Failure to complete, sign and submit this form will result

Project Supervisors Kamran Ali <> Saminda Wattuhewa <> Mohammed Hassan Programme HND Network Engineering Module HNP Jan 15 Author Sukhdev Jassi Student ID P1008915 OCTOBER 3, 2014 TO JULY 23, 2015 ST-PATRICKS INTERNATIONAL COLLEGE Duncan House, High Street, Stratford, London, E15 i HNP Jan 15 – Submission Form This sheet must be submitted with your HND project. Failure to complete, sign and submit this form will result in a mark of ‘0’ for the project. Student’s Name Sukhdev Jassi Student’s ID Number P1008915 Course Code 24131P Course Name Pearson BTEC HND Diploma in Network Engineering and Telecommunications Systems. Project Title Improved Ways to Reduce Bottleneck of Router in VLAN Date of Submission 06/08/2015 By submitting this form and signing below, I declare that: ï‚· I am the author of this HND project and that any assistance I received in its preparation is fully disclosed and acknowledged in this project. ï‚· I also certify that this project was prepared by me specifically for this course. ï‚· I certify that I have taken all reasonable precautions to make sure that my work has not been copied by other students. ï‚· I confirm that I have understood the College’s regulations on plagiarism. Signature: …Sukhdev Jassi……… Date: 31/07/2015……………… ii Abstract his HND project will be focusing on VLANs and how traffic moves inside a VLAN. The topic analyzed is traffic congestion on VLAN trunk lines; how and why traffic congestion occurs and how to alleviate congestion to avoid trunk line bottleneck and latency on a VLAN network. To do this a VLAN network is designed for a small local library. Research into VLAN networks is undertaken to analyze why bottleneck on trunk lines occurs and how if through VLAN design, configuration, protocols and routing methods bottleneck can either be reduced or totally eliminated from occurring on a trunk line. When a VLAN is designed and configured correctly it ensures that client computers will be able to send and receive packets without packet losses, retransmission of packets, collisions and latency occurring. During inter-VLAN traffic routing switches and routers use VLAN ID’s to identify packets. Switches have to be told how to route packets on a VLAN. The switch has various modes that enable it to perform routing. Trunk mode is configured permitting the switch to insert a VLAN tag into each frame passing on the trunk line. The trunk line permits multiple signals from multiple VLANs to simultaneously cross the trunk line. T iii Acknowledgements Am predominantly obliged to acknowledge and express my sincere gratitude to, St-Patrick’s International College for a highly intuitive and gratifying two years on the network engineering course, and for permitting me access to valuable resources from the college library for this project. I am beholden and thankful to my project supervisors Saminda Wattuhewa, Kamran Ali and an extremely special and whole-hearted thanks to Mohammed Hassan who helped and guided me through each stage of the project and was an invaluable source of knowledge and inspiration throughout the course of the final term. Lastly I would like to acknowledge all the authors mentioned in my inline citation and bibliography, my God, my wife Renu Jassi and family members for their support and encouragement whilst working on what seemed like endless days and nights over the last two years of the, ‘Pearson’s BTEC HND Diploma’. By Sukhdev Jassi, St-Patrick’s International College, 2013 – 2015. I iv Table of Contents HNP Jan 15 – Submission Form ……………………………………………………………………………………………….. i Abstract ……………………………………………………………………………………………………………………………… ii Acknowledgements ……………………………………………………………………………………………………………… iii Table of Contents ……………………………………………………………………………………………………………….. iv List of Figures……………………………………………………………………………………………………………………… ix List of Appendix-A Figures …………………………………………………………………………………………………… xii List of Appendix-B Figures ……………………………………………………………………………………………………xiii List of Tables ………………………………………………………………………………………………………………………xiv Chapter 1 – Introduction 1.1 Chapter Introduction ………………………………………………………………………………………………………. 1 1.2 Traffic Routing in a VLAN …………………………………………………………………………………………….. 1 1.3 Inspiration for Project…………………………………………………………………………………………………. 2 1.4 Problem Identification ………………………………………………………………………………………………… 2 1.5 Solution to the Problem ……………………………………………………………………………………………… 3 1.6 Aims …………………………………………………………………………………………………………………………………….3 1.7 Objectives ………………………………………………………………………………………………………………… 4 1.8 Record of Constraints/Risks and Assumptions ……………………………………………………………….. 5 1.9 Project Plan and Deliverables ………………………………………………………………………………………. 5 1.10 Report Layout ………………………………………………………………………………………………………….. 6 1.11 Chapter Summary …………………………………………………………………………………………………….. 6 v Chapter 2 – Literature Review 2.1 Chapter Introduction ………………………………………………………………………………………………………. 7 2.2 Domain Based Literature Review ……………………………………………………………………………………… 7 2.2.1 Understanding VLAN Concepts & Networks ……………………………………………………………….. 7 2.2.2 Trunk Links …………………………………………………………………………………………………………….. 9 2.3 Reasons for This Project ………………………………………………………………………………………………….. 9 2.4 Business Options …………………………………………………………………………………………………………… 10 2.5 Current System …………………………………………………………………………………………………………….. 10 2.5.1 Software Defined Network (SDN) …………………………………………………………………………….. 10 2.5.2 Upcoming Future Systems ………………………………………………………………………………………. 13 2.5.2.1 Application Centric Infrastructure (ACI) …………………………………………………………… 13 2.5.2.2 Summary of Current Systems and Future Systems ….
………………………………………… 14 2.6 Current System Problems and solutions in regards to Bottleneck Trunks ………………………… 15 2.7 Prerequisites of the prospective VLAN network …………………………………………………………… 16 2.8 Technological Founded Literature Review ………………………………………………………………………. 17 2.8.1 Trunk Lines/Sub-interfaces and Inter-VLAN Routing …………………………………………………… 17 2.8.2 VLAN Pruning ………………………………………………………………………………………………………… 21 2.8.3 Span Tree Protocol Concept ……………………………………………………………………………………. 21 2.8.4 STP Limitations ……………………………………………………………………………………………………… 23 2.9 Drawbacks of Solutions Researched ……………………………………………………………………………. 24 2.9.1 Possible Solutions ………………………………………………………………………………………………….. 24 2.9.2 Individual Self-Conceived Solution …………………………………………………………………………… 25 2.10 Expected Benefits of the Prospective VLAN Network ………………………………………………….. 26 2.10.1 Expected Dis-benefits of the prospective VLAN network …………………………………………… 26 vi 2.11 Development Tools and Techniques Review………………………………………………………………….. 27 2.11.1 Waterfall Life Cycle (SDLC) ……………………………………………………………………………………. 28 2.11.2 Network Design Software ……………………………………………………………………………………… 29 2.11.3 Network Simulation Software ……………………………………………………………………………….. 30 2.11.4 Chapter Summary ………………………………………………………………………………………………… 33 Chapter 3 – Analysis and Design 3.1 Chapter Introduction …………………………………………………………………………………………………….. 34 3.2 Analysis ………………………………………………………………………………………………………………….. 35 3.3 Method used to collect the Functional Requirements …………………………………………………… 35 3.4 Functional Requirements ………………………………………………………………………………………….. 35 3.4.1 Evidence of Analysis ………………………………………………………………………………………………. 36 3.4.2 Non-Functional Requirements ………………………………………………………………………………… 44 3.5 Network Diagram …………………………………………………………………………………………………….. 45 3.5.1 Analysis of Design ………………………………………………………………………………………………….. 45 3.5.2 Sub-netting and VLSM Ranges…………………………………………………………………………………. 46 3.5.3 Chapter Summary ………………………………………………………………………………………………….. 47 Chapter 4 – Implementation 4.1 Chapter Introduction …………………………………………………………………………………………………….. 48 4.2 Implementation ……………………………………………………………………………………………………….. 48 4.2.1 Challenges during Implementation ………………………………………………………………………….. 49 4.2.2 Solution to the Problems and Challenges faced during Implementation ……………………….. 49 4.2.3 Core Layer 3 Switch Configuration …………………………………………………………………………… 50 4.2.3.1 Creating the VLANs ………………………………………………………………………………………. 51 vii 4.2.3.2 IP Address for each logical VLAN …………………………………………………………………….. 51 4.2.3.3 Enabling Layer 3 IP Routing ……………………………………………………………………………. 52 4.2.3.4 Configuration for Trunk Lines on Core Switch ………………………………………………….. 53 4.2.3.5 IP Helper Configuration on layer 3 Switch ……………………………………………………….. 53 4.2.4 Configuration for Layer 2 Switch for VLAN 10 ……………………………………………………………. 54 4.2.4.1 Creation of VLAN 10 ……………………………………………………………………………………… 55 4.2.4.2 Configuration for VLAN 10 Layer 2 switch Trunk Line ………………………………………… 55 4.2.4.3 Assigning VLAN 10 to Switch Port and STP Configuration …………………………………… 56 4.2.5 Configuration for Switches without DHCP Client Machines Attached …………………………… 57 4.2.6 Router Configuration ……………………………………………………………………………………………… 58 4.2.6.1 AAA Security Authentication Configuration ……………………………………………………… 58 4.2.6.2 Enable Secret Configuration ………………………………………………………………………….. 58 4.2.6.3 Console Configuration …………………………………………………………………………………… 59 4.2.6.4 Telnet and Username Configuration ……………………………………………………………….. 60 4.2.6.5 Local Login Configuration ………………………………………………………………………………. 61 4.2.6.6 Username and Privileges Configuration …………………………………………………………… 62 4.2.7 Sub-Interface Configuration ……………………………………………………………………………………. 63 4.2.8 DHCP/DNS Server Configuration ……………………………………………………………………………… 65 4.2.9 Web Server (HTTP) Configuration ……………………………………………………………………………. 66 4.2.10 Email/FTP Server Configuration …………………………………………………………………………….. 67 4.2.10.1 FTP Configuration ……………………………………………………………………………………….. 68 4.2.11 Chapter Summary ………………………………………………………………………………………………… 69 viii Chapter 5 – Testing 5.1 Chapter Introduction …………………………………………………………………………………………………….. 70 5.2 Web Server Test ………………………………………………………………………………………………………. 70 5.2.1 Ping from Layer 3 Core Switch to clients on all VLANs ………………………………………………… 71 5.2.2 Ping Test from client machine on Members VLAN to the Router to check the Router is working correctly …………………………………………………………………………………………………………… 71 5.2.3 Ping Test from VLAN 10 to VLAN 20 …………………………………………………………………………. 72 5.2.4 Email and FTP Server Test ………………………………………………………………………………………. 72 5.2.5 Test to check
the Client Machine is receiving an IP address and Configuration Parameters are correct …………………………………………………………………………………………………………………… 74 5.2.6 Confirmation STP is Enabled and Functioning ……………………………………………………………. 75 5.2.7 Chapter Summary ………………………………………………………………………………………………….. 77 Chapter 6 – Evaluation and Conclusion 6.1 Chapter Introduction ………………………………………………………………………………………………… 78 6.2 Evaluation against Objectives …………………………………………………………………………………….. 78 6.3 Project Managers Perspective ……………………………………………………………………………………. 79 6.3.1 Developers Perspective ………………………………………………………………………………………….. 80 6.3.2 Chapter Summary ………………………………………………………………………………………………….. 81 Overall Conclusion Summary ……………………………………………………………………………………………….. 82 Overall Project Conclusion …………………………………………………………………………………………………… 83 Appendix –A ……………………………………………………………………………………………………………………… 84 Appendix – B ……………………………………………………………………………………………………………………… 96 Bibliography …………………………………………………………………………………………………………………….. 103 ix List of Figures Figure – 1: Image of VLAN and Trunk (dell.com, 2015). ……………………………………………………………. 1 Figure – 2: Image of project Gantt chart created using OpenProj software. ………………………………. 5 Figure – 3: Example image of three separate VLANs also known as three separate broadcast domains (Cisco.com, 2015). ………………………………………………………………………………………………….. 8 Figure – 4: Image of an uncomplicated Open-Flow network (Cisco.com, 2015). ………………………. 11 Figure – 5: Image of flow tables within a switch (Cisco.com, 2015). ………………………………………… 12 Figure – 6: Image of application centric infrastructure migration (Cisco.com, 2015). ……………….. 13 Figure – 7: Image of Cisco’s ACI (Cisco.com, 2015). ………………………………………………………………… 14 Figure – 8: Image depicting VLAN Trunking (Resources.infosecinstitute.com, 2012). ……………….. 17 Figure – 9: Image of single trunk line connected to the router; known as ‘Router on a Stick’ (Aconaway.com, 2015). ………………………………………………………………………………………………………. 18 Figure – 10: Image of a traditional Router on a Stick topology (Coffefueledchaos.com, 2013). …. 19 Figure – 11: Image of Router on a Stick using two physical interfaces for sub-interface configuration (9tut.com, 2012). …………………………………………………………………………………………… 20 Figure – 12: Image of VTP pruning implementation (Orbit-computer-solutions.com, 2013). …….. 21 Figure – 13: Image depicting a redundant link (Cisco.com, 2015). …………………………………………… 22 Figure – 14: Image of STP on two switches (Cisco.com, 2015). ……………………………………………….. 22 Figure – 15: Image of project stages. …………………………………………………………………………………….. 27 Figure – 16: Image depicting the projects SDLC (C3ns.com, 2013). …………………………………………. 28 Figure – 17: Image of network design software. …………………………………………………………………….. 29 Figure – 18: Image of Simulation Software. …………………………………………………………………………… 30 Figure – 19: Image of Cisco Packet Tracer Software (Cisco.com, 2010). …………………………………… 31 x Figure – 20: Image of simulator protocols (Cisco.com, 2010). …………………………………………………. 32 Figure – 21: Image of input and output processes (Ocw.mit.edu, 2001). …………………………………. 34 Figure – 22: Image of Cisco Catalyst 2960 Series Layer 2 Switch (Cisco.com, 2015). …………………. 36 Figure – 23: Image of Cisco 2911 Ethernet Router (Cisco.com, 2015). …………………………………….. 37 Figure – 24: Image of Cisco Catalyst layer 3 core switch (Cisco.com, 2015). …………………………….. 37 Figure – 25: Image of Cisco Next Generation Firewall (Cisco.com, 2015). ………………………………… 38 Figure – 26: Image depicting an all in one desktop computer (Shop.bt.com, n.d.). …………………… 42 Figure – 27: Image of server operating system (Ebuyer.com, 2014). ……………………………………….. 42 Figure – 28: Image of the network diagram created in Microsoft Visio. …………………………………… 45 Figure – 29: Image of prototype simulation on Cisco Packet Tracer software. ………………………….. 48 Figure – 30: Image of server IP address configuration. …………………………………………………………… 65 Figure – 31: Image of DHCP pools. ………………………………………………………………………………………… 65 Figure – 32: Image of DNS configuration. ………………………………………………………………………………. 66 Figure – 33: Image of web server IP address configuration. ……………………………………………………. 66 Figure – 34: Image of web server configuration. ……………………………………………………………………. 67 Figure – 35: Image of Email/FTP server configuration. ……………………………………………………………. 67 Figure – 36: Image of email server set-up. …………………………………………………………………………….. 68 Figure – 37: Image of FTP service set-up in the email and FTP server………………………………………. 68 Figure – 38: Image of the libraries website on the web server. ……………………………………………….. 70 Figure – 39: Image of CLI interface on layer 3 Switch. …………………………………………………………….. 71 Figure – 40: Image of ping execution in CMD console. …………………………………………………………… 71 Figure – 41: Image of CMD console. ……………………………………………………………………………………… 72 Figure – 42: Image of mail browser. ……………………………………………………………………………………… 72 Figure – 43: Image of mail browser. ……………………………………………………………………………………… 73 xi Figure – 44: Image of email browser. ……………………………………………………………………………………. 73 Figure – 45: Image of email browser. ……………………………………………………………………………………. 74 Figure – 46: Image of CMD console. ……………………………………………………………………………………… 74 Figure – 47: Image depicting STP on layer 2 VLAN 30 switch. ………………………………………………….. 75 Figure – 48: Image of PVST configuration run. ……………………………………..
