Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
bullet that actually works. Having a proper network infrastructure design, an organization’s
management will not only enjoy being on top of its activities but also enjoy the advantages of
having a scalable, secure, and resilient network that the organization invested on in the first place.
What better organization will benefit from a proper network infrastructure than an
expanding school? The city of Bacoor is a hotspot for learning centers and or institutions which
mostly cater to children of age 5 to 11. According to DepEd Region IV-A CALABARZON and
God only knows the number of students eager to learn in their respective schools every
weekday in the city of Bacoor. Tens of thousands? More? How is network infrastructure design
relevant to this? There are three things which are certain: (1) teachers and information technology
staffs are very few and are in demand (2), there are sparse number of information technology assets
which are available for both the faculty and the students, and (3) these schools could use proper
planning in the context of network infrastructure which can be a challenge since most small to
medium-scale businesses in the Philippines are unfortunately late-adopters of this technology most
efficiency in the face of challenged quantity. The less you have, more management is required.
Auspiciously, private learning institutions in the city of Bacoor, like Ruther E. Esconde
1
infrastructure which not only supports its various administrative and academic activities but also
ensures that their staffs and students enjoy being on top of everything they are good at.
network infrastructure, which currently supports various activities within its premises, can be
enhanced to accommodate their growing need for a scalable, secure, and resilient network.
1.1 Context
university in Jakarta, Indonesia: There are many types of campus network designs that provide
high-availability, flexibility, scalability and manageability. “The design of each option depends on
(the) functionality available in the network nodes and also it can be varied by the network designer
or architect to achieve the optimal performance in a given network, or sometimes to reduce design
costs.”
This thesis provides a framework to develop a feasible design to improve Ruther E. Esconde
in a way such that it can adhere to the school’s growing need for a scalable, secure, and resilient
network.
2
1.2 Background
a growing corporation of five schools: REESMI – Dulong Bayan, REESMI – Alima, REESMI –
that functions for its administrative activities. Although it is only limited to the accounting and
administrator’s office, which also includes the director’s office and the cahier’s office, REESMII
- Dulong Bayan also has several more information technology assets located in different areas of
the school that are not connected in any network. Thus, REESMI – Dulong Bayan could use a
network infrastructure optimization to connect the rest of its assets into the network.
3
Figure 1.2.2: Mr. Michael Alcoriza (in red) and the Proponents
In his interview, Mr. Michael Alcoriza, the information technology administrator of the
school, expressed his interest to improve their current network structure to supplement the learning
According to him, this will be better realized if: (1) the computers in the computer room will
be connected to the internet, (2) if the school will have a secure wifi internet connection for its
guests, staffs, and students, and (3) if this wifi connection will not adversely affect their network
infrastructure.
The proponents must make a scalable, secure, and resilient network infrastructure design for
A growing organization like REESMI – Dulong Bayan will indubitably need to expand its
information technology network. Its challenge is whether it will have to start from scratch in order
to add new information technology assets as the network grows. Another challenge is whether the
new assets added will negatively affect other users and or the network per se. The proponents
designed a network topology which will enable the school to expand its network infrastructure
without the need to re-design it and without having to fear consequences (e.g. slowing the entire
network) when the management decides to add more assets. According to Cormac Long of
radically re-designed.” Employing dynamic host configuration protocol (DHCP) will ensure
5
Figure 1.3.2: An Illustration of a Scalable Network
their function and the sensitivity of the data they store, process and transmit is an important step.”
A secure network is like an onion – it must have layers. Each one of the layers must have protocols
to limit and monitor the data it transmits and receives. Imagine a guest computer connected to a
switch which is connected to the internal server of an organization. That’s a no-no. Employing
VLAN segmentation, ACL protocol, NAT, and switchport security protocol will ensure security
According to Cormac Long of TechTarget: “A highly specified network might have to meet
an availability target of 99% for all applications with a 'zero-downtime' requirement for mission
6
critical applications.” Network resiliency is the ability of a network to adapt to changes during and
1.5.1 Backup
A resilient network thrives in the face of unforeseen challenges like abundant-human errors
in IP-addressing and the dreaded active link failures. Putting these in consideration, a resilient
network must have backups. To make sure this happens, the proponents implemented the following
protocols: (1) network path redundancy, (2) HSRP, and (3) STP.
The quality of service (QoS) of a network is greatly dependent on its holistic resilience.
