Professional Documents
Culture Documents
7393 - BD00345 - SE06202 - Assigment 2 - Ngô Nguyễn Nhật Linh
7393 - BD00345 - SE06202 - Assigment 2 - Ngô Nguyễn Nhật Linh
INFORMATION TECHNOLOGY
ASSIGNMENT 2
UNIT: NETWORKING
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the
consequences of plagiarism. I understand that making a false declaration is a form of malpractice.
Student’s signature:
NHATLINH
Grading grid
P5 P6 P7 P8 M3 M4 D2 D3
Summative Feedbacks: Resubmission Feedbacks:
i
TABLE OF CONTENT
INSTRUCTOR/SUPERVISOR/ASSESSOR……………………………………………………………….……………………….i
REVIEWERS……………………………………………………………………………………………………………………..…….…..ii
INTRODUCTION ......................................................................................................................... 1
1. Provide a logical/physical design of the networked system with clear explanation and
addresing table (P5) .........................................................................................................................2
1.1. Explain the difference between logical and physical design ....................................2
1.2. Discuss and explain the USER Requirement for the design ......................................6
1.3. Provide a logical design of the network base on user requirement .........................7
1.4. Provide a physical design of the network based on user requirement ..................11
1.5. Provide addressing table for the network you design. ...........................................13
2.1. Provide test plan (Screen shot of evidence of test such as ping test – connectivity
test etc.) .....................................................................................................................................15
3. Install and configure network services and applications on your choice. (M3) ...................25
ii
3.5 Configuation Router – Wifi.......................................................................................44
3. Document and analyze test results against expected results. (P8) ......................................61
3.1. Provide a step by step configuration of network devices in the network (Choose a
device in the network and provide all the steps for configuration) ..........................................61
CONCLUSION ........................................................................................................................... 97
REFERENCES ............................................................................................................................ 99
iii
LIST OF TABLES AND FIGURES
vii
LIST OF ACRONYM
IP Internet Protocol
viii
INTRODUCTION
In information technology industry, computer networks, also known as computer networks,
play an important role in the research and implementation of methods, technologies, designs and
protocols to connect devices information and systems together. Thanks to computer networks, we
have the ability to easily and effective to share resources, transmit information, and interact over
networks.
To better understand the basics of network design, we need to know about logical design and
physical design. Logical design helps us understand how network components interact with each
other to ensure smooth and efficient network operation. Whereas, physical design deals with in-
stalling, connecting, and maintaining network hardware and software.
This article focuses on learning about these two types of design and also comparing the differ-
ences between them. We will then proceed to provide the logical design and the physical design
for the specific project. Finally, the article will analyze and evaluate user requirements, thereby
making appropriate comments and conclusions. Let's find out in this essay.
- Logical design in networking refers to focusing on how different network components in-
teract and communicate without considering specific physical devices. It involves determining the
network's overall structure, IP addressing scheme, routing protocols, network services, quality of
service (QoS) policies, security measures, and network address translation (NAT) policies. Logical
design forms the foundation for the physical implementation of the network and aids in easier de-
ployment and management of network elements.
- Physical design in networking is the process of implementing the abstract logical design
into actual hardware and physical components. It involves selecting networking devices, planning
cable layouts, device placements, and power requirements, organizing equipment in racks, consid-
ering physical security, conducting testing. The physical design involves a diagram of the actual way
the network will be seen.
The difference between logical design and physical design of a network is in the way they
are presented. The logical design is more conceptual and abstract than the physical design. In the
logical design, you look at the logical relationships among the objects. In the physical design, you
look at the most effective way of storing and retrieving the objects.
Components Addresses network structure, IP ad- Involves hardware selection, cable ar-
dressing, routing, VLANs, etc. rangement, device placement, etc.
