See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/376513199

UNIVERSITY NETWORK A Cisco Packet Tracer Showcase

Article · November 2023

CITATIONS READS

0 7,904

1 author:

Mehad Alam
Stamford University Bangladesh
1 PUBLICATION 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Mehad Alam on 14 December 2023.

The user has requested enhancement of the downloaded file.

 UNIVERSITY NETWORK
A Cisco Packet Tracer Showcase

A Project Submitted in Partial Fulfillment of the Requirements for the Degree of

Bachelor in Computer Science & Engineering
by
MEHAD ALAM
CSE 068 07938

Supervised by: Tarikuzzaman Emon

Assistant Professor

Department of Computer Science and Engineering

STAMFORD UNIVERSITY BANGLADESH
November 2023
Abstract

Design and implementation of a secure University Network connecting two campuses in separate
locations. The network established with three-tier hierarchical network topology in Cisco Packet
Tracer.

A three-tier or three-layer hierarchical network model is a proven architectural framework that

enhances the efficiency, scalability, and management of complex network infrastructures. In this
project, I demonstrate the three-tier model’s design and implementation of a university network in
a simulated environment using Cisco Packet Tracer. This project’s main goals are to build a strong
network structure that can serve the university’s various needs and to use Cisco Packet Tracer to
show how networking ideas can be used in real-world situations.

This project is driven by the demands that ever-evolving technology is placing on academic
institutions and by the importance of their role in knowledge transfer, research, and innovation.
From conceptualization to actual implementation, each chapter of this paper peels back layers of
complexity to reveal a network architecture that is ready to carry universities into the future. The
importance of this research depends not only on its immediate relevance but also on its contribution
to the current discussion about network architecture’s function in guaranteeing strong, effective,
and secure communication ecosystems in the academic arena.
 Declaration

I, hereby, declare that the work presented in this Project is the outcome of the investigation, per-
formed by myself under the supervision of Tarikuzzaman Emon, Assistant Professor, Department
of Computer Science & Engineering, Stamford University Bangladesh. I also declare that no part
of this Project and Report has been or is being submitted elsewhere for the award of any degree or
Diploma.

Signature and Date:

...........................................
Mehad Alam

Date:

iii
 Acknowledgments

I would like to express my deepest gratitude to all those who have supported and guided me
throughout the completion of this project. Their assistance and encouragement have been invalu-
able in shaping this endeavor.

I am profoundly thankful to [Tarikuzzaman Emon], my project supervisor, for his unwavering

guidance and insightful feedback. His expertise and dedication have been instrumental in steering
this project towards its successful completion.

I extend my sincere appreciation to the faculty members of the Computer Science & Engi-
neering Department for providing the academic environment that nurtures creativity and critical
thinking. Their commitment to education and research has greatly enriched my learning experi-
ence.

Lastly, I would like to express my gratitude to my family for their unwavering support and
encouragement throughout this academic journey. Their belief in me has been a constant source
of inspiration.

This project would not have been possible without the collective efforts of these individuals,
and for that, I am sincerely thankful.

iv
Table of Contents

List of Figures 1

List of Tables 3

1: Introduction 4
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Project Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 Background and Rationale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.5 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2: Network Simulation Environment 7

2.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.3 Popular Network Simulation Tools . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4 Cisco Packet Tracer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.5 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3: Literature-Review 10
3.1 Implementing Network Using Cisco Packet Tracer . . . . . . . . . . . . . . . . . 10
3.2 Evolution of University Networks . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 Challenges in University Network Design . . . . . . . . . . . . . . . . . . . . . 11
3.4 Security Concerns in University Networks . . . . . . . . . . . . . . . . . . . . . 11
3.5 Solutions and Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.6 Key Findings: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.7 Gaps in Literature: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.8 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

4: Network Architecture 14
4.1 Primary Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2 Inside Network Architecture: . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
 4.2.1 Three-Tier Hierarchical Network . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1.1 Access Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1.2 Distribution Layer . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2.1.3 Core Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.3 DMZ Network Architecture: . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.3.1 Two-Tier Hierarchical Network: . . . . . . . . . . . . . . . . . . . . . . 19
4.4 Outside Network Architecture: . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.5 Campus Architecture: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.5.1 Campus I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.5.2 Campus II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.6 Use Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.7 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

5: Device and Details 23

5.1 Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.2 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3 End Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.4 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.5 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.6 IoT Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.7 Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.8 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6: Physical Implementation 37
6.1 Device Placement and Management . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2 Initial Device Setup: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6.3 Campus I (Packet Tracer View): . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.4 Campus II (Packet Tracer View): . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.5 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

7: IP Addressing 44
7.1 IP Addressing, Campus(I) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.2 IP Addressing, Campus(II) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
7.3 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

8: Configuration 51
8.1 CLI (Command-Line Interface) Mode . . . . . . . . . . . . . . . . . . . . . . . 51
8.2 GUIs (Graphical User Interfaces) Mode . . . . . . . . . . . . . . . . . . . . . . 53
8.3 Device & Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 54
8.3.1 Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
8.3.2 Core-layer Device Configuration . . . . . . . . . . . . . . . . . . . . . . 55
8.3.3 Distribution-layer Device Configuration . . . . . . . . . . . . . . . . . . 55

ii
 8.3.4 Access-layer Device Configuration . . . . . . . . . . . . . . . . . . . . . 56
8.3.5 End Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 56
8.4 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

9: Security and Services 58

9.1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
9.2 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.3 Chapter summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

10: Conclusion 71

References 73

iii
List of Figures

4.1 Primary Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

4.2 Three-Tier Hierarchical Network . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.3 Two-Tier Hierarchical Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.4 Campus I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.5 Campus II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.6 Use Case Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

5.1 Pkt Router Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

5.2 Cisco ISR4331 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.3 Cisco 2811 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.4 Pkt Multilayer Switch Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.5 C3650-24PS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.6 Pkt Switch Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
5.7 2960-24TT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.8 Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.9 Personal Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.10 Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.11 IP Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.12 Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.13 Smartphone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.14 Pkt Firewall Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.15 ASA 5506 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.16 Pkt Server Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.17 Physical Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
5.18 CC Camera Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.19 Light Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.20 Fan Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.21 Door Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.22 Motion Detector Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.23 Fie Monitor Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

1
5.24 RFID Reader Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
5.25 Fire Sprinkler Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.26 Siren Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.27 MCU Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
5.28 Copper Straight-Through Cable . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.29 Copper Crossover Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.30 IoT Custom Cable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

6.1 Campus I . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
6.2 Campus II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

8.1 Command-Line Interface Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

8.2 Graphical User Interfaces Mode . . . . . . . . . . . . . . . . . . . . . . . . . . 54

9.1 secured Console Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

9.2 secured Remote Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
9.3 Brute-force Prevention and Encrypted Pass . . . . . . . . . . . . . . . . . . . . . 60
9.4 SSH and ACL Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
9.5 Interface Security, NAT & Routing Information . . . . . . . . . . . . . . . . . . 61
9.6 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
9.7 Campus(I) Site-To-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
9.8 Campus(II) Site-To-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
9.9 DNS & Web Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.10 DHCP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
9.11 Mail Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
9.12 FTP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
9.13 NTP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
9.14 VoIP Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
9.15 Motion Detective Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
9.16 Fire Prevention Sysytem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
9.17 RFID Door Sysytem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

2
List of Tables

7.1 Device IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

7.2 VLAN IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
7.3 DMZ IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.4 Server IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.5 Device IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
7.6 VLAN IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
7.7 DMZ IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.8 Server IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

8.1 CLI Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

3
1 Introduction

Effective design and deployment of network infrastructure is essential to the effective operation of
numerous institutions, including universities, in today’s fast-expanding digital landscape. Strong
and scalable network design is essential as universities become more and more reliant on technol-
ogy for communication, research, and administrative procedures. In an effort to fulfill this need,
the project uses Cisco Packet Tracer simulations to give an in-depth analysis of the Three-Tier
Hierarchical Network Model as it is used in the context of a university network.

1.1 Motivation

Nowadays universities are no longer just old educational institutions, they’re more like a digital
realm. As a student managing the challenges of today’s technologically advanced academic en-
vironment, I’ve experienced how technology has become a part of our university life. However,
this digital change has made it clear how significant it is to have a reliable and secure network
infrastructure.

This project’s motivation came from the critical need to design a network framework that per-
fectly matches the changing requirements of today’s universities. This project intends to provide
an academic atmosphere where networks have seamless connectivity, advance technology, en-
hanced security, and new services are the standard by using the most advanced and secure network
protocols.

The motivation isn’t just academic; it’s a commitment to keeping our university at the forefront
of modern education, prepared to take on both the benefits and challenges of the near future.

4
1.2 Project Overview

Project Goal: The primary objective of this project is to design, implement, and simulate the net-
work architecture for two separate campuses of a University using Cisco Packet Tracer, a powerful
network simulation tool. This undertaking aims to address the specific challenges and require-
ments of each campus while ensuring seamless communication and resource sharing through the
three-tier hierarchical network topology.

Project Scope: The scope of This project’s scope includes the entire network design life cycle,
from initial planning and conceptualization to thorough network device configuration. It covers
topics such routing and switching protocols for, security measures, LAN and WAN, VoIP integra-
tion, IoT services, various server configurations, VPN connectivity between two LAN and ASA
firewall setup.

1.3 Background and Rationale

Universities, as hubs of research, education, and innovation, demand versatile and secure network
environments. The intricacies of accommodating various user types, applications, and services
underscore the importance of a meticulously designed network architecture. For a large network
like a University network, where there are multiple campuses, departments, and hostels it is very
much difficult and challenging to maintain and ensure a seamless connectivity and secure network
environments. Here, the Three-Tier Hierarchical Network Model emerges as an elegant solution.
Through its systematic division into the Access, Distribution, and Core layers, this model aug-
ments performance, enhances manageability, and facilitates future scalability. The incorporation
of advanced network protocols, security measures, and DMG with ASA firewall adds an additional
layer of complexity that addresses the institution’s security, scalability, and operational needs. The
rationale behind this project lies in the imperative to provide universities with a blueprint that
balances innovation, scalability, and security within a single network architecture.

5
1.4 Methodology

My strategy includes a multi-step methodology. Which begin by conceptualising the network’s

hierarchical structure and then setup and link devices across the Access, Distribution, and Core
layers. IP address allocation and subnetting are methodically organised to meet the network’s vast
capacity and functional requirements. Furthermore, the integration of the DMZ, Inside, and Out-
side zones mandates the strategic application of security rules, perimeter defence mechanisms, and
communication gateways, enhancing network resilience and protecting critical resources. Using
the wide area network to establish a secure VPN tunnel between two different local area networks
as well. Cisco Packet Tracer emerges as the preferred tool for creating, iterating, and scrutinising
network situations within a controlled virtual environment.