………………………………… 76 xii List of Appendix-A Figures Figure – 49: Image of cover page of presentation. …………………………………………………………………. 84 Figure – 50: Image of order of presentation. …………………………………………………………………………. 85 Figure – 51: Image of contents page. ……………………………………………………………………………………. 85 Figure – 52: Image of contents page. ……………………………………………………………………………………. 86 Figure – 53: Image of introduction slide. ……………………………………………………………………………….. 86 Figure – 54: Image of project Aim slide. ………………………………………………………………………………… 87 Figure – 55: Image of project objectives slide. ……………………………………………………………………….. 87 Figure – 56: Image of requirements analysis slide. …………………………………………………………………. 88 Figure – 57: Image of requirements analysis continued. ………………………………………………………… 88 Figure – 58: Image of requirements analysis continued. ………………………………………………………… 89 Figure – 59: Image of requirements analysis continued. ………………………………………………………… 89 Figure – 60: Image of project SDLC. ………………………………………………………………………………………. 90 Figure – 61: Image of functional analysis slide..…………..……………………………………………………………90 Figure – 62: Image of functional analysis slide. ………………………………………………………………………. 91 Figure – 63: Image of functional analysis continued. ……………………………………………………………… 91 Figure – 64: Image of functional analysis continued. ……………………………………………………………… 92 Figure – 65: Image of network diagram slide. ………………………………………………………………………… 92 Figure – 66: Image of finished product in Cisco packet tracer. ………………………………………………… 93 Figure – 67: Image of conclusion slide. ………………………………………………………………………………….. 93 Figure – 68: Image of conclusion continued. …………………………………………………………………………. 94 Figure – 69: Image of conclusion continued. …………………………………………………………………………. 94 Figure – 70: Image of final slide relating to feedback for the presentation. ……………………………… 95 xiii List of Appendix-B Figures Figure -71: Image of network diagram, created in Microsoft Visio. …………………………………………. 98 Figure – 72: Image of Gantt chart, created in OpenProj. ………………………………………………………… 99 Figure – 73: Image of system development lifecycle (C3ns.com, 2013). ………………………………….. 99 xiv List of Tables Table – 1: Table depicting subnetting and VLSM ranges for each VLAN. ………………………………….. 46 Table – 2: Table depicting evaluation of objectives. ……………………………………………………………….. 79 Table – 3: Project title. …………………………………………………………………………………………………………. 96 Table – 4: Project aim and objectives. …………………………………………………………………………………… 97 Table – 5: Network diagram, SDLC, Gantt chart. …………………………………………………………………… 100 Table – 6: Special conditions and assumptions. ……………………………………………………………………. 100 Table – 7: Bibliography. ……………………………………………………………………………………………………… 101 Table – 8: Declaration box. …………………………………………………………………………………………………. 102 1 Chapter 1 – Introduction 1.1 Chapter Introduction his project will be set out in six chapters. Each chapter has a timeframe specified on the project Gantt chart and each chapter will be completed according to the Gantt chart, project outline and in a methodical fashion. This project will conclude with a conclusion, appendix and bibliography. The appendix will contain the project presentation. 1.2 Traffic Routing in a VLAN VLANs are not physical networks as in LANs; they are logical networks segmented via software. Each VLAN is a broadcast domain existing inside one or more switches. They are commonly used for security purposes as a particular group or groups can be isolated, thus either requiring a router or layer 3 switch for communication which occurs via a method known as routing. Likewise a layer 3 switch or router is required to route traffic from one VLAN to another, as illustrated in the figure below (dell.com, 2015). Figure – 1: Image of VLAN and Trunk (dell.com, 2015). T 2 Both VLANs in figure 1 above have dissimilar IP subnet ranges. The layer 3 router will utilize either one of the IP subnets manage and forward traffic from VLAN 10 to VLAN 20 or vice versa. For example when host C communicates with host B; host C will first send an ARP or address resolution protocol frame containing host B’s terminus IP and broadcast MAC address. The layer 2 switch in VLAN 10 will then forward the broadcast to all the interfaces on the switch, and the interface connecting to the router and because the router is connected to VLAN 20 on the other IP subnet, it knows that host B on VLAN 20 is within its scope and reachable, therefore it sends out an ARP response frame containing its own MAC address as the terminus MAC address host C should utilize. For other traffic following host C’s communication to host B; host C will then be sending frames containing host B’s IP address and the router will know straight away know that the terminus network is VLAN 20, therefore it will be routing traffic or frames to the layer 2 switch on VLAN 20 containing the VLAN ID which is 20, and the switch forwards the frame to host B. 1.3 Inspiration for Project I was inspired to design and configure a VLAN network from previous term assignments. The knowledge I learned on VLAN security and design from my assignments really fascinated me and intrigued me because I wanted to know how contemporary VLAN networks today use a single cable connected to the router for multiple broadcast domains since the traditional method uses a separate cable for each broadcast domain. Also I was intrigued by how trunk lines in VLAN networks work, and how traffic is routed between broadcast domains using them. 1.4 Problem Identification One of the main problems that occurs on VLAN networks comprising of a router on a stick design is bottlenecked trunk lines. Bottleneck on a trunk lines occurs when traffic from multiple broadcast domains is simultaneously passing on a trunk line and each packet is competing for bandwidth, thus resulting in what is called and known as, ‘trunk line bottleneck’; because not all packets reach their terminus due to the insufficient amount of bandwidth packets are lost in transit and only a few packets may make it across, thus the communication has to be resent. 3 When a trunk line for multiple broadcast domains is connected from the switch to the gateway router using a single physical interface on the router and then configuring sub-interfaces on it for all the broadcast domains in the VLAN makes it highly probable for trunk line bo
ttleneck to occur on the trunk line. 1.5 Solution to the Problem There are a few ways to tackle this problem. The chances of bottleneck on a trunk line can be significantly reduced and possibly even totally eliminated from a trunk line by using either one of the methods listed below:- 1. Fiber channel for the trunk line. 2. Using Gigabyte Ethernet for the whole network. 3. Using Fast Ethernet for the whole network. 4. Using the traditional way of creating and configuring a VLAN network with trunk lines, where there is a separate trunk line for each broadcast domain. 5. Using two separate physical interfaces on the router and then dividing the configuration of the sub-interfaces between the two separate physical interfaces on the router. This way half the broadcast domains in the VLAN network will have sub-interfaces configured on one of the routers physical interfaces and the other physical interface on the router will have the other half of the broadcast domains in the VLAN network configured on another separate physical interface. 6. Another solution could possibly be to use solutions 3 and 5 above together. The implications of either one of the solutions listed above will reduce or eliminate bottleneck and latency from occurring on the trunk line. This would mean faster transmission speeds and leave very little or no chance for packet loss. 1.6 Aims The major aim of this project is to research and find viable solutions to reduce or eliminate bottleneck on a trunk line on a VLAN network when multiple VLANs are configured on a single physical interface on the router. 4 1.7 Objectives To support and realize the aim of this project a list of objectives has been set below specifically for each phase of the project and in accordance with the project Gantt chart:- 1. My project will start off by creating a Gantt chart for the project, then researching literature on VLANs, trunk lines, trunking protocols, sub-interfaces and how to reduce bottleneck and latency on a trunk line. 2. This stage of the project the VLAN design will be analyzed and designed. Research will go into what are the requirements of the VLAN network and what technology will be used. For example it will contain hardware and cabling specifications for the VLAN. Based upon the VLAN and trunk line research a network diagram of the prospective network will be created. 3. The implementation will be done using simulation software appropriate for creating and testing a VLAN network in. At this stage it is more likely that Cisco Packet Tracer will be used for this project. All configurations and schema for IP addressing will be screenshotted and documented as evidence. Protocols like IEEE 802.1q, IP Helper, VLAN pruning if possible and STP or Spanning Tree Protocol will be used to support and guide and prune network traffic, thus limiting the likelihood of trunk line bottleneck from occurring. 4. Objectives for testing will involve testing the VLAN network and trunk line in Cisco packet tracer. The trunk line must be able to handle multiple traffic passing on the trunk with 0% packet loss. A systematic approach to testing will be done in a methodical fashion by either using black box testing or white box testing procedures. 5. The last objective will entail evaluating the above objectives and they will be evaluated from three dissimilar viewpoints namely the end users perception of the product, the project managers perception and a perspective from the developers viewpoint. After evaluating the above objectives the project will be concluded by summarizing the project; discussing if the aim of the project was realized and a logical debate discussing if the desired result was attained. What work was done and why it was done will also be debated in the summarization chapter of this project. 6. Lastly a PowerPoint presentation will be created to present this project to an audience. 5 1.8 Record of Constraints/Risks and Assumptions Assumptions at this stage of the project are that Cisco devices are likely to be used in the network design and implementation phase of the project due to Cisco’s prevalence in today’s market and the Cisco Packet Tracer software which will be used to emulate the VLAN network in. Assuming Cisco products will be used in the implementation stage it is quite likely that some configurations may be dissimilar to other vendors in the current market, regardless of this fact any of the VLAN concepts discussed in the literature review and depicted throughout the other stages of the project, can be transferred to devices manufactured thru other hardware vendors in the market. As with all projects of any category and nature there is always an element of risk and this project is no different. Therefore it can be said there may be a risk of not fully completing all the aims and objectives in one year. Consequently if because of lack of time and resources their maybe some aims and objectives incomplete at the time of submission, then it can be assumed that these will be part of future objectives and considerations. 1.9 Project Plan and Deliverables Figure – 2: Image of project Gantt chart created using OpenProj software. 6 1.10 Report Layout Chapter 1: Comprises of an introduction explaining the scenario of this project. Then the author talks about what inspired him to do this topic on VLAN Configuration. After he goes on to explain the problem in the scenario and then offer a solution. Aims and objectives are discussed along with possible risks the project may encounter, followed by the project plan in the form of a Gantt chart. Each chapter starts and finishes with a brief introduction and chapter summary. Chapter 2: details the literature review which will provide me with the necessary knowledge required to design and build the network in Cisco Packet Tracer. VLAN concepts are explained along with advantages of VLAN networks, trunk lines, dissimilar types of VLAN’s and VLAN protocols. Chapter 3 focuses on the analysis and design of the VLAN network, it depicts the hardware selection and network diagram for the proposed VLAN network, which will be converged with the libraries existing network. Chapter 4 will reveal the implementation stage of the project, e.g. configurations of network hardware. Chapter 5 discloses the testing of the network simulation. Chapter 6 is the last chapter and where the project is evaluated and concluded. 1.11 Chapter Summary This chapter has finalized the goal and planning in stages. It has set a clear vision and mission of what is required to be done to achieve the aims and objectives of this project. A timeline for the project has also been identified and it is anticipated, that none of the risks and constraints mentioned will have any chance of materializing. 7 Chapter 2 – Literature Review 2.1 Chapter Introduction his chapter is purely research founded upon the VLAN domain and VLAN routing in regard to bottleneck on VLAN trunk lines. The main purpose of this research is to learn about VLANs and why trunk line bottleneck occurs on VLAN trunk lines, with an aim that this research will help and support towards devising a solution to either reduce or entirely eliminate bottleneck on VLAN trunk lines. 2.2 Domain Based Literature Review 2.2.1 Understanding VLAN Concepts & Networks According to Cisco.com which is Cisco’s online website, “A VLAN is a group of devices on one or more LAN’s that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLAN’s are based on logical instead of physical connections, they are extremely flexible” (Cisco.com, 2015). Each VLAN is in essence a broadcast domain on the data link layer of a network. These broadcasting domains consist of layer 2 switches that are capable of receiving a frame that has originated from inside the broadcast domain. A broadcast domain can be created on a layer 2 switch and these switches are also known as multi-port bridges. So it can be said that each interface on the switch is in fact a broadcast domain and a virtual bridge, hen
ce the name VLAN or virtual local area network (Cisco.com, 2015). T 8 Figure – 3: Example image of three separate VLANs also known as three separate broadcast domains (Cisco.com, 2015). VLAN’s allow multiple logical network segments to exist in one network, e.g. you can have servers in dissimilar locations as opposed to having them in a single location or on the same rack. Another example to describe what a VLAN is to say if two PC’s are connected to a layer 2 Cisco switch which is not configured then by default both the two PC’s will be on the default VLAN 1. This means they are able to send an ICMP echo requests to each other because they are on the same default VLAN 1 (A layer 2 switch resides on the datalink layer of the OSI model and on the data link layer of the TCP/IP model, thus it is not capable of IP routing and only understands MAC addresses), but after the layer 2 switch is configured the PCs are unable to ping each other because they are now on separate VLANs, and because the VLAN’s are configured on a layer 2 switch they cannot communicate witch each other without a router or a layer 3 switch (Alberghettiv, 2012). Also the cable connecting the switch and the router will need to be configured to a be a ‘Trunk’ line, as this will permit the two VLAN’s to send multiple signals to travel over one single cable, as opposed to having four cables connecting the switch and router, thus wasting four ports. Both the PC’s discussed above are now on dissimilar LAN’s, hence the name ‘V-LAN’s’. 9 By configuring more ports on the layer 2 switch, it will create more separate and dissimilar LAN’s, which are in affect called and known as VLAN’s. 2.2.2 Trunk Links A ‘Trunk’ line is a cable that allows multiple signals to cross a link. For multiple VLAN’s to communicate on the network and for accessing the WAN, the switch needs to be configured to convert the ‘Access Link’ into a ‘Trunk link’. Access Links do not know VLAN frames will be crossing the link because they are not aware of the VLAN, whereas trunk links can auto sense that the switch port on the other side is configured to trunking mode, thus automatically switching itself into trunking mode (Varadarajan, 1997). Hybrid Links are a combination of trunk and access links (Varadarajan, 1997). What the link is between two devices depends on what mode each switch is configured too; on both sides of the link, for example if trunking mode is not configured then by default VLAN 1 on the switch will be in ‘Native Mode’ and administrative trunking encapsulation can be enabled via ‘802.1q’ protocol. When trunking mode is configured on the port of a switch it then permits VLAN tagging; special tags are attached as the traffic is routed across the trunk. The ‘Native Mode’ is mostly utilized on VLAN’s for backward compatibility with devices that do not support 802.1q protocol, such as non-Cisco hardware (Alberghettiv, 2012). An important point to remember is that if you configure one side to be a trunk manually and the other side to be an access port manually, then you will get a ruined link and this is not endorsed (Alberghettiv, 2012). 2.3 Reasons for This Project The ubiquitous prevalence of VLAN technology in corporate and enterprise business networks is a key fundamental component of a larger network that is heavily used and depended upon in business sectors around the world, hence future development in VLAN technology and the virtualization concept is anticipated; consequently it was considered an excellent topic to study for future career development both academically and from a work perspective. 