Network Infrastructure Design Proposal for the Engineering Building – University of Liberia

Submitted by:

Micheal Sheriff & ID: 104259

A Project Proposal

Submitted in Partial Fulfillment of the Requirements for the Course

CISC306: Network Planning and Design

University of Liberia, Fendell Campus Submitted by

T.J. R. Faulkner College of Science and Technology

Department of Information Technology and Computer Science

Submitted to

Dr. Alfred Toe Segbe

Submission Date: [Saturday May 10, 2025]

 Table of Contents

Contents
Table of Contents....................................................................................................................2

Abstract...................................................................................................................................3

Introduction....................................................................................................................................4

Relevance of the project to modern network architecture and higher education.........................5

Network Requirements Analysis..................................................................................................6

User types (faculty, students, admin staff)...............................................................................8

Estimated number of devices and bandwidth needs....................................................................9

Bandwidth Requirements.............................................................................................................9

Design & Implementation Plan...............................................................................................10

Network Security Considerations..............................................................................................17

Budget and Justification..............................................................................................................19

Conclusion & Recommendation.................................................................................................24

References.....................................................................................................................................26
 Abstract

The University of Liberia has commissioned a comprehensive network infrastructure project for

its Engineering Building, which comprises 8 administrative offices and 20 classrooms distributed

over two floors. The objective is to design and implement a robust, scalable, and secure

networking solution that meets the academic and administrative needs of the institution. The

solution includes both wired and wireless connectivity to support high-speed internet access, file

sharing, VoIP communication, and secure data exchange across all user endpoints. The proposed

design features a structured cabling system, VLAN segmentation, centralized server resources,

and a hybrid network topology to ensure performance, reliability, and future scalability. This

infrastructure will enhance digital learning, administrative efficiency, and overall operational

effectiveness within the Engineering Building.

 Introduction

The University of Liberia is modernizing the digital infrastructure of its Engineering

Building.

The project aims to design and implement a scalable and secure network infrastructure. The

facility includes 8 administrative offices and 20 classrooms across two levels, the network will

support both wired and wireless connectivity. Objectives include enabling seamless internet

access and efficient communication. Centralized resource management is a key component of the

initiative. The project will enhance digital learning experiences for students and staff.

A reliable and high-performing network is essential for academic, administrative, and

operational functions. The initiative focuses on supporting the university's strategic goals

through technology. Implementation will ensure the facility meets current and future

technological needs.

Design a structured network with routers, switches, access points, servers, and cabling to meet

academic and administrative goals. Implement VLAN segmentation and IP addressing for logical

organization and security. Ensure high-speed, reliable connectivity for staff, faculty, and

students. Incorporate network security, manageability, and scalability into the design. Deliver a

professional-grade network infrastructure for current demands and future growth. Provide

centralized services like file sharing, printing, internet access, and internal communications.

Enhance classroom and office productivity with improved digital tool access.

Establish a secure environment to protect sensitive data and support academic integrity.

Improve user experience with fast and stable network performance.

4
Relevance of the project to modern network architecture and higher education

The project aims to develop a comprehensive network solution for the University of Liberia’s

Engineering Building, aligning with modern network architecture principles. It focuses on

implementing a scalable, secure, and high-speed network infrastructure that supports data, voice,

and video over a unified system. The design includes Virtual LANs (VLANs) and subnetting to

enhance security, segment traffic, and optimize performance. Hybrid topologies are used to

balance centralized control with distributed access points. The network is cloud-ready and

integrates with online platforms and learning management systems (LMS). Redundancy and fault

tolerance are prioritized to ensure high availability and minimal downtime. Robust, high-

bandwidth connections are essential for digital learning and real-time access to educational

content. Smart classrooms depend on networked devices for teaching aids, presentations, and

assessments. Administrative operations require secure, interconnected systems for tasks like

student enrollment and financial management. The project supports research and innovation by

enabling data sharing, cloud-based tools usage, and global collaboration.