1.5 Chapter Summary

The introduction chapter establishes the vital role of network infrastructures, Addressing the need
for a reliable and secure university network infrastructure amidst the digital transformation of
education.

Motivated by the digital transformation of academic environments, the project aims to address
the critical need for a reliable and secure network infrastructure. It emphasizes the commitment to
keeping the university at the forefront of modern education.

The project aims to design, implement, and simulate a network for two university campuses,
covering various aspects such as routing protocols, security measures, VoIP, IoT, and VPN con-
nectivity.

Universities demand secure and scalable networks. The Three-Tier Hierarchical Network
Model is key to addressing these needs, providing a blueprint that balances innovation and se-
curity.

The methodology involves conceptualizing the network structure, setting up devices, IP ad-
dress allocation, subnetting, and integrating security measures using Cisco Packet Tracer.

6
2 Network Simulation Environment

Network simulation environment is a virtual space or software platform that allows one to model
and simulate computer networks. These environments are crucial for various purposes, including
education, research, and network design. Here are the key aspects of network simulation environ-
ments:

2.1 Purpose

• Education: Network simulation environments are widely used in educational settings, such
as universities and training programs, to teach students about computer networks. It provides
a safe and controlled environment for students to experiment with network configurations
and protocols. [1]

• Research: Researchers use network simulation environments to study the behavior of net-
works, test new networking protocols, and evaluate the performance of network designs.
Simulations allow researchers to conduct experiments without the need for physical net-
work infrastructure. [2]

• Network Design: Network administrators and engineers use simulation environments to

design and plan network architectures. Simulating network changes and configurations can
help identify potential issues before implementation. [3]

2.2 Benefits

• Cost-Effective: Network simulation environments are cost-effective compared to building

physical network labs. They eliminate the need for purchasing hardware and reduce opera-
tional expenses. [1]

• Safety: Simulations are safe environments where mistakes and misconfigurations do not
impact real network infrastructure. [1]

7
 • Scalability: Simulation environments can model networks of various sizes and complexi-
ties, allowing users to test scenarios that might be challenging to set up in the real world.
[3]

• Re-producibility: Experiments can be easily repeated, making it simpler to verify results

and troubleshoot network issues. [1] [3]

2.3 Popular Network Simulation Tools

• Cisco Packet Tracer: Widely used for educational purposes, it simulates Cisco devices and
is suitable for learning networking concepts.

• GNS3 (Graphical Network Simulator-3): A popular open-source tool for simulating com-
plex networks that include Cisco, Juniper, and other vendor devices.

• ns-3: A discrete-event network simulator primarily used for research and development of
network protocols.

• OMNeT++: A modular and extensible network simulation framework used for various
network-related research.

• QualNet: A commercial network simulation tool that provides a high level of detail and is
often used in military and defense applications.

2.4 Cisco Packet Tracer

Cisco Packet Tracer is a powerful network simulation and visualization software that plays a piv-
otal role in enhancing the practical knowledge of computer networking principles among students.
In the context of computer networking education, it offers several key advantages and applications:
[4] [5]

• Enhancing Practical Knowledge: Cisco Packet Tracer provides a dynamic and interactive
environment where students can experiment with various networking concepts and proto-
cols. It bridges the gap between theory and practice by allowing students to configure and
troubleshoot network scenarios in a risk-free virtual environment.

• Innovation and Creativity: Students can leverage Cisco Packet Tracer to design and im-
plement innovative mini-projects. This encourages creativity and problem-solving skills as
they apply networking principles to real-world scenarios.

8
 • Understanding Networking Protocols: While students may learn about different network-
ing protocols in theory, Cisco Packet Tracer allows them to witness these protocols in action.
It provides a platform to design, configure, and analyze networks, helping students grasp the
practical application of these protocols.

• Cost-Efficiency: Access to physical networking devices can be limited due to cost and
technical constraints. Cisco Packet Tracer eliminates these barriers by offering a virtual
environment where students can access and experiment with virtual network devices at any
time, without the risk of damaging physical hardware.

• Visualization and Simulations: The software enables students to visualize the movement
of data packets within a network in real time. This visual feedback aids in understanding
complex networking concepts and protocols.

• Educational Resources: Cisco Packet Tracer offers educational resources, tutorials, and
labs that facilitate the teaching and learning of networking concepts. It is widely used in
educational institutions to complement traditional lectures.

• Cost-Effective Alternative: Compared to setting up physical labs with networking equip-

ment, the Cisco Packet Tracer is a cost-effective alternative. It requires minimal hardware
resources, making it accessible to a wide range of students.

2.5 Chapter Summary

Chapter 2 delves into the world of network simulation environments, providing insights into their
purpose, components, benefits, and popular tools with a special focus on the Cisco Packet Tracer.

Network simulation environments serve educational, research, and network design purposes.
They offer safe spaces for learning, experimentation, and evaluation.

These are cost-effective, safe, scalable, and enable reproducible experiments, making them
essential tools for network professionals and researchers.

Cisco Packet Tracer stands out for enhancing practical knowledge in networking education.
It promotes innovation, provides hands-on experience, aids protocol understanding, and is a cost-
efficient alternative to physical labs.

9
3 Literature-Review

Today’s Universities are become more digitized and using advance technologies for communi-
cation, research, and administrative procedures. The network infrastructure of these institutions
plays a pivotal role in facilitating seamless communication, secure data transfer, and the efficient
operation of services and applications. In exploring the existing literature on university networks,
this review aims to provide insights into the evolution, challenges, and innovative solutions within
this critical domain.

3.1 Implementing Network Using Cisco Packet Tracer

Designing and implementing network infrastructure using network simulating environment such
as Cisco packet tracer has been most popular and effective learning process throughout the years
between students and trainees.

According to a research titled ’Cisco Packet Tracer Simulation as Effective Pedagogy in Com-
puter Networking Course’ (2019) by Nazre bin Abdul Rashid, Md. Zaharbin Othman, Rasyidibin
Johan, and Salman Firdaus bin Hj. Sidek, Cisco packet tracer has been proven simulation and
visualisation tool among students for teaching and learning computer networking course. [4]

A paper titled ’IMPLEMENTATION OF CISCO PACKET TRACER IN ADVANCE COM-

PUTER NETWORK’(2018) by MOHANAD MOHAMMED ABDULKAREEM, explains numer-
ous features and conceptual components of Cisco packet tracer as well as demonstrating the work-
ing technique by developing and implementing a network. [6]

3.2 Evolution of University Networks

Early discussions on university networks often revolved around basic connectivity.

A study titled ’Scenarios of diagnostic exercises within a computer network’ (2021) by

Stanislav Soták, the author dives into networking protocols such as routing protocols, tunnelling,
access control, gateway redundancy, and device management. He also explains structured trou-
bleshooting procedures and how to deal with common configuration difficulties. [7]

10
 In an another study titled ’Implementation of College Network Module using Cisco Packet
Tracer Simulator’ by Bhavesh G. Wani, Shreyas Fegade, established a LAN using BUS topology
connected to WAN and its own data center. The study was created using Cisco Packet Tracer for
the college campus, taking into account phases such as the main building, library, hostels, and so
on. [8]

Similarly, a study titled ’ARCHITECTURE OF COLLEGE CAMPUS NETWORK USING

CISCO PACKET TRACER’(2021) by Yunisha Banothe, Roshni Thakur, Aman Banothe, Prof. P.
Jaipurkar, established a network for college campus using hierarchical network model focused on
establishing reliable connections between academic departments. [9]

3.3 Challenges in University Network Design

A study titled ’CAMPUS NETWORK ARCHITECTURE USING CISCO PACKET TRACER’

(2021) by Akshay Ziradkar, Neha Mahendrakar, Akshay Palande, Prof. Rajashri Sonawale, under-
scores the challenges he faced by dressing university network in Cisco Packer Tracer. Issues such
as scalability, security, and the demand for high-speed connectivity have become focal points. The
increasing diversity of devices, from traditional computers to IoT devices, Server management,
adds layers of complexity. Over time, this evolved into more complex architectures, accommodat-
ing the growing number of devices and services. [10]

3.4 Security Concerns in University Networks

University networks are prime targets for cyber threats due to the wealth of sensitive information
they harbor.

A study tiled ’A feasibility study of secure communications between remote locations’(2014)

by Mark Thomson, Lolita Mageramova, Alex Wikström, dives into the security aspects of univer-
sity networks, such as Virtual Private Networks (VPNs), emphasising the need for strong steps to
defend against data breaches, unauthorised access, and other cyber dangers. [11]

3.5 Solutions and Best Practices

In response to these challenges, recent literature has explored innovative solutions.

A study titled ’Designing and Implementing a University Network Architecture using Cisco
Packet Tracer’(2023) by Murshid Kamiab Chowdhury, have shown promise in enhancing network
efficiency and manageability. Additionally, the integration of advanced security protocols, Virtual
Local Area Networks (VLANs) and three tier hierarchical network models, has been discussed as
essential for safeguarding university networks. [12]

11
 Similarly, In an another study titled ’Implementation of College Network Scenario Using Cisco
Packet Trace’(2021) by Sakshi Seth, Visal Naqvi, Rishi Raj Dalmia, they have overcome some
of challenges by focusing on efficient network design and implementation, hierarchical network
models, security policies and creating VPN tunnel between separate local LANs. [13]

3.6 Key Findings:

The literature review on university networks using Cisco Packet Tracer reveals several key find-
ings.

• Network Architecture: The successful design and implementation of a network is one of

the most important part of an organization’s IT infrastructure’s functioning and security.
This method necessitates a careful balance of strategic planning, technological knowledge,
and future needs assessment.

• Network topology: Choosing the proper network architecture is a strategic decision that
is dependent on the organization’s specific requirements and limits. Each topology has
advantages and disadvantages, and the choice should be based on the network’s goals and
features.

• Network Security: Network security is an ongoing effort that necessitates the use of tech-
nology, regulations, and user education. Organisations must constantly adapt and improve
their security procedures to create a resilient defence against cyber threats as threats evolve.

3.7 Gaps in Literature:

Despite a wealth of literature on university networks and the use of simulation tools such as Cisco
Packet Tracer, there is a significant gap in terms of real-world implementation issues. While
studies examine network conceptualization and modelling, there has been limited research into
how these concepts translate into actual implementations, particularly in large-scale university
contexts. Future research should attempt to close this gap by offering practical insights into the
implementation and performance of sophisticated network designs in university settings.

