Network Design Hand-out

Infolink University College Wolaita Sodo

Campus

Department of Information Technology

Network Design Hand-out

Course Code: - ITec4111

Prepared By Biruk.P (MSc), 2024

1|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Course Contents

This course is intended to teach students how to design and implement computer
networks. The course covers detailed networking concepts like transmission media
installation, switch and router selection and configuration, connecting to the internet, creating
wired and wireless networks, implementing sub netting techniques and others. Students
should be equipped with the latest networking technologies like WiFi and how to design an
efficient computer network.

Chapter One: Applying a Methodology to Network Design

Chapter Two: Structuring and Modularizing the Network
Chapter Three: Designing Basic Campus and Data Center Networks

Designing Remote Connectivity

Chapter Four: Designing IP Addressing and selecting Routing Protocols

Evaluating Security Solutions for the Network

Chapter Five: Identifying Voice Networking Considerations

Chapter Six: Identifying Wireless Networking

2|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Chapter One

Applying a Methodology to Network Design

Designing a network is a complex and structured process that requires careful planning,
implementation, and testing to ensure it meets the organization's requirements for
performance, security, scalability, and reliability. A systematic methodology helps in
creating an effective network design by guiding the network engineer through various steps,
considerations, and decision points. Below is a typical methodology for applying network
design.

1. Define Network Requirements (Needs Assessment)

Before diving into technical design, it is essential to clearly understand the business and
technical requirements of the network. This step helps to identify the goals and constraints
of the network.

 Business Objectives: Determine what the network is supposed to achieve, such as

supporting applications, data storage, collaboration tools, voice and video
communications, and so on.
 User and Device Requirements: Understand the types of users (e.g., employees,
contractors, guests) and devices (e.g., desktops, laptops, mobile devices, IoT devices)
that will connect to the network.
 Application and Service Needs: Identify critical applications (e.g., ERP, CRM) and
services (e.g., VoIP, video conferencing) that need to be supported.
 Growth Expectations: Anticipate future network growth in terms of users, devices,
traffic, and technology.
 Budget Constraints: Establish a budget to ensure that the design is cost-effective,
balancing performance with available financial resources.

2. Gather and Analyze Information

In this phase, collect detailed data about the physical and logical environment where the
network will be implemented.
3|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Site Survey: For wireless networks, conduct a site survey to assess the physical
environment, signal coverage, potential interference sources, and placement of access
points (APs).
 Network Traffic Analysis: Determine the types of traffic (e.g., voice, video, data)
and the expected volume to help with bandwidth planning and Quality of Service
(QoS).
 Hardware Inventory: Catalog the existing networking hardware (routers, switches,
firewalls, etc.) to decide what can be reused and what needs to be upgraded.
 Security Considerations: Understand any regulatory or compliance requirements
(e.g., GDPR, HIPAA) and analyze potential security risks.

3. Design the Network Architecture

The network architecture forms the backbone of the network, ensuring that it meets the
technical and business needs identified in the previous steps.

 Logical Design: Focus on the logical flow of data, including how devices will
connect to the network and the design of IP addressing, subnetting, and routing
protocols.
o IP Addressing Scheme: Design an IP address plan that accounts for all
devices, subnets, and IP ranges. Consider the use of private and public IPs,
subnet masks, and VLSM (Variable Length Subnet Masking).
o Routing Protocols: Choose appropriate routing protocols (e.g., RIP, OSPF,
BGP) based on factors like network size, complexity, and future scalability.
 Physical Design: Outline the physical components and connections in the network,
including routers, switches, firewalls, wireless access points, and cabling.
o Redundancy and Failover: Plan for network reliability by including
redundant links, backup power supplies, and failover mechanisms (e.g.,
HSRP, VRRP for routers).
o Topologies: Choose a suitable network topology (e.g., star, mesh,
hierarchical, ring) that matches the needs for performance, redundancy, and
scalability.
 Wireless Design: For wireless networks, select Wi-Fi standards (e.g., Wi-Fi 6),
design the placement of access points, and choose appropriate frequencies (2.4 GHz
vs 5 GHz) to maximize coverage and minimize interference.
4|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Security Design: Design the security layer of the network to ensure confidentiality,
integrity, and availability of data.
o Firewall Placement: Decide where to place firewalls and intrusion detection
systems (IDS/IPS).
o Network Segmentation: Create VLANs to separate traffic for security and
performance reasons (e.g., separating guest traffic from internal employee
traffic).
o Encryption and Authentication: Plan for VPNs (for remote users),
encryption protocols (e.g., IPsec, SSL/TLS), and authentication
mechanisms (e.g., 802.1X, RADIUS).

4. Network Capacity Planning

Network capacity planning ensures that the network can handle the required load without
degradation of performance.

 Bandwidth Calculation: Estimate the total bandwidth required based on the number
of users, devices, applications, and data traffic. This will inform decisions about the
types of links (e.g., fiber, Ethernet, wireless) and the speed of each link.
 Traffic Flow Analysis: Analyze the flow of traffic between devices, switches, and
routers to ensure there are no bottlenecks or overburdened links.
 Latency and QoS: Design the network with appropriate QoS policies to ensure that
latency-sensitive applications (e.g., VoIP, video conferencing) receive the necessary
priority.
 Scalability: Ensure that the network design allows for future growth in terms of
additional users, devices, or traffic without needing a complete redesign.

5. Address Network Security

Security is a crucial part of the network design methodology. The network should be
designed to prevent unauthorized access, data breaches, and potential vulnerabilities.

 Access Control: Implement strong authentication and authorization mechanisms to

ensure that only authorized users and devices can access the network. Use role-based
access control (RBAC) for granular permissions.

5|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Firewalls: Plan for firewalls at critical junctions in the network to protect internal
systems from external threats. Consider the use of Next-Generation Firewalls
(NGFW) for deep packet inspection and advanced threat prevention.
 Encryption: Use VPNs and encryption to secure communication channels,
especially for remote users.
 Monitoring and Intrusion Detection: Incorporate IDS/IPS solutions to detect and
mitigate any unusual or malicious activity on the network.

6. Develop a Detailed Implementation Plan

Once the design is complete, develop an implementation plan that includes the following
steps:

 Hardware and Software Procurement: Identify and procure the necessary

hardware, software, and licensing.
 Timeline and Phases: Break down the implementation into clear phases with
timelines for deployment. Plan for pilot testing, staging, and full deployment.
 Team Roles and Responsibilities: Assign tasks to the network design team, ensuring
that everyone understands their role in the implementation process.
 Training: Ensure the IT staff is properly trained on the new network design,
hardware, and software tools.

7. Test the Network Design

Testing is critical to ensure that the network functions as expected under different conditions.

 Performance Testing: Validate the network’s throughput, latency, jitter, and

packet loss under normal and peak load conditions.
 Security Testing: Conduct penetration testing, vulnerability scans, and review the
firewall configurations to ensure that the network is secure.
 Failure Simulation: Simulate network failures (e.g., disconnecting links or shutting
down equipment) to ensure redundancy and failover mechanisms work as expected.