10 2.4 Business Options As modern computer networking has evolved towards virtualization and cloud computing, VLAN networks are paving the way forward for enterprise networks to offer improved solutions for a new era in computer networking. Solutions such as:-  Segmentation.  Management.  Scalability.  Flexibility.  Tight Security.  Load Balancing.  Allocation of bandwidth.  Cost Effective in comparison to hub/spoke networks and so much more. VLAN networks today are a vital constituent component of contemporary IT and enterprise networking. Without VLANs there would essentially be no enterprise networks existing today. They exist in almost every sector of the business world like retail, banking, finance, media and government sectors around the world. As businesses are growing and expanding on a on a truly global scale corporate business environments are continually relying on VLAN networks in the enterprise, as a consequence the requirement and implementation of VLAN technology is necessitated. 2.5 Current System 2.5.1 Software Defined Network (SDN) In the current system VLANs are regarded as multiple logical broadcast domains, irrespective of geographic locations they are dissimilar to a LAN because a LAN is a single broadcast domain with no virtual element existing as they are created using hardware devices. Whereas VLANs are created using software and then deployed in large enterprise networks to segregate a guest or user broadcast domain from other broadcast domains and for the easy management of hosts. 11 In today’s network environment SDN’s or software defined networks allow data and control functions of a network device, like a router and switch with clear distinct application programming interface. According to Stallings, W. (2015), “The data and control functions of switches and routers in enterprise networks make it hard to alter the network infrastructure and operation to large scale addition of end systems, virtual machines and virtual networks” (Cisco.com, 2015). Due to the continued evolution of networking requirements in modern VLANs, SDN characteristics are being defined by, ‘Open-Flow’ systems. Open-Flow is a protocol specification which has quickly become a standard to implement in contemporary (SDN’s) software defined networks today. The industry has specific and defined protocols like Cisco’s VTP proprietary protocol, but there is no real scheme or tool kit for the management of VLAN networks in the enterprise, hence Open-Flow aids to resolve this via a flexible solution for the control of how VLAN traffic flows (Stallings, 2015). Figure – 4: Image of an uncomplicated Open-Flow network (Cisco.com, 2015). The above image is depicting an Open-Flow environ with flow tables to match incoming PDU’s to a specific flow, then specifying the tasks for each packet. There can be more than one flow table directing traffic that can activate various actions that affect each flow. The definition of a flow is the sequence of packets passing on the network and sharing a specific set of header values e.g. 12 a flow may consist of a packets that have identical IP addresses or VLAN identifier and the meter table may activate various performance related actions on a flow and a network switch contains either one or more flow tables as depicted in the image below (Stallings, 2015). Figure – 5: Image of flow tables within a switch (Cisco.com, 2015). The above image depicts a multiple flow tables inside a switch. The Open-Flow specification defines how messages are exchanged amid an Open-Flow controller and the Open-Flow switch. Open-Flow can be applied with SSL or TLS, which is Transport Layer Security, to provide a secure Open-Flow conduit (Stallings, 2015). 13 2.5.2 Upcoming Future Systems 2.5.2.1 Application Centric Infrastructure (ACI) There is a strong likelihood that the migration of ACI or Application Centric Infrastructure technology to current systems will be transforming and governing current VLAN systems in the very near future. ACI is still in the beta testing stage but maybe the next revolutionary VLAN technology by Cisco. It will be aimed at solving problems in virtual data center environments and it is completely dissimilar to SDN technology (Cisco.com, 2015). Figure – 6: Image of applica
tion centric infrastructure migration (Cisco.com, 2015). The above image depicts how seamless and fast ACI migration will be to traditional network applications and infrastructure. 14 Figure – 7: Image of Cisco’s ACI (Cisco.com, 2015). The above image is of Cisco’s ACI fabric traffic forwarding model and although it looks complex, according to Cisco, ‘It removes complexity’ because it couples software with devices to offer robustness via network features which are highly incomparable and outstanding in the IT network domain. In short Cisco developed ACI technology to fulfil today’s current system demands and the unremitting fluctuating demands of future virtual enterprise networks (Cisco.com, 2015). 2.5.2.2 Summary of Current Systems and Future Systems The above evidence suggests the integration of ACI technology with all its superior load balancing algorithms and traffic forwarding technology into an SDN defined network with all its processes and functions would solve multiple problems in virtual networks today, thus greatly enhancing contemporary networks which are full of constraints and limitations due to the use of traditional networking technologies. With regards to this project because ACI technology is still being developed further, as a consequence it will not be used for this project, and as good as SDN technology is it will also not be used because it is mostly suited to enterprise networks. 15 2.6 Current System Problems and solutions in regards to Bottleneck Trunks In traditional VLAN networks where the hardware components consist of hubs and repeaters collisions are a big problem, resulting in packet loss which means the data does not reach its destination and has to be retransmitted. No network is perfect, issues arise from time to time due to incorrect hardware, incorrect configurations, incorrect media cables and incorrect network design. This project will solely focus on, ‘Bottlenecked Trunk Lines’; why it occurs and how to reduce or eliminate bottleneck from occurring on a trunk line connected to the router which has multiple VLANs configured on a single physical interface. Bottleneck occurs when multiple transmissions are sent at the same time over a trunk which is connected to a router which has sub-interfaces configured on it for each VLAN, especially if all the logical interfaces are configured on the same physical interface on the router. This is because the packets from each VLAN are contending with each other for bandwidth. Having said this it cheaper to configure sub-interfaces on the router, rather than having a separate physical interface for each VLAN as is done in the traditional VLAN. What makes this complex is using the sub-interfaces as it requires intricate software configuration on the router. The solution to avoiding this bottleneck situation from occurring is to connect a fiber optic cable and have a fiber to copper converter or use ‘Fast Ethernet’ (100mbps supported by CAT5/6) or to use a ‘Gigabit Ethernet’ connection because it utilizes a very high speed (1000mbps significantly increasing the bandwidth and data transmission speed) over copper wire (CAT 6) (Bradley, 2013). Although to do this hardware devices will need to be Gigabit Ethernet compatible otherwise the device will require a Gigabit network adapter, which is the only foreseen extra cost as the cabling could remain the same so long as it is CAT 6. If the existing or new network cables are CAT 5 or CAT 5e then they will also have to be changed to CAT 6 to support Gigabit Ethernet (1Gbps). A point to note is that upgrading or using Gigabit Ethernet will not convert, modify or alter the packet format in any way, but is more expensive to use than Fast Ethernet hardware and media; and mostly used in corporate networks. 16 Other problems effecting VLAN networks today is the risk of a virus spreading from one VLAN to another and gradually infecting the whole network. The solution to this is simple; some of measures that can be put in place to prevent viruses spreading is the network design, firewalls, Access Control Lists, and enacting policies. 2.7 Prerequisites of the prospective VLAN network The rudiments of the prospective VLAN are:-  High-grade Cisco switches.  Trunking protocols (IEEE 802.1q).  Layer 2 and layer 3 devices e.g. switches and a router (all communication should be at least layer 3).  Inter-switch links.  Compatible hardware.  PC’s/Desktop computers.  DHCP, DNS, FTP and Email servers.  IEEE 802.3u Ethernet (“100BASE-T” minimum).  Support for Spanning Tree protocols.  Media cables offering high speeds and performance e.g. either Fast Ethernet, Gigabit Ethernet or the use of fiber.  A separate management VLAN for configuration and control of all VLAN communications. 17 2.8 Technological Founded Literature Review Routers take more time to process broadcasts therefore VLANs are implemented as an alternate solution and for segmenting networks to increase performance. Another reason is that switches and bridges generally process broadcasts faster than routers, which is why VLANs are deployed. In network environments with LANs installed, the broadcasts are sent to all the users in the LAN because a LAN is a single broadcast domain. Whereas as on a VLAN broadcasts are sent only within that specific broadcast domain and not to all users of every broadcast domain (Varadarajan, 1997). Inter-VLAN routing is a technique used to forward network traffic from one VLAN to another via a layer 3 device or a router. Each VLAN has a distinct IP subnet. The subnet parameters facilitate routing processes on a VLAN (Yousfi, 2011). 2.8.1 Trunk Lines/Sub-interfaces and Inter-VLAN Routing The 802.1q specification is a VLAN tagging protocol used on aggregated links like trunk lines. When a frame crosses a trunk line it is tagged. This tag contains the VLAN ID and VLAN information pertaining to the origin of the VLAN the frame belongs too. As the frame crosses the trunk it is tagged and when it is received by the switch on the other side the tag is removed and the packet is forwarded to the interface of the frames destination address. Only VLAN aware devices can process this tag in the frame (Olzak, 2012). Figure – 8: Image depicting VLAN Trunking (Resources.infosecinstitute.com, 2012). 18 Whenever there is more than one switch in a VLAN network then to manage them trunk mode is configured on both switches. Physical interfaces have limits too because they can only support one VLAN per interface. Routing is utilized for connecting multiple VLAN’s and in larger networks that only have a single router then sub-interfaces are configured on the router (Bradley, 2013) The 802.1q VLAN trunking protocol eradicates the requirement for physical interfaces. Using sub-interfaces on a router permits the router to divide the physical interface into virtual or logical interface channels which are then known as sub-interfaces. Each sub-interface is an extension of the original physical interface on the router. This allows multiple dissimilar VLAN’s or broadcast domains to be assigned to each one of the sub-interfaces configured on a routers single physical interface and is also known as ‘router on a stick’, as depicted in the diagram below (Ceffy, 2010). Figure – 9: Image of single trunk line connected to the router; known as ‘Router on a Stick’ (Aconaway.com, 2015). The above network diagram depicts a single trunk line for both VLAN 2 and 3. A single physical interface on the router has been used to create two sub-interfaces for VLAN 2 and VLAN 3. Neither VLAN can communicate with each other without the router performing inter-VLAN routing because there is no core layer 3 switch and the router is the only layer 3 capable device. 19 As frames pass on the trunk line they are tagged with the 802.1q VLAN trunking protocol and when they reach the other side of the trunk, the 802.1q tag is removed. The frames are tagged so the trunk-line can identify which VLAN the frames belong to, and it is this p
rocedure that is known as VLAN tagging (Ceffy, 2010). In comparison to the traditional method which uses one single physical interface on the router to process VLAN tagged traffic from each VLAN; the traditional method has its advantages and disadvantages. The traditional way considerably lessens the possibility of bottleneck occurring because each VLAN will have its own dedicated access line and will not be sharing a the link with the other VLANs in the network, thus VLAN traffic is not competing for bandwidth on the line. The disadvantage is that it is not cost efficient as it will require separate access links for each VLAN, as depicted in the diagram below. Figure -10: Image of a traditional Router on a Stick topology (Coffefueledchaos.com, 2013). The above diagram depicts the switch connected to separate physical interfaces on the router and if the network gets very big then even additional switches and routers will be required. However with sub-interfaces on the router this issue is solved. 20 The problem with sub-interfaces is that in very large networks the possibility of bottleneck occurring on the trunk line is very high as all the packets on the trunk-line are competing for bandwidth. Figure -11: Image of Router on a Stick using two physical interfaces for sub-interface configuration (9tut.com, 2012). The above diagram depicts an example of a viable solution to the bottleneck trunk on router on a stick design that is using a single physical interface for all VLANs in the network. For example in a large network consisting of twenty VLANs, rather than configuring twenty sub-interfaces on a single physical interface on the router it would be more appropriate to configure ten VLANs using sub-interfaces on one single physical interface on the router and the other ten VLANs can be configured on another single physical interface on the router, thus VLAN traffic will be divided on two trunk lines and on two separate physical interfaces on the router, thus dramatically if not completely eliminating bottleneck issues on the trunk line. Another viable solution to the bottlenecked trunk lines is to either use a fiber channel, Fast Ethernet interface or to use Gigabit Ethernet (Ceffy, 2010). 21 2.8.2 VLAN Pruning Other solutions are to use VLAN pruning and STP span tree protocol. According to Orbit-computing-solutions.com, (2013), VLAN pruning stops unnecessary broadcast and unicast traffic from flooding the switch and trunk lines in the network and only forwards information that is required to the trunks. Figure – 12: Image of VTP pruning implementation (Orbit-computer-solutions.com, 2013). The above diagram depicts how VTP pruning can lessen network traffic. It shows that VLAN 2 is pruned, therefore traffic is not broadcast to the switches 3, 5, and 6. Without pruning PC1 trying to communicate with PC2, would result in broadcasts being sent to all the switches in the network to establish which switch has the destination PC2 address in its CAM table (Orbit-computer-solutions.com, 2013). 2.8.3 Span Tree Protocol Concept Another way to limit traffic on the trunk lines is to configure STP or span tree protocol on the switches (Rouse, 2007). STP is a VLAN management protocol configured on switches to provide path redundancy and it also prevents bridging loops (frames looping endlessly on the network, also known as a broadcast storm where frames keep on multiplying until no data can get through) 22 on layer 2 of the OSI model on a network and provides the most optimal and best path to take for forwarding frames (Cisco.com, 2015). For example for communication between two computers in the network, then STP permits the switches to exchange information, thus only one of the two switches will then handle the communication between the two computers (Rouse, 2007). STP is primarily used when you have a network with multiple switches or networks with redundant paths that could create a looping scenario and if one link fails then the switch will automatically use the redundant link to forward messages without a bridge loop back occurring (Cisco.com, 2015). Figure – 13: Image depicting a redundant link (Cisco.com, 2015). The above example depicts a redundant link running from switch A to switch B. Without STP a bridging loop can occur. However with STP bridging loops cannot occur as figure 14 below depicts (Cisco.com, 2015). Figure – 14: Image of STP on two switches (Cisco.com, 2015). The above diagram depicts how the STP on the switches would look from a logical perspective. The half link from switch B is the redundant path which STP would use in case the other link was to fail (Cisco.com, 2015). 