Translated from Vietnamese to English - www.onlinedoctranslator.

com

HO CHI MINH CITY NATIONAL UNIVERSITY

UNIVERSITY OF TECHNOLOGY FACULTY
OF COMPUTER SCIENCE & ENGINEERING

COMPUTER NETWORKING (CO3094)

Assignment 2

NETWORK DESIGN AND SIMULATION

FOR A CRITICAL LARGE HOSPITAL

Instructor: Bui Xuan Giang

Students perform: Nguyen Huy Hoang - 2211091
Nguyen Le Gia Kiet - 2211761
Nguyen Chi Thiet - 2213242

Ho Chi Minh City, October 2024

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Index
1 Task assignment 3

2 Determine the appropriate network structure for the building 4

2.1 Analysis of network system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Analysis of headquarters requirements . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 Analysis of branch requirements . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.3 Throughput requirements analysis . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Network system details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 Head office in Ho Chi Minh City . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.2 Branches on DBP and BHTQ streets . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3 Identify high load areas in the Hospital . . . . . . . . . . . . . . . . . . . . . . 8
2.4 Choosing network architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.1 Network structure of the network system . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.2 General information about the network system . . . . . . . . . . . . . . . . . . . . . 10
2.5 Wireless network design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Details of equipment used 11

3.1 Devices used in the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1 Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.2 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1.3 Access points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1.4 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.5 Modems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.6 Other equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 IP Addressing Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.1 Head office in Ho Chi Minh City (Buildings A and B) . . . . . . . . . . . . . . . . . . 15
3.2.2 Branch in DBP ............................... 16
3.2.3 Branch in BHTQ .............................. 17
3.2.4 IP diagram for WAN ........................... 17
3.3 System diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4 System throughput, bandwidth 18

4.1 Head office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.2 Branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5 System Design Using Packet Tracer 20

6 Check system using Ping, Traceroute 20

6.1 Check the connection of machines in the same VLAN .................. 20
6.2 Check connection to other VLAN machines . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.3 Check the connection between PCs at the headquarters . . . . . . . . . . . . . . . . . . . . . . . . 22
6.4 Check the connection between PCs at the headquarters and branches . . . . . . . . . . . . 23
6.5 Connecting to a server in the DMZ area . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.6 Connecting to the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.7 Surveillance camera management system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6.8 Email system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 1/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

7 System Review 27
7.1 Technologies realized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.2 Evaluation criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.3 Future development orientation . . . . . . . . . . . . . . . . . . . . . . . . . . 28

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 2/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

1 Task assignment

Order Full name MSSV Mission Complete

1 Nguyen Huy Hoang 2211091 - Design
- Configure the simulation system on Packet Tracer 100%
- Write reports

2 Nguyen Le Gia Kiet 2211761 - Design

- Configure the simulation system on Packet Tracer 100%
- Write reports

Table 1: List of tasks and completion progress

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 3/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

2 Determine the appropriate network structure for the building

2.1 Analyze network system requirements

CCC (Computer & Construction Concept) was asked to design a computer network to be
deployed at the headquarters (Ho Chi Minh City) and 2 branches (DBPStreet and BHTQ Street) of
the hospital under construction.

2.1.1 Analysis of headquarters requirements

• Consists of two buildings A and B (each building has 5 floors, each floor has 10 rooms), the first floor has
an IT room and a local central cable system (using patch panels to manage and connect wires).

• Medium size: 600 workstations, 10 servers, 12 network devices (or more with security-
specific devices).

• There is a data center and central cable room 50m from the two buildings.
• Use new technology for network infrastructure including wired and wireless connections, fiber
optics (GPON), and GigaEthernet 1GbE/10GbE. Organize the network according to VLAN structure
for different departments.

• The headquarters subnet connects to the two branch subnets using two dedicated
channels (Leased lines) for WAN connection and two digital subscriber lines (DSL) for
Internet access with load balancing. All traffic to the Internet goes through the
headquarters subnet.

• Use a combination of licensed and open source software, office applications, client-
server applications, multimedia applications and databases.

• Requires high security (firewall, IPS/IDS, phishing detection), high availability,

robustness when errors occur, and easy system upgrades.

• Propose VPN configuration for connection between branches and for remote workers to
connect to the hospital LAN.

• Propose a surveillance camera for the hospital.

2.1.2 Analysis of branch requirements

Branches are designed similarly to the headquarters but on a smaller scale:

• The branch building has 2 floors, the first floor has an IT room and a local central
cabling system.

