This project documents the design, configuration, and testing of a secure, scalable enterprise network implemented using Cisco Packet Tracer. The network supports multiple departments across different floors, integrates redundancy, centralized services, and enforces strong security controls.
The solution demonstrates best practices in VLAN segmentation, inter-VLAN routing, redundancy, routing protocols, NAT, DHCP, Syslog monitoring, and access control.
- Hierarchical design using:
- Internet Router
- Main Router (Primary)
- Backup Router (Failover)
- Two Layer-3 Core Switches (MLSW1 & MLSW2)
- Multiple Layer-2 Access Switches per department
- Redundancy & High Availability:
- Dual routers with floating static routes
- HSRP on Layer-3 switches
- LACP EtherChannel between core switches
Each department is assigned a dedicated VLAN and subnet:
| Floor | Department | VLAN | Network | Gateway |
|---|---|---|---|---|
| 10 | HR | 100 | 192.168.100.0/24 | 192.168.100.1 |
| 9 | ICT | 90 | 192.168.90.0/24 | 192.168.90.1 |
| 8 | Finance | 80 | 192.168.80.0/24 | 192.168.80.1 |
| 7 | Admin | 70 | 192.168.70.0/24 | 192.168.70.1 |
| 6 | Management | 60 | 192.168.60.0/24 | 192.168.60.1 |
| 5 | Sales | 50 | 192.168.50.0/24 | 192.168.50.1 |
| 4 | Marketing | 40 | 192.168.40.0/24 | 192.168.40.1 |
| 3 | Operations | 30 | 192.168.30.0/24 | 192.168.30.1 |
| 2 | Reception | 20 | 192.168.20.0/24 | 192.168.20.1 |
| 1 | Guest | 10 | 172.16.1.0/24 | 172.16.1.1 |
A dedicated DMZ network (10.11.11.0/27) hosts critical enterprise services:
- Web Server
- FTP Server
- Email Server
- Application Server
- DNS Server
- DHCP & Syslog Server
This ensures service isolation and improved security.
- OSPF (Area 0) for dynamic routing across routers and Layer-3 switches
- Floating static routes for automatic failover
- Configured on both main and backup routers
- Provides internet access for internal VLANs
- Centralized DHCP server in the DMZ
ip helper-addressconfigured on all VLAN interfaces
- Centralized real-time logging server in the DMZ
- All network devices forward logs for monitoring and troubleshooting
- SSH-only remote management (Telnet disabled)
- ACLs to restrict management access (ICT VLAN only)
- Guest VLAN isolation to block access to internal networks
- Port Security (MAC address filtering) on access switches
- Blackhole VLAN (VLAN 199) for unused ports
- BPDU Guard & PortFast for access layer protection
- Inter-VLAN routing handled by Layer-3 switches
- HSRP provides default gateway redundancy for all VLANs
- LACP EtherChannel increases bandwidth and fault tolerance
The network was validated using multiple tests:
- Intra-VLAN and Inter-VLAN connectivity
- Gateway and DMZ server reachability
- Guest-to-Employee isolation tests
- Failover testing (Main Router shutdown)
- SSH access control verification
All tests were successful, confirming network reliability and security.
- Cisco Packet Tracer
- Cisco IOS (Routers & Switches)
- OSPF, HSRP, NAT, DHCP, Syslog
- VLANs, ACLs, Port Security, EtherChannel
This project demonstrates a real-world enterprise network design with emphasis on availability, scalability, security, and centralized management. It is suitable for academic submission, enterprise simulation, and practical networking demonstrations.
Author: Ebuka Matthew Igbokwe
Program: BIT – Computer & Network Security
Institution: UNITAR International University