12
3.8 Chapter Summary

This chapter emphasis the increasing digitization of universities and the critical significance of
network infrastructure. According to studies, Cisco Packet Tracer is popular for network imple-
mentation and is a good instructional tool. Discussions about evolution revolve around diagnostic
exercises, network modules, and campus architectures, which handle issues like scalability and
security. Concerns about security highlight the importance of adequate safeguards. Innovative so-
lutions, such as successful design and execution, efficient network models, and increased security
protocols, demonstrate promise. The necessity of network design, topology selection, and con-
tinuous security efforts is emphasised by key findings. However, there is a significant shortage in
real-world implementation insights in large-scale university environments, necessitating additional
study concentration in this area.

13
4 Network Architecture

Network design and implementation are key components of network architecture. The PPDIOO
framework provides a structured approach to network design and lifecycle management. PPDIOO
introduced by Cisco which stands for Prepare, Plan, Design, Implement, Operate, and Optimize.
Each phase in the framework represents a stage in the network lifecycle. [14] [15]

A network’s architecture needs strategic planning, technological understanding, and an evalu-

ation of future demands. Choosing an appropriate network architecture is a critical decision that
must be in line with the organization’s goals and characteristics.

4.1 Primary Architecture

Primary architecture is the base design of my university network. Three separate zone (inside,
outside and dmz) are connected through the firewall.

• Inside Network (LAN) The inside network, also known as the Local Area Network (LAN),
is a part of the network architecture that is primarily focused on internal communication
within an organization. The inside network refers to the portion of a network that is con-
sidered the trusted or internal zone. These can include workstations, application servers,
databases, file servers, and more. Key characteristics of the inside network include:

• Outside Network (WAN):The outside network, often referred to as the Wide Area Net-
work (WAN), the outside network represents the untrusted or external zone of a network. It
encompasses all external entities, such as the public internet, other external networks, and
potentially malicious actors attempting to gain access to an organization’s resources.

• Demilitarized Zone (DMZ): A Demilitarized Zone, commonly referred to as DMZ, is a

strategically positioned network segment within a network architecture. It serves as an
intermediary zone between the internal network and external networks, such as the Internet.
The DMZ acts as a security buffer, providing controlled access to resources hosted within it
while isolating them from the internal network.

14
 Figure 4.1: Primary Architecture

• Firewall: Firewalls are critical in reinforcing the perimeters of digital domains and protect-
ing sensitive data and intellectual property. A firewall serves as a gatekeeper, monitoring and
controlling network traffic based on predefined security rules. To maintain the durability of
network defences, the constant evolution of cyber threats needs continuous advancements
in firewall technologies and the implementation of robust security procedures.

4.2 Inside Network Architecture:

The architecture of inside network depends on network topology. It defines how devices are con-
nected to each other and how data is transmitted between them in a network. There are several
common network topologies such as Star Topology, Bus Topology, Ring Topology, Hybrid Topol-
ogy, Hierarchical Topology, Point-to-Point Topology, Mesh Topology, Full Mesh Topology, Partial
Mesh Topology, each with its own advantages and disadvantages. The choice of network topology
depends on factors like the network’s size, requirements for fault tolerance, scalability, and budget
constraints. Different topologies are suitable for different situations, and sometimes networks may
use a combination of topologies to meet their needs.

In my project I have used Three-Tier Hierarchical Network topology for inside network which
a kind of Hierarchical Topology. Hierarchical network design, introduced by Cisco in 2002, has
emerged as an industry- wide best practice for creating dependable, scalable, and cost-effective
networks.

15
4.2.1 Three-Tier Hierarchical Network

The Three-Tier Hierarchical Network Model is structured into three distinct layers (Access Layer,
Distribution Layer, and Core Layer), each with its specific functions and responsibilities. [16]

Let’s delve into the architecture of this model:

Figure 4.2: Three-Tier Hierarchical Network

4.2.1.1 Access Layer

The Access Layer, also known as the edge layer, is the first tier in the hierarchy and interfaces
directly with end-user devices such as computers, laptops, printers, and networked appliances. Its
primary role is to provide network access to these devices.

• Responsibilities:

There are several responsibilities that lie with the access layer, such as:

– End Device Connectivity

– VLAN Segmentation
– Port Security
– Quality of Service (QoS)

16
 – Security Policies
– Power over Ethernet (PoE) .
– Spanning Tree Protocol (STP)
– Edge Security
– IoT Device Integration

• Example Technologies:

Routing protocols (e.g., BGP), High-speed Ethernet (e.g., 10GbE, 40GbE), MPLS (Mul-
tiprotocol Label Switching).

4.2.1.2 Distribution Layer

Positioned between the Access Layer and the Core Layer, the Distribution Layer acts as an inter-
mediary for traffic routing and distribution. It plays a pivotal role in ensuring efficient data flow
throughout the network.

• Responsibilities:

There are several responsibilities that lie with the distribution layer, such as:

– Routing and Packet Filtering

– Aggregation
– Load Balancing
– VLAN Segmentation
– Redundancy and High Availability
– Inter-VLAN Routing
– Access Control
– Policy Enforcement
– WAN Connectivity
– Network Segmentation

• Example Technologies

Routing protocols (e.g., OSPF, EIGRP), Virtual LANs (VLANs), Access Control Lists
(ACLs), High Availability (HA) protocols.

17
4.2.1.3 Core Layer

The core of the network hierarchy is also referred to as the network backbone. The Core Layer is
responsible for high-speed data forwarding and routing. It ensures rapid and efficient transport of
data between different parts of the network.

• Responsibilities:

There are several responsibilities that lie with the core layer, such as:

– High-Speed Packet Forwarding

– Minimal Packet Manipulation
– Redundancy and Load Balancing
– High Bandwidth
– Link Aggregation
– Loop Prevention:
– Routing and Route Aggregation
– Monitoring and Management
– Security
– Scalability

• Example Technologies

Routing protocols (e.g., BGP), High-speed Ethernet (e.g., 10GbE, 40GbE), MPLS (Multi-
protocol Label Switching).

18
4.3 DMZ Network Architecture:

I used Hierarchical Topology for the DMZ network as well, but this time it’s a Two-Tier Hierar-
chical Network model because the network is much smaller than the Inside network.

4.3.1 Two-Tier Hierarchical Network:

In this design, the core and distribution layers are collapsed into a single layer. It is suitable for
smaller networks where the separation of functions between core and distribution layers is not
necessary. [16]

Figure 4.3: Two-Tier Hierarchical Network

4.4 Outside Network Architecture:

Outside network is an existing and well-built network. The university network is linked with it
through the Internet Service Provider (ISP). For my project, I tried to create an imaginary ISP
network using the Two-Tier Hierarchical Network model.

4.5 Campus Architecture:

In my project, I built two separate campuses in two different locations that are connected through
ISP. Both campuses have their own Inside network alongside a DMZ network.

4.5.1 Campus I

Let’s delve into the architecture of campus I:

19
 Figure 4.4: Campus I

In figure 4.4: seven separate layer-two switches are installed in the network’s access layer.
These reflect the network’s several departments/vlans. PCs represent end devices such as a com-
puter, printer, IP phone, IoT device, and so on. ’Campus I’ is connected with ’Campus II’ through
the ISP/Internet.

20
4.5.2 Campus II

Let’s delve into the architecture of campus II:

Figure 4.5: Campus II

In figure 4.5: seven separate layer-two switches are installed in the network’s access layer.
These reflect the network’s several departments/vlans. PCs represent end devices such as a com-
puter, printer, IP phone, IoT device, and so on. ’Campus II’ is connected with ’Campus I’ through
the ISP/Internet.

21
4.6 Use Case Diagram

Figure 4.6: Use Case Diagram

4.7 Chapter Summary

The network architecture includes Inside, DMZ, and Outside networks. For effective communi-
cation, the inside network employs a Three-Tier Hierarchical Model. The DMZ network has a
simplified two-tier hierarchical model. An imaginary ISP linked with Internet for outside net-
work. Campuses linked by an ISP adopt hierarchical frameworks for departmental communica-
tion. Overall, the architecture ensures efficient connectivity, security, and scalability in a university
network.

22
5 Device and Details

The foundation of any robust network lies in its hardware and how these devices are intercon-
nected. In this section, I delve into the devices used in my network design.

5.1 Router

1. Cisco ISR4331

The Cisco ISR4331 is a part of the Cisco 4000 series Integrated Services Router (ISR).
It’s a versatile and feature-rich device that can serve as a central component in the network
infrastructure. Its modular design allows to adapt it to various networking needs, and its
robust security features make it suitable for securing branch office connections to the main
network. [17]

Figure 5.1: Pkt Router Image

Here are some key features and details about the Cisco ISR4331 router:

• Performance: The ISR4331 is designed to deliver high-performance routing, with

support for various services.
• Modular Design: It features a modular design with Network Interface Modules (NIMs)
and Integrated Services Card (ISC) slots. These modules allow to customize the router
to suit the specific networking requirements. Can add additional interfaces, such as
Ethernet or serial ports, to expand connectivity.

23
 Figure 5.2: Cisco ISR4331

• Routing and Switching: The ISR4331 supports a wide range of routing protocols,
including OSPF, EIGRP, BGP, and more. It can also perform Layer 2 switching func-
tions if needed.
• Security: Cisco routers, including the ISR4331, provide robust security features.
These include firewall capabilities, VPN support (IPsec and SSL), intrusion preven-
tion, content filtering, and access control lists (ACLs). It also supports Cisco’s Trust-
Sec technology for identity-based access control.
• High Availability: The ISR4331 supports redundancy and high availability features,
including Hot Standby Router Protocol (HSRP).
• Scalability: The ISR4331 is scalable to support a variety of network sizes and require-
ments. It’s suitable for small branch offices as well as larger enterprise environments.
• Security Updates: Cisco regularly releases security updates and patches for its routers,
helping to keep the network protected from emerging threats.

2. Cisco 2811

The Cisco 2811 router is a member of the Cisco 2800 Series Integrated Services Routers
(ISRs). Basically in packet tracer, It is the only router available for VoIP service. So I had
to use this router for VoIP feature only. But in real scenarios, almost every router features
VoIP service. [18]

Figure 5.3: Cisco 2811

• Voice and Video: The Cisco 2811 router can integrate with Cisco Unified Communi-
cations solutions, making it suitable for VoIP (Voice over IP) and video conferencing
applications. It supports features like voice gateways, call routing, and quality of ser-
vice (QoS) for voice and video traffic.

