Escolar Documentos
Profissional Documentos
Cultura Documentos
By
TECHNOLOGY
UNIVERSITY OF HARGEISA
2017
I
CERTIFICATE OF ORIGINALITY
We hereby declare that this report, submitted to the College of Computing and
Information Technology of the University of Hargeisa as a partial fulfillment of the
requirements for the Bachelor of Science Information Technology has not been submitted
as an exercise for a degree at any other university. We also certify that the work described
here is entirely our own except for excerpts and summaries whose sources are
appropriately cited in the references.
This report may be made available within the university library for the purposes of
consultation.
10-07-2017
Signature ______________________
II
APPROVAL SHEET
This is to certify that this project report entitled “Design of local area network (LAN)
University of Hargeisa during the academic year 2016-2017 has been accepted.
Supervisor: ………………………………
Signature: …………………….
Date: ………………………
III
DEDICATION
We dedicated this work to our supervisor who was always our side to help us to complete
our project. Mr.Abdirahman Ismail Abdi without his assistance this project would
never been accomplished we would like to thank u very much for your support.
We would like to dedicate too to our parents and our dearly loved families and our helpful
IV
ACKNOWLEDGEMENT
First and foremost in the name of Allah the most compassionate and the most merciful, all
praises to Allah that without ALLAH everything would not be possible and giving us the
Mr.Abdirahmaan Ismail Abdi for his valuable advice, which is always available when we need
it; for his confidence on us, which left us a lot of imaginations and self-development; and for his
time commitments, without which this work would never be achieved and who provided valuable
inputs for the developments and production of this project, teaching us the way of witting the
Totally thanks to all our families who supported us and extended to us our needs and didn’t limit
their efforts for us encouragement morally and financially May ALLAH bless them for their
We create and write this project not only to get marks but also to increase our knowledge.
V
ABSTRACT
With the rapid development of internet and the increasing demand of network sharing,
networking becomes more and more popular due to its way of sharing center and security.
This thesis concerned the system of Implementing Design of local area network (LAN)
Ministry Of Foreign Affairs. This system will support the officials to maintain for
resource sharing and information in this ministry and every-one can see the results in real
time and This system improving internal and external network connectivity system such
as security Sharing information and resources and faster decision making to automate all
activities.
VI
TABLE OF CONTENTS
VII
2.5.4 Security .................................................................................................................. 19
2.5.5 Security Management ............................................................................................ 19
CHAPTER 3 ANALYSIS .............................................................................................................. 23
3.0 Current System............................................................................................................... 23
3.0.1 Overview ................................................................................................................ 23
3.0.2 Problems of Lack Network in Ministry ................................................................. 23
3.1 ANALYSIS OF THE SYSTEM .................................................................................... 24
3.1.1 Performance analysis ............................................................................................. 24
3.1.2 Information analysis ............................................................................................... 25
3.1.3 Data analysis .......................................................................................................... 25
3.1.4 Efficiency analysis ................................................................................................. 25
3.2 FUNCTIONAL REQUIREMENTS .............................................................................. 26
3.2.1 Routers ................................................................................................................... 26
3.2.2 Switches ................................................................................................................. 27
3.2.3 Server ..................................................................................................................... 28
3.2.4 Firewall .................................................................................................................. 28
3.2.5 Hubs ....................................................................................................................... 29
3.2.6 Connection system ................................................................................................. 30
3.3 Power Protections Devices............................................................................................. 31
3.3.1 Backup devices ...................................................................................................... 31
3.4 NON-FUNCTIONAL REQUIREMENTS .................................................................... 32
3.5 OBJECTIVES OF THE PROJECT ............................................................................... 32
CHAPTER 4 DESIGN ................................................................................................................... 33
4.2 LOGICAL DESIGN ...................................................................................................... 34
4.2.1 ROLES OF NETWORK DEVICES ...................................................................... 34