However, the proponents posit that it is in itself a criterion but not entirely removed from resilience
services. To improve the services in the network - in the context of productivity - the proponents
1.6 Goal
The proponents’ goal is both simple and feasible. To design an implementable network
Bayan before the 1st semester of the school year 2018-2019 concludes and before the appointed
thesis defense date to adhere with the specifications required to unconditionally pass the partial
fulfilment of the requirements for the degree of Bachelor of Science in Information Technology.
To design a scalable, secure, and resilient network infrastructure for Ruther E. Esconde
7
1.8 Specific Objectives
To make a scalable network infrastructure for REESMII – Dulong Bayan, the proponents
must employ dynamic host configuration protocol (DHCP) to the new network infrastructure
To make a secure network infrastructure for REESMII – Dulong Bayan, the proponents must do
the following:
Apply virtual local area network (VLAN) segmentation to the new network
Apply access control list (ACL) protocol to the new network infrastructure
8
Apply hot standby routing protocol (HSRP) to the new network infrastructure
Apply spanning tree protocol (STP) to the new network infrastructure design of
Dulong Bayan.
1.9 Deliverables
9
Certificate of appreciation. Softcopy and framed.
The future researchers may contact the proponents. Depending on their needs, the
proponents may entertain interviews and may elect to provide a softcopy of the thesis – some parts
1.10.1 Scope
This thesis provides a framework to develop a feasible design to improve Ruther E. Esconde
in a way such that it can adhere to the school’s growing need for a scalable, secure, and resilient
network during the 1st semester of the school year 2018-2019 of De La Salle University –
Dasmariñas.
1.10.2 Limitations
The proponents will only employ the following to the new network infrastructure of
REESMII – Dulong Bayan: (1) Dynamic host configuration protocol (DHCP) for dynamic IPv4
addressing and to foster a scalable network. (2) Virtual local area network (VLAN) segmentation,
switchport security protocol, access list control (ACL), and network address translation (NAT) for
security. (3) Network path redundancy, hot standby routing protocol (HSRP), spanning tree
10
The proponents will only use Cisco packet tracer version 7.1.1 to create and design a reliable
network.
This study will only present a working simulation of an actual design of the network
Bayan.
11
CHAPTER II
Finding a related literature which reinforces the vision of any dissertation is a gem on its
own. Review of local and foreign applications and studies with objectives that are similar to the
2.1.1 The influence of topology and information diffusion on networked game dynamics.
This thesis studies the influence of topology and information diffusion on the strategic
interactions of agents in a population. It shows that there exists a reciprocal relationship between
the topology, information diffusion and the strategic interactions of a population of players. The
structure of a population of players is abstracted by the topology and the information flow of the
networks of players while the dynamics are denoted by the strategic interactions of the players in
the population. While topology represents a static structure, the information flows are used to
model a more dynamic and volatile structure of the population. In order to evaluate the influence
of topology and information flow on networked game dynamics, strategic games are simulated on
arrangement. Game theory, network science and information theory are the three pillars of science
12
Since the proposal focuses on creating a topology, information flow is also an idea
associated in creating a network. The said thesis aims to see the relation of topology on a networked
game dynamic which can also be used to relate on the proponent’s objective.
2.1.2 The Influence of Network Topology on the Operational Performance of the Low Voltage
Grid.
The present Low Voltage (LV) grid, which until recently was mainly composed of passive
(prosumers), who not only consume but also generate and share power locally. This development
is introducing changes in the operational dynamics of the LV grid that could result in voltage
stability problems and the violation of infrastructural constraints if not well managed. A re-design
of the present LV grid is, therefore, imperative to enable it to meet these new requirements. This
thesis was aimed at studying the influence of topological metrics on the operational performance
of the LV grid in view of current developments in energy consumer behavior with a view to
proposing the topological changes and/or modifications in network architecture that would yield
optimal outcomes. The proponents modelled the present LV grid as a radial network and compared
it to three other network models -random, small-world and scale-free networks- under different
loading scenarios. The proponents proposed novel structural and operational metrics that are
suitable for the LV grid, and analyzed the networks in terms of these metrics. The proponents also
compared their robustness under different attack scenarios and demonstrated the correlation
between the structural and the operational metrics, thus, identifying important structural metrics
that need to be optimized to improve the future LV grid performance. Finally, the proponents then
investigated the possible modifications of the radial network model of the present LV grid that
13
would yield similar results. The results highlighted the structural weaknesses of the present LV
grid under futuristic and simultaneous loading conditions and presented the scale-free model as
the most suitable architecture for the future LV grid as it out-performed all the other network
models under similar loading conditions. They also showed that the insertion of additional links at
critical positions in the radial network achieved similar results. We therefore proposed this
the LV grid.
