Financial Networking System

Mini Project Report submitted in partial fulfillment.

of the requirement for the degree of
S. E. (Information Technology)

Submitted By

23101C0065- Kirtana Singh

24101C2001 – Riya Kharade
24101C2002 – Shivani Choudhari

Under the Guidance of

Prof. Kanchan Dhuri

Department of Information Technology

Vidyalankar Institute of Technology

Wadala(E), Mumbai 400 037
University of Mumbai
2024-25

1
Page
 CERTIFICATE OF APPROVAL
For
Mini Project Report
On
Computer Network Lab

This is to Certify that

Kirtana Singh
Riya Kharade
Shivani Choudhari

Have successfully carried out Mini Project entitled

“Financial Networking System”

In partial fulfillment of degree course in

Information Technology

As laid down by University of Mumbai during the academic year 2020-21

Under the Guidance of

Prof. Kanchan Dhuri

Prof. Kanchan Dhuri Dr. Vipul Dala

Signature of Guide Head of Department

Examiner 1 Examiner 2
2
Page
 ACKNOWLEGEMENT

We would like to express our deepest appreciation to all those who provided us the possibility
to complete this report. We express our profound gratitude we give to our Prof. Kanchan
Dhuri Ma’am, our respectable project guide, for her gigantic support and guidance. Without
her counseling our project would not have seen the light of the day.

We extend our sincere thanks to Dr. Vidya Chire, Head of the Department of Information
Technology for offering valuable advice at every stage of this undertaking. We would like
to thank all the staff members who willingly helped us. We are grateful to
VIDYALANKAR INSTITUTE OF TECHNOLOGY for giving us this opportunity.

The days we have spent in the institute will always be remembered and also be
reckoned as guiding in our career.

1. Kirtana Singh

2. Riya Kharade

3. Shivani Choudhari
3
Page
 Table of Contents
Sr. No. Topic Page No.
1 Case Study and Requirements 6
2 Technologies 8
Implemented
Network Diagram (Network architecture
3 9
design)
4 Result & Discussion (screenshots of output) 11
5 Conclusion (What you have designed & learnt) 15
7 References 16

4
Page
 List of Figures
Sr. No Figure Page No

1 4.1 Blockdiagram 10
2 4.2 Overall Output 11
3 4.3 ISP Area 11
4 4.4 JFSL HQ network 12
5 4.5 7th,8th floor JFSL network 12
6 4.6 Server Side JFSL network 13
7 4.7 Calling HR from MS telephone 13

5
Page
 Case Study and Requirements
Organization Overview

Jubilee Financial Services Ltd (JFSL) is a prominent financial service provider headquartered in Nairobi,
Kenya. With a reputation for offering a wide range of banking and financial services, the company caters to both
individual clients and corporate institutions. In order to maintain efficient internal operations and high service
standards, JFSL has centralized its core departmental operations within its multi-storey head office building.

Physical Layout of Operations:

JFSL operates its business functions across the 7th and 8th floors of the building, with a clear division of
departments:

 7th Floor:

o Human Resource (HR): Handles recruitment, employee records, training, payroll, and
organizational development.

o Customer Service (CS): Manages client interactions, queries, feedback, and support services.

o Marketing (MS): Focuses on brand promotion, customer outreach, and financial product
marketing strategies.

 8th Floor:

o Legal Management (LM): Ensures regulatory compliance, manages contracts, and addresses
legal issues.

o Information Technology (IT): Responsible for IT infrastructure, network administration,

cybersecurity, and support.

Each department on the 7th floor is equipped with approximately 40 end-user devices (PCs, laptops, etc.) and 40
IP phones, indicating a workforce that depends heavily on both data and voice communication. On the 8th floor,
departments operate with around 20 end-user devices and 20 IP phones each. Additionally, each department is
supported by a dedicated wireless access point (Wi-Fi AP) to ensure seamless mobility and wireless
connectivity for employees using laptops, tablets, and mobile devices.