8. Deploy the Network

Once the network design is finalized and tested, proceed with deployment.

6|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Phase Deployment: Roll out the network in phases, beginning with core components
and then moving to edge devices and remote locations.
 Monitoring and Troubleshooting: Set up real-time monitoring systems to track
network health, identify issues early, and ensure smooth operation.

9. Maintenance and Upgrades

After deployment, maintain the network by regularly monitoring performance, conducting

security audits, and implementing updates.

 Software Updates: Regularly update firmware, drivers, and network protocols to

address security vulnerabilities and improve performance.
 Scalability: As the network grows, revisit the capacity planning phase and adjust the
network’s resources accordingly.

Conclusion

Applying a methodology to network design ensures that the network is efficient, secure, and
scalable to meet current and future business requirements. This structured approach covers
every aspect of network design, from understanding requirements to deployment and
maintenance, helping to build a reliable and high-performing network that aligns with
organizational goals. Each step should be carefully planned and executed to prevent issues
that could disrupt business operations and ensure a successful network implementation

7|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Chapter Two

Structuring and Modularizing Network Design

In network design, structuring and modularizing the architecture is crucial to ensure

scalability, maintainability, and flexibility. By breaking down the network into distinct
modules or layers, network engineers can create a design that is easier to manage,
troubleshoot, and expand as the organization's needs grow.

Key Concepts of Structuring and Modularizing Network Design

1. Layered Network Model:

o A layered model separates the network into distinct functional layers, each
with a specific responsibility. This separation makes the network more
manageable and flexible for changes, upgrades, and maintenance.
o Common layers include the Core, Distribution, and Access layers, and each
layer has its own set of functions and goals.
2. Modularization:
o Modularizing the network involves creating self-contained modules or blocks
within the design. Each module can serve a specific function (e.g., routing,
security, access control) and can be upgraded or replaced without affecting the
entire network.
o This modular approach helps improve scalability and redundancy, as modules
can be expanded or duplicated based on demand.

Layers in a Hierarchical Network Design

The most common approach to structuring a network design is to use a three-tier

hierarchical model: Core Layer, Distribution Layer, and Access Layer. Each layer is
responsible for different aspects of the network.

1. Core Layer (Backbone)

 Purpose: Provides high-speed, reliable data transport across large areas (often
connecting different geographic locations, branches, or data centers). This is the
"backbone" of the network.
 Key Characteristics:
8|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o High Bandwidth: Designed for large volumes of traffic with low latency.
o Redundancy: Implements redundant paths to ensure reliability.
o Fault Tolerance: Ensures that if one link or device fails, traffic can be
rerouted seamlessly.
 Devices: Core routers, switches (high-capacity, enterprise-grade).
 Example: A high-speed fiber-optic connection linking branch offices to the main data
center.

2. Distribution Layer (Aggregation)

 Purpose: Aggregates data from the access layer and forwards it to the core layer. It often
handles routing, policy enforcement (QoS, security), and traffic filtering.
 Key Characteristics:
o Traffic Management: Manages traffic between the access and core layers and
can enforce policies like Quality of Service (QoS).
o Routing: Provides routing between different subnets or VLANs (virtual
LANs).
o Security: Implements access control lists (ACLs), firewalls, or intrusion
detection systems (IDS).
 Devices: Distribution routers, multilayer switches, firewalls.
 Example: Switches that aggregate traffic from multiple access switches, or routers
that manage traffic between different network segments.

3. Access Layer (Edge)

 Purpose: The access layer is where end devices (computers, printers, IP phones)
connect to the network. It is responsible for providing access to the network for users.
 Key Characteristics:
o Device Connectivity: Provides interfaces for connecting devices like
desktops, laptops, and other endpoints.
o VLAN Segmentation: Divides the network into smaller broadcast domains
using VLANs to reduce congestion and improve security.
o User Authentication: Can provide services like 802.1X (port-based network
access control) for secure access.

9|Page
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Devices: Access switches, wireless access points (APs), network interface cards
(NICs).
 Example: Ethernet switches connecting workstations or wireless access points
providing Wi-Fi to users.

Modular Design: Benefits and Implementation

By breaking the network into modular components, network design becomes more flexible,
scalable, and easier to maintain. Here’s how modular design can benefit network architecture:

1. Scalability

 As the organization grows, additional modules can be added without requiring

significant changes to the existing network.
 For example, if more users need to be supported in a branch office, additional access
layer switches and wireless access points can be added.
 The core and distribution layers can also be scaled by adding more high-capacity
routers and switches to accommodate increased traffic.

2. Redundancy and Reliability

 A modular design allows for redundancy within each layer. For example, the core
layer can have redundant paths and devices, ensuring that if one device fails, the
network remains operational.
 Redundancy can be implemented at every layer:
o Core Layer: Redundant core routers and paths.
o Distribution Layer: Multiple distribution switches.
o Access Layer: Redundant access switches and APs.

3. Maintainability

 Modularizing the network makes it easier to troubleshoot and isolate issues. If a

failure occurs, it’s simpler to identify the affected module and fix the problem without
disrupting the entire network.
 Maintenance can also be performed on individual modules without affecting the
operation of other parts of the network.

10 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

4. Security

 Each layer in the modular design can have its own security policies:
o Core Layer: Focus on protecting the integrity and availability of high-priority
services.
o Distribution Layer: Implement firewalls, intrusion detection/prevention, and
monitoring.
o Access Layer: Implement user-level security, VLANs for segmentation, and
port security.

5. Cost Efficiency

 Modular design allows for cost-effective expansion. Instead of replacing or

redesigning the whole network, you can add modules as needed to support increased
demand.
 For example, rather than over-engineering the core layer from the start, you can
initially design a small-scale core and then scale it as the organization grows.

Example of Modularized Network Design

Here’s how a modular network might be implemented for a medium-sized business with
three office locations:

1. Core Layer:

 Devices: High-capacity routers and high-speed fiber-optic links.

 Function: Connects multiple offices and data centers, handling the largest volume of
traffic. Redundant links between offices ensure failover and reliability.

2. Distribution Layer:

 Devices: Multi-layer switches and routing equipment.

 Function: Each office has a distribution switch that aggregates traffic from the access
layer and forwards it to the core. It also handles inter-VLAN routing for different
departments (e.g., HR, Sales, IT).

11 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

3. Access Layer:

 Devices: Switches, wireless access points.

 Function: Provides connectivity to end-user devices. Each office has its own access
layer with switches connected to the distribution layer. There are wireless access
points for mobile users and guests.

