3/26/2019 Assignment

Report
Table of Contents
Abstract:................................................................................................................................................................................. 2
LAN configuration: ............................................................................................................................................................... 3
IP Addressing: ....................................................................................................................................................................... 3
Topology:............................................................................................................................................................................... 3
Switching/Routing: ................................................................................................................................................................ 4
DNS, VPN and ACL: ............................................................................................................................................................ 4
Wireless LAN Controllers ..................................................................................................................................................... 5
WLAN Range ........................................................................................................................................................................ 5
Channels and roaming ........................................................................................................................................................... 6
Basic security services ........................................................................................................................................................... 7
Wi-Fi Protected Access (WPA and WPA2) .......................................................................................................................... 7
Layered Approach ................................................................................................................................................................. 7
IPv4/IPv6 ............................................................................................................................................................................... 7
External Connectivity ............................................................................................................................................................ 8
VPN/Firewall Module and PCI Compliance............................................................................................................................ 8
Management Network .......................................................................................................................................................... 8
Network Management Systems ............................................................................................................................................ 9
Working of whole Network: .................................................................................................................................................. 9
Reference: .............................................................................................................................................................................. 9
Abstract:
This report consists of a network connecting the campuses of a university and every
campus has two buildings. In this report the LAN, IP Addressing, Switching/Routing, Ethernet, VLAN,
DHCP, HTTP, DNS, VPN, and ACL, etc. are discussed that how can we apply these configurations to
connect the two campuses.
LAN configuration:
We can connect the two buildings with LAN network. In the LAN network switch will be a better option to
connect each building of a single campus. So, in this way single building will be connected with router through switch.
So, a LAN network will be created.
So, the routers from either end will be connected through the internet because for WAN that will not be better option as
that will be more expensive for cables and fiber.

IP Addressing:
As the Static IP address don’t change and most IP address assigned by internet today are dynamic addressing which
results into very expensive for the ISP. In this case to connect the two campuses of university there is no need of dynamic
addressing. So, static IP addressing is better option avoiding the cost.
Now the problem is how much PCs are working and how many IP addresses are being wasted?
In this VLSM is technique in which we can avoid the wastage of IP addresses because we can not buy new IP address for
a single network. For example, lab which is single network, if 30 IPs are in use then we can not give it a single IP address
i.e. 192.168.1.0 having SM 255.255.255.0 in this case there are 255-30=225 IP addresses are being wasted.
So, to avoid this wastage an IP address 192.168.1.0 having SM 255.255.255.224 is used. In this case only 2 IP address
will be wasted.

Topology:
Switching/Routing:
The Switching is used to switch data packets between devices on the same network (or same LAN - Local Area
Network).
On the other hand, the function of Routing is to Route packets between different networks (between different LANs -
Local Area Networks).
So, in this case to select the routing protocol we can choose the static routing i.e. it has following characteristics
In static routing, network administrator manually enters the routing entries to the routing table of each router and
computer. A routing entry is an entry that specifies what the gateway that a packet must be forwarded, for it to reach a
certain destination. On each router or computer, a table called routing table exists that contains several routing entries. For
a simple small network, entering static routes to each router would be doable but it becomes too tedious with the increase
of the size and the complexity of the network. Also, if a change occurs in a network that affects routing (for example, a
router is down, or a new router is added), routing entries must be manually changed. So, in static routing, management of
routing tables must also be done by the administrator. The advantage of static routing is that there is not much processing.
The only action is to do a lookup on the routing table for a specific destination and hence the routing hardware must not
need any sophisticated processors making them cheaper.
In this case we have only two LAN networks connected with routers through internet hence static routing is better option
because it is not a too long network.
Network devices such as switches, hubs, bridges, workstations and servers connected to each other in the same network at
a specific location are generally known as LANs. A LAN is also considered a broadcast domain. A VLAN allows several
networks to work virtually as one LAN.

DNS, VPN and ACL:

Now to provide a basic level of security for the network ACL stands for access control list is very
important because they do provide the depth of protection on higher speed interfaces where line rate speed
is important, and firewalls may be restrictive. ACLs are also used to restrict updates for routing from
network peers and can be instrumental in defining flow control for network traffic.
ACLs are a network filter utilized by routers and some switches to permit and restrict data flows into and
out of network interfaces. When an ACL is configured on an interface, the network device analyzes data
passing through the interface, compares it to the criteria described in the ACL, and either permits the data
to flow or prohibits it.
In this case a DNS is required which able to control the IPs whether to let them access to their destination.
In this case ACL will be best option to control the IP which will better way for security options.