23 STP on all Cisco switches is enabled by default, however some configuration is necessitated. The ‘portfast’ command is used mostly on DHCP clients and does not permit them to time out. It is not recommended to use this command on direct switch to switch connection as this may result in a loop occurring and the majority of the other default STP settings should be left to their default values (Cisco.com, 2015). A single root switch must be identified per VLAN and configured as the root switch. All the other switches will agree on which is the root switch and the switch with the lowest bridge ID is elected as the root bridge (Cisco.com, 2015). By default the default bridge ID on all Cisco switches is ‘32768’ and is contained within the BID (bridge ID used to determine the root bridge) along with the MAC address of the switch and if for example two switches have the same default value then whichever switch has the lowest MAC address is used. The default STP settings can be left unchanged and STP will still function and do its intended purpose as it will then use the MAC address with the lowest number, although in very large networks it is recommended to define the bridge priority value (Osama, 2008). The switches will determine which is the optimal path to the root switch, based on the information in the BDPU’s or bridge data protocol units. Then a root port is selected and is the port connecting to the VLAN segment; it is then put in forwarding mode and all the other ports on the other switches are in blocking mode, except for ports connected to clients and workstations; they will stay in forwarding mode. STP should never be disabled as it will create loops in the VLAN and when VLAN’s are removed or added STP automatically recalculates for that instance only (Cisco.com, 2015). 2.8.4 STP Limitations There are some limitations when using STP and IEEE 802.1q trunks on a network. In a network consisting of all Cisco switches the limitations are none as the switches will maintain an instance of spanning-tree for each VLAN. However using non-Cisco switches in the network then the switches only maintain a single instance of spanning-tree for all VLAN’s permitted on the trunk lines (Cisco.com, 2015). Also non-Cisco switches do not come with STP enabled, thus they need to be enabled and configured manually. 24 2.9 Drawbacks of Solutions Researched Using Gigabit Ethernet is a very expensive solution because multiple factors have to be taken into consideration, for example the network interface cards on client machines will have to be replaced and servers, switches and routers will all need to be gigabit compatible. Also the network cables may not be designed to carry Gigabit speeds thus the requirement of a CAT 6 cable would be necessitated. The evidence clearly depicts that almost all the network architecture will have to be changed to support Gigabit Ethernet. In regards to the network for the Library and based upon research this means that Gigabit Ethernet is not a viable solution, therefore it is ruled out. The traditional solution requires separate physical interfaces on the router for each VLAN without using sub-interfaces, and most Cisco routers only come with two Ethernet interfaces, thus a new router may be required. Although the biggest drawback from using this solution is that it is also inappropriate for the Library because it is considered expensive to implement. This is because it uses more cable and in comp
arison to the router on a stick design; and the traditional method wastes interfaces on the router and switch, therefore this solution was also ruled out. 2.9.1 Possible Solutions According to Ceffy (2010), a fiber channel can be used, thus completely eradicating bottleneck on the trunk line. But again the drawbacks of this solution is that it is also expensive. In fact it is more expensive in terms of having compatible hardware and cabling but also a fiber optic connection from a broadband provider is far more expensive than Gigabit and Fast Ethernet, thus this solution is also ruled out. This leaves two possible and viable solutions, according to Ceffy (2010), a Fast Ethernet channel can be used to eliminate bottleneck on a trunk line because it provides incremental speed amid Fast Ethernet and Gigabit Ethernet via a logical interface channel. Other ways of limiting VLAN traffic over trunk lines is to use VLAN Pruning, so only pertinent VLANs may use each trunk line (Olzak, 2012). Creating and applying ACLs on layer 3 switches and VACLs on layer 2 switches, hence VLAN traffic can be further restricted and STP or Spanning Tree Protocol can also be used to minimize bridging loops and permit frames to be forwarded on the 25 best path possible and IP helper address to help broadcasts find the correct destination address, Sub-interfaces on the router, thus a further reduction in traffic on the trunks would decrease the chances of bottleneck occurring. Although STP is used for redundant paths, this is not the case for the proposed VLAN design. STP will not be used for redundancy at this present time, as there will not be any redundant path ways in the proposed VLAN architecture and will instead be used specifically because the VLAN will contain multiple switches. However there is an option to configure STP priority values for each switch and this can be done in the future as the network expands. There will not be multiple interconnecting pathways between switches nor any redundant pathways in the present design; therefore setting and configuring STP priority values will not be necessitated and the default values will be used. However the command ‘spanning-tree portfast’ will be configured on the layer 2 switches for each VLAN, thus eliminating time out from occurring on DHCP clients. In addition to the above the command ‘switchport trunk allowed vlan [number]’ would further support the solution. 2.9.2 Individual Self-Conceived Solution Towards the culmination of the technological founded literature review the following idea was based upon the research conducted and to be implemented as a feasible solution for the VLAN trunk line bottleneck problem. The solution is to use Fast Ethernet connections and then configure sub-interfaces on the router on a single physical interface and then configure (ACL) access control lists, Sub-interfaces on the router, IP helper address, STP and VLAN pruning to limit and reduce the number of traffic on the trunks. Also to further reduce traffic on the trunk lines the command ‘switchport trunk allowed vlan [number]’ will be used, thus significantly reducing and maybe even possibly eliminating bottleneck from occurring on the trunk line. It is anticipated that this solution will provide an error tolerant trunk lines with high speed communication links amid devices in the VLAN network. 26 2.10 Expected Benefits of the Prospective VLAN Network VLAN networks today have many advantages over old-fashioned LAN networks and the benefits of the VLAN network for this project will be:- 1. First and foremost bottleneck on the trunk line will either be significantly reduced or totally eradicated. 2. Latency will no longer be a problem. 3. The prospective VLAN network will have excellent performance over a normal LAN network because multiple VLAN domains will be created reducing the quantity of routers required, because the VLAN will utilize a layer 3 switch, and would only require the need for a router if the VLAN was configured on a layer 2 switch (cost effective). The segmentation of multiple broadcast domains will permit each VLAN to have enhanced band width, accessibility and security. 4. Enhanced Security by putting users in a VLAN, the chances of an external intruder or hacker entering the VLAN is less or unlikely. Also firewalls and ACL’s can be configured restricting access to a particular VLAN or restricting specific traffic (Varadarajan, 1997). 2.10.1 Expected Dis-benefits of the prospective VLAN network Any expected dis-benefits and limitations affecting normal VLAN networks has either been significantly reduced or possibly avoided. For instance deciding not to use VTP protocol to propagate VLAN information from one VLAN to another will have eliminated span tree protocol loop back occurring and the elimination of multiple unnecessary broadcasts. Also using high-end Cisco switches during time of implementation will enhance the function and performance of the VLAN network. It will also allow better security features than cheaper switches, thus any potential dis-benefits will have already been ruled out. Risk of viruses spreading from one VLAN to another will also be significantly reduced thru the network firewall and the strategic placement of the layer 2 switches in the VLAN design, will restrain any virus infections multiplying and spreading. 27 Also having multiple broadcast domains over a single domain for everything will mean latency will be significantly reduced and possibly eradicated because segmenting the network into multiple broadcast domains will mean more bandwidth. Also non-Cisco devices do not support the 802.1q trunking protocol which is why only Cisco switches and Cisco router will be used, thus eliminating another potential dis-benefit. Other limitations affecting contemporary VLAN networks are usually only present in very large networks, and because the VLAN network in this project is between small and medium size no further dis-benefits are anticipated at this stage. 2.11 Development Tools and Techniques Review The need to follow and have the support of an SDLC for this project is paramount for the success of this project. It will permit the planning and order of the project to be done systematically, thus it will make the execution of each phase of the development of this project achievable. Figure – 15: Image of project stages. 28 The above image depicts the main stages of the project and briefly what will be done at each stage. The SDLC or system development life cycle selected for this project is the, ‘Waterfall Life Cycle’ as depicted below. 2.11.1 Waterfall Life Cycle (SDLC) Figure – 16: Image depicting the projects SDLC (C3ns.com, 2013). The Waterfall cycle was selected because as the project develops each stage can be evaluated before moving on, thus avoiding and reducing the occurrence of iterations and stages overlapping each other from occurring. Also it is not as complicated as some of the other system development lifecycles and is simple and easy to follow. Although it will not be possible to go back to previous stages in the SDLC process, due to its simplicity it is anticipated the project will be easy to manage and realizable, therefore the Waterfall Life Cycle was selected for this project. Some of the other SDLC’s and methodologies considered and then rejected were:-  Spiral – It’s not suitable for this project because it is complex and vastly custom-made for each project and there is a risk of not finishing on time since the cycle continues with no set termination conditions, therefore it was rejected.  Iterative and Incremental – Not suitable because all the stages of the Waterfall SDLC are performed at each stage. An exceptionally knowledgeable engineer is required with a lot of experience and expertise, thus this model is also rejected. 29  V – Model – This SDLC is also not suitable because it is mostly used for software development, consequently it was rejected.  Fountain Model – This model is merely an updated version of the Waterfall model a
nd more flexible too, but due to this model requiring frequent iterative steps there is a real risk of not meeting the deadline of this project. Also it is normally used in projects where the requirements frequently change, hence it was also rejected.  RAD/ Rapid Application Development Prototyping – This concept of prototyping is very good if time was not an issue, but it is not selected for this project because there may be a risk of not completing this project on time since the RAD prototyping methodology may involve going back to previous stages, and if that was to happen then more time would be required, thus there would be significant risk of not meeting the project deadline and as a consequence this SDLC was also rejected. 2.11.2 Network Design Software Microsoft Visio Figure -17: Image of network design software. The VLAN network for this project will be created and designed using a professional network tool like Microsoft Visio, as depicted in the above image. There are multiple network design tools available on the market today. Microsoft Visio was selected over other network design tools because it is embedded with multiple design features, an easy to use user interface and most 30 importantly due to previous familiarity and knowledge gained during work on erstwhile assignments on the HND network module. 2.11.3 Network Simulation Software It was never intended to create a physical network, nor does the project outline for this project and specifications denote any such requirements, hence a simulation software application was selected to emulate the network design. Cisco Packet Tracer Figure – 18: Image of Simulation Software. The above image depicts Cisco packet tracer simulation software, which will be used to create the VLAN network on. It was specifically selected for this project because it allows and contains:-  Creation of virtual VLAN networks.  Inter-VLAN configuration.  Real time testing capability.  VLAN troubleshooting. 31  Wide Range of protocols.  Compatibility with Windows operating system.  Drag and drop user interface.  Two dissimilar modes, simulation and real time.  Analysis of packets.  Wide range of Cisco hardware to select from.  In-built library of tutorials and labs with knowledge and teaching on how to use the simulator, routing protocols, Cisco hardware, design topologies and a considerable amount of other content that will aid in the creation of the VLAN network. Logical Physical Workspace Figure -19: Image of Cisco Packet Tracer Software (Cisco.com, 2010). The above image is depicting a graphical view of the logical network on the physical workspace of the simulators workspace. In comparison to similar software tools on the market, Cisco packet tracer was found to be a powerful learning tool consisting of a high level of functions and versatility for supporting the creation of the VLAN network. It is also customizable (via activity wizard) and some of the new 32 features found in the new version of the software include some of Cisco’s latest switches, routers, an ASA 5505 firewall and multiple other networking features including Cisco and non-Cisco protocols. Supported Protocols in Cisco Packet Tracer Figure -20: Image of simulator protocols (Cisco.com, 2010). The above image depicts protocols within the software, some of which will be used for this project. Some of the graphical simulation software’s (VMWare) analyzed and then rejected was:-  GNS3 – Although it uses Dynamips software and has a Cisco internetwork operating system (IOS), and is also a powerful multi-platform open source network simulator which permits the creation of complex topologies; in comparison to Cisco’s packet tracer VMWare GNS3 is far more complex, and in terms of usability it offers very little support.  NSC/NS-3 – The Network Simulation Cradle was rejected because there are known installation and bug problems associated with it. Again it offers very little support and has no graphical user interface.  OPNET Modular – Optimum Network Performance simulator is another powerful network simulation tool but was rejected because it has a complex GUI, hence simulations are not easily understandable and it is not customizable as well as a lack of community support. 33 2.11.4 Chapter Summary The successful completion of the literature review has allowed the problem to be researched thoroughly. One of the solutions discussed on page 24 and 25 will be selected and implemented in the following stages of this project. Selecting a methodology has permitted the project to be systematically structured and ordered in a methodical fashion, thus allowing for a higher standard of work following an accepted system development lifecycle that works and has limited drawbacks. It is expected that the simulation and configuration of the VLAN network will greatly enhance learning capabilities academically and during future work placements in the networking field when exposed to real hardware and network devices. 34 Chapter 3 – Analysis and Design 3.1 Chapter Introduction n systems engineering the analysis and design stage will entail intricate and precise examination; to investigate, study and scrutinize the VLAN architecture and its constituent components in detail; in order to facilitate a precise comprehensive comprehension of networking principals and concepts that was discussed in erstwhile chapters, hence the analysis of the functional and non-functional requirements of the prospective VLAN network will set an exceptional level of quality and distinction for the concluding design. The successful completion of this chapter will entail the following actions:- 1. Second and third step of the Waterfall SDLC; the systems engineering process below. 2. Analysis report of functional and non-functional requirements. 3. Technique used to capture the design synthesis for the network architecture. 4. Final design. Figure – 21: Image of input and output processes (Ocw.mit.edu, 2001). I 35 3.2 Analysis To analyze something is to examine and review it; to break it down into its constituent components. It is a technique used for studying and scrutinizing the elements of something to determine its characteristics and how each element relates to another. 3.3 Method used to collect the Functional Requirements In systems engineering there are multiple techniques used to elicit the requirements for a system. In the case of this project, similar methods were adopted. The project Gantt chart on page 10, figure 2 depicts, a plan was created for each stage of the project. A literature review stage was included for this reason, to collect the functional requirements via research online and reading books and journals on VLANs, trunk lines, sub-interfaces and the cause and solutions of bottleneck on a trunk line. 3.4 Functional Requirements The system development life cycle for this project systematically describes the specification for analysis and design in the Waterfall life cycle. In systems engineering functional requirements define the functions and constituent components of the system to be created. According to Sqa.org.uk, (2007) ‘Functional requirements deal with what the system should do or provide for users’. It also stipulates what the system would do; specifying the systems behavioral and functional characteristics. This is important because if the wrong hardware is selected then there will be a strong and imminent possibility of problems occurring in the network, thus equating to a waste of precious resources and time. 36 3.4.1 Evidence of Analysis Below is a list of the functional requirements for the VLAN network:- 6 X – Layer 2 Switches Figure – 22: Image of Cisco Catalyst 2960 Series Layer 2 Switch (Cisco.com, 2015). The above image depicts Cisco Catalyst 2960 Series layer 2 switches. A separate layer 2 switch will be used for each VLAN (Cisco.com, 2015). Reasons for selecting this switch are:- ï‚· Capable of Layer 2 routing. ï‚· Designed for medium size businesses. ï‚· It has support for
