Class002 - 201200394-201000327-201000542

Individual Assessment Cover Sheet
Assessment Title:
Networking Project
Programme Title:
BACHELOR OF ICT
Course No.:
ITB6003
Course Title:
Networking and Data Communications 2
Student Name:
Taiba Husain - Fatima Muhasien- ReemAlattar
Student ID:
201200394 201000327 201000542
By submitting this assessment for marking, either electronically or as

hard copy, I confirm the following:
This assignment is my own work

Any information used has been properly referenced.
I understand that a copy of my work may be used for moderation.
I have kept a copy of this assignment
Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327
Title:
This report was requested by Dr.DimitriosLiarokapis, Networking and Data
communications tutor within the ICT department at Bahrain Polytechnic.
The due date ofthe report and the implemented network for Global
Insurance Services Company is on 22nd of December 2013. This report was
done byReem Ali, Taiba Husain and Fatima Muhasien.
Abstract
This report will provide adescription of the network topology of Global
Insurance Services (GIS) Company and its requirements. Firstly, it will
discuss the advantages of creating VLANs for the departments in each
branch. Secondly, it will present a private IPv4 addressing scheme for the
network. Thirdly, it will design security and redundancy measures to
protect the network from failures. Then, it will provide details regards
adding Wireless to each site of the network besides using Permanent
Virtual Circuits (PVCs) to connect the branches and adding Network
Address Translation (NAT) and Port Address Translation(PAT) at Geneva
site to translate private IP addresses to public IP addresses. After that, it
will provide an explanation of designing access lists to restrict specific
users from accessing network. Furthermore, it will give recommendations
on how the company will implement IPv6 for future.
Acknowledgements
Thanks for Mr.DimitriosLiarokapis because of his help and support in the
project. He helped in correcting the mistakes that have been done in the
VLSM process and he provided a better understanding of the project
requirements. Moreover, he allocated project classes that allowed us to
work on the project and ask questions.
Page 2 of 46
Table ofContents
.............................................................................................................................. 1
Title:................................................................................................................... 2
Abstract.............................................................................................................. 2
Acknowledgements............................................................................................ 2
Introduction........................................................................................................... 5
1.
Step1: VLANs................................................................................................... 6
1.2 VLANs for each branch................................................................................. 6
1.2.1 Switzerland - Geneva Branch.................................................................6
1.2.2 France Paris Branch............................................................................. 7
1.2.3 China Beijing........................................................................................ 7
1.2.4 South Africa Cape Town.......................................................................8
1.2.5 Bahrain Manama.................................................................................. 8
1.2.6 Canada Montreal..................................................................................9
1.2.7 UAE Dubai............................................................................................ 9
Step 2: IP Version 4 Addressing Scheme..............................................................10

2.1.Implement a private IP version 4 addressing scheme................................10
2.
2.1.1
Switzerland - Geneva Branch............................................................10
2.1.2
France Paris Branch........................................................................13
2.1.3
China Beijing Branch......................................................................15
2.1.4
South Africa Cape Town Branch......................................................16
2.1.5
Bahrain Manama Branch................................................................18
2.1.6
Canada Montreal............................................................................20
2.1.7
UAE Dubai Branch..........................................................................22
2.2
Appropriate routing protocol...................................................................24
2.3
Banners configuration.............................................................................25
Step 3: Security and Redundancy..................................................................26

3.1 Security...................................................................................................... 26
3.1.1 Port Security......................................................................................... 26
3.1.2 Passwords............................................................................................. 27
2. Redundancy.................................................................................................. 28
2.1 Spanning Tree Protocol (STP)......................................................................28
4.
Step 4: Wireless Access.................................................................................29

Page 3 of 46
5.
Step 5: Encapsulation method PPP-CHAP......................................................29
6.
Step 6: Frame Relay and PVCs.......................................................................31
7.
Step 7: Network Address Translation (NAT)/Port Address Translation (PAT). . .32
8.
Step 8: Access Control Lists (ACLs)...............................................................32

8.1 Access lists for Switzerland branch.............................................................32
9.
Step 9: IPv6................................................................................................... 34
Conclusion........................................................................................................... 35
Reference List...................................................................................................... 36
Page 4 of 46
Introduction
This report aims to implement a network infrastructure for Global Insurance
Services (GIS)Company. It will present the requirements of all branches of the
company. It will also include detailed steps describing the technologies
used for GIS to enhance the network like using VLANs to separate users of
different types. In addition, configure a data link encapsulation method to
connect GIS with the internet provider. Moreover, WAN technology will be
used to allow the branches to communicate with each other. To control the
network access, Access Control Lists (ACLs) will be designed to restrict
access rights. Last but not least, it will provide recommendations on how
IPv6 will be implemented in the future.
Page 5 of 46
1. Step1: VLANs
Virtual Local Area Network (VLAN) is a group of devices with the same
requirements. It segments the Local Area Network (LAN) logically into multiple
broadcast domains. The purpose of creating VLANs is to split users that belong to
different groups. In this sense, users from the same type will be grouped into the
same VLAN.
There are several reasons that encouraged the Global Insurance Services (GIS)
Company to create VLANs. Firstly, VLAN will improve the performance of the
network because it prevents sending broadcasts traffic to unnecessary
destinations so the broadcasts will be sent only within the VLAN. In addition,
VLANs divide the large broadcast domains into smaller ones which will also
provide betterperformance. With VLANs, the network administrator will be able
to assign users to specific VLAN by controlling the ports. This will improve the
security and efficiency because it will permit users within same VLAN only to
access sensitive data while it will deny other VLANs users. Better yet, creating
VLANs will reduce the number of needed routers and switches. Therefore, it will
reduce the costs and save money for the company("Benefits of vlans," ).
1.2 VLANs for each branch

The current VLANs for each branch will be presented
1.2.1 Switzerland - Geneva Branch
VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Management
VLAN 20
Marketing
VLAN 30
Accounting
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
Page 6 of 46
Description
VLAN 1 is created by default and
it cannot be deleted or altered.
This VLAN is created for
management staff because they
have same requirements.
marketing staff because they
accounting staff because they
This VLAN is created for IT staff
because they have same
requirements.
administration staff because they
This VLAN is created for training
staff because they have same
requirements.
This VLAN is created for other
VLAN 80
WVLAN
VLAN 99
Native VLANs
requirements.
This VLAN is created for the
Wireless devices.
This VLAN is to allow the
switches to communicate with
each other or with the router on
a trunk link
Table1: Switzerland
VLANs
1.2.2 France Paris Branch
VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Management
VLAN 20
Marketing
VLAN 30
Accounting
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
VLAN 99
Native VLANs
Description
requirements.
requirements.
requirements.
a trunk link
Table2: France VLANs

