Final Project: Description and Requirements –

TCP/IP Lab Course

➢ Group Work

This project will be completed in teams of three students. Each team must select a unique
company scenario such as a hospital, school, bank, and submit it to me for approval before
beginning the design process. The scenario should include key details like the type of
company, the number of departments, and the specific services required.

➢ Project Goal (What You Need to Do)

In this project, you are required to design, implement, and fully test a complete network
infrastructure for a company with at least two main sites: a Head Office and a Remote
Branch Office. Each site includes multiple departments such as Technical Support, Human
Resources, and Sales. Each department must have its own isolated network using VLANs.

The core goal is to connect both sites and ensure they can share data securely and efficiently,
while also providing secure and reliable access to the Internet for both locations. This
means your network will include at least three routers—one at each site and one simulating
the Internet Service Provider (ISP) to provide Internet connectivity.

Your network must demonstrate:

• Internal communication between departments and across sites.

• External communication to the Internet using NAT/PAT, allowing internal users to

browse the web or access cloud services using a single public IP address.

• Secure exposure of public-facing services like a Web Server, and FTP Server, using
Static NAT.

• Implementation of core services such as:

o DHCP for automatic IP assignment.

o DNS for internal name resolution.

 Additionally, you must implement robust network security at both Layer 2 (switch-level)
and Layer 3 (router-level), using techniques such as Port Security, and Access Control Lists
(ACLs) to control both internal and Internet traffic.

Your final design should clearly show:

• A well-planned IP addressing scheme.

• Routing between all subnets and remote sites (Static, Default, and Dynamic—RIP or
OSPF).

• Proper Internet access and segregation of internal traffic using VLANs.

• Security policies to protect against both internal misuse and external threats.

➢ What You Must Include

1. IP Addressing and Subnetting: Each group must create a clear and well-organized IP
addressing plan. Use subnetting and VLSM (Variable Length Subnet Masking) to divide
the network efficiently. Assign static IP addresses to important devices like servers and
network devices, while using DHCP to assign IPs automatically to end-user devices.

2. Routing: Configure static routes for specific, fixed paths within the network where
precise control is needed. Use default routes on edge routers to forward all unknown traffic
toward the internet or a central router. Additionally, implement dynamic routing protocols
like RIP or OSPF between the main routers to enable automatic sharing and updating of
route information, ensuring efficient and flexible communication across the network.

3. VLANs and Inter-VLAN Routing: Organize the network by creating a separate VLAN
for each department (e.g., IT, HR, Sales). Use Inter-VLAN routing with either a router-on-
a-stick configuration or a Layer 3 switch, so that different VLANs can communicate when
needed.

4. DHCP: Use a DHCP server to assign IP addresses to users automatically. If the DHCP
server is in a different network segment, configure DHCP relay to allow the requests to
reach the server from other subnets.

5. NAT / PAT: Use PAT (Port Address Translation) to allow all internal users to access the
internet using a single public IP. If your company has public-facing servers (like a web or
mail server), configure Static NAT to make them accessible from outside.
 6. DNS: Set up a local DNS server to help devices resolve domain names to IP addresses.

7. Other Services to Include: Make sure your network supports key services, such as a Web
Server (HTTP), an FTP Server.

➢ Security Features

Your network must be protected using both Layer 2 (switch-level) and Layer 3 (router-
level) security techniques.

▪ At the Layer 2 level, start by configuring Port Security on switches to limit the
number of devices that can connect to each port. This helps prevent unauthorized
devices from joining the network.
▪ At the Layer 3 level, use Access Control Lists (ACLs) to control traffic between
VLANs and to the internet. For example, you can block traffic from one department
to another, or allow only the IT department to access the FTP server while blocking
others. You should also use ACLs to filter incoming and outgoing traffic through
NAT, only allowing specific and necessary connections.

These security features are critical to protect the network from attacks and misuse, and
every group is expected to include them in their final design.

➢ What to Submit (Documentation)

▪ Your project documentation should start with a Cover Page that includes the project
title, the names of all group members, the course name, the instructor’s name, and
the date of submission.
▪ Next, write a short Introduction that explains your chosen company scenario and
the main goals of your network design.
▪ Include a Requirements Summary listing all the network services and security
features you have implemented in your project.
▪ Prepare an IP Addressing Table that clearly shows all IP addresses, VLANs,
subnets, and the names of the devices in your network.
▪ Add Network Diagrams that illustrate both the logical and physical layouts of your
network. These diagrams should be clear and easy to understand.
▪ Provide a detailed section on Configuration Steps, where you copy the actual router
and switch commands you used, take screenshots of your command-line interface
showing these commands in action, and explain what each command does.
 ▪ Include a Security Settings section where you describe the security features you
applied and explain why you chose them.
▪ In the Testing section, show the results of your tests, such as pinging devices,
uploading files via FTP, or accessing web pages. Also include any security test
results, like what happens when a port security violation occurs.
▪ Finally, write a Conclusion that summarizes what you learned during the project,
any problems you faced, and how you solved them.
➢ Files to Submit

Each group must submit two files: the Packet Tracer file with the extension .pkt that
contains your full network setup, and the Project Report in either PDF or Word format
documenting all parts of your work.

➢ Deadlines

You must choose your company scenario and send it to me for approval by Friday at the
latest. After approval, you will work on the final project. The complete Packet Tracer file
and project report must be submitted two days before discussion.

All the best, and I look forward to seeing your complete and well-
documented projects. Make sure to follow all the requirements,
submit both the Packet Tracer file and the report on time, and
clearly demonstrate your understanding of TCP/IP networking
concepts

Instructor – Eng. Alaa Mansour.