The Influence of Network Topology on the Operational Performance of the Low Voltage
Grid states that, LV grid is gradually losing its efficiency and is overrun by active electrical
components. They think of a way on how they would relate network topology while using LV grid,
which can help prove its worth and avoid losing its uses. If we align our thesis to the LV grid, it
would help us design a network topology that can potentially improve the school’s worth.
2.1.3 Faculty of Science Computer and Mathematics: Champs SDN BHD Network Design
Currently Champs SdnBhd has opened another branch in Johor Bharu, which currently
houses 50 employees, including executives and managers including the others end devices such as
faxes, printers, phones, and so on. However, their existing networks are frequently receiving issues
such as breach of data, tapping and recently the system has been hacked and caused one of the
servers to shut down. Network to access the server are also often affected by many users who
want to access at one time, this problem often occurs during peak time, causing a most of business
stalled or delayed. Furthermore, Johor Bharu prone to flooding, so position them as server
14
Due to all the problems, we were hired by Champ to redesign a new network for them. We
are given RM 650 000 as the cost budget. The aim for new network besides to solve all the problem
above is the new network must capable to provide an internet and internet access for top and middle
level manager while the staff only have access to intranet only.
This paper taught the proponents that designing a network is serious business. Mishaps, no
matter how small, can be critical and therefore must not be allowed in the development.
The airport authority maintains a server which handles the flight management controls. The
flight service providers should have access only to the specific server in the airport authority
network and not to any other systems. The guest users should have wireless access to a high speed
internet connection, which should be shared among all the users in all the departments.
The wireless access should be using a common password. The guest users should not have
access to the other two departments. The users should obtain IP addresses automatically. The
airport authority has 20 users, the flight service providers have 40 users and the maximum numbers
This paper taught the proponents that designing a network is serious business. Security must
15
2.2 Local Literature
and Logical Topologies are provided. Additionally, common Computer Network realizations of
Physical Topologies are reviewed. This is followed by a discussion of Graph Theory and its
message routing issues, network sizing, and virus analysis. These examples are discussed to
underscore the importance of topological design when constructing a new computer network or
The examples are discussed to underscore the importance of topological design when
constructing a new computer network or adding to an existing one such as the projects the
proponents are working on specially in emphasizing the “routing issues” the proponents
(C.Omorog, 2018)
This paper examines the Internet security perception of Filipinos to establish a need and
sense of urgency on the part of the government to create a culture of cybersecurity for every
Filipino. Method – A quantitative survey was conducted through traditional, online and phone
interviews among 252 respondents using a two-page questionnaire that covers basic
demographic information and two key elements - (1) Internet usage and (2) security practices.
Results – Based on findings, there is a sharp increase of Internet users for the last three years
16
(50%) and most access the Internet through mobile (94.4%). Although at home is the most
frequent location for Internet access (94.4%), a good percentage still use free WiFi access
points available in malls (22.2%), restaurants (11.1%), and other public areas (38.9%) doing
Internet services (email and downloading) that are vulnerable to cyber attacks. The study 15
also revealed that although respondents may have good knowledge of Internet security
cyber attacks, particularly to phishing and malware attacks. Also, majority of the respondents’
Internet security perception is derivative- they practice online measure but with limited
understanding of the purpose. Therefore proper education, through training and awareness, is
must now take actions and tap industries to educate Filipinos about Internet security before
any negative consequences happen in the future. Research Implications – The information
collected sets a clear picture on the importance of cybersecurity awareness from a regional to
a global perspective.
