تفاصيل العمل

Project Overview:

This project involved the complete design, configuration, and deployment of a scalable enterprise network topology integrating multiple switches, routers, VLANs, routing protocols, and security features. The implementation focused on establishing efficient network segmentation, secure remote access, dynamic IP distribution, and access control using advanced Cisco configurations.

Project Phases:

1. Network Topology and Initial Configuration

Designed and implemented a multi-layer network topology consisting of multiple switches (S1, S2, S3, etc.) and routers.

Configured basic device settings, including:

Assigning hostnames to switches and routers based on naming conventions (e.g., S1 → first name, S2 → second name).

Configuring the domain name as ITI.com.

Setting line passwords derived from the first three letters of each name and encrypting all passwords.

Creating a local user account using the third name as the username and 123 as the password.

Enabling SSH access (VTY lines) with default key length for secure remote login.

2. VLAN Creation and Spanning Tree Configuration

Created and assigned VLANs across switches for logical segmentation:

SW1: VLANs 10, 20, and 30

VLAN 10 → Interfaces f0/1–f0/3

VLAN 20 → Interfaces f0/4–f0/6

VLAN 30 → Interface g0/1

SW2: VLANs 40, 50, and 60

VLAN 40 → Interfaces f0/1–f0/3

VLAN 50 → Interfaces f0/4–f0/6

VLAN 60 → Interface g0/1

Implemented Rapid Spanning Tree Protocol (RSTP) across all switches to enhance convergence and prevent loops.

3. DHCP Configuration

Configured DHCP services on the router to automatically assign IP addresses to all end devices, including subnet mask, default gateway, and DNS server (192.168.7.10).

Each VLAN was assigned a dedicated Class C (/24) subnet:

VLAN 10 → 192.168.x.0/24 (Gateway: 192.168.x.1)

VLAN 20 → 192.168.x+1.0/24 (Gateway: 192.168.x+1.1)

VLAN 30 → 192.168.x+2.0/24

VLAN 40 → 192.168.x+3.0/24

VLAN 50 → 192.168.x+4.0/24

VLAN 60 → 192.168.x+5.0/24

Additional networks:

SW3 (DHCP extended)

SW4 → 10.10.50.0/24 (Gateway: 10.10.50.1)

4. Routing and Network Services

Deployed a dynamic routing protocol (EIGRP) across three routers for efficient route distribution and redundancy.

Configured serial interfaces between two routers to establish a default route for inter-network communication.

Integrated a RADIUS server for centralized authentication, ensuring secure user access and identity management.

5. Access Control and Security

Implemented Access Control Lists (ACLs) to enforce network security policies:

Denied host 192.168.x.2 from accessing DNS services.

Blocked network 192.168.x+2.0/24 from accessing the web server.

Deployed a Mail Server and restricted VLAN 10 from using mail-related protocols.

Applied encryption and SSH-based management for secure device administration.

Key Skills & Technologies Used:

Cisco IOS Configuration (Routers & Switches)

VLANs, STP (Rapid PVST+), and Trunking

EIGRP Dynamic Routing

DHCP, DNS, SSH, and RADIUS Authentication

Access Control Lists (ACLs)

Network Security and Segmentation

ملفات مرفقة

بطاقة العمل

اسم المستقل
عدد الإعجابات
0
تاريخ الإضافة