1.2.3 China Beijing Branch
VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Description
Management
Page 7 of 46
VLAN 20
Marketing
VLAN 30
Accounting
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
VLAN 99
Native VLANs
Table3: China
VLANs
1.2.4 South Africa Cape Town Branch
VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Management
VLAN 20
Marketing
VLAN 30
Accounting
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
Page 8 of 46

requirements.
requirements.
requirements.
a trunk link
Description
requirements.
requirements.
requirements.
VLAN 99
Native VLANs

a trunk link
Table4: South Africa

VLANs
1.2.5 Bahrain ManamaBranch
VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Management
VLAN 20
Marketing
VLAN 30
Accounting
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
VLAN 99
Native VLANs
Table5: Bahrain
VLANs
1.2.6 Canada MontrealBranch
VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Management
VLAN 20
Marketing
VLAN 30
Accounting
Page 9 of 46
Description
requirements.
requirements.
requirements.
a trunk link
Description
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
VLAN 99
Native VLANs

requirements.
requirements.
requirements.
a trunk link
Table6: Canada
VLANs
1.2.7 UAE Dubai Branch

VLAN ID
VLAN name
VLAN 1
Default VLAN
VLAN 10
Management
VLAN 20
Marketing
VLAN 30
Accounting
VLAN 40
IT
VLAN 50
Administration
VLAN 60
Training
VLAN 70
Other
VLAN 99
Native VLANs
Page 10 of 46
Description
requirements.
requirements.
requirements.

a trunk link
Table7: UAE
VLANs
Page 11 of 46
Step 2: IPv 4 Addressing Scheme

This step is to implement a private IP version 4 addressing scheme for
Global Insurance Services Company. To achieve this, the Variable Length
Subnet Masking (VLSM) technique was used. In addition, an appropriate
routing protocol will be selected for routers in order to communicate with
each other. Furthermore, proper login banners will be used on all key
network devices besides using passwords.
2.1 Implement a private IPv4 addressing scheme

For this network, the private class B IP address 172.16.0.0/16 has been
used and implemented in the topology because it is suitable for mediumsized to large-sized networks. The tables below will present the IP
addresses for each branch.
2.1.1 Switzerland - Geneva Branch
Departmen
t name
Ne
ed
ed
siz
e
10
Network
address
Assignable
range
Broadcast
address
CID
R
Subnet mask
172.16.1.144
172.16.1.145 172.16.1.158
172.16.1.15
9
/28
255.255.255.240
Vla
n
nu
mb
er
10
Marketing
20
172.16.0.160
172.16.0.161 172.16.0.190
172.16.0.191
/27
255.255.255.224
20
Accounting
10
172.16.1.128
172.16.1.129 172.16.1.142
172.16.1.14
3
/28
255.255.255.240
30
IT
15
172.16.1.32
172.16.1.33 172.16.1.62
172.16.1.63
/27
255.255.255.224
40
Administra
tion
30
172.16.0.0
172.16.0.1 172.16.0.62
172.16.0.63
/26
255.255.255.192
50
Training
20
172.16.0.192
172.16.0.193 172.16.0.222
172.16.0.22
3
/27
255.255.255.224
60
Other
25
172.16.0.128
172.16.0.129 172.16.0.158
172.16.0.15
9
/27
255.255.255.224
70
Native
Vlans
12
172.16.1.160
172.16.1.161 172.16.1.174
172.16.1.17
5
/28
Manageme
nt
Page 12 of 46
99
255.255.255.240
WVLAN
172.16.3.124
172.16.3.125 172.16.3.126
172.16.3.12
7
/30
255.255.255.252
80
WLAN
30
172.16.0.64
172.16.0.65 172.16.0.126
172.16.0.12
7
/26
255.255.255.192
Device
Interface or subIp address

Table8:
Switzerland IP Subnet mask
interface
addresses
Geneva R1
Fa0/0.10
172.16.1.145
Fa0/0.20
172.16.0.161
Fa0/0.30
172.16.1.129
Fa0/0.40
172.16.1.33
Fa0/0.50
172.16.0.1
Fa0/0.60
172.16.0.193
Fa0/0.70
172.16.0.129
Fa0/0.80
172.16.3.121
Fa0/0.99
172.16.1.161
Fa0/1
150.3.1.3
S0/1/0.102
172.16.3.125
S0/1/0.103
172.16.3.133
S0/1/0.104
172.16.3.137
S0/1/0.105
172.16.3.145
S0/1/0.106
172.16.3.129
S0/1/0.107
172.16.3.141
GenevaS0 Core
Vlan 99
172.16.1.162
GenevaS1
Distribution 1
Vlan 99
172.16.1.163
Page 13 of 46
255.255.255.24
0
255.255.255.22
4
255.255.255.24
0
255.255.255.22
4
255.255.255.19
2
255.255.255.22
4
255.255.255.22
4
255.255.255.25
2
255.255.255.24
0
255.255.255.24
0
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.24
0
255.255.255.24
0
Default gateway
172.16.1.161
172.16.1.161
GenevaS2
Distribution 2
GenevaS3
Access 1
GenevaS4
Access 2
GenevaS5
Access 3
GenevaS6
Access 4
GenevaS7
access 5
GenevaS8
access 6
GenevaS9
access 7
PC1
(Administration)
PC2(Accounting
)
PC3 (Training)
PC4(IT)
PC5(Manageme
nt)
PC6 (others)
PC7 (Marketing)
Web server
Email server
Geneva WR
Vlan 99
172.16.1.164
255.255.255.24
0
Vlan 99
172.16.1.165
255.255.255.24
0
Vlan 99
172.16.1.166
255.255.255.24
0
Vlan 99
172.16.1.167
255.255.255.24
0
Vlan 99
172.16.1.168
255.255.255.24
0
Vlan 99
172.16.1.169
255.255.255.24
0
Vlan 99
172.16.1.170
255.255.255.24
0
Vlan 99
172.16.1.171
255.255.255.24
0
NIC
172.16.0.62
255.255.255.19
172.16.0.61
2
255.255.255.19
2
NIC
172.16.1.142
255.255.255.24
0
NIC
172.16.0.222
255.255.255.22
4
NIC
172.16.1.62
255.255.255.22
4
NIC
172.16.1.158
255.255.255.24
0
NIC
172.16.0.158
255.255.255.22
172.16.0.157
4
NIC
172.16.0.190
255.255.255.22
4
NIC
150.3.1.2
255.255.255.24
0
NIC
150.3.1.1
255.255.255.24
0
WAN
172.16.3.122
255.255.255.25
2
LAN/Wireless
172.16.0.65
255.255.255.19
Table9: Switzerland Devices IP2
172.16.1.161
172.16.1.161
172.16.1.161
172.16.1.161
172.16.1.161
172.16.1.161
172.16.1.161
172.16.1.161
172.16.0.1
172.16.0.1
172.16.1.129
172.16.0.193
172.16.1.33
172.16.1.145
172.16.0.129
172.16.0.161
150.3.1.3
150.3.1.3
172.16.3.121
172.16.3.121
addresses
Device Name
GenevaS0 Core
GenevaS1 Distribution 1
Mode
Server
Client
Page 14 of 46
Domain Name
project
project
Password
cisco
cisco
GenevaS2
GenevaS3
GenevaS4
GenevaS5
GenevaS6
GenevaS7
GenevaS8
GenevaS9
Distribution 2
Access 1
Access 2
Access 3
Access 4
access 5
access 6
access 7
Client
Client
Client
Client
Client
Client
Client
Client
Table10: Switzerland VTP