Gigabit Ethernet should the library want to upgrade their network to Gigabit connections in the future. ï‚· It has 24 Fast Ethernet 10/100/1000 PoE+ ports should the library decide to expand their network in the future. ï‚· It has excellent features to protect the VLAN network from threats like, port security for limiting the amount of MAC addresses learned, thus it is able to provide a defense mechanism against MAC address flooding. It has features to stop DHCP spoofing and ARP poisoning attacks. Via the dynamic ARP inspection feature attackers are unable to penetrate and exploit the integrity of personnel and library members and an IP source guard helps to stop a malevolent attacker spoofing or acquiring another worker or library members IP address. It also has multiple other advanced security features and protocols (Cisco.com, 2015). ï‚· Permits flex-stacking ï‚· QOS ensuring high priority network traffic is not in a que. 37 ï‚· High switching bandwidth on each port. ï‚· Life time hardware warranty and technical support. 1 X – Ethernet Router Figure -23: Image of Cisco 2911 Ethernet Router (Cisco.com, 2015). The above image depicts the Cisco 2911 integrated services Ethernet router which will be used as the gateway router for the VLAN network. Reasons for selecting this router are:- ï‚· It is Fast Ethernet and got support for Gigabit Ethernet if the library wants to upgrade its network in the future. ï‚· Supports VPN services. ï‚· Software Firewall. ï‚· It will be used as a gateway to the WAN for library servers, personnel and members. 1 X – 3560 Catalyst Layer 3 Core Switch Figure – 24: Image of Cisco Catalyst layer 3 core switch (Cisco.com, 2015). The above image depicts a Cisco Catalyst layer 3 switch which will be used as the core network switch for the VLAN. Reasons for selecting this switch are:- ï‚· VLAN support. 38 ï‚· Inter-VLAN Layer 3 routing capability. ï‚· IEEE 802.1q trunking encapsulation protocol enabled for the configuration of trunk lines or ISL Inter-Switch link can be used. ï‚· Fast Ethernet 10/100/1000 PoE with support for Gigabit for future upgrades. ï‚· High performance intelligent properties and robust features like ACL’s, enhanced security (port wise) and exceptional advanced QOS service. ï‚· Support for up-to 4000 VLAN ID’s which can be used for future expansion of the network. ï‚· VLAN traffic management. 1 X – ASA 5500-X Cisco Firewall Figure – 25: Image of Cisco Next Generation Firewall (Cisco.com, 2015). The above image depicts the Cisco ASA 550-X firewall which will be placed behind the router and be the second to last device packets go through before leaving the network. Reasons for selecting this firewall are:- ï‚· Support for 802.1q trunking protocol, thus permitting greater control over VLAN tagged packets, when they are entering or leaving the VLAN by the use of policies on the firewall. ï‚· To protect the network against viruses, Trojans, malware, spyware and other forms of malicious hacking threats and intrusion of the VLAN network. ï‚· To protect user integrity and mission critical files and data. ï‚· To protect the servers and client computers and all network devices. ï‚· Designed for medium size businesses. 39 1 X – DNS/DHCP Rack Server Server specifications are:-  Chassis for 8, 3.5” Hard Drives.  2 X Intel Xeon Processors 3.2GHz with 20M Cache, Turbo DDR3 1866MHz.  5x 3.5” 150GB Hot Swappable SATA Hard drives.  4 x 4GB RDIMMs, Totaling 16GB RAM.  VMware Embedded Image.  RAID 5 with RAID Controller and Cache.  Quad port 1GB Network Adapter.  Optimized for high performance.  Universal BIOS settings.  DVD+/-RW.  UPS. Reasons for selecting the DNS/DHCP server are:- DNS is required when connecting to the web server and DHCP will be used to manage client IP addresses. 1 X – Web Server Server specifications are:-  Chassis for 12, 2.5” Hard Drives.  2x Intel Xeon Processors, 3.2GHz with a 20M Cache and Turbo DDR3 18.66MHz.  8x 2GB RDIMMs, Totaling 16GB RAM.  5x 2.5” 500GB Hot Swappable SATA Hard drives.  VMware Embedded Image.  RAID 5 with RAID Controller and Cache.  Quad port 1GB Network Adapter.  Optimized for high performance.  Universal BIOS settings.  DVD+/-RW. 40  UPS. Reasons for selecting the web server are: The web server will be used by library personnel and library members as it will be hosting its own website and users will be able to view books and other material online and from anywhere in the world. The hot plug hard drives mean the system can be maintained and managed with minimum network downtime, and the server as the capability to manage more hard drives if necessary in the future. 1 X – Email/FTP Server The specifications are:-  Chassis for 24, 2.5” Hard Drives.  2x Intel Xeon Processors, 3.2GHz with a 20M Cache and Turbo DDR3 18.66MHz.  8x 2GB RDIMMs, Totaling 16GB RAM.  5x 2.5” 500GB Hot Swappable SATA Hard drives.  VMware Embedded Image.  RAID 5 with RAID Controller and Cache.  Quad port 1GB Network Adapter.  Optimized for high performance.  Universal BIOS settings.  DVD+/-RW.  UPS. Reasons for selecting email/FTP server are:- Emails can be scanned as well as possible viruses and spamming. It will also permit policies to be set on a staff usage. Most of all it will allow staff to send bulk emails to be sent in a single click and give the library greater control of the mail server. This will permit faster mail to be delivered in the VLAN, thus eliminating latency occurring from waiting for incoming mail to arrive and when mail is going out. Also the email server can be configured to send automatic replies to received emails when the library closed. The FTP server will permit the sending of large files between devices and to another network. 41 1 X – Print Server The specifications are:-  Chassis for 8 Hot Plug Hard Drives.  2x Intel Xeon Processors 2.90GHz with a 15M Cache (Turbo).  4x 4GB RDIMMs 1600MHz, Totaling 16GB RAM.  VMware Embedded Image.  RAID 5 with RAID Controller and Cache.  Dual port 1GB Network Adapter.  Optimized for high performance.  Universal BIOS settings.  DVD+/-RW.  UPS. The reasons for selecting the print server are:- It will be used for connecting the host machines to the printers on each broadcast domain and has the ability to place printing jobs in a que. All the servers will have the following benefits from specific components:- DDR3 which will enable the two powerful Intel Xeon processors to manage multiple requests as it also comes with a 20M cache, and as opposed to having just one slot for the RAM it was decided to get eight module slots with 2GB RAM each, thus totaling 16GB RAM altogether so the memory is distributed, thus increasing performance and optimizing the servers furthermore. Also the servers have got virtualization capabilities, thus the library has got options of creating virtual servers in the future. The hot plug hard drives will minimize network downtime during maintenance tasks and the fact they are SATA hard drives will cost the library less than SAS or SSD hard drives. Also 1GB network adapter was selected for each server so the library has got options to upgrade their network to support Gigabyte speeds in the future and all the other hardware like the switches and router was also selected because they supported Gigabyte Ethernet and Fast Ethernet, thus making an easy transition in the future, should the library decide 42 to do so. Also all devices have been selected from a reputable retailer namely Cisco, thus it will be unlikely for compatibility and reliability issues surfacing. 1 X 510 Desktop Computers Dell OptiPlex 3030 19.5” AI0 Intel Core i3-4160, 4GB RAM, 500GB Hard drive, Windows 7 Professional 64-bit Edition with optical drive (DVD Writer). Figure – 26: Image depicting an all in o
ne desktop computer (Shop.bt.com, n.d.). Reasons for selecting this particular desktop are:- It is reasonably priced at £499.000 and is an all in one desktop computer with a pre-installed operating system. Since most of the processing will be done by the servers an i3 processor was selected and a 500 GB hard drive because the servers will be managing the informatics and not the desktop computers. This particular desktop comes with Windows 7 and not Windows 8 which still a lot of people are unfamiliar with and they don’t like the user interface, hence Windows 7 was selected. Also if the library wants to upgrade then they can in the future as it comes with the license for Windows 8.1. 4 X OS for Servers Figure -27: Image of server operating system (Ebuyer.com, 2014). 43 The above image is depicting Windows Server Enterprise 2008 R2. Specifications for Windows Server Enterprise 2008 R2 are:-  OEM License and Media  64 Bit  English Reasons for selecting Windows Server Enterprise 2008 R2 are:- Supports Windows clustering & balances the traffic loads thus permitting groups to be divided, and the equal distribution of server traffic and resources equally to dissimilar broadcast domains. It also supports virtualization should it be required in the future. The 64 bit version was selected because it has additional processing power, memory and features like mobile user support and can be used with Itanium processors should the library require more power. It can support up to 8 processors with 2 terabyte RAM because the library will always be expanding its database library and has the Microsoft support helpline up to the year 2020, which other editions do not have. UTP Cat 6a Cable This cable was selected due to its augmented technical specifications as it will offer 500-Mhz, thus offering more bandwidth than its predecessors CAT 5 (100-Mhz only) and CAT 6 cable (250-Mhz only). 500 megahertz frequency will permit more data to be transmitted and since it is capable of carrying more information if the library should choose to upgrade its network then the UTP CAT 6a cable can also support 10 Gigabyte Ethernet speeds. Also cable interferences have been reduced and the cable is significantly more durable than CAT 5 cable because it is made with thicker materials. Other reasons this cable was selected was because it includes a nylon spline helping to reduce near end interferences like cross-talk which occurs in higher frequency cables (Justin, 2011). 44 3.4.2 Non-Functional Requirements Non-functional requirements are those which are not documented in the functional requirements and are those elements of the network that the network can function without or relying on for resources (Hassan, 2015). Below is the list of the non-functional requirements for the VLAN network:-  Radius server.  Cloud servers.  Backup servers.  Virtual servers.  Wireless router.  Wireless devices like laptops and tablets.  IP phones.  Fiber optic cables.  Remote monitoring Tools.  Intrusion detection software’s like SNORT, OSSEC and Security Onion. 45 3.5 Network Diagram VLAN 2 Accounts VLAN 3 Cataloguing/ Processing VLAN 5 Administration VLAN 4 Finance VLAN 6 Reception VLAN 7 Library Members Print Server Email/FTP Server Web Server DNS/DHCP Server Ethernet Router ASA-Firewall L.2 L.3 Core Switch L.2 IEEE-802.1q Trunk line Network Diagram for Proposed VLAN Architecture for Library L.2 L.2 L.2 L.2 L.2 L.2 Diagram Key UTP Cat 6a Straight Through Cable Cat 6 – Cross-Over Cable 172.16.1.35 172.16.1.36 172.16.1.38 172.16.1.37 172.16.1.47 172.16.1.34 172.16.1.46 172.16.1.45 172.16.1.33 172.16.1.39 172.16.1.40 172.16.1.41 172.16.1.42 172.16.1.43 172.16.1.44 Figure – 28: Image of the network diagram created in Microsoft Visio. The above image depicts the network diagram for the proposed VLAN network. 3.5.1 Analysis of Design From a security point of view the network is well secure and guarded against hacking attacks and viruses from entering because the network firewall and layer 2 switches have been placed in strategic locations, thus packets coming in and out of the VLAN have to pass through the firewall and layer 2 switches before gaining access to the web server or leaving the network. A layer 3 attack from the public access members VLAN is most likely to be thwarted because most attacks occur on the network layer, so due to the strategic placement of the layer 2 switches packets have to drop down from the (IP) network layer to the data link layer before gaining access to critical systems and resources, thus stopping potential attacks from occurring. 46 DNS server is required because the VLAN has a web server; so the websites name can be linked to the IP address of the server and vice versa, thus permitting users to access to the libraries website. The email server will allow a user to email other users faster and the FTP server will allow for file transfer of large files. DHCP server will provide dynamic IP addresses to six dissimilar VLANs and static IP addresses to the hardware devices. The router has a single copper straight through cable (Trunk) running to the firewall and all the VLANs will have sub-interfaces configured on one single physical interface on the router. Trunk line bottleneck will be reduced via configuration of the hardware devices. To prevent crosstalk and other electrical interferences the latest CAT 6a cables will be used for network connections. 3.5.2 Sub-netting and VLSM Ranges Segment Network ID IP Range Broadcast Address Subnet Mask Clients Per Subnet Actual Number of clients per Subnet VLAN 1 Hardware [VLSM] 172.16.1.32 172.16.1.33- 172.16.1.62 172.16.1.63 255.255.255.224/27 30 15 VLAN 2 172.16.2.0 172.16.2.1- 172.16.2.126 172.16.2.127 255.255.255.128/25 126 100 VLAN 3 172.16.3.0 172.16.3.1- 172.16.3.126 172.16.3.127 255.255.255.128/25 126 100 VLAN 4 172.16.4.0 172.16.4.1- 172.16.4.126 172.16.4.127 255.255.255.128/25 126 100 VLAN 5 172.16.5.0 172.16.5.1- 172.16.5.126 172.16.5.127 255.255.255.128/25 126 100 VLAN 6 [VLSM] 172.16.6.20 172.16.6.21- 172.16.6.38 172.16.6.39 255.255.255.224/27 30 10 VLAN 7 172.16.7.0 172.16.7.1- 172.16.7.126 172.16.7.127 255.255.255.128/25 126 100 Table – 1: Table depicting subnetting and VLSM ranges for each VLAN. 47 3.5.3 Chapter Summary The conclusion of this chapter has completed the successful selection of the hardware for the VLAN. After the analysis of the hardware the network diagram was designed and fortunately no problems were highlighted during analysis and design stage except for having to refer back to previous assignments for determining things like how much RAM, RAID configuration and hard drive space would be required for a VLAN consisting of approximately 500+ users. 48 Chapter 4 – Implementation 4.1 Chapter Introduction he implementation stage will involve creating the design. As discussed in erstwhile chapters the network will be emulated in Cisco packet tracer software. It will depict part of the network depicted in the network diagram. Also to be discussed is hurdles overcome during the implementation stage. All the code used for configuring devices on the software is documented and the chapter is concluded with a brief summary. 4.2 Implementation Figure – 29: Image of prototype simulation on Cisco Packet Tracer software. The above screenshot depicts the finished simulation in Cisco packet tracer. T 49 4.2.1 Challenges during Implementation Theoretically the implementation of the first solution would have been successful but unfortunately this was not the case, because during the implementation stage it was not possible to have two trunks between the firewall and the router with three VLANs configured on one trunk and the other three configured on the other trunk. This was because unlike the router where it is possible to configure multiple VLANs on a single physical interface; the firewall interface however would not permit multiple VLANs to be assigned to a single physical interface connecting via a trunk line to the router. This was a major setback in the project, thus an alternative solution was
