21bce7306 Assignment11

Computer-Networks – LAB
CSE3003
ASSIGNMENT-11
Priyansh Sachidanand Singh
21BCE7306
Date: - 10-08-2023
Prof. :- Y Mohamed Sirajudeen(L43+L44)
Configuring networks in CPT
Q) A small hospital requires a network infrastructure that
supports critical healthcare systems and provides secure
access to patient records. Design and configure a network
using Cisco switches, routers, and a firewall to ensuredata
confidentiality, integrity, and availability. Implement VLANs,
access control lists, and a DMZ for hosting public-facing
services.
=>
In this project, the goal is to design and configure a secure
network infrastructure tailored to the needs of a small
hospital. The project encompasses the use of Cisco switches,
routers, and a firewall to create a network that supports
critical healthcare systems while ensuring the confidentiality,
integrity, and availability of patient records. The network
design involves the implementation of VLANs, access control
lists (ACLs), and a Demilitarized Zone (DMZ) for public-facing
services.
The project's focus is on achieving data security and
operational efficiency. VLANs are used to segregate network
traffic, ensuring different departments operate within their
own secure segments. ACLs are implemented to control
access and permit only essential services to critical devices,
preventing unauthorized access and potential threats. The
DMZ provides a secure environment for hosting public
services while isolating them from internal systems.
This project aims to strike a balance between data security
and seamless communication. The network design supports
healthcare professionals in their daily tasks, while the
security measures implemented safeguard sensitive patient
data. The meticulous integration of networking components
and security features demonstrates the hospital's
commitment to delivering quality healthcare services while
upholding the highest standards of data protection.
The proposed network design is not only technologically
advanced but also aligned with industry best practices. By the
project's conclusion, a comprehensive network infrastructure
will have been established, reflecting the hospital's
dedication to providing top-tier healthcare services in a
secure digital environment.
Setup:-
Network Topology: Our network design comprises multiple
interconnected components, each serving a specific purpose
while maintaining data security.
It contains Doctors office , Reception Area, Ward Area, Guest
user Area,Main area.
Doctor's Office:
Switch: Connected to the Server, Laptop, PC, and Access
Point (PT AC) for Wi-Fi.
Access Point (PT AC): Provides Wi-Fi access to devices in the
Doctor's office.
Outside the Doctor's Office:
Access Point (PT AC): Connected to 3 guest users'
smartphones and tablets.
Main Reception Area:
Reception Area Switch: Connected to a printer, billing
counter, enquiry desk, and entrance in Area 1.
Printer, Billing Counter, Enquiry Desk: Devices in the
Reception area.
Ward Area:
General Ward Switch: Connected to PCs "Ward1 pc," "ward2
pc," test room PC, and lab report PC in Area 2.
Private Ward Switch: Connected to PC "ward 3," test room 1
PC, vaccination room PC, and lab report room PC in Area 2.
Interconnections:
Doctor's Office Switch is connected to the "Main Server
Router."
Reception Area Switch is connected to the "Reception Area
Router."
General Ward and Private Ward Switches are connected to
the "Ward Area Router."
All three routers (Main Server Router, Reception Area
Router, and Ward Area Router) are interconnected.
Basic Configurations:
-Dr. Office Configuration
Switch Configuration:
Access the switch's configuration mode:
Switch> enable
Switch# configure terminal
Create VLAN for the Doctor's Office:

Switch(config)# vlan
Switch(config-vlan)# name Doctor_Office
Switch(config-vlan)# exit
Assign ports to VLAN :

Switch(config)# interface range fastEthernet0/1 - 3
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan
Switch(config-if-range)# exit
Router Configuration:
Access the router's configuration mode:
Router> enable
Router# configure terminal
Configure the interface connected to the Doctor's Office

VLAN:
Router(config)# interface FastEthernet0/0
Router(config-if)# ip address 40.1.1.1 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit
Create an access control list (ACL) for the Doctor's Office
VLAN:
Router(config)# access-list 100 permit ip 40.1.1.0 0.0.0.255 any
Router(config)# access-list 100 deny ip any any
Router(config)# exit
Apply the ACL to the interface connected to the Doctor's

Office VLAN:
Router(config-if)# ip access-group 100 in
Server Configuration:
Access the Server's configuration mode:
Server> enable
Server# configure terminal
Configure the Server's IP address and subnet mask:

Server(config)# interface FastEthernet0
Server(config-if)# ip address 40.1.1.2 255.255.255.0
Server(config-if)# no shutdown
Server(config-if)# exit
Exit configuration mode:

Server(config)# exit
Laptop Configuration:
Access the Laptop's configuration mode:
Laptop> enable
Laptop# configure terminal
Configure the Laptop's IP address and subnet mask:

Laptop(config)# interface FastEthernet0
Laptop(config-if)# ip address 40.1.1.3 255.255.255.0
Laptop(config-if)# no shutdown
Laptop(config-if)# exit

Laptop(config)# exit
PC Configuration:
Access the PC's configuration mode:
PC> enable
PC# configure terminal
Configure the PC's IP address and subnet mask:

PC(config)# interface FastEthernet0
PC(config-if)# ip address 40.1.1.4 255.255.255.0
PC(config-if)# no shutdown
PC(config-if)# exit

PC(config)# exit
Access Point Configuration:

Access the Access Point's configuration mode:
AccessPoint> enable
AccessPoint# configure terminal
Configure the Access Point's IP address and subnet mask:

AccessPoint(config)# interface FastEthernet0
AccessPoint(config-if)# ip address 40.1.1.5 255.255.255.0
AccessPoint(config-if)# no shutdown
AccessPoint(config-if)# exit

AccessPoint(config)# exit
Reception Area Configuration-

Switch> enable
Create VLAN for the Main Reception Area:

Switch(config-vlan)# name Main_Reception_Area

Switch(config)#interfacerangefastEthernet0/10-12
Switch(config-if-range)#switchportmodeaccess
Switch(config-if-range)#switchportaccessvlan
Router> enable
Configure the interface connected to the Main Reception

Area VLAN:
Router(config)#interface-FastEthernet0/1
Router(config-if)# ip address 40.1.2.1 255.255.255.0
Create an access control list (ACL) for the Main Reception

Area VLAN:
Router(config)# access-list 110 permit ip 40.1.2.0 0.0.0.255
any
Router(config)# access-list 110 deny ip any any
Apply the ACL to the interface connected to the Main

Reception Area VLAN:
Router(config-if)# ip access-group 110 in
Printer Configuration:
Access the Printer's configuration mode:
Printer> enable
Printer# configure terminal
Configure the Printer's IP address and subnet mask:

Printer(config)# interface FastEthernet0
Printer(config-if)# ip address 40.1.2.2 255.255.255.0
Printer(config-if)# no shutdown
Printer(config-if)# exit

Printer(config)# exit
Billing Counter Configuration:

Access the Billing Counter's configuration mode:
BillingCounter> enable
BillingCounter# configure terminal
Configure the Billing Counter's IP address and subnet mask:

BillingCounter(config)# interface FastEthernet0
BillingCounter(config-if)# ip address 40.1.2.3 255.255.255.0
BillingCounter(config-if)# no shutdown
BillingCounter(config-if)# exit

BillingCounter(config)# exit
Enquiry Desk Configuration:
Access the Enquiry Desk's configuration mode:
EnquiryDesk> enable
EnquiryDesk# configure terminal
Configure the Enquiry Desk's IP address and subnet mask:

Enquiry Desk(config)# interface FastEthernet0
EnquiryDesk(config-if)# Ip address 40.1.2.4 255.255.255.0
EnquiryDesk(config-if)# no shutdown
EnquiryDesk(config-if)# exit

Enquiry Desk(config)# exit
General Ward Area Configuration

Switch> enable
Create VLAN for the General Ward Area:

Switch(config-vlan)# name Ward_General
Switch(config-if-range)# switchport access vlan 50
Router> enable
Configure the interface connected to the General Ward

Area VLAN:
Router(config-if)# Ip address 40.1.3.1 255.255.255.0
Create an access control list (ACL) for the General Ward

Area VLAN:
Router(config)# access-list 120 permit Ip 40.1.3.0 0.0.0.255
any
Router(config)# access-list 120 deny Ip any any
Apply the ACL to the interface connected to the General

Ward Area VLAN:
Router(config-if)# Ip access-group 120 in
Private Ward Area Configuration

Switch> enable
Create VLAN for the Private Ward Area:

Switch(config-vlan)# name Ward_Private

Switch(config-if-range)# switchport access vlan 60
Router> enable
Configure the interface connected to the Private Ward Area
VLAN:
Router(config-if)# Ip address 40.1.4.1 255.255.255.0
Create an access control list (ACL) for the Private Ward Area
VLAN:
Router(config)# access-list 130 permit Ip 40.1.4.0 0.0.0.255
any
Router(config)# access-list 130 deny Ip any any
Apply the ACL to the interface connected to the Private