4.2.2 Purpose of VLANs ................................................................................................. 40
4.2.3 SETTING IP ADDRESSES OF ALL DEVICES AND DEFAULT-GATEWAYS
40
CHAPTER 5 IMPLEMENTATION .............................................................................................. 43
5.1 Security .......................................................................................................................... 43
VIII
5.2 Comparing Enable Password and Enable Secret ........................................................... 43
5.3 Router Banner Motd....................................................................................................... 45
5.3.1 Router access methods ........................................................................................... 46
5.3.2 Setting up Username .............................................................................................. 46
5.4 ASA access list concept ................................................................................................. 46
5.4.1 ASA ACL types ..................................................................................................... 47
5.5 VLAN configuration ...................................................................................................... 48
5.5.1 View VTP configuration ........................................................................................ 48
5.5.2 Creating and configure VLANs and names ........................................................... 49
5.5.3 Assigning ports to VLANs ..................................................................................... 50
5.6 CLIENT / SERVER Configurations .............................................................................. 53
5.6.1 Client PC’s configuration....................................................................................... 53
5.6.2 Server configuration ............................................................................................... 53
5.6.3 Installing Active Directory..................................................................................... 54
5.6.4 Installing DHCP ..................................................................................................... 56
5.7 Final Output ................................................................................................................... 60
IX
TABLE OF FIGURES
X
LIST OF TABLES
XI
CHAPTER 1
INTRODUCTION
more computing devices with each other for the purpose of sharing data.
The most important job of a network is to link computers together. When computers are
linked, the people using the computers can work more efficiently. Computers connected
to a network do not have to be the same type. For example network could contain desktop
computers or portable computers such as notebook and personal digital assistants (PDAs).
There are different networking systems and they are local area network (LAN),
metropolitan area network (MAN) and the last one wide area network (WAN).
1
Local area network (LAN)
This network is the most common type of network found in the small business. It
connects computers and devices located close to each other, such as in one building
Computer networking has become one of the most successful ways of sharing
network and now it’s very important that every small office and organizations have some
of computer network.
Computer networking is the backbone of the ministry of foreign affairs and it play
essential role of its resource sharing and information also computer networking is the
Ministry of foreign affairs has totally no network sharing center although there is a
network department and uses different internet service providers (ISP), the main aim of
network department is to terrible shoot and solve the errors of the wireless of the ministry.
Somaliland Ministry of foreign affairs was formed and established in 1991 the year of
The ministry of foreign affairs is the channel through which the Somaliland government
headed by the minister of foreign affairs, who is responsible for Somaliland foreign
policy.
2
This is the ministry that maintains relations with other states and international
severing a lack of computer network, each computer of the ministry exists and works
alone that is why we deeply interest to create a network to the ministry to promote the
activities and the collaboration among the employees and even their leader minister of the
foreign affairs.
versions but they are not connected with computer network they exists
but the problem is there is no computer network and this is caused that the
employees of the ministry cannot share the resources like the printers, scanners,
files and even the internet connection, while there are different internet service
providers (ISP).
Data loss: - If a computer fails or stops working, all documents in that computer
will be lost since its data is not stored anywhere else. It will be the first time that
3
the ministry of foreign affairs get computer network and we will try to fix the
problems caused without the computer networking. The failure of one computer
will cost the lost of all its documents and information’s since it’s data is not
stored anywhere else, the user will not be able to work in another computer till
that failed computer will fix or will be demand another computer which is very
expensive.
high also employees use different the printers and all the printers work.
Cost reduction: - This project reduces the cost that ministry paid for the
different internet service providers (ISP) and also the cost for that large
and many printers, the ministry will be used only one or two printers and
Data safety: - No data loss will happen and every employee will get an
account that will be accessed his/her username and password, this is very
secure when we are comparing the previous type that the ministry uses.
