2.

Network components
2.1. Hub
A Hub is a device that allows multiple nodes to connect to a network. Previously popular as a
cheap alternative, it has no network information and broadcasts all data to all nodes. This is a
security risk. A Switch is a better solution for all networks.
2.2. Switch
A Network Switch is a small hardware device that joins multiple computers together within one
local network. Switches can be of various types. They can simply pass all traffic through to other
segments as a simple Switch would do. A managed Switch is a more powerful network device. It
can prioritise network traffic and group devices into logical areas as VLANs.
2.3. Bridge
A Bridge device filters data traffic at a network boundary. Bridges reduce the amount of traffic on a
LAN by dividing it into two segments.
2.4. Router
A Network Router joins two computer networks together. DSL and cable Modem Routers are often
used in homes and small businesses, while other types of Network Routers are also used on the
Internet.
2.5. Repeater
This is a device that allows a network to be extended. Often, networks can be limited by the
physical properties of the devices and cabling involved in the physical network.
For example, the limitation of CAT 5 cabling is 100m. Where longer runs of this length are
required, a Hub or Switch can play the role Repeater to allow the signal to be transmitted over the
required distance.
Wireless networks, too, are limited by the range of the Wireless Router to which network devices
are joined. This may be as little as 30m in some Networks. A Wireless Access Point can be used
to extend the range of the network. The access point is within range of the main Network Router.
This allows devices that are within range to this access point to be connected to the Router.
2.6. Server
Severs may play many roles in a local network. A Windows Server may provide services such as:
 Domain controller
 File server
 DNS
 DHCP - Dynamic host configuration protocol.
 Print server
 Firewall
 IDS
2.6.1. Domain controller
All users connected to the Server must login to an account setup on the network. This provides a
layer of security, helping to prevent unauthorised access.
2.6.2. File server
The Server provides access to files on the server. Permissions may be set at various levels – full
control, modify, write read and execute.
2.6.3. DNS
A domain name server (DNS) converts network addresses to network names. For example,
www.google.com.et . If you give the network command: ping www.google.com.et you will get a
reply from: 216.58.209.131.This indicates that a DNS server has converted the Internet name to
the corresponding network address.
2.6.4. DHCP - Dynamic Host Configuration Protocol
Each node on the local network must be assigned an Internet protocol (IP) address.
This is commonly assigned by a Router whose role it is. Some Networks find it more useful to
have a Server assign these addresses, so that actions access of these addresses can be
controlled.
2.6.5. Print server
A Server assigned as a print server allows administrator to control the use of the printer. Jobs can
be prioritised and the management of the print queue can be assigned to specific users as
required.
2.6.6. Firewall
A network firewall guards a computer network against unauthorized incoming messages or
undesired outgoing messages. Network firewalls may be hardware devices, software programs, or
a combination of the two.
2.6.7. IDS
A network-based intrusion detection system (IDS) is used to monitor and analyse network traffic to
protect a system from network-based threats.
An IDS reads all inbound packets and searches for any suspicious patterns. When threats are
discovered, based on its severity, the system can take action such as notifying administrators, or
barring the source IP address from accessing the Network.
3. Network Segments
A network segment is an area of the network that performs one or more roles.
The term network segment is also used to describe a network connection e.g. a Wi-Fi link or a
fibre link.
3.1. The role of network segments
Reduce network traffic
