BAHIR DAR UNIVERSITY

INSTITUTE OF TECHNOLOGY

SCHOOL OF COMPUTING & ELECTRICAL ENGINEERING

ELECTRICAL & COMPUTER ENGINEERING DEPARTMENT

INTERNSHIP REPORT

On

Bahir Dar University ICT Development Office Main Campus Data Center

By

Haimanot Tizazu

Host Company: BDU

 BAHIR DAR UNIVERSITY
INSTITUTE OF TECHNOLOGY

SCHOOL OF COMPUTING & ELECTRICAL ENGINEERING

ELECTRICAL & COMPUTER ENGINEERING DEPARTMENT

INTERNSHIP REPORT

On

Bahir Dar University ICT Development Office Main Campus Data Center

By

Haimanot Tizazu

ID No. 126/2000

Host Company: BDU

Duration: March-June 2012

Dedications

This internship report is dedicated to my parents, and all my friends for being with me and
helping me in each and every difficulty I faced in this internship report completion and to my
teachers and all those who taught me, trained me and polished my abilities at Bahir Dar
University ,Institute of Technology.
Approval of the Internship Report

I, hereby declare that this Internship Report is submitted to the partial fulfillment of the
internship program during the last four months. Any part of this report has not been reported or
copied from any report of the university and others.

Approved by:

______________________ _________________________
Academic Mentor Company Supervisor
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Acknowledgment
The special thank goes to my helpful supervisor Mr. Ferede Wollie, Network Administrator of
Bahir Dar University. The supervision and support that he gave truly help the progression and
smoothness of the internship program. The co-operation is much indeed appreciated. I express
my sincere thanks to my mentor Mr. Tinbit Admasu.

Haimanot T.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Table of Contents

Acknowledgment…………………………………………………………………………………..i
List of figures……………………………………………………………………………………..iv
List of Acronyms & Abbreviations………………………………………………………………..v
Executive Summary………………………………………………………………………………vi
1 Background Information of Bahir Dar University…………………………………………….1
1.1 Mission…………………………………………………………………………………2
1.2 Vision…………………………………………………………………………………..2
1.3 Core Values…………………………………………………………………………….2
1.4 Main Products and Services............................................................................................3
1.5 Main Customers of Bahir Dar University.......................................................................3
1.6 The overall organizational structure and work flow of Bahir Dar University................4
1.7 ICT Development Office.................................................................................................6
2 The Overall Internship Experience…………………………………………………………..8
2.1 How I get in to the company………………………………………………………………8
2.2 The section of the Company I have been working on…………………………………….8
2.2.1 Hardware overview………………………………………………………………...8
2.2.2 Campus Hierarchical Network Design Overview………………………………...13
2.2.3 Security……………………………………………………………………………18
2.3 The Work Flow of Main Campus Data Center……………………………………….20
2.4 Work piece and work tasks I have been executing…………………………………...21
2.5 Procedures I have been following while performing my tasks……………………….27
2.6 How good I have been in performing my tasks……………………………………….27
2.7 Challenges I have faced while performing my tasks………………………………….27
3 The Overall Benefits I gained From the Internship………………………………………….28
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

3.6 Work Ethics Related Issue……………………………………………………………30

3.7 Entrepreneurship Skills……………………………………………………………….30
4 Conclusion and Recommendations ………………………………………………………….31
4.1 Conclusion………………………………………………………………………………31
4.2 Recommendations………………………………………………………………………32
5 References……………………………………………………………………………………33
6 Appendix……………………………………………………………………………………..34
6.1 Basic Cisco Catalyst Switch Configuration Command ………………………………..34
A .Distribution Switch Configuration …………………………………………………34
B. Access Switch Configuration……………………………………………………….36
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

List of Figures

Figure 1.1 Main Customers of Bahir Dar University......................................................................3

Figure 1.2 Organizational Structure and work flow of Bahir Dar University.................................5

Figure 1.3 Structure of ICT Development Office of BDU............................................................6

Figure 2.1 Cisco twingig converter module……………………………………………………...10

Figure 2.2 Cisco Aironet1252 Access Point rear view…………………………………………..12

Figure 2.3 Hierarchical Campus Network Design……………………………………………….13

Figure 2.4 Core Layer……………………………………………………………………………14

Figure 2.5 Distribution Layer……………………………………………………………………16

Figure 2.6 Access Layer…………………………………………………………………………17

Figure 2.7 A typical secured network……………………………………………………………19

Figure 2.8 The work flow of main campus data center………………………………………….20

List of Tables

Table 2.1 Cisco Aironet1252 Access Point rear view…………………………………………...12

Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

List of Acronyms & Abbreviations

ARP Address Resolution Protocol

ASA Adaptive Security Appliances
BDU Bahir Dar University
CRAC Computer Room Air Conditioning
DHCP Dynamic Host Configuration Protocol
DMZ Demilitarized Zone
DNS Domain Name System
FTP File Transfer Protocol
GLBP Gateway Load Balancing Protocol
HA High Availability
HSRP Hot Standby Router Protocol
ICT Information Communication Technology
IGMP Internet Group Membership Protocol
IIS Internet information Services
INSA Information Network Security Agency
IP Internet Protocol
IPS Intrusion prevention systems
IT Information Technology
L2 Layer 2
L3 Layer 3
LAN Local Area network
LWAPP Lightweight Access Point Protocol
NAT Network Address Translation
POE Power Over Ethernet
QoS Quality of Service
RU Rack Unit
SSP Security Services Processor
UNDP United Nations Development Program
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Executive Summary

This report is about to explain what I did and learned during my internship period with Bahir Dar university
ICT development office, main campus data center. As the main purpose of internship is to learn by
working in practical environment and to apply the knowledge acquired during the studies in a
real world scenario in order to tackle the problems using the knowledge and skill learned during
the academic process.
I have discussed about every major aspect of the campus network, which I observed and
perceived during my internship program

This report is divided in to four sections. Section one will discuss about the background of Bahir
Dar University and ICT Development office. In section two will get the overall internship
experience of campus network design overview and basic switch configuration. Section three the
overall benefits I gained from during the internship program. The last section is conclusion and
recommendations of the previous sections which about ICT development office, main campus
data center.