After reading this paper, the proponents realized that implementing effective firewalls is
paramount to the design. The proponents believe that employees need to be educated about
network security in order to prevent attacks on their network and lower the risk of data breach
This project is focused on the design and implementation of an enterprise wide network that
covers all 18 national and regional offices of the Bureau of Fire Protection. This network shall
utilize a combination of virtual private network (VPN) and leashed line connection and frame relay
17
technologies for a cost efficient and secured data transmission inter-office. Upon the
implementation of this project, it is anticipated that the resources, information and application
sharing within BFP will improve. Specifically, the creation of this enterprise wide network is
projected to have the following benefits on BFP and its quality of service to the public. Enterprise
Wide Network (EWN) will extend the communication process of BFP. EWN will facilitate peer
contact thereby promoting a well-informed decision-making activities. EWN will support the
This project does not include the design and implementation of local area network (LAN)
This study was conducted to determine the costs and benefits in investing in a network
infrastructure of Litware Limited. The company is a startup business process outsourcing company
that performs basic office tasks. This network design only complies at the need of the company
that is to share resources through a local network. Any transactions that are not part of the local
This paper helped the proponents realize that there are no other companies who need
18
2.3 Foreign Studies
2.3.1 A Study and Analysis on Computer Network Topology for Data Communication
In recent days for computing, distributed computer systems have become very important
and popular issue. It delivers high end performance at a low cost. Autonomous computers are
is arranged in a geometrical shape called network topology. In the present paper a detailed study
and analysis on network topologies is presented. Definitions of Physical and Logical Topologies
go to each department, it would be more time-efficient if there would be a computer network for
data communication. Traditional door-to-door data delivering is not helpful in a company filled
This paper has become one of the frameworks of the proponents’ work. Most of the
principles applied here were also applied in the development of the project.
2.3.2 Analyzing Network Monitoring Systems and Objects for A Telecommunications Company
The goal with this thesis work has been to identify what a telecommunications company
should monitor and to find a network monitoring system that can monitor these identified objects
on two different platforms: Windows and Linux. The network monitoring system has been
implemented in a telecommunications company’s environment and this thesis presents how the
19
system monitors their environment. The subject for this thesis work is within network monitoring.
The problem formulation has been answered by conducting a literature study and by testing
network monitoring systems’ features in a lab environment. The sources used in the literature study
consists of scientific articles and other articles found on the web. The lab environment consisted
The purpose of the work was to enlighten Cellip in what objects they should monitor and to
help the company to monitor them by implementing a network monitoring system. Cellip is a
Protocol. The limits of this thesis work are based on what their environment supports in terms of
monitoring. Cellip’s environment consists of Linux and Windows servers, Cisco switches and
This paper made the proponents realize that the project they are working is relevant and
therefore important not only in the IT industry, but also in vital industries such as healthcare etc.
communication distribution of computers has become very important issue which deliver end to
end performance at a low cost, hence distribution system performance is influenced by the
20
This paper provides an analytical study of different types of basic network topologies on the
basis of their advantages, disadvantages and different factors which differentiate them. This helped
the proponents to differentiate what’s really important from what they can omit from the project.
Technology has reached its highest peak of development, especially in making life easier
for people. Well implemented technology is faster than human in processing calculation and is
more accurate. Technology has become an important concept in our life. It assists in connecting
communities together. Obviously, people have started to use technology in every field of life
including education, health, the military, etc. The computer network represents a component,
especially on how it enhances the functional performance in different fields and organizations,
such as companies and schools. A school’s computer network performs so many functions, such
as connecting students with the university, faculty, and the library. Most universities today use the
network to provide online education by connecting widely dispersed students with their professors
directly. For this reason, computer networks play a vital role in the education area by providing
The article aims to design a network with high-quality security and low cost. The said
article helped the proponents to design a network that employs low-cost solutions without
21
2.4 Local Studies
Mr. Fracisco, the owner of the café, started his business in 2005 in a rented space in Villalon
Mayantoc, Tarlac. He started with 10 brand-new computers designed for office and non-hardcore
games. At first, the shop’s growth was sparse, but as time went by, students from nearby schools
began to flock the café. After few months, Mr. Francisco realized that people flocked the shop
mostly for games. So, in the succeeding years he invested in more gaming-cable machines.
Investing more in gaming, the shop yielded bigger profit! But along with this, a couple of
moderate to major issues as well: computer lagging, viruses, file-sharing complications, and a lot
This study helped the proponents familiarize with typical network issues like layer 2 loops.
The proponents figured that since they will be working on a network topology design, they might
as well consider taking hints from an established computer shop with a working network topology.