Forming several segments allows traffic to be contained to the areas that are required. There is no
need to allow all nodes to access every other node.
Increased security
Preventing packets from entering segments that are not required also a role in network security. In
the same way as users can be prevented from running applications, network segments can easily
be blocked from accessing other segments.
Further, if one segment is compromised by an intruder and all the nodes on the segment are at
risk, other segments remain protected.
It is important also to provide security on more than one layer. A hardware firewall may block most
unwanted traffic, but user authentication will serve as a second level of security for the network.
Isolate network issues
Where network issues affect many users, it is common that those on the same subnet can be
involved. Troubleshooting such a problem is made easier, due to the problem’s isolation.
Scalability
Adding an extra segment is more reliable than adding more nodes to an existing one. This
prevents interruption to existing segments and allows a new network to be tested without impacting
other users.
3.2. Type of segments
In many local networks, each segment will play one particular role. The roles will help determine
the physical layout of the network, as well as the topology.
3.2.1. User segment
A segment may be created for the purpose of collecting end users together. This is typical of a
room of computers, such as an office where similar work is being done or a teaching room where
users are accessing the same resources.
3.2.2. Storage segment
There may be advantages in grouping file storages together. It is easy to apply the same security
levels to these computers.
3.2.3. Database segment
Here, there may be important business data stored. This may have less traffic, depending on how
many users access the local database.
3.2.4. Security segment
Several devices may be put in place to bolster security of the Network. This may be achieved with
the use of firewalls, authentication and IDS.
4. Network Functional Analysis
Taking the time to analyse network function will result in a list of the components that make up the
network, including:
 all components and their means of connectivity to the network
 cabling
 protocols
In order to create the best topology for a local network you need to look at exactly what the
network will be used for.
It is good practice to:
 Build the network to allow only those business functions that are necessary. Avoid
allowing networks to communicate, if business requirements do not need it.
 Build the network based on security requirements. Where users and systems need to
access other systems, enforce security measures to maintain the requirements
 White list segments. This involves using managed Switches to identify packets based on
their source. Then only necessary packets will be able to enter the network. This is more
efficient than blacklisting, which is an ongoing process.
4.1. Network traffic
It is important that an estimate of network traffic be made prior to implementing a network. This is
particularly true of segments with a many to one (1) connection.
Consider a network with 4 users connected to a Switch which is also connected to a Server. The 4
users are generating 2 Mb/s bandwidth on the Network. If all users are communicating with the
server on the same segment then the server is getting up to 8Mb/s traffic.
This is a simple example, with only a small number of users. Consider an office where typically 20
or 30 users are connected to a Switch.
If the users were all generating the same amount of data (e.g. requesting the same video file from
a server) then the implications are that a bottleneck would occur if these requests were made at
the same instant. As this is an unlikely turn of events, the network would not be under threat as
the bandwidth in an office is unlikely to be sufficiently large to create such a problem.
4.2. Calculate total bytes
To estimate traffic in a network segment, the following calculation will assist in testing the network.
Always use maximum values when using estimates.
 Bytes = users x time period x bitrate / 8

