I) The current status and the need to build the network of Gold Star

Gold Star is a start-up company. Currently the company is located in a building in Hanoi. The
company's building structure consists of one ground floor and three floors with staff less than
260 people. The first floor has been used for two departments, the second floor is for two
departments, the third floor is for centralized management of the company's important servers.
The company has only 1 website that requires the Internet.

Details: Human resources and departments in the company:

 Human Resources Administration: 86 people (1st floor)
 Business Planning Department: 70 people (1st floor)
 Finance - Accounting Department: 80 people (2nd floor)
 Board of Directors: 4 people (2nd floor)
 Technical Room: 20 people (3rd floor)

 Diagram of current computer network system of Gold Star Company

1
LO3 Design efficient networked systems.

[P5] Design a networked system to meet a given specification.

I) Solution to build network system for Gold Star company

A. Selection of equipment and technology

 Suitable equipment:

 Vigor3220 / Vigor300B / Vigor 3900

 VigorSwitch G2540x/ G2280x/G2280/G1280
 VigorAP 903/ 910C/ 912C

 Devices need to buy new: 5 switches, 2 routers, 8 pc, 7 servers (4 DHCP, 1 DNS Server, 1
mail server, 1 web server)

Equipme Image Repuiremen Quantit

nt ts y

Server Server 7

Modem 1
ADSL

Switch 8 port 5

2
 Printer LaserJet 3

Cable RJ45-ADC 450 m

Router 1841 or 2801 2

or 2811

Firewall ASA5510 2

 The maximum number and type of equipment used for this model:

 5 x core Switch Catalyst 3560 24 port 10/100/1000, IOS IP Base

3
Technical specifications

o Brand: Cisco
o Product code: WS-C3560-24TS-S
o Product Description: Cisco Catalyst 3560-24TS-S, Switch - 24 ports
o Form factor: External - 1U
o Features: Automatically recognize each device, IP routing, support DHCP, auto
negotiation, support ARP, trunking, support VLAN, auto-uplink (auto MDI /
MDI-X), IGMP snooping, management, IPv6 support
o Dimensions (WxDxH): 44.5 x 30.1 x 4.4 cm
o Weight: 3.9 kg
o Power: AC 120/230 V (50/60 Hz)
o RAM: 128 MB
o Device type: Electric switch
o Data transfer rate: 100 Mbps
o Compliance standards: IEEE 802.3ab, IEEE 802.1a, IEEE 802.3b, IEEE 802.3p,
IEEE 802.3b, IEEE 802.3p, IEEE 802.3p, IEEE 802.3ab, IEEE 802.1b,
o Number of ports: 24 x Ethernet 10Base-T, Ethernet 100Base-TX
o Data Link Protocol: Ethernet, Fast Ethernet
o Communication mode: Half-duplex, full-duplex
o Remote Management Protocol: SNMP 1, RMON 1, RMON 2, Telnet, SNMP 3,
SNMP 2c Uplink port: 2 x SFP (mini-GBIC)
(thietbimangcisco.vn)

• 2 x Cisco ASA5510 Firewall or equivalent Firewall series from other brands: outer
shield layer

4
Technical specifications

o Manufacturer of CISCO
o Model ASA5510-BUN-K9
o Number of ports: 50 x RJ45
o Data transmission speed: 10/100 Mbps
o Firewall throughput of 300Mbps
o 3DES / AES VPN throughput of 170Mbps
o 250 peer-to-peer VPNs
o 128000 connections
o 5 interfaces

(ciscoshop.vn)

• 2 x Cisco Catalyst 2960 Access Switch or equivalent switch series from other brands
Technical specifications

o The device has 24 Gigabit Ethernet ports for line ratio forwarding. There is
support for 4 additional ports with small pairing feature.
o 10/100/1000 line speed on port.
o Uplink module slot 1- gigabit Ethernet.
o Rj45 configuration and 1G USB console
o Fixed memory: CPU ARMv7 800 MHz, DRAM 512 MB
o 256 MB fast memory
(ciscosaigon.com)

5
• 1 x Cisco Catalyst 2960 24 port 10/100/1000 Access Switch or equivalent switch series
from other brands: Provides connection for Internal Server Block

Technical specifications
+ Product Code: Cisco WS-C2960X-24TS-L
+ Enclosure Type: Rack-mountable – 1U
+ Feature Set: LAN Base
+ Uplink Interfaces: 4 x 1G SFP
+ Ports: 24 x Ethernet 10/100/1000 Gigabit ports
+ Maximum stacking number: 8
+ Stack bandwidth: 80G
+ Forwarding Bandwidth: 108Gbps
+ Switching Bandwidth: 216Gbps
+ RAM: 512MB
+ Flash Memory: 128MB
+ Dimensions: 44.5 cm x 27.9 cm x 4.5 cm
+ Package Weight: 9.19 Kg
(netsystem.vn)