2.4.2 The Influence of the Network Topology on the Agility of a Supply Chain
The right performance of a supply chain depends on the pattern of relationships among
firms. Although there is not a general consensus among researchers yet, many studies point that
scale-free topologies, where few highly related firms are combined with many low-related firms,
assure the highest efficiency of a supply chain. This paper studies the network topology that leads
to the highest agility of the supply chain when sudden demand changes occur. To do this, an agent-
based model of a supply chain with restricted relationship between agents is built. The model
22
includes three tiers, where the flow of material is distributed from the bottom supplier to the final
customer passing necessarily through firms in every tier. Agility is measured in the model
simulations through the order fulfillment rate. Unlike to previous theoretical and lab results, the
simulation of the model shows that the highest levels of agility are not obtained with a scale-free
topology. Instead, homogeneous distribution of links, such as those induced by regular or Poisson
probability laws, shows higher agility values than heterogeneous distributions. Other previous
simulations. The general conclusion is that the most suitable network topology in terms of agility
depends on the specific conditions of the supply chain and the aspects of the performance to be
analyzed.
2.4.3 Design and implementation of a low-cost and reliable wireless mesh network for first-
response communications
preparations made, thousands of lives are still lost. In situations like these, fast and uninterrupted
communication is a must. Proper first response communication is vital in saving more lives. Yet
the first response communications in place today are still dependent on telecommunication
infrastructures, which are prone to problems like snapped wires and overloaded networks.
Telecommunication infrastructures were originally not designed to handle situations like these;
they cannot differentiate the priority of disaster-related messages and normal messages. In line
with this, we proposed a backup or alternative for first response communications: wireless mesh
networks. This method of communication is preferred for disaster scenarios because it is not totally
23
dependent on infrastructures has self-healing and self-configuring capabilities. The wireless mesh
network needs a mesh router or wireless access point, where the mesh clients (Android devices)
can connect and an interface/application where the client and router will interact. This project
established the wireless mesh network points using available hardware and develop an
accompanying application. Features such as message caching were added. The network has also
The article aims to design a network with low cost and reliable. The said article helped the
proponents to design a network that employs low-cost solutions and establish a tested reliable
network.
2.4.4 For the Local Area Network (I-AN) Cabling and Rehabilitation
This project intends to rehabilitate the Local Area Network (LAN) of the MTRCB office
to mend the existing cabling structure for better sharing and communication between the servers
and workstations. It aims to provide the bidder a better general understanding of the requirements
needed for the installation of a structured network cabling for MTRCB office. This also includes
requirements for the horizontal cabling, design, engineering, and installation practices needed to
The paper is all about the Local Area Network of the MTRCB office. The proponents used
this as a guide to the design the topology to meet the proponents’ objectives and to gain more
24
CHAPTER 3
METHODOLOGY
An impeccable way to get a big picture of the scheme of things is to know what to prioritize
first. The proponents decided to employ Agile method, particularly Kanban, to develop the new
- Dulong Bayan.
The proponents chose agile method as the project’s development methodology because: (1)
the proponents need the customer, in this case the REESMII – Dulong Bayan’s IT administrator,
Mr. Michael Alcoriza, available throughout the project. (2) The design must be handed down to
25
REESMII – Dulong Bayan in the earliest time possible. (3) A three-man group is small. As such,
The known stages of a typical agile method are: (1) requirements, (2) planning, (3)
designing, (4) development, (5) releasing, and (6) tracking and monitoring.
3.2 Requirements
Aside from the having to interview and to update REESMII – Dulong Bayan’s IT
administrator, Mr. Michael Alcoriza, from time to time, the proponents needed to know the
complete inventory of the information technology assets of the school, the exact locations of these
The following assets may or may not be connected to any network. According to Mr.
Michael Alcoriza, improving the current state of the computer room of the school, in the context
Floor No. 1
Room/Location Administrator’s Office
Assets Connected With With Internet?
Router Switch & Internet Yes & Wifi
Switch Router and PCs Yes
Accounting PC 1 Switch Yes
Accounting PC 2 Switch Yes
Cahier’s PC Switch Yes
Printer’s PC Switch Yes
Sir Ruther’s PC Switch Yes
26
Floor No. 1
Room/Location Lower-Elementary Department
Assets Connected With With Internet?
Teacher’s PC N/A N/A
Floor No. 2
Room/Location Upper-Elementary Department
Assets Connected With With Internet?
Teacher’s PC N/A N/A
Floor