The most important in an internship program is that the student should spend their time in a true
manner and with the spirit to learn practical orientation of theoretical study framework. This
report is about my internship that I have undergone at Bahir Dar University ICT development
office main campus data center from March – June 2012. During my internship I am able to learn
practical aspect of network and get good working experience.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

1. Background Information of Bahir Dar University

Bahir Dar University was established by merging two former higher education institutions;
namely the Bahir Dar Polytechnic and Bahir Dar Teachers’ College. The Bahir Dar Polytechnic
Institute, which has transformed itself into Technology and Textile institutes, was established in
1963 under the technical cooperation between the Government of USSR and the Imperial
Government of Ethiopia. The institute was a premier institute in producing technicians for the
nation. The Bahir Dar Teachers’ College, by then known as the Academy of Pedagogy, was
established in 1972 by the tripartite agreement of the Imperial Government of Ethiopia,
UNESCO and UNDP and started actual work in the following year under the auspices of the
Ministry of Education and Fine Arts. Its general objective was to train multipurpose primary
education professionals capable of adopting primary education to rural life and rural
development. Its specific objectives were to train primary school teacher trainers, supervisors,
educational leaders, adult education organizers and community development agents.

The two institutions of higher learning were integrated to form the Bahir Dar University
following the Council of Ministers regulation no. 60/1999 GC. The University was inaugurated
on May 6, 2000. Bahir Dar University is now among the largest universities in the Federal
Democratic Republic of Ethiopia, with more than 35,000 students in its 57 undergraduate and 39
graduate programs. Bahir Dar University has four colleges, three institutes, three faculties and
one school. The academic units of the University include College of Science, College of
Agriculture and Environmental Sciences, College of Medical and Health Sciences, College of
Business and Economics, Institute of Technology, Institute of Textile, Garment and Fashion
Design, Institute of Land Administration, Blue Nile Water Institute, Faculty of Humanities,
Faculty of Social Sciences, Faculty of Education and Behavioural Sciences and School of Law.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

1.1 Mission
The mission of the Bahir Dar University is to contribute substantially for social, cultural,
economic, political, scientific and technological development of the nation; through the
provision of high quality education, active engagement in research and outreach activities for the
betterment of life, while offering our employees a conducive and rewarding working
environment that values, recognizes and appreciates their contributions.

1.2 Vision
The vision of the Bahir Dar University is to become one of the ten premier research universities
in Africa in 2025 recognized for its quality education, research and outreach activities.

1.3 Core Values

In fulfilling its mission and achieving its vision the Bahir Dar University will uphold, promote
and be guided by the following core values:
 Quality: - University product should be of high quality and the University staffs
continuously strive for excellence in their academic and administrative endeavors.

 Integrity: - in all our activities we will act with the quality of being honest and with
strong moral principles

 Transparency- rules, regulations and decision makings at all levels to be transparent.

 Accountability- University staff performing duties in an accountable manner and taking

full responsibility for actions and decisions they take thereof.

 Rule of law-University community believe in rule of law and act accordingly.

 Equality – the University is an equal opportunity employer and teaching institution

regardless of gender, status in society, ethnic background or religious affinity. The
University management never discriminates among its employees and treats them on
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

1.4 Main Products and Services

Universities, traditionally, have two main goals: to create and to disseminate knowledge. The
creation of knowledge is done through the research and its dissemination, is done through the
education.

1.5 Main Customers of Bahir Dar University

The customers of Bahir Dar University are divided in different groups of actors, who are linked
to the educational process being the main: current students, potential students, employees,
employers, government and industry. Which have classified the customers in internal and
external, emphasizing that the internal customer who are work to the satisfaction of external
customers (Juran 1988). Besides, to the authors the customers can be classified in primary ones
and secondary ones, based on their location being as internal customers or external ones and
based on the frequency of interaction that the institution has with them too. While consider that
the product of higher education is the education and then, depending on the role developed by
them during the course, the students can be classified as internal or external 1.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

1.6 The overall organizational structure and work flow of Bahir Dar University

Bahir Dar University has to strive to emplace management system that is democratic, honest,
inspiring, transparent, and highly participatory. The University has two core processes and five
support processes. The University’s top management includes the president, four Vice
presidents, and deans/directors for academic units and seven process owners. The major focus of
the management in terms of governance and management includes improve efficiency on major
administration areas such as budget utilization, business process (procurement, finance, registrar,
etc.) efficiency and decision making system in a transparent manner. IT supported decision
making is one of the areas under governance and management which BDU will give special
attention to.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Board

Senate President

Managing Council University Council

Audit & Quality Assurance Legal Affairs

Strategy Group

Vice President for

Vice President for Vice President for Business Vice President for
Information & Strategic
Academic Affairs & Development Research & Community
Communication
Services