Abstraction Hides specific hardware details Includes specific hardware and physical
infrastructure details
Flexibility Easily modified or updated as net- Changes may require physical adjust-
work requirements change ments and hardware upgrades
Ease of Testing Easy to simulate and test in a virtual Testing requires real hardware and phys-
environment ical connectivity
Deployment Quicker design and modification Longer due to physical setup and config-
Time urations
Risk Factor Lower risk during testing and de- Higher risk due to physical setup and po-
ployment tential hardware issues
• Timeliness
• Interactivity
• Reliability
• Presentation quality
• Adaptability
• Security
• Functionality
• Supportability
• Future growth
❖ Requirements of assignment scenario:
- People: 200 students, 15 teachers, 12 marketing and administration staff, 5 higher manag-
ers including the academic heads and the programmer managers, and 3 computer network admin-
istrators.
- Building: 3 floors, all computers and printers are on the ground floor apart from the IT labs
– one lab located on the first floor and another located on the second floor.
- Due to the guidance of engineer and user requitement, I divide into 3 floors which ground
floor will have 1 wifi department, 3 printer and 35 computers included 4 rooms are Manager's
room, Network Manager's room, Staff's room, Teacher's room, first - floor will have 25 student lab
computers and 1 wifi department, second- floor will have 1 wifi department and 25 student lab
computers.
Ground Floor:
First Floor
- 1 wifi department
Seconds Floor:
- 1 wifi department
- Lab room 2: 25 computers
- On the ground floor, I used 2 Switch to connect 12 staff lab computers, 1 wifi department, 3
network admin lab computers, 5 manager lab computers, 15 teacher lab computers and 3 printers.
VLAN 0 of ground floor includes 35 computers and 3 printers using the IP address: 192.168.1.0/26
and Subnet mask is 255.255.255.192.
- On the second floor, I used 2 Switch to connect 25 student lab computers, 1 wifi department
VLAN 2 of ground floor includes 35 computers and 3 printers using the IP address: 192.168.1.64/26
and Subnet mask is 255.255.255.192.
1.4.4 Router
➢ Ping from Teacher’s room to Network Manager’s room: Teacher 6 (192.168.1.40) to N_Man-
ager 2 (192.168.1.17).
➢ Ping from first floor to second floor: Student 25 (192.168.2.26) to Student 50 (192.168.3.26).
❖ Ping between the PC and the printer and check if the signal is connected to the printer or not.
➢ In Manager’s room: ping from Manager 5 (192.168.1.22) to Printer–Manager (192.168.1.7)
- Efficient management: Each floor is divided into three sub-networks, helping to manage and
monitor the network more efficiently. The separate layers can be managed independently but still
connect to each other through routers and switches.
- Cost savings: Using the same router and switch for each floor as well as using the same ip
address initially allocated and divided helps to reduce investment costs in network equipment.
- Easy to expand: When the network needs to be expanded, just add switches and devices to
the new floor without changing the overall network structure.
- Bandwidth division: Splitting the network into three subnets at each tier reduces competi-
tion and ensures higher network performance.
- Security: Dividing the network into three small networks helps isolate important data and
information of departments, reducing the risk of outside attacks.
2.2.2. Show limitation of your design based on the user requirement and the strength
- Point of Failure: If a common router or switch goes down, the entire network in the building
will be affected and cannot access the internet or network services.
- Bandwidth constraints: Dividing a network into three subnets can cause bandwidth con-
straints for each tier, especially when tiers have large demands on the internet or network resources
at the same time.
2.2.3. What advice and solution would you provide to the network for efficiency and usage.
- Upgrade network equipment: Invest in leading routers and switches that provide better se-
curity and maintenance to reduce risk of failure and improve network performance.
- Upgrade bandwidth: Consider expanding network bandwidth to meet increasing usage de-
mand, maybe consider 10Gbps or 40Gbps.
- Optimize network design: Review the current network structure and optimize network divi-
sion to ensure maximum performance and save resources.
- Enhanced security: Apply optimal security solutions such as powerful firewalls, data encryp-
tion, and advanced authentication to ensure the safety of network data and information.
- Improve professional knowledge: Ensure employees have enough knowledge and skills to
effectively manage and operate the network, thereby minimizing risks in network management.
- Build flexibility: Design your network so it's scalable and easy to change as needed. Adopt
flexible solutions to adapt to the changing and future expansion of the organization.
- Backup and restore data: Perform periodic backups to ensure that important data is not lost
in the event of a problem.