• Small scale: 260 workstations, 2 servers, 5 or more network devices.

Deploy the connection between headquarters and branches through WAN links (can
choose one of the technologies such as SD-WAN, MPLS,...)

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 4/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

2.1.3 Throughput requirements analysis

The system's data flows and workloads (about 80% of the daily load is concentrated in the
peak hours of 9am - 11am and 3pm - 4pm) can be shared between the headquarters and
branches as follows:
• Servers for software updates, web access and database access,... Estimated total
download is about 1000 MB/day and estimated upload is 2000 MB/day.

• Each workstation is used for browsing the Web, downloading documents and transacting with customers,... The
estimated total download is about 500 MB/day and the estimated upload is 100 MB/day.

• The WiFi connected devices of the guests accessing to download is about 500MB/day.
Hospital's network system is estimated to have a growth rate of 20% in 5 years (in terms of number
of users, network load, branch expansion, etc.).

2.2 Network system details

Before preparing to build a network system, the first and most important thing to do is to survey the
location where the network system needs to be installed. The contents that need to be surveyed include:

• About installation location:

– How many floors does the building have?

– How many rooms are there on each floor?

– What size is each room?

– The best carrier support for that installation location.
– Does the building have its own wiring or do you have to wire and install the wiring yourself?

• About hospital organization:

– Departmental layout in rooms and floors.

– What is the size of each department?
– Where are the servers located?
For this major assignment, our group assumed that we had successfully surveyed the locations where we were preparing to
install the network system and had the following results:

2.2.1 Head office in Ho Chi Minh City

• The headquarters has 2 buildings (A and B), each building has 5 floors with 600 workstations, 10 servers, 12
networking devices.

• Each floor is sized to accommodate about 60 people working at the same time.
• Found the best carrier for the building location.
• The building has its own wiring, no need to install wiring yourself.
• Each floor needs to provide a wireless network system, with a maximum of 60 devices connected at the same time for
each floor. Each room must have no more than 6 workstations. A separate wireless network for the Reception Room
with a maximum of 70 devices connected at the same time.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 5/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

1.Floor 1:

• Reception:There are 6 workstations and a number of other wireless network

devices (maximum of 60). There is also a camera and a motion sensor for security
monitoring.

2.Floor 2:

• Server farm and DMZ:There are 5 servers serving internal hospital work and 1 Web
server in DMZ.

3.Floor 3:

• Human Resources Department:There are 6 workstations and some other wireless

network devices (maximum of 60).

4.Floor 4:

• Marketing and Sale Department:There are 6 workstations and some other wireless
network devices (maximum of 60).
• Administration:There are 6 workstations and some other wireless network devices
(maximum of 60).

5.Floor 5:

• Financial and Accounting Department:There are 6 workstations and some other

wireless network devices (maximum of 60).
• Research and Development Department:There are 6 workstations and some other
wireless network devices (maximum of 60).
• Drug storage room:There are 6 workstations and some other wireless network
devices (maximum of 60).

2.2.2 Branches on DBP and BHTQ streets

• Each branch has 2 floors with 260 workstations, 2 servers, 5 networking devices.
• Both branch buildings are identical and the survey results are the same in both
branches.

• The branch building has 2 floors:

– 1st floordivided into 3 areas, including 2 small rooms and 1 large room. The small room will
be used as the Reception room and Server room, the large room will be the working space
for the staff.
– 2nd floordesigned as a studio, meaning there are no separate rooms for each floor.
Each floor is sized to accommodate 40 people working at the same time.

• Found the best carrier for the building location.

• The building has its own wiring, no need to install wiring yourself.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 6/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

• Each floor needs to provide a wireless network system, with a maximum of 130 devices connected at the same
time for each floor. A separate wireless network for the Reception Room with a maximum of 260 devices
connected at the same time.

Branch in DBP
1.Floor 1

• Information Technology (IT) Department:There are 52 workstations and some

other wireless network devices. (maximum of 130).
• Human Resources Department:There are 52 workstations and some other wireless
network devices. (maximum of 130).
• Reception:There are 52 workstations and several other wireless network devices.
There is also a camera and a motion sensor for security monitoring. (maximum of
130).
• Server farm:There are 2 servers serving internal hospital work.
2.Floor 2

• Marketing and Sale Department:There are 52 workstations and some other

wireless network devices (maximum of 130).
• Financial and Accounting Department:There are 52 workstations and some other
wireless network devices (maximum of 130).
• Research and Development Department:There are 52 workstations and some other
wireless network devices. (maximum of 130).
• Administration:There are 52 workstations and some other wireless network
devices. (maximum of 130).