table
Page 15 of 46
project
project
project
project
project
project
project
project
cisco
cisco
cisco
cisco
cisco
cisco
cisco
cisco
2.1.2 France Paris Branch
Departmen
t name
Need
ed
size
5
Network
address
Assignable
range
Broadcas
t
address
CID
R
172.16.2.6
4
172.16.2.65 172.16.2.78
172.16.2.79
/28
Marketing
10
172.16.1.2
08
172.16.1.209 172.16.1.222
172.16.1.22
3
/28
255.255.255.240
20
Accounting
172.16.2.4
8
172.16.2.49 172.16.2.62
172.16.2.63
/28
255.255.255.240
30
IT
10
172.16.1.1
92
172.16.1.193 172.16.1.206
172.16.1.20
7
/28
255.255.255.240
40
Administra
tion
10
172.16.1.1
76
172.16.1.177 172.16.1.190
172.16.1.19
1
/28
255.255.255.240
50
Other
15
172.16.1.6
4
172.16.1.65 172.16.1.94
172.16.1.95
/27
255.255.255.224
70
Native
Vlans
172.16.2.8
0
172.16.2.81 172.16.2.94
172.16.2.95
/28
Manageme
nt
Table11: France IP
addresses
Subnet mask
255.255.255.240
99
255.255.255.240
Device
Interface or
sub-interface
Ip address
Subnet mask
ParisR1
Fa0/0.10
172.16.2.65
Fa0/0.20
172.16.1.209
Fa0/0.30
172.16.2.49
Fa0/0.40
172.16.1.193
Fa0/0.50
172.16.1.177
Fa0/0.70
172.16.1.65
Fa0/0.99
172.16.2.81
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.22
4
255.255.255.24
0
Page 16 of 46
Vlan
num
ber
10
Default
gateway
Serial0/0/0.201
172.16.3.126
Serial0/0/0.23
172.16.3.149
Serial0/0/0.204
172.16.3.153
Serial0/0/0.205
172.16.3.157
Serial0/0/0.206
172.16.3.161
Serial0/0/0.207
172.16.3.165
ParisS1 Core
Vlan 99
172.16.2.82
ParisS2
Distribution 1
ParisS3
Distribution 2
ParisS4 Access
1
ParisS5 Access
2
ParisS6 Access
3
PC(Marking)
Vlan 99
172.16.2.83
Vlan 99
172.16.2.84
Vlan 99
172.16.2.85
Vlan 99
172.16.2.86
Vlan 99
172.16.2.87
NIC
172.16.1.222
PC
NIC
(Administration)
PC(Management NIC
)
PC( IT)
NIC
172.16.1.190
PC (Accounting)
NIC
172.16.2.62
PC (others)
NIC
172.16.1.94
172.16.2.78
172.16.1.206
Device Name
ParisS1
ParisS2
ParisS3
ParisS4
ParisS5
ParisS6
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.22
4
Mode
Core
Distribution 1
Distribution 2
Access 1
Access 2
Access 3
Server
Client
Client
Client
Client
Client
Domain Name
project
project
project
project
project
project
Table12: France devices IP

addresses
Page 17 of 46
Table13: France VTP
172.16.2.81
172.16.2.81
172.16.2.81
172.16.2.81
172.16.2.81
172.16.2.81
172.16.1.209
172.16.1.177
172.16.2.65
172.16.1.193
172.16.2.49
172.16.1.65
Password
cisco
cisco
cisco
cisco
cisco
cisco
2.1.3 China Beijing Branch
Department
name
Ne
ed
ed
siz
e
5
Network
address
Assignable Broadcas
range
t
address
CID
R
172.16.2.96
172.16.2.97 172.16.2.110
72.16.2.111
/28
Marketing
20
172.16.1.0
172.16.1.1 172.16.1.30
172.16.1.31
/27
255.255.255.224
20
Accounting
10
172.16.1.224
172.16.1.23
9
/28
255.255.255.240
30
IT
10
172.16.1.240
172.16.1.25
5
/28
255.255.255.240
40
Administrati
on
20
172.16.0.224
172.16.0.25
5
/27
255.255.255.224
50
Other
15
172.16.1.96
172.16.1.225
172.16.1.238
172.16.1.241
172.16.1.254
172.16.0.225
172.16.0.254
172.16.1.97 172.16.1.126
172.16.1.12
7
/27
255.255.255.224
70
Native
Vlans
172.16.2.32
172.16.2.33 172.16.2.46
172.16.2.47
/28
Managemen
t
Table14: China IP
addresses
Ip address
Device
Interface or
sub-interface
BeijingR1
Fa0/0.10
172.16.2.97
Fa0/0.20
172.16.1.1
Fa0/0.30
172.16.1.255
Fa0/0.40
172.16.1.241
Fa0/0.50
172.16.0.255
Fa0/0.70
172.16.1.97
Page 18 of 46
Subnet mask
255.255.255.240
Vlan
num
ber
10
99
255.255.255.240
Subnet mask
255.255.255.24
0
255.255.255.22
4
255.255.255.24
0
255.255.255.24
0
255.255.255.22
4
255.255.255.22
4
Default
gateway
Fa0/0.99
172.16.2.40
S0/1/0.601
172.16.3.130
S0/1/0.602
172.16.3.162
S0/1/0.603
172.16.3.169
S0/1/0.604
172.16.3.173
S0/1/0.605
172.16.3.177
S0/1/0.607
172.16.3.181
Beijing S1 Core
Vlan 99
172.16.2.33
Beijing S2
Distribution 1
Beijing S3
Distribution 2
Beijing S4
Access 1
Beijing S5
Access 2
Beijing S6
Access 3
Beijing S7
Access 4
PC1 (Marking)
Vlan 99
172.16.2.34
Vlan 99
172.16.2.35
Vlan 99
172.16.2.36
Vlan 99
172.16.2.37
Vlan 99
172.16.2.38
Vlan 99
172.16.2.39
NIC
172.16.1.30
PC 2
NIC
(Administration)
PC 3
NIC
(Management)
PC 4 ( IT)
NIC
172.16.0.254
PC 5
(Accounting)
PC 6(others)
NIC
172.16.1.238
NIC
172.16.1.126
Device Name
172.16.2.86
172.16.1.254
Mode
255.255.255.24
0
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.25
2
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.22
4
255.255.255.22
4
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.22
4
Domain Name
project
project
project
Table15: China
devices IP
Server
addresses Client
Beijing S1 Core
Beijing S2 Distribution 1
Beijing S3 Distribution 2
Client
Page 19 of 46
172.16.2.40
172.16.2.40
172.16.2.40
172.16.2.40
172.16.2.40
172.16.2.40
172.16.2.40
172.16.1.1
172.16.0.255
172.16.2.97
172.16.1.241
172.16.1.255
172.16.1.97
Password
cisco
cisco
cisco
Beijing
Beijing
Beijing
Beijing
S4
S5
S6
S7
Access
Access
Access
Access
Client
Client
Client
Client
1
2
3
4
project
project
project
project
cisco
cisco
cisco
cisco
2.1.4 South Africa Cape Town Branch
Department
name
Managemen
t
Device
Ne
ed
ed
siz
e
3
Network
address
Assignable Broadcas
range
t
address
Table16: China VTP