Centralized network: - This type of computer network make easier for the
4
1.3 PROJECT SCOPE
Our scope includes designing and implementing a well designed and also
analyzing the current network system at ministry of foreign affairs and also creating a
department administrator and the employees of the ministry but to reach our aims of this
project we must have to get the devices needed this project such as the switches and Cisco
This will provide clear description on the various significances of the project. To
us, the proposed project serves as practical work to apply the education and knowledge
We will experience and learn how to apply the knowledge we got from the classes
in the real world and it will introduce us our surrounding environment. So, this project
For the ministry of foreign affairs and its employees the proposed project will
increase their work by increasing the availability and accessibility of the data,
transparency of activities, cooperation between the employees and resourcing sharing. For
5
the employees and the ministry; the proposed project will protect their data from loss and
corruption.
The proposed project will improve the aims of the ministry working system by
securing litigants data and making the ministry work transparent. For the government; the
proposed project will improve its image because the ministry of foreign affairs is the
6
CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
In this chapter we will assessment of ministry of foreign affairs LAN, its deigning
concepts and the different departments of the ministry to become conscious the well
management, like security higher performance, availability and scalability for future
trends.
resources and accessibility. The main aim is to resistant maximizing user requirements,
high routine utilities, and reliable LAN connectivity, instead of online work.
7
2.2.1 Existing products
Some internet services are available inside the ministry of foreign affairs that
allow them to connect through the internet and router for outside gateway, it allows the
ministry to instigate a connection to the hosts by the use of internet to access their data
A local area network (LAN) is a group of computers and associated devices that share a
computers and peripheral connected to a server within a distinct geographical area such as
connection to share resources such as printers anyhow a local area network is a computer
network within a small geographical area such as a home, school, computer library, office
personal computers which are each capable of accessing and sharing data and devices,
such as printers, scanners and data storage devices, anywhere on the LAN anyway here
various devices in the network are connected to a single cable or line. In general,
costs
9
FIGURE 1 BUS TOPOLOGY FROM TECHNOPEDIA.COM
Ring topology refers to a specific king of network setup in which devices are
connected in a ring and pass information to or from each other according to their
adjacent proximity in the ring structure. This type of topology is highly efficient
and handles heavier loads better than bus topology. A ring also called topology
Very orderly network where every device has access to the token and the
opportunity to transmit.
computers.
faults.
10
Performs better than a bus topology under heavy network load.
Moving, adding and changing the devices can affect the network
network
11
2.3.3 Star topology
Star topology is one of the most common network setups also star
topology is a topology for a Local Area Network (LAN) in which all the
hub or switch anyhow star takes more cable than other topologies like bus, but the
benefits is that if a cable fails, only one node will be brought down.
computer’s Network Interface Card and the other end (RJ 45 connector) is
Fault Diagnosis
connected with your network, you can check its cable and connectors or network
Network Reliability
o Single computer failure will not disturb whole network, since all other computers
are connected with separate links (wires) to HUB. Definitely, they will work fine.
Better performance
12
o Star topology can prevent the passing of data through an excessive number
Device Isolation
computers.
13
Connection reliability
The ministry is providing wired (cables) and wireless (router) can capable
carrying of the signals and waves from the source to the destination, which
successfully.
Availability:
The system must be available at any time internally and externally with the
printers should become ready at any time needed by the users. The internet
High implementation
The system has to maintain an appropriate manner the devices which can
it must be there such like PCs had good processors, Cisco switches and
routers.
Security:
prevention from outsider and insider attacks to mitigate the damage of the
external attack towards organization. The both has problem, but the
14
vulnerabilities. To ensure avoidance or decreasing the hacking have to
implement following:
NAT/DMZ
Eavesdropping attacks
Central Management:
Is the managing the holy system physically and logically from a central
admin which auditing, allowing, preventing the activities through the entire
network. The admin must perform functioning for configuring devices like
routers, switch.
15
2.5 System Adjustment
Server provides us with powerful tools to react the needs faster than ever before
with greater control and confidence specially Windows server 8 designed to increase the
reliability and flexibility of the infrastructure, helping the ministry and the system to save
time and reduce costs. Windows Server 2008 R2 enables us to take the datacenter and
the network. It provides us with both the features and the strength of a
established solution giving the employees flexible access to their data and
Microsoft has been investing in the Virtual Desktop Infrastructure, also known
contains several updates over the previous version to the tools you are most
familiar with.