found and implemented and is explained in the next section below. 4.2.2 Solution to the Problems and Challenges faced during Implementation The alternative solution entails having just one trunk line connecting to the router and then configuring sub-interfaces for all the VLANs. To reduce the possibility of trunk line bottleneck occurring a method known as VLAN pruning and ACL’s would be implemented. VLAN pruning would only allow specific traffic on the trunk lines and prune other VLAN traffic so it cannot cross the trunks. Unfortunately it was discovered that the switches in Cisco packet tracer do not support VTP pruning, therefore another new solution was found and implemented. So as an alternative to using VTP pruning to prune unnecessary broadcasts and low priority traffic; the trunk lines will be specifically configured to permit only specific VLAN traffic via the command, “switchport trunk allowed vlan [VLAN Number or range of VLANs]”. This command limits and restricts unnecessary broadcast and unicast traffic intended for other VLANs, and prevents broadcasts and unicast traffic from flooding the switch, by permitting the trunk line to only carry traffic from a specific VLAN or range of VLANs, thus reducing the likelihood of trunk line bottleneck from occurring via an excessive wastage of bandwidth consumed by unnecessary broadcast and unicast traffic flooding the network switches. In addition to this ACL’s or access control lists will be configured on the core switch to further limit traffic on the trunk lines and amplifying network security in the process. 50 Other major challenges faced during implementation was that there was a complete lack of knowledge of how to use the simulation software to implement the design created in the network diagram. There was absolutely no experience or knowledge of configuring devices using the command line interface (CLI) or SVI switch virtual interface. To overcome this and to gain the necessary knowledge required numerous online video tutorials was studied on how to configure devices in Cisco packet tracer. Another problem was remembering the code but it was soon discovered that the only way to remember it was to study and regularly practice it every day in the simulation software. Lastly it was not possible to configure the ASA firewall as there was insufficient time and resources to do so. But to compensate for the lack of firewall protection, the router has got a very high level of security configured on it so the network is not vulnerable to cyber-attacks and hacking. It has an MD5 password with a level 7 encryption on all passwords. To complement the high level of security on the router all the switches in the network also have a high level of security for authentication configured on them. 4.2.3 Core Layer 3 Switch Configuration Switch> Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 1 Switch(config-if)#ip address 192.168.1.3 255.255.255.0 Switch(config-if)#no shut Switch(config-if)# %LINK-5-CHANGED: Interface Vlan1, changed state to up Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.1.1 Switch(config)#^Z 51 Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] An IP address was assigned to the core layer 3 switch as depicted above. 4.2.3.1 Creating the VLANs Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#vlan 10 Switch(config-vlan)#exit Switch(config)#vlan 20 Switch(config-vlan)#exit Switch(config)#vlan 30 Switch(config-vlan)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… A VLAN for each department was created on the core layer 3 switch as depicted above. 4.2.3.2 IP Address for each logical VLAN Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 10 Switch(config-if)# 52 %LINK-5-CHANGED: Interface Vlan10, changed state to up Switch(config-if)#ip address 192.168.10.1 255.255.255.0 Switch(config-if)#no shut Switch(config-if)#int vlan 20 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan20, changed state to up Switch(config-if)#ip address 192.168.20.1 255.255.255.0 Switch(config-if)#no shut Switch(config-if)#int vlan 30 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan30, changed state to up Switch(config-if)#ip address 192.168.30.1 255.255.255.0 Switch(config-if)#no shut Switch(config-if)#^Z %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… The above configuration depicts that an IP address was configured for each VLAN on the core layer 3 switch. 4.2.3.3 Enabling Layer 3 IP Routing Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#ip routing Switch(config)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… 53 The above configuration depicts that, ‘IP routing’ was configured on the core layer 3 switch, thus enabling it to route on the network layer (layer 3) of the OSI model. 4.2.3.4 Configuration for Trunk Lines on Core Switch Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/21 Switch(config-if-range)#switchport trunk encap dot1q Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 10 Switch(config-if)#no shut Switch(config-if)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] The above configuration is depicting how trunk lines was configured for VLAN 10. In the same manner trunk lines was configured on the core layer 3 switch for the other VLANs on the switch. The configuration ‘wr mem’ was configured to save the configuration to the switches start up flash configuration file (NV RAM). 4.2.3.5 IP Helper Configuration on layer 3 Switch Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 1 Switch(config-if)#ip helper-address 192.168.1.2 Switch(config-if)#int vlan 10 54 Switch(config-if)#ip helper-address 192.168.1.2 Switch(config-if)#int vlan 20 Switch(config-if)#ip helper-address 192.168.1.2 Switch(config-if)#int vlan 30 Switch(config-if)#ip helper-address 192.168.1.2 Switch(config-if)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] 4.2.4 Configuration for Layer 2 Switch for VLAN 10 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 1 Switch(config-if)#ip address 192.168.1.4 255.255.255.0 Switch(config-if)#no shut Switch(config-if)# %LINK-5-CHANGED: Interface Vlan1, changed state to up Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.1.1 Switch(config)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] 55 The above configuration shows that an IP address and default-gateway was assigned in the same manner as above to every switch in the network. 4.2.4.1 Creation of VLAN 10 Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#vlan 10 Switch(config-vlan)#exit Switch(config)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… A VLAN was created for each department layer 2 switch, in the same manner as is depicted above. 4.2.4.2 Configuration for VLAN 10 Layer 2 switch Trunk Line Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/21 Switch(config-if)#switchport mode trunk Switch(config-if)#switchport trunk allowed vlan 10 Switch(config-if)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… 56 The trunk lines for the other VLANs, on the layer 2 switches was configured in the same manner as above. 4.2.4.3 Assigning VLAN 10 to Switch Port and STP Configuration Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/1 Switch(config-if)#switchpor
t mode access Switch(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc… to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. Switch(config-if)#int fa0/1 Switch(config-if)#switchport access vlan 10 Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] The configuration of the layer 2 switches for the other VLANs was configured as is done above. The STP configuration will eliminate time outs from occurring on the VLAN. The configuration 57 above was implemented in the same manner as above for the other layer 2 switches for each VLAN. 4.2.5 Configuration for Switches without DHCP Client Machines Attached Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int vlan 1 Switch(config-if)#ip address 192.168.1.8 255.255.255.0 Switch(config-if)#no shut Switch(config-if)# %LINK-5-CHANGED: Interface Vlan1, changed state to up Switch(config-if)#exit Switch(config)#ip default-gateway 192.168.1.1 Switch(config)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console Switch#wr mem Building configuration… [OK] Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/24 Switch(config-if)#switchport mode trunk Switch(config-if)#^Z Switch# %SYS-5-CONFIG_I: Configured from console by console 58 wr mem Building configuration… [OK] In the same manner the above configuration was implemented for the other layer 2 switches in the VLAN. 4.2.6 Router Configuration 4.2.6.1 AAA Security Authentication Configuration The difference between enable and enable secret is that the secret is already encrypted with MD5 encryption, which is the highest level of encryption and is a hashing algorithm which cannot be reversed. A point to be noted is that in the real world, in reality the password should be longer and consist of lower and upper case letters, numerals and symbols. However it should also be memorable as depicted below. 4.2.6.2 Enable Secret Configuration Router#enable Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret AS:DG%zz Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] The above configuration cannot be reversed using password cracking tools and is better to use than just, ‘enable’ because, ‘enable’ on its own is a type 7 password and not only will it be visible in the NV RAM memory file, but even if it was encrypted the encryption for the type 7 can still be 59 deciphered back to its original password by hackers. Also a point to note is that a password should never be a readable word that can be found in a dictionary and preferably at least 8 characters long. 4.2.6.3 Console Configuration Router> Router>enable Password: Password: Router#en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line con 0 Router(config-line)#password Ts9zX?3* Router(config-line)#login Router(config-line)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] Router# As the above configuration depicts two passwords was entered before access to the router was granted, evidence that the first security configuration worked. It also depicts that this time the CLI prompts the user to enter a password and the CLI like before does not go straight to, ‘user exec mode’. 60 Now the password for the console port has been configured and next depicted below is the configuration for telnet access, should it be required. Telnet protocol permits an administrator to remotely log on to client machines in the VLAN. 4.2.6.4 Telnet and Username Configuration User Access Verification Password: Router>enable Password: Password: Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line vty 0 4 Router(config-line)#password j&45P%@? Router(config-line)#login Router(config-line)#exit Router(config)#username jassi secret jassi Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] Router# The configuration above depicts a username has been configured and when the administrator logs on next instead of the prompt displaying password verification, it will display username first. ‘Line vty 0 4’ means the number of interfaces on the router that the router uses for incoming connections. Next usernames will be configured below so if a user logs in with their password 61 and makes changes then if a change is made, it can be looked up and known who made that change. 4.2.6.5 Local Login Configuration User Access Verification Password: Router>enable Password: Password: Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line con 0 Router(config-line)#login local Router(config-line)#end Router# %SYS-5-CONFIG_I: Configured from console by console Router#wr mem Building configuration… [OK] Router#logout The above configuration is to make the authentication of the network administrator or user, ‘local’; meaning username and password has to be entered before the user can gain access to make changes or implement configurations on the router according to their privilege level (next configuration on page 62. Every network administrator in employed by the library will require to login in to the router using their local credentials configured on the router. 62 4.2.6.6 Username and Privileges Configuration User Access Verification Username: cisco Password: Router>enable Password: Password: Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no username jassi Router(config)#username jassi privilege ? <0-15> User privilege level Router(config)#username jassi privilege 15 secret jassi Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] Router# Rather than just configuring a username for the chief administrator it was decided to assign him privileges, thus securing the network further. Persons with higher privilege levels will be able to execute more or all commands and persons with less privilege levels may only be able to execute specific commands on the routers CLI. Also when the privilege level is configured the administrator does not require to enter the ‘enable’ password and is started straight from, ‘privileged exec mode’ on the CLI or command line interface as can be seen at the beginning of the next configuration for sub-interfaces for each 63 VLAN. More users or administrators can be added to the routers local database, depending upon how many administrators will be employed by the library. In the same manner and method the security configurations was applied on the layer 3 and layer 2 switches in the VLAN using, ‘secret password’, ‘username’, ‘line vty’ and ‘console’ configurations for securing the switches, ‘after’ they was configured. 4.2.7 Sub-Interface Configuration User Access Verification Username: cisco Password: Router#en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int fa0/0.1 Router(config-subif)#encapsulation dot1q 1 Router(config-subif)#ip address 192.168.1.1 255.255.255.0 Router(config-subif)#no shut Router(config-subif)#exit Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] 64 Router#en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int fa0/0.10 Router(config-subif)#encapsulation dot1q 10 Router(config-subif)#ip address 192.168.10.1 255.255.2
55.0 Router(config-subif)#no shut Router(config-subif)#exit Router(config)#int fa0/0.20 Router(config-subif)#encapsulation dot1q 20 Router(config-subif)#ip address 192.168.20.1 255.255.255.0 Router(config-subif)#no shut Router(config-subif)#exit Router(config)#int fa0/0.30 Router(config-subif)#encapsulation dot1q 30 Router(config-subif)#ip address 192.168.30.1 255.255.255.0 Router(config-subif)#no shut Router(config-subif)#exit Router(config)#^Z Router# %SYS-5-CONFIG_I: Configured from console by console wr mem Building configuration… [OK] Router# The above configurations are depicting the logical sub-interfaces created on the routers single physical interface for all the VLANs in the network, thus acting as the respective gateway for each VLAN. 65 4.2.8 DHCP/DNS Server Configuration Figure – 30: Image of server IP address configuration. The above image is depicting the DNS/DHCP server IP address configuration. Figure -31: Image of DHCP pools. The above image is depicting the DHCP pool for each VLAN. 66 Figure – 32: Image of DNS configuration. The above image shows that a DNS record was created so personal and library members can access the web server resources. 4.2.9 Web Server (HTTP) Configuration Figure – 33: Image of web server IP address configuration. The above image is depicting the IP address configuration for the web server. 67 Figure – 34: Image of web server configuration. The above image is depicting the configuration for the web server’s website using HTML syntax for the coding. 4.2.10 Email/FTP Server Configuration Figure – 35: Image of Email/FTP server configuration. The above image is depicting the IP address assignment to the email and FTP server. 68 Figure – 36: Image of email server set-up. The above image is depicting the configuration of SMTP services in the email server for personal to communicate between the dissimilar departments and VLANs. The users name was put in the ‘user’ box and then a password was assigned for each user. 4.2.10.1 FTP Configuration Figure – 37: Image of FTP service set-up in the email and FTP server. The above screenshot depicts the configuration of FTP services. Each user was assigned dissimilar permissions of viewing and access for file services and then assigned a password. 69 4.2.11 Chapter Summary The implementation stage took the longest to complete due to reasons explained in the challenges faced section. The configuration has been done with success because the simulation green lights are on. However it is still necessary and required to test the devices, which will be done in the next chapter of this project. 70 Chapter 5 – Testing 5.1 Chapter Introduction he white box method will be used to check hardware devices in the simulation software. It is a technique that utilizes programming code to observe and scrutinize the output of a device (Webopedia.com, 2015). Coded inputs are exercised on the devices GUI so that the outputs can be examined. It is mostly used today for testing a path between devices at the time of integration amidst sub-systems throughout system level testing. It is vital for preventing errors and the tester should have excellent knowledge of the code required and what the correct outputs should be. Similarly the devices in the simulation was tested in the same manner as is depicted in this chapter. The white box method will be used because it is a proven and widely used method of testing in the networking field. Other methods evaluated and then rejected was black box testing; but was found not suitable as the internal working of the device cannot be tested and only tests to confirm the device is functioning or not. 5.2 Web Server Test Figure – 38: Image of the libraries website viewed from a DHCP client machine. T 71 The above screenshot is depicting the website from the administration VLAN 10 client machine belonging to the user, ‘Kristina’. The test was successful and the website is up and running and accessible by all the VLANs. 5.2.1 Ping from Layer 3 Core Switch to clients on all VLANs Figure – 39: Image of CLI interface on layer 3 Switch. The above screenshot is depicting a successful test, pinging client machines based on each VLAN in the network from the layer 3 core switch. 5.2.2 Ping Test from client machine on Members VLAN to the Router to check the Router is working correctly Figure – 40: Image of ping execution in CMD console. The above screenshot is a successful ping test from a client machine on the members VLAN to the routers gateway with zero packet loss. 72 5.2.3 Ping Test from VLAN 10 to VLAN 20 Figure – 41: Image of CMD console. The above image is depicting a successful ping communication from VLAN 10 to VLAN 20. 