PART 1 - Introduction
The first part of your report should be introduction to the project. Although this is the first part you should include in your report, it should be the last part that you write. In your introduction you are to provide an outline for each of parts 2, 3, and 4.
What to include:
• Describe the overall task of assessing and redesigning the network.
• Explain why it is important to produce a well-designed network diagram.
• Explain why it is necessary to create and document the separate subnets for the network.
• Explain why new equipment is needed for the new branches, the basic role of the switches and routers, and the process you used to select the equipment.
The introduction should be well-articulated: clear, concise, and use correct spelling and grammar. The intended audience for the introduction can be assumed to have basic technical knowledge but are not networking experts. The introduction should be no longer than a page.
PART 2 - Network specifications and diagram
You have been given a rough sketch of the network topology below. You are to draw the network using Visio, subnet the network (see part 3), and assign port numbers and IP addresses to ports.
• Only include one switch in you diagram for each LAN or WLAN (even if more are required)
• Servers should be on their own LAN
• The Internet router port address is 184.108.40.206/30
• The Gosford router is connected to the Internet and provides access to the public backbone
PART 3 - Subnet the network using VLSM, and assign IP addresses to the appropriate devices.
Each location has the following number of hosts
Gosford, Canberra, Cairns, and Mackay each include a wireless LAN for clients to use.
Use VLSM to subnet the network topology using a public class B network. You are to use the table format below to provide the subnet details.
Table 1. Subnets (including WAN subnets)
Spreadsheet Columns: Subnet name, subnet address, subnet mask (in slash format), first useable address, last useable address, broadcast address, static address range and DHCP address range (all addresses to be in dotted decimal notation)
Table 2. Router Interfaces
Spreadsheet Columns: Location, interface, IP address, subnet mask (in slash format)
Table 3. Servers
Spreadsheet Columns: Location, server name, IP address, subnet mask (in slash format)
• Choose one public B class network address for the entire network and subnet this block of addresses to optimise spare addresses for future expansion.
• Place the WAN subnets in the blocks directly following the LAN address space.
• Add 100% to each subnet to allow for growth in the number of hosts specified for each LAN (i.e. workstations × 2). Do not allow for any growth in the number of servers or size of WLANs
• DHCP will to be used for IP address allocation for hosts in each subnet and these ranges are to be allocated for each LAN.
• Static IP addresses are to be allocated where appropriate.
• The ISP has given us an IP address of 220.127.116.11/30 for our Internet connection at Gosford.
PART 4 - Research and source appropriate devices justifying choices (feasibility, efficiency, etc.)
You are to research and submit a project procurement plan for the Mackay network. The devices you must include are routers, switches, and wireless access points. Make sure the devices you select can handle the number of workstations required and provide a good quality of service to wired and wireless users.
Your project plan and final recommendations should be based on a Weighted Decision Matrix (like the WDM you did in the Procurement Practical). You are to compare five (5) devices from each category and to base the decision on reasonable and well-justified attributes.
The budget for procurement is $7,500. You may exceed this if you can justify it well.
Your project plan is to contain the following components:
Weighted Decision Matrix - hardware resource requirements analysis
• Include a written justification for priorities and attributes given in the matrix
• Create your WDMs in Excel and copy and paste them into your Word doc
• Create a well-presented table of the prices of all devices and the total cost
• Include hardware only, not labour
PART 5 – Access Control Lists
Write ACL tables, in the format taught in the workshops, to address the following security requirements.
Requirements for all ACLs
• A CLs are to be placed in the optimal position to minimise bandwidth unless the location of the ACL is specified
• Do not rely on the implicit deny any any
• No ACL is required on a port where all traffic is permitted
• Create one ACL table per router
a) Access to the Internet and public backbone
Apply these ACL/s to serial 0/0 on the Gosford router.
1. External hosts outside the organisation (on the Internet) must only be able to access the Gosford Web server on the public backbone using HTTP and HTTPS.
2. No other external access is permitted into the organisation from the Internet.
3. Internal hosts must only be able to communicate out to the Internet using HTTP and HTTPS (Hint: established connections must be allowed to communicate back into the private network).
b) Gosford and Canberra
4. The Gosford and Canberra LANs should have unrestricted access to the Internet, and to the Gosford servers.
5. The Gosford and Canberra WLANs should have HTTP and HTTPS access to the Internet, and to the Gosford Web server, but no access to anywhere else on the corporate network.
6. The Gosford Web server should have unrestricted communication via HTTP and HTTPS and be able to respond to ping requests from internal hosts.
7. No traffic from outside the corporate network should be able to reach the Gosford Computer server.
c) The other sites
8. The other LANs should have HTTP and HTTPS access to the Internet and to the Gosford Web server. The exception is the Adelaide LAN, which should have unrestricted Internet access.
9. The Gosford and Canberra WLANs should have HTTP and HTTPS access to the Internet, and to the Gosford Web server, but no access to anywhere else on the corporate network.
10. The Adelaide Backup servers should be able to initiate connections anywhere within the corporate network without restriction.
11. Only traffic from established connections and from the Adelaide LAN is permitted to reach the Adelaide Backup servers. All other access should be blocked.