You are on page 1of 16

Copyright 2013 @ projectsinnetworking.

com









Network Design Proposal for Airport











Copyright 2013 @ projectsinnetworking.com


Introduction

The project is to design a proposal for setting up a network in an airport. The
airport has three departments.
1.Airport authority
2. Flight service providers
3. Guests.
The airport authority maintains a server which handles the flight management
controls. The flight service providers should have access only to the specific server
in the airport authority network and not to any other systems. The guest users
should have wireless access to a high speed internet connection, which should be
shared among all the users in all the departments.
The wireless access should be using a common password. The guest users should
not have access to the other two departments. The users should obtain IP addresses
automatically. The airport authority has 20 users, the flight service providers have
40 users and the maximum numbers of guests are estimated to be 100.
Networking Requirement.
1.The active networking components (Routers, switches, wireless access points
etc) with quantity.
2. The IP network design for each department.
3. Creating and mapping IP networks with vlans.
4. Analysis, identification and explanation of methodologies to use for access
restriction and internet sharing.
5. Dynamic IP addressing design for all the networks.
6. Identify the configuration and features, wherever appropriate, which is required
on the active components to setup the network.
Copyright 2013 @ projectsinnetworking.com


7. Network topology diagram.
Network Design strategy
VLAN technology would be used to create the networks associated with different
departments. Every department would be associated with an IP network and
mapped with a specific vlan. Appropriate restrictions would be provided between
the departments using access control lists. A DHCP server would used for
providing dynamic IP addresses to the users on the network.
VLAN and IP Network Design
VLAN’s are created and mapped with each department.
1. VLAN 2 – Airport Authority

2. VLAN 3 – Flight service providers

3. VLAN 4 – Guests

IP networks are created for each VLAN and mapped with the same. The IP address
range for users and systems which can be used on the specific department is also
included.
VLAN IP Network address IP address range
VLAN 2 192.168.2.0/24 192.168.2.1-
192.168.2.254
VLAN 3 192.168.3.0/24 192.168.3.1-
192.168.3.254

VLAN 4 192.168.4.0/24 192.168.4.1-
192.168.3.1/24




Copyright 2013 @ projectsinnetworking.com


Requirement analysis of Active Networking Components .
Switches –
The airport authority has 20 users, the flight service providers have 40 users and
the maximum numbers of guests are estimated to be 100. The total number of LAN
users is 60, which includes the airport authority and flight service providers. As the
guests are on the wireless networks, 3 access points are proposed for
accommodating the 100 users. This would require 60 ports for the LAN users, 3
ports for the access points, 1 port for the airport authority server and 1 port for the
DHCP server. So a total of 65 ports are required. Switches are available as 24 or 48
port capacity. So 3 nos of 24 port switches, which support vlans are proposed.
Routers –
A router which supports high speed internet connection, with the appropriate
interface is required. The router also requires an interface which supports 802.1q,
which would be used for routing between vlans and access restriction between the
vlans. 1 nos router is required.
Access points –
As the estimated number of guest users are 100, a total of 3 access points are
proposed. This is proposed based on the load which can be shared on the access
points.
DHCP Server –
A DHCP server is required for assigning dynamic IP addresses to users on the
network. The DHCP server service on Windows 2008 is leveraged for the purpose.
Network Implementation Plan
Ports on the switches are made members of respective vlans. The computers
belonging to the respective departments are connected to the respective ports.
Intervlan routing is setup on the router, where appropriate access control lists are
provided for restricting communication as per the project requirement. The access
points are connected to the ports which are on VLAN 4 on the switch as it is used
for guest vlan. The DHCP server is setup on VLAN 2, the airport authority vlan,
Copyright 2013 @ projectsinnetworking.com


and configured with multiple DHCP scopes to provide IP addresses from
respective vlans to the users on the network. IP Helper-address feature is
configured on the router for users belonging to the flight services provider and
guest network to receive dynamic IP addresses from the DHCP server residing on
the airport authority network.
Network Topology Diagram






Copyright 2013 @ projectsinnetworking.com


The network topology diagram is as shown above. The DHCP server and the
airport authority server are connected to ports on the switch, which are members of
VLAN 2, the airport authority VLAN. The respective PC’s belonging to the
departments are connected to the appropriate ports on the switch. The access points
are connected to ports on the switches, which are members of VLAN 4, which is
associated with the guest VLAN. The guest users connect to the access points and
are assigned IP address in the appropriate VLAN range.
Network configuration and Guidelines
1. The DHCP server is connected to a port, which is a member of VLAN 2.
The IP address of the DHCP Server is 192.168.2.2 and the IP address of the
airport authority server is 192.168.2.3.

2. The access point is configured with IP addresses belonging to the VLAN 4
network address range.

3. Switch configuration
The following configuration details the actual setup which needs to be
performed on a Cisco switch.
a. Create VLAN’s, VLAN 2, VLAN 3 AND VLAN 4 with respective
names on the switch.
switch(config)#vlan 2
switch(config-vlan)#name Airport authority
switch(config-vlan)#exit
switch(config)#vlan 3
switch(config-vlan)#name Flight service providers
switch(config-vlan)#exit
switch(config)#vlan 4
switch(config-vlan)#name Guests
Copyright 2013 @ projectsinnetworking.com


switch(config-vlan)#exit
b. Configure appropriate ports on the switch as members of respective
VLAN. Only two ports for each vlans are displayed. This can be added
based on requirement.
switch(config)#interface fastethernet 0/2
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 2
switch(config-if)#exit
switch(config)#interface fastethernet 0/3
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 2
switch(config-if)#exit
switch(config)#interface fastethernet 0/10
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 3
switch(config-if)#exit
switch(config)#interface fastethernet 0/11
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 3
switch(config-if)#exit
switch(config)#interface fastethernet 0/20
switch(conf ig-if)#switchport mode access
switch(config-if)#switchport access vlan 4
Copyright 2013 @ projectsinnetworking.com