Network Goals and Requirements

To meet operational demands and support future scalability, JFSL aims to establish a highly secure, efficient,
and reliable IT network infrastructure. The key goals and technical requirements for this network are as follows:

1. Self-Managed LAN and WAN Infrastructure:

o JFSL intends to manage its Local Area Network (LAN) and Wide Area Network (WAN)
internally without relying on third-party network providers. This enhances control, security,
and flexibility in managing the enterprise network.

2. Department-Wise VLAN Segmentation:

6

o Each department will be assigned unique Virtual Local Area Networks (VLANs) to separate
Page

traffic, reduce broadcast domains, and enhance security.

 o Each VLAN will be further split into Data VLAN (for computers and other data devices) and
Voice VLAN (for IP phones), ensuring traffic isolation and QoS (Quality of Service) for voice
communications.

3. Inter-VLAN Routing and Centralized DHCP:

o To allow communication between VLANs while maintaining logical separation, Inter-VLAN

routing using Layer 3 switches or router-on-a-stick configurations will be implemented.

o A centralized DHCP server will be configured to automatically assign IP addresses to devices

within each VLAN range, improving IP management efficiency.

4. VoIP Integration:

o Voice over IP (VoIP) solutions will be deployed using Cisco IP Phones and a voice-enabled
router, allowing seamless voice communication over the same IP network.

5. Server-Side Site Implementation:

o A dedicated server farm will be established to host:

 DHCP Server – for dynamic IP allocation
 DNS Server – for domain name resolution
 Web Server – to host the company’s internal and external websites
 Email Server – for corporate communication
o All servers will be assigned static IP addresses for reliability and accessibility.
6. Redundant Internet Connectivity:

o To avoid downtime and ensure continuous access to cloud-based financial applications

and internet services, JFSL will utilize two separate ISPs—Safaricom and JTL. This
provides automatic failover in case one ISP goes down, thereby improving uptime and
business continuity.
7. Network Security Implementations:

o Access Control Lists (ACLs): Will be used to control and restrict unauthorized access to
sensitive areas of the network.
o Port Security: Enabled on switches to prevent unauthorized devices from connecting
network.
o Site-to-Site Virtual Private Network (VPN): Will ensure secure communication between
remote branches and the head office by encrypting traffic over the public internet.

7
Page
 Technologies
1. Hierarchical Network Design:
A structured approach to networking that divides the network into core, distribution, and access layers
for better scalability and management.

2. VLANs for departmental segmentation:

Logical segmentation of networks to isolate departmental traffic and improve security and
performance.

3. Inter-VLAN Routing (Switch Virtual Interface - SVI):

Enables communication between different VLANs by configuring virtual interfaces on Layer 3
switches.

4. Dedicated DHCP Server for dynamic IP allocation:

Automatically assigns IP addresses to devices within the network, simplifying IP management.

5. SSH for secure remote management:

Provides encrypted and authenticated access to network devices for administrative tasks.

6. OSPF as the interior routing protocol:

A dynamic link-state routing protocol used for efficient path calculation within the enterprise network.

7. Port-Security on server-side access switch:

Restricts access to switch ports by allowing only authorized MAC addresses to connect.

8. NAT Overload (PAT) for outbound internet access:

Translates multiple internal IP addresses to a single public IP using different port numbers.

9. Standard & Extended ACLs for traffic control:

Filters network traffic based on source/destination IP, protocols, or port numbers to enforce security
policies.

10. Site-to-Site IPsec VPN for secure WAN communication:

Encrypts data between remote sites over the internet to create a secure private tunnel.

11. VoIP Configurations using Cisco 2811 router:

Enables voice communication over IP networks using Cisco routers with voice modules.

12. Static IPv4 Addressing for all server-side devices:

Assigns fixed IP addresses to critical infrastructure like servers to ensure consistent connectivity.

13. Subnetting to efficiently allocate IP addresses for each department:

Divides a larger IP network into smaller, manageable sub-networks for efficient address usage.

14. Wi-Fi Access Points per department:

Provides wireless network access to users within each department’s physical area.

15. SSH ACL to restrict VTY access to IT department only:

Limits remote management access to network devices strictly from the IT department subnet.