Academic Affairs
Executive Director

Income Generation
Planning, Budget &
Student Services Human Resource Procurement & Property Process Owner
Finance Process
Process Owner Management Administration Process
Owner
Process Owner Owner

Figure 1.2 Organzitional Structure and work flow of Bahir Dar University

School of Computing & Electrical Engineering IoT, BDU 5

Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

1.8 ICT Development Office

BDU knows that ICT is a means to advance the core academic processes, to facilitate
Administrative functions and research needs of the University. Thus the university has
reorganized the ICT development office as that of 2011 in a new fashion which comprises four
directorate directors under the executive Director, Indeed the office directly accounted to the
president of the University.
Objective
The overall objective of ICT Development office lies on addressing the key ICT needs in Bahir
Dar University. These include:-

• Build and Administrate Communication Infrastructure, Automation of business processes,

develop digital Content and Advanced Research facilities.

President

Executive Director

System & Network System Design & E-learning training Maintenance &
Administrator Development & Consultancy Support
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Major tasks going on

• Student Information Management system has developed and implemented with two ICT
staff SIMS has began its function at the beginning of 2011 and now more than 80 percents
of students information are manipulated with this application system, Indeed it is expected
to change drastically the BDU students record and course management.

• Bahir Dar University has begun to build its network infrastructure in a new fashion with
more than 60 million Birr. BDU has outsourced its Local area network infrastructure
building. The project has started on June, 2011 and now most of the network devices are
delivered at the university’s store. The project has already trunk and punch down the
cables in the buildings.

• Has began developed different information systems, Store management system, Human
resource management systems and others.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

2. The Overall Internship Experience

Nothing is a waste of time if you use the experience wisely.
— AUGSTE RODIN

2.1. How I get in to the company

I have been IT technician of main campus before two years at Bhair Dar university ICT
development office and in this time I have seen many changes and great growth in the section.
Though the company which I can get, the existing network Bahir Dar University is expansion by
Information Network Security Agency (INSA). While the expansion network of Bahir Dar
University has understood that in today’s world of information communication technology
implementing a reliable secure and scalable network infrastructure that automates different office
activities is of great importance. And with this regard has shown readiness to re-deploy a secured
and high performance ICT infrastructure. The BDU network includes LAN network redesign and
deployment, data centre design and construction, SAN and server systems.

2.2 The section of the Company I have been working on

I have been doing my internship in the Bhair Dar University ICT Development office
specifically in the main campus data center. During the first month internship period from
hardware overview study to campus three-layer Cisco hierarchy model. While in the second
month I have spent in the configuration of distribution switch and access switch as well as
Microsoft windows server 2008.

2.2.1 Hardware overview

Cisco Catalyst 6500 E

The 15U Rack, 9-slot Cisco Catalyst 6509-E Switch provides high port densities that are ideal
for many wiring closet, distribution, and core network as well as data center deployments. The
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Supports all Cisco Catalyst 6500 Series modules, including:

 Supervisor engines

 Fast Ethernet modules (with IEEE 802.3af Power over Ethernet [PoE])

 Gigabit Ethernet modules (with IEEE 802.3af PoE)

 10 Gigabit Ethernet modules

 Flex WAN modules

 Shared Port Adaptors/SPA Interface Processors

 Multi-Gigabit services modules (content services ,firewall, intrusion detection, IP

Security [IPSec], VPN, network analysis, and Secure Sockets Layer [SSL]
acceleration)

Cisco Catalyst 4507 E switch

The Cisco Catalyst 4500 Series Switches enable borderless networks, providing high
performance, mobile, and secure user experience through Layer 2-4 switching investments. It
enables security, mobility, application performance, video, and energy savings over an
infrastructure that supports resiliency, virtualization, and automation. Cisco Catalyst 4500 Series
Switches provide borderless performance, scalability, and services with reduced total cost of
ownership and superior investment protection.

Cisco Catalyst 4500 has a centralized forwarding architecture that enables collaboration,
virtualization, and operational manageability through simplified operations. With forward and
backward compatibility spanning multiple generations, the new Cisco Catalyst 4500E Series
provides exceptional investment protection and deployment flexibility to meet the evolving
needs of organizations of all sizes. The Cisco Catalyst 4500E Series platform has 10 Gigabit
Ethernet (GE) uplinks and supports PoEP, enabling the customers to future proof their network.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

enterprise branch offices, the Cisco Catalyst 3750 Series eases deployment of converged
applications and adapts to changing business needs by providing configuration flexibility,
support for converged network patterns, and automation of intelligent network services
configurations. In addition, the Cisco Catalyst 3750 Series is optimized for high-density Gigabit
Ethernet deployments and includes a diverse range of switches that meet access, aggregation, or
small-network backbone-connectivity requirements.
Cisco Catalyst 2960 Series
The Cisco Catalyst 2960-S and 2960 Series Switches are the leading Layer 2 edge, providing
improved ease of use, highly secure business operations, improved sustainability, and a
borderless network experience. The Cisco Catalyst 2960-S Series switches include new Cisco
Flex Stack switch stacking capability with 1 and 10 Gigabit connectivity, and Power over
Ethernet Plus (PoE+) with the Cisco Catalyst 2960 Switches offering fast Ethernet access
connectivity and PoE capabilities. The Cisco Catalyst 2960-S and 2960 Series are fixed-
configuration access switches designed for enterprise, midmarket, and branch office networks to
provide lower total cost of ownership.