Ward Area VLAN:
Router(config-if)# Ip access-group 130 in
DMZ Configuration
The DMZ setup for public-facing services can be extended to
include devices in the Main Reception Area or the Ward Area,
depending on the specific services that need to be exposed
to the public.
Access each switch's configuration mode:
Create a VLAN for the DMZ and assign a name:

Switch(config-vlan)# name DMZ
Assign switch ports to the DMZ VLAN:

Switch(config-if-range)# switchport access vlan
Similarly if needed repeat above steps for other devices and

areas if needed.
Network Setup Summary and Conclusion

In this network setup, we have designed and configured a
comprehensive healthcare facility network using Cisco Packet
Tracer. The network is segmented into several areas,
including the Doctor's Office, Main Reception Area, General
Ward, and Private Ward. Each area is designed to provide
secure and efficient communication while maintaining data
confidentiality, integrity, and availability. The network design
incorporates VLANs, access control lists (ACLs), and a
Demilitarized Zone (DMZ) for hosting public-facing services.
Let's summarize the key points of the network and conclude
its significance.
Network Summary:
1. Doctor's Office:
- Devices: Server, Laptop, PC, Access Point
- VLAN: VLAN 10
- Subnet: 40.1.1.0/24
2. Main Reception Area:

- Devices: Printer, Billing Counter, Enquiry Desk
- VLAN: VLAN 40
- Subnet: 40.1.2.0/24
3. General Ward:
- Devices: "W1 pc," "w2 pc," Test Room PC, Lab Report PC
- VLAN: VLAN 50
- Subnet: 40.1.3.0/24
4. Private Ward:
- Devices: "ward 3" PC, Test Room1 PC, Vaccination Room
PC, Lab Report Room PC
- VLAN: VLAN 60
- Subnet: 40.1.4.0/24
5. Interconnections:
- Routers connect different areas, facilitating communication
using static routes.
6. Security Measures:
- ACLs on routers control traffic flow between VLANs,
enhancing security.
- DMZ setup isolates public-facing services (e.g., a web
server) from internal network devices.
Network Conclusion:
The healthcare facility network's design prioritizes both
functionality and security. The careful segmentation of areas
into VLANs ensures efficient communication while
maintaining isolation and reducing the attack surface. The
implementation of access control lists (ACLs) adds an
additional layer of security by regulating traffic between
areas. The Demilitarized Zone (DMZ) effectively isolates
public-facing services, such as the web server, safeguarding
internal resources from potential threats originating from the
public internet.
This network design reflects best practices for network
security and segregation, particularly within sensitive
environments such as healthcare facilities. It provides
healthcare professionals with the tools needed for efficient
patient care while safeguarding patient data and critical
infrastructure.
As with any network design, it's essential to continuously
monitor and update security measures to adapt to evolving
threats and technological advancements. By implementing
these strategies, the healthcare facility can maintain a
secure, efficient, and responsive network environment that
meets the needs of patients and medical staff alike.

21bce7306 Assignment11

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

21bce7306 Assignment11

Uploaded by

Copyright:

Available Formats

Computer-Networks – LAB

Create VLAN for the Doctor's Office:

Assign ports to VLAN :

Configure the interface connected to the Doctor's Office

Apply the ACL to the interface connected to the Doctor's

Configure the Server's IP address and subnet mask:

Exit configuration mode:

Configure the Laptop's IP address and subnet mask:

Exit configuration mode:

Configure the PC's IP address and subnet mask:

Exit configuration mode:

Access Point Configuration:

Configure the Access Point's IP address and subnet mask:

Exit configuration mode:

Reception Area Configuration-

Create VLAN for the Main Reception Area:

Assign ports to VLAN :

Configure the interface connected to the Main Reception

Create an access control list (ACL) for the Main Reception

Apply the ACL to the interface connected to the Main

Configure the Printer's IP address and subnet mask:

Exit configuration mode:

Billing Counter Configuration:

Configure the Billing Counter's IP address and subnet mask:

Exit configuration mode:

Configure the Enquiry Desk's IP address and subnet mask:

Exit configuration mode:

General Ward Area Configuration

Create VLAN for the General Ward Area:

Configure the interface connected to the General Ward

Create an access control list (ACL) for the General Ward

Apply the ACL to the interface connected to the General

Private Ward Area Configuration

Create VLAN for the Private Ward Area:

Assign ports to VLAN :

Apply the ACL to the interface connected to the Private

Create a VLAN for the DMZ and assign a name:

Assign switch ports to the DMZ VLAN:

Similarly if needed repeat above steps for other devices and

Network Setup Summary and Conclusion

2. Main Reception Area:

You might also like