• 2 x Internet Router 1841 or 2801 or 2811 connecting to the Internet

6
Technical specifications

o Device type: Cisco 2811 Router.

o Dimensions: 43.8 cm x 41.7 cm x 8.9 cm.
o Network Protocol: IPSec. RAM: 256 MB (installed) / 768 MB (max).
o Flash Memory: 64 MB (installed) / 256 MB (max).
o Power: AC 120/230 V (50/60 Hz).
o Weight: 6.4 kg.
(thietbimangcisco.com)
B, The physical topology of the network.

1. Tools used
Assignment using the Cisco Packet Tracer tool. Packet Tracer is a network emulator for
learning using Cisco network devices (routers / switches). The product provides a tool to
study the fundamentals of the network and skills for working with Cisco systems.

Cisco Packet Tracer 5.0 in Windows 7

2. Physical topology
 The PC in department and the DHCP are connected to 1 switch

7
  Floor 1: 2 departments will connect to Router 1
 Floor 2: 2 departments will connect to Router 2
 Router 1 and Router 2 will connect to switch 4 of floor 3 so that it can connect to
services like Mail server, Web server, DNS server.

[P6] Test and evaluate the design to meet the requirements and analyse user feedback.
a) Recommended network equipment
 The Cisco Catalyst 3560 Core Switch with 24 Giga Ethernet ports and a 32Gbps
backplane is central to networking
 The Catalyst 2960 Access Switches connect to the Core Switch with 2 Giga Ethernet
uplink ports with Ether channel technology that combines these 2 links running in
parallel to form a 2Gbps link to avoid bottlenecks from Access Switch to Core Switch
and provide redundancy between these two connections, if one connection has a problem
data is automatically transferred to the other, the process is transparent to the end user.
 From Core Switch, connect to Internal Server Block with the option to use Firewall
Internal (required throughput of this Firewall must be> = 1Gbps to avoid data bottleneck
to servers)
 From the Core Switch that connects to the DMZ and goes out to the Internet through an
External Firewall, this Firewall's task is to protect users in the network against Internet
threats, and limit the access from the Internet to the DMZ area to limit. Minimize
unauthorized access from the Internet to the depths of the network
 Connecting to the Internet is a Cisco Router gateway, this router provides corresponding
interfaces to connect to different types of lines to the Internet, for example: ADSL,
FTTH, Leased Line, ...

b) Deploy network addresses

Configure the ip address for departments:
+The business department has the IP address 192.168.1.0/24
DHCP1 belongs to the Business department with the IP address: 192.168.1.10
user1 has an IP address assigned automatically by DHCP1: 192.168.1.2
user 2 has an IP address assigned automatically by DHCP1: 192.168.1.3

8
 +HR department has IP address 192.168.2.0/24
DHCP2 belongs to the Business department with the IP address: 192.168.2.10
user1 has an IP address assigned automatically by DHCP2: 192.168.2.2
user 2 has an IP address assigned automatically by DHCP2: 192.168.2.3

+Board of Directors has an IP address: 192.168.3.0/24

DHCP3 belongs to the Business department with the IP address: 192.168.3.10
user1 has an IP address assigned automatically by DHCP3: 192.168.3.2
user 2 has an IP address assigned automatically by DHCP3: 192.168.3.3

+Financial Accounting has an IP address: 192.168.4.0/24

DHCP4 belongs to the Business department with the IP address: 192.168.4.10
user1 has an IP address assigned automatically by DHCP4: 192.168.4.2
user 2 has an IP address assigned automatically by DHCP4: 192.168.4.3

+Technical Department has IP address: 192.168.5.0/24

DHCP5 belongs to the Business department with the IP address: 192.168.5.10
user1 has an IP address assigned automatically by DHCP5: 192.168.5.2
user 2 has an IP address assigned automatically by DHCP5: 192.168.5.3

c) The network design physical topology

 The PC in department and the DHCP are connected to 1 switch
 Floor 1: 2 departments will connect to Router 1
 Floor 2: 2 departments will connect to Router 2
 Router 1 and Router 2 will connect to switch 4 of floor 3 so that it can connect to
services like Mail server, Web server, DNS server.