- Periodic maintenance: Perform periodic testing and evaluation of network performance and
effectiveness of deployed solutions, so that the network can be optimized and adjusted in the best
direction.
3. Install and configure network services and applications on your choice. (M3)
3.1. DHCP Server
3.1.1 DHCP Server definedation.
Define: is a server with the function of providing ip address and network configuration for
each device in the computer network, saving time and effort to set up the network.
- Function: Automatic allocation and management of IP addresses along with network configura-
tion allocation.
Step 2: select Desktop >> set static ip address for DNS server.
Step 4: Click the "Add" button to enter the information into the server.
Step 3: select Services >> select HTTP >> turn on >> select "edit" in the "index.html" section.
Step 6: select "Web Browser", then enter the address to visit and press "Go" and the content
of the web will appear.
- Define: Mail Server or Email Server is a server system that is individually configured for each busi-
ness to perform tasks such as sending and receiving email messages at high speed.
- To proceed with the Router-Wifi installation, I will first go to wifi >> GUI >> select Setup and
set the static ip address for it to be "192.168.1.3 / 255.255.255.0". Next I will proceed to set the
output ip address for Router-Wifi as "192.168.10.1," this IP address will be allocated automatically
when a certain wireless device connects and uses wifi.
- After I have successfully set the IP, I will press "Save Settings".
After I have successfully set the IP, I will press "Save Settings".
- After I have successfully set the Name and Password, I will press "Save Settings".
- Following the same steps as above, I will configure Router-Wifi Second floor with IP address
"192.168.2.27/ 255.255.255.0" and output IP address for wifi is "192.168.20.1".
- After I have successfully set the IP, I will press "Save Settings".
- After I have successfully set the Name and Password, I will press "Save Settings".
- Following the same steps as above, I will configure Router-Wifi Second floor with IP address
"192.168.2.27/ 255.255.255.0" and output IP address for wifi is "192.168.20.1".
- After I have successfully set the IP, I will press "Save Settings".
- After I have successfully set the Name and Password, I will press "Save Settings".
- Based on the advantage of tree topology, it can integrate other networks in the main network,
so I used star topology to connect between rooms and floors with the specific router here. are indi-
vidual switches for each floor. This helps to speed up access, improve data transmission perfor-
mance between devices, and when something goes wrong, it doesn't affect the entire network and
other devices can still operate normally.
- Because the large number of devices in the network diagram, setting a static IP becomes dif-
ficult and time consuming. So I implemented a DHCP (Dynamic Host Configuration Protocol) service
to automatically allocate IP addresses to devices. This makes IP setting easier and saves time.
- Here are some IP addresses that have been automatically allocated using the DHCP service
and the results when pinging between devices in each floor:
❖ Ground floor.
• Device 1: N_Manager 2.
Performed Student: Ngo Nguyen Nhat Linh 51
Figure 55 Device 1: N_Manager 2.
• Device 2: Manager 3.
• Device 4: Teacher 9.
❖ Second floor.
• Device 1: Student 11.
In the above overview network diagram, I have succeeded in combining the two topologies,
which are Tree topology and Star topology, to help optimize data transmission performance, and to
be flexible in terms of network scalability. later, while minimizing management and maintenance
issues and enhancing load distribution between floors and devices.
Also in the above diagram I have created a network diagram including: 7 Switches, 1 Router,
85 Computers, 3 Printers and 3 Servers. Specifically, I have designed the above diagram to include
3 separate floors to suit the needs of the customer. First, the ground floor includes 4 different small
rooms: Teacher's room, Staff room, Management room, Network management room using up 2
switches, 1 Wireless router, 3 Printers, 3 Servers, 35 Computers. The 1st floor includes 1 Student
In addition, the network system has been successfully designed and is working very well to
fully meet the needs of customers. The main router always ensures that data is transmitted quickly
and accurately to the switches and finally to devices such as computers for use in needs such as
surfing the web, doing calculations, printers. used in document printing and servers are always op-
erating at full capacity to provide services such as email, web services, data processing and storage.
- First, I will access the main switch to divide the entire network into three different networks
that are VLAN 10, VLAN 20 and VLAN 30 with the corresponding names for each network as "First -
floor" / "Second" - floor" / "Third - floor".