5
 Network Requirements Analysis

The networking infrastructure for the University of Liberia's Engineering Building is designed to

be scalable, secure, and high-performance. User demands include approximately 40–50 staff and

over 500 students, with 150–200 concurrent users during peak hours. Reliable high-speed

internet access is essential for educational resources and administrative platforms. A combination

of LAN/WLAN access is required for both wired and wireless devices. Internal communication

support includes IP-based services like email, VoIP, and file sharing. Core network equipment

includes enterprise-grade routers, Layer 2/3 switches, and wireless access points. End devices

include desktop PCs, networked printers, and VoIP phones. A centralized server will provide

internal services such as file and print servers, DNS/DHCP, and future LMS hosting. Private IP

addressing with subnetting is used for different departments and usage zones. VLANs are

implemented to separate traffic: Administration (VLAN 10), Instruction/Classroom (VLAN 20),

Guest Wi-Fi/Students (VLAN 30), Server Management (VLAN 40). Security measures include

firewalls, intrusion detection, VLAN segmentation, ACLs, and user authentication via Active

Directory or RADIUS. The physical layout requires distribution switches on each floor and

cabling management systems. UPS systems are necessary for power backup at key network

points. Scalability plans accommodate a 50% increase in users/devices and integration with IP

surveillance and smart classroom technology. Future growth considerations include potential

cloud or hybrid deployment.

6
  Breakdown of building layout and networking needs per office/classroom

Level 1 Ground Floor

Devices per Office: Each administrative office is equipped with 2 desktop computers. There is 1

VoIP phone available per office. A network printer is shared between every 2 offices. Each

office has 1 wireless access point.

Networking Needs: Wired connections for desktops and printers, Secure VLAN for

administrative data. IP phones connected to internal PBX, Reliable Wi-Fi for mobile devices,

there are a total of 4 administrative offices.

Classrooms (10 total) Devices per Classroom: 1 instructor desktop/laptop wired, 1 projector

network-controlled. 25–30 student Wi-Fi users, 1 wireless access point (ceiling-mounted)

Networking Needs: Wi-Fi for student and instructor use, Wired access for instructor devices.

VLAN isolation to restrict access between classrooms, Bandwidth allocation for content
streaming and online testing

Common Areas / Shared Resources:

 Server/IT Room (1 central location): Rack-mounted server(s), Layer 3 core switch,

Firewall appliance, UPS (power backup), Internet uplink.

 Networking Needs: Secure, climate-controlled space, Central patch panel and cable

terminations, Redundant uplinks to distribution switches.

 Hallways/Student Lounge: 2–4 ceiling-mounted wireless APs for roaming connectivity,

VLAN 30 for guest/student Wi-Fi with limited access.

7
 Summary Table
Area Qty. Wired Wireless VLAN Special Notes
Devices Devices
2 PCs, 1 Secure data, VoIP, shared
Admin Offices 8 Phones, APs VLAN 10
printer printers

1 PC, 1 ~30 student Instructor & student devices,

Classrooms 20 VLAN 20
projector devices, AP Wi-Fi only for students

Server, Central hub, firewall, DHCP,

Server Room 1 — VLAN 40
switch DNS

Limited Wi-Fi, Internet-only

Common Areas — — Guest APs VLAN 30
access

User types (faculty, students, admin staff)

Faculty (Instructors and Lecturers): Primary Locations, Classrooms, Offices

Devices Used: Laptops and desktops (wired or Wi-Fi), Projectors (networked),

Smartphones/tablets (Wi-Fi)

Students: Primary Locations: Classrooms, Student Lounges, Common Areas, Devices Used:

Smartphones, Laptops/Tablets (BYOD – Bring Your Own Device).

Administrative Staff: Primary Locations: Administrative Offices, Devices Used, Desktop.

computers (wired), VoIP phones, Networked printers.

IT and Support Staff: Primary Locations: Server/Network Room, Throughout Building,

Devices Used: Laptops for configuration, Network monitoring tools.

