CAMPUS/UNIVERSITY NETWORK DESIGN & CONFIGURATION ON PACKET TRACER SIMULATION
1. DESCRIPTION
This network design simulates a real life campus network. It contains devices needed to create the network and all associated configurations.
There are two departments and a private datacenter for the school.
2. NETWORK DEVICES USED
2.1 MULTI-LAYER SWITCH
A multilayer switch is a network device that has the ability to operate at higher layers of the OSI reference model, unlike the Data Link Layer (DLL) traditionally used by switches. A multilayer switch can perform the functions of a switch as well as that of a router at incredibly fast speeds.
It is a distribution switch which is a layer 3 switch.
2.2 ROUTER
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet.
2.3 ACCESS-SWITCH
As access switch is the one that allows your devices to connect the network, it undoubtedly supports port security, VLANs, Fast Ethernet/Gigabit Ethernet and etc. … All in all, access switch is usually a layer 2 switch.
2.4 SERVERS
A server is a computer that provides data to other computers. It may serve data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet. Many types of servers exist, including web servers, mail servers, and file servers.
2.5 PC’S
A personal computer (PC) is a multi-purpose computer whose size, capabilities, and price make it feasible for individual use
2.6 ISP
The definition of an ISP is defined as an Internet Service Provider which is a company providing Internet access. An example of an ISP is the company AT&T, MTN. A company that provides subscribers with access to the Internet.
3. NETWORK DEVICES COMMUNICATIONS
All PC’s can ping the internet (which is avaliable at 8.8.8.8 dns)
Each devices in each vlan and each department can ping each other.
PC’s in different department cannot ping each other.
PC’s And Server are assigned ip address by dhcp.
PC’S and Servers in the schools private datacenter can only ping each other and not the outside world.
4. NETWORK CONFIGURATIONS USED
This is a campus network design which implements
4.1 HSRP
4.2 EIGRP
4.3 PORTCHANNEL
4.4 NAT
4.5 DHCP
4.6 THREE TIER NETWORK DESIGN
4.7 PORT SECURITY
4.8 PARTIAL MESH DESIGN
4.9 VLANS
4.10 IP ADDRESSSING
4.11 SPANNING-TREE ROOT-BRIDGE
4.1 HSRP:
In computer networking, the Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway. Version 2 of the protocol is mostly used Version 2 of the protocol introduces stability, scalability and diagnostic improvements.
The primary router with the highest configured priority will act as a virtual router with a pre-defined gateway IP address and will respond to the ARP or ND request from machines connected to the LAN with a virtual MAC address.
E.G
ON THE FIRST ROUTER (R1)
interface Vlan3
standby 3 ip 192.168.3.1 — — assigning a virtual ip to HSRP group “3”
standby 3 priority 120 ! — — Assign a priority (120 in this case) to the router interface Vlan3! for a particular group number (3). The default is 100.
standby 3 preempt: — — Allows the router to become the active router when the priority is higher than all other HSRP-configured routers in the hot standby group. If you do not use the standby preempt command in the configuration .for a router, that router does not become the active router, even if the priority is higher than all other routers.
ON THE OTHER ROUTER (R2)
interface Vlan3
standby 3 ip 192.168.3.1 — — This becomes the standby router.
4.2 EIGRP
Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers.
E.G
ON THE ROUTER
router eigrp 1
network 0.0.0.0
no auto-summary
4.3 PORT-CHANNEL
A port channel is an aggregation of multiple physical interfaces that creates a logical interface. You can bundle up to eight individual active links into a port channel to provide increased bandwidth and redundancy. Port channeling also load balances traffic across these physical interfaces.
It can be statically (on /off) and LACP(Active and Passively enabled)
E.G
ON THE SWITCH:
Initialise the port-channel:
switch(config)# interface port-channel 1
switch(config-if)# channel-group 1mode active
how to add an Ethernet interface 1/4 to channel group 1:
switch# configure terminal
switch (config)# interface ethernet 1/4
switch(config-if)# switchport mode trunk
switch(config-if)# channel-group 1
4.4 NAT(Network Address Translation)
Network address translation (NAT) is a method of remapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.
E.G
ON THE ROUTER
on the inside interface
interface GigabitEthernet0/1
ip address 10.0.0.62 255.255.255.252
ip nat inside
on the outside interface
interface GigabitEthernet0/1/0
description Global IP to ISP
ip address 200.0.0.1 255.255.255.252
ip nat outside
ip nat inside source list 5 interface GigabitEthernet0/1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1/0
4.5 DHCP
The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks, whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on the network, so they can communicate with other IP networks.