Example of Modular Network Design with Redundancy

In a modular network with redundancy:

 Core Layer:
o Two core routers provide high-speed connectivity between offices, each with
dual uplinks to ensure that a single failure won’t take down the entire network.
 Distribution Layer:
o Two distribution switches at each location aggregate traffic. The switches are
connected to each other, and each distribution switch has a backup route to the
core router.
 Access Layer:
o Multiple access switches per location, each connected to both distribution
switches, ensuring that if one access switch fails, the other can still provide
access.

Best Practices for Modularizing Network Design:

1. Separation of Concerns:
o Ensure that each layer or module is responsible for specific tasks (e.g., routing,
access control, traffic management) and doesn’t overlap with other modules.
2. Use of Virtualization:
o Virtualize network functions where possible. For example, a virtualized
firewall or load balancer in the distribution layer can provide more flexibility
and scalability.
3. Security Zones:
o Implement different security zones at each layer. The access layer can
implement basic security measures, while the distribution layer can focus on

12 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

deeper inspection and firewalls, and the core layer ensures overall network
integrity and availability.
4. Use of Standardized Devices:
o Select devices that are compatible across the layers and ensure they support
modular configurations. For example, using the same vendor for all switches
and routers can simplify management and integration.

Conclusion of Chapter Two

Structuring and modularizing network design is essential for building scalable, reliable,
and maintainable networks. By dividing the network into clear layers and modules,
organizations can ensure that the network can grow with their needs, remain secure, and
minimize downtime. Additionally, modular design supports redundancy, fault tolerance, and
more efficient resource management, which are key to maintaining a high-performing
network.

13 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Chapter Three

Designing Basic Campus and Data Center Networks

When designing campus and data center networks, the goal is to create scalable, reliable,
and high-performance networks that meet the needs of users and applications. A campus
network connects devices and users within a single geographic location (e.g., a university,
enterprise office, or industrial complex), while a data center network supports data storage,
processing, and distribution.

1. Designing a Basic Campus Network

A Campus Network typically consists of multiple buildings or floors connected through

high-speed links, where all users and devices can access shared resources and applications.
The design focuses on ensuring high availability, scalability, and ease of management.

Key Components of a Campus Network:

 Access Layer: This layer connects end devices (computers, phones, printers, etc.) to
the network. It includes access switches and wireless access points (APs) for Wi-Fi
connectivity.
 Distribution Layer: This layer aggregates traffic from multiple access layer switches,
provides routing between different VLANs, and enforces security policies. It also
typically includes firewalls and other security devices.
 Core Layer: The core layer is responsible for high-speed, reliable routing between
campus locations (e.g., between different buildings or floors). This layer handles
high-volume traffic, ensuring fast and secure data transfer.

Steps for Designing a Basic Campus Network:

1. Determine User and Device Requirements:

o Estimate the number of users and devices that will connect to the network.
o Decide on wired and wireless connectivity based on the user base and
application needs.
2. Select Network Topology:

14 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o Star Topology: The most common design for campus networks, where all
access points and devices are connected to a central distribution switch or
router.
o Mesh or Hybrid: Larger campus networks may require a mesh or hybrid
topology for more redundancy and fault tolerance.
3. Plan IP Addressing and Subnetting:
o Divide the campus network into smaller subnets to optimize routing and
reduce congestion.
o Use VLANs to separate different types of traffic (e.g., voice, data, and video).
4. Redundancy and Reliability:
o Implement redundant paths between layers (access, distribution, core) to
ensure network reliability in case of failure.
o Use protocols like Spanning Tree Protocol (STP) to prevent loops in
redundant links.
5. Security:
o Use Access Control Lists (ACLs), 802.1X Authentication for secure access
control, and firewalls to protect different network segments.
o Implement segmentation via VLANs for security, isolating sensitive systems
or users from the rest of the network.
6. Wireless Design:
o Deploy Wi-Fi Access Points (APs) strategically to ensure coverage across the
campus.
o Plan for capacity by considering the number of devices per AP and the type of
traffic (e.g., data, voice, video).
7. Management and Monitoring:
o Use network management systems (NMS) to monitor performance,
troubleshoot, and provide network analytics.
o Use Simple Network Management Protocol (SNMP) for monitoring
network devices like switches, routers, and access points.

Example of a Basic Campus Network:

 Access Layer: 10 Gigabit Ethernet access switches providing connectivity to

desktops and wireless access points.

15 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Distribution Layer: Two redundant distribution switches, each performing inter-

VLAN routing and connecting to the core.
 Core Layer: A pair of high-performance core routers with 40 Gigabit connections to
handle inter-building traffic.

2. Designing a Data Center Network

A Data Center Network is designed to support large-scale data processing, storage, and
distribution. The network must ensure high availability, low latency, and support for modern
technologies such as virtualization and cloud computing.

Key Components of a Data Center Network:

 Top-of-Rack (ToR) Switches: These switches are placed in each rack to connect
servers and other devices within the same rack to the data center's network.
 Aggregation Layer: Aggregates traffic from multiple ToR switches and connects to
the core layer. It handles routing, load balancing, and security policies.
 Core Layer: Handles traffic across multiple aggregation switches and serves as the
backbone of the data center network.

Steps for Designing a Data Center Network:

1. Determine Data Center Requirements:

o Assess the size and scale of the data center, including the number of racks,
servers, storage devices, and network traffic.
o Determine the level of redundancy required for high availability (e.g., N+1 or
N+2 redundancy).
2. Select Network Topology:
o Leaf-Spine Architecture: A common design where leaf switches connect to
servers, and spine switches provide interconnectivity between leaf switches.
This provides low latency and high throughput.
o Fat-Tree: A design used for large-scale data centers with high scalability
requirements.
3. Plan for Scalability:

16 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o Use modular design to easily add more servers, racks, and switches as the
data center grows.
o Ensure that network links are high-capacity (10GbE, 40GbE, or higher) to
handle large volumes of traffic.
4. Redundancy and Fault Tolerance:
o Implement redundant power supplies, dual network links, and multiple
network paths to avoid single points of failure.
o Use Spanning Tree Protocol (STP) for loop prevention and Equal-Cost
Multi-Path (ECMP) routing for load balancing.
5. Security:
o Implement segmentation using VLANs or Virtual Extensible LAN
(VXLAN) to isolate different parts of the network (e.g., management, storage,
application).
o Use firewalls, access control lists (ACLs), and Network Access Control
(NAC) for additional security.
6. Virtualization and Cloud Support:
o Design the network to support virtual machines (VMs) and containers by
using virtual switches and software-defined networking (SDN) technologies.
o Plan for multi-cloud integration if the data center is connected to external
cloud services.
7. Monitoring and Management:
o Use network performance monitoring (NPM) tools and data center
infrastructure management (DCIM) tools to monitor the health and
performance of the network.
o Implement automation using Network Configuration Protocol
(NETCONF) or Ansible to streamline management tasks.

Example of a Data Center Network Design:

 Leaf-Spine Architecture: 16 leaf switches and 4 spine switches to provide high

bandwidth and low latency.
 Core Layer: Spine switches interconnect all leaf switches, with redundant links to
ensure high availability.

