Course Name: Network And Server

Administration

Project Title: Company Network Design

Name: Md Bidyuth
ID: 212010025
Dept : CSE
Batch: 10th
Abstract:
This project involves the design and implementation of a secure,
scalable, and efficient network infrastructure for a multi-floor business
organization. The main goals include ensuring continuous internet
connectivity, enhancing security through VLAN segmentation, and
facilitating seamless communication via inter-VLAN routing.

To achieve these objectives, core routers and multilayer switches were

deployed to regulate network traffic effectively, while a DHCP server
was set up to assign IP addresses dynamically. The OSPF (Open Shortest
Path First) protocol was utilized to enable dynamic and efficient routing
across multiple subnets, improving both redundancy and performance.

To strengthen network security, several measures were implemented,

including Access Control Lists (ACLs), Port Security, Network Address
Translation (NAT), and Secure Shell (SSH), preventing unauthorized
access and mitigating external threats. Additionally, a DNS (Domain
Name System) server was configured to resolve hostnames, and a
Wireless Local Area Network (WLAN) was introduced to ensure
uninterrupted wireless connectivity across different floors.

The network setup was simulated and tested using Cisco Packet Tracer,
verifying its stability, reliability, and performance optimization for
business operations. This project effectively applies fundamental
networking concepts, security protocols, and server administration
techniques, providing hands-on experience in managing enterprise-
level IT infrastructure.
Introduction:
This document provides a comprehensive overview of the project
undertaken as part of the Network and Server Administration course. It
details the objectives, system architecture, configurations,
implementation steps, testing procedures, troubleshooting strategies,
and security measures implemented in the network infrastructure.

Project Objectives:

The primary objective of this project is to design and implement a

robust, efficient, and secure network infrastructure for a multi-floor
business organization. The key goals include:

• Establishing a scalable network infrastructure to support business

operations.
• Ensuring high availability and uninterrupted internet access
through ISP redundancy.
• Enhancing security by implementing VLAN segmentation, access
control lists (ACLs), and port security.
• Deploying a centralized DHCP server for automated IP address
allocation.
• Implementing a DNS server for hostname-to-IP resolution.
• Configuring Open Shortest Path First (OSPF) for dynamic and
efficient routing across multiple subnets.
• Enabling secure remote management via Secure Shell (SSH).
 • Implementing a Wireless Local Area Network (WLAN) to provide
seamless wireless connectivity.
• Simulating and validating the network design in Cisco Packet
Tracer.

Network Architecture:

1. Topology Overview:

The network is designed to accommodate multiple departments within

a multi-floor business organization. The key architectural components
include:

• VLAN Segmentation: VLANs are created for different departments

(HR, IT, Finance, Sales) to improve security and network
efficiency.
• Layer 3 Switching: A Layer 3 switch is used for inter-VLAN routing
to ensure seamless communication between VLANs.
• ISP Redundancy: Dual ISP connections are configured to provide
failover and ensure continuous internet access.
• Core Routers and Firewalls: Routers and firewalls are deployed to
manage traffic efficiently and enhance security.
 • Centralized DHCP and DNS Services: A DHCP server dynamically
assigns IP addresses, while the DNS server resolves domain names
to IP addresses.
• Wireless Network Integration: WLAN is deployed to provide
mobility and wireless access across multiple floors.

2. Network Devices and Configuration:

The following devices and configurations are implemented:

• Switches: Six managed switches are configured with VLANs,

trunking, and port security.
• Routers: Core routers configured with OSPF for dynamic routing
and redundancy.
• Multilayer Switches: Configured for inter-VLAN routing and secure
SSH remote management.
• Firewall: Configured with ACLs, Network Address Translation
(NAT), and Port Address Translation (PAT) for security and load
balancing.
• Servers: DHCP, DNS, and other necessary network services are
hosted on dedicated servers.
A new building is expected to have three floors with two departments
in each for

First Floor

• Sales & Marketing department-120 users expected.

• Human Resource and Logistics Department-120 user expected.

Second Floor

• Finance & Accounts Department -120 users expected.

• Administrator & Public Relations Department-120 users expected.

Third Floor

• ICT Department-120 user expected.

• ServerRoom-12 devices expected.
Department-wise VLAN Segmentation and Configuration

IP Addressing Plan:

Base Network: 172.16.1.0

Implementation Details:

1. VLAN Configuration

• VLANs are created for different departments:

o VLAN 10: HR
o VLAN 20: IT
o VLAN 30: Finance
o VLAN 40: Sales
• Trunk ports are configured between switches to allow inter-VLAN
traffic.
• Inter-VLAN routing is enabled on a Layer 3 switch.

2.Routing Configuration

• OSPF Configuration: OSPF is implemented on routers for efficient

dynamic routing.
• Static Default Routing: Configured to provide backup paths in
case of OSPF failure.
• Route Summarization: Implemented to optimize routing table
size and improve performance.

Server Configuration

1. DHCP Server
 • Configured multiple DHCP scopes corresponding to VLANs.
• Enabled IP address lease allocation and reservation for critical
devices.
• Configured default gateways and DNS server settings for each
scope.

2. DNS Server

• Configured to provide hostname-to-IP resolution within the

enterprise network.
• Implemented forward and reverse lookup zones for better
network management.
• Integrated with DHCP to update DNS records dynamically.

Security Measures:
• Port Security: Configured to limit the number of MAC addresses
per switch port.
• Access Control Lists (ACLs): Implemented to restrict access
between VLANs and control inbound/outbound traffic.
• Network Address Translation (NAT) & Port Address Translation
(PAT): Configured for secure internet access and to prevent
external threats.
• Firewall Rules: Configured to filter unauthorized traffic and
protect critical services.
• SSH Remote Management: Implemented to enable secure remote
administration of network devices.
Wireless Network Configuration:
• WLAN is configured with multiple SSIDs to segregate different
user groups.
• WPA2-Enterprise security is implemented for enhanced
authentication.
• Wireless Access Points (APs) are strategically deployed across
floors for optimal coverage.

Commands
Validation

Test Results
Testing and Troubleshooting:
1. Network Connectivity Testing

• Ping and Traceroute: Used to verify inter-VLAN connectivity and external

network access.
• nslookup and dig: Tested DNS resolution for local and external domains.
• show commands: Used to inspect device configurations and interface
statuses.

2. Troubleshooting Common Issues

• IP Address Conflicts: Resolved by verifying DHCP lease allocation and static

IP assignments.
• Routing Misconfigurations: Debugged OSPF configurations using show ip
route and show ip ospf neighbor commands.
• Access Issues: Fixed ACL rules by ensuring correct source/destination
criteria.
• Slow Network Performance: Optimized VLAN traffic and adjusted switch
port speeds.

Conclusion:
This project successfully demonstrated the design and implementation
of a secure and scalable network infrastructure. The deployment of
VLANs, inter-VLAN routing, dynamic routing protocols, and security
measures ensured optimal performance, security, and high availability.
The final network architecture was tested and validated in Cisco Packet
Tracer, confirming its efficiency and reliability for real-world business
operations.

Future Enhancements

• Implementing Multi-Protocol Label Switching (MPLS) for faster

data forwarding.
• Deploying an Intrusion Detection System (IDS) and Intrusion
Prevention System (IPS) for enhanced security monitoring.
• Exploring cloud-based networking solutions for better scalability
and flexibility.

References:
Cisco Networking Academy Materials

Using Cisco packet tracer for network design & simulation.

Youtube channel: Gurutech Networking Training

https://www.google.com