like the interest of the public is kept in foremost,
than personal interest.
Primacy of the Public Interest: As the design prioritizes security and privacy of all users, via
Vlan, ACL, encryption, it protects the public’s data. For example, in the HQ Lan, no other pc can
access the internal HQ Lan, except for the DMZ web server.
Enhancement of Quality of Life: Redundant routers and switch paths are used, better routing
protocol like OSPF is used, Etherchannel is used for link aggregation, which decreases downtime
and can give better performance.
Honesty: Clear documentation, username and password in all the areas are given accordingly
near the devices for easy access and transparent reporting.
Competence: The network is designed with advanced networking technology for fast and secure
connection. It is maintaining the quality of industry standard.
Professional Development: Implementing real life situation like scenario, like using IOT devices
in office.
Professionalism: Considered all the industry standards and documentations, so that it reflects the
professionalism.

The ethical consideration of a professional body has been followed by confidentiality of

password, secured management of the devices, clear documentation of configuration, secured
and reliable network, ensuring privacy via encryption of password, restricting unauthorized
access via switchport security and ACL and finally all the users are equally protected, which
indicates fairness.
b. Further work
Future improvements will include:
Scaling the Network:
Expanding the network to support more users and devices.
Adding Advanced Features:
SDN (Software-Defined Networking): For better control and flexibility of the network.
IPv6: To handle more devices and prepare for the future.
BGP (Border Gateway Protocol): In the ISP area to manage multiple connections efficiently.
VPN with IPsec: Creating secure tunnels for safe internet data transfer.
GRE Tunneling: Encrypting data to protect it from being intercepted and understood by
unauthorized users.
These enhancements will improve network efficiency, security, and scalability.

4. References:
1. Majeed, Asim, and Mahmood Ali. "How Internet-of-Things (IoT) making the university
campuses smart? QA higher education (QAHE) perspective." 2018 IEEE 8th Annual Computing
and Communication Workshop and Conference (CCWC). IEEE, 2018.
2. Zhamanov, Azamat, et al. "IoT smart campus review and implementation of IoT applications
into education process of university." 2017 13th International Conference on Electronics,
Computer and Computation (ICECCO). IEEE, 2017.
3. Sharma, Kamlesh, and T. Suryakanthi. "Smart system: IoT for university." 2015 International
Conference on Green Computing and Internet of Things (ICGCIoT). IEEE, 2015.
4. Farhan, Laith, et al. "A survey on the challenges and opportunities of the Internet of Things
(IoT)." 2017 Eleventh International Conference on Sensing Technology (ICST). IEEE, 2017.
5. Luo, Bingqing, and Zhixin Sun. "Research on the model of a lightweight resource
addressing." Chinese Journal of Electronics 24.4 (2015): 832-836.
6. Farhan, Laith, et al. "Towards green computing for Internet of things: Energy oriented path
and message scheduling approach." Sustainable Cities and Society 38 (2018): 195-204.
7. Abdullah, Saima, and Kun Yang. "An energy efficient message scheduling algorithm
considering node failure in IoT environment." Wireless personal communications 79 (2014):
1815-1835.
8. Brogi, Antonio, and Stefano Forti. "QoS-aware deployment of IoT applications through the
fog." IEEE internet of Things Journal 4.5 (2017): 1185-1192.