5.2.4 Email and FTP Server Test Figure – 42: Image of mail browser. The above screenshot is depicting an email that has been composed to send to from Paige on VLAN 20 (Reception) to Kristina in the Administration Department on VLAN 10. 73 Figure – 43: Image of mail browser. The above screenshot is depicting that the email was successfully sent to Kristina on VLAN 10. Figure – 44: Image of email browser. The above screenshot is depicting the email was received on VLAN 10 and was a success. 74 Figure – 45: Image of email browser. The above screenshot is depicting the email was successfully opened and viewed by Kristina on VLAN 10. The test was a success. 5.2.5 Test to check the Client Machine is receiving an IP address and Configuration Parameters are correct Figure – 46: Image of CMD console. The test result in the above screenshot depicts the client machine is receiving a DHCP IP address by using the loopback command, ‘127.0.0.1’. The same test was carried out from clients in the 75 other VLANs. Also the command, ‘ipconfig /all’ confirms the configuration parameters of the client machines and that there are no duplicate addresses existing. 5.2.6 Confirmation STP is Enabled and Functioning Figure – 47: Image depicting STP on layer 2 VLAN 30 switch. The above image is depicting STP is enabled on the switch for VLAN 30 and is enabled on all the switches in the network and is fully functioning and operational. The above image is of the root bridge and depicts that both the interfaces are ‘designated’ and in ‘forwarding’ mode. The default STP settings have been left as they was because the priority values do not require changing because STP will calculate each VLAN instance by itself using the default values. There may be multiple switches but there is not no redundant links or multiple links or trunks interconnecting between the switches for frames to pass on or for the switches to determine which path would be the quickest or the order of switches to go through to necessitate the 76 configuration of STP priority values at this present time, thus it was decided that the default values will suffice and STP priority values can be configured on the switches as the network grows and expands in the future. Figure – 48: Image of PVST configuration run. The above screenshot depicts the STP mode is, ‘PVST’ meaning per VLAN spanning-tree, taken from the running configuration command. It also depicts the hash algorithm generated by the router for the MD5 secret password and that the user, ‘jassi’ has got level privileges. 77 5.2.7 Chapter Summary The completion of this chapter has determined that all the devices tested was successfully configured to do what they was configured to do. However it is difficult to test if bottleneck would have occurred on the network because it could not be finished on time. Due to a lack of time and resources there was not enough time to configure the firewall; VLAN pruning and (ACL) access control lists on the core layer 3 switch in time; thus leaving the network with plenty of scope for future development. 78 Chapter 6 – Evaluation and Conclusion 6.1 Chapter Introduction he term evaluation means to assess and evaluate the worth of something by forming an idea on the outcome of whatever is being evaluated. Likewise this chapter entails the evaluation on the outcome of this project and its obje
ctives from dissimilar perspectives. 6.2 Evaluation against Objectives Objectives Evaluation 1. Literature Review Successfully completed without problems. 2. Analysis and Design Successfully completed without problems. 3. Implementation During the implementation there was some problems as it was discovered Cisco packet tracer did not support VLAN pruning for which an alternative command was used to limit VALN traffic on the trunks. STP was already enabled and configured by default, thus setting priority values was not necessitated as STP would use the switch with the lowest MAC address number to designate a root bridge and to set which interfaces are to be in T 79 forwarding mode and which are to be in blocking mode. However some STP configuration was done to stop DHCP clients from timing out. It was unfortunate that due to a lack of time and resources ACL’s had to be pushed to future implementation with the firewall. All the other objectives was implemented and the network was operational and functioning to satisfaction. 4. Testing Successfully completed without problems. 5. Evaluation and Conclusion Successfully completed without problems. Table – 2: Table depicting evaluation of objectives. 6.3 Project Managers Perspective Project management involves multiple processes, techniques, planning and knowledge to achieve a temporary endeavor commenced to create a distinctive product by exercising planned objectives to achieve a given output or benefit through systematic methodology or method (Dr Barnes, 2012). For the successful development, management and completion of this project a similar approach was adopted and a methodology was followed to ensure the project’s success and to guarantee that the resources was used efficiently. A project Gantt chart was created using, ‘OpenPROJ’ software. A Gantt chart defines a timeline for the projects objectives and tasks; it maps out which objectives need to be done and in what 80 order they have to be done. In simple language it is a plan of the projects aim broken down into individual tasks. The Gantt chart for this project is no different to the description above and defined the time it should take for each task from start to finish, and at the finish of each task the project development could be seen and was analyzed and evaluated at each stage. The project Gantt chart enabled a timeframe for each task so that at each milestone the project manager was able to concentrate and apply his attention on each objective and form an accurate timeline, thus each task or objective was successfully completed. However some tasks did take a little longer to complete and this was because of lack of time and resources, thus some criteria from a task (Implementation stage) was put forward for future implementation. 6.3.1 Developers Perspective The project has still got lots of scope for improvement and there are multiple objectives which can be implemented at any time in the future. Below is a list of objectives which are guaranteed to improve the VLAN in the future. o Firewall can be configured. o ACL’s or Access Control Lists can be configured on the core switch restricting traffic movement, thus reducing bottleneck on the trunk lines and enhancing security. o VLAN pruning can be configured to further reduce the likelihood of trunk line bottleneck from occurring (not enabled or supported in Cisco Packet Tracer, thus other software can be researched that supports VLAN pruning ). o Configuring STP priority values for each switch as the network expands in the future. o Servers are VMware enabled, thus they can support virtualization; so virtual servers can be implemented in the future. o Radius Server can be added and configured for member authentication. o NAT or Network Address Translation protocol can be configured on the router. 81 o The network can easily be upgraded to Gigabit Ethernet, thus further reducing the likelihood of trunk line bottleneck from occurring. o A contingency plan can be implemented in case of a power failure. o Climate controlled environ to protect hardware from overheating. o A proxy server can be added to the network. Nothing wrong happened in design and implementation. If anything wrong did happen in this project it was simply due to a lack of time and resources that some of the implementation goals have been moved to future implementation. Apart from that the network is operational and functioning as the testing stage is evidence to that. 6.3.2 Chapter Summary The summary of this chapter brings a close to the project. Project objectives have been evaluated briefly and future objectives have been listed. Lastly the conclusions below will go on to explain the overall thoughts of the developer of this project and what he’s learned from doing this project and if it was a success or not. Please refer to, ‘Appendix-A’ to view and read the project presentation and, ‘Appendix-B’ to see the original project specification document for this project. 82 Overall Conclusion Summary s explained above the developer of the VLAN believes the outcome to be a success because the core principals and foundations for improving ways to reduce trunk line bottleneck on a VLAN was laid. Theoretically the knowledge was attained, learned and except for the configuration of the ACL’s on the layer 3 switch; the project is considered to be a success in theory and implementation because Fast Ethernet, IP helper address, STP, sub-interfaces on the router along with the IEEE 802.1q protocol are implementations that have effectively achieved the aim of this project of improving ways to reduce bottleneck on a VLAN trunk. Had VLAN pruning been enabled on the devices in Cisco packet tracer then the project would have been even more of a success. To work around this minor complication the command, ‘switchport trunk allowed VLAN [number]’ was used. This is evidence that the project both in theory and implementation was a success. There is no argument that it cannot be improved as the developer is aware of this and has listed the appropriate steps to be implemented at any time in the future. A 83 Overall Project Conclusion aving no previous project management knowledge or experience I am happy with what I have achieved in such a short timeframe. It is not easy to do inter-VLAN configuration and there was multiple complex configurations implemented on the layer 3 switch and router, which have now been learned and saved to memory for future use. I have learned multiple things on this HND course and on this project. I have learned a little about project management, doing things in a methodical fashion, managing time and resources, I have also developed a deep understanding of analyzing and evaluating things from dissimilar perspectives, researching, troubleshooting network problems, presentation and presenting techniques and most of all I have learned practical knowledge of configuration code and how to use this code to configure hardware devices and networking protocols. I have thoroughly enjoyed doing the HND module and the project. I have learned and gained a truly colossal amount of knowledge and experience which will aid me in future projects both academically and from a work perspective. Now that I have developed a basic understanding of rudimentary and complex hardware configuration, if I should get a chance to do another project in the future then I would like to try something different; purely to expand my knowledge and learning and would like to explore network security and how to secure a network from intrusion and attacks. I would also like to learn Linux based systems, dissimilar authentication methods, and learn about designing and creating network architecture in more depth. H 84 Appendix –A HND Project Presentation This project was presented on the afternoon of Thursday 16th July 2015 at St-Patrick’s International College, Duncan House, High Street, Stratford, London, E15, in room G10. HND project assessors was project supervisors-: M. Hassan and A. Tanveer. Audience present at the day was-: Technology Groups
9b/10b and group 11. Presented by the author, project manager and developer of the project-: Sukhdev Jassi. Number of Slides-: 22. Analysis for each slide is documented beneath each slide of the presentation. Each slide was formatted with transitions and sound which was executed during the presentation. All slides was presented in the order depicted below. Figure – 49: Image of cover page of presentation. The presentation was started by reading out the cover slide and title to the audience. Slide Formatting-: Theme used-: Office. Transition used-: Curtains. Sound used-: Applause.wav. 85 Figure – 50: Image of order of presentation. The order of the presentation was read out next, as depicted in the above slide. Slide Formatting-: Theme used-: Office. Transition used-: Push. Sound used-: Push.wav. Figure -51: Image of contents page. In slide 3 above the contents page was read out. Slide Formatting-: Theme used-: Office. Transition used-: Flash. Sound used-: Camera.wav. 86 Figure – 52: Image of contents page. The contents page is continued on slide 4 and is explained to the audience so they know what the presentation entails. Slide Formatting-: Theme used-: Office. Transition used-: Uncover. Sound used-: Drumroll.wav. Figure -53: Image of introduction slide. The introduction slide above was verbally read out to the audience so they could form a better understanding of the project topic. Slide Formatting-: Theme used-: Office. Transition used-: Origami. Sound used-: Whoosh.wav. 87 Figure – 54: Image of project Aim slide. In the next slide above the audience was explained briefly the aim and purpose of the project. Slide Formatting-: Theme used-: Office. Transition used-: Fall Over. Sound used-: Explode.wav. Figure – 55: Image of project objectives slide. On slide 7 the objectives for the project was read out and some was briefly explained further. Slide Formatting-: Theme used-: Office. Transition used-: Wind. Sound used-: Wind.wav. 88 Figure -56: Image of requirements analysis slide. In the above slide the audience was explained how the requirements was analyzed and captured. Slide Formatting-: Theme used-: Office. Transition used-: Fracture. Sound used-: Bomb.wav. Figure – 57: Image of requirements analysis continued. In the above screenshot the audience was explained how the traditional VLAN concept works. Slide Formatting-: Theme used-: Office. Transition used-: Crush. Sound used-: Bomb.wav. 89 Figure – 58: Image of requirements analysis continued. In slide 10 above the requirements analysis is further explained from a network diagram. Slide Formatting-: Theme used-: Office. Transition used-: Dissolve. Sound used-: Chimes.wav. Figure – 59: Image of requirements analysis continued. Slide 11 above explained requirements necessitated to reduce trunk line bottleneck. Unfortunately due to high levels of anxiety on the day of presentation, ‘IP helper’ was not discussed and explained to the audience; but it was part of the requirements analysis and was configured on the core layer 3 switch (implementation chapter 4 on page 53 and 54). Slide Formatting-: Theme used-: Office. Transition used-: Page Curl. Sound used-: Suction.wav. 90 Figure – 60: Image of project SDLC. On slide 12 above the audience was explained which SDLC was selected for the project and why. Slide Formatting-: Theme used-: Office. Transition used-: Vortex. Sound used-: Voltage.wav. Figure – 61: Image of functional analysis slide. Before telling the audience what the functional analysis was, the meaning was explained as above and why it is important. Slide Formatting-: Theme used-: Office. Transition used-: Ripple. Sound used-: Arrow.wav. 91 Figure – 62: Image of functional analysis slide. Slides 14, 15 and 16 was read out to the audience, momentarily stopping on each evidence and explaining reasons why the hardware was selected for the VLAN. Slide Formatting-: Theme used-: Office. Transition used-: Glitter. Sound used-: Chimes.wav. Figure – 63: Image of functional analysis continued. Slide Formatting-: Theme used-: Office. Transition used-: Honeycomb. Sound used-: Type.wav. 92 Figure – 64: Image of functional analysis continued. Slide Formatting-: Theme used-: Office. Transition used-: Shred. Sound used-:Voltage.wav. Figure – 65: Image of network diagram slide. On slide 17 above the network diagram was explained in detail to the audience and how it works. Slide Formatting-: Theme used-: Office. Transition used-:Comb. Sound used-: Explode.wav. 93 Figure – 66: Image of finished product in Cisco packet tracer. Slide 18 depicted the network simulation and successfully demonstrated to the project supervisors and students watching that it worked. Slide Formatting-: Theme used-: Office. Transition used-: Orbit. Sound used-: Cashreg.wav. Figure -67: Image of conclusion slide. In the conclusion on slides 19 to 21 above and below the audience was explained future developments to ensure network reliability and management for the VLAN and to further reduce trunk line bottleneck. Slide Formatting-: Theme used-: Office. Transition used-: Switch. Sound used-: Click.wav. 94 Figure -68: Image of conclusion continued. Slide Formatting-: Theme used-: Office. Transition used-: Cube. Sound used-: Drumroll.wav. Figure -69: Image of conclusion continued. Slide Formatting-: Theme used-: Office. Transition used-: Airplane. Sound used-: Whoosh.wav. 95 Figure – 70: Image of final slide relating to feedback for the presentation. Slide Formatting-: Theme used-: Office. Transition used-: Fly. Sound used-:Applause.wav. Audience questions:- Mr. M. Hassan the project supervisor and another student from another group asked the same question, “Did you configure STP?” Due to the fact other students was waiting to present their projects, time was limited it was late afternoon also. Taking this into consideration and to prove STP was configured correctly; Cisco packet tracer was turned on and an ICMP echo request was sent from the server to the client machine in live simulation mode and then vice versa to confirm that it was indeed configured. A point to note is that STP is by default enabled and configured on all Cisco switches and the default configuration settings was used for the purpose of the VLAN network. In addition to this STP configuration was done to stop DHCP clients from timing out (Please refer to chapter 5, page 56 for STP configurations, and page 75 and 76 for testing screenshots). Also the email and DHCP server was tested in live simulation mode in front of the class, thus evidence was produced to show that client machines could successfully send and receive emails. 96 Appendix – B Below is the HND project specification document, submitted and approved on October 2014 and depicted below. HND Project Specification Document Student Name: Sukhdev Jassi Student ID: P1008915 Project Title: Improved Ways to Reduce Bottleneck of Router in VLAN Pathway: HND Network Engineering and Telecommunication Systems Table – 3: Project title. AIM: The major aim of this project is to research and find viable solutions to reduce or eliminate bottleneck on a trunk line on a VLAN network when multiple VLANs are configured on a single physical interface on the router. Objectives: 1. To create a project Gantt chart defining each stage and how long it will take to complete each stage and what each stage will entail in a report layout. To research on VLANs, routing, trunk lines, trunk protocols, sub-interfaces, causes of trunk line bottleneck on a VLAN network and to research viable solutions to trunk line bottleneck. 2. To analyze and design the network by creating a network diagram based on research from the first objective and then to assign or create a table with the IP configuration of all the devices in the network. All the functional requirements and non-functional requirements of the prospective design will be defined (hardware selection) technology used and why it was selected. 3. To implement the network using software simulation application like Cisco packet tracer or GNS3 and then document implementation configuration screenshots as evidence. 97 4. To define what testing method will be