 users = number of users in the network segment

The assumption here is that each user will generate the same traffic.
 time period = length of time over which the calculation is being made. To choose
too long a time period may become atypical of the network use.
 bitrate = the rate of transmission of data. This rate would need to be over the time
period used.
Example:
Consider a network of 20 users, generating network data at a rate of 2Mb/s. How many bytes will
be generated in one hour?
In this example, use 3600s as the time period, since the bitrate is in seconds.
Bytes = 20 x 2 000 000 x 3600 / 8
= 18,000,000,000 bytes
= 18GB
Calculate bytes
A network of 15 users generates network data at a rate of 450Kb/s. How many bytes will be transmitted in
a period of 4 hours?

5. Network functional matrix

A network function matrix is a list of the components required in the network, based on the
requirements.

Office network scenario

In an office that has rooms on two floors of a building, there are 10 workstations on the ground floor five on
the on the first floor.
Each floor has its own server for storing business files and connecting the internet. The workstations on the
first floor must have access to the ground floor server, but the ground floor workstations must not be able to
access the first floor server for security purposes.
Have a think about what equipment will be required, this will be your network functional matrix.
It is important to note that not all business requirements will be applicable to the formation of the functional
matrix. There are several layers of the OSI model at which security can be applied to meet those
requirements, such as the server access here.
Segmenting this network would see the 10 ground floor workstations and the server on the one network.
This requires a switch to connect these to the one segment.
Similarly, the 5 first floor workstations and server will be connected to the one switch. These switches will
then be connected to a router to enable an Internet connection.
CAT 6 cabling is to be used to connect workstations to the switches and the two switches to the router.
TCP/IP would need to be installed on all workstations.
Without further information available, methods of meeting
all the requirements are not clear. Potential areas for
bottlenecks are those where many - to - many connections
occur.
This includes:
 15 users accessing the Server on the ground
floor
 15 users accessing the Internet.
Given that CAT 6 connections are gigabit connections, it
is unlikely that there either of these areas will generate
1000Mb/s.
The connection of the two Switches together will allow all traffic from the first floor to the ground floor
without accessing the Router.
In summary
 Two switches and one Router will be required.
  CAT 6 cabling will connect the devices.
 TCP/IP will be the protocol for transmission of data
LO 2 - Develop Local Area Network Specification
2.1. Physical Design
The physical design of a network refers to the existing infrastructure in which it operates.
Buildings, such as offices, laboratories and classrooms all have an impact on the network forming
a physical arrangement of networks.
The arrangement of nodes in the buildings also plays a part in the physical design. Segments of
the network may be in the same room, the same building or even hundreds of metres distant from
other segments.
2.2. Joining network segments
CAT 5
Common in the workplace is category 5, twisted pair cabling (CAT 5 cabling)
This cable consists of four pairs of cables, terminated with and RJ-45
connectors. Data can be carried on this cable for up to 100m, at speeds of up to
100Mb/s.
CAT 6
The category 6 cable is often referred to as a gigabit link. These cables are used for speeds of up
to 1 Gb/s. Runs of this cable are about 150m with no loss of data.
2.3. Costing a network
Building a network requires funding the network equipment. Most computers will be replaced after
a fixed period and will not be considered part of the Network setup, for costing purposes.
Cabling
CAT 5 cabling will suit most small installations, running at 100Mbps. Runs of up to 100m are
possible.
Wall plates and jacks

It is common to use wall plates and jacks to run cables through the walls of a building. This makes
the network tidy, as well as allowing easy connection to the network via workstations.
Switches
Switches will need to be 16 or 24 port, depending on the complexity of the Network.
It is important to consider the growth of the Network, anticipating further connections and
segments being added (scalability).
Routers
These may perform the role of DHCP in a local network, assigning IP addresses to devices that
connect.
Their main role however, is to correctly rout packets to the destination node in the Network.
Modem / Routers
A modem / router plays the role of a Router, with the additional function of a Modem - to convert
data for use on a phone line.
2.4. Purchase Orders
Purchase orders are usually used in a business to acquire the resources required for a network. It
is advisable to get quotes and estimates before you purchase your resource hardware. Costing
maybe impact on the network topology you ultimately select particularly if your resource budget is
low and your needs are minimal. Remember you should plan for scalability meaning that you can
often add segments to expand your network in the event of changing business requirements.
A sample purchase order is provided below

2.5. Complete documentation

A complete documentation of the network solution would include:
 a statement of the requirements
 a network functional matrix
 a network diagram
 purchase order
Requirements
A small business network of 25 staff has the following nodes:
 2 office areas of 10 computers each,
 2 computers in a reception area and
 3 management machines.
A Windows Server 2008 installation houses all data used by the offices, which all users will
access.
 a separate server houses management data
 all users access the internet
 a web server runs the business website
 two network printers are available
Functional matrix
The network will require:
 4 switches
 1 router
 cabling (about 300m)
 wall plates
The requirements given are not sufficient. There is no way to determine the traffic in each
segment. The Web Server is not included below. Its placement would depend on which users will
need to access it directly, for the purposes of updates.
Network diagram with multiple segments

All traffic will go through the central Switch. This may not be an issue with a relatively small
number of users. Since the traffic from most users is either to the File Server or the Internet, it
would be more efficient to segment this traffic with a Switch for each of these services.
The physical layout may affect the solution if distances are large. If any of these areas of the
Network are hundreds of metres distant from the others, then some network extension will be
required. Repeaters may be necessary to avoid excessive cable runs and loss of data.