8
 Estimated number of devices and bandwidth needs.

 Type of services to be supported (e.g., Wi-Fi, VoIP)

Estimated Number of Devices

User Type Devices per Person Estimated Users Total Devices

Faculty 2 (PC/laptop + phone) 20 40

400 (20 classrooms ×

Students 1.5 (laptop/tablet + phone) 600
20 students)

Admin Staff 2 (desktop + VoIP) 8 16

IT/Support Staff 1 4 4

~20 (printers,
Shared Equipment N/A N/A
projectors, switches)

Total 680–700 devices

Bandwidth Requirements
User Group Average Usage per Device Total Estimated Bandwidth

Faculty 3–5 Mbps 150 Mbps

Students 1–2 Mbps 800–1000 Mbps (1 Gbps)

Admin Staff 2–3 Mbps 25 Mbps

IT Systems (backup, sync) 5–10 Mbps per system 50 Mbps

Total 1.2 – 1.5 Gbps

Services to Be Supported

9
Service Type Description

Full coverage on both floors using 802.11ac/ax access points in

Wi-Fi
classrooms, offices, and halls

High-speed Ethernet connections (Cat 6/6a) for offices, admin, and

Wired LAN
IT equipment

VoIP Digital voice calling system for admin and faculty via IP phones

Print Services Network printers in staff offices and admin areas

Central Storage File and learning management system hosted locally or via cloud

Firewall/Security Centralized firewall, endpoint protection, and VLAN segregation

Surveillance (optional) IP camera integration for security, if required

Design & Implementation Plan

 Description of recommended hardware (routers, switches, access points, cabling)

Core Router: Recommended Model: Cisco ISR 4331 or Ubiquiti Edge Router Infinity (for

budget-friendly option), Function: Routes traffic between internal VLANs and the internet;

handles firewall and NAT, Features: Support for QoS and VPN, At least 3 Gigabit Ethernet

ports, IPv6-ready, Modular expansion.

Network Switches, Main Distribution Switch (Core Layer)

Model: Cisco Catalyst 9300 Series or Ubiquiti Unifi Switch Pro 48

Features: 48-Port Gigabit Ethernet, Layer 3 support for inter-VLAN routing, 4 × 10G SFP+ uplinks, Power

over Ethernet (PoE+) for powering APs and VoIP

Access Switches (per floor or classroom cluster)

Model: Cisco Catalyst 9200 Series or Unifi Switch 24 PoE

10
Quantity: 6–8 depending on layout

Features: 24-Port Gigabit with PoE+, Stackable (optional), VLAN support, Fanless option for

quiet zones

Wireless Access Points (APs): The network setup involves using either Ubiquiti UniFi 6 Long-

Range (U6-LR) or Cisco Aironet 2800 Series access points. Approximately one access point is

needed for every two classrooms, totaling 10 to 12 units, with an additional two for office or

administrative areas. The access points support dual-band frequencies (2.4 GHz and 5 GHz).

They are compatible with Wi-Fi 6 (802.11ax) technology. Power over Ethernet (PoE) is used for

powering the devices, and they can be managed via a cloud or local controller.

Cabling Infrastructure: Backbone cabling uses Cat6a Ethernet for gigabit connectivity, with

shielded cable for long runs. Multimode fiber uplinks are used between floors and from the core

switch to access switches, utilizing OM3/OM4 standards. Structured cabling and termination are

facilitated through patch panels and wall outlets. Cable management is achieved using conduits,

racks, and trays for organized and scalable installations.

Other Hardware: The Fortinet FortiGate 60F or pfSense is recommended for use as a firewall

appliance, Cisco 8800 Series or Grandstream GXP series VoIP phones are suggested for admin

and faculty use. APC Smart-UPS units are advised to protect switches and routers during power

outages. An optional server can be used for local hosting of LMS, file sharing, DHCP, and

backup. The document includes recommendations for other hardware components.

 Logical network diagram (IP addressing, VLANs, subnetting, etc.)

11
12
 Physical network diagram (floor plan with device placement)

13
 Wired and wireless setup (advantages and integration)

Wired Network Setup: Ethernet cabling (Cat6/Cat6a) is used for high-speed, low-latency

connections, it is particularly beneficial for fixed devices., Applications include desktop

computers in offices and classrooms, Network printers and servers also utilize this cabling.

VoIP desk phones, network switches, and routers are connected using this cabling.

Wireless Network Setup

Provides consistent performance with minimal interference, ensuring reliability. Offers gigabit

speeds with higher bandwidth, ranging from 1Gbps to 10Gbps, enhances security by being less

susceptible to unauthorized access, features low latency, making it ideal for VoIP, video

conferencing, and large data transfers.

Advantages:

Mobility: Users can move freely within coverage areas, Scalability: Easy to add new devices

Flexibility: Ideal for temporary or shared spaces, Cost-Effective Expansion: No need for

additional cabling.