TwinGig Converter Module

The Cisco TwinGig Converter Module converts a single 10 Gigabit Ethernet X2 interface into
two Gigabit Ethernet port slots, which can be populated with appropriate Small Form-Factor
Pluggable (SFP) optics, providing a total of 12 wire-speed Gigabit Ethernet ports if used in all 6
X2 interface slots. The flexibility provided by the TwinGig Converter Module enables customers
to aggregate Gigabit Ethernet and 10 Gigabit Ethernet LAN access switches on a single line card.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Cisco ASA 5520 and 5540 Security Appliance

The Cisco ASA 5500 Series Adaptive Security Appliance integrates firewall, IPS, and VPN
capabilities, providing an all-in-one solution for the enterprise network.

Cisco ASA 5585-X Security Appliance

The ASA 5585-X adaptive security appliance is a 2 RU, two-slot chassis accommodating up to
two AC power supply modules, which also contain the necessary cooling components for
operation, although you can install a fan module in the second bay. The Security Services
Processor (SSP) resides in slot 0 (the bottom slot) and the optional Intrusion Prevention System
Security Services Processor (IPS SSP) resides in slot 1 (the top slot). All port numbers are
numbered from right to left beginning with 0.

Cisco 5508 Wireless Controller

The Cisco 5500 Series Wireless Controller is a highly scalable and flexible platform that enables
system wide services for mission-critical wireless in medium to large-sized enterprises and
campus environments. Designed for 802.11n performance and maximum scalability, the 5500
Series offers enhanced uptime with RF visibility and protection, the ability to simultaneously
manage up to 500 access points; superior performance for reliable streaming video and toll
quality voice; and improved fault recovery for a consistent mobility experience in the most
demanding environments.

The Cisco 5500 Series Wireless Controller, designed for 802.11n performance and maximum
scalability, supports up to 250 lightweight access points and 7000 clients, making it ideal for
large-sized enterprises and high-density applications. A core component of the Cisco unified
wireless solution, these controllers deliver wireless security, intrusion detection, radio
management, quality of service (QoS), and mobility across an entire enterprise. The controllers
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Cisco Aironet 1250 Lightweight Access point

The lightweight access point (model: AIR-LAP1252) is part of the Cisco Integrated Wireless
Network Solution and requires no manual configuration before being mounted. The lightweight
access point is automatically configured by a Cisco wireless LAN controller using the
Lightweight Access Point Protocol (LWAPP).

In the Cisco Centralized Wireless LAN architecture, access points operate in lightweight mode
(as opposed to autonomous mode). The lightweight access points associate to a controller. The
controller manages the configuration, firmware, and controls transactions such as 802.1x
authentication. In addition, all wireless traffic is tunneled through the controller.

Key hardware features of the access point include:

• Two radio module slots for single or dual-radio operation

• Ethernet port and console port
• LEDs,
• Multiple power sources
• UL 2043 compliance
• Anti-theft features
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

2.2.2 Campus Hierarchical Network Design Overview

Cisco introduced the hierarchical design model, which uses a layered approach to network design
in 1999 (Figure 2.3). The building block components are the access layer, the distribution layer,
and the core (backbone) layer. The principal advantages of this model are its hierarchical
structure and its modularity.

Figure 2.3 Hierarchical Campus Network Design

Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Functions are distributed at each layer. A hierarchical design avoids the need for a fully-meshed
network in which all network nodes are interconnected.
The building blocks of modular networks are easy to replicate, redesign, and expand. There
should be no need to redesign the whole network each time a module is added or removed.
Distinct building blocks can be put in-service and taken out-of-service without impacting the rest
of the network. This capability facilitates troubleshooting, problem isolation, and network
management.

Core Layer
In a typical hierarchical model, the individual building blocks are interconnected using a core
layer. The core serves as the backbone for the network, as shown in Figure 2.4. The core needs to
be fast and extremely resilient because every building block depends on it for connectivity.
Current hardware accelerated systems have the potential to deliver complex services at wire
speed. However, in the core of the network a “less is more” approach should be taken. A
minimal configuration in the core reduces configuration complexity limiting the possibility for
operational error.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Although it is possible to achieve redundancy with a fully-meshed or highly-meshed topology,

that type of design does not provide consistent convergence if a link or node fails. Also, peering
and adjacency issues exist with a fully-meshed design, making routing complex to configure and
difficult to scale. In addition, the high port count adds unnecessary cost and increases complexity
as the network grows or changes. The following are some of the other key design issues to keep
in mind:

• Design the core layer as a high-speed, Layer3 (L3) switching environment utilizing only
hardware-accelerated services. Layer3 core designs are superior to Layer2 and other alternatives
because they provide:
– Faster convergence around a link or node failure.
– Increased scalability because neighbor relationships and meshing are reduced.
– More efficient bandwidth utilization.

Use redundant point-to-point L3 interconnections in the core (triangles, not squares) wherever
possible, because this design yields the fastest and most deterministic convergence results.
Avoid L2 loops and the complexity of L2 redundancy, such as Spanning Tree Protocol (STP)
and indirect failure detection for L3 building block peers.

Distribution Layer
The distribution layer aggregates nodes from the access layer, protecting the core from high-
density peering (Figure 2.5). Additionally, the distribution layer creates a fault boundary
providing a logical isolation point in the event of a failure originating in the access layer.
Typically deployed as a pair of L3 switches, the distribution layer uses L3 switching for its
connectivity to the core of the network and L2 services for its connectivity to the access layer.
Load balancing, Quality of Service (QoS), and ease of provisioning are key considerations for
the distribution layer.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Figure 2.5 Distribution Layer

High availability in the distribution layer is provided through dual equal-cost paths from the
distribution layer to the core and from the access layer to the distribution layer. This results in
fast, deterministic convergence in the event of a link or node failure. When redundant paths are
present, failover depends primarily on hardware link failure detection instead of timer-based
software failure detection. Convergence based on these functions, which are implemented in
hardware, is the most deterministic.