[M3] Install and configure network services and applications on your choice.
1. Install Symantec Antivirus 10.0 software

9
 Virus disaster on the network system is the haunt of those who used to work in companies.
When the virus spreads in the system, the systems freeze or unstable, affecting the company's
operation, especially companies whose backbone is computer network - operating on
computer network count.
To prevent virus infection and the spread of viruses on the system, it is necessary to install a
virus prevention system.
 Function
- Functions of Antivirus server (installed on server): update, centrally manage new anti-virus
versions from the internet and deploy to employees' computers, remove viruses on installed
computers.
- Functions of Antivirus client (installed on employees' computers): update anti-virus
versions from Antivirus server, find and remove virus on each machine that installs it.

 Install Symantec server software

Prepare
Prepare the installation CD containing: Symantec AntiVirus Corporate Edition v10.1 and
Symantec System Center v10.1
Perform
- Install the software on the server one by one, during the installation, pay attention to the
password for the system and check Autorun Live Update to automatically update from
the server on the internet after the installation is complete.

 Configure and deploy Symantec clients for employee machines and member server
systems.
 After installing and restarting the system, we proceed to Unlock the server and the
option for the server is Primary server.
 Then proceed to deploy the software to the client machine (client on 3 different
ranges, range server, range tier 1 and range tier 2)
 We have two ways to install the workstation: one is we stand from the Client to
access the server by the UNC path, the second we use the utility Client Remote Install
Tool. To install remotely, go to Tools \ Client Remote Install.

10
  In this process, the first step we will choose the installation source location, we
choose the Default Location. Then we choose the users to deploy for execution.
 The client deployment process is successful, after restarting the Antivirus software
will automatically run and be visible on the client computer.

2. Install DNS service (Domain Name Service):

 Function:
In addition to the function of resolving domain names to IP and vice versa. Because DNS is a
distributed and scalable database. It allows local administrators to manage local data within
their scope, which is accessed across the system in a client-server model.
Advantages:
o Increased fault tolerance
o Load balancing
o Security (dynamic update)
o Reduce system traffic (not transfer, but DNS information is replicated with AD)
Prepare:
- Software VMware Workstation: to install virtual machines on windows
- Windows Server 2003/2008 operating system
- Windows Xp / 7 operating system
Request:
1. Install a server with windows Server 2003/2008 operating system on virtual machine.
2. Install a workstation computer with winxp / 7 operating system on the virtual machine.
3. Set the server's IP address to 192.168.2.1/255.255.255.0 and the sewing IP address
the station is 192.168.2.2/255.255.255.0, both machines have a default gateway of:
192.168.2.1. Check to make sure that the winxp machine can ping the server
Perform:
-Build 2 DNS primary servers to ensure availability and fault tolerance. When one server
fails, the other DNS server will perform the client's resolution request.
-Building DNS system on server01
o Go to the control panel to install Dns service
o Primary Zone configuration with AD integration

11
 o Configure Forward lookup zone and Reverse lookup zones
-Build DNS on server02
o Just install DNS service and then all the data will be replicated from DNS1 over.
After the configuration is complete, we will proceed to check if DNS is resolved properly
with the nslookup command on CMD. If the resolution is good, finish the configuration and
continue building other services.

[D2] Design a maintenance schedule to support the networked system.

1. Server maintenance
To maintain the server server, it is necessary to understand the procedures to maintain and
control the following items:

o Test your network security configurations

o Install, test and optimize configuration of anti-virus, anti-virus and other software
o Control access rights and network, server
o Store important documents in storage devices before performing maintenance
o Ensuring that all browsers and applications can operate stably
o Backup server configuration to ensure the server works normally and correct
specified parameters
o Clearly record, maintenance time

2. Workstation maintenance
o Check the configuration and anti-virus software of the workstation when
connecting to the server
o Backup and store important documents to devices to avoid loss or reversal during
maintenance
o Optimizing software, applications and cleaning garbage of the system
o Make sure the applications are operating properly
o Clearly record, maintenance time

3. Network maintenance
o Configure the network for computers to access the system

12
 o Check network cabling systems
o Arranging server map and connecting machines in accordance with technical
standards
o Check, test and test the cable network to confirm whether the transmission speed
is correct or not
o Clearly record, maintenance time
 Inspection frequency: Once a month, the sending company should check the entire
system and troubleshoot problems of the system. In addition to the periodic system
check, when the company has a system problem or has a problem needing advice on the
system, I will send a technician to support to ensure the operation of the company during
that time.

LO4 Implement and diagnose networked systems

[P7] Implement a networked system based on a prepared design.

The network system of GoldStar company

13