used and then to test the network in the simulation software and again document the evidence (output). 5. The last objective will entail evaluating the objectives themselves from dissimilar perspectives. 6. The project will be concluded through the summarization of the project as a whole and it will be discussed if the aim was achieved. Also to be discussed in a third and overall conclusion will be the personal view of the project manager/developer and what he learned from the project and in what respect has it benefited him. 7. The last objective will be to create a PowerPoint presentation to present this project in class and to the project supervisors. Table – 4: Project aim and objectives. Brief Description: The project will comprise of six chapters and each chapter has its own timeline specified on the project Gantt chart. The project will conclude with a conclusion, appendix (will include the project presentation) and bibliography. This project is all about trunk line bottleneck when there is multiple sub-interfaces configured on a single physical interface on the router, thus packets don’t get enough bandwidth and are dropped or lost and have to be re-sent. So this project will investigate and explore the best solution to reduce trunk line bottleneck from occurring on trunk lines. To do this the objectives will be carried out and a VLAN network will be created for a small local library in the borough of London. The network will consist of 7 VLANs, six for the dissimilar departments and 1 VLAN for hardware devices (management VLAN). There will be 4 servers; DNS/DHCP, web server, email/FTP server and a print server. The network will also have 1 ASA Cisco firewall, 8 layer 2 switches, 1 layer 3 core switch and 1 network Ethernet router; also referred to as, ‘Router on a Stick’ design. An idea of how the network will look like is already established in the network diagram below and all that 98 needs doing now is research to find a viable solution to trunk line bottleneck problem. At this stage it is not possible to define a solution, therefore research will be carried out to find a viable solution to this problem after which the network diagram will be implemented in either GNS3 or Cisco packet tracer. At this stage it is unclear as to which software will be used as research needs to be conducted first to ascertain which simulation software will be suitable for this project. Trunk lines are susceptible to bottleneck because they can carry multiple signals across a single link or trunk, there for a VLAN network will be created to simulate the environment of the problem domain, thus a solution can be researched and then implemented and tested. After implementation stage testing will be carried out on the network to see if the configurations work. It is intended to end the project with an appropriate conclusion, after which a presentation will be created to present to the project supervisors and audience members of group 9b/10b. Below is the proposed network architecture proposed for the VLAN network-: VLAN 2 Accounts VLAN 3 Cataloguing/ Processing VLAN 5 Administration VLAN 4 Finance VLAN 6 Reception VLAN 7 Library Members Print Server Email/FTP Server Web Server DNS/DHCP Server Ethernet Router ASA-Firewall L.2 L.3 Core Switch L.2 IEEE-802.1q Trunk line Network Diagram for Proposed VLAN Architecture for Library L.2 L.2 L.2 L.2 L.2 L.2 Diagram Key UTP Cat 6a Straight Through Cable Cat 6 – Cross-Over Cable 172.16.1.35 172.16.1.36 172.16.1.38 172.16.1.37 172.16.1.47 172.16.1.34 172.16.1.46 172.16.1.45 172.16.1.33 172.16.1.39 172.16.1.40 172.16.1.41 172.16.1.42 172.16.1.43 172.16.1.44 Figure -71: Image of network diagram, created in Microsoft Visio. 99 For the successful management of the project a timeline and methodology will be followed for each stage. Below is the Gantt chart for this project-: Figure – 72: Image of Gantt chart, created in OpenProj. Each stage of the project will be done in a methodical fashion. To do this a system devleopemt lifecycle has been selected for this project, that will enable each stage to be completed according to a structure so it is easy to manage. Below is the (SDLC) system development lifecycle selected for this project-: Figure – 73: Image of system development lifecycle (C3ns.com, 2013). 100 The image above is depicting the, ‘Waterfall Life Cycle’ (SDLC) for this project. It was selected because it enables each stage to be evaluated before moving on, thus reducing the occurrence of iterations and stages overlapping each other and it is not complicated, hence it is anticipated the project will be easy to manage and realize. Table – 5: Network diagram, SDLC, Gantt chart. Special Conditions; e.g. assumptions, risks Assumptions at this stage of the project are that Cisco devices are likely to be used in the network design and implementation phase of the project due to Cisco’s prevalence in today’s market and the Cisco Packet Tracer software which will be used to emulate the VLAN network in. Assuming Cisco products will be used in the implementation stage it is quite likely that some configurations may be dissimilar to other vendors in the current market, regardless of this fact any of the VLAN concepts discussed in the literature review and depicted throughout the other stages of the project, can be transferred to devices manufactured thru other hardware vendors in the market. As with all projects of any category and nature there is always an element of risk and this project is no different. Therefore it can be said there may be a risk of not fully completing all the aims and objectives in one year. Consequently if because of lack of time and resources their maybe some aims and objectives incomplete at the time of submission, then it can be assumed that these will be part of future objectives and considerations. Table – 6: Special conditions and assumptions. There may be a risk of not fully completing all my objectives in one year and any that may be incomplete at the time of submission then it can be assumed that these will be part of future objectives and considerations the library management can consider to implement. Resources: Below is a list of books which will be read to gather information to assist in the creation of the VLAN network and towards finding a viable solution-: 101  Aboelela, E., Peterson, L. and Davie, B. (2008). Network simulation experiments manual. Amsterdam: Elsevier/Morgan Kaufmann.  Boursas, L. (2008). Systems and virtualization management. Berlin: Springer.  Castelli, M. (2003). Network sales and services handbook. Indianapolis, IN: Cisco Press.  Dubrawsky, I. (2007). How to cheat at securing your network. Burlington, MA: Syngress.  Edwards, J., Bramante, R. and Martin, A. (2006). Nortel guide to VPN routing for security and VoIP. Indianapolis, IN: Wiley Pub.  Edwards, W., Jack, T. and Lammle, T. (2006). CCNP® Complete Study Guide. Hoboken: John Wiley & Sons.  Fifield, T. (2014). OpenStack operations guide. [Sebastopol, Calif.?]: O’Reilly.  Froom, R., Sivasubramanian, B. and Frahim, E. (2010). Implementing Cisco IP switched networks (Switch) foundation learning guide. Indianapolis, IN: Cisco Press.  Iniewski, K. (2010). Internet networks. Boca Raton: CRC Press.  Johnson, A. (2013). CCENT Practice. Indianapolis: Cisco Press.  Lammle, T. (2011). CCNA Cisco Certified Network Associate Deluxe Study Guide, (Includes 2 CD-ROMs). Hoboken: John Wiley & Sons, Inc.  Miller, M. (2007). Absolute beginner’s guide to computer basics. Indianapolis, Ind.: Que.  Miller, P. and Cummins, M. (2000). LAN technologies explained. Boston: Digital Press.  Steinke, S. (2003). Network Tutorial. Burlington: Elsevier.  Zacker, C. and Doyle, P. (1996). Upgrading and repairing networks. Indianapolis, IN: Que. *A point to note is that it is not intended to read the whole book and only relevant sections and parts will be read and used for the project. Table – 7: Bibliography. 102 Teachers Feedback and Declaration box Lecturer’s Comments: SIGN
ED OFF: Malcolm Thompson STUDENT: Sukhdev Jassi DATE: 24/10/2014 Project Supervisor Table – 8: Declaration box. NOTE: Projects MUST be signed off by the Fourth Week from commencement of project There can be no change in Project Proposal once it has been signed off. 103 Bibliography Alberghetti, D. (2015). danscourses. [online] YouTube. Available at: https://www.youtube.com/user/danscourses [Accessed 29 Jul. 2015]. Ali, K. (2015). Analysis and Design. [online] Stponline.co.uk. Available at: http://stponline.co.uk/course/view.php?id=894 [Accessed 29 July 2015]. Apm.org.uk, (n.d.). What is project management? | Association for Project Management. [online] Available at: https://www.apm.org.uk/WhatIsPM [Accessed 29 Jul. 2015]. Beal, V. (2015). What is Black Box Testing? Webopedia. [online] Webopedia.com. Available at: http://www.webopedia.com/TERM/B/Black_Box_Testing.html [Accessed 29 Jul. 2015]. Bimrah, K. (2015). HND Project Report Outline. [online] Stponline.co.uk. Available at: http://stponline.co.uk/course/view.php?id=894 [Accessed 29 July 2015]. Cabrera, C. (2009). Tutorial Packet Tracer 5.1: Nube Fame Relay. [online] YouTube. Available at: https://www.youtube.com/watch?v=bpiAl9hrGa8 [Accessed 29 Jul. 2015]. Cisco, (2015). Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads. [online] Available at: http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/aci-fabric-controller/white-paper-c11-729587.html [Accessed 29 Jul. 2015]. Cisco, (2015). Cisco 2911 Integrated Services Router. [online] Available at: http://www.cisco.com/c/en/us/products/routers/2911-integrated-services-router-isr/index.html [Accessed 29 Jul. 2015]. 104 Cisco, (2015). Cisco Catalyst 2960-S and 2960 Series Switches with LAN Base Software Data Sheet. [online] Available at: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-series-switches/product_data_sheet0900aecd80322c0c.html [Accessed 29 Jul. 2015]. Cisco, (2015). In-depth Overview of Network Security Features for Cisco Integrated Services Routers Generation 2. [online] Available at: http://www.cisco.com/c/en/us/products/collateral/routers/1900-series-integrated-services-routers-isr/white_paper_c11_556320.html [Accessed 29 Jul. 2015]. Cisco, (2015). Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches. [online] Available at: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html [Accessed 29 Jul. 2015]. Cisco, (2015). Understanding and Configuring Spanning Tree Protocol (STP) on Catalyst Switches. [online] Available at: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/5234-5.html [Accessed 29 Jul. 2015]. Cisco.com, (2013). Cisco Catalyst 2960-S Series Switches. [online] Available at: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-s-series-switches/data_sheet_c78-726680.pdf [Accessed 29 Jul. 2015]. Cisco.com, (2015). NetFlow Configuration Guide, Cisco IOS Release 12.4 – NetFlow Layer 2 and Security Monitoring Exports [Cisco IOS Software Releases 12.4 Mainline]. [online] Available at: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/12-4/nf-12-4-book/nf-lay2-sec-mon-exp.html [Accessed 4 Jan. 2015]. Cse.wustl.edu, (2015). Virtual Local Area Networks. [online] Available at: http://www.cse.wustl.edu/~jain/cis788-97/ftp/virtual_lans/ [Accessed 4 Jan. 2015]. 105 Dell.com, (2004). What is VLAN Routing?. [online] Available at: http://www.dell.com/downloads/global/products/pwcnt/en/app_note_38.pdf [Accessed 29 Jul. 2015]. Diaz, L. (2015). The Networking Doctors. [online] YouTube. Available at: https://www.youtube.com/user/thenetworkingdoctors [Accessed 29 Jul. 2015]. Eriksson, U. (2012). Functional Requirements vs Non Functional Requirements. [online] ReQtest. Available at: http://reqtest.com/requirements-blog/functional-vs-non-functional-requirements/ [Accessed 29 Jul. 2015]. Google Books, (2015). Todd Lammle’s CCNA IOS Commands Survival Guide. [online] Available at: https://books.google.co.uk/books?id=5qAzFCSToRwC&pg=PA123&dq=VLAN&hl=en&sa=X&ei=h-OmVOTQLaap7Aach4DoDg&ved=0CEIQ6AEwBQ#v=onepage&q=VLAN&f=false [Accessed 4 Jan. 2015]. Hassan, M. (2015). Project Report Layout. [online] Stponline.co.uk. Available at: http://stponline.co.uk/course/view.php?id=894 [Accessed 29 July 2015]. Howtogeek.com, (2011). What Kind of Ethernet (Cat-5/e/6/a) Cable Should I Use?. [online] Available at: http://www.howtogeek.com/70494/what-kind-of-ethernet-cat-5e6a-cable-should-i-use/ [Accessed 29 Jul. 2015]. http://ocw.mit.edu/, (2001). SYSTEMS ENGINEERING FUNDAMENTALS. [online] Available at: http://ocw.mit.edu/courses/aeronautics-and-astronautics/16-885j-aircraft-systems-engineering-fall-2005/readings/sefguide_01_01.pdf [Accessed 29 Jul. 2015]. Olzak, T. (2012). VLAN Network Segmentation and Security- Chapter 5 – InfoSec Institute. [online] InfoSec Institute. Available at: http://resources.infosecinstitute.com/vlan-network-chapter-5/ [Accessed 29 Jul. 2015]. 106 Orbit-computer-solutions.com, (2013). VTP Pruning Explained: how to configure VTP Pruning on Cisco router. [online] Available at: http://www.orbit-computer-solutions.com/VTP-Pruning.php [Accessed 29 Jul. 2015]. Osama, W. (2008). How-to: Configure spanning tree protocol (STP) Part1. [online] Networkers-online.com. Available at: http://www.networkers-online.com/blog/2008/07/how-to-configure-spanning-tree-protocol-stp-part1/ [Accessed 29 Jul. 2015]. Pina, A. (2011). DHCP Relay with Switch L3. [online] YouTube. Available at: https://www.youtube.com/watch?v=eQfAgKLgKbE [Accessed 29 Jul. 2015]. Rouse, M. (2015). What is spanning tree protocol (STP)? – Definition from WhatIs.com. [online] SearchNetworking. Available at: http://searchnetworking.techtarget.com/definition/spanning-tree-protocol [Accessed 29 Jul. 2015]. Sands, J. (2010). Packet tracer 5.1 and VTP pruning | Getting Started with LANs | Cisco Support Community | 5896 | 10695101. [online] Supportforums.cisco.com. Available at: https://supportforums.cisco.com/discussion/10695101/packet-tracer-51-and-vtp-pruning [Accessed 29 Jul. 2015]. Snyder, J. (2014). First Look: Cisco ACI re-imagines the enterprise data center network. [online] Network World. Available at: http://www.networkworld.com/article/2174735/lan-wan/lan-wan-first-look-cisco-aci-re-imagines-the-enterprise-data-center-network.html [Accessed 29 Jul. 2015]. Sqa.org.uk, (2007). Functional and Non-Functional Requirements. [online] Available at: http://www.sqa.org.uk/e-learning/SDM03CD/page_02.htm [Accessed 29 Jul. 2015]. Stallings, W. (2015). Software-Defined Networks and OpenFlow – The Internet Protocol Journal, Volume 16, No. 1. [online] Cisco. Available at: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_16-1/161_sdn.html [Accessed 29 Jul. 2015]. 107 Stponline.co.uk, (2015). Online E-Learning System. [online] Available at: http://stponline.co.uk/course/view.php?id=777 [Accessed 29 Jul. 2015]. Varadarajan, S. (1997). Virtual Local Area Networks. [online] Cse.wustl.edu. Available at: http://www.cse.wustl.edu/~jain/cis788-97/ftp/virtual_lans/ [Accessed 29 Jul. 2015]. Wattuhewa, S. (2015). Literature Review. [online] Stponline.co.uk. Available at: http://stponline.co.uk/course/view.php?id=894 [Accessed 29 July 2015]. Wattuhewa, S. (2015). Project Definition. [online] Stponline.co.uk. Available at: http://stponline.co.uk/course/view.php?id=894 [Accessed 29 July 2015]. Wellman, R. (2012). Lab 4 – Configuring Passwords. [online] YouTube. Available at: https://www.youtube.com/watch?v=RVDQ2fJvVnM [Accessed 29 Jul. 2015]. Wellman, R. (2014). Ron Wellman. [online] YouTube. Available at: https://www.youtube.com/channel/UC547mwnoxlr-3LtL-ylf8iQ [Accessed 29 Jul. 2015]. yousfi, R. (2011). 6 Inter-VLAN Routing | World of Cisco Networking. [online] Internetworkmaterials.blogspot.co.uk. Available at: http://internetworkmaterials.blogspot.co.uk/2011/07/6-inter-vlan-routing.html [Accessed 29 Jul. 2015].

Leave a Reply

Your email address will not be published.