17 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Virtualization: Integration with VMware or OpenStack for virtual machines and

storage.

3. Designing Remote Connectivity

As organizations increasingly move to cloud environments and have remote workforces,

establishing secure and reliable remote connectivity is crucial. This involves ensuring that
remote users can access internal resources like applications, data, and services securely.

Key Components of Remote Connectivity:

 VPN (Virtual Private Network): Secures internet traffic and connects remote users
or branch offices to the corporate network.
 Remote Desktop Services (RDS): Provides users with access to desktop
environments remotely, ensuring secure access to business-critical applications.
 Direct Access: A Microsoft technology that allows seamless and secure remote
access for clients, often used in Windows environments.

Steps for Designing Remote Connectivity:

1. VPN Solutions:
o Use site-to-site VPNs for connecting branch offices or remote data centers
securely.
o Use client-to-site VPNs for individual remote workers. Protocols like IPSec,
SSL VPN, or OpenVPN are commonly used for secure remote access.
2. Multi-Factor Authentication (MFA):
o Implement MFA to enhance security for remote workers. This could involve
something the user knows (password), something the user has (token or
mobile device), and something the user is (biometric data).
3. Secure Application Access:
o For SaaS applications or web-based services, ensure that users can securely
access them via SSL/TLS encryption and additional security layers such as
Web Application Firewalls (WAFs).
4. Bandwidth and Performance:

18 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o Ensure that VPN solutions can handle the expected volume of traffic from
remote workers.
o Consider QoS (Quality of Service) to prioritize critical applications over
others to ensure optimal performance.
5. Endpoint Security:
o Ensure that remote devices are secure through Endpoint Detection and
Response (EDR) solutions, antivirus, and encryption.
o Implement Zero Trust Network Access (ZTNA) to verify every user and
device before granting access to network resources.

Example of Remote Connectivity Design:

 Client-to-Site VPN: Remote workers connect using SSL VPN, requiring multi-factor
authentication.
 Site-to-Site VPN: Branch offices are connected to the headquarters via IPSec VPN
tunnels, allowing secure communication between sites.
 RDS: Remote users can access a secure desktop environment hosted in the data
center, ensuring secure access to applications without needing to store sensitive data
locally.

Conclusion of chapter Three

Designing campus and data center networks requires careful planning to ensure that the
network meets performance, security, and scalability requirements. By using a modular
approach with clear separation of layers and components, the network can handle growing
demands. Remote connectivity design is increasingly important as the workforce becomes
more distributed, requiring secure and reliable access to internal resources from anywhere.
Combining secure VPNs, endpoint protection, and high-performance design principles
ensures that the

19 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Chapter Four

Designing IP Addressing and Selecting Routing Protocols

In any network design, IP addressing and routing protocols are two fundamental components
that ensure efficient communication, scalability, and security. Proper design of these elements
is crucial for optimizing network performance, ease of management, and future growth.
Here’s an overview of how to approach IP Addressing Design and Routing Protocol
Selection.

1. Designing IP Addressing

IP addressing refers to the assignment of unique identifiers (IP addresses) to devices on a

network. A well-designed IP addressing scheme helps with network organization, minimizes
conflicts, and optimizes routing.

Key Considerations for IP Addressing:

 Address Space: Choose between IPv4 and IPv6 addressing based on network size,
future growth, and existing infrastructure.
 Subnetting: Divide your IP address space into subnets to optimize network
management and enhance security.
 Network Scalability: Plan for future growth in terms of both IP address allocation
and addressing efficiency.
 Security: Protect IP address spaces to avoid unauthorized access and ensure that IP
conflicts are minimized.

Steps for Designing an IP Addressing Scheme:

1. Choose IPv4 or IPv6:

o IPv4: Still widely used, offers approximately 4.3 billion addresses. However,
due to the limited availability of addresses, it's often recommended to
implement Network Address Translation (NAT) for managing private IPs.
o IPv6: Provides a much larger address space (around 340 undecillion
addresses), and it’s the future-proof option for large networks or those
requiring future expansion.

20 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

2. Use Private Address Ranges for Internal Networks:

o For internal network communication (intranet), it's best practice to use private
IP address ranges defined by RFC 1918 for IPv4. These include:
 10.0.0.0 – 10.255.255.255 (Class A)
 172.16.0.0 – 172.31.255.255 (Class B)
 192.168.0.0 – 192.168.255.255 (Class C)
o For IPv6, Unique Local Addresses (ULA) are used (addresses in the range of
fc00::/7).
3. Subnetting:
o Subnetting divides the network into smaller sub-networks (subnets) to reduce
network congestion, improve security, and enhance routing efficiency.
o You need to calculate how many subnets are required and the number of hosts
per subnet.
o Use CIDR (Classless Inter-Domain Routing) notation to represent subnet
masks (e.g., 192.168.1.0/24 means a subnet with 256 addresses).

Subnet Calculation Example:

o If you need 4 subnets in a Class C network (192.168.1.0/24), you would need

to borrow 2 bits from the host portion to create 4 subnets (/26 subnet mask).
o Subnet ranges: 192.168.1.0/26, 192.168.1.64/26, 192.168.1.128/26,
192.168.1.192/26.
4. Address Allocation:
o Allocate IP address ranges based on the types of devices:
 Servers, Routers, Core Devices: Fixed IP addresses in the lower
portion of the address space.
 End-User Devices: Dynamic IP addresses can be allocated via DHCP,
or static IPs can be reserved in higher address ranges for specific
devices like printers and computers.
5. Assigning Gateway and DNS:
o Assign a default gateway IP address for routing traffic outside of the local
network (usually the router's IP).
o Set up DNS servers for resolving domain names to IP addresses, ensuring
users and applications can resolve names.

21 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

2. Selecting Routing Protocols

Routing protocols are used to direct data packets between devices and networks. They help
routers determine the best path for forwarding packets. The selection of routing protocols
depends on factors like network size, scalability, convergence time, and reliability.