16. Sticky MAC Port Security with violation mode shutdown:

Dynamically learns and binds MAC addresses to ports, shutting them down on unauthorized access.
8
Page
 Network Architecture
Key Components

1. Core Devices

 Cisco 2911 Routers:

These are modular enterprise routers used as the backbone for routing within the LAN and WAN. They
handle NAT, VPN, and inter-network communication across sites.

 Layer 3 Switches (L3 Switches):

Act as distribution devices that enable inter-VLAN routing via SVIs, manage routing within the
internal network, and ensure high-speed communication between departments.

 Access Switches:
Located on each floor and department, these connect all end-user devices and IP phones and enforce
port security policies like Sticky MAC and shutdown on violation.

2. Server-Side Devices

 DHCP Server:
Automatically assigns IP addresses to clients in data and voice networks within their respective
VLANs.

 DNS Server:
Resolves hostnames to IP addresses for internal and external websites and applications, improving ease
of access and performance.

 Email Server:
Hosts the company’s internal and external email communication system.

 Web Server:
Hosts internal web applications or the company’s public website, depending on the role.

3. Voice Gateway

 Cisco 2811 Router:

Configured to enable VoIP services across the enterprise. It handles SIP/RTP traffic and connects
internal IP phones to the PSTN (if needed) or IP-based voice networks.

4. ISPs

 Safaricom and JTL:

Two separate internet service providers are used for link redundancy. If one link fails, the other ensures
uninterrupted internet and VPN access.
9
Page

5. Security Components
  Access Control Lists (ACLs):
Enforced at the router and switch levels to restrict unauthorized access, especially to VTY lines
(remote access), VoIP traffic, and server subnets.

 NAT (Network Address Translation):

Provides internal users with access to the internet using NAT Overload (PAT) on the Cisco 2911
router.

 VPN (Site-to-Site IPsec):

Secures communication between remote office locations and headquarters over public internet using
encrypted tunnels.

6. End Devices

 PCs and Laptops:

Used by employees for daily operations, placed within the Data VLAN of each department.

 Smartphones:
Access the network wirelessly through the departmental Wi-Fi access points.

 IP Phones:
Used for internal and external voice communication, connected to the Voice VLAN.

 Access Points (Wi-Fi APs):

Provide wireless connectivity to end-user devices, one per department to ensure coverage and
performance.

10
Page
 RESULTS
4.1 BLOCK DIAGRAM

11
Page
4.2 Overall Output :

4.3 ISP area :

12
Page
4.4 JFSL HQ NETWORK

4.5 7TH FLOOR JFSL 8TH FLOOR JFSL

13
Page
4.6 JFSL SERVER-SIDE NETWORK

4.7 Calling HR telephone with MS telephone:

14
Page
 Conclusion
This project successfully demonstrates the design and implementation of a secure, scalable,
and redundant network infrastructure for Jubilee Financial Services Ltd using Cisco Packet
Tracer.

What We Designed:
 A complete end-to-end enterprise-grade hierarchical network with redundancy

 Department-wise segmentation using VLANs and subnetting

 Full integration of VoIP, VPN, NAT, DHCP, and Inter-VLAN routing

 Robust security through ACLs, Port Security, and encrypted communication

What We Learnt:

 Effective planning and segmentation using VLANs and IP subnetting

 Hands-on configuration of Cisco networking equipment

 Real-world implementation of enterprise network security and redundancy best

practices

 Use of secure communication protocols like SSH, IPsec VPN, and ACLs

 Practical use of OSPF, DHCP, NAT, and VoIP in enterprise networks

This project not only enhances practical networking skills but also provides a comprehensive
understanding of designing and implementing enterprise network architectures that
emphasize Confidentiality, Integrity, and Availability (CIA) of data. 15
Page
 Reference

Gurutech Networking Training :

https://www.youtube.com/watch?v=p1MlbN1Wh8w&list=PL
vUOx2WG6R7PMM8UhMWevH75QzGyXOv4g&index=14

16
Page