table
172.16.2.240
Marketing
172.16.2.16
Accounting
172.16.2.112
IT
172.16.2.128
Administrati
on
172.16.2.0
Other
172.16.2.248
Native Vlans 6
172.16.2.224
Interface or
sub-interface
CID
R
Subnet mask
172.16.2.241
172.16.2.246
172.16.2.17 172.16.2.30
172.16.2.24
7
/29
172.16.2.31
/28
255.255.255.240
172.16.2.113
172.16.2.126
172.16.2.129
172.16.2.142
172.16.2.1 172.16.2.14
172.16.2.12
7
/28
255.255.255.240
172.16.2.14
3
/28
255.255.255.248
172.16.2.15
/28
255.255.255.240
172.16.2.249
172.16.2.254
172.16.2.225
172.16.2.230
172.16.2.25
5
/29
255.255.255.248
172.16.2.23
1
/29
Ip address
Page 20 of 46
Table17: South Africa IP
Subnet mask
255.255.255.248
255.255.255.248
Default
gateway
CapTownR1
Fa0/0.10
172.16.2.241
Fa0/0.20
172.16.2.17
Fa0/0.30
172.16.2.113
Fa0/0.40
172.16.2.129
Fa0/0.50
172.16.2.1
Fa0/0.70
172.16.2.249
Fa0/0.99
172.16.2.225
S0/1/0.301
172.16.3.134
255.255.255.24
8
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
0
255.255.255.24
8
255.255.255.24
8
255.255.255.252
S0/1/0.302
172.16.3.150
255.255.255.252
S0/1/0.304
172.16.3.185
255.255.255.252
S0/1/0.305
172.16.3.189
255.255.255.252
S0/1/0.306
172.16.3.170
255.255.255.252
S0/1/0.307
172.16.3.193
255.255.255.252
Vlan 99
172.16.2.226
Vlan 99
172.16.2.227
Vlan 99
172.16.2.228
Vlan 99
172.16.2.229
Vlan 99
172.16.2.230
NIC
172.16.2.30
PC
NIC
(Administration)
PC(Management NIC
)
PC( IT)
NIC
172.16.2.14
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
8
255.255.255.24
0
255.255.255.24
0
255.255.255.24
8
255.255.255.24
0
CapTownS1
Core
CapTownS2
Distribution 1
CapTownS3
Distribution 2
CapTownS4
Access 1
CapTownS5
Access 2
PC(Marking)
172.16.2.246
172.16.2.142
Page 21 of 46
172.16.2.225
172.16.2.225
172.16.2.225
172.16.2.225
172.16.2.225
172.16.2.17
172.16.2.1
172.16.2.241
172.16.2.129
PC (Accounting)
NIC
172.16.2.126
PC (others)
NIC
172.16.2.254
255.255.255.24
0
255.255.255.24
8
172.16.2.113
172.16.2.249
Device Name
Mode Africa devices

Domain
Name
Table18: South
IP
Server
project
CapTownS1 Coreaddresses
CapTownS2
1
CapTownS3
2
CapTownS4
CapTownS5
Distribution
Client
project
Password
cisco
cisco
Distribution
Client
project
cisco
Access 1
Access 2
Client
Client
project
project
cisco
cisco
2.1.5 Bahrain Manama Branch
Department
name
Broadcas
t
address
CID
R
Managemen
t
Ne Network
Assignable
address
ed
range
ed
siz
e Table19: South Africa VTP
table
2
172.16.3.40
172.16.3.41 172.16.3.46
172.16.3.47
/29
Marketing
172.16.3.48
172.16.3.49 172.16.3.54
172.16.3.55
/29
255.255.255.248
Accounting
172.16.3.24
172.16.3.25 172.16.3.30
172.16.3.31
/29
255.255.255.248
IT
172.16.3.32
172.16.3.33 172.16.3.38
172.16.3.39
/29
255.255.255.248
Administrati
on
172.16.2.144
172.16.2.15
9
/28
255.255.255.240
Other
172.16.3.56
172.16.2.145
172.16.2.158
172.16.3.57 172.16.3.62
172.16.3.63
/29
255.255.255.248
172.16.3.1 172.16.3.6
172.16.3.7
/29
Native Vlans 5
172.16.3.0
Page 22 of 46
Subnet mask
255.255.255.248
255.255.255.248
Device
Interface or
sub-interface
Ip address
Subnet mask
Default gateway
ManamaR1
Fa0/0.10
172.16.3.41
255.255.255.248
Fa0/0.20
172.16.3.49
255.255.255.248
Fa0/0.30
172.16.3.25
255.255.255.248
Fa0/0.40
172.16.3.33
255.255.255.248
Fa0/0.50
172.16.2.145
255.255.255.240
Fa0/0.70
172.16.3.57
255.255.255.248
Fa0/0.99
172.16.3.1
255.255.255.248
Serial0/1/0.401
172.16.3.138
255.255.255.252
Serial0/1/0.402
172.16.3.154
255.255.255.252
Serial0/1/0.403
172.16.3.186
255.255.255.252
Serial0/1/0.405
172.16.3.197
255.255.255.252
Serial0/1/0.406
172.16.3.174
255.255.255.252
Serial0/1/0.407
172.16.3.201
255.255.255.252
ManamaS1 Core
Vlan 99
172.16.3.2
255.255.255.248
172.16.3.1
ManamaS2Distri
Vlan 99
172.16.3.3
255.255.255.248
172.16.3.1
Vlan 99
172.16.3.4
255.255.255.248
172.16.3.1
Vlan 99
172.16.3.5
255.255.255.248
172.16.3.1
NIC
172.16.3.54
255.255.255.248
172.16.3.49
172.16.2.158
255.255.255.240
172.16.2.145
172.16.3.46
255.255.255.248
172.16.3.41
172.16.3.38
255.255.255.248 172.16.3.33
172.16.3.30
255.255.255.248 172.16.3.25
bution 1
ManamaS3
Distribution 2
ManamaS4Acces
s1
PC1 (Marking)
PC 2
NIC
(Administration)
PC 3
NIC
(Management)
PC 4 ( IT)
NIC
PC 5
(Accounting)
NIC
Table20: Bahrain IP
addresses
Page 23 of 46
PC 6(others)
NIC
Device Name
172.16.3.62
255.255.255.248
Table21: Bahrain devices IP