A VPN connects your PC, smartphone, or tablet to another computer (called a server) somewhere on the
internet and allows you to browse the internet using that computer’s internet connection. So, if that server is in a
different country, it will appear as if you are coming from that country, and you can potentially access things
that you couldn’t normally.

So how does this help you? Good question! You can use a VPN to:
• Bypass geographic restrictions on websites or streaming audio and video.
• Watch streaming media like Netflix and Hulu.
• Protect yourself from snooping on untrustworthy Wi-Fi hotspots.
• Gain at least some anonymity online by hiding your true location.
• Protect yourself from being logged while torrenting.

Most people these days are using VPN for torrenting or bypassing geographic restrictions to watch content in a
different country. They are still very useful for protecting yourself while working at a coffee shop, but that’s
hardly the primary use anymore.

DNS. (Domain Name System) The Internet's system for converting alphabetic names into numeric IP
addresses. For example, when a Web address (URL) is typed into a browser, DNS servers return the IP address
of the Web server associated with that name.

Wireless LAN Controllers

The AP grouping feature of the WLC allows a single WLAN to be supported across
multiple dynamic interfaces (VLANs) on the controller. This is done when a group of

APs is mapped to a specific dynamic interface. APs can be grouped logically by

employee workgroup or physically by location. AP Group VLANs are used in a setup
where a Universal WLAN service set identifier [SSID] is required but clients need to be
differentiated (placed on different interfaces configured on the WLC) by virtue of

physical LAPs they associate with.

When a client joins a WLAN, the interface used is determined by the LAP it is associated
with, and by looking up the AP Group VLAN and WLAN for that LAP. The AP Group
VLANs feature is an additional method used to limit the broadcast domains to a
minimum. This helps to manage load balancing and bandwidth allocation more
effectively.

WLAN Range
The reliable coverage range for 802.11 WLANs depends on several factors;
· Data rate required and capacity.
· Sources of RF interference.
· Physical area characteristics.
Theoretical ranges are from 25meters (11Mbps) in a closed office, to 485meters (1Mbps)
in open area. Through empirical analysis the typical range for connectivity of
802.11equipment, is approximates 25 meters (163 feet) indoors. A range of 100 meters in

open space makes WLAN the ideal technology for many campus applications. It is
important to recognize that special high gain antennas can increase the range of several
miles.

Channels and roaming

The 802.11b and 802.11g standards working in the 2.4 GHz frequency range have 13
channels available. However, to avoid crosstalk and interference there are effectively
only 3 non-overlapping channels that can be used (usually set at 1, 6 and 11).
Adjacent APs need to be set to different channels. This means that only 3 access points
can be used in parallel; Channel 6, Channel 11 and Channel 1.

As 802.11b/g and 802.11a operate in a different frequency range they are not
compatible
with each other. However, 802.11b/g and 802.11a networks can be used side by side to
increase capacity. In general both 802.11b and 802.11g (as they work in the 2.4GHz

frequency) have a greater range than 802.11a. In practice, to obtain the same network
coverage, the user may require up to four times as many access points when using an
802.11a network.
If 802.11g devices and 802.11b devices are in dialogue with each other then the data
rates
will be dictated by the 802.11b device. If two or more 802.11g devices are in dialogue
with each other but there are 802.11b devices in the same network, then 802.11g data
rates will drop but may well still be more than the practical rates of 802.11b. There are
802.11g access points, or dual or tri-band access point incorporating 802.11g which
can
be set to only recognize 802.11g equipment. This obviously prevents the 802.11b
equipment from working on the 802.11g network but there are times when this may be
desirable.
Basic security services
The three basic security services defined by IEEE for the WLAN environment are as
follows:
· Authentication
The primary goal is to provide a security service to verify the identity of
communicating client stations. This provides access control to the network by denying
access to client stations that cannot authenticate properly.
· Privacy
Privacy is a second goal of WLAN security. The intent is to prevent information
compromise from passive attack.
· Integrity
Security service developed to ensure that messages are not modified in transit
between the wireless clients and the access point in an active attack.

Wi-Fi Protected Access (WPA and WPA2)

Wi-Fi Protected Access is a certification program created by the Wi-Fi Alliance to
indicate compliance with the security protocol created by the Wi-Fi Alliance to secure
wireless computer networks. This protocol was created in response to several serious
weaknesses researchers had found in the previous system, Wired Equivalent Privacy
(WEP).The protocol implements the majority of the IEEE 802.11i standard, and was
intended as an intermediate measure to take the place of WEP while 802.11i was
prepared. Specifically, the Temporal Key Integrity Protocol (TKIP) was brought into
WPA. TKIP could be implemented on pre-WPA wireless network interface cards.