switch(config-if)#exit
switch(config)#interface fastethernet 0/21
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 4
switch(config-if)#exit
c. Configure the port connected to the router (Port 1) as a trunk. This is for
allowing the traffic from all the vlans to the router, where appropriate
routing and access restrictions are performed.
switch(config)#interface fastethernet 0/1
switch(config-if)#switchport mode trunk

switch(config-if)#switchport trunk allowed vlan all

switch(config-if)#exit

4. Router configuration
The following configuration details the actual setup which needs to be
performed on a Cisco router.
a. The interface connected to the internet is configured with the appropriate
IP address (192.168.1.10). Note: In real time, this would be the public IP
address. The details are shown below.

router(config)#interface fastethernet 0/0
router(config-if)#no shutdown
router(config-if)#exit
router(config)#interface fastethernet 0/1
router(config-if)#ip address 192.168.1.10 255.255.255.0
Copyright 2013 @ projectsinnetworking.com


router(config-if)#no shutdown
Note: In real time environment, PAT (Port address translation) is configured
on the interface for sharing the internet. A default route is also setup on the
router to forward all packets to the gateway IP address, which the ISP
provides.

b. Sub interfaces on the router on the physical interface fastethernet 0/0 are
mapped with appropriate VLAN and IP address. The IP address
configured on the router, would be the default gateway address for users
belonging to the respective vlan. IP addresses 192.168.2.1, 192.168.3.1
and 192.168.4.1 are mapped with the VLAN’s, VLAN 2,3,4.

router(config)#interface fastethernet 0/0.1
router(conf ig-subif)#encapsulation dot1Q 2
router(config-subif)#ip address 192.168.2.1 255.255.255.0
router(config-subif)#no shutdown
router(config-subif)#exit
router(config)#interface fastethernet 0/0.2
router(config-subif)#encapsulation dot1Q 3
router(config-subif)#ip address 192.168.3.1 255.255.255.0
router(config-subif)#no shutdown
router(config-subif)#exit
router(config)#interface fastethernet 0/0.3
router(config-subif)#encapsulation dot1Q 4
router(config-subif)#ip address 192.168.4.1 255.255.255.0
router(config-subif)#no shutdown
Copyright 2013 @ projectsinnetworking.com


router(config-subif)#exit

c. The IP Helper –address is configured on the VLAN 3 and VLAN 4
interfaces of the router. This is configured for users belonging to the
respective vlans, to reach the DHCP server for obtaining dynamic IP
addresses. The configurations are shown below. The IP address of the
DHCP server is 192.168.2.2.
router(config)#interface fastethernet 0/0.2
router(config-subif)#ip helper-address 192.168.2.2
router(config-subif)#exit
router(config)#interface fastethernet 0/0.3
router(config-subif)#ip helper-address 192.168.2.2
router(config-subif)#exit
d. Appropriate access control lists are configured on the router. To deny
access from the guest network to the other two networks an extended
ACL is configured. The configuration is shown below. The first two lines
would deny the access from the guest network to the airport authority and
flight service provider networks. The third entry would allow all other
traffic. This is for the internet connection. The access control list is
applied in the guest vlan interface on the router as inbound.
router(config)#access-list 101 deny ip 192.168.4.0 0.0.0.255
192.168.2.0 0.0.0.255
router(config)#access-list 101 deny ip 192.168.4.0 0.0.0.255
192.168.3.0 0.0.0.255
router(config)#access-list 101 permit ip any any
router(config)#interface fastethernet 0/0.3
router(config-subif)#ip access-group 101 inbound
Copyright 2013 @ projectsinnetworking.com


e. Access control lists are configured to restrict access from the flight
service network to the airport authority network. The first line allows the
flight service provider network to access the airport authority server. The
second line denies all other communication to the airport authority
network as per the requirement. The third line allows all other
communication, which would be internet. The access list is applied as
inbound on the VLAN interface corresponding to the airport authority
network.
router(config)#access-list 102 permit ip 192.168.3.0 0.0.0.255 host
192.168.2.3
router(config)#access-list 102 deny ip 192.168.3.0 0.0.0.255
192.168.2.0 0.0.0.255
router(config)#access-list 101 permit ip any any
router(config)#interface fastethernet 0/0.2
router(config-subif)#ip access-group 102 inbound

5. DHCP Configuration
The DHCP server is configured on Windows 2008. There are three
DHCP scopes, which are created for each of the three VLAN’s. The
screenshots are shown below.
a. Start the DHCP service

Copyright 2013 @ projectsinnetworking.com






b. Create new scope for the airport authority network.

Copyright 2013 @ projectsinnetworking.com




c.

d.
Copyright 2013 @ projectsinnetworking.com




e. Configure the gateway address as the IP address of the VLAN interface
configured on the router.



Copyright 2013 @ projectsinnetworking.com


f. Configure the DNS server for the scope following the same above steps.
This can be the DNS server provided by the ISP or can also be the router
and the router point to the appropriate DNS server provided by the ISP.

g. Activate the Scope.



The similar steps are followed for the other networks.




Copyright 2013 @ projectsinnetworking.com



Hardware and Software inventory list
Item Model Quantity
Router Cisco 2600 Series 2621
ROUTER with high speed
interface for internet
connection.
1
Switches Cisco 2950 Catalyst
Switch
3
Access points Cisco Aironet 1200
Access Point
3
Server IBM/Dell 1
Operating system Windows 2008 1 license
PC IBM/Dell As per requirement