24
5.2 Switch

1. Cisco Catalyst WS-C3650-24PS

The Cisco Catalyst WS-C3650-24PS is a specific model of network switch within the Cisco
Catalyst 3650 Series. It’s a layer-three switch, designed for enterprise and campus networks,
offering a range of features and capabilities that make it suitable for various networking
needs. [19]

Figure 5.4: Pkt Multilayer Switch Image

Here’s an overview of the Cisco Catalyst WS-C3650-24PS switch:

• Port Configuration: The ”24” in its name indicates that this switch has 24 ports. It
typically has 24 GigabitEthernet ports with an additional 4 x GigabitEthernet port with
a Small Form-Factor Pluggable (SFP) for connecting end devices, such as computers,
servers, and other networking equipment. Port serial of GigabitEthernet1/0/1 to 24 and
GigabitEthernet1/1/1 to 4.
• PoE+ Support: ”PoE+” stands for ”Power over Ethernet Plus.” This means that the
switch is capable of providing both data connectivity and electrical power to connected
devices, such as IP phones, surveillance cameras, and access points, over the Ethernet
cables. PoE+ provides more power per port compared to standard PoE, allowing for a
broader range of devices to be powered through the switch.

Figure 5.5: C3650-24PS

25
 • Multigigabit Support: Catalyst WS-C3650-24PS, supports multigigabit Ethernet speeds
of 2.5 Gbps and 5 Gbps on Cat 5e cable and up to 10 Gbps over Cat 6a cabling. This
is especially useful for supporting high-speed wireless access points and other devices
that require more bandwidth than traditional Gigabit Ethernet can provide.
• Stackable: The WS-C3650 series switches are stackable, which means one can phys-
ically connect multiple switches to form a single logical switch. This stacking capa-
bility simplifies management and can increase network redundancy and performance.
• Layer 3 Capabilities: These switches are typically Layer 3 switches, which means
they can perform routing functions in addition to standard Layer 2 switching. This
makes them suitable for network segmentation and routing between VLANs.
• Advanced Security Features: Cisco Catalyst WS-C3650-24PS, come with a range
of security features. These include access control lists (ACLs), port security, and sup-
port for Cisco’s TrustSec security architecture, which provides identity-based access
control.
• High Availability: The switches are designed for high availability with features like
redundant power supplies and support for Hot Standby Router Protocol (HSRP) for
router redundancy.

2. Cisco Catalyst 2960-24TT

The Cisco Catalyst 2960-24TT switch is a member of the Cisco Catalyst 2960 Series of
fixed-configuration, standalone switches. It’s a layer-two switch, commonly used in small
to medium-sized business networks, branch offices, and access layer deployments in larger
networks. They provide a cost-effective solution for connecting end devices and ensuring
basic network connectivity and security. [20]

Figure 5.6: Pkt Switch Image

Here’s an overview of the Cisco Catalyst 2960-24TT switch:

• Port Configuration: The ”2960-24TT” in its name indicates that this switch has 24
Ethernet ports. Specifically, it has 24 10/100 Mbps Ethernet ports, which are typically
used for connecting end devices like computers, printers, and IP phones.
• Two Gigabit Uplink Ports: In addition to the 24 Ethernet ports, it typically has 2
Gigabit Ethernet uplink ports. These uplink ports can be used for connecting to higher-
speed network segments or for connecting to other switches to expand the network.

26
 Figure 5.7: 2960-24TT

• Layer 2 Switching: The Cisco Catalyst 2960-24TT is a Layer 2 switch, meaning it

operates primarily at the Data Link Layer (Layer 2) of the OSI model. It can perform
functions like MAC address learning, VLAN support, and basic traffic forwarding.
• Fixed Configuration: Unlike modular switches, this is a fixed-configuration switch,
which means that its hardware configuration, including the number of ports, cannot be
changed or expanded after purchase.
• Limited Layer 3 Functionality: While primarily a Layer 2 switch, some models in
the 2960 Series offer limited Layer 3 routing capabilities, such as static routing.
• Quality of Service (QoS): The switch supports QoS features to prioritize network
traffic, which is important for applications like Voice over IP (VoIP) and video confer-
encing.
• Management Options: The Cisco Catalyst 2960-24TT switch can be managed through
a command-line interface (CLI) or a web-based graphical user interface (GUI). It also
supports Simple Network Management Protocol (SNMP) for network management
and monitoring.

5.3 End Device

End devices are responsible for various tasks, such as accessing the internet, sending and receiving
data, making voice calls, and producing physical copies of documents. Here are some end devices:

• Access Point (AP): Access points are devices that allow wireless devices such as laptops,
smartphones, and tablets to connect to a wired network. They provide Wi-Fi connectivity
within a certain range, acting as a bridge between wireless clients and the wired network.

Figure 5.8: Access Point

27
• PC (Personal Computer): PCs are general-purpose computing devices commonly used for
various tasks, including web browsing, document editing, software development, and more.
They connect to the network for accessing resources and the internet.

Figure 5.9: Personal Computer

• Printer: Printers are devices used for producing physical copies of documents or images
from digital files. Network printers can be shared among multiple users and accessed over
the network for printing tasks.

Figure 5.10: Printer

• IP Phone (VoIP Phone): IP phones, also known as Voice over IP (VoIP) phones, enable
voice communication over an IP network. They use the internet or a local network for
making phone calls, often providing features like video calling and call management.

Figure 5.11: IP Phone

• Laptop: Laptops are portable computers equipped with a built-in display, keyboard, and
touchpad. They are used for tasks like work, browsing, and entertainment and can connect
to the network via Wi-Fi or Ethernet.

Figure 5.12: Laptop

28
 • Mobile Phone (Smartphone): Mobile phones, commonly referred to as smartphones, are
handheld devices used for communication, internet access, and various applications. They
connect to the network using cellular data or Wi-Fi.

Figure 5.13: Smartphone

These end devices play vital roles in network environments, each serving specific functions
and contributing to the overall functionality of the network.

5.4 Firewall

The Firewall is designed to protect networks and data from various threats. It provides essential
features like firewall protection, intrusion prevention, VPN capabilities, and advanced security
controls. Firewalls are crucial components in network security, safeguarding sensitive information
and ensuring the integrity and availability of network resources.

• Cisco ASA 5506 Firewall

The Cisco ASA 5506 is a compact, high-performance security appliance that is part of the Cisco
ASA 5500-X Series. This firewall is designed to deliver advanced security and threat protection for
small to medium-sized businesses, branch offices, and enterprise teleworker environments. [21]

Figure 5.14: Pkt Firewall Image

Here are some key features of the ASA 5506 Firewall:

• Firewall Protection: The ASA 5506 offers firewall capabilities, including stateful packet
inspection, access control lists (ACLs), and application layer filtering to protect the network
from unauthorized access and threats.

29
 • VPN Support: It supports VPN (Virtual Private Network) technologies, allowing secure
remote access for employees and connecting branch offices securely.

• Threat Detection: The ASA 5506 includes intrusion prevention and detection mechanisms
to identify and block potential threats in real time.

Figure 5.15: ASA 5506 Firewall

• Multiple Interfaces: It comes with a variety of interfaces, including Ethernet ports, to

accommodate different network setups.

• Ease of Management: Cisco provides management tools like Cisco Adaptive Security De-
vice Manager (ASDM) for easy configuration and monitoring.

• Compact Design: The compact form factor of the ASA 5506 makes it suitable for deploy-
ment in various environments, even where space is limited.

5.5 Server

Servers are the backbone of networked computing environments, serving as centralized machines
designed to provide specific services, resources, or data to client devices. To meet the various
service needs of our university campuses, I’ve deployed a range of servers. These servers play
crucial roles in hosting and managing services critical to the academic environment.

Figure 5.16: Pkt Server Image

30
Here are some server types:

• DNS Server: Provides Domain Name System (DNS) services, translating domain names
into IP addresses.

• DHCP Server: Assigns IP addresses dynamically to devices within the network.

• Web Server: Hosts web services and websites for campus users.

• FTP Server: Facilitates file transfer services.

• TFTP Server: Enables Trivial File Transfer Protocol for network device configuration.

Figure 5.17: Physical Server

• Mail Server: Manages email communication for campus users.

• IoT Server: Manages and interacts with our Internet of Things (IoT) devices, ensuring their
proper functioning.

• Syslog Server: Collects and stores system logs for monitoring and troubleshooting.

• NTP Server: Provides network time synchronization for all network devices.

31
5.6 IoT Device

IoT, or Internet of Things, devices are smart, connected devices that can collect and exchange data
over the Internet. They include sensors, actuators, and various gadgets that enable automation and
remote control. IoT devices play a growing role in modern networks, providing valuable data for
decision-making and enhancing efficiency in various applications.

I have utilized a variety of IoT devices to enhance network functionality, security, and automa-
tion. Here’s a list of the IoT devices I’ve incorporated:

• CC Camera (Closed-Circuit Camera): These cameras capture video footage and can be
remotely monitored for surveillance and security purposes.

Figure 5.18: CC Camera Image

• Light Control: IoT-controlled lights enable automated lighting adjustments based on vari-
ous triggers, such as motion detection or predefined schedules.

Figure 5.19: Light Image

• Fan Control: Automated fans can be adjusted based on environmental conditions or user
preferences, improving energy efficiency and comfort.

Figure 5.20: Fan Image

• Door Control: IoT-connected doors can be remotely locked or unlocked, providing conve-
nience and security.

32
 Figure 5.21: Door Image

• Motion Detector: These sensors detect motion within their range and can trigger actions
like turning on lights or alerting security personnel.

Figure 5.22: Motion Detector Image

• Fire Monitor: IoT-based fire monitoring systems can detect fires or smoke and send alerts
for a timely response.

Figure 5.23: Fie Monitor Image

• RFID Reader (Radio-Frequency Identification): RFID technology is used for tracking

and managing assets or personnel by reading RFID tags.

Figure 5.24: RFID Reader Image

33
 • Fire Sprinkler: Automated fire sprinklers can activate in response to fire or smoke detection
to suppress flames and limit damage.

Figure 5.25: Fire Sprinkler Image

• Siren: Sirens are used for audible alerts and warnings, such as in security systems or emer-
gency notifications.

Figure 5.26: Siren Image

• MCU (Microcontroller Unit): MCUs are programmable devices used for various func-
tions, such as controlling sensors, managing data, or executing specific tasks in IoT applica-
tions.

Figure 5.27: MCU Image

5.7 Cable

Cables are the lifelines of any network, serving as the physical pathways that allow devices to
communicate. there are various types of cables, such as Ethernet, fiber optic, and coaxial, that
connect devices like computers, routers, switches, printers, and more. These cables play a vital
role in ensuring data flows smoothly, reliably, and securely across the network. In my project
I’ve used Copper straight-through (patch) cables and copper crossover cables, Both are types of
Ethernet cables. And also used IoT custom cables.