Layered Approach
Campus LAN architecture may span up to three layers, from desktop devices connected
to wiring closet switches at the access layer to the core layer at the center of a large
campus LAN. The hierarchical topology segments the network into physical building
blocks, simplifying operation and increasing availability. Fig 3.0 interprets connection
from access layer to the core area.

IPv4/IPv6
The LSU network uses a dual-stack implementation of IPv6, which means that the IPv6
network runs on top of the IPv4 infrastructure. From a routing perspective, IPv4 requires
OSPF version 2, and IPV6 requires OSPF version 3. Even though these two versions
essentially make the protocols independent, the OSPF network design and structure for
both protocols, as it applies to LSU, are identical.
External Connectivity
There were no major issues as it relates to external connectivity. Two minor issues were
experienced. The first issue was experienced in terms of slow internet connectivity and
was related to the Intrusion Detection and Prevention engine on the perimeter firewall.
This issue was resolved and the condition remains stable. The second issue was related to
a system crash on the supervisor engine of the main border router. The supervision
engine was found to be in good condition and continues to be in operation. To prevent the
potential of a recurring issue, a second supervisor engine was installed and should
provide the adequate redundancy.
In September of 2012 LSU’s commodity Internet bandwidth increased from 500Mbps to
1.849Gbps. This was in part as a result of the new Internet usage and charge policy as
recommended by the LONI Management Council and approved by the Board of Regents.
The new policy established two service level standards, of which LSU signed-on for the
Multiple Provider Guarantee (MPG) level.
The average Internet bandwidth usage for the spring 2013 was 982.6MBps. This is in
comparison to fall 2012, which saw an average of 815.89Mbps. Percentage increase of
Internet bandwidth usage from fall 2012 to spring 2013 can be seen in table 9. Details for
statistics on Internet bandwidth utilization at the border router are provided.

VPN/Firewall Module and PCI Compliance

As depicted in figure 1, the VPN/Firewall module addresses specific networking needs to
different entities. One of those needs is PCI compliance. To address this need, firewall
appliances are installed at every distribution site that has a PCI requirement. This firewall
provides both network segmentation and stateful inspection. Currently there are only 9
distribution sites that have a firewall appliance for this purpose. The challenge that is
presented by this solution is both in terms of scalability, maintenance, and
troubleshooting. The firewall appliances used for this solution need to be managed
individually. Their configuration is complex as it requires them to run OSPF with the
distribution site, advertise a private IP network prefix that is NAT’ed at the perimeter
firewall, and provide remote access capabilities. As this solution expands, it has the
potential of adding more complexity to the overall network and prevent UNI from
providing adequate service. A solution must be found that can simplify the setup to ease
the existing challenges. This can be in the form of a more centralized solution that can
provide easier management and control.

Management Network
Through difference events that have taken place over time, the management network
evolved into a network that today serves multiple purposes. As such, it cannot be
accurately described as the management network. Below is a list of a number of
applications that run on the management network:
• Network gateway for LONI’s staff
• Peering router for CYMRU
 • Network gateway for management resources such as NMS, STRM, SPLUNK,
and Cisco LMS.
• Card swipe system
• VPN remote access for UNI staff
• DNS server OSPF peer

Due to the number of applications that run on the management network, the complexity
of its setup needs to be addressed and simplified. A determination needs to be made as to
which services need to be moved and where they need to be moved.

Network Management Systems

Two areas in the realm of network management have been of concern for UNI. For years
UNI has relied on Ziptie for device configuration backups. Unfortunately this open
source project is no longer supported. Backups are extremely important and the need for
a reliable solution is a must. In addition, UNI does not have the ability to deploy bulk
network configuration changes. These changes are usually required as a result of network
changes or even security concerns. Without an automated tool, the changes must be made
manually and this process can be very time consuming and error-prone. The appropriate
tools are necessary that would allow the UNI group to address these issues efficiently and
reliably.

Working of whole Network:

Now when totally network is connected according to the above situation then at the end, we have two routers from which
one of the routers will be a NAT router called as network address translation. Due to the router both campuses will be
connected to internet as well. And the websites or any IP address we want to let access it or not then we can do that from
NAT router using access control list.
That’s how we can connect the two campuses of a new made University.

Reference:
• https://www.howtogeek.com/133680/htg-explains-what-is-a-vpn/
• https://www.google.com.pk/search?q=dns+server&oq=dns&aqs=chrome.4.69i57j69i60l2j0l3.5123j0j1&sourceid
=chrome&ie=UTF-8
• https://protechgurus.com/configure-rip-routing-cisco-packet-tracer-ripv2/