Mode
addresses
ManamaS1 Core
ManamaS2Distribution 1
ManamaS3 Distribution 2
ManamaS4Access 1
Server
Client
Client
Client
Domain Name
project
project
project
project
172.16.3.57
Password
cisco
cisco
cisco
cisco
2.1.6 Canada Montreal
Department
name
Ne
ed
ed
siz
e
2
Network
address
172.16.3.64
172.16.3.65 172.16.3.70
172.16.3.71
/29
Marketing
172.16.2.192
172.16.2.20
7
/28
255.255.255.240
20
Accounting
172.16.2.160
172.16.2.17
5
/28
255.255.255.240
30
IT
172.16.3.8
172.16.2.193
172.16.2.206
172.16.2.161
172.16.2.174
172.16.3.9 172.16.3.14
172.16.3.15
/29
255.255.255.248
40
Administrati
on
172.16.2.176
172.16.2.19
1
/28
255.255.255.240
50
Other
172.16.2.208
172.16.2.23
9
/28
255.255.255.240
70
Native
Vlans
172.16.2.232
172.16.2.177
172.16.2.190
172.16.2.225
172.16.2.238
172.16.2.233
172.16.2.238
172.16.2.23
9
/29
Managemen
t
Assignable Broadcas
range Bahrain tVTP
Table22:
address
table
Table23: Canada IP
addresses
Page 24 of 46
CID
R
Subnet mask
255.255.255.248
Vlan
num
ber
10
99
255.255.255.248
Device
Interface or
sub-interface
Ip address
Subnet mask
Default gateway
MontrealR1
Fa0/0.10
172.16.3.65
255.255.255.248
Fa0/0.20
172.16.2.193
255.255.255.240
Fa0/0.30
172.16.2.161
255.255.255.240
Fa0/0.40
172.16.3.9
255.255.255.248
Fa0/0.50
172.16.2.177
255.255.255.240
Fa0/0.70
172.16.2.209
255.255.255.240
Fa0/0.99
172.16.2.233
255.255.255.248
S0/1/0.701
172.16.3.142
255.255.255.252
S0/1/0.702
172.16.3.166
255.255.255.252
S0/1/0.703
172.16.3.194
255.255.255.252
S0/1/0.704
172.16.3.202
255.255.255.252
S0/1/0.705
172.16.3.205
255.255.255.252
S0/1/0.706
172.16.3.182
255.255.255.252
MontrealS1 Core
Vlan 99
172.16.2.234
255.255.255.248
172.16.2.233
MontrealS2
Vlan 99
172.16.2.235
255.255.255.248
172.16.2.233
MontrealS3
Vlan 99
172.16.2.236
255.255.255.248
172.16.2.233
Distribution 2
MontrealS4Acces
s1
Vlan 99
172.16.2.237
255.255.255.248
172.16.2.233
MontrealS5
access 2
Vlan 99
172.16.2.238
255.255.255.248
172.16.2.233
PC(Marking)
NIC
172.16.2.206
255.255.255.240
172.16.2.193
PC
NIC
(Administration)
PC
NIC
(Management)
PC ( IT)
NIC
172.16.2.190
255.255.255.240
172.16.2.177
172.16.3.70
255.255.255.248
172.16.3.65
172.16.3.14
255.255.255.248
172.16.3.9
Distribution 1
Page 25 of 46
PC (Accounting)
NIC
172.16.2.174
255.255.255.240
172.16.2.161
PC (others)
NIC
172.16.2.222
255.255.255.240
172.16.2.209
Device Name
Table24: Canada devices IP

Mode
addresses
MontrealS1 Core
MontrealS2 Distribution 1
MontrealS3 Distribution 2
MontrealS4Access 1
MontrealS5 access 2
Server
Client
Client
Client
Client
Domain Name
project
project
project
project
project
Password
cisco
cisco
cisco
cisco
cisco
2.1.7 UAE Dubai Branch
Department
name
Managemen
t
Ne
ed
ed
siz
e
1
Network
address
Assignable Broadcas
range
t
address
CID
R
Subnet mask
Table25: Canada VTP