- To configure the main Router for the entire network, I will first access the Router's CLI and set
the IP addresses for the VLANs that have been divided on the Switch. The specific IP addresses I use
for the floors are " 192.168.1.0 / 255.255.255.0 - VLAN 10", "192.168.2.0 / 255.255.255.0 - VLAN
20", "192.168.3.0 / 255.255.255.0 - VLAN 30" ".
- Second, I will use the DHCP service to automatically allocate IPs for devices in the system be-
cause the number of network devices is too much if setting a static IP address for each device will
waste time and effort. power, except for devices that are required to have fixed IP addresses such
as: Server, printer, wifi department.
➢ Ground floor.
➢ First floor.
I was checked the DHCP for the first floor which I have been configured before. Click on the
Devices => Desktop => IP configuration => then click on DHCP. As the result, we have already suc-
cessful configured.
I was checked the DHCP for the second floor which I have been configured before. Click on the
Devices => Desktop => IP configuration => then click on DHCP. As the result, we have already suc-
cessful configured.
Now, I will check the connection between each device by pinging. The result was not beyond
my expectations because after implementing the DHCP service, I checked by sending mail to all de-
vices, so the loss rate is 0%. So my second case was tested successfully.
3.2.3 Test case 3: check send mail from computer from this room to another room.
The last step is to check the HTTP service (web service) by using computer Student 35 on the sec-
ond floor. This step is very easy to do, we just need to click on the PC => Desktop => type Web
browser => search for the website (webbtec.vn). As the result, it successfully response the require-
ment.
To check if I have successfully installed the router, I will follow these steps:
- First, I will add to the system 3 laptops for each floor and named respectively "Lap-
❖ In Ground-floor
- Step 1: I access the Laptop of the 1st floor >> go to the physical section >> turn off
- Step 3: Click Config >> Wireless0 >> enter information such as SSID (network name),
granted IP of Router-Wifi.
- Step 5: To check if the connection is successful or not, when you exit the network
diagram, you will see a transmission line showing the connection between the Laptop and
the Router-Wifi.
To be more sure, I will visit the Web page that I created from the beginning to check that the
machine is connected successfully or not.
Step 4: To check whether the connection is successful or not, when you exit the network
diagram, you will see a line showing the connection between the Laptop and the Router-Wifi.
To be more sure, I will visit the Web page that I created from the beginning to check if the
device has successfully connected or not.
On this floor I will follow the same steps as the above floor.
Step 1: I access the 3rd floor Laptop >> go to the physical section >> turn off the laptop >>
remove the default port of the laptop and add the "WPC300N" port to the laptop and turn on the
laptop.
Step 4: To check whether the connection is successful or not, when you exit the network
diagram, you will see a line showing the connection between the Laptop and the Router-Wifi.
- To be more sure, I will visit the Web page that I created from the beginning to check if the
device has successfully connected or not.
oder
The above network system has not mentioned more advanced security measures in the net-
work system. In addition to dividing the network into different VLANs, it only helps to ensure secu-
rity within the system, but cannot prevent hackers from finding out the system's vulnerabilities,
thereby infiltrating and stealing important data. That's why I would suggest using Access Control
Lists (ACLs) to control access between VLANs which can create security holes.
ACLs (Access Control Lists) are an important means of determining access rights between
different network zones. For example, you can configure the ACL to prevent access from the teach-
er's network to the administrator's network. This helps prevent potential risks from unauthorized
access to improve data security.
- The above network system does not refer to the implementation of important data backup
plans and troubleshooting plans. This can put your important data at risk and your ability to recover
from a crash will be affected when faced with unexpected circumstances such as virus attack, hacker
attack.
- First, define and implement a regular backup plan by creating a schedule that checks and
backs up daily, monthly, quarterly, and yearly for important data on the server, including your data.
data on DNS, Mail, and Web servers.
- In the above network system, the implementation of network monitoring and management
tools has not been mentioned to monitor the system's activities including performance, data traffic,
bandwidth and unexpected problems. can happen. The lack of monitoring tools can lead to the in-
ability to quickly detect and resolve network problems when there is a problem, leading to delays
in network operations and affecting work progress of the user.