Access Layer
The access layer is the first point of entry into the network for edge devices, end stations, and IP
phones (Figure 2.6). The switches in the access layer are connected to two separate distribution
layer switches for redundancy. If the connection between the distribution layer switches is an L3
connection, then there are no loops and all uplinks actively forward traffic.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Figure 2.6 Access Layer

A robust access layer provides the following key features:

• High availability (HA) supported by many hardware and software attributes.

• Inline power (POE) for IP telephony and wireless access points, allowing customers to
converge voice onto their data network and providing roaming WLAN access for users.

• Foundation services.
The hardware and software attributes of the access layer that support high availability include the
following:

• System-level redundancy using redundant supervisor engines and redundant power

supplies. This provides high-availability for critical user groups.

• Default gateway redundancy using dual connections to redundant systems (distribution

layer switches) that use GLBP, HSRP, or VRRP. This provides fast failover from one
switch to the backup switch at the distribution layer.

• Operating system high-availability features, such as Link Aggregation (EtherChannel or

Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

• Security services for additional security against unauthorized access to the network
through the use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP
Inspection, and IP Source Guard.

• Efficient network and bandwidth management using software features such as Internet
Group Membership Protocol (IGMP) snooping. IGMP snooping helps control multicast
packet flooding for multicast applications.

2.2.3 Security
The world is becoming more interconnected with the advent of the Internet and new networking
technology. There is a large amount of personal, commercial, military, and government
information on networking infrastructures worldwide. Network security is becoming of great
importance because of intellectual property that can be easily acquired through the internet.

Perimeter Security
A network /internetwork perimeter is a secure boundary of a network that may include some or
all of the firewalls, routers, ids, VPN, mechanisms, DMZ and screened subnets.DMZ is outside
the Firewall screened subnet is an isolated sub-network connected to a dedicated firewall
interface.

Cisco ASA Firewall

A firewall is a network system or group of systems that manages access between two or more
networks. Firewall operations are based on one of three technologies:

• Packet filtering- Limits information that is allowed into a network based on the
destination and source address

• Proxy server (Application layer)- Requests connections on behalf of a client

Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Figure 2.7 A typical secured network

The higher the security level of an interface the higher the trust level of the network connected to
that interface and vice-versa. As a result the above figure assign a security level of 100 to an
inside interface of a given LAN and the 0 security level to the outside interface which is
connected to the Internet or to service provider.

Server Farm Security

Deploying multilayer defense mechanisms is the first action that should be considered to secure
server farms. To add aditional protection to each of the council’s server farm from internal and
external attacks Cisco ASA 5500 firewalls and IPS modules will be deployed. The Cisco ASA
5500 firewalls and IPS modules will be configured to filter and inspect traffics that flow to/ from
those critical application servers according to access policies set by the BDU.

ASA Firewall Placement

The ASA firewall will be placed between the core/distribution switches and the redundant server
farm switches to secure any traffic flow between the server farms and the LAN users.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

– Physical security barriers (for example, locked doors) while entering to data centers and
accessing network devices.
– Climate protection systems, to maintain proper temperature and humidity, in addition to
alerting personnel in the event of fire
– Security personnel to guard the data

2.3 The Work Flow of Main Campus Data Center

In the figure 11, main campus data center is under System & Network administrator. The work
flow of main campus data center is from the president to network Administrator it is hierarchical
steps.

President

Executive Director

System & Network

Administrator
Case Team
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

2.4 Work piece and work tasks I have been executing

Work tasks which I have been executing during my internship period is basic switch
configuration, VLAN, VTP, Trunking configuration and Microsoft window server 2008 DNS,
DHCP, IIS, FTP and active Directory.

VLAN configuration
The hierarchical topology segments the network into physical building blocks, simplifying
operation and increasing availability. Each layer within the hierarchical infrastructure has a
specific role. By default, switches break up collision domains and routers break up broadcast
domains. The supervisor said that by creating virtual local area network (VLAN) in the
distribution layer, switches break up broadcast domains in a pure switched internetwork. A
VLAN is a logical grouping of network users and resources connected to administratively
defined ports on a switch. He said that when you create VLANs, you’re given the ability to
create smaller broadcast domains within a layer 2 switched internetworks by assigning different
ports on the switch to service different sub networks. A VLAN is treated like its own subnet or
broadcast domain, meaning that frames broadcast onto the network are only switched between
the ports logically grouped within the same VLAN.

VLANs consists of two basic goals

1. Creating the VLAN and

2. Assigning the proper port to that VLAN

In actuality, I am very concerned with the work During the Configuring of VLANs .VLANs can
be created on a VTP server switch or they can be created on each individual switches but in the
BDU campus area network created all VLNs on VTP server switches which makes it more
manageable and scalable. I have chosen the distribution layer switches to operate on a VTP
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

default VLAN 1, using the switchport trunk native vlan vlan-id command. These two
measures can help reduce the possibility of VLAN attacks.