Integration Strategy Backbone: All Wireless Access Points (Aps) Are Connected Via Ethernet

to Network Switches, Ensuring Fast Uplinks., Vlans: Both Wired and Wireless Traffic Is

Segmented Using Vlans For Security And Performance., Unified Management: A Centralized

Network Controller Or Cloud-Based Management System Is Used For Monitoring And

Configuring Both Setups.

Power: Aps Are Powered Via Poe (Power Over Ethernet), Reducing The Need For Separate

Power Lines., Seamless Roaming: Wi-Fi Controllers Enable Devices To Switch Between Aps

Without Connection Drops

14
 Implementation phases or timeline

Phase 1: Project Planning & Site Survey (Week 1–2)-Conduct detailed physical walkthrough

of the building, identify optimal locations for cabling, switches, routers, and wireless access

points, finalize device counts, cabling routes, and power availability. Prepare network topology

diagrams (physical and logical). Confirm internet service provider (ISP) readiness.

Deliverables: Site survey report, floor plans, finalized network design.

Phase 2: Procurement & Pre-Configuration (Week 3–4)- Procure all hardware: switches,

routers, access points, cables, patch panels, racks. Pre-configure network devices (IP addressing,

VLANs, security settings). Label and organize hardware for site delivery.

Deliverables: Inventory list, configured devices, staging environment tests.

Phase 3: Physical Installation (Week 5–6) --Structured cabling installation (Cat6/Cat6a

Ethernet). Mount access points, install switches, racks, patch panels. Label and test all cable

drops and Ethernet ports. Deliverables: Installed cabling infrastructure, connected core devices.

Phase 4: Network Setup & Testing (Week 7) --Deploy and connect routers, switches, APs.

Configure VLANs, SSIDs, DHCP, firewall, and QoS. Perform connectivity, performance, and

coverage tests (wired & wireless). Deliverables: Functional internal network, complete test

reports.

Phase 5: Staff Training & Documentation (Week 8) --Train IT personnel on network

administration and troubleshooting. Provide documentation (network topology, IP scheme,

admin credentials, hardware warranty info). Deliverables: Training sessions completed, handover

manual delivered.

15
Phase 6: Go-Live & Support (Week 9) --Transition users to the new network. Monitor for

issues and make necessary adjustments. Offer on-site or remote support for 2 weeks post-

deployment. Deliverables: Full operational handover, monitoring logs, support contact.

16
 Network Security Considerations

 Firewall Configuration--A next-generation firewall (NGFW) will be deployed at the

network's edge for the Engineering Building. The firewall will inspect and filter both

incoming and outgoing traffic based on predefined security rules. Access control lists (ACLs)

will be configured to restrict access to sensitive resources. Unauthorized ports and IP ranges

will be blocked by the firewall. Internet usage will be limited to necessary services only.

Deep packet inspection will be performed to identify suspicious activity and block malware.

Administrative interfaces will be protected by IP whitelisting. Secure login protocols will

prevent unauthorized modifications to firewall policies. The firewall serves as the first line of

defense for the network. The system aims to enhance overall network security and prevent

unauthorized access.

Encryption Methods (e.g., WPA3 for Wireless) --WPA3 encryption will be implemented

across all access points to enhance wireless communication security. WPA3 provides

individualized encryption for each user, preventing snooping on public networks. The encryption

includes protection against brute-force attacks and ensures forward secrecy for past

communications. SSL/TLS protocols will be used to protect sensitive data transfers, especially

for web-based applications and email servers. The combination of WPA3 and SSL/TLS offers

robust data protection across the network.

Access Control (MAC Filtering, VLANs) --Access to the network is controlled using MAC

address filtering, allowing only approved devices to connect and reducing unauthorized access

risks. VLAN segmentation is used to separate network traffic for different user groups, such as

students, faculty, administrative staff, and guests. This segmentation ensures that each group's

traffic remains isolated and secure, enhancing overall network security. The use of VLANs

17
improves network performance by preventing congestion and ensuring efficient traffic

management. Security is further enhanced by containing potential breaches within individual

VLANs, preventing lateral movement across the network.

