4.

0 DESIGN

This chapter provides detailed information about design; this chapter provides deep concept
and information about the design and the network of ministry of foreign affairs. Also this chapter
describes the general design of the project and design.

4.1 PHYSICAL DESIGN

Networking is the major telecommunication medium today in different office and businesses
but these nowadays businesses began to develop their networking system to fiber optic wires
because fiber optics can use both local area network (LAN) and metropolitan area network
(MAN) because of their bandwidth, high speed and low loss and in this section we will focus
physical appearances of the LAN according to the following factors.

(Figure 4.1 physical design of the project)

4.2 LOGICAL DESIGN
4.2.1 ROLES OF NETWORK DEVICES
Network devices are generally the devices that work in this project (design) also this section
provides the configuration of the most common devices that installed on a LAN.

The network devices of this ministry are so close by the distance, the longest distance is
when you came down the stairs towards the network department is 8 steps but all the others the
longest distance is 5 steps

4.2.1.1 Router
Router connect networks using one of the following routed protocols

R1#
R1#
R1#show running-config
Building configuration...

Current configuration: 923 bytes

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
Hostname R1
!
ip cef
no ipv6 cef
!
!
!
No ip domain-lookup
!
!
Spanning-tree mode pvst
!
!
Interface FastEthernet0/0
Description the default-gateway of this LAN
ip address 192.168.1.1 255.255.255.0
Duplex auto
Speed auto
!
Interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
Interface Vlan1
no ip address
!
ip classless
!
ip flow-export version 9
!
!
!
no cdp run
!
Banner motd ^C
*****************************************************************
Unauthorized access and logins are forbidden
-----------------------------------------------------------------
^C
!
!
!
line con 0
exec-timeout 120 0
password cisco
login
!
line aux 0
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
End
 ROUTER TELNET ACCESSING SECURE

To secure the router telnet accessing we configure inside the router this command

R1(config)#
R1(config)#
R1(config)#line vty 0 4
R1(config-line)#
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#
R1(config-line)#exit
R1(config)#
R1(config)#

4.2.1.2 Role of Switches

Switch is a computer networking device that connects devices together on a computer
network by using packet switching to receive, process, and forward data to the destination
device.

Here below are the configurations of switch we protect and make secure the switches of our
project like protecting to access switches from telnet and the authorization access from inside the
network

switch(config)#
switch(config)#
switch(config)#hostname S3
S3(config)#
S3(config)#enable secret cisco
S3(config)#no ip domain-lookup
S3(config)#spanning-tree mode pvst

 Giving the switch IP address and default—gateway

S3(config)#in vlan1
S3(config-if)#ip address 192.168.1.4 255.255.255.0
S3(config-if)#ip default-gateway 192.168.1.1
S3(config)#
Banner motd is the warning message when someone tries to access the network devices

S3(config)#banner motd -c
Enter TEXT message. End with the character '-'.
*****************************************************************
Unauthorized access and logins are Forbidden
*****************************************************************-c

 This is all about making the network devices especially the switches secure
from both internally and externally who do not have the authentication or the right
to access them.

S3(config)#
S3(config)#line console 0
S3(config-line)#password Cisco
S3(config-line)#logging synchronous
S3(config-line)#login
S3(config-line)#
S3(config-line)#line vty 0 4
S3(config-line)#password cisco
S3(config-line)#login
S3(config-line)#
S3(config-line)#line vty 5 15
S3(config-line)#password cisco
S3(config-line)#login
S3(config-line)#

 DTP mode
S3#
S3#show dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
0 interfaces using DTP
S3#

 Switch VLANs
S3#
S3#
S3#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/1
Gig0/2
30 network active Fa0/5
40 Ministry active Fa0/8, Fa0/9
50 DG active Fa0/7, Fa0/10
60 HR active Fa0/1, Fa0/2
70 Archive active
80 Accounting active Fa0/3, Fa0/4
90 attendences active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
S3#
 Server configuration
This figure shows the MOF server configuration

(Figure 4.1 server configuration

4.2.1.3 VLANs

A VLAN is a switched network that is logically segmented y functions, project team or

application, without regard to the physical locations of the users. VLANs have the same
attributes at physical LANs, but you can group end stations even if they are not physically
located on the same LAN segment. Any switch port belongs to a VLAN. Each VLAN is
considered a logical network and packets destined for station that don’t belong VLAN must be
forwarded through a router because a VLAN is considered a separate logical network.
 4.2.1.3.1 Assigning VLANs to Departments

Departments VLANs

Network admin 30

Ministry 40

DG 50

Human Resource 60

Archive 70

Accounting 80

Attendance 90

Politics 100

(Figure 4.2 VLANs and their departments)

 4.2.2 Purpose of VLANs
In simple word a VLAN is a group of PCs, server and other network resources that behave as
if they were connected to a single, network segment.

4.3 SETTING IP ADDRESSES OF ALL DEVICES AND DEFAULT-GATEWAYS

NAME IP ADDRESS DEFAULT GATEWAY

Router 192.168.1.1 -------------------------------------
Switch 1 192.168.1.2 192.168.1.1
Switch 2 192.168.1.3 192.168.1.1
Switch 3 192.168.1.4 192.168.1.1
DG PC 1 192.168.1.5 192.168.1.1
DG assistant PC 2 192.168.1.6 192.168.1.1
Ministry PC 3 192.168.1.7 192.168.1.1
M Assistant PC 4 192.168.1.8 192.168.1.1
Net Admin PC 5 192.168.1.9 192.168.1.1
Server PC 6 192.168.1.10 192.168.1.1
PC 7 192.168.1.11 192.168.1.1
PC 8 192.168.1.12 192.168.1.1
PC 9 192.168.1.13 192.168.1.1
PC 10 192.168.1.14 192.168.1.1
PC 11 192.168.1.15 192.168.1.1
PC 12 192.168.1.16 192.168.1.1
HR assistant PC 13 192.168.1.17 192.168.1.1
HR PC 14 192.168.1.18 192.168.1.1
Accountant PC 15 192.168.1.19 192.168.1.1
A assistant PC 16 192.168.1.20 192.168.1.1
Politics admin PC 17 192.168.1.21 192.168.1.1
P assistant PC 18 192.168.1.22 192.168.1.1
PC 19 192.168.1.23 192.168.1.1
PC 20 192.168.1.24 192.168.1.1
PC 21 192.168.1.27 192.168.1.1
PC 22 192.168.1.26 192.168.1.1
PC 23 192.168.1.28 192.168.1.1
PC 24 192.168.1.29 192.168.1.1
PC 25 192.168.1.30 192.168.1.1
PC 26 192.168.1.31 192.168.1.1
Attendance PC 27 192.168.1.32 192.168.1.1
Attendance PC 28 192.168.1.33 192.168.1.1
Attendance PC 29 192.168.1.34 192.168.1.1
Archive admin PC 30 192.168.1.36 192.168.1.1
Archive assis PC 31 192.168.1.35 192.168.1.1
PC 32 192.168.1.37 192.168.1.1
(Figure 4.4 IP address)