The Fast Ethernet ports connected to the hosts on the network can be set up as static access
because they are not to be used as trunk ports. Use the switchport mode access command to set
the access mode

VTP
VTP stands for VLAN trunking protocolVTP is a Cisco proprietary Layer 2 messaging protocol
that manages the addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a
network-wide basis. Cisco's VLAN Trunk Protocol reduces administration loads in a switched
network. When a new VLAN is created on one VTP server, the VLAN is distributed through all
switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP
provides the following benefits:

• VLAN configuration consistency across the network

• Mapping scheme that allows a VLAN to be trunked over mixed media
• Accurate tracking and monitoring of VLANs
• Dynamic reporting of added VLANs across the network
• Plug-and-play configuration when adding new VLANs

A VTP domain, also called a VLAN management domain, consists of trunked switches that are
under the administrative responsibility of a switch or switches in server VTP mode. A switch can
be in only one VTP domain with the same VTP domain name. The default VTP mode for the
2960 and 3560 switches is server mode. VLAN information is not propagated until a domain
name is specified and trunks are set up between the devices.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

The following table describes the three VTP modes.

VTP Mode Description

You can create, modify, and delete VLANs and specific other
configuration parameters, such as VTP version and VTP pruning, for the
entire VTP domain.VTP servers advertise their VLAN configuration to
VTP server other switches in the same VTP domain and synchronize their VLAN
configuration with other switches based on advertisements received over
trunk links.

VTP server is the default mode.

VTP client VTP clients behave the same way as VTP servers, but you cannot create,
change, or delete VLANs on a VTP client.

VTP transparent switches do not participate in VTP. A VTP transparent

VTP transparent switch does not advertise its VLAN configuration nor synchronize its
VLAN configuration based on received advertisements. Transparent
switches do forward VTP advertisements that they receive out their trunk
ports in VTP Version 2.

Table 2.2 .Description of VTP mode

Trunk
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Configuration of trunk involves identifying trunk ports and selecting the encapsulation type.
Identifying the trunk ports is a useful task in such a way that it eases VLAN configuration and
administration.

He remained that, all the uplink ports connecting access switches to distribution switches,
distribution switches to core switches, edge switches to core switches and DMZ switches to core
switches are set to be trunk ports.

Ports on the 2960 and 3560 switches are set to dynamic auto by default. This means that they are
willing to negotiate a trunk with the neighbor; however, if both sides are set to dynamic auto, the
link will remain in access mode. This can be done by configuring one end of the trunk using the
switchport mode trunk command. On the 3560 switches, I also need to configure the trunk
encapsulation with the switchport trunk encapsulation command. The 3560 switch can use
either Inter-Switch Link (ISL) or 802.1Q encapsulation, whereas the 2960 switch only supports
802.1Q.

DHCP
I spend some more time working on Dynamic host configuration protocol DHCP is defined in
RFC 2131 and is built around a client/server model—hosts requesting IP addresses use a DHCP
client, whereas address assignment is handled by a DHCP server.
Hosts can be manually configured to use a static IP address, subnet mask, default gateway
address, and so on. That might be appropriate for some devices, such as servers, which would
need stable and reserved addresses. For the majority of end user devices, static address
assignment can become a huge administrative chore. Because DHCP is a dynamic mechanism,
IP addresses are offered on a leased basis. Before the offered lease time expires, the client must
try to renew its address; otherwise, that address may be offered up to a different client.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

• DHCP excluded addresses within the IP subnet that should be reserved and not offered to
clients

• DHCP pool uses a text string pool-name to define the pool or scope of addresses that will
be offered. The network command identifies the IP subnet and subnet mask of the
address range. The subnet should be identical to the one configured on the Layer 3
interface.

• The DHCP leas time ………..

• The DNS name of the university is

• The IP address for the DNS server is

Network Address Translation

Furthermore, another lesson I have learned during my internship period at Main Campus
Datacenter is that the internet is expanding at an exponential rate. As the amount of information
and resources increases, it is becoming a requirement for even the smallest businesses and homes
to connect to the Internet. Network Address Translation (NAT) is a method of connecting
multiple computers to the internet (or any other IP network) using one IP address. This allows
home users and small businesses to connect their network to the Internet cheaply and efficiently.
The impetus towards increasing use of NAT comes from a number of factors:

 A world shortage of IP addresses

 Security needs

 Ease and flexibility of network administration

The rest of the internship period was spend working on Microsoft server 2008 configuration like
DNS, DHCP, IIS, Active directory and FTP server with my supervisor. In fact, it was a very
important experience to me because it expanded my practical knowledge and helped me to
develop new practical skills and abilities.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

Active directory structure comprises of Single forest, with multiple domains and child domains.
Administrator can configure active directory domain based on the physical subnets, it is
advisable to install directory server on the physical site.
Active directory provides different security boundaries in the form of
a) Forest
b) Domain
c) Organizational Units
AD plays two basic functions within a network: that of a directory service containing a
hierarchical listing of all the objects within the network, and that of an authentication and
security service that controls and provides access to network resources. These two roles are
different in nature and focus, but they combine together to provide increased user capabilities
while decreasing administrative overhead.
The Active Directory itself is defined by a schema that indicates how each object is represented
within the data store. For example, a user object has, among other things, a first name, last name,
logon name, e-mail address, and password. If you’re familiar with databases, you should already
be familiar with the term schema since a database schema refers to the structure of the database
in the same way the Active Directory schema defines the Active Directory’s structure.