34
• Copper Straight-Through (Patch) Cable:

Straight-through cables are used to connect devices of different types, typically an end de-
vice (like a computer or printer) to a networking device (like a switch or router).

Figure 5.28: Copper Straight-Through Cable

– Example Use: User might use a straight-through cable to connect a computer to a

network switch, a router to a cable modem, or an IP phone to a network switch.

• Copper Crossover Cable:

Crossover cables are used to connect devices of the same type, such as two computers or
two switches, directly without requiring an intermediary device like a router.

Figure 5.29: Copper Crossover Cable

– Example Use: User might use a crossover cable to connect two computers for file
sharing, connect two switches to expand a network, or establish a direct connection
between two routers for configuration purposes.

• IoT Custom Cable:

IoT custom cables are designed for the unique connectivity needs of the Internet of Things
(IoT) devices and sensors. These cables enable the seamless connection of various IoT
devices within a network, accommodating different interfaces and environmental conditions.

Figure 5.30: IoT Custom Cable

– Example Use: IoT custom cables are used to establish connections between IoT de-
vices, sensors, and the central network.

35
5.8 Chapter Summary

In this chapter, I explore the essential devices that form the foundation of the network infrastruc-
ture. These devices play vital roles in ensuring connectivity, security, and functionality across the
network.

Cisco 4000 series Integrated Services Router, known for high-performance routing, modular
design, and robust security features, and the Cisco 2811 router primarily used for VoIP services in
my project, but typically capable of supporting various voice and video communication features.

Switch like Cisco Catalyst WS-C3650-24PS multilayer switch featuring 24 ports with PoE+
support, multigigabit capabilities, layer 3 routings, advanced security, and high availability. And
Cisco Catalyst 2960-24TT switch offers 24 Ethernet ports, Gigabit uplinks, layer 2 switching, and
basic network connectivity.

Introduction to various end devices, including Access Points, PCs, Printers, Laptops, IP Phones
and Mobile Phones.

Introduction to the Cisco ASA 5506 Firewall, emphasizing its role in network security with
features like firewall protection, VPN support, threat detection, and multiple interfaces.

Overview of servers serving critical functions in our network, including DNS, DHCP, Web,
FTP, TFTP, Mail, IoT, Syslog, and NTP servers, ensuring essential network services are available.

List and description of various IoT devices, such as CC Cameras, Light Controls, Fan Con-
trols, Door Controls, Motion Detectors, Fire Monitors, Smoke Detectors, RFID Readers, Fire
Sprinklers, Sirens, and Blowers, highlighting their contributions to network automation and mon-
itoring.

Ethernet cables like copper straight-through (patch) and copper crossover cables and IoT cus-
tom.

36
6 Physical Implementation

The successful design of a complex network infrastructure lays the foundation for efficient com-
munication, secure data transfer, and the seamless operation of services and applications. How-
ever, it is the meticulous implementation of this design that transforms it from a concept into a
functional reality. This chapter delves into the simulating aspects of implementing the network
infrastructure designed for the University Network, which encompasses multiple universities, a
wide array of devices, and a robust security framework.

6.1 Device Placement and Management

Device placement and management are critical aspects of network design and operation. Proper
placement ensures that devices are strategically positioned to optimize network performance,
minimize latency, and enhance security. Effective management involves monitoring, configur-
ing, and maintaining devices to ensure they operate at peak efficiency, reducing downtime and
troubleshooting efforts. Both aspects are fundamental to building a reliable and robust network
infrastructure.

• Cisco Catalyst WS-C3650-24PS Switch:

– Placed In: Core Layer

– Quantity: 4, 2 for Campus(I), and 2 for Campus(II)
– Connected with: Firewall and Distribution Layer
– Responsibility: Routing and High-performance Network services. Ensuring efficient
data flow, connecting with the firewall for security, and linking with the distribution
layer to further distribute network traffic seamlessly.

37
• Cisco Catalyst WS-C3650-24PS Switch:

– Placed In: Distribution Layer

– Quantity: 4, 2 for Campus(I), and 2 for Campus(II)
– Connected with: Core Layer and Access Layer
– Responsibility: Aggregating network connections and facilitating efficient data traffic
routing. Providing Power over Ethernet Plus (PoE+) support, enabling the seamless
operation of various powered devices like IP phones and surveillance cameras. Con-
tributing to network segmentation and Layer 3 routing, enhancing overall network
performance and security.

• Cisco Catalyst 2960-24TT Switch:

– Placed In: Access Layer

– Quantity: Multiple
– Connected with: Distribution Layer and End Devices
– Responsibility: Connecting end devices securely, managing VLANs for segmenta-
tion, and providing essential Layer 2 switching and security functions.

• Cisco 2811 Router:

– Placed In: Access Layer (VoIP Services)

– Quantity: 2, 1 for Campus(I), and 1 for Campus(II)
– Connected with: Distribution Layer and Other VoIP Router
– Responsibility: Providing VoIP services in the access layer.

• Cisco ISR4331 Router:

– Placed In: DMZ

– Quantity: 2, 1 for Campus(I), and 1 for Campus(II)
– Connected with: Firewall and Layer 2 Switch
– Responsibility: filtering and controlling incoming and outgoing traffic to protect sen-
sitive internal resources from potential threats originating from the internet. It typically
hosts public-facing services like web servers, email servers, or application gateways,
ensuring that external access to these services is carefully managed and monitored.
This isolation helps safeguard the internal network while allowing controlled access to
specific services.

38
• Cisco Catalyst 2960-24TT Switch:

– Placed In: DMZ

– Quantity: 2, 1 for Campus(I), and 1 for Campus(II)
– Connected with: DMZ Router and Servers
– Responsibility: Connecting Servers securely, providing essential Layer 2 switching
and security functions.

• Servers:

– Placed In: Data Center (DMZ)

– Quantity: Multiple
– Connected with: DMZ Layer 2 Switch
– Responsibility: Hosting critical network services and data.

• End Devices:

– Placed In: Throughout the network

– Quantity: Variable
– Connected with: Access Layer
– Responsibility: Providing user access, computing, and communication services.

• IoT Devices:

– Placed In: Throughout the network

– Quantity: Variable
– Connected with: Access Layer
– Responsibility: Iot services.

39
6.2 Initial Device Setup:

There are some devices that require Physical Installation. Here is the list:

• Cisco Catalyst WS-C3650-24PS Switch

– Ensure the AC Power Supply is connected securely to the switch.

– Connect Ethernet cables as needed.
– Power on the switch by pressing the power button on the front panel.

• Cisco ISR4331 Router

– Install the GLC-T module into one of the available Gigabit Ethernet port
– Power on the router.

• IoT Devices

– Connect the PT-IOT-NM-1CEF Network Adapter to the IoT device as per the manu-
facturer’s instructions.
– Power on the IoT device.

• IP Phone

– Connect the IP Phone Power Adapter to the IP phone.

– Power on the IP phone.

40
6.3 Campus I (Packet Tracer View):

Figure 6.1: Campus I

41
6.4 Campus II (Packet Tracer View):

Figure 6.2: Campus II

42
6.5 Chapter Summary

In this chapter, I concentrated on putting the specified infrastructure into action, including de-
vice installation and management. It focuses on strategic positioning for peak performance and
effective monitoring to reduce downtime.

The chapter describes specific devices, including their placement, quantity, and responsibili-
ties. Cisco Catalyst switches manage routing and high-performance services, while routers like
the Cisco 2811 and ISR4331 handle VoIP and DMZ tasks, guaranteeing secure network access.

Initial setup processes for devices that require physical installation are detailed, with a priority
on secure connections and proper power-on procedures.

Visual representations of the network layout in Packet Tracer views of Campus I and Campus
II provide an in-depth description of the implemented design. These visual representations serve
in exploring the structure, connectivity, and general functionality of the network.

43
7 IP Addressing

IP (Internet Protocol) is a fundamental aspect of network configuration. It involves assigning

unique IP addresses to devices on a network to enable them to communicate with each other.
There are two main versions of IP addressing:

• IPv4 (Internet Protocol version 4): IPv4 uses 32-bit addresses which is 4 bytes. IPv4 is still
widely used,

• IPv6 (Internet Protocol version 6). IPv6 uses 128-bit addresses which is 6 bytes. IPv6 is
becoming increasingly important due to the exhaustion of IPv4 addresses.

Pv4 (Internet Protocol version 4): In my project, I have used IPv4 network address. Here
are some key points about IPv4 addressing

• IP Address Format: IPv4 addresses are typically written as four sets of decimal numbers
separated by periods (e.g., 192.168.1.1).

• Network Classes: In IPv4, IP addresses were historically divided into classes (A, B, C, D,
and E), but this classification has been largely replaced by CIDR (Classless Inter-Domain
Routing) notation, which allows for more flexible address allocation.

• Subnet Mask: A 32-bit number that divides an IP address into network and host portions.
It is used to identify the network to which an IP address belongs and the specific host on
that network.

• Default Gateway: Default gateway is the router that connects the local network to other
networks or the internet. The default gateway is responsible for routing traffic between
networks.

44
7.1 IP Addressing, Campus(I)

In campus (I), I have used 192.168.0.0/16 network address for my internal/inside network and
172.16.10.0/26 network address for my dmz network.

Device Interface IP Address Subnet Mask Default Gateway

GigabitEthernet1/2 (DMZ) 172.16.10.130 255.255.255.252 N/A

C1-ASA1 GigabitEthernet1/3 (IN) 192.168.0.50 255.255.255.252 N/A
GigabitEthernet1/4 (IN) 192.168.0.58 255.255.255.252 N/A

GigabitEthernet1/2 (DMZ) 172.16.10.134 255.255.255.252 N/A

C1-ASA2 GigabitEthernet1/3 (IN) 192.168.0.54 255.255.255.252 N/A
GigabitEthernet1/4 (IN) 192.168.0.62 255.255.255.252 N/A

GigabitEthernet0/0/0 172.16.10.1 255.255.255.192 N/A

C1-DMZ GigabitEthernet0/0/1 172.16.10.129 255.255.255.252 N/A
GigabitEthernet0/0/2 172.16.10.133 255.255.255.252 N/A

Port-channel1 192.168.0.1 255.255.255.240 N/A

C1-CS1 Port-channel2 192.168.0.17 255.255.255.248 N/A
GigabitEthernet1/0/1 192.168.0.49 255.255.255.252 N/A
GigabitEthernet1/0/2 192.168.0.57 255.255.255.252 N/A

Port-channel1 192.168.0.2 255.255.255.240 N/A

C1-CS2 Port-channel2 192.168.0.25 255.255.255.248 N/A
GigabitEthernet1/0/1 192.168.0.53 255.255.255.252 N/A
GigabitEthernet1/0/2 192.168.0.61 255.255.255.252 N/A

Port-channel1 192.168.1.1 255.255.255.248 N/A

C1-DS1 Port-channel2 192.168.0.18 255.255.255.248 N/A

Port-channel1 192.168.1.2 255.255.255.248 N/A

C1-DS2 Port-channel2 192.168.0.26 255.255.255.248 N/A

Table 7.1: Device IP Addressing

Table 7.1: is showing IP configuration for core-layer, distribution-layer, ASA firewall and
DMZ of campus(I). Specific IP addresses are assigned to a specific device’s ports to establish
connection with other devices.