Types of Routing Protocols:

1. Interior Gateway Protocols (IGPs): These protocols are used within a single
autonomous system (AS), such as within a campus or data center network.
o RIP (Routing Information Protocol):
 Use Case: Suitable for small, simple networks.
 Characteristics: Distance-vector protocol with a maximum hop count
of 15 (making it less suitable for larger networks).
 Advantages: Simple and easy to configure.
 Disadvantages: Slower convergence, limited scalability.
o OSPF (Open Shortest Path First):
 Use Case: Ideal for medium to large-sized networks.
 Characteristics: Link-state protocol that uses Dijkstra’s algorithm to
calculate the shortest path. It supports hierarchical routing with area
segmentation.
 Advantages: Fast convergence, supports large networks.
 Disadvantages: More complex to configure compared to RIP.
o EIGRP (Enhanced Interior Gateway Routing Protocol):
 Use Case: Suitable for medium to large enterprise networks.
 Characteristics: Hybrid protocol (combines features of distance-
vector and link-state protocols) developed by Cisco. It uses the
Diffusing Update Algorithm (DUAL) for routing decisions.
 Advantages: Faster convergence than RIP, easier configuration than
OSPF, efficient bandwidth usage.
 Disadvantages: Proprietary to Cisco, limiting interoperability with
other vendors.
2. Exterior Gateway Protocols (EGPs): These protocols are used to exchange routing
information between different autonomous systems, usually on the internet.
o BGP (Border Gateway Protocol):
22 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Use Case: The protocol of choice for inter-domain (between different

organizations or ISPs) routing, especially in large-scale networks.
 Characteristics: Path-vector protocol that is designed to handle
complex routing decisions based on policy and routing attributes.
 Advantages: Scalability, flexibility, policy-based routing, supports
large networks like the internet.
 Disadvantages: Complex configuration, slower convergence
compared to IGPs.

3. Factors for Selecting Routing Protocols

When choosing a routing protocol for your network, consider the following factors:

1. Network Size and Complexity:

o Small Networks: If you’re designing a simple, small network, RIP may be
sufficient due to its simplicity.
o Large Networks: For larger networks with multiple subnets and segments,
OSPF or EIGRP would be more suitable due to their fast convergence and
better scalability.
2. Scalability:
o OSPF and BGP are highly scalable, while RIP is better suited for smaller,
less complex networks.
3. Convergence Time:
o OSPF and EIGRP offer faster convergence than RIP and are generally better
suited for environments where downtime or delays can’t be tolerated.
o BGP can take longer to converge, but it is designed to handle complex
policies and large internet routing tables.
4. Interoperability:
o If your network involves equipment from multiple vendors, OSPF or BGP are
better choices because they are widely supported by most routers.
o EIGRP is Cisco proprietary and may only be suitable for networks with Cisco
equipment.
5. Administrative Overhead:
o RIP and EIGRP tend to be easier to configure and manage.

23 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o OSPF requires more detailed configuration but provides better scalability and
flexibility.
o BGP is complex to configure and troubleshoot but necessary for managing
routing across the internet.

Example Network Scenario and Design

Scenario: A company has a headquarters (HQ) and two remote branch offices. They need to
design the network addressing scheme and routing for this environment.

IP Addressing:

 HQ:
o Use a 10.0.0.0/24 network for the headquarters.
o Use 10.0.1.0/24 for internal servers, 10.0.2.0/24 for user devices, and
10.0.3.0/24 for guest Wi-Fi.
 Branch Office 1:
o Use 10.1.0.0/24 network.
o Create subnets for servers (e.g., 10.1.1.0/24) and users (e.g., 10.1.2.0/24).
 Branch Office 2:
o Use 10.2.0.0/24 network, with similar internal segmentation.
 Routing:
o Use OSPF for dynamic routing between the headquarters and remote offices,
as it scales well and offers fast convergence.
o Use VPN (e.g., site-to-site) to connect remote offices securely over the
internet.

Routing Protocol Selection:

 OSPF: Used for internal routing between the HQ and remote offices (within the
organization’s network).
 BGP: Used at the HQ to connect to the internet or external networks, as the company
may have a dedicated internet link and needs robust routing policies.

24 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Conclusion of Chapter Four

Designing IP addressing and selecting routing protocols are critical steps in network design.
A well-organized IP addressing scheme ensures efficient network management

Evaluating Security Solutions for the Network

Network security is essential for protecting organizational data, applications, and

infrastructure from various threats, including cyber-attacks, unauthorized access, and data
breaches. Evaluating security solutions requires careful consideration of the network's
requirements, the types of threats it faces, and the solutions that best address these threats
while ensuring minimal disruption to the network’s performance and operations.

Here’s a structured approach to evaluating security solutions for a network:

1. Key Network Security Threats

Before selecting security solutions, it’s crucial to understand the primary threats that a
network may face:

 Malware: Includes viruses, worms, trojans, ransomware, etc., that can damage or
disrupt network operations.
 Phishing and Social Engineering: Attacks that exploit human behavior to gain
unauthorized access to systems.
 DDoS (Distributed Denial-of-Service): Overloading the network with traffic to
make it unavailable.
 Man-in-the-Middle (MITM) Attacks: Intercepting and altering communication
between two parties.
 Insider Threats: Attacks from within the organization, either malicious or accidental.
 Unauthorized Access: Gaining access to a network without proper authorization,
potentially leading to data breaches or resource theft.

25 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

2. Security Solutions to Consider

Based on the network’s specific needs and threats, several security solutions can be
implemented. Below are the common security solutions and technologies to evaluate:

2.1 Firewalls

 Purpose: Firewalls monitor and control incoming and outgoing network traffic based
on predetermined security rules, acting as a barrier between trusted internal networks
and untrusted external networks (e.g., the internet).
 Types of Firewalls:
o Packet Filtering Firewalls: Basic firewalls that inspect packets and make
decisions based on IP addresses, ports, and protocols.
o Stateful Inspection Firewalls: Track the state of active connections and make
decisions based on the state of traffic.
o Next-Generation Firewalls (NGFWs): Combine traditional firewall features
with additional functionalities like application awareness, deep packet
inspection (DPI), intrusion prevention systems (IPS), and SSL/TLS inspection.
 Evaluation Considerations:
o Scalability: Does the firewall solution scale with the growing network?
o Performance: How well does the firewall perform in terms of speed and
latency?
o Advanced Features: Does it include capabilities like deep packet inspection,
intrusion prevention, and application filtering?
o Ease of Management: Is the firewall solution easy to manage and configure,
and does it provide centralized management?

2.2 Intrusion Detection and Prevention Systems (IDS/IPS)

 Purpose: IDS monitors network traffic for suspicious activity or policy violations,
while IPS actively blocks identified malicious traffic.
 Types of IDS/IPS:
o Network-based IDS/IPS (NIDS/NIPS): Monitors network traffic for patterns
of known threats.

26 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o Host-based IDS/IPS (HIDS/HIPS): Installed on individual devices,

monitoring activity at the host level.
 Evaluation Considerations:
o Detection Capabilities: How effectively does the solution detect a variety of
attacks (e.g., buffer overflows, malware, DDoS)?
o False Positives: Does the IDS/IPS generate too many false positives, leading
to alert fatigue or unnecessary traffic blocking?
o Real-Time Protection: Does the IPS provide real-time blocking and
mitigation of attacks?
o Integration: Can it be integrated with other security systems (e.g., SIEM,
firewalls)?

