Professional Documents
Culture Documents
Presented by:
Selamawit Hunelegn
Abiy Girma
Eskinder Getachew
INTERNSHIP PROJECT
VISION2000 LAN DESIGN AT
INSA
(information network security agency)
Content
Background about the company
Problem statement
Objective Project Conclusion and recommendation Internship experiance
contd
Project
We have been working on network department
for a company named VISION2000 We analyzed the requirements and come up with some problems
problem
All the traffic go to one switch (back bone) cause traffic congestion If the backbone switch fail the whole network will goes down Not scalable
o No reserved IP address o Doesnt support network device from another vender
contd..
We believes that this network design offers the
following features
Scalable network LAN Up-to-date technology performance Security Availability Manageable Adaptability Affordability
9
Requirements of VISION2000
The design and deployment of LAN that support
Internet Mail
10
11
contd..
Expected application that can run in these
network infrastructure
Dynamic website Internet Mail Antivirus
12
LAN Design
Goal of LAN design
13
contd..
the design have the following consideration
LAN protocols and technology considerations; LAN device considerations;
14
contd
Network devices
Access Switch:
Cisco catalyst 2960 used to connect workstations.
Distribution switches:
Cisco catalyst 4507 There are two, including redundancy, Cisco distribution switches in the Vision 2000
LAN.
Routing and policy based security will be configured in these switches Serves as a DHCP server for the internal workstations. VLANs should be created to separate traffic flows among different VLANs. Other best practice security configurations will be implemented
15
VLAN Planning
Number of
16
VLAN Group
VLAN name VLAN 10 VLAN 20 VLAN 30 ASSIGNED TO Student Meeting Hall Research IP ADDRESS 172.20.0.0/23 172.20.2.0/24 172.20.3.0/25
VLAN 40
VLAN 50 VLAN 60 VLAN 70 VLAN 80
17
Support
Server Administration Store Server 2
172.20.3.128/27
172.20.3.160/28 172.20.3.192/28 172.20.3.208/28 172.20.3.176/28
contd..
IP addressing and name planning
IP addressing: Class b Private IP address (ipv4)- for all internal network NAT-to map the internal private address to public address
VLSM
18
contd..
VLSM
19
contd..
name planning
are assigned to
switches
Servers Hosts
Other resources
20
Naming system
Device Name VS_FLG_SR_AS00 VS_FL2_AD_AS00 Description Vision ground floor Store Access Switch 0 Vision second floor Administration Access Switch 0
Vision second floor Support Access Switch 0 Vision second floor Server Access Switch 0 Vision third floor Research Access Switch 0 Vision third floor Research Access Switch 1 Vision fourth floor Student Access Switch 0 Vision fourth floor Student Access Switch 1 Vision fourth floor Student Access Switch 2 Vision first floor Meeting Hall Access Switch 0
21
Selecting switching
protocol
VLAN tagging
protocol
since we used VLAN the interconnected switch need the IEEE 802.1q standard protocol to support these VLAN
22
contd..
o IEEE 802.1Q
Establish Standard method for tagging Ethernet frames Intended to address the problem of how to break large
network into smaller part so broadcast and multicast traffic would not grab more bandwidth than necessary
23
contd..
Spanning tree protocol (STP) : IEEE 802.1D
o why STP ?
o looping cause:-
the same MAC address to be seen on multiple port causing the switch forwarding function to fail
24
contd..
o In this network design
since redundant connection is used STP allows: automatic backup path if an active link fails without the danger of bridge loop and manual enable/disable
o For this network we choose RSTP
why RSTP?
because STP has slow convergence of up to 30 to 40 sec underutilized links and lack of load balancing mechanism
25
Routing protocol
26
27
Without security : the network can easily be attacked by intruders and cause a lot of problem
o physical security
refers to
protection of building site and equipment from theft Man made catastrophe and accidental damage
28
contd..
Security mechanism recommended for datacenter
CCTV system to watch who is inside the room and doing
what Alarm system when irregular activity in server room Fire detection and protection system in server room
on web)
Cisco firewall ( Cisco ASA 5500 series firewall and IPS
29
module)
contd..
o server farm security
all critical data are located here
so it must be protected from external and internal intruder unauthorized user Virus and malicious code
To protect this server farm
will be deployed **
30
contd..
o Anti-x
server based antivirus will be configured
to keep the LAN from malicious software such as Virus Worms Trojan horses
We will use kaspersky anti virus
provides
anti virus anti spam anti spy ware
31
result
we find that
our network is secured, scalable, reliable,
manageable and affordable . Users can get IP address dynamically. Clients can update their antivirus from the server We have different access level for the users of the company.
32
Conclusion
The network has good performance because we divide the traffic
33
from users into the redundant switches and the users are divided into different vlans The network is secured from viruses, malicious code and intruders because in this project we use firewall, access control list configuration on switches and there is also server based antivirus. The network is easy to manage because the users are divided into valns groups that is based on access level and departments. and also each network device has organized naming system, which makes it easy to troubleshoot and configure . The problem of network failover is solved due to the redundant switches the network is scalable because in the configuration we choose industry standard protocols not Cisco proprietary
Recommendation
Application
Future work
It is recommended that the company add redundandent core
switch which give the network high performance. The redundandent core switch is used for fast packet switching. And also it is recommended that the company to have a database server. It simplifies file management and also secure from an authorized access.
34
Internship Experience
Working processes in companies
Work ethics
Personal skill
35
Thank you
36