Phoenix - Your AI AssistantCisco packet tracer project
- Posted:
- Proposals: 10
- Remote
- #4351914
- Awarded
Dhaka 
Description
Experience Level: Entry
Network Design
Plan to create five distinct networks representing different segments: Headquarters (HQ), Branch Office 1, Branch Office 2, Data Center, and a DMZ. Each network should include end devices (workstations, laptops, printers, etc.), layer 2 switches, layer 3 devices (router or multilayer switch), servers (e.g., file servers, application servers), and any additional specialized devices (e.g., load balancers, VPN appliances).
To ensure clarity, begin by designing a logical topology to capture how the five networks interchange traffic, and then map that logical design to a physical topology. Factor in each office’s size, device count, bandwidth needs, and topological constraints (e.g., whether offices are connected in a hub-and-spoke pattern or a partial/full mesh).
IP Addressing
For IP addressing, employ a structured hierarchical design. One recommendation is to use private IP address space (e.g., 10.x.x.x or 192.168.x.x) subdivided to deliver unique address ranges for each network segment. Use Variable Length Subnet Masking (VLSM) to optimize IP assignments.
To illustrate:
HQ could use 10.10.0.0/22 to accommodate a larger device count.
Branch Office 1 might use a smaller subnet like 10.20.1.0/24.
Branch Office 2 might also use a /24, e.g., 10.30.1.0/24.
The Data Center often requires more subnets to isolate services, such as a server segment 10.40.0.0/24 and a management segment 10.40.1.0/24.
The DMZ can exist in a separate range like 10.50.0.0/24.
Make sure each subnet’s range is sufficient for the current number of devices and offers headroom for future growth. Map these subnet assignments clearly in a spreadsheet or diagram.
Network Connectivity Verification
After configuring the underlying network devices, verify connectivity with at least 10 ping tests. These tests should reflect real-world scenarios:
From a PC in Branch Office 1 to a server in the Data Center.
From a PC in HQ to a PC in Branch Office 2.
From the DMZ to the internal server in HQ (ensuring that necessary firewall rules allow or deny as required).
Between servers in the Data Center and end devices in HQ.
Any other cross-segment paths that help confirm routing is established correctly on each segment.
Include trace routes where relevant, particularly if you need to inspect intermediate hops or confirm which routing path is being taken.
Routing Protocol Configuration
Use two different routing protocols to manage traffic between locations. OSPF (Open Shortest Path First) is a common choice for internal routing, providing quick convergence and a hierarchical structure. BGP (Border Gateway Protocol) can be used between autonomous systems or for large networks acting like multiple autonomous systems.
OSPF: Configure it for all internal interfaces, grouping similar networks into OSPF areas. Commonly, HQ and Data Center might act as Area 0 (the backbone), while branches can be placed into separate areas.
BGP: Configure eBGP if different sites or regions belong to separate autonomous system numbers, especially if connecting across a WAN or multiple service providers. Otherwise, iBGP can be used for a multi-area internal design that requires policy-based routing or granular traffic engineering.
Carefully tune route metrics and summarize routes at area boundaries (for OSPF) or use route filters and community tags (for BGP) to keep the routing tables concise.
Security Policies
For each of the five networks, set security policies that reflect their particular risk profiles and compliance needs. Implement standard airport-like zones in a firewall:
DMZ: Strictly control inbound and outbound traffic, commonly allowing only necessary public-facing services (e.g., HTTP/HTTPS for web servers).
Data Center: Restrict external access, allow legitimate traffic from HQ or authorized branches, and enforce segment-level controls between different server tiers.
Branch Offices: Permit internal corporate traffic while funneling Internet access through a centralized firewall or local firewall with standardized security.
Headquarters: Typically the most extensive set of policies to handle multiple business groups, possibly including VPN connections to Branch Offices.
Segmentation: Use VLANs or separate subnets in each site to segregate sensitive data, guest access, or user groups.
Additionally, configure ACLs, intrusion detection/prevention systems, and log monitoring to ensure that unauthorized traffic is blocked and security events are captured. If possible, employ next-generation firewall features for advanced threat detection.