2.3 Virtual Private Network (VPN)

 Purpose: VPNs securely encrypt traffic between remote users or branch offices and
the corporate network, protecting data from interception during transmission.
 Types of VPNs:
o Site-to-Site VPN: Connects entire networks, such as remote offices, securely
over the internet.
o Client-to-Site VPN: Allows individual users to securely connect to the
network from remote locations.
 Evaluation Considerations:
o Encryption Strength: What encryption protocols (e.g., IPSec, SSL/TLS) are
supported, and how strong are they?
o Performance: Does the VPN impact network speed or latency, and is it
scalable for remote users?
o Authentication: Does the solution support strong authentication methods,
such as multi-factor authentication (MFA) or certificates?
o Reliability: Is the VPN reliable in maintaining a secure connection without
interruptions?

2.4 Endpoint Security Solutions

 Purpose: Endpoint security protects individual devices (laptops, smartphones, tablets,

etc.) from malware, ransomware, and other threats.

27 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Components:
o Antivirus/Antimalware Software: Provides basic protection against
malicious software.
o Endpoint Detection and Response (EDR): Provides advanced monitoring,
detection, and response capabilities for endpoints.
o Mobile Device Management (MDM): Manages and secures mobile devices
within an organization.
 Evaluation Considerations:
o Protection: Does the solution effectively protect endpoints from a wide range
of threats, including advanced persistent threats (APTs)?
o Behavioral Analysis: Does it include AI/ML-driven behavioral analysis to
detect unknown threats?
o Centralized Management: Is it easy to manage and update all endpoints from
a central console?
o Compatibility: Does it support a wide range of operating systems and devices
(Windows, macOS, iOS, Android)?

2.5 Security Information and Event Management (SIEM)

 Purpose: SIEM systems aggregate, analyze, and correlate data from various network
devices (e.g., firewalls, IDS/IPS, routers) to detect and respond to security incidents in
real-time.
 Evaluation Considerations:
o Data Aggregation: Does the SIEM solution collect and normalize data from
various sources (firewalls, endpoints, servers)?
o Real-Time Analysis: Does it provide real-time alerting based on detected
security events or threats?
o Scalability: Can the solution scale as the network grows in terms of data
volume and device count?
o Integration: Can it integrate with other security tools such as IDS/IPS,
firewalls, and endpoint security?

28 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

2.6 Access Control Solutions

 Purpose: These solutions manage who can access the network and its resources,
ensuring that only authorized users and devices are granted access.
 Components:
o Network Access Control (NAC): Monitors and controls the devices that are
allowed to connect to the network based on predefined security policies.
o Identity and Access Management (IAM): Manages user identities and
ensures users are authenticated and authorized to access resources.
 Evaluation Considerations:
o Authentication Methods: Does the solution support multi-factor
authentication (MFA), biometric authentication, or certificate-based
authentication?
o Granular Access Control: Can the system define specific policies for
different users, devices, and types of access?
o Scalability: Does the solution scale as the network and user base grow?
o Policy Enforcement: How effectively does the system enforce access policies
and prevent unauthorized access?

2.7 Data Loss Prevention (DLP)

 Purpose: DLP solutions prevent sensitive data from being leaked or accessed by
unauthorized users, whether intentionally or unintentionally.
 Evaluation Considerations:
o Content Inspection: Does the DLP solution inspect data across different
channels (email, web traffic, cloud storage, etc.)?
o Policy Enforcement: Can policies be set to detect and prevent the movement
of sensitive data outside the network (e.g., USB drives, cloud applications)?
o Granularity: Can it distinguish between different types of sensitive data (e.g.,
PII, intellectual property, financial data)?
o User Training and Awareness: Does the solution provide feedback to users
to help them avoid accidental data leaks?

29 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

3. Evaluating the Best Fit for Your Network

When evaluating security solutions, it's important to understand the network's current and
future needs, the types of threats it may face, and the specific requirements of the business.
Here’s how to approach the evaluation process:

Step 1: Understand Business Requirements

 Scalability: Does the solution scale with the growth of the network and the increase
in users, devices, and data?
 Compliance: Are there industry-specific compliance requirements (e.g., GDPR,
HIPAA, PCI-DSS) that the solution must meet?
 Operational Impact: Will the solution have a minimal impact on network
performance and end-user experience?

Step 2: Prioritize Security Needs

 Cost vs. Protection: Determine the balance between the level of security required and
the budget available.
 Ease of Use: How easy is the solution to deploy and manage, especially for network
administrators with limited security expertise?
 Real-Time Monitoring: Is real-time detection and response a priority for your
network, or can it be handled via periodic checks?

Step 3: Proof of Concept and Testing

 Pilot Testing: Before full deployment, test the solution in a small segment of the
network to identify potential issues and validate the security benefits.
 Vendor Support: Evaluate the level of support provided by the vendor, including
technical support, documentation, and training.

Conclusion

Evaluating and selecting the right security solutions for a network is crucial for protecting
organizational assets and ensuring the network remains resilient to evolving cyber threats

30 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Chapter Five: Identifying Voice Networking Considerations

Identifying Voice Networking Considerations

Voice networking refers to the integration of voice communication into a network

infrastructure, commonly known as Voice over IP (VoIP), which allows voice data to travel
over a data network, such as the internet or an organization's private IP network. This is an
essential part of modern communication systems and can be used in scenarios like IP
telephony, video conferencing, and unified communications.

When planning a voice network, there are several important factors to consider to ensure
high-quality communication, reliability, scalability, and security. Below are the key voice
networking considerations:

1. Quality of Service (QoS)

Voice traffic is highly sensitive to delays, jitter, and packet loss. Ensuring high-quality voice
communication over a network requires the management of these factors.

 QoS Implementation: QoS ensures that voice traffic receives higher priority over
other types of traffic (e.g., email, web browsing) on the network. Implementing QoS
can prioritize voice packets, reduce latency, and minimize jitter and packet loss.
o Differentiated Services (DiffServ): A widely used model to manage QoS in
IP networks. It prioritizes voice packets using a DSCP (Differentiated
Services Code Point) to mark voice traffic as high-priority.
o Traffic Shaping and Policing: Limits the bandwidth usage of non-critical
applications to ensure sufficient bandwidth is available for voice.
 Bandwidth Requirements: Voice calls require consistent, low-latency connections
with a predictable amount of bandwidth. Typically, a VoIP call requires:
o 30-100 Kbps per call depending on the codec used.
o Sufficient bandwidth should be reserved for both uplink and downlink traffic.
 Latency and Jitter:
o Latency should generally be kept under 150 ms (end-to-end) for good voice
quality. Higher latency can result in noticeable delays during conversations.

31 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o Jitter, the variation in packet arrival times, should be minimized to less than
30 ms to prevent voice distortion.
 Packet Loss: VoIP requires minimal packet loss. Ideally, packet loss should be kept
under 1% for acceptable voice quality.

2. Network Architecture and Topology

The architecture and topology of the network play a significant role in the performance,
scalability, and reliability of voice communications.