45
 • IP Addressing for VLANs: IP addresses are assigned to distinct VLANs, each representing
a specific network segment within the university infrastructure. In my project I have created
7 different departments/vlans for each campus.

Department Network & Valid Hosts Default - Broadcast -

(Vlan) Subnet Mask Gateway Address

Admin 192.168.10.0 192.168.10.1 - 192.168.10.1 192.168.10.255

(Vlan 10) 255.255.255.0 192.168.10.254

Chairman 192.168.11.0 192.168.11.1 - 192.168.11.1 192.168.11.255

(Vlan 11) 255.255.255.0 192.168.11.254

Admission 192.168.12.0 192.168.12.1 - 192.168.12.1 192.168.12.255

(Vlan 12) 255.255.255.0 192.168.12.254

Register 192.168.13.0 192.168.13.1 - 192.168.13.1 192.168.13.255

(Vlan 13) 255.255.255.0 192.168.13.254

Accounts 192.168.14.0 192.168.14.1 - 192.168.14.1 192.168.14.255

(Vlan 14) 255.255.255.0 192.168.14.254

Cafe 192.168.15.0 192.168.15.1 - 192.168.15.1 192.168.15.255

(Vlan 15) 255.255.255.0 192.168.15.254

Mosque 192.168.16.0 192.168.16.1 - 192.168.16.1 192.168.16.255

(Vlan 16) 255.255.255.0 192.168.16.254

Table 7.2: VLAN IP Addressing

Table 7.2: is showing IP addressing for VLANs of campus(I). Here a specific network is
assigned for a specific department/vlan. End devices of each department/vlan will get IP address
throw the DHCP or Static configuration.

46
• IP Addressing for DMZ: Demilitarized Zone serves as a segregated area that hosts servers
accessible from the internet, such as web servers, email servers I used a different network
than inside netowrk

Department Network & Valid Hosts Default - Broadcast -

Subnet Mask Gateway Address
C1-DMZ 172.16.10.0 172.16.10.1 - 172.16.10.1 172.16.10.63
255.255.255.192 172.16.10.62

Table 7.3: DMZ IP Addressing

• IP Addressing for Servers: In my project I have used 8 different servers and each campus
having a specific IP address throw the Static configuration.

Server Name IP Address Subnet Mask Default Gateway DNS

C1-DNS 172.16.10.4 255.255.255.192 172.16.10.1 172.16.10.4

C1-DHCP 172.16.10.5 255.255.255.192 172.16.10.1 172.16.10.4

C1-Web 172.16.10.6 255.255.255.192 172.16.10.1 172.16.10.4

C1-Mail 172.16.10.7 255.255.255.192 172.16.10.1 172.16.10.4

C1-NTP 172.16.10.8 255.255.255.192 172.16.10.1 172.16.10.4

C1-Syslog 172.16.10.9 255.255.255.192 172.16.10.1 172.16.10.4

C1-FTP 172.16.10.10 255.255.255.192 172.16.10.1 172.16.10.4

C1-IoT 192.168.10.10 255.255.255.0 192.168.10.1 172.16.10.4

Table 7.4: Server IP Addressing

47
7.2 IP Addressing, Campus(II)

In campus (II), I have used 192.169.0.0/16 network address for my internal/inside network and
172.16.10.64/26 network address for my dmz network.

Device Interface IP Address Subnet Mask Default Gateway

GigabitEthernet1/2 (DMZ) 172.16.10.138 255.255.255.252 N/A

C2-ASA1 GigabitEthernet1/3 (IN) 192.169.0.50 255.255.255.252 N/A
GigabitEthernet1/4 (IN) 192.169.0.58 255.255.255.252 N/A

GigabitEthernet1/2 (DMZ) 172.16.10.142 255.255.255.252 N/A

C2-ASA2 GigabitEthernet1/3 (IN) 192.169.0.54 255.255.255.252 N/A
GigabitEthernet1/4 (IN) 192.169.0.62 255.255.255.252 N/A

GigabitEthernet0/0/0 172.16.10.65 255.255.255.192 N/A

C2-DMZ GigabitEthernet0/0/1 172.16.10.137 255.255.255.252 N/A
GigabitEthernet0/0/2 172.16.10.141 255.255.255.252 N/A

Port-channel1 192.169.0.1 255.255.255.240 N/A

C2-CS1 Port-channel2 192.169.0.17 255.255.255.248 N/A
GigabitEthernet1/0/1 192.169.0.49 255.255.255.252 N/A
GigabitEthernet1/0/2 192.169.0.57 255.255.255.252 N/A

Port-channel1 192.169.0.2 255.255.255.240 N/A

C2-CS2 Port-channel2 192.169.0.25 255.255.255.248 N/A
GigabitEthernet1/0/1 192.169.0.53 255.255.255.252 N/A
GigabitEthernet1/0/2 192.169.0.61 255.255.255.252 N/A

Port-channel1 192.169.1.1 255.255.255.248 N/A

C2-DS1 Port-channel2 192.169.0.18 255.255.255.248 N/A

Port-channel1 192.169.1.2 255.255.255.248 N/A

C2-DS2 Port-channel2 192.169.0.26 255.255.255.248 N/A

Table 7.5: Device IP Addressing

Table 7.5: is showing IP configuration for core-layer, distribution-layer, ASA firewall and
DMZ of campus(II). Specific IP addresses are assigned to a specific device’s ports to establish
connection with other devices.

48
 • IP Addressing for VLANs: IP addresses are assigned to distinct VLANs, each representing
a specific network segment within the university infrastructure. In my project I have created
7 different departments/vlans for each campus.

Department Network & Valid Hosts Default - Broadcast -

(Vlan) Subnet Mask Gateway Address

Admin 192.169.10.0 192.169.10.1 - 192.169.10.1 192.169.10.255

(Vlan 10) 255.255.255.0 192.169.10.254

Chairman 192.169.11.0 192.169.11.1 - 192.169.11.1 192.169.11.255

(Vlan 11) 255.255.255.0 192.169.11.254

Admission 192.169.12.0 192.169.12.1 - 192.169.12.1 192.169.12.255

(Vlan 12) 255.255.255.0 192.169.12.254

Register 192.169.13.0 192.169.13.1 - 192.169.13.1 192.169.13.255

(Vlan 13) 255.255.255.0 192.169.13.254

Accounts 192.169.14.0 192.169.14.1 - 192.169.14.1 192.169.14.255

(Vlan 14) 255.255.255.0 192.169.14.254

Cafe 192.169.15.0 192.169.15.1 - 192.169.15.1 192.169.15.255

(Vlan 15) 255.255.255.0 192.169.15.254

Mosque 192.169.16.0 192.169.16.1 - 192.169.16.1 192.169.16.255

(Vlan 16) 255.255.255.0 192.169.16.254

Table 7.6: VLAN IP Addressing

Table 7.6: is showing IP addressing for VLANs of campus(I). Here a specific network is
assigned for a specific department/vlan. End devices of each department/vlan will get IP address
throw the DHCP or Static configuration.

49
 • IP Addressing for DMZ: Demilitarized Zone serves as a segregated area that hosts servers
accessible from the internet, such as web servers, email servers I used a different network
than inside netowrk

Department Network & Valid Hosts Default - Broadcast -

Subnet Mask Gateway Address
C2-DMZ 172.16.10.64 172.16.10.65 - 172.16.10.65 172.16.10.127
255.255.255.192 172.16.10.126

Table 7.7: DMZ IP Addressing

• IP Addressing for Servers: In my project I have used 8 different servers and each campus
having a specific IP address throw the Static configuration.

Server Name IP Address Subnet Mask Default Gateway DNS

C2-DNS 172.16.10.74 255.255.255.192 172.16.10.65 172.16.10.74

C2-DHCP 172.16.10.75 255.255.255.192 172.16.10.65 172.16.10.74

C2-Web 172.16.10.76 255.255.255.192 172.16.10.65 172.16.10.74

C2-Mail 172.16.10.77 255.255.255.192 172.16.10.65 172.16.10.74

C2-NTP 172.16.10.78 255.255.255.192 172.16.10.65 172.16.10.74

C2-Syslog 172.16.10.79 255.255.255.192 172.16.10.65 172.16.10.74

C2-FTP 172.16.10.70 255.255.255.192 172.16.10.65 172.16.10.74

C2-IoT 192.169.10.10 255.255.255.0 192.169.10.1 172.16.10.74

Table 7.8: Server IP Addressing

7.3 Chapter Summary

In this chapter, I concentrated on IP addressing of both the campuses and its dmz network. I have
created addressing table according to my project and implemented these IP addresses in every
devices accordingly.

50
8 Configuration

The configuration phase is where the blueprint of the network design is brought to life. It involves
the detailed setup and fine-tuning of each network device, service, and security measure to ensure
that they operate seamlessly and securely.

Routers and switches are configured through the CLI(Command-Line Interface) mode where
end devices and IoT devices are configured through the GUIs(Graphical User Interfaces) or device
settings.

8.1 CLI (Command-Line Interface) Mode

In network configuration the Command-Line Interface (CLI) is essential. CLI provides direct
access to the configuration of network devices, offering granular control and detailed configuration
options. In a typical Command-Line Interface (CLI) of a network device, such as a router or
switch, there are three main modes:

1. Privilege Mode (Privileged EXEC Mode):

• Symbol in CLI Prompt: Typically represented by a ’>’ symbol in the command-line

prompt.
• Access Rights: Privilege mode is the second level of access in a network device’s CLI,
following user mode. It provides more control and allows for viewing or configuring
various aspects of the device.
• Usage: In privilege mode, user can execute privileged commands such as viewing
device configurations, running diagnostic commands, and restarting the device. user
can also enter other modes, like global configuration mode.
• Command to Access: Use the enable command followed by the privileged EXEC
mode password to enter this mode. For example: enable.