Branch in BHTQ
1.Floor 1

• Information Technology (IT) Department:There are 52 workstations and some

other wireless network devices.(maximum of 130)
• Human Resources Department:There are 52 workstations and some other wireless
network devices. (maximum of 130)
• Reception:There are 52 workstations and some other wireless network devices.
There is also a camera and a motion sensor for security monitoring. (maximum of
130)
• Server farm:There are 2 servers serving internal hospital work.
2.Floor 2

• Marketing and Sale Department:There are 52 workstations and some other

wireless network devices (maximum of 130)
• Research and Development Department:There are 52 workstations and some other
wireless network devices. (maximum of 130)

• Administration:There are 52 workstations and some other wireless network

devices. (maximum of 130)

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 7/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

2.3 Identify heavy load areas in the Hospital

All traffic to the Internet of the system goes through the Headquarters network. Therefore, the connection
from the Headquarters Multi-switch to the Headquarters router is the area with the highest load. This is where
a large number of machines operate, operating for a long time with high intensity. At the same time, this is also
where many tasks are concentrated such as connecting to servers, connecting to other important machines.

The 2nd floor of the headquarters and branches is the area where many PCs and servers are located along with
the central cable system, so this is also the area with the highest load.
After conducting a survey and reviewing the network system requirements, we can easily
identify areas with high loads in the Hospital, including:

• Web Server System:Allows all Internet users to search for information and exchange
information with the website. Therefore, it is necessary to ensure access speed and stability.

• Data Center and Network (Headquarters:)Central to all traffic, high server utilization.

• Floor 1 (Sub-branch):There is an IT room where local traffic is aggregated and server load is
handled.

• For the above heavy load locations, the system will apply appropriate load balancing mechanisms.

Load-balancingis a method of distributing network traffic evenly across a pool of

resources supporting an application. Modern applications must handle millions of users
simultaneously and return accurate text, video, images, and other data to each user quickly
and reliably. To handle such high traffic, most applications have multiple resource servers,
where data is replicated between servers. A load balancer is a device that sits between the
user and the pool of servers and acts as a moderator, ensuring that all resource servers are
used equally.

Load balancing can be applied by letting heavy jobs and services such as mail, file
exchange, branch connection, etc. go through leased lines to ensure strong transmission, fast
and stable data transmission/reception speed; for lighter jobs such as web access, it goes
through xDSL lines to minimize system costs. The system applies load balancing method
when connecting the head office with branches through 2 leased lines and 2 xDSL to access
the Internet with load balancing mechanism. Servers are also divided into separate jobs to
avoid overload when concentrating jobs on one server.

2.4 Choosing network architecture

2.4.1 Network structure of the network system

We design the network structure according to the model.Hierarchical Network Design.This

model is now considered the industry-wide best practice for designing reliable, sustainable,
scalable, and cost-effective networks.

In the hierarchical network design model, the network system is divided into several levels (layers). These
levels are connected to each other in a hierarchical form, allowing the network system to be divided into

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 8/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Small blocks are easier to manage and these blocks limit local traffic. This model can be
applied to both LANs and WANs.
A common layered network model has 3 layers: Access Layer, Distribution Layer, Core
Layer.

Figure 1: Hierarchical model with 3 levels

Reason for choosing

• Scalability:The decentralized network model is designed to be easily scalable, which is

important as hospital networks are expected to grow 20% over the next five years.

• Simple management:Organizing the network into layers makes maintenance, troubleshooting,

and upgrades more efficient.

• VLAN and security support:This design enables efficient VLAN deployment to segregate
traffic between departments, enhance security, and improve performance.

• High Availability:This model integrates redundancy and fault tolerance mechanisms at

the core and distribution layers, ensuring uninterrupted operation for critical hospital
services.

• Cost savings in expansion:Future expansion, such as integrating additional departments

or facilities, can be accomplished by adding equipment at the appropriate layers
without changing the entire network.

However, this model also has its disadvantages.Disadvantages:

• High initial cost:Deploying a hierarchical network requires purchasing additional equipment, such as
core and distribution layer switches, which increases the initial cost.