 IP Telephony Systems: Decide whether the organization will use an on-premise

PBX (Private Branch Exchange) or a cloud-based VoIP system.
o On-premise PBX: Requires investment in physical infrastructure and
dedicated network resources.
o Cloud-based VoIP (Hosted PBX): Hosted by a third party, offers flexibility,
lower capital expenditure, and scalability.
 Voice VLAN: Create a dedicated Voice VLAN to separate voice traffic from regular
data traffic. This allows for better network performance and simplifies management
by isolating voice communications from other types of network traffic.
o VLAN Tagging: Use 802.1Q tagging to mark voice traffic and allocate
dedicated bandwidth and priority to it.
 Redundancy and Failover: Ensure that the voice network is highly available by
incorporating redundancy in network paths and hardware.
o Dual Internet Connections: For cloud-based VoIP, having a secondary
internet connection or backup WAN link provides continuity in case of an
outage.
o Failover to PSTN: Configure failover to the Public Switched Telephone
Network (PSTN) during an internet or VoIP service failure.

3. Codec Selection

32 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

The choice of codec impacts the quality of the call, the bandwidth consumption, and the
overall network load.

 Audio Codecs:
o G.711: Offers high-quality voice but consumes more bandwidth (64 kbps per
call).
o G.729: A compressed codec that uses less bandwidth (8 kbps per call) but
sacrifices some voice quality. Often used in low-bandwidth environments.
o Opus and G.722: High-definition audio codecs that provide better voice
clarity, particularly in wideband voice systems.
 Selecting the Right Codec: The codec selected should balance between quality and
bandwidth efficiency based on the organization's needs.
o Wideband Codecs (HD Voice): Offer superior sound quality, suitable for
high-end communications.
o Narrowband Codecs: For environments where bandwidth is limited.

4. Security Considerations

Voice networks are vulnerable to many of the same threats that affect data networks, such as
hacking, eavesdropping, fraud, and denial-of-service (DoS) attacks. Protecting voice traffic is
critical.

 Encryption: Secure voice communication by using encryption protocols:

o SRTP (Secure Real-Time Transport Protocol): Encrypts voice data to
prevent eavesdropping.
o TLS (Transport Layer Security): Secures the signaling part of VoIP
communication (e.g., SIP messages).
 Firewall and NAT Traversal: VoIP traffic often faces issues with Network Address
Translation (NAT) when traversing firewalls.
o Session Border Controllers (SBC): Protect VoIP networks by ensuring
secure communication, controlling traffic, and preventing DoS attacks.
 Authentication: Implement strong authentication mechanisms for VoIP users and
devices to prevent unauthorized access.

33 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

o Use SIP authentication and consider multi-factor authentication (MFA) for

user login.

5. Interoperability with Legacy Systems

If your network needs to integrate with legacy communication systems, such as PSTN,
analog phones, or traditional PBX, ensure that the voice solution is compatible with these
systems.

 VoIP Gateways: Use VoIP gateways to connect analog phones or PSTN lines with a
VoIP network. These gateways convert analog signals into digital signals that can
travel over the IP network.
 SIP Trunking: Allows the integration of VoIP with traditional PBX systems by
providing direct connections to the PSTN via SIP (Session Initiation Protocol). This
reduces costs by eliminating the need for physical telephone lines.

6. Scalability and Growth

As the number of users grows, the voice network should be able to scale without
compromising quality or reliability.

 Capacity Planning: Estimate the number of simultaneous calls and the bandwidth
needed to support them. This includes planning for peak usage times.
o SIP Registrars and call routing should be able to scale as the number of
devices or users increases.
 Cloud Integration: For expanding capacity quickly without significant infrastructure
changes, consider integrating cloud-based VoIP services to handle additional call
traffic dynamically.
 Future Proofing: Ensure the voice network can evolve with emerging technologies
such as video conferencing, unified communications, or WebRTC (Web Real-
Time Communication), which allows voice, video, and data sharing over web
browsers.

34 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

7. Monitoring and Troubleshooting

Ongoing monitoring of the voice network is critical to ensure quality and performance.
Troubleshooting tools help detect and resolve issues that can affect call quality or reliability.

 Call Quality Monitoring: Use tools that measure metrics such as Mean Opinion
Score (MOS), jitter, latency, packet loss, and call drops.
 Network Performance Monitoring: Monitor network traffic in real-time, focusing
on voice traffic to identify congestion or performance bottlenecks.
 VoIP Diagnostic Tools: Tools like Wireshark, PingPlotter, or SolarWinds VoIP
Performance Monitor can help analyze VoIP traffic and identify issues such as
misconfigured codecs or QoS settings.
 Automated Alerts: Configure the system to send alerts when thresholds (e.g., jitter,
latency, packet loss) are exceeded, allowing for rapid response and issue resolution.

8. Compliance and Legal Considerations

Ensure that the voice network adheres to relevant regulations and industry standards.
Depending on the region or industry, there may be legal requirements for call recording, data
storage, and privacy.

 Call Recording: Some organizations are required to record voice communications for
regulatory compliance (e.g., financial institutions must adhere to the Dodd-Frank
Act or MiFID II in Europe).
 Data Retention: Ensure proper storage, retention, and destruction of voice data in
accordance with local laws (e.g., GDPR in the European Union).

35 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Conclusion Chapter Five

Designing and managing a voice network requires a comprehensive approach, focusing on

performance, security, scalability, and integration with other network services. Key
considerations include implementing effective QoS measures, ensuring network security,
selecting the right codecs, supporting legacy systems, and planning for scalability. Effective
monitoring and compliance with regulatory requirements are essential to maintaining a secure
and high-performing voice network that supports both current and future communication
needs.

36 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

Chapter Six: Identifying Wireless Networking

Identifying Wireless Networking Considerations

Wireless networking is the technology that allows devices to communicate with each other
and connect to the internet or local networks without using physical cables. It provides
flexibility, mobility, and convenience, but it also introduces specific challenges that need to
be addressed to ensure robust performance, security, and reliability.

Here are key considerations when identifying wireless networking requirements and
challenges:

1. Wireless Standards and Technologies

The first step in identifying wireless networking is understanding the various wireless
standards and their features. These standards determine how data is transmitted over the air
and impact the speed, range, and compatibility of wireless networks.

 Wi-Fi Standards (IEEE 802.11):

o 802.11a/b/g/n/ac/ax: These are the different Wi-Fi standards, each with
different speeds, frequencies, and features.
 802.11b/g: Older standards, used for basic connectivity but are slower
and less secure.
 802.11n: Provides faster speeds and improved range compared to older
standards, operates on both 2.4 GHz and 5 GHz bands.
 802.11ac: An improvement on 802.11n, offering higher throughput (up
to 1 Gbps) on the 5 GHz band.
 802.11ax (Wi-Fi 6): The latest standard, improving overall
performance, speed, capacity, and efficiency, particularly in dense
environments.
 Bluetooth: A short-range wireless technology used for connecting devices like
headsets, speakers, and keyboards. It operates in the 2.4 GHz ISM band and is
optimized for low-power, low-bandwidth communications.
 Zigbee/Z-Wave: Low-power, short-range wireless protocols commonly used in
Internet of Things (IoT) applications for home automation and industrial networks.