table
172.16.3.104
172.16.3.105
172.16.3.110
172.16.3.97 172.16.3.102
172.16.3.11
1
/29
172.16.3.10
3
/29
255.255.255.248
255.255.255.248
Marketing
172.16.3.96
Accounting
172.16.3.72
172.16.3.73 172.16.3.78
172.16.3.79
/29
255.255.255.248
IT
172.16.3.88
172.16.3.89 172.16.3.94
172.16.3.95
/29
255.255.255.248
Administrati
on
172.16.3.80
172.16.3.81 172.16.3.86
172.16.3.87
/29
255.255.255.248
Other
172.16.3.112
172.16.3.113
172.16.3.118
172.16.3.17 172.16.3.22
172.16.3.11
9
/30
255.255.255.248
172.16.3.23
/29
Native Vlans 5
172.16.3.16
Page 26 of 46
255.255.255.248
Device
Interface or
sub-interface
Ip address
Page 27 of 46
Subnet mask
Default gateway
DubaiR1
Fa0/0.10
172.16.3.105
Fa0/0.20
172.16.3.97
Fa0/0.30
172.16.3.73
Fa0/0.40
172.16.3.89
Fa0/0.50
172.16.3.81
Fa0/0.70
172.16.3.113
Fa0/0.99
172.16.3.17
S0/1/0.501
172.16.3.146
S0/1/0.502
172.16.3.158
S0/1/0.503
172.16.3.190
S0/1/0.504
172.16.3.198
S0/1/0.506
172.16.3.178
S0/1/0.507
172.16.3.206
DubaiS1 Core
Vlan 99
172.16.3.18
DubaiS2
Distribution 1
DubaiS3
Distribution 2
DubaiS4 Access
1
PC (Marking)
Vlan 99
172.16.3.19
Vlan 99
172.16.3.20
Vlan 99
172.16.3.21
NIC
172.16.3.102
PC
NIC
(Administration)
PC
NIC
(Management)
PC ( IT)
NIC
PC (Accounting)
NIC
Table26: UAE IP
addresses
172.16.3.86
172.16.3.110
172.16.3.94
172.16.3.78
Page 28 of 46
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
52
255.255.255.2
52
255.255.255.2
52
255.255.255.2
52
255.255.255.2
52
255.255.255.2
52
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
255.255.255.2
48
172.16.3.17
172.16.3.17
172.16.3.17
172.16.3.17
172.16.3.97
172.16.3.81
172.16.3.105
172.16.3.89
172.16.3.73
PC (others)
NIC
172.16.3.118
255.255.255.2
Table23: Canada IP
48
addresses
Table27: UAE devices IP
Device Name
Mode
Domain Name
addresses
DubaiS1
DubaiS2
DubaiS3
DubaiS4
Core
Distribution 1
Distribution 2
Access 1
Server
Client
Client
Client
project
project
project
project
172.16.3.113
Password
cisco
cisco
cisco
cisco
2.2 Appropriate routing protocol

The routing protocol Open Shortest Path First(OSPF) has been selected for
the networkto allow routers to communicate with each other because of
several reasons. Firstly, Global Insurance Services (GIS) Company is a big
UAEtherefore
VTP
network which consists of 7Table28:
branches
OSPF is suitable because it
table
scales very well to large networks. In addition, it supports VLSM which has
been used for the addressing scheme. Moreover, OSPF works in reducing
the flooding traffic by only sending the changes instead of the entire
routing table. Besides that, OSPF selects the path by calculating the cost
taking the bandwidth of the link into considerationwhich makes it more
efficient(Bryant, 2008). The capture below shows the OSPF configuration
on Geneva router.
Figure 2: OSPF configuration on
Page 29 of 46
2.3 Banners configuration

Proper logon banners have been configured on the devices. The banner
Message of the Day (MOTD) will be displayed once anyone enters the
device to show that only authorized users are allowed. As well, Login
banners will be configured on routers to display the name of the router.
MOTD banners will be configured on the routers and the switches while
Login banners will be configured on the routers only ( Tetz ). The capture
below shows the banners configuration of Geneva router.
2. Step 3: Security and Redundancy

Figure 3: banners configuration on
3.1 Security
To avoid security issues, several mechanisms have been used to protect the
devices and users.
3.1.1 Port Security
Using port security enables the company to define a list of Mac addresses that
are permitted to access the port. This will limit the access to the port and restrict
unauthorized devices from accessing it. The advantage of the port security is
that when a device is trying to access the port and its MAC address is not exist
within the MAC addresses list, a security violation action is taken like shutdown
the port. There are three types of secure MAC address which are: static, dynamic
and sticky(Polytechnic IT Team, PowerPoint slides).
Page 30 of 46
To enhance the security of Global Insurance Services (GIS) Company and prevent
unauthorized access, the switches have been configured with the secure sticky
MAC address. The reason behind choosing this type is the address can be
dynamically learned and added to the MAC addresses table. It can be also added
manually. Better yet, the configuration is stored in the running configuration
(NVRAM) which means it will not be lost after reload(Polytechnic IT Team,
PowerPoint Slides). GIS Company has configured port security on the switches
interfaces with a maximum number of two MAC addresses only to prevent the
access of strange devices.
Figure 3: Port security configuration on Geneva
Page 31 of 46
3.1.2 Passwords
To impose a high level security on the company devices, passwords have been
configured on the routers and switches. For privileged EXEC mode, an encrypted
password has been configured. The purpose of this password is to prevent access
to the privileged EXEC mode without typing the configured password. In addition,
line console and line vty passwords have been configured for all switches and
routers. This measure will also deny access from line console or line vty without
entering the configured password. The capture below shows the configured
passwords for privileged EXEC mode, line console and line VTY on Geneva router.
Figure 4: enable Privileged EXEC mode
Figure 5: line console

and line vty
Page 32 of 46
2. Redundancy
To ensure the availability of the network and protect it from single points of
failure, the company will provide multiple paths for the data. In other words, the
company will put more cross over cables between the switches to provide
alternative paths besides more switches. Moreover, the company has designed
the topology as a Hierarchical Network which consists of three layers: core,
distribution and access to increase the redundancy and the performance. The
capture below shows the redundancy at Switzerland branch.
Figure 6: Redundancy in Switzerland
2.1 Spanning Tree Protocol (STP)

Although the redundancy is important to ensure the availability on one hand, on
the other hand, it causes layer 2 loops and leads to broadcast storms and
duplicate unicast frames. To prevent the loops, the company decided to enable
STP on the network.
Spanning Tree Protocol (STP) is a protocol that preventsthe loops on the network
by opening only one logical path for the packets to traverse through it and
blocking the other path. If one of the paths fails, it automatically unblocks the
backup path to permit the packets to traverse through it. To achieve this, STP
uses Spanning Tree Algorithm (STA) to decide which ports will be in blocking
status while others in forwarding status. This algorithm depends on an election
process to assign a switch as the root bridge and assign the ports as root ports,
designated ports and non-designated ports. The election process is controlled by
the Bridge ID which consists of the switch MAC address besides the bridge
priority. The switch with the lowest MAC address will be considered as the root
bridge (Polytechnic IT Team - PowePoint slides - STP, 2013).
Page 33 of 46
Page 34 of 46
4. Step 4: Wireless Access

Each site of the company will have wireless access and fixed wire
access.By providing a wireless router in each location,users will be able to
connect to the Internet from their personal laptops and tablets and this will
provide mobility. Better yet, having a wireless access decreases the number of
needed cables in each location and this will decrease the cost. For sending and
receiving data, WLAN uses radiofrequency instead of the cables in the physical
layer. For security reasons to control who can access the wireless access point
the company configured WEP security mode and set a password. In the
implementation process the company implemented the wireless access only at
one site
which is
Geneva
branch. The
captures
below show
the
Wireless
configuration of Geneva branch.
Figure7: WAN IP address configuration in Switzerland

Page 35 of 46
Figure8: LAN IP address configuration in Switzerland
Figure9: Security configuration in Switzerland
5. Step 5: Encapsulation method PPP-CHAP