- First you need to understand the network monitoring tool that helps monitor the activity of
network devices, connection status, resource usage and has the ability to detect problems early.
Currently, there are many monitoring tools that support monitoring network activities such as:
Wireshark, Nagios, Zabbix, PRTG Network Monitor, SolarWinds Network Performance Monitor,
Cacti, Splunk, Prometheus, Cisco Prime Infrastructure, ManageEngine OpManager .
- Second, you need to determine your needs and financial capabilities to find the most suitable
system. Network management tools help you easily perform management tasks such as updating
software, monitoring system changes, warning when there is a problem and statistics on system
performance, monitoring and analyze network packets, statistics and reports on the status of net-
work devices, generate graphs of network resources such as bandwidth, CPU, memory, monitor the
cloud computing environment and system dispersed. Remote management and automation are also
important aspects of effective network management.
4.4 Firewall.
- In the above network, it is not mentioned that the implementation of a firewall (Firewall) to
protect the system from attacks from hackers. This can cause security holes and the possibility of
malicious applications attacking the system, reducing system performance even if it only delays the
entire network.
- Firewalls are an additional layer of protection to control and inspect network traffic based on
the content and applications that traffic is using. This helps prevent attacks from malicious applica-
tions or invalid authentication.
- Currently, there are many types of firewalls created to suit the needs of different individuals
such as: Host-based Firewall, Application Layer Firewall, Stateful Firewall, Packet Filtering Firewall.
- Malicious applications, malicious code often take advantage of vulnerabilities in the application
to attack the system. Application firewalls help prevent or mitigate this risk by inspecting and block-
ing unusual network traffic patterns.
- Deploying a firewall improves network security by preventing and detecting attacks from mali-
cious applications, minimizing the risk of security holes, and ensuring data integrity.
- The above network system has not mentioned the management and monitoring of the use
of bandwidth and network resources. This can lead to uncontrolled resource usage, waste resources
for unnecessary purposes, increase costs incurred, and can reduce performance and connection
problems.
- First we need to understand network resource management is the process of monitoring, con-
trolling and optimizing the use of network resources such as bandwidth, data transfer speed and
server resources.
- By implementing network monitoring tools like I mentioned in the third part such as: Wireshark,
Nagios, Zabbix, PRTG Network Monitor, SolarWinds Network Performance Monitor, Cacti, Splunk,
Prometheus, Cisco Prime Infrastructure, ManageEngine OpManager, you can monitor the usage of
network resources, including bandwidth, data transfer rate and server resources. This helps you
predict and detect overloads before it affects performance.
- Applying network resource management can help control and prioritize resource usage, thereby
ensuring that the network is efficient, high-performance, and responsive to user needs.
- In the above network, there is no mention of policy enforcement and access control to man-
age user access to network resources. This can lead to uncontrolled access and can pose security
and intrusion risks.
- Use authentication and authorization mechanisms to ensure that users only have access to
the resources they need to work. A typical way is to implement LDAP (Lightweight Directory Access
Protocol) to manage user and group lists. LDAP (Lightweight Directory Access Protocol) is a standard
protocol used to access and manage information in directory services.
• Authentication: LDAP allows user authentication based on username and password. When a
user tries to access the system, their credentials are sent to the LDAP server for authenticity check-
ing. If the credentials are correct, they are granted the right to access and use the service according
to the permissions granted by the system.
• Authorization: After authentication, LDAP provides a mechanism to manage user access
rights. By setting permission rules in the LDAP system, you can determine which users or groups of
- By applying policies and access control will prevent unauthorized access, protect user infor-
mation and reduce the risk of being hacked into the system. This also helps ensure the security of
critical data and network resources
- In the above network, there is no mention of implementing IP address and network security.
This can lead to the risk of exposing important information and network attacks from outside.
- Where VPN is a type of network that simulates a private network on a public internet connec-
tion. It establishes a secure connection by hiding your IP address and encrypting your internet traffic
thereby increasing the security of your ip address against hacker attacks. A VPN connection can also
grant you access to geo-restricted content.