Threat Prevention (Intrusion Detection/Prevention Systems) --An Integrated Intrusion

Detection and Prevention System (IDPS) will be deployed alongside the firewall to enhance

network security. The IDPS will continuously scan for known malware signatures, zero-day

exploits, port scans, and denial-of-service (DoS) attacks. Upon detecting a threat, the system will

automatically alert administrators and block malicious traffic. Logs will be maintained and

analyzed to detect trends and improve threat response. The combination of passive monitoring

(IDS) and active mitigation (IPS) ensures a proactive approach to network defense.

Backup and Recovery Strategy--A comprehensive backup and recovery strategy is essential for

maintaining business continuity during data loss, hardware failure, or cyberattacks. Daily

backups of server configurations, critical files, and user data will be conducted using both local

NAS and secure cloud storage. Weekly full backups and incremental daily backups will be

maintained to ensure data protection. System images of key devices will be stored to facilitate

rapid disaster recovery. Regular backup testing will be performed to verify data integrity and the

effectiveness of recovery procedures.

18
 Budget and Justification
The budget is designed for the network infrastructure of the Engineering Building at the

University of Liberia, focusing on mid-range to high-performance equipment.

The plan emphasizes future scalability to accommodate growing needs. Justifications are

provided for each component included in the budget. The budget aims to balance current

requirements with potential future expansions. The equipment selection is tailored to meet the

specific needs of the building.

Budget & Justification

Item Unit Cost Quantity Total

Core Router (EdgeRouter or Cisco

$1,500 1 $1,500
ISR)

Core Switch (Layer 3) $1,200 1 $1,200

Access Switches (PoE 24-port) $500 6 $3,000

Wireless APs (Wi-Fi 6) $250 12 $3,000

Cat 6 Cabling $0.25/ft. 2000 ft. $500

Fiber Cabling $2/ft. 500 ft. $1,000

UPS (APC 1500VA) $600 2 $1,200

Firewall (FortiGate 60F) $600 1 $600

Patch Panel, Racks, Hardware – – $800

Labor & Installation $75/hr. ~160 hrs. $12,000

Total Estimated Budget $24,800

19
Justification Summary

Performance: Gigabit access and Wi-Fi 6 ensure fast, low-latency performance

Security: VLANs, firewalls, and WPA3 protect users and data

Scalability: Design supports future classrooms, labs, or admin expansion

Cost-Efficient: Balances quality (Cisco/Ubiquiti) with price

Budget Justification

Category Justification

Router & Ensures stable internet access and secure segmentation of network zones.

Firewall

Switches Provide backbone connectivity and PoE support for APs. Layer 3 switching allows

internal routing.

APs High-density wireless coverage for classrooms with 30–40 students each.

Cabling Cat6 provides gigabit speeds; fiber for floor-to-floor connectivity.

UPS Prevents downtime and hardware damage during outages.

Labor Professional installation, configuration, and testing ensures reliability.

Contingency Accounts for real-world variances in prices or needs.

20
 Itemized Cost Breakdown

Category Item Qty Unit Cost (USD) Total Cost (USD)

Hardware Cisco ISR 4331 Router / 1 $2,000 $2,000

EdgeRouter 4

Cisco Catalyst 2960-X Core Switch 1 $1,200 $1,200

(Layer 3)

Ubiquiti UniFi 24/48 Port PoE 4 $600 $2,400

Switches

Ubiquiti UniFi AC Pro / Cisco 10 $300 $3,000

Meraki MR33 APs

Fortinet FortiGate 60F Firewall 1 $600 $600

Cat6 Cables, Patch Panels, Fiber — — $800

(structured cabling)

APC Smart-UPS 1500VA (battery 2 $600 $1,200

backup)

Network Rack, Patch Panels, — — $600

Mounts

Software UniFi Network Controller License / — — $500

Meraki Cloud License (3 yrs)

Labor Network Design, Cabling, ~120 $75/hour $9,000

Installation, Testing hours

Contingency (10% Buffer) — — $2,130

Total Estimated Cost $23,430

21
 Justification for Each Cost

Hardware

A powerful router costing $2,000 is essential for handling multiple VLANs, enforcing security

policies, and managing traffic efficiently.

Access Points priced at $3,000 ensure strong Wi-Fi coverage with 10 high-performance dual-

band APs supporting high user density and seamless roaming.

Access Switches costing $2,400 are PoE switches that power APs and VoIP phones, simplifying

cabling and reducing electrical costs.