In order to implement connection between GIS (Geneva) and European
Internet Exchange (EIX) to provide an internet service, an encapsulation method
has been selected. The company decided to use Point-to-Point (PPP)
encapsulation method.
Page 36 of 46
There are several reasons that leaded the company to use this method.
Firstly, PPP protocol operates on multi-vendor devices, therefore it will be suitable
for any type of devices. Moreover, it supports authentication option which allows
two routers to exchange authentication messages. It provides two authentication
protocols which are: Password Authentication Protocol (PAP) and Challenge
Handshake Authentication Protocol (CHAP). In addition, PPP supports data
compression option which decreases the data size and then decompresses the
data at the destination. The compression option will increase the network
performance. Besides, one of PPP components is Network Control Protocols
(NCPs) which are useful to establish and configure various network layer
protocols. These protocols are located between the data link layer and the
network layer to permit the network layer protocols to work on the same
communications links ("Point-to-point protocol," 2013).
For authentication, the company decided to use Challenge Handshake
Authentication Protocol (CHAP) because it is more secure. CHAP uses three-way
handshake which involves sending challenge/response messages. These
messages will be sent again during the connection at random periods to verify
that the peer is still there.
Figure10: PPP-CHAP configuration on
Page 37 of 46
Figure11: PPP-CHAP configuration on EIX
6. Step 6: Frame Relay and PVCs

In order to connect all the branches with each other effectively
through the internet, Wide Area Network (WAN) technology must be
implemented using one of the WAN data link protocols. For this purpose,
the company purchased Frame Relay protocol to cater the requirements.
Frame Relay is one of the most popular WAN private packet switched
protocols which provides Permanent Virtual Circuits (PVCs). The advantage
of PVC is it allows different sites of the company to connect and exchange
data easily on the Frame Relay cloud ("Frame relay," ). Another advantage
is that it is inexpensive because the branch needs to pay only for the link
between the router and the nearest frame switch. The lower cost makes
Frame Relay a suitable choice for Global Insurance Services Company
because it consists of several branches that need to be connected over
distance. Moreover, one of its features is scalability, which simplifies the
network expansion and makes it easier.Furthermore, Frame Relay uses
Data Link Connection Identifier (DLCI) to identify the packets and create PVCs
between the routers. The company has created full mesh topology by
connecting all the routers with each other. This type of topology will
increase the redundancy and fault tolerance because if one of the links
fails, there are other paths for the packet to reach the destination. The
captures below show the frame configurations (Horton).
Page 38 of 46
Figure12: Frame Relay configuration for
Page 39 of 46
Figure13: The capture above show an example of Frame Relay

configuration on Serial 0 only
7. Step 7: Network Address Translation (NAT)/Port

Address Translation (PAT)
To allow the devices to connect to the internet, the IP addresses should be
translated from private IP addresses to public IP addresses. In order to achieve
this, Network Address Translation (NAT) has been implemented at the Geneva
gateway router which is connected to EIX.
Network Address Translation (NAT) is a technique that converts the internal IP
addresses of the clients to an external address and converts the external
addresses to internal addresses. There are two methods to implement the NAT
which are: dynamic mapping and static mapping. The dynamic mapping maps
the local addresses dynamically to a pool of local addresses. The static mapping
is one to one mapping which assigns a global address to each local address.
The NAT configuration is required in the company to translate the IP addresses of
users that have permission to access the Internet. The public IP address range
that assigned to the serial link between Geneva and EIX will be used to give the
packets a public IP address.
Page 40 of 46
8. Step 8: Access
Control Lists (ACLs)
Figure14: NAT configuration on
To increase the security

of therouter
company and set rules on the network, Access
Geneva
Control Lists (ACLs) have been configured on the routers in each branch. The ACL
is a sequential list that includes permit and deny statements to control the
incoming and outgoing packets. It can be applied for IP addresses and upperlayer protocols (Polytechnic IT Team - PowePoint slides - ACLs, 2013).
8.1
Access lists for Switzerland branch
The first access list has been designed as a standard for the NAT which will give
permissions to the whole network 172.16.0.0/16.
The second access list was designed as an extended access list and will be
closest to the source of the traffic denied.. This access list will allow the Internet
to access the servers of Geneva branch for email and Internet traffic only but
deny access to all other parts of the network.
The third access list is extended. It permits the IT staff only to access the device
through SSH and then deny all other branches to access devices through SSH.
After that, it will permit other users to access the servers but deny them from
accessing everything on the network 172.16.0.0/16 and permit them to access
the Internet. It will permit the administration staff to access the network
172.16.0.0/16 and to access servers. Then it will deny administration users from
accessing any which will deny them to access the Internet.
Page 41 of 46
ip access-list standard GISNETWORK