37 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 5G: The next-generation cellular network standard that offers faster speeds, lower
latency, and enhanced connectivity, particularly for mobile devices and high-density
areas.

2. Frequency Bands

Wireless networks operate in specific frequency bands, and selecting the appropriate
frequency for the network design is crucial to avoid interference and optimize performance.

 2.4 GHz Band: Commonly used for Wi-Fi, Bluetooth, and Zigbee. It provides better
range but is more prone to interference from other devices like microwaves, cordless
phones, and older Wi-Fi networks.
 5 GHz Band: Provides faster speeds and less interference than 2.4 GHz, but with a
reduced range due to its higher frequency. This band is used in Wi-Fi standards like
802.11ac/ax and is better suited for high-density environments.
 6 GHz Band (Wi-Fi 6E): With the introduction of Wi-Fi 6E, the 6 GHz band is now
available for Wi-Fi, providing additional spectrum to improve performance in
crowded environments.
 Sub-1 GHz Bands (LoRa, Zigbee, etc.): These lower-frequency bands are ideal for
long-range communication with low data rates, often used in IoT devices.

3. Range and Coverage

Wireless networks have specific range limitations, and ensuring adequate coverage across a
building or outdoor area is crucial to maintain reliable performance.

 Indoor Range: The range of a wireless network depends on factors like the frequency
band (2.4 GHz typically has a longer range than 5 GHz), physical obstructions (walls,
metal surfaces), and the power of the wireless access points (APs).
 Outdoor Range: Outdoor wireless networks may require directional antennas to
focus signals in a specific direction, or point-to-point (P2P) links to connect remote

38 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

locations. Outdoor coverage requires careful planning to avoid interference from

external sources and ensure signal strength over long distances.
 Mesh Networks: In large or complex environments, a wireless mesh network can be
used, where multiple access points (APs) communicate with each other to extend
coverage and reduce dead zones.

4. Network Capacity and Density

Wireless networks in high-density environments, such as offices, stadiums, or conference

centers, require special attention to ensure high capacity and prevent congestion.

 Channel Bonding: In 5 GHz networks, channels can be combined (bonded) to

increase bandwidth. However, this may lead to interference if there are many
overlapping networks in the same area.
 Multiple-Input, Multiple-Output (MIMO): MIMO technology uses multiple
antennas to improve network capacity by allowing multiple data streams to be sent
simultaneously. MU-MIMO (Multi-User MIMO) allows the network to serve
multiple devices at once, improving efficiency in dense environments.
 OFDMA (Orthogonal Frequency-Division Multiple Access): A key feature of Wi-
Fi 6 that divides the wireless channel into smaller sub-channels, allowing multiple
devices to share the channel simultaneously, reducing delays and improving overall
network efficiency in crowded areas.
 Access Point (AP) Density: In high-density areas, more APs may be needed to
support the number of devices. It's important to place APs strategically to optimize
coverage and minimize co-channel interference.

5. Interference Management

Interference is a common issue in wireless networks, as signals from various devices can
overlap, causing reduced performance. Key considerations include:

39 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Co-channel Interference: Occurs when two APs on the same channel interfere with
each other. This can be minimized by performing a site survey and using non-
overlapping channels.
 Adjacent-Channel Interference: Occurs when APs on adjacent channels interfere
due to the overlap of channel frequencies. This is particularly relevant in 2.4 GHz
networks, which only offer three non-overlapping channels.
 Environmental Interference: Other devices operating in the same frequency bands
(microwaves, cordless phones, baby monitors) can interfere with wireless signals.
Proper channel planning and frequency selection can help reduce interference.

6. Security

Security is a critical consideration in wireless networking, as wireless networks are more

susceptible to unauthorized access and attacks compared to wired networks.

 Encryption: Use strong encryption protocols to secure data transmitted over the
wireless network:
o WPA3: The latest Wi-Fi security protocol, offering better protection against
brute-force attacks and improved encryption for public networks.
o WPA2: Still widely used, but considered less secure than WPA3.
o WEP: An outdated and insecure protocol, should be avoided.
 Authentication: Ensure proper authentication methods, such as:
o 802.1X: An IEEE standard that provides port-based network access control,
typically used with WPA2/WPA3 for enterprise networks.
o RADIUS: Remote Authentication Dial-In User Service (RADIUS) is often
used with 802.1X to provide centralized authentication.
 Network Segmentation: Isolate sensitive devices and traffic by using Virtual Local
Area Networks (VLANs) to segregate the network into different logical subnets for
better security and management.
 Guest Networks: Implement separate networks for guests and employees, with
limited access to internal resources, to protect sensitive data.

40 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

7. Power Considerations

Wireless networks often rely on Power over Ethernet (PoE) to supply power to access
points (APs) through the same Ethernet cable used for data transmission.

 PoE Standards: Choose the appropriate PoE standard based on power requirements:
o IEEE 802.3af (PoE): Delivers up to 15.4 watts per port.
o IEEE 802.3at (PoE+): Delivers up to 25.5 watts per port.
o IEEE 802.3bt (PoE++): Delivers up to 60 watts or even 100 watts per port.
 Battery Life for Mobile Devices: In areas where devices like smartphones and
laptops rely on wireless charging or have limited battery capacity, consider access
points that support Wireless Charging (WPT) or inductive charging for mobile
devices.

8. Roaming and Handover

Wireless roaming refers to the ability of devices to move seamlessly between access points
without losing connectivity.

 Seamless Roaming: For mobile users or devices, ensure that roaming is smooth, with
minimal delay when switching between APs. Technologies like 802.11r (Fast BSS
Transition) help devices quickly transition between access points, reducing the impact
of handover delays.
 Load Balancing: To optimize the user experience, implement load balancing features
to evenly distribute client devices across multiple APs based on factors like signal
strength and traffic load.

9. Network Management and Monitoring

Effective wireless network management helps ensure that the network operates efficiently
and securely.

41 | P a g e
Prepared by Biruk.P (MSc)
 Network Design Hand-out

 Centralized Management: Use Wireless LAN Controllers (WLCs) or cloud-based

management systems to centrally control and monitor the wireless network. This
simplifies the deployment of new access points, firmware updates, and security
policies.
 Performance Monitoring: Continuous monitoring of network metrics, such as
throughput, signal strength, and client density, allows network administrators to
identify and resolve issues proactively.
 Site Surveys: Conduct regular site surveys to measure coverage, identify dead zones,
and detect interference. Tools like Ekahau or AirMagnet can help with heat mapping
and AP placement.

10. Cost Considerations

Cost is an important factor in designing a wireless network. The total cost includes the price
of wireless access points, controllers, management tools, cabling, and on-going maintenance.

42 | P a g e
Prepared by Biruk.P (MSc)