16
rising reliability and the scalability
enhanced administration
Windows Server 2008 helps to decrease the amount of effort you expend
managing your physical and virtual data centers by providing enhanced
tasks.
2.5.2 Routers
Router is a device that forwards data packets along a network, routers use headers
and forwarding tables to determine the best path for forwarding the packets, and they use
protocols such as ICMP to communicate with each other and configure the best route
between any two hosts so The Cisco 1841 Integrated Services Router is part of the Cisco
1800 Integrated Services Router Series which complements the Integrated Services
Router Portfolio
17
The Cisco 1841 Integrated Services Router provides the following support:
Support for majority of existing WICs, VWICs, and VICs (data mode only)
Security
o On-board encryption
o Intrusion Prevention as well as state full Cisco IOS Firewall support and
standalone switch that provides wire-speed Fast Ethernet and Gigabit Ethernet
connectivity. This switch offers two distinct sets of software features and a range of
configurations to allow small, midsize, and enterprise branch offices and industrial
environments to select the right combination for the network edge. Standard Image
Software offers Cisco IOS Software functions for basic data, voice, and video services.
For networks with requirements for additional security, advanced quality of service
18
(Quos), and high availability, Enhanced Image Software delivers intelligent services such
as rate limiting and security filtering for deployment at the network edge.
2.5.4 Security
Network security starts with authenticating the user, commonly with a username
and a password. Since this requires just one detail authenticating the user name —i.e. the
password, which is something the user 'knows'— this is sometimes termed one-factor
authentication. With two vector authenticating, something the user 'has' is also used (e.g.
a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor
authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what services are
access, this component may fail to check potentially harmful content such as computer
worms or Trojans being transmitted over the network. Anti-virus software or an intrusion
prevention system (IPS) help detect and inhibit the action of such malware.
Security management for networks is different for all kinds of situations. A home
or small office may only require basic security while large businesses may require high-
maintenance and advanced software and hardware to prevent malicious attacks from
19
The Top Five LAN Security Issues Facing IT Managers Today
A quick look at the top five security problems shows there is are tools to solve each one. But the
one problem/one tool approach does not solve the full range of security problems and can be
difficult to manage. This approach also begs the question "Is there a better way to handle LAN
security?"
Porous-Perimeters
The conventional approach to enterprise security has been to apply security at the
perimeter of the network. Today, however, perimeter defenses are no longer sufficient.
Increasingly, sites no longer consist just of predictable managed desktops but include a
mix of unmanaged mobile devices, such as laptops and PDAs. Sometimes these devices
belong to employees, but often businesses must allow guests such as contractors,
partners and others with unmanaged mobile devices to directly connect to the internal
network.
Perimeter-based security strategies are also no match for the increasing sophistication
of attacks on the network. The hacker profile has begun to shift from adolescents
crashing systems for fun to professional criminals bent on taking over systems for
profit. New strains of malware appear to have the goal of remotely controlling the
Unadoptable Networks
Many enterprises built LANs with the assumption that internal users are
trustworthy. Little thought was given to understanding exactly what devices are
connected to the network, where these devices are located, and what users are
20
doing with them. As a result, enterprises are finding themselves ill-equipped to
deal with problems introduced by mobile end systems and end users.
information processing laws, and even anti-terrorism acts, has raised the
Enterprises need visualization and audit tools that associate different network
identifiers and locations. Such tools could, for example, find the user, access
port, and MAC address when given an IP address. The tools should also be able
to display the location from which the user has accessed the network in a form
Uncooperative Employees
Even with security awareness programs and employee censure for lax security
practices, users still view security as something that gets in the way of doing
their job. Users will often abort full disk scans, or even disable anti-virus or
computer.
assessments and policy compliance verification, and that have the ability to
isolate an endpoint that fails, can mitigate the potential damage done by
uncooperative employees.