- NAT (Network Address Translation) is a technique that allows one or more intra-domain IP
addresses to be converted to one or more out-of-domain IP addresses.
- Finally, make sure to maintain regular updates for network devices and routers to ensure
that new security holes are patched as soon as they are discovered.
- In the above network, it is not mentioned that the implementation of the plan to over-
come the consequences of the incident. This may result in the inability to quickly and efficiently
restore the network after a failure.
First, a disaster recovery plan is critical to ensuring network availability and reliability.
Common types of incidents that can occur should be identified (e.g. outages, hardware failures,
network attacks) and a plan developed to restore the network after each type of failure.
- Second, define methods and procedures for recovering data and network services after an
incident. This may include backing up your data regularly and planning to restore from those back-
ups.
Throughout the course, Teacher Nguyen Bao Quoc's meticulous attention to detail and abil-
ity to present complex concepts in an engaging manner has truly made a signifi-cant difference in
my learning journey. Every lesson was an immersive experience, where I eagerly absorbed each
piece of information, expanding my intellectual horizons and opening up new possibilities for per-
sonal and professional growth.
In conclusion, I would like to express my sincere gratitude to Mr. Nguyen Bao Quoc for his
dedication, creative communication, and profound influence on our learning jour-ney. His detailed
and interesting way of teaching ignited our passion and opened up a new world of potential. We
are grateful for his guidance and are committed to continuing to discover, apply, and refine the
knowledge we have learned to become trusted networking experts in the future.
The first part of Chapter 3 is to understand the difference between logical and physical de-
sign. Logical design focuses on addressing and network structure, choosing network protocols, and
defining IP addressing plans. Meanwhile, physical design deals with the selection of network equip-
ment and physical structure, including cabling and cooling requirements. Next, understanding user
requirements is important to ensure the network meets their needs. Collecting information about
the organization's goals, user expectations, and the nature of the applications that will run on the
network ensures that the network is tuned to provide optimal performance, security, and accessi-
bility. We then provide the logical design of the network, including the network topology, network
protocols, IP address plans, and services such as DHCP, DNS, and web servers. This design is intended
to create an efficient and easy-to-manage network.
Second, in Chapter 4, the network will be deployed and comprehensively tested to evaluate
whether the design meets the stated requirements. The assessment includes connectivity tests such
as ping tests, performance analysis, and security assessments to identify potential limitations and
improvements. Finally, we suggest potential improvements to the network, including hardware up-
grades, security measures, and network protocol optimization. The result is a robust and reliable
network that efficiently serves the organization and its users.
1. https://docs.oracle.com/cd/A81042_01/DOC/server.816/a76994/logical.htm#
2. https://docs.oracle.com/cd/A81042_01/DOC/server.816/a76994/logical.htm#
3. https://graphicalnetworks.com/blog-physical-network-diagrams-explained/#
4. https://docs.oracle.com/database/121/TDPDW/tdpdw_logdes.htm#TDPDW343
5. https://eu-images.contentstack.com/v3/as-
sets/blt66983808af36a8ef/blt0d5ea400a80f510a/646288579c575d0d1eb56fb4/ddos-Golden_Si-
korka-AdobeStock.jpg
6. https://2.bp.blogspot.com/-K1Cz0BbBGQg/WL2_FmQl_6I/AAAAAAAAAP8/17hAh-
fsT8yg3QVY7DfKgVz0bTqrHUX_AgCLcB/s1600/Backup-and-Restore.png
7. https://pbs.twimg.com/media/Cx8Sk_MUsAA1GPj.jpg
8. https://eclipsys.ca/wp-content/uploads/2021/10/Oracle-Audit-Vault-20.4-Part-2-Installation.jpeg
9. https://i.pinimg.com/originals/f8/5f/82/f85f82a4111ecc92d1b73dc5a5b22426.jpg
10. https://enrouteeditor.com/wp-content/uploads/2021/06/CISM-easier-than-Cissp.jpg
11. https://codegeekz.com/wp-content/uploads/secure-IP-Address-735x413.jpeg
12. https://www.network-packet.com/photo/pl26448217-
acl_access_control_list_functionality_in_npb_dynamic_packet_filter.jpg