Plan to create five distinct networks representing different segments: Headquarters (HQ), Branch Office 1, Branch Office 2, Data Center, and a DMZ. Each network should include end devices (workstations, laptops, printers, etc.), layer 2 switches, layer 3 devices (router or multilayer switch), servers (e.g., file servers, application servers), and any additional specialized devices (e.g., load balancers, VPN appliances).
To ensure clarity, begin by designing a logical topology to capture how the five networks interchange traffic, and then map that logical design to a physical topology. Factor in each office’s size, device count, bandwidth needs, and topological constraints (e.g., whether offices are connected in a hub-and-spoke pattern or a partial/full mesh).
IP Addressing
For IP addressing, employ a structured hierarchical design. One recommendation is to use private IP address space (e.g., 10.x.x.x or 192.168.x.x) subdivided to deliver unique address ranges for each network segment. Use Variable Length Subnet Masking (VLSM) to optimize IP assignments.
To illustrate:
HQ could use 10.10.0.0/22 to accommodate a larger device count.
Branch Office 1 might use a smaller subnet like 10.20.1.0/24.
Branch Office 2 might also use a /24, e.g., 10.30.1.0/24.
The Data Center often requires more subnets to isolate services, such as a server segment 10.40.0.0/24 and a management segment 10.40.1.0/24.
The DMZ can exist in a separate range like 10.50.0.0/24.
Make sure each subnet’s range is sufficient for the current number of devices and offers headroom for future growth. Map these subnet assignments clearly in a spreadsheet or diagram.
Network Connectivity Verification
After configuring the underlying network devices, verify connectivity with at least 10 ping tests. These tests should reflect real-world scenarios:
From a PC in Branch Office 1 to a server in the Data Center.
From a PC in HQ to a PC in Branch Office 2.
From the DMZ to the internal server in HQ (ensuring that necessary firewall rules allow or deny as required).
Between servers in the Data Center and end devices in HQ.
Any other cross-segment paths that help confirm routing is established correctly on each segment.
Include trace routes where relevant, particularly if you need to inspect intermediate hops or confirm which routing path is being taken.
Routing Protocol Configuration
Use two different routing protocols to manage traffic between locations. OSPF (Open Shortest Path First) is a common choice for internal routing, providing quick convergence and a hierarchical structure. BGP (Border Gateway Protocol) can be used between autonomous systems or for large networks acting like multiple autonomous systems.
OSPF: Configure it for all internal interfaces, grouping similar networks into OSPF areas. Commonly, HQ and Data Center might act as Area 0 (the backbone), while branches can be placed into separate areas.
BGP: Configure eBGP if different sites or regions belong to separate autonomous system numbers, especially if connecting across a WAN or multiple service providers. Otherwise, iBGP can be used for a multi-area internal design that requires policy-based routing or granular traffic engineering.
Carefully tune route metrics and summarize routes at area boundaries (for OSPF) or use route filters and community tags (for BGP) to keep the routing tables concise.
Security Policies
For each of the five networks, set security policies that reflect their particular risk profiles and compliance needs. Implement standard airport-like zones in a firewall:
DMZ: Strictly control inbound and outbound traffic, commonly allowing only necessary public-facing services (e.g., HTTP/HTTPS for web servers).
Data Center: Restrict external access, allow legitimate traffic from HQ or authorized branches, and enforce segment-level controls between different server tiers.
Branch Offices: Permit internal corporate traffic while funneling Internet access through a centralized firewall or local firewall with standardized security.
Headquarters: Typically the most extensive set of policies to handle multiple business groups, possibly including VPN connections to Branch Offices.
Segmentation: Use VLANs or separate subnets in each site to segregate sensitive data, guest access, or user groups.
Additionally, configure ACLs, intrusion detection/prevention systems, and log monitoring to ensure that unauthorized traffic is blocked and security events are captured. If possible, employ next-generation firewall features for advanced threat detection.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
Hello
Is it required to document the used CLI commands?