Risky Applications
21
and wireless, are increasingly in demand, since they enhance productivity and allow
users to be in touch 24x7. However, many of these tools bring with them increased
security risks, primarily because their reach extends within and beyond the traditional
22
CHAPTER 3
ANALYSIS
3.0.1 Overview
As we were already mentioned the ministry of foreign affairs totally has no
network sharing and every node of the ministry exists alone and there is no
network plant inside the ministry also it was difficult to the staffs to communicate
each other for sharing documents and files that is why we interest to setup a
network for the ministry to encourage the collaboration of the employees of the
ministry.
No resource sharing – although there are a lot of nodes and printers and large
23
Data loss – sometimes some computers failed or stop working, and all the
At this section we are deeply discussing the analyzing the current system of the LAN.
statement and business benefit that can be derived by exploiting the opportunity.
system that we may recommended in the subsequent phases of this project. In other
words
Performance analysis generally applied to the systems transactions. When discussing the
performance of any given transaction, we need to discuss both through put and response
time. Throughput is the number transactions processed in some specific period of time.
Response time is the time required to process a single transaction. This section analyzes
24
3.1.2 Information analysis
Information analysis initially identifies those net outputs produced by or for the system.
Each output is analyzed for the following possible problems and opportunities:
Information overload either too many outputs are produced or outputs contain too much
possible errors. Information timeliness information is not received is not useful or must be
modified to become useful. Information redundancy multiple outputs contain much of the
Data analysis describes the amount to which data is redundantly stored within the system,
it’s all about how easy or difficult it is to produce information and output from data. Data
analysis examines how the system ensures that it is properly operating and concerned
examines the system for problem and opportunities related to how resources are being
used like people, facilities and the money. Efficiency problems and opportunities usually
25
3.2 FUNCTIONAL REQUIREMENTS
3.2.1 Routers
Routers are small electronic devices that join multiple computer networks together via
either wired or wireless so routers connects networks. Based on its current understanding
of the state of the network it is connected to, a router acts as a dispatcher as it decides
which way to send each information packet. A router is located at any gateway where
one network meets another network, including each point of presence on the internet. A
A router may create or maintain a table of the available routes and their conditions and
use this information along with distance and cost algorithms to determine the best packet.
Typically a packet may travel through a number of network points with routers before
26
Routing is functionally linked with the network layer particularly layer 3 in the standard
switch is switch that can perform routing functions anyhow some networks engineers
believe that routers provide better protection from hacking than software firewall because
3.2.2 Switches
computer network by using packet switching to receive, process, and forward data to the
A switch does not provide the firewall and logging capabilities that routers do.
Routers can commonly configured by software while switches only work the way
27
3.2.3 Server
A computer connected to a network that other computers may or may not access. Unlike
other computers on a network, a server is dedicated computer set up for one or more
purposes. For example a user may setup a server to authenticate and allow or prohibit
users from accessing a network, send or receive e-mail, manage print jobs or host a
website. For example, the computer hope web page is hosted on a server. Servers are not
often turned off if it fails it cause that the network user have a great deal of problem until
it returned.
3.2.4 Firewall
Firewalls are the essential part of a networks design. Firewall is a network security
system, either hardware or software based, that uses rules to control incoming and
outgoing network traffic. This controlled access is designed to protect data and resources
from outside threat. A firewall acts as a barrier between a trusted network and un trusted
network. Firewalls might be placed between an internal network and the internet although
firewalls typically protect internal networks from public networks, they are also used to
control access between specific network segments within a network. For example you
might be placed firewalls the network department and the server department. A firewall
controls access to the resources of a network through a positive control model, this means
that the only traffic allowed onto the network is defined in the firewall policy and all
28
The firewall is configured on the server to allow permit or deny certain types of network
traffic, a firewall is commonly installed on the local system and configured to control
traffic.