51
 2. Access Mode (User EXEC Mode):

• Symbol in CLI Prompt: Typically represented by a ’#’ or ’$’ symbol in the command-
line prompt.
• Access Rights: Access mode is the lowest level of access in a network device’s CLI. It
provides limited access to basic monitoring commands but doesn’t allow configuration
changes.
• Usage: In access mode, user can view basic information about the device’s status,
interfaces, and connected devices. But can’t make configuration changes at this level.
• Command to Access: Access mode is the initial mode when user connect to a device.
Usually don’t need a command to enter this mode.

3. Global Configuration Mode:

• Symbol in CLI Prompt: Typically represented by a (config) symbol in the command-

line prompt.
• Access Rights: Global configuration mode is a higher level of access where user can
make changes to the device’s configuration. It allows user to configure various settings
that affect the entire device.
• Usage: In global configuration mode, user can configure parameters like interface
settings, security policies, routing protocols, and more. Changes made in this mode
impact the device’s overall behavior.
• Command to Access: To enter global configuration mode, user typically use the con-
figure terminal or conf t command followed by the necessary configuration commands.
For example: configure terminal.

• Accessing CLI

To access the CLI of a network device, follow these general steps:

– Connect to the Device: Establish a physical or remote connection to the device using
methods like console cables, SSH, Telnet, or web-based consoles.
– Login: Provide valid login credentials, such as usernames and passwords.
– Access Privilege Levels: Depending on user’s role and permissions, User might have
different privilege levels, such as user mode and privileged exec mode in Cisco devices.

The following table is a summary of command prompts and the corresponding location within
the command structure.

52
 Router(sign) Mode
Router> User EXEC mode
Router# Privileged EXEC mode
Router(config)# Configuration mode
Router(config-if)# Interface level within configuration mode
Router(config-router)# Routing engine level within configuration mode
Router(config-line)# Line level (vty, tty, async) within configuration mode

Table 8.1: CLI Mode

Figure 8.1: Command-Line Interface Mode

8.2 GUIs (Graphical User Interfaces) Mode

Graphical User Interfaces (GUIs) allow users to interact with computers and other devices vi-
sually. Users can interact with graphical elements such as icons, buttons, menus, and windows
rather than text-based commands. GUIs facilitate task completion and navigation within software
applications. Here are some key features and components of GUIs:

Icons: Represent graphical symbols that users can click or tap to perform actions or open
applications.

Point-and-Click Interaction: Users can interact with the interface by pointing to graphical
elements with a mouse cursor or tapping with a finger on touch-enabled devices.

Windows: Applications are typically displayed in separate windows, allowing users to multi-
task and manage multiple open programs simultaneously.

53
 Figure 8.2: Graphical User Interfaces Mode

8.3 Device & Network Configuration

In this section I will explain the configuration and protocol I have used in different devices and
network layers of my project. Which includes basic device config, network config, security config
and many more.

8.3.1 Firewall Configuration

Firewalls are crucial components in network security, safeguarding sensitive information and en-
suring the integrity and availability of network resources. I have configured the firewall basic
config, network and security protocol according to my project.

• Basic Configuration: Basic configure includes, hostname configure, domain name config-
ure, date and time configure. These are basically identify the device.

• Device Security Configuration: Device’s security configure includes, device user name
and password, SSH login for remote access with aaa authentication, generate crypto key
modulus. These security configuration keeps the device safe from unauthorized access.

• Interface Configuration: Device’s interface configure includes, active device’s interfaces,

set zone parameter (inside or outside or dmz), set ip address, set security level. Interface
configuration helps device to maintain physical connectivity with other devices.

• Routing Protocol Configuration: I have used static routing protocol for inside, outside,
dmz zone to maintain communication with other networks.

54
 • NAT Configuration: Network address translation configure includes dynamic NAT config-
uration. which allows a private network to connect to the internet, as it translates private IP
addresses to a public one.

• Access Control List: Access lists (ACL) for firewalls set rules that control which traffic
is allowed or denied through the firewall. Access lists are essential for enforcing security
policies and controlling the flow of traffic between networks.

• Site-to-Site VPN: Site-to-Site Virtual Private Network (VPN) establishes a secure connec-
tion between two separate networks, allowing them to communicate over the public internet
as if they were part of the same private network.

8.3.2 Core-layer Device Configuration

The core layer, often referred to as the backbone or network core, is a critical component of a
network’s three-tier hierarchical architecture. There are two multi-layer switches in core-layer of
my project and I have configured these switch according to my project network.

• Basic Configuration: Basic configure in core layer includes, hostname, domain name, ban-
ner motd, domain-lookup, syslog server, date and time server configure. These are basically
identify the device.

• Device Security Configuration: Device’s security configure in core layer includes, login
security, username and password, console security, SSH login for remote access, crypto
key modulus, password-encryption, brute force prevention and many more. These security
configuration keeps the device safe from unauthorized access.

• Interface Configuration: Device’s interface configure includes port-channel, active de-

vice’s interfaces, set ip address, switchport allowing and trunking etc. Interface configura-
tion helps device to maintain physical connectivity with other devices.

• Routing Protocol Configuration: I have used OSPF(Open Shortest Path First) routing
protocol for core layer to maintain communication with other inside networks. And also
used static routing for default routing to maintain communication with outside and dmz.

8.3.3 Distribution-layer Device Configuration

The distribution layer acts as an intermediary between the access layer and the core layer. It
enhances network performance, scalability, and security in a hierarchical network design. There
are two multi-layer switches in distribution-layer of my project and I have configured these switch
according to my project network.

55
 Distribution-layer configuration is almost as same as the core-layer configuration like, basic
configuration, device security configuration, interface configuration, routing protocol configura-
tion. Except there are some new protocol added in distribution layer.

• VLAN Configuration: Configuring VLAN (Virtual Local Area Networks) includes id and
name configuration for each vlan, ip address and dhcp server configuration. VLAN involves
creating logical network segments within a physical network.

• HSRP Protocol Configuration: Hot Standby Router Protocol (HSRP) includes priority,
preemption, primary and secondary configure. HSRP ensures uninterrupted connectivity,
with one router serving as the active gateway while the others stand by, ready to take over
in case of a failure.

• Telephony-Service Configuration: Telephony-service configuration includes voice vlan,

voice dhcp, assigning telephone id, number and many more critical configurations. Tele-
phony services are often integrated with Voice over Internet Protocol (VoIP) technology,
allowing voice communication to be transmitted over IP networks.

8.3.4 Access-layer Device Configuration

Access Layer is the first tier or level in a hierarchical network architecture. It is the layer that
directly connects end-user devices, such as computers, laptops, printers, and other networked
appliances, to the network. The primary purpose of the Access Layer is to provide network access
to these end devices.

Access layer configuration also includes basic configuration, device security configuration,
interface configuration. Except there are some additional protocol in access layer.

• VLAN Configuration: Configuring VLAN (Virtual Local Area Networks) includes creat-
ing individual vlan id and name, allowing vlan or trunking switchports

• Interface Configuration: Interface configuration in access layer includes Spanning Tree

Protocol (STP), switchport port-security, DHCP Snooping and many more configuration.

8.3.5 End Device Configuration

End device is the ultimate destination for data and does not forward the data to other devices. End
devices are integral parts of network communication and play various roles in different network
scenarios.

End devices are not configured through the CLI mode rather its configured through the GUI
mode.

56
 • Server Configuration: There are many server configured in my project, Web server, DHS
server, DHCP server, Mail server, NTP server, Syslog server, FTP server, TFTP sever, IoT
server. These server needs individual configuration which includes ip address, gateway, dns
server. username and password, set rules, conditions and many more.

• PC and IoT Device Configuration: Other end devices like PC, printer, IP phone, IoT
devices are configured IP address through dynamically which allows DHCP to choose IP
for these devices.

8.4 Chapter Summary

The configuration section of network design is carefully set up and adjusting each network device,
service, and security measure to ensure efficient and secure operation. The Command-Line Inter-
face (CLI) mode is used to configure routers and switches. On the other hand end devices and IoT
devices are configured through Graphical User Interfaces (GUIs).

The device configuration is multi-layered. Firewalls, which are critical for network security,
go through basic, security, and interface configurations. Core-layer configurations involve ba-
sic and security settings along with the OSPF routing protocol. Distribution-layer configurations
are similar to the core-layer, include VLAN segmentation and High Availability through HSRP.
Access-layer configurations, which connect end devices, include basic, security, and interface set-
tings, as well as VLAN segmentation and other protocols such as STP and DHCP Snooping.

End devices, including servers, PCs, and IoT devices, have unique configurations. Servers
require specific settings.

57
9 Security and Services

In the ”Security and Services” chapter, I delve into two critical aspects of the network security
and the various services it offers, including the Internet of Things (IoT). This chapter plays a
vital role to ensure the university network’s resources and services’ integrity, confidentiality, and
availability.

9.1 Security

I have divided the security portion into two sections: device security and network and data security.

• Device Security: Device security includes user authentication and access control list to
secure the devices from unauthorized accesses and hacking issues.

1. User Authenticated Console Login: Which includes username and password for ac-
cessing devices by console login and extra security layer of password protected privi-
leged EXEC mode. [Figure 9.1]
Configured MD5 (Message Digest Algorithm 5) Password Encryption for secure pass-
words. [Figure 9.3]

2. User Authenticated Remote Login: For remote login SSH(Secure Shell)v2 is al-
lowed only. Which also includes username and password for accessing devices and
extra security layer of password protected privileged EXEC mode. [Figure 9.2]
Configured MD5 (Message Digest Algorithm 5) Password Encryption as well as ACL
(Access Control List). Which will allow only administrator to access from remote
location. Also configured brute-force attack prevention system.[Figure 9.3 & 9.4]

58
Figure 9.1: secured Console Login

Figure 9.2: secured Remote Login

59
Figure 9.3: Brute-force Prevention and Encrypted Pass

Figure 9.4: SSH and ACL Information

60
• Network and Date Security: Network and data security includes firewall predetermined
security rules, site o site VPN, encryption, ACL and also Intrusion Detection Systems (IDS)
and Prevention Systems (IPS) that protect university networks and their data from unautho-
rized access, attacks and damage.

1. Firewall security: Firewalls are a key defense against unauthorized access. Config-
ured security level for inside, outside and dmz, configured NAT, Routing, [Figure 9.5]

ACL for securing services and data from unauthorized access. [Figure 9.6]

Configured site to site vpn between two campuses for secure communication data data
transfer. Which will keep doing encryption and decryption to ensures that even if data
is intercepted, it cannot be easily understood. [Figure 9.7], [Figure 9.8]

Figure 9.5: Interface Security, NAT & Routing Information

In [Figure 9.5], I have shown interface security level, NAT(Network Address Transla-
tion) and Routing protocol configuration witch will be applied for secure communica-
tion and data transfer.