• Complex configuration:This design requires careful planning and configuration, especially for
cross-layer communication, protocol redundancy, and VLAN management.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 9/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

• Redundancy in design:With smaller sub-branches, a full hierarchical design may not be

necessary due to low traffic demands.

• Challenges in maintenance:Ensuring the system is functioning properly and updated regularly for
all classes requires skilled personnel and constant monitoring.

After considering the pros and cons, the team concluded that a hierarchical network design is the optimal
choice for hospital networks due to its scalability, security, and efficient management. Although it may increase
complexity and initial costs, the long-term benefits outweigh the drawbacks, ensuring stable and efficient
network operations for critical healthcare services.

2.4.2 General information about the network system

• The network architecture used includes:

– LAN: This is a local network used only within the building, for working
departments, for example:
∗VLAN 10: Administrator. ∗VLAN
20: Medical department.
∗VLAN 30: Client/patient.
– For each department, we will create a separate VLAN for that department. This meets
the need for private sharing between departments and increases system performance
by reducing broadcasting costs, making it easy to detect errors. Another technique
used is VLAN Trunking Protocol (VTP). This technology makes managing VLANs (adding/
deleting/editing) more synchronized and easier because only need to make changes on
the switch in VTP server mode, all changes will be updated to the switch in VTP client
mode.
– Subinterface: Used for routing between VLANs. It saves physical ports of the router.
With one physical port we can divide into many logical ports (subinterfaces).

– Subnet mask: Used to divide IP addresses. Here we use IP addresses starting from
192.168.1.1. Each VLAN will have a different IP range to help optimize IP address
allocation.
– DMZ network subsystem: Includes web server system, dns for customers and internal
access. On the web server there are online transaction systems of the hospital, Internet
Hospital, lookup of hospital products and services, advertising information,...

– Using DHCP: This is a protocol that allows automatic allocation of IP addresses along
with other related configurations such as subnet mask and default gateway. Computers
are automatically configured, thus reducing the need for intervention in the
appropriate network system in large-scale models. It provides a central database to
track all computers in the network system. The most important purpose is to avoid the
case of two different computers having the same IP address.
∗Without DHCP, machines can configure IP manually (static IP configuration).
Configuring a static IP address for a few machines is possible, but for many machines it is
time-consuming and error-prone. DHCP is responsible for quickly, automatically and centrally
managing the distribution of IP addresses within a network.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 10/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

∗The way DHCP works is when a device requests an IP address from

a router then the router will immediately assign an available IP address to that
device.
∗DHCP has many advantages, but it also has limitations.
For example, we should not use dynamic IP addresses, changing IP addresses for
fixed devices that need continuous access.

• Use star topology for each building (headquarters and 2 branches)

At each layer, machines communicate with each other through the network by pushing data to the
switch at each layer. This switch will perform the routing of all data sources at its layer. The layer 2
switches will be connected to each other through the layer 3 switch. Advantages:

– Low cost.
– It allows easier network management and troubleshooting, expanding the network by
adding additional devices will be much faster and easier.
– If one machine has a problem, it does not affect the others.

2.5 Wireless network design

Use wifi network for laptop and phone usage of users and customers in transaction and
reception areas. Advantages:

• Allows multiple users to connect over the same network in a very short time without any
configuration, connections can be made through routers or hotspot technology. This
ease of use and convenience is not available in wired networks.

• Installing a WiFi access point is relatively easy compared to a wired network connection. Compared to a wired
network connection, wireless networks offer significant advantages in terms of cost and labor.

Besides, we have disadvantages:

• Although wireless networks have used many encryption techniques, Wifi is still
vulnerable to hacking. Due to its wireless nature, it is highly vulnerable to attacks,
especially public wifi networks. Since public wifi networks are open to anyone, hackers
can impose their fake network ID. Users can unknowingly connect to this fake ID and
become victims of cyber attacks.

• Wifi speed will decrease as we move away from the access point. In multi-story
buildings, Wifi strength can vary on different floors.

To improve wifi security, we use the WPA2/PSK security standard.

3 Details of equipment used

3.1 Devices used in the system
3.1.1 Router
• Router:Used to connect between branches and the internet, using Cisco 2811 router

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 11/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 2: Router2811

– Total ports: 2.
– Number of expansion slots: 9.
– Ethernet technology: FastEthernet.
– Standard memory: 256 MB.
– Maximum memory: 760 MB.

