ROUTING AND SWITCHING

TECHNOLOGIES
(ITT532)
ENTERPRISE NETWORK IMPLEMENTATION

PREPARED BY:

ISA ALI IMRAN BIN MOHD ZAIN (2018263902)

NUR FATIHAH BINTI ABDUL RAZAK (2019361729)

NURHASIFAH BINTI ABU HASSAN (2018414314)

CLASS:
M3CS2454A

PROGRAM:
CS245
BACHELOR OF COMPUTER SCIENCE (HONS.) DATA COMMUNICATION AND
NETWORKING

LECTURER’S NAME: NOR ADORA BINTI ENDUT

SUBMISSION DATE: 22 MAY 2020

1
Contents
Introduction..........................................................................................................................................3
Weaknesses........................................................................................................................................4
3. a) Failure of the core switch will not affect the whole system...................................................6
3. b) Utilize VLAN in securing the LAN and enhance the security measure using switch
security.................................................................................................................................................7
3. c) Introduction of 2nd core router...................................................................................................8
3. d) Introduction of wireless devices to the network.....................................................................9
4. Improvement on design...............................................................................................................10
Conclusion.........................................................................................................................................13
References........................................................................................................................................14

2
Introduction
Kolej Neosantara facing problems with the network design because the college’s
campus architecture was hurriedly and poorly designed and implemented. This happened
due to unforeseen budget cuts and unprecedented pandemic threat. Subnetting is used in
the network and no security features. Current system cannot support scalability for future
expansions. A network design should build using hierarchical network model to reduce
problems and manageable (Cisco, 2014). Second, modularity should be implemented in
network design. Separating the functions on network into modules will make the network
easy to design (Cisco, 2014). Third, resiliency is to make sure the network remains available
during normal and abnormal conditions (Cisco, 2014). Lastly, the flexibility to modify the
portions of network, add new services or increase capacity without replacing major upgrade
(Cisco, 2014). In this problem, three-tier hierarchical design will be used to get a better
network architecture. Security will be implemented into the network design to protect the
network. Many aspects that must be considered in designing network architecture by
analysis of weakness and how to improve it.

3
Weaknesses
From the original network design, there are several weaknesses that can be spotted.
1) Single point failure

 The original network design has a potential risk in which one fault or malfunction
causes an entire system to stop operating.
 Single point failure will compromise the availability of workloads or the whole data
center based on the location and interdependencies of the failure concerned.

2) No security features

 Lack of data information protection.

 Easy to be accessed by outsider and insider.
 Security features must be implied as a defence from any possible threat or attack to
ensure that all information can be secured.
 VLAN should be implemented to avoid data being access from different department.
 With physical access to port, it is susceptible to mac flooding to occur.

3) No load balancing

 Load balancing is to spread a large number of requests to different servers, to lessen

the pressure of a single server.
 Load-balancing technology may balance different variables such as expense,
efficiency and scalability by offering a reasonably low overall cost of the device
cluster to achieve high output that cannot be accomplished by a stand-alone system.
 Load balancing can prevent any single server from getting overloaded and the
possibility of breaking down.
 Load balancing also can improve service availability and helps prevent downtimes.

4) No scalability for future expansion

 The network design is not scalable meaning that it cannot adapt to any changes in
the future without disrupting the network.

4
  Connections are limited to the number of physical ports in the network because there
is no wireless access point.

5) Performance drawback or disadvantages

 With only one core switch doing all the work, workload is not balanced to different
devices and the bandwidth is limited.

 Without separating the core and distribution workload, it would make the core switch
execute CPU-intensive packet manipulation that would take valuable resources.

5
3. a) Failure of the core switch will not affect the
whole system.
To make the failure of the core switch will not affect the whole system on Kolej
Neosantara should implement redundancy. Redundant links will be implemented in between
access layer and core layer devices. Redundancy is used to improve reliability of network by
adding some complexity. This is so important on network design to prevent disruption of
network services by minimizing the possible of failure. Redundant offer alternate physical
paths for data to transverse the network (Cisco, 2014). Alternate physical paths for data to
traverse the network can make sure the user will be able to access network resources even
there is path disruption. With redundancy on network design, loops and duplicate frames
occurs. To cater the problem, Spanning Tree Protocol (STP) was introduced. STP used to
make sure there is only one logical path between all destinations on the network (Teachweb,
n.d.). STP will block redundant paths that can cause loop. Blocked port will prevent user
data to enter or leaving the port. Physical paths that had been disabled are still exists
because is the paths is needed for a network cable or switch failed, STP will recalculates the
path and unblocks the necessary ports to allow redundant path to become active. With this
method, Kolej Noesantara’s network will make sure that the failure on the core switch will not
affect the whole system. Adding a vlan configuration and trunking capabilities would also
increases the reliability of the network design (refer figure 2).