3.2.5 Hubs
A network hub is a common connection point for devices in a network. Hubs are devices
commonly used to connect segments of a LAN. The hub contains multiple ports. When
29
packet arrives at one port, it is copied to the other ports so that all segments of the LAN
A hub is a place of convergence where data arrives from one or more directions and is
In hub, a frame is passed along broadcast to every one of its port, it does not matter that
the frame is only destined for one port. The hub has no way of distinguished which port
Comparing to the standard switch, the hub is slower as it can send or receive information
just not at the same time, but typically costs more than a hub.
The two most popular connection systems are hard wiring using Ethernet cables or using
wireless technologies. Most desktop networks use Ethernet cables. These are inexpensive
products that directly connect the network card of the computer to the router. Wireless
30
technologies are used most often for laptops. However, to use wireless network, the
Power failure can create problems on computers, system and file servers. Unexpected
power cut can damage computers and the system. A common source of power issues is
Backup devices are the ones that store the data and their main aim in the system is to store
the important information and data for future recovery. Backups are needed in case a file
is lost. The reasons for losing files include hardware failure like disk breaking,
accidentally delete or computer being stolen. Backups help in all the above situations so it
may be good to have access to older version of files, e.g. a configuration file worked a
month ago, but since then it has been changed and nobody remembers so it just not
working anymore. Backups are good to have if you can afford them.
31
3.4 NON-FUNCTIONAL REQUIREMENTS
Non functional requirements are the one that mentioned to the functional requirements
but if they are part of the system the system will be more acceptable and reliable and it
encourages the security and the consistency of the project so if they are not the part of the
These are objectives and the purposes that our project must meet and they are
High speed
High quality
Lower cost
Well security
Good communication
32
CHAPTER 4
DESIGN
This chapter provides detailed information about design; this chapter provides deep
concept and information about the design and the network of ministry of foreign affairs.
Also this chapter describes the general design of the project and design.
businesses but these nowadays businesses began to develop their networking system to
fiber optic wires because fiber optics can use both local area network (LAN) and
metropolitan area network (MAN) because of their bandwidth, high speed and low loss
and in this section we will focus physical appearances of the LAN according to the
following factors
33
FIGURE 9 PHYSICAL DESIGN OF THE
HE PROJECT
Network devices are generally the devices that work in this project (design) also this
section provides the configuration of the most common devices that installed on a LAN.
The network devices of this ministry are so close by the distance, the longest distance
dis
is when you came down the stairs towards the network department is 8 steps but all the
34
4.2.1.1 Router
network by using packet switching to receive, process, and forward data to the destination
device.
35
FIGURE 11CONFIGURING
CONFIGURING SWITCH
Switch 2
36
Switch 3
37
FIGURE 12 SERVER CONFIGURATION
4.2.1.4 VLANs
application, without regard to the physical locations of the users. VLANs have the same
attributes at physical LANs, but you can group end stations even if they are not physically
located on the same LAN segment. Any switch port belongs to a VLAN. Each VLAN is
considered a logical network and packets destined for station that don’t belong VLAN
network.
38
4.2.1.4.1 Assigning VLANs to Departments
Departments VLANs
Network admin 30
Ministry 40
DG 50
Human Resource 60
Archive 70
Accounting 80
Attendance 90
Politics 100
39
4.2.2 Purpose of VLANs
In simple word a VLAN is a group of PCs, server and other network resources that
GATEWAY
40
Switch 3 192.168.1.4 192.168.1.1
DG PC 1 192.168.1.5 192.168.1.1
PC 7 192.168.1.11 192.168.1.1
PC 8 192.168.1.12 192.168.1.1
PC 9 192.168.1.13 192.168.1.1
PC 10 192.168.1.14 192.168.1.1
PC 11 192.168.1.15 192.168.1.1
PC 12 192.168.1.16 192.168.1.1
HR PC 14 192.168.1.18 192.168.1.1
PC 19 192.168.1.23 192.168.1.1
PC 20 192.168.1.24 192.168.1.1
PC 21 192.168.1.27 192.168.1.1
41
PC 22 192.168.1.26 192.168.1.1
PC 23 192.168.1.28 192.168.1.1
PC 24 192.168.1.29 192.168.1.1
PC 25 192.168.1.30 192.168.1.1
PC 26 192.168.1.31 192.168.1.1
PC 32 192.168.1.37 192.168.1.1
TABLE 5 IP ADDRESS
42
CHAPTER 5
IMPLEMENTATION
In this chapter we will discuss how to implement in our Local Area Network (LAN), our
To create a cost-effective and scalable network infrastructure, we can assist to reduce the
5.1 Security
To secure the network requires using the complex and the strong password to provide the
network to protect both workstation hijacking attacks and the dictionary attacks.