– Flash memory: 64MB/256MB.

3.1.2 Switch
• Layer 2 Switch:Used to create connection devices on the same floor, using switch 2960-24TT.

Figure 3: Switch2960-24TT

– Number of ports: 24 x 10/100 Ethernet Ports.

– Feature set: LAN Base.

– Switching bandwidth: 32Gps.
– Flash memory: 32MB.
– Forwarding bandwidth: 16Gps.

• Layer 3 Switch:Connecting VLANs at different levels requires the support of layer 3

switches, which also provide higher speed and better security. Use layer 3 switch
3560-24PS.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 12/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 4: Layer 3 Switch 3560-24PS

– Number of ports: 24 x 10/100 Ethernet Ports.

– Flash memory: 32 MB.

– Feature set: IP base.

3.1.3 Access point

• Access point:is a wireless network device that acts as a gateway for devices to connect to a
local area network. They are used to extend the wireless coverage of an existing network so
that a large number of customers can access it when they come to the bank. Use the
LINKSYS WAP54G Wireless-G Access Point.

Figure 5: Wireless-G Access Point LINKSYS WAP54G

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 13/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

– Wireless security: 128-bit WPA encryption, MAC address filtering

– Maximum speed reaches 54Mbps under wireless G standard (802.11g) and 11Mbps under wireless
B standard (802.11b)

3.1.4 Firewall
• Firewall:Ensure secure access. Limit risks from malicious data when accessing the
Internet. Use Cisco 5506 firewall.

Figure 6: Cisco 5506 firewall

– Maximum 3DES/AES VPN throughput: 250Mbps.

– Maximum connections/second: 5000.

– Concurrent connections: 50000.

– Bandwidth transmission speed: 100 MB/s

3.1.5 Modems
• Modem:is a hardware device that converts data from a digital format, used for direct
communication between devices with dedicated wiring systems, into a device suitable for
transmission media such as telephone lines or radio. There are 2 popular modems: DSL and
cable. Use DSL-AX82U Modem, DSL because they have more stable speeds than cable
modems.

Figure 7: DSL-AX82U

– Maximum WLAN data transmission rate: 5400 Mbit/s.

– LAN data transmission speed: 10/100/1000 Mbit/s.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 14/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

3.1.6 Other equipment

In addition to the above devices, there are other devices: servers, computers participating in the
LAN, wireless connection devices,...

3.2 IP Addressing Plan

3.2.1 Head office in Ho Chi Minh City (Building A and B)
Building A:

Table 2: VLAN of Building A

VLAN Floor IP range Subnet Mask Gateway

VLAN10 Floor 1 192.168.10.0/24 255.255.255.0 192.168.10.1
VLAN20 Floor 2 192.168.20.0/24 255.255.255.0 192.168.20.1
VLAN30 Floor 3 192.168.30.0/24 255.255.255.0 192.168.30.1
VLAN40 Floor 4 192.168.40.0/24 255.255.255.0 192.168.40.1
VLAN50 Floor 5 192.168.50.0/24 255.255.255.0 192.168.50.1

Building B:

Table 3: VLAN of Building B

VLAN Floor IP range Subnet Mask Gateway

VLAN60 Floor 1 192.168.60.0/24 255.255.255.0 192.168.60.1
VLAN70 Floor 2 192.168.70.0/24 255.255.255.0 192.168.70.1
VLAN80 Floor 3 192.168.80.0/24 255.255.255.0 192.168.80.1
VLAN90 Floor 4 192.168.90.0/24 255.255.255.0 192.168.90.1
VLAN100 Floor 5 192.168.100.0/24 255.255.255.0 192.168.100.1

All internal IP addresses of the above workstations are dynamically assigned by DHCP protocol.
Internal network IP addresses of servers in the Server farm are all statically assigned.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 15/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

3.2.2 Branch in DBP

Table 4: Network addresses of VLANs

VLAN Floor (Equipment) IP range Subnet Mask Gateway

VLAN11 Floor 1 172.16.10.0/24 255.255.255.0 172.16.10.1
VLAN12 Floor 2 172.16.20.0/24 255.255.255.0 172.16.20.1
VLAN13 Server 172.16.50.0/24 255.255.255.0 172.16.50.1

Table 5: Intermediate network array

IP range Subnet Mask

172.16.30.0/30 255.255.255.252

IP of workstations are dynamically assigned by DHCP protocol. IP of servers are statically

assigned.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 16/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

3.2.3 Branch in BHTQ

VLAN Floor (Equipment) IP range Subnet Mask Gateway

VLAN21 Floor 1 10.0.10.0/24 255.255.255.0 10.0.10.1
VLAN22 Floor 2 10.0.20.0/24 255.255.255.0 10.0.20.1
VLAN23 Server 10.0.50.0/24 255.255.255.0 10.0.50.1

Table 6: VLAN configuration

IP range Subnet Mask

10.0.30.0/30 255.255.255.252

Table 7: Intermediate network array

IP of workstations are dynamically assigned by DHCP protocol. IP of servers are statically

assigned.