61
 Figure 9.6: ACL

In [Figure 9.6], I have shown ACL(Access Control List) configuration for outside and
dmz to limited and secure the access into the network for communication and services.

62
 Figure 9.7: Campus(I) Site-To-Site VPN

In [Figure 9.7], I have shown the result of encrypt and decrypt pkts of campus(I).
Which also indicates the communication rates between two campuses.

63
 Figure 9.8: Campus(II) Site-To-Site VPN

In [Figure 9.8], I have shown the result of encrypt and decrypt pkts of campus(II).
Which also indicates the communication rates between two campuses.

2. Access Layer Security: Access layer security includes switchport security both used
and unused, dhcp snooping to prevent fake dhcp, vlan security.

64
9.2 Services

I have divided the services portion into two sections: Servers and IoT services.

• Servers: Servers are essential components of a university network that provide specific
services.

1. DNS(Domain Name System) Service: Transformed IP address 172.16.10.6 into do-

main name www.sub.com [Figure 9.9a]
2. Web Service: Web server used HTTP (Hypertext Transfer Protocol) and HTTPS (Hy-
pertext Transfer Protocol Secure) for transmitting web pages and other data on the
World Wide Web. It’s the foundation of web browsing. [Figure 9.9b]

(a) IP and Domain (b) Web Browsing

Figure 9.9: DNS & Web Service

65
3. DHCP(Dynamic Host Configuration Protocol) Service: DHCP assigns and man-
ages IP addresses and other network configuration parameters to devices on a network
automatically. [Figure 9.10]

Figure 9.10: DHCP Service

4. Mail Service: Mail server used SMTP (Simple Mail Transfer Protocol) for sending
and relaying email messages over a network. It’s a core service for email communica-
tion. [Figure 9.11]

(a) Received Mail from Admin1 (b) Received Reply from Admin2

Figure 9.11: Mail Service

66
5. FTP(File Transfer Protocol) Service: FTP is used for transferring files between a
client and a server on a network. It’s often used for website maintenance and file
sharing. [Figure 9.12]

(a) Uploading File (b) Downloading File

Figure 9.12: FTP Service

6. NTP(Network Time Protocol) Service: NTP is used to synchronize the time on net-
worked devices to a common time reference, often provided by highly accurate time
servers. [Figure 9.13]

Figure 9.13: NTP Service

67
 7. FTP(Syslog Service: Syslog is a standard protocol and service used in networking and
computing for the collection and forwarding of log messages and event notifications.
It’s an essential component of network and system management, allowing devices and
applications to generate logs and send them to a central repository or a Syslog server
for monitoring, analysis, and troubleshooting.

• VoIP (Voice over Internet Protocol) Service: VoIP services allow voice communication
over IP networks, making internet-based phone calls possible. [Figure 9.14]

(a) Connected To 2001

(b) Connected To 1001

Figure 9.14: VoIP Service

68
• IoT (Internet of Things) Service: IoT includes various services. Motion detective lights,
fans, doors [Figure 9.15]. Fire prevention system [Figure 9.16]. RFID (Radio-Frequency
Identification) door system [Figure 9.17].

Figure 9.15: Motion Detective Devices

Figure 9.16: Fire Prevention Sysytem

Figure 9.17: RFID Door Sysytem

69
9.3 Chapter summary

In this chapter, I explore the technical elements of network security as well as the large range
of services available on the university network. This chapter delivers an all-around and secure
network environment for the university by protecting device access, creating robust firewall rules,
and providing different services such as DNS, web, DHCP, mail, FTP, NTP, VoIP, Syslog, and IoT.

70
10 Conclusion

In conclusion, the journey through the complexities of network design and Implementation has
been specified by several key findings, significant challenges, and notable successes. Each com-
ponent has been carefully considered, from theoretical underpinnings to practical configurations,
laying the platform for a resilient and efficient network.

There are several key findings that play an important role in the network and its architecture.
One of the major finding is the hierarchical structure, with distinct zones and layers that helps to
form the basis for a secure and scalable network. And another key finding is site-to-site IPSec
connection between two separate campuses for secure data connection and file transfer.

There were plenty of challenges, especially in the network architecture throughout the design
and implementation phases. Creating a resilient and efficient network structure requires consider-
ing a number of factors, and managing these complexities requires strategic thinking and decision-
making. Network security was also a very challenging for the configuration process. As cyber
threats become more advanced, the network had to be secured with firewalls, access controls, and
other security protocols without compromising the smooth flow of data. Achieving this balance
required careful preparation and constant adjusting.

The successful configuration and integration of many devices demonstrated success. From
routers and switches to end devices and IoT technologies, each component was carefully put and
configured to contribute to the overall network functionality.

The network architecture is concerned with a university’s main network. As a result, I have not
included any departments such as CSE, EEE, BBA and others that will be included in the future
work. There are very few aspects the could be improved or added such as security measures,
performance monitoring and optimization, backup server. I plan to execute these advance security
and services in future work.

71
 In essence, this network architecture is a dynamic solution to the complicated problems given
by current digital connectivity, rather than a technological blueprint. It demonstrates the combi-
nation of theoretical knowledge and actual execution, providing a model for robust, secure, and
future-ready network architectures For University Network.

72
References

[1] J. Mark Pullen, “The network workbench: network simulation software for academic inves-
tigation of internet concepts,” Computer Networks, vol. 32, no. 3, pp. 365–378, 2000.

[2] C. Smera and J. Sandeep, “Networks simulation: Research based implementation using
tools and approaches,” in 2022 IEEE 3rd Global Conference for Advancement in Technology
(GCAT), 2022, pp. 1–7.

[3] J. Mark Pullen, “Teaching network protocol concepts in an open-source simulation environ-
ment,” in Proceedings of the 23rd Annual ACM Conference on Innovation and Technology
in Computer Science Education, ser. ITiCSE 2018. Association for Computing Machinery,
New York, NY, USA, 2018, p. 165–169.

[4] N. Abdul Rashid, M. Othman, R. Johan, and S. Sidek, “Cisco packet tracer simulation as ef-
fective pedagogy in computer networking course,” International Journal of Interactive Mo-
bile Technologies (iJIM), vol. 13, p. 4, Oct 2019.

[5] J. Allison, “Simulation-based learning via cisco packet tracer to enhance the teaching of com-
puter networks,” in Proceedings of the 27th ACM Conference on on Innovation and Technol-
ogy in Computer Science Education Vol. 1, ser. ITiCSE ’22. Association for Computing
Machinery, New York, NY, USA, 2022, p. 68–74.

[6] S. Kurnaz, Abdulkareem, M. M. Yaseen, and S. Adnan, “Implementation of

cisco packet tracer in advance computer network,” AURUM Journal of Engineering
Systems and Architecture, vol. 2, no. 1, pp. 33 – 47, 2018. [Online]. Available:
https://dergipark.org.tr/en/pub/ajesa/issue/38451/445980

[7] S. Soták, “Scenarios of diagnosticexercises within a computer network,” 2021. [Online].

Available: https://is.muni.cz/th/yog57/master thesis.pdf

[8] B. G. Wani and S. Fegade, “Implementation of college network module using cisco packet
tracer simulator,” International Journal of Advanced Research in Computer and Communi-
cation Engineering, vol. Vol. 9, Issue 10, Oct 2020.

73
 [9] Y. Banothe, R. Thakur, A. Banothe, and Prof P. Jaipurkar, “Architecture of college campus
network using cisco packet tracer,” International Research Journal of Modernization in
Engineering Technology and Science, vol. Vol. 5, Issue 4, Apr 2023. [Online]. Available:
https://www.irjmets.com/uploadedfiles/paper//issue 4 april 2023/35989/final/fin irjmets168
1618724.pdf

[10] A. Ziradkar, N. Mahendrakar, A. Palande, and Prof. Rajashri Sonawale, “Campus

network architecture using cisco packet tracer,” International Research Journal of
Engineering and Technology (IRJET), vol. Vol. 8, Issue 4, Apr 2021. [Online]. Available:
https://www.irjet.net/archives/V8/i4/IRJET-V8I4679.pdf

[11] A. Wikström, M. Thomson, and L. Mageramova, “Virtual private networks:: A feasibility

study of secure communications between remote locations,” 2014. [Online]. Available:
https://api.semanticscholar.org/CorpusID:108266103

[12] M. K. Chowdhury, “Designing and implementing a university network architecture using

cisco packet tracer,” 2023. [Online]. Available: http://dspace.uiu.ac.bd/handle/52243/2752

[13] S. Seth, V. Naqvi, R. Dalmia, and R. Tripathi, Implementation of College Network Scenario
Using Cisco Packet Tracer, 01 2022, pp. 337–348.

[14] D. Yuliana and I. K. A. Mogi, “Computer network design using ppdioo method with case
study of sma negeri 1 kunir,” Informatics Department, Faculty of Mathematics and Natural
Sciences, Udayana University, vol. JELIKU Volume 9 No 2, Nov 2020.

[15] T. Slattery, “A guide to network lifecycle management,” ARTICLE 1 OF 4

Part of: What’s involved in network lifecycle management?, Jul 2021. [Online].
Available: https://www.techtarget.com/searchnetworking/tip/A-guide-to-network-lifecycle-
management

[16] Cisco Networking Academy, Connecting Networks Companion Guide. Cisco Press, May
2014.

[17] Cisco 4000 Series Integrated Services Routers, “Cisco 4331 integrated
services router,” Branch Routers, Tech. Rep., Sep 2014. [Online].
Available: https://www.cisco.com/c/en/us/support/routers/4331-integrated-services-router-
isr/model.html

[18] Cisco 2800 Series Integrated Services Routers, “Cisco 2811 inte-
grated services router,” Branch Routers, Tech. Rep. [Online]. Available:
https://www.cisco.com/c/en/us/obsolete/routers/cisco-2811-integrated-services-router.html

74
[19] Cisco Catalyst 3650 Series Switches, “Cisco catalyst ws-c3650-24ps
switch,” Multilayer Switch, Tech. Rep., May 2018. [Online]. Avail-
able: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-
switches/data sheet-c78-729449.html

[20] Cisco Catalyst 2900 Series Switches, “Cisco catalyst 2960-24tt

switch,” Campus LAN Switch, Tech. Rep. [Online]. Available:
https://www.cisco.com/c/en/us/support/switches/catalyst-2960-series-switches/series.html

[21] Cisco ASA 5500-X with FirePOWER Services, “Cisco asa 5506,” Firewalls, Tech. Rep.
[Online]. Available: https://www.cisco.com/c/en/us/support/security/asa-5506-x-firepower-
services/model.html

75
 .

76

View publication stats