To provide an additional layer of security, particularly for passwords that cross the
network. These both commands accomplish the same thing, they both allow establishing
an encrypted password that users must enter to access for the specific privilege level you
specify.
43
After you specify the level and set a password, only authorized users can reach and access
this level.
This is the secret password and the password will be encrypted as show below
hostname S3
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
password
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
Also if you have the service password-encryption command enabled, the password you
enter is encrypted and this command the service password-encryption is primarily useful
for keeping unauthorized individuals from viewing your password in your configuration
file.
The actual encryption process occurs when the current configuration is written or when a
44
authentication key passwords, the privileged command password, console and virtual
A banner is a message that is presented to someone using the router. The type of the
banner you configure determines when this message is shown by the user.
Banner motd is logon message has been around for a long time on UNIX and mainframe
systems. The idea was to display a temporary notice to users such as issues with system
availability. However this displays when you connect to the device prior to login and now
most the network administrators use it to displays legal notices regarding access to the
________________________________________________________________________
______
*****************************************************************
Unauthorized access and logins are forbidden
-----------------------------------------------------------------
User Access Verification
Password:
Password:
________________________________________________________________________
______
45
5.3.1 Router access methods
These commands enable to login with a local password and time out the connection after
R1(config)#line vty 0 4
R1(config-line)#exec-timout 7 0
R1(config-line)#password Cisco
R1(config-line)# login
R1(config)#
R1(config)#
R1(config)#username MOF password Cisco
R1(config)#
For those just getting into Cisco network security specifically, it can be a little interesting
to wrap the mind around all the different technologies and features that can be used to
Along with these different tools comes a great amount of control that can be used to
secure the intended target network. Of course, like anything else, it is easy to miss
46
configure a network security device; however, the difference between miss configuring a
router and a network security firewall is risk. Although the effects of miss configuring a
router can be felt by many, it typically affects the use of an authorized network; the miss
configuration of a network firewall can affect the unauthorized use of a private network,
which greatly increases risk. This is what makes the correct configuration of these devices
There are many types of ACL but we are deeply explaining and have to review two of
them
Unlike on other platforms, the ASA does not support the use of standard ACLs for
controlling traffic. They are used only in some limited Open Shortest Path First (OSPF)
configurations.
The majority of ACLs that will most likely be implemented on an ASA are using the
extended ACL type. As with other platforms, the extended ACL is used to specify both
source and destination and can include information about the specific protocol being
matched.
47
5.5 VLAN configuration
S2(config)#
S2(config)#
S2(config)#vtp domain SERVER
.
S2(config)#
S2(config)#vtp mode SERVER
S2(config)#
S2(config)#vtp mode CLIENT
Setting device to VTP CLIENT mode.
To view the VTP Configuration we have to write this command in the privilege mode
S2#
S2#show vtp status
VTP Version: 2
Configuration Revision: 0
Maximum VLANs supported locally: 255
Number of existing VLANs: 14
VTP Operating Mode: Client
VTP Domain Name: SERVER
VTP Pruning Mode: Disabled
VTP V2 Mode: Disabled
VTP Traps Generation: Disabled
MD5 digest: 0x68 0xD9 0xCB 0xD0 0x93 0xEA 0x88 0xB5
Configuration last modified by 192.168.1.3 at 3-1-93 00:14:41
48
5.5.2 Creating and configure VLANs and names
(config)#
(config)#vlan 70
(config-vlan)#name Archive
(config-vlan)#exit
(config)#
(config)#vlan 90
(config-vlan)#name Attendance
(config-vlan)#exit
(config)#
(config)#vlan 80
(config-vlan)#name politics
(config-vlan)#exit
(config)#
(config)#vlan 100
(config-vlan)#name politics
(config-vlan)#exit
(config)#
(config)#vlan 60
(config-vlan)#name HR
(config-vlan)#exit
(config)#
(config)#vlan 50
(config-vlan)#name DG
(config-vlan)#exit
49
(config)#
(config)#vlan 40
(config-vlan)#name Ministry
(config-vlan)#exit
(config)#
(config)#vlan 30
(config-vlan)#name Network
(config-vlan)#exit
S3#
S3#show runnin
S3#show running-config
Building configuration...