Domain Name System (DNS) is a system for naming computers and network services that maps
those names to network addresses and organizes them into a hierarchy of domains. DNS naming
is used on TCP/IP networks, such as the Internet and most corporate networks, to locate
computers and services by using user-friendly names. When a user enters the DNS name of a
computer in an application, DNS can look up the name and provide other information that is
associated with the computer, such as its IP address or services that it provides for the network.
This process is called name resolution.

Name systems, such as DNS, make it easier to use network resources by providing users with a
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

2.5 Procedures I have been following while performing my tasks

Procedures I have been using during my internship period in BDU, main campus data center
performing my tasks are:-

1. Analyze each network hardware equipments in data center

2. Identified the three layer Campus hierarchical network model
3. Analyze Cisco switch command
4. Configuration of distribution layer switch
5. Configuration of access layer switch

In the first month of my internship program, it was all about study technical details regarding the
application of each network hardware infrastructure in the data center as well as identified the
Identified the three layers Campus hierarchical network model. While the procedures which
carried out during the second month is from analyzing Cisco switch command to the study of
VLAN, VTP, Trunk and configuration of distribution and access layer switch.

2.6 How good I have been in performing my tasks

During my internship program I work my tasks in enthusiasm, as well as my supervisor is such a

sincere man when I ask a question he answered courteously. All in all I did my task effectively
and efficiently, and I was punctual when I performed my tasks.

2.7 Challenges I have faced while performing my tasks

I can truly say that during my internship with main campus data center that I was challenged, and
through all those challenges I grew as a person as well as a student. Not only was the work that I
was doing beneficial to get knowledge, but it also made me have to work hard to get it right
knowledge. I learned how to configured distribution layer and access layer switch is new for me,
how to multi-task and manage my time.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

3. The Overall Benefits I gained From the Internship

One thing I have learned in a long life: that all our science, measured against
reality, is primitive and childlike—and yet is the most precious thing we have.
—ALBERT EINSTEIN

Introduction

Internship is the beginning of the road that will take me to the point I want to be at after my
graduation. Internship is a practice I need to perform, because it prepares me for the business life
that I aim at.

3.1 Practical Skill

The Internship will have the opportunity to connect classroom theory with current industry
challenges, and have exposure to the latest technologies. Opportunities to converse and interact
with a large pool of talented experienced department members will provide a deeper insight to
the overall operation, as well as provide a valuable pool of resources to assist in completion of
internship program. This internship program was exactly what I needed to nurture the lack of
practical skills I had. I would acquire practical experience to complement the theoretical content
of my studies.

3.2 Theoretical Knowledge

During my internship period in the main campus datacenter, upgrade my theoretical knowledge,
when I have been learned the course ofData Communication and Computer Networks in the
classroom. What looks like campus enterprise network which the three Cisco hierarchy layers,
the configuration of distribution and access switch and Microsoft window server 2008 DNS ,
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

3.3 Interpersonal Communication Skills

During my internship period the Interpersonal skills, which are the life skills I use every day to
communicate and interact with other people, individually and in groups are good for me.
Not only how I communicate with others, but also I got confidence and my ability to listen and
understand. Problem solving, decision making and personal stress management are also
considered interpersonal skills. Through this internship, I found that I matured and I gained many
new perspectives, such as problem solving skill, diversity, effective communication, teamwork
and service recovery, attention to detail, time management, personal empowerment, self-
confidence, responsibility and cultural sensitivity.

My supervisor was so kind to answer with patience and teach me much that made this internship
so enjoyable. I had gotten a wonderful internship that spent such a happy moment with all of
them. Though, still have so much to learn, I think this challenge was what should include in my
career. This helped much on my future planning

3.4 Team Playing Skills

In the section of the company I had been working, most of the time I had work with my
supervisor though gained in terms of improving my team playing skill during my internship
period in main campus ICT development office, data center is most valuable .

3.5 Leadership Skills

Leadership skills are the tool, behaviors, and capabilities that a person needs in order to be
successful at motivating and directing others. Yet true leadership skills involve something more;
the ability to help people grow in their own abilities. It can be said that the most successful
leaders are those that drive other to active their own success. I gained leadership skills from my
supervisor during the internship period which include managing time, motivating individuals,
giving feedback and building teams
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

3.6 Work Ethics Related Issue

An internship is an opportunity to learn the skills and behaviors along with the work values that
are required for success in the workplace. Workplace ethics are established codes of conduct that
reflect the values of the organization or company where you are employed. I have seen possess a
willingness to work hard from my supervisor during my internship period. In addition to working
hard it is also important to work smart. This means I acquired the most efficient way to complete
tasks and finding ways to save time while completing daily assignments. It’s also important to
care about my job and complete all projects while maintaining a positive attitude.

3.7 Entrepreneurship Skills

“Entrepreneurship is the ability to “create and build something from practically nothing. It is
initiating, doing, achieving and building an enterprise or organization, rather than just watching,
analyzing or describing one. It is the knack of sensing an opportunity where others see chaos,
contradiction and confusion. It is the ability to build a founding team to complement your own
skills and talents. It is the know-how to find, marshal and control resources and to make sure
you don’t run out of money when you need it most. Finally, it is the willingness to take
calculated risks, both personal and financial, and then to do everything possible to get the odds in
1
your favour.”

An entrepreneurship education program consists of wide-ranging subjects, and in every

entrepreneurship education program, learning something at outside classroom like internship in a
company plays an important role, as well as normal lectures in classroom. Of course, in this
respect, the good relationship between educational institutions and business society is very
important for the purpose of implementing an internship program as a part of curriculum.