Figure 1

6
3. b) Utilize VLAN in securing the LAN and
enhance the security measure using switch
security
There are many types of switching security can be implemented in the design such
as:

 Spanning Tree Protocol (STP) Security:

Bridge Protocol Data Unit (BPDU) Guard
- BPDU are data messages exchanged between bridges using STP to detect loops
in network topology and it contains management and control data information to
determine the root bridge and establish the port roles.

Root Guard

- To protect the STP topology while allowing participation in STP if the system
does not attempt to become the root. The port will recover automatically after it
quits receiving the superior BPDUs that would make it the root if the Root Guard
activated.
 DHCP Snooping: It will be installed into the switch that connects client to the DHCP
servers. This protocol will check all the DHCP information that pass through the
switch and only packages that coming from trusted servers can be sent to clients.
DHCP can prevent the invalid DHCP addresses from rogue DHCP server.
 Dynamic ARP Inspection (DAI): It will reject any invalid and malicious ARP packets. It
helps on preventing man-in-the-middle attacks. If DAI is enabled, then switch will
drop ARP packet if the sender MAC address and IP address do not match an entry in
the DHCP snooping bindings database.
 Subnetting: Easier to control the flow of traffic using ACLs, QoS or route-maps.
Subnetting also can identify any threats toward the network, close points of entry and
target your responses more easily. In this network design, wireless AP used to
provide to ensure the valuable information not easily access in remote locations
because of the limit access

7
3. c) Introduction of 2nd core router

Figure 2

 Adding another router allows for communication between different departments via
inter-VLAN routing.
 The introduction in the core layer would allow for the establishment of redundant links
so that there won’t be any single link failure.
 This also allows for the configuration of EtherChannel. This would increase the
bandwidth between routers.
 By using the ether channel, it allows for load balancing since traffic will be directed
across 2 links instead of one.
 In case of a failure in one of the physical links on the ether channel, the ether
channel will still work with the remaining links.
 Our networks need redundancy to protect the network in case a point fails, however,
when redundancy is implemented, the likelihood of layer 2 loops increases. The
spanning tree protocol is a solution to the problem of loops in a switched network.
 The Spanning Tree Protocol works by blocking alternative paths to a network and
only allowing one path to be used. When the main path is disabled, STP reactivates
the redundant paths and traffic continues to flow.

8
3. d) Introduction of wireless devices to the network

Figure 3

 Each of the four buildings will be added a wireless access point allowing users to
connect using computers, laptop, tablets and smart phones.
 With a wireless infrastructure in place, there can be a cost savings any time
equipment changes, or when relocating an employee within a building.
 A wireless infrastructure can adapt to rapidly changing needs and technologies.
 A wireless can be secure via SSID cloaking and MAC address filtering.
 Wireless routers allow the SSID beacon frame to be disabled thus wireless clients
must manually configure the SSID to connect to the network, hence increasing its
security.
 MAC Address filtering is when an administrator can manually permit or deny clients
wireless access based on their physical MAC hardware address.
 Wireless data can be encrypted via multiple encryption method such as WPA/WPA2.
 Implementing wireless infrastructure would negate the disadvantages of having an
open physical port access such as limited port number and security risks.
 By configuring QoS, you can guarantee that certain traffic types, such as voice and
video, are prioritized over traffic that is not as time-sensitive, such as email and web
browsing. On some wireless routers, traffic can also be prioritized on specific ports.

9
4. Improvement on design
There are many improvements can be made to the system if followed by the
recommended design. Few of them are:

 Security
o Enabling port security will prevent an attacker from overflowing the
CAM table on the switch, which could cause the switch to flood traffic
out all ports within a VLAN
o Adding wireless devices would limit access to physical port thus
increasing the security factor to the network.
o The usage of Access Control List will filter out unwanted access to the
network.
o DHCP snooping will prevent client attack on switch and server
o Dynamic ARP Inspection adds security to ARP using DHCP snooping
table
o IP source guard adds security to IP source address using DHCP
snooping table.
o The implementation of Server-based AAA authentication would enable
administrator to see the server log. The log contains numerous data
fields, including the username, the date and time, and the actual
command that was entered by the user. This information is useful
when troubleshooting devices. It also provides evidence for when
individuals perform malicious acts.
o MAC Address filtering is when an administrator can manually permit or
deny clients wireless access based on their physical MAC hardware
address.
o Wireless routers allow the SSID beacon frame to be disabled thus
wireless clients must manually configure the SSID to connect to the
network, hence increasing its security.
o VLAN implementation would also segregate different departments’
data flow according to their own vlans thus increasing security for their
data.

10
 Reliability
o Having more than one core switches and router has the added benefit
of redundancy to the system and a higher rate of fault tolerance.
o The use of redundant links and reliable enterprise-class equipment
minimizes the chance of disruption in a network.
o Smaller failure domains reduce the impact of a failure on company
productivity. They also simplify the troubleshooting process, thereby
shortening the downtime for all users.
o The modularity of the topology allows for the network to be reliable in
case of an incident by able to remove a device without affecting the
network performance.