3.2.4 IP diagram for WAN

Subnet Name IP range Subnet Mask

Headquarters - DBP Branch 100.100.2.0/24 255.255.255.0
Headquarters - BHTQ Branch 100.100.3.0/24 255.255.255.0

Table 8: WAN Network

3.3 System diagram

The system includes 1 router used to connect branches and connect to the outside
Internet via DSL modem.
Each floor is equipped with 1 switch to connect computers in the floor. These switches will be connected
to Multilayer Switch. Floor 1 at the head office and branches uses 2 switches because it has a larger number of
computers than the other floors.
The servers are located in a different area and are directly connected to the Multilayer Switch to increase
download speed.

• In addition, on the first floor there is also an Access Point to provide wifi for customers when
coming to the bank. For connection between branches:

– The headquarters connects to the branches by WAN connection using OSPF protocol.
– The headquarters uses two leased-lines directly to the routers at the branch side. The
branches only need to connect to the headquarters without having to connect to each other.
– 2 DSL modems are designed to balance load when transmitting data to the internet.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 17/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

4 Throughput, bandwidth of the system

Throughput:is the amount of information successfully transmitted over a network in a
unit of time.
Bandwidth:is the maximum speed that a website can transmit in 1 second. In other
words, it is the capacity of the network connection to transmit maximum data between the
website and the user in 1 unit of time.
According to the topic:

• System data flows and workloads (about 80% of daily load is concentrated in peak hours
9am - 11am and 3pm - 4pm)

• Servers for software updates, web access and database access,... Estimated total
download is about 1000 MB/day and estimated upload is 2000 MB/day.

• Each workstation is used for Web browsing, document downloading and customer transactions, etc. The
estimated total download is approximately 500 MB/day and the estimated upload is 100 MB/day.

• The WiFi connected devices of the guests accessing to download is about 500MB/day.
Hospital's network system is estimated to have a growth rate of 20% in 5 years (in terms of number of
users, network load, branch expansion, etc.).

4.1 Head office

The headquarters consists of 600 workstations (PCs), 10 servers and assumes 100 wireless
network accesses.
Total download and upload traffic in 1 day:

10×(1000 + 2000) + 600×(500 + 100) + 100×500 = 440000MB/day (1)

Since the working time in a day is 8 hours, the throughput of the system is:

440000
= 15.28MB/s =122.22(Mbps) (2)
8×3600
Since 80% of network traffic is concentrated in 3 peak hours, the system bandwidth is:

440000∗0,8
= 32.592MB/s =260.742(Mbps) (3)
3×3600
To meet the demand in the next 5 years, the system bandwidth will increase by 20%. Therefore, the
required bandwidth is:

260.742×1,2 = 312.89(Mbps) (4)

4.2 Branches
The branch consists of 260 workstations, 2 servers and assumes 50 wireless network
accesses. Total download and upload traffic in 1 day:

2×(1000 + 2000) + 260×(500 + 100) + 50×500 = 187000MB/day (5)

Since the working time in a day is 8 hours, the throughput of the system is:

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 18/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

187000
= 6.493MB/s =51.943(Mbps) (6)
8×3600
Since 80% of network traffic is concentrated in 3 peak hours, the system bandwidth is:

187000∗0,8
= 13.851MB/s =114.4095(Mbps) (7)
3×3600
To meet the demand in the next 5 years, the system bandwidth will increase by 20%. Therefore, the
required bandwidth is:

114.4095×1,2 = 137.2914(Mbps) (8)

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 19/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

5 System Design Using Packet Tracer

Figure 8: System overview

6 Check the system using Ping, Traceroute

6.1 Check the connection of machines in the same VLAN
We have 2 PCs in Building A of the main branch located in the same network.VLAN 10

Figure 9: Ping within the same VLAN

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 20/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 10: Ping results within the same VLAN

6.2 Check connection to other VLAN machines

We have 2 PCs on different networks.VLAN 10 (Layer 1)withVLAN 20 (Layer 2)

Figure 11: Ping different VLAN

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 21/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 12: Ping results for different VLANs

6.3 Check the connection between PCs at the headquarters

We have 2 PCs located in 2 different locations in Building A and Building B.