Interns gain firsthand understanding of entrepreneurship along with enhanced technical,

professional, and communication skills.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

4. Conclusion and Recommendations

4.1. Conclusion

After going through the whole period of internship as an intern I’ve observed so many
professional activities and learnt as well. This internship was very fruitful to me because I had to
cover many different fields. I also learnt new concepts and new ways of working.

During this internship period I acquired practical experience to complement the theoretical
content of my study for campus Cisco three-layer hierarchical model tasks and detailed
configuration of each layers, wireless local area network (WLAN) and network security of main
campus data center.

To conclude, I think that this internship was very beneficial to me as I learnt a lot, and it made
me discover work's in a real world.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

4.2. Recommendations

The Data Center is the hub of the University’s computing resources, which are shared by the
academic, research, and administrative communities. These facilities provide a secure,
enterprise-wide, reliable, and redundant infrastructure for the delivery of mission-critical
University systems. As per earns observation some suggestion for the improvement of the
situation are given below:

• Access floors: One of the key predesigned considerations that affect almost every aspect
of success within a data center environment is the access floor, or “raised floor” as it is
often referred to. This infrastructure is every bit as important to cooling, equipment
support, grounding, and electrical and communications connectivity as the building
structure supporting it. Main campus data center uses class room building, the building
should be maintained in standard data center designed way. Optimizes airflow and heat
dissipation allowing the computing equipment to run more efficiently, so the data center
should be installed raised floor in standard way.

• Cable Management: All data cabling should be under the floor, both ends of the cable
should be labeled and tagged for proper identification.

• The data center hardware identification should be with the appropriate, fully qualified
server names, and all equipments within the cabinets. If implement in this way the
hardware is easily identifiable.

• The data center should be protected in building grounding and lightning protection
system.

• ICT Development Office must configure FTP protocol for the retrieve of files based on
FTP protocol.
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

5. References

1. Sean Odom, Hanson Nottingham, Cisco Switching Black Book, The Coriolis Group,
2001
2. Todd Lammel, CCNA Cisco Certified Network Associate Study Guide 6 th edition, Wiley
publishing, Inc.2007.
3. Bahir Dar University Network Infrastructure Low Level Design (LLD) document, INSA,
2011.
4. The five years strategic plan (2011-2016) of Bahir Dar University፡ devised with
balanced score card (BSC), 2011.
http://www.bdu.edu.et/attachments/article/54/Finalized%20Strategic%20Plan.pdf
5. Campus Network for High Availability Design Guide, Cisco Systems, Inc., 2008.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_recovery_DG/camp
usRecovery.html

6. ICT Development Office ,http://www.bdu.edu.et/index.php/services/ict/65-

administration/ict-office/135
7. Cisco Aironet 1250 Series Access Point, http://www.hardware.com/store/cisco/AIR-
LAP1252AG-E-K9
8. Cisco Networking Academy, CCNA SWITCH Lab Manual Cisco Press, 2011
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

6. Appendix

6.1 Basic Cisco Catalyst Switch Configuration Command

A .Distribution Switch Configuration

Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname DLS
DLS (config)#enable password cisco
DLS (config)#enable secret Cisco
DLS (config)#service password-encryption
DLS (config)#line con
DLS (config)#line console 0
DLS (config-line)#password cisco
DLS (config-line)#login
DLS (config-line)#exit
DLS (config)#line vty 0 4
DLS (config-line)#password cisco
DLS (config-line)#login
DLS (config-line)#exit
DLS (config)#banner motd #******************************
ELCTRICAL&COMPUTER ENGINEERING DEPARTMENT
DISTRUBUTIONSWITCH
*************************************************************#
DLS (config)#vlan 10
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

DLS (config-if)#switchport mode trunk

DLS (config)#vtp domain SWLAB
DLS (config)#vtp version 2
DLS (config)#vtp mode server
DLS(config)# interface vlan 1
DLS(config-if)# ip address 10.1.1.101 255.255.255.0
DLS (config)#ip dhcp pool Mother
DLS (dhcp-config)#network 10.133.0.0 255.255.255.0
DLS (dhcp-config)#default-router 10.133.1.254
DLS (dhcp-config)#ip dhcp pool vlan10
DLS (dhcp-config)#network 10.133.10.1 255.255.255.0
DLS (dhcp-config)#default-router 10.133.10.1
DLS (dhcp-config)#lease 5
DLS (dhcp-config)#ip dhcp pool vlan20
DLS (dhcp-config)#network 10.133.20.1 255.255.255.0
DLS (dhcp-config)#default-router 10.133.20.1
DLS (dhcp-config)#lease 5
Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

B. Access Switch Configuration

Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname ASL
ASL(config)#enable password cisco
ASL(config)#enable secret Cisco
ASL(config)#service password-encryption
ASL(config)#line con
ASL(config)#line console 0
ASL(config-line)#password cisco
ASL(config-line)#login
ASL(config-line)#exit
ASL(config)#line vty 0 4
ASL(config-line)#password cisco
ASL(config-line)#login
ASL(config-line)#exit
ASL(config)#banner motd #******************************
ELCTRICAL&COMPUTER ENGINEERING DEPARTMENT ACCESS SWITCH***#
ASL(config)#interface ranage fastEthernet 0/1-12
ASL(config-if)#switchport access vlan 10
ASL(config-if)#switchport mode access
ASL(config)#interface ranage fastEthernet 0/13-23
ASL(config-if)#switchport access vlan 20
ASL(config-if)#switchport mode access
ASL(config)#interface fastEthernet 0/24