 Performance
o Instead of having the core switches do all the work, the workload is
balanced to different devices causing the devices to work on more
processes.
o EtherChannel is enabled for core routers to provide high-speed
switching for the distribution switches for the added benefits of fast
transport of data and higher bandwidth.
o Separating core and distribution device would make the core devices
avoid CPU-intensive packet manipulation caused by security
inspection quality of service and other processes resulting in a better
performing network.
o The use of Layer 3 devices to filter and reduce traffic to the network
core.
o Deploying link aggregation will increase the amount of bandwidth
between devices by creating one logical link made up of several
physical links.
o By configuring QoS, you can guarantee that certain traffic types, such
as voice and video, are prioritized over traffic that is not as time-
sensitive, such as email and web browsing. On some wireless routers,
traffic can also be prioritized on specific ports.

11
 Scalability
o Core routers can be upgraded to a faster equipment.
o Careful address planning eliminates the need to re-address the
network to support additional users and services.
o The implementation of wireless connectivity to allow for mobility and
expansion.
o The implementation of STP and multiple network path to each layer
allows for upgrades in the future without disrupting the network.

12
 Figure 4

The improvements made in Kolej Neosantara based on figure 4 are as below:

 The implementation of a 3-layer network which consists of core layer, distribution

layer and access layer.
 Addition of an extra core switch with redundant links to distribute workload and
improvement of reliability and scalability.
 The core layer also acts as a highspeed backbone design to switch packets as
quickly as possible.
 The addition of multiple redundant links to multiple switches to increase reliability and
implementation of STP to avoid layer 2 loops.
 Addition of 2 distribution switch to provide routing, filtering and to determine how
packets access the core.
 The configuration of VLAN in the network to segregate the department and increases
the security of the network.
 The addition of the extra core switch also allows for inter-vlan routing in the network.
 The establishment of wireless AP for each building.

13
Conclusion
To help Kolej Neosantara to overcome the network design problems, there are many
alternatives that can be implemented. Firstly, to make sure the failure of the core switch will
not affect the whole system is using redundancy to minimize the possible of failure and to
cater the problems of looping and duplicate frame, Spanning Tree Protocol (STP) will be
used. Second, the protection used to secure the data information are Spanning Tree
Protocol (STP) Security, DHCP Snooping, Dynamic ARP Inspection (DAI) and subnetting.
Third, introducing a router so that users in different departments can communicate with each
other via inter-VLAN routing and configuring EtherChannel to increase the bandwidth
between routers. Forth, add wireless access point to allow users to connect using
computers, laptop, tablet and smartphone. So, the network design has many improvements
on security, reliability, performance and scalability.

14
References
Bhaiji, Y. (2008, July 4). Security Features On Switches. Retrieved from Cisco:
https://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=5

Cisco. (2013, October 31). Enterprise Campus. Retrieved from Cisco:

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg/
chap5.html

Cisco. (2014, May 9). Retrieved from https://www.ciscopress.com/articles/article.asp?

p=2202410&seqNum=4

Cisco. (2014, April 17). Retrieved from https://www.ciscopress.com/articles/article.asp?

p=2189637&seqNum=4

Etherchannel. (n.d.). Retrieved from CCNA Blog: https://www.ccnablog.com/ether-channel/

Howard. (2019, October 7). What Is DHCP Snooping and How It Works? Retrieved from FS:
https://community.fs.com/blog/what-is-dhcp-snooping-and-how-it-works.html

Inter-VLAN Routing. (n.d.). Retrieved from CCNA Blog: https://www.ccnablog.com/inter-vlan-

routing/

Netgear. (2016, November 28). What is Dynamic ARP inspection (DAI) and how does it work with my
managed switch? Retrieved from NETGEAR: https://kb.netgear.com/21808/What-is-
Dynamic-ARP-inspection-DAI-and-how-does-it-work-with-my-managed-switch

Nuggets, C. (2017, January 31). 5 Subnetting Benefits. Retrieved from Network Computing:
https://www.networkcomputing.com/data-centers/5-subnetting-benefits

Rouse, M. (n.d.). Single Point Of Failure (SPOF). Retrieved from WhatIs.com:

https://searchdatacenter.techtarget.com/definition/Single-point-of-failure-SPOF

Shahed. (2015, October 30). Spanning Tree Protocol Security. Retrieved from GPON Solution:
http://gponsolution.com/spanning-tree-protocol-security.html

Sharma, N. (2018, Jun 9). System Design, Chapter 3: Load Balancing. Retrieved from Medium.com:
https://medium.com/system-designing-interviews/system-design-chapter-3-load-balancing-
e1c89148e37

STP Part I. (n.d.). Retrieved from CCNA Blog: https://www.ccnablog.com/stp-part-i/

Teachweb. (n.d.). Retrieved from

http://teachweb.milin.cc/datacommunicatie/scaling_networks/lan_redundancy.htm

SWRE 12 CCNA

15