Figure 13: Ping between two headquarters

Figure 14: Ping results between 2 headquarters

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 22/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

6.4 Check the connection between PCs at the headquarters and branches
Perform a ping to test the connection between the headquarters and the sub-headquarters.

Figure 15: Ping between headquarters and sub-headquarters

Figure 16: Ping results between headquarters and sub-headquarters

6.5 Connecting to a server in the DMZ area

Perform ping to check server connection

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 23/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 17: Ping from computer to server

Figure 18: Ping results from computer to server

6.6 Connecting to the Internet

Check your connection to the Internet by accessing google.com (IP address is 8.8.8.8).

Figure 19: Connecting to the Internet

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 24/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 20: Results of connecting to the Internet

6.7 Surveillance camera management system

Access to the surveillance camera management system (account and password: admin)

Figure 21: Accessing the surveillance camera management system

Figure 22: Results when accessing the surveillance camera system

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 25/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

6.8 Email system

Proceed to send and receive emails to test the email functionality.

Figure 23: Accessing the email system

PC2 logs in to the account test1@gmail.com (account and password: test1), then sends an
email to test2@gmail.com .

Figure 24: Compose a letter

PC3 logs into the account test2@gmail.com (account and password: test2), then proceeds to receive
and view the email content.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 26/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 25: Receive mail

7 System Evaluation
7.1 Technologies that have been realized
1.VLAN Configuration and Inter-VLAN Routing

• Divide the network into independent VLANs, creating traffic isolation between departments,
enhancing security and supporting management.
• Use Inter-VLAN Routing so that VLANs can communicate efficiently over Layer 3.
2.OSPF routing protocol:Provides dynamic routing capabilities, optimizing traffic between sites
and automatically recovering in the event of a failure.

3.DHCP Server:Automatically assign IP addresses to devices in the network, reducing errors

compared to manual configuration.

4.Wireless system:Using Access Point supporting dual-band and WPA3 security standard,
ensuring stable connection, high security.

7.2 Evaluation criteria

1.Reliability:

• Advantages: The system uses a hierarchical network model with redundancy mechanisms at the
core and distribution layers to ensure high reliability and minimize downtime. Furthermore, the
application of technologies such as GPON and high-speed Ethernet (1GbE/10GbE/40GbE) provides
stable performance.
• Disadvantages: The system can be affected if core devices or WAN lines have
serious failures without adequate redundancy.

2.Ease of Upgrade:

• Advantages: The hierarchical model allows for the addition of devices at each layer without
changing the entire system. Modern devices with scalable ports and bandwidth make it easy
to upgrade as the network grows at an expected rate of 20% over the next 5 years.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 27/28

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

• Disadvantages: Upgrades can be costly and require skilled personnel to configure

new devices without disrupting network operations.

3.Diverse Support Software:

• Advantages: The system supports many open source and copyrighted software
such as HIS, RIS-PACS, LIS, CRM, along with office, multimedia and database
applications, ensuring full satisfaction of hospital usage needs.
• Disadvantages: Managing and maintaining multiple types of software requires highly skilled
IT staff and centralized management resources such as powerful servers and databases.

4.Network Safety

• Advantages: Using VLANs for each department helps reduce the risk of
unauthorized access. VPN and SD-WAN protocols enhance security for inter-facility
connectivity.
• Disadvantages: Disadvantages: The system has not fully implemented anti-attack
measures such as firewalls, phishing detection or data protection from serious
security vulnerabilities.

7.3 Future development orientation

1.Deploy a powerful firewall system:Configure and deploy next-generation firewalls such
as Cisco Firepower to protect the entire network.

2.Building a secure VPN mechanism:

• Deploy site-to-site VPN and VPN for remote workers with high security protocols
like IPsec or SSL.
• Incorporate two-factor authentication (2FA) to enhance remote access security
3.Add load balancer:Add a load balancing mechanism to serve the system during peak
times, limiting congestion or server crashes.

ASSIGNMENT 2 - COMPUTER NETWORK HK241 Page 28/28