A Core Switch priced at $1,200 provides managed Layer 3 capabilities for inter-VLAN routing

and advanced features like QoS.

A UPS costing $1,200 prevents data loss or damage during outages and keeps essential systems

running during short power failures.

Cabling expenses of $800 cover Cat6 and fiber optic cabling for reliable gigabit-speed

connectivity throughout the building.

A Firewall priced at $600 offers advanced protection such as intrusion prevention and content

filtering while ensuring secure internet access.

Rack and Accessories costing $600 keep hardware secure and organized, which is critical for

efficient maintenance and airflow.

Software

22
The Management Platform License costs $500. It provides a license for UniFi Network

Controller or Cisco Meraki Dashboard. The platform allows for centralized monitoring of

devices. It includes features for alerts and remote configuration. This setup ensures operational

visibility and quick troubleshooting.

Labor

The installation and configuration service costs $9,000. It includes design, cabling, hardware

setup, wireless heat mapping, VLAN configuration, and testing. Competent labor is provided to

ensure optimal network performance and security. The service covers comprehensive setup

aspects to ensure a robust network infrastructure. The process involves thorough testing to

confirm the effectiveness of the installation.

Contingency ($2,130). Accounts for unexpected costs such as price fluctuations, additional

cabling, or hardware adjustments discovered during implementation.

Visual Overview (Cost Breakdown by Category)

Category Total Cost (USD) % of Budget

Hardware $11,800 50%

Software $500 2%

Labor $9,000 38%

Contingenc $2,130 10%

Total $23,430 100%

23
 Conclusion & Recommendation

The network infrastructure for the University of Liberia’s Engineering Building is designed to be

reliable, secure, and scalable, meeting both current and future demands. It integrates high-speed

wired connections for critical devices and robust wireless coverage for classrooms and mobile

users, ensuring seamless access to digital resources. The design includes clearly defined VLANs,

enterprise-grade firewall protection, and centralized management tools for strong performance

and data security. Modular components and standardized cabling make the infrastructure easy to

manage, upgrade, and expand as needed. The solution balances cost-effectiveness, performance,

and long-term viability to support modern education, research, and administration.

The University of Liberia is advised to implement a hybrid network design combining wired

connections and wireless access points to support both administrative and academic functions.

Security and efficiency will be ensured through VLAN segmentation, enterprise-grade firewall

protection, and centralized management tools. The infrastructure will be built on PoE switches,

Cat6 cabling, and fiber uplinks, providing a scalable and future-ready network.

Recommendations include investing in IT staff training for network monitoring, conducting

regular performance audits, and implementing security updates. A phased upgrade plan is

suggested, including transitioning to Wi-Fi 6E and expanding the network to other academic

areas, to enhance the university's digital infrastructure.

24
Introduce Local Servers or Private Cloud--Host services like LMS, backups, file storage, or

VoIP internally for improved speed and reliability.

Integration with Smart Campus Systems--Expand network support for IP surveillance,

biometric attendance systems, smart lighting, and environmental monitoring.

Limitations or Considerations

User experience is heavily dependent on the university's internet bandwidth, despite high internal

network performance. Some network components require ongoing licensing and support costs,

such as annual subscriptions or support contracts. Environmental and physical constraints must

be considered for AP placement, wiring paths, and equipment storage, taking into account

existing infrastructure and power reliability. High simultaneous user connections during peak

times may necessitate adjustments to AP settings or the addition of more APs for effective load

balancing. Regular updates, monitoring, and maintenance by trained IT staff are crucial for

maintaining proper network performance.

25
 References

Cisco Systems, Inc. (2023). Campus Network for High Availability Design Guide

Retrieved from: https://www.cisco.com

Ubiquiti Inc. (2024). UniFi Network Design Best Practices

Retrieved from: https://ui.com

Fortinet, Inc. (2023). FortiGate Next-Generation Firewall Deployment Guide

Retrieved from: https://www.fortinet.com

APC by Schneider Electric (2022). UPS Selection Guide for IT Networks

Retrieved from: https://www.apc.com

IEEE Standards Association (2020). IEEE 802.3 and 802.11 Standards Overview

Retrieved from: https://standards.ieee.org

Network Computing Magazine (2023). Campus Network Design. Wired and Wireless

26