A DHCP server enables computers to request IP addresses and networking parameters automatically from the Internet service provider (ISP), reducing the need for a network administrator or a user to manually assign IP addresses to all network devices.
E.G: DHCP ON A ROUTER
ip dhcp excluded-address 192.168.3.1 192.168.3.3
ip dhcp pool VLAN3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 8.8.8.8 — — (Optional,for testing)
domain-name IPvZero.com — — (Optional,for testing)
4.6 THREE TIER NETWORK DESIGN
Core Layer
Core Layer consists of biggest, fastest, and most expensive routers with the highest model numbers and Core Layer is considered as the back bone of networks. Core Layer routers are used to merge geographically separated networks. The Core Layer routers move information on the network as fast as possible. The switches operating at core layer switches packets as fast as possible.
Distribution layer:
The Distribution Layer is located between the access and core layers. The purpose of this layer is to provide boundary definition by implementing access lists and other filters. Therefore the Distribution Layer defines policy for the network. Distribution Layer include high-end layer 3 switches. Distribution Layer ensures that packets are properly routed between subnets and VLANs in your enterprise.
Access layer
Access layer includes access switches which are connected to the end devices (Computers, Printers, Servers etc). Access layer switches ensures that packets are delivered to the end devices.
4.7 PORT SECURITY
Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed. The port security feature offers the following benefits: You can limit the number of MAC addresses on a given port.
It is usually configured on a switch interface
E.G
ON THE SWITCH
switchport port-security
switchport port-security maximum 2 — — “2 Devices”
switchport port-security mac-address sticky
switchport port-security violation restrict — — “means restrict if violated”
switchport port-security mac-address sticky
spanning-tree portfast — — “enables forwarding state”
spanning-tree bpduguard enable — -”PortFast BPDU guard prevents loops when a BPDU is received on that port”
storm-control broadcast level 40
4.8 PARTIAL MESH DESIGN
In partial-mesh topology, some of the devices are connected to many devices together, but other devices are connected only to one or two devices. E.G The three tier design.
4.9 VLANS
VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs are usually configured on switches by placing some interfaces into one broadcast domain and some interfaces into another. Each VLAN acts as a subgroup of the switch ports in an Ethernet LAN.
The purpose of implementing a VLAN is to improve the performance of a network or apply appropriate security features. They can TRUNK and ACCESS.
E.G
ON THE SWITCH
switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# name accounting
switch(config-vlan)# state active
switch(config-vlan)# no shutdown
TRUNK VLAN
switchport trunk encapsulation dot1q
switchport mode trunk
ACCESS VLAN
switchport access vlan 5
switchport mode access
4.10 IP ADDRESSSING
An IP address is an address used in order to uniquely identify a device on an IP network. The address is made up of 32 binary bits, which can be divisible into a network portion and host portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits).
It is divided into class A-D
E.G
interface FastEthernet0/3
ip address 10.0.0.5 255.255.255.252
4.11 SPANNING-TREE ROOT-BRIDGE
The Root bridge (switch) is a special bridge at the top of the Spanning Tree (inverted tree). The branches (Ethernet connections) are then branched out from the root switch, connecting to other switches in the Local Area Network (LAN). All Bridges (Switches) are assigned a numerical value called bridge priority.
Bridge Priority (Switch Priority) Value is a 16-bit binary number. By default, all Cisco Switches has a Bridge Priority (Switch Priority) value of 32,768.
The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a configurable priority number and a MAC address; the bridge ID is the concatenation of the bridge priority and the MAC address. It is the preferred route
E.G
ON THE SWITCH
spanning-tree mode rapid-pvst
spanning-tree vlan 3,9 priority 24576
spanning-tree vlan 5,14 priority 28672
5. CONCLUSION
Very key concepts of networking were explained. Part of my revision on CCNA. download the file, and ping away.
WRITER: OLUYEDE SEGUN . A(jnr)
LINK TO PACKET TRACER FILE: https://projectsss.s3.us-east-2.amazonaws.com/campus_university+Design+CCNA.pkt
linkedin profile: https://www.linkedin.com/in/oluyede-segun-adedeji-jr-a5550b167/
twitter profile: https://twitter.com/oluyedejun1
TAGS: #NETWORKING #CCNA #CISCO #ROUTER #SWITCH #PACKETRACER #CAMPUSNETWORK