50
interface FastEthernet0/2
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/11
switchport mode access
!
interface FastEthernet0/12
switchport mode access
!
interface FastEthernet0/13
switchport mode access
!
interface FastEthernet0/14
51
switchport mode access
!
interface FastEthernet0/15
switchport mode access
!
interface FastEthernet0/16
switchport mode access
!
interface FastEthernet0/17
switchport mode access
!
interface FastEthernet0/18
switchport mode access
!
interface FastEthernet0/19
switchport mode access
!
interface FastEthernet0/20
switchport mode access
!
interface FastEthernet0/21
switchport mode access
!
interface FastEthernet0/22
switchport mode access
!
interface FastEthernet0/23
switchport mode access
!
interface FastEthernet0/24
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.4 255.255.255.0
!
ip default-gateway 192.168.1.1
!
banner motd ^CC
*****************************************************************
Unauthorized access and logins are Forbidden
****************************************************************^C
52
!
!
!
line con 0
password cisco
logging synchronous
login
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
!
end
We are installing windows 7 and some pc’s windows 10 on clients and Symantec endpoint
enterprise
We are installing windows server 2008 in our server and also Symantec endpoint
53
5.6.3 Installing Active Directory
Step 2 in welcome to the active directory domain services installation wizard, click Next.
54
Step 4 Enter the DNS Domain Name (MOF.COM) and click next.
Step 5 select the Domain Functional Level (windows 2000 native) and click NEXT
Step 8 on Database and log locations page accept the default locations and click NEXT
Step 10 on summary page, review the options you selected and NEXT
Step 11 the Active Directory Installation starts and check box reboot on completion
Then the computer restarts after installation of active directory domain services
55
5.6.4 Installing DHCP
1. To install DHCP click start, point to Control Panel and click ADD or Remove
Programs
In the Add or Remove Programs dialog box, click Add/Remove Windows Components and
in the Windows Components Wizard, click Networking Services in the Components list,
In
the
56
Networking Services dialog box, click to select the Dynamic Host Configuration
Protocol (DHCP) check box, and then click OK and in the Windows Components Wizard,
Wizard
CDROM or DVD-ROM
ROM drive if you are prompted to do so.
Setup copies the DHCP server and tool files to your computer, then click finish When
Setup is completed.
To create new scope click Start, point to Programs, point to Administrative Tools,
Tools and
then click DHCP and in the console tree, right-click the DHCP server on which you want
to create the new DHCP scope, and then click New Scope.
scope. Next, and then type the range of addresses and the subnet mask. Click Next.
57
Type any IP addresses that you want to exclude from the range that you entered Click
Next.
Type the number of days, hours, and minutes before an IP address lease from this scope
expires and then click yes; I want to configure these options now to extend the wizard to
include settings for the most common DHCP options. Click Next and then type the IP
address for the default gateway. Click Add to add the default gateway address in the list,
58
Type your organization's domain name in the Parent domain box. Type the
th name of your
DNS server, and then click Resolve. Click Add to include that server in the list of DNS
servers Click Next, and then follow the same steps if you are using a Windows Internet
activate this scope now to activate the scope and allow clients to obtain leases from it, and
In the console tree, click the server name, and then click Authorize on the Action menu.
59
5.7 Final Output
60