Odhiambo Victor William: 046725 2010

1) Provide a LAN/WAN Logical Design Diagram for each campus, indicating the number
and location of the Routers, Switches and Servers necessary to serve the above
requirements.
Odhiambo Victor William: 046725 2010
 Odhiambo Victor William: 046725 2010

2) Suggest Private Network IDs, Host Range and Broadcast IDs to serve each respective
campus. In addition, make additional Subnets for each respective campus showing how
you segment the Staff and Student IP traffic. Submit an IP Schematic Diagram
capturing the Subnet IDs, Host Range and Broadcast IDs.

Nairobi Campus
Students Staff
Network Id 192.168.0.0/23 192.168.2.0/24
1st Host 192.168.0.1/23 192.168.2.1/24
Last Host 192.168.1.254/23 192.168.2.254/24
Broadcast ID 192.168.1.255/23 192.168.2.255/24

Mombasa Campus
Students Staff
Network Id 192.168.6.0/23 192.168.4.0/25
1st Host 192.168.6.1/23 192.168.4.1/25
Last Host 192.168.7.254/23 192.168.4.126/25
Broadcast ID 192.168.7.255/23 192.168.4.127/25
 Odhiambo Victor William: 046725 2010

Kisumu Campus
Students Staff
Network Id 192.168.9.0/24 192.168.8.0/25
1st Host 192.168.9.1/24 192.168.8.1/25
Last Host 192.168.9.254/24 192.168.8.126/25
Broadcast ID 192.168.9.255/24 192.168.8.127/25

3) The ISP has allocated the following Public Network ID: - 200.0.0.0/26 to be configured
at Nairobi HQ to provide Internet Service. Subnet this Network ID to provide Internet
Services from the HQ network showing the IPs you would allocate for the Router
Interfaces, Web, Mail and Proxy Server Interfaces.

Address: 200.0.0.0 11001000.00000000.00000000.00 000000

Netmask: 255.255.255.192 = 26 11111111.11111111.11111111.11 000000
Wildcard: 0.0.0.63 00000000.00000000.00000000.00 111111
=>
Network: 200.0.0.0/26 11001000.00000000.00000000.00 000000 (Class C)
Broadcast: 200.0.0.63 11001000.00000000.00000000.00 111111
HostMin: 200.0.0.1 11001000.00000000.00000000.00 000001
HostMax: 200.0.0.62 11001000.00000000.00000000.00 111110
Hosts/Net: 62

Router Interface: 200.0.0.1/26

Web: 200.0.0.2/26
Proxy Server: 200.0.0.3/26
Mail: 200.0.0.4/26

4) For each Campus, suggest the IP address of the Router Interfaces, showing how traffic
is routed btwn the Campus and HQ Router. Submit Routing Table entries at each
Campus, that should also facilitate this routing.
 Odhiambo Victor William: 046725 2010

NAIROBI
IP route 200.0.0.16 255.255.255.248 200.0.0.10 Kisumu
IP route 200.0.0.32 255.255.255.248 200.0.0.11 Mombasa
IP route 0.0.0.0 0.0.0.0 200.0.0.1 ISP
MOMBASA
IP route 0.0.0.0 0.0.0.0 200.0.0.9 Nairobi
KISUMU
IP route 0.0.0.0 0.0.0.0 200.0.0.9 Nairobi

5) Suggest Security measures you would take to protect Services at the HQ Router,
submitting firewall rules that can enforce the same.
• SourcePrivate: Default setting is the private subnet 192.168.0.1, mask 255.255.255.0. This
rule helps protect against a class of address faking, or spoofing, attacks. It blocks all
inbound packets that have source address within the range of private subnet. If a different
IP range is used for the private subnet, then you must change this address.
• SourceBroadcast: This rule helps protect against a class of address imitating attacks. It blocks all
inbound packets that have the source address set to the broadcast address of 255.255.255.255.
• SourceLoopback: This rule help protect against a class of address imitating attacks. It blocks all
inbound packets that have a source address set to the loopback address of 127.0.0.1.
• DHCPUnicastResponse: This rule allows the DHCP server response, UDP port 68. This rule is
required to allow dynamic address configuration via DHCP.