permit 172.16.0.0 0.0.255.255
ip access-list extended GENEVA
permit tcp 172.16.1.32 0.0.0.31 any eq 22
deny tcp any any eq 22
permit ip 172.16.0.128 0.0.0.31 150.3.1.0 0.0.0.15
deny ip 172.16.0.128 0.0.0.31 172.16.0.0 0.0.255.255
permit ip 172.16.0.128 0.0.0.31 any
permit ip 172.16.0.0 0.0.0.63 172.16.0.0 0.0.255.255
permit ip 172.16.0.0 0.0.0.63 150.3.1.0 0.0.0.15
deny ip 172.16.0.0 0.0.0.63 any
permit ip any any
ip access-list extended SERVERS
permit tcp any 150.3.1.0 0.0.0.15 eq www
permit tcp any 150.3.1.0 0.0.0.15 eq pop3
permit tcp any 150.3.1.0 0.0.0.15 eq smtp
deny ip any 150.3.1.0 0.0.0.15
permit ip any any
5.1
Access list for other branches
The access lists for other branches are the same except the IP addresses are
different. The access list is extended. It permits the IT staff only to access the
device through SSH and then deny all other branches to access devices through
SSH. After that, it will permit other users to access the servers but deny them
from accessing everything on the network 172.16.0.0/16 and permit them to
access the Internet. It will permit the administration staff to access the network
172.16.0.0/16 and to access servers. Then it will deny administration users from
accessing any which will deny them to access the Internet.
ip access-list extended FRANCE
permit tcp 172.16.1.192 0.0.0.15 any eq 22
deny tcp any any eq 22
permit ip 172.16.1.64 0.0.0.31 150.3.1.0 0.0.0.15
deny ip 172.16.1.64 0.0.0.31 172.16.0.0 0.0.255.255
permit ip 172.16.1.64 0.0.0.31 any
permit ip 172.16.1.176 0.0.0.15 172.16.0.0 0.0.255.255
permit ip 172.16.1.176 0.0.0.15 150.3.1.0 0.0.0.15
deny ip 172.16.1.176 0.0.0.15 any
Page 42 of 46
permit ip any any
Page 43 of 46
6. Step 9: IPv6
For the future, the company will need to update its network to be compatible
with IPv6 which is the latest revision of Internet Protocol (IP). As the company
may expand in the future, it will need to switch to IPv6 which provides IP address
space larger than IPv4. Within this section, recommendations will be given on
how IPv6 will be implemented on the LAN and the WAN connections. In addition,
it will present the differences between implementing routing protocol for IPv4
and IPv6.
IPv4 and IPv6 protocols are not compatible; therefore the company will not be
able to straightforward switchover to IPv6. Because the company is already using
IPv4, it will need to use transition mechanism. The best option for the company is
using Dual Stack which is a method that involves running both IPv4 and IPv6 at
the same time (Polytechnic IT Team - PowePoint slides, 2013). GIS Company will
use tunneling to allow IPv4 to communicate with IPv6 and encapsulates the
packets of IPv6 within IPv4 packets ("Ipv6 tunnel through," 2006). Each device in
each branch in LAN will have two protocol stacks configurations on the interface.
As IPv4, IPv6 has similar routing protocols to allow routers to communicate with
each other. Despite the similarities, the routing protocols of IPv6 aremore
sophisticated besides the implementing process is quietly different. When
configuring the routing protocol for IPv6, routing process must be created firstly.
Then the routing process must be enabled on the interfaces ("Implementing ospf
for," 2011). For the future, the company will use the routing protocol OSPFv3 to
support IPv6. Although OSPF version 2 and version 3 are similar, there are
important differences. In OSPFv3 the interface must be directly enabled by
typing the commands in interface configuration mode whereas in OSPFv2, the
interface indirectly enabled because the commands are typed in router
configuration mode. Another difference is that OSPFv3 supports multiple
instances of OSPF per link ("Ospfv2 versus ospfv3," 2010).
Conclusion
To conclude, Global Insurance Services Company (GIS) implemented the network
topology that is effective with the entire seven sites network the computers,
switches and Routes from different sites can ping. Thus, the ping is successful
between the computer and the wireless router in Geneva to connect to the
internet because GIS implemented NAT between EIX and GIS (Geneva) routers to
allow the connection provided by the internet service with the internal and
external network, secondly, configured Frame-Relay (FR) to connect both inside
and outside network,OSPF and CHAP.Thirdly, GIS configured access list to
restrict certain network access ,fourthly, for security reasons, all GIS routers
Page 44 of 46
have Encrypted passwords and the network is disrupted into different VLANS. In
addition email and web Servers are implemented in Geneva site.Finally, GIS in
future will need to update the network so it is compatible with IPV6.The Company
recommended Dual Stack to be implemented on WAN and LAN.
Page 45 of 46
Reference List
Benefits of vlans.(n.d.). Retrieved from
http://my.safaribooksonline.com/book/certification/ccna/9780470489628/virtuallocal-area-networks-vlans/benefits_of_vlans
Bryant, C. (2008, July 14). Free cisco ccna training: Advantages of ospf. Retrieved
from http://blog.pluralsight.com/videos/free-cisco-ccna-trainingadvantages-of-ospf
Frame relay. (n.d.). Retrieved from http://www.protocols.com/pbook/frame.htm
Horton, D. (n.d.). Wan design with frame relay. Retrieved from http://www.happymonkey.net/papers/frame-relay-paper.pdf
Implementing ospf for ipv6. (2011, July 25). Retrieved from
http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6ospf_xe.html
Tetz , E. (n.d.). Router banner configuration. Retrieved from
http://www.dummies.com/how-to/content/router-banner-configuration.html
IT Team. (n.d.). Chapter_2_switches_part_ii.pptx.(Master's thesis, Bahrain
Polytechnic).
Ip version 6 addressing architecture.(2006, February). Retrieved from

https://tools.ietf.org/html/rfc4291
Ospfv2 versus ospfv3. (2010, March 2). Retrieved from
http://packetlife.net/blog/2010/mar/2/ospfv2-versus-ospfv3/
Point-to-point protocol. (2013, December 14). Retrieved from

http://en.wikipedia.org/wiki/Point-to-point_protocol
Polytechnic IT Team - PowePoint slides. (2013). Ipv6. (Master's thesis,
Bahrain Polytechnic).
Polytechnic IT Team - PowePoint slides. (2013). Stp. (Master's thesis,
Bahrain Polytechnic).
Polytechnic IT Team - PowePoint slides - ACLs. (2013).Acls. (Master's
thesis, Bahrain Polytechnic).
Page 46 of 46

Class002 - 201200394-201000327-201000542

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Class002 - 201200394-201000327-201000542

Enviado por

Direitos autorais:

Formatos disponíveis

Individual Assessment Cover Sheet

Networking and Data Communications 2

Taiba Husain - Fatima Muhasien- ReemAlattar

201200394 201000327 201000542

By submitting this assessment for marking, either electronically or as

This assignment is my own work

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Step 2: IP Version 4 Addressing Scheme..............................................................10

Switzerland - Geneva Branch............................................................10

France Paris Branch........................................................................13

China Beijing Branch......................................................................15

South Africa Cape Town Branch......................................................16

Bahrain Manama Branch................................................................18

UAE Dubai Branch..........................................................................22

Appropriate routing protocol...................................................................24

Step 3: Security and Redundancy..................................................................26

Step 4: Wireless Access.................................................................................29

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Step 5: Encapsulation method PPP-CHAP......................................................29

Step 6: Frame Relay and PVCs.......................................................................31

Step 7: Network Address Translation (NAT)/Port Address Translation (PAT). . .32

Step 8: Access Control Lists (ACLs)...............................................................32

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

1.2 VLANs for each branch

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Table2: France VLANs

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

This VLAN is created for

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

This VLAN is to allow the

Table4: South Africa

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

accounting staff because they

1.2.7 UAE Dubai Branch

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

each other or with the router on

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Step 2: IPv 4 Addressing Scheme

2.1 Implement a private IPv4 addressing scheme

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Interface or subIp address

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Table10: Switzerland VTP

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

2.1.2 France Paris Branch

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Table12: France devices IP

Table13: France VTP

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

2.1.3 China Beijing Branch

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

2.1.4 South Africa Cape Town Branch

Table16: China VTP

Table17: South Africa IP

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Reem Ali 201000542, Taiba Husain 201200394, Fatima Muhasien 201000327

Mode Africa devices

2.1.5 Bahrain Manama Branch