Online: 0
Still Thinking Of Assignment Help & Grades ? Book Your Assignment At The Lowest Price Now & Secure Higher Grades! CALL US +91-9872003804
logo
Order Now
Value Assignment Help

Assignment sample solution of ITC201 - Networking Fundamentals

You have been tasked with designing a secure and efficient network for a medium-sized company with 100 employees across two floors. The company requires access to shared resources such as file servers, printers, and internal web applications. Additionally, employees need secure access to the internet, and the company must protect sensitive data while allowing for scalability as the number of employees and devices may increase in the future. The network must also support Wi-Fi access for mobile devices and guest users.

Your job is to:

  • Design the network architecture, including physical and logical topology.
  • Choose appropriate networking devices (routers, switches, access points).
  • Implement security measures to protect the network from unauthorized access and external threats.
  • Provide scalability options as the company grows.
  • Explain how the IP addressing will be managed and configured for internal devices and guests.

Describe the steps you would take to meet the above requirements, explaining the network components, technologies, and security measures you would employ. Provide the network topology, along with details on how you would configure subnetting, VLANs, firewalls, and Wi-Fi security. Discuss how your solution will support future growth.

  1. 1
  2. 2

It Write Up Assignment Sample

Q1:

Answer :

1. Network Architecture Design:

The first step in designing the network is to choose an appropriate physical and logical topology. Since the company has two floors, we’ll design a network that accommodates both wired and wireless connections for employees, while providing secure guest access.

  • Physical Topology:

    • Given that there are two floors, the network will use a star topology for each floor, with each floor connected to a central core switch. A central router will connect the internal network to the internet and manage all external traffic.

    • Cabling: The network will be wired with Ethernet Cat 6 cabling for high-speed connections between devices and switches.

  • The physical layout could look like this:

    • Floor 1: Several desktop computers, printers, phones, and wireless access points (APs) connected to a floor switch.

    • Floor 2: Similar setup, also connected to the floor switch.

    • A core switch will be used to aggregate connections from both floors.

    • A router will provide the connection to the internet.

    • Wireless Access Points (APs) will be deployed on both floors to provide Wi-Fi coverage.

  • Logical Topology:

    • VLANs (Virtual Local Area Networks) will be created to logically separate different types of traffic (e.g., employee traffic, guest traffic, management traffic). This will help with security and performance.

    • We will create three VLANs:

      • VLAN 10 (Employee VLAN): For regular employees and their devices (computers, laptops).

      • VLAN 20 (Guest VLAN): For guest access with internet-only connectivity, restricted from accessing internal resources.

      • VLAN 30 (Management VLAN): For sensitive systems such as servers, network devices, and management traffic.

    • Each VLAN will be assigned a unique IP subnet to ensure proper separation.

2. Networking Devices and Configuration:

  • Router: The router will be the entry/exit point for the internal network to the internet. It will manage NAT (Network Address Translation) to allow multiple internal devices to share a single public IP address and configure firewall rules to block unauthorized traffic.

    • The router will also support Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to internal devices in the respective subnets.

  • Switches:

    • Each floor will have a Layer 2 switch that connects all the devices on that floor.

    • A core switch (Layer 3) will manage the routing between VLANs and connect to the router. The core switch will be responsible for handling inter-VLAN routing, using IP routing.

    • The switches will also support Spanning Tree Protocol (STP) to prevent network loops.

  • Access Points (APs): For wireless access, dual-band wireless access points (supporting both 2.4 GHz and 5 GHz) will be deployed on both floors to ensure that all areas have strong Wi-Fi coverage. The APs will be connected to the switches.

3. IP Addressing and Subnetting:

We will configure IP addressing for internal devices and guests using private IP address ranges and proper subnetting. Here's how the addressing scheme will be set up:

  • VLAN 10 (Employee VLAN):

    • Subnet: 192.168.10.0/24

    • Range: 192.168.10.1 to 192.168.10.254

    • The router will assign IP addresses dynamically using DHCP for devices such as computers, printers, and phones.

  • VLAN 20 (Guest VLAN):

    • Subnet: 192.168.20.0/24

    • Range: 192.168.20.1 to 192.168.20.254

    • The router will assign IP addresses to guest devices, but these devices will only have internet access, not internal network access.

  • VLAN 30 (Management VLAN):

    • Subnet: 192.168.30.0/24

    • Range: 192.168.30.1 to 192.168.30.254

    • Reserved for critical internal devices like servers, network printers, and management consoles.

To ensure scalability, we will configure DHCP reservations for devices that require static IPs (e.g., printers, servers), and the rest will be dynamically assigned within the given subnets.

4. Security Measures:

To secure the network, we will implement the following security features:

  • Firewall Configuration: The router will include a firewall to filter incoming and outgoing traffic. It will allow only certain types of traffic to flow between the internal network and the internet, blocking unnecessary ports.

    • Access Control Lists (ACLs) will be implemented to limit traffic between VLANs. For example:

      • Traffic from VLAN 10 (Employee VLAN) to VLAN 20 (Guest VLAN) will be blocked to prevent employees from accessing guest devices.

      • Access to critical resources in VLAN 30 (Management VLAN) will be restricted to administrators only.

  • Wi-Fi Security:

    • The wireless network will use WPA3 encryption to ensure the highest level of wireless security.

    • A separate SSID for guests will be configured with a password to ensure only authorized guests have access.

    • Captive portals can be implemented to control guest access, redirecting them to a landing page where they can enter credentials or accept the terms and conditions before gaining internet access.

  • VLAN Segmentation: By creating different VLANs for employees, guests, and management, we enhance security by isolating traffic and reducing the risk of unauthorized access to sensitive resources. Devices in the guest VLAN will only have access to the internet and not to internal resources.

  • Network Monitoring and Logging: A monitoring system like Syslog or SNMP will be used to track the performance and security of the network. Logs will help detect any unusual activity.

5. Scalability Considerations:

The network must be designed to support future growth. Here are several ways to ensure scalability:

  • IP Addressing: The IP addressing scheme is flexible enough to accommodate additional devices as the company grows. For instance, if the company needs more IP addresses in any of the subnets, we can simply expand the subnet by using a /23 subnet mask (e.g., 192.168.10.0/23 for up to 512 devices).

  • VLAN Expansion: If the company expands into multiple floors or departments, additional VLANs can be easily created for new departments or business units. Each VLAN can have its own subnet, making the network more organized and secure.

  • Layer 3 Switching: The core switch supports inter-VLAN routing, which will allow for easy addition of new VLANs and routing paths without significant changes to the infrastructure.

  • Wi-Fi Expansion: If more employees or devices are added, additional access points can be deployed to ensure adequate wireless coverage. New APs can be connected to the existing Layer 2 switches, and the central management platform can handle configuration updates across all APs.

Conclusion:

This network design provides a secure, scalable, and efficient solution for the medium-sized company's IT infrastructure. By using VLANs for traffic segregation, subnetting to manage IP address allocation, and employing robust security measures such as firewalls, WPA3 encryption, and ACLs, we ensure the network is both secure and future-proof. The choice of Layer 3 switches for inter-VLAN routing and scalable IP addressing enables easy growth as the company expands. Additionally, with careful Wi-Fi deployment and guest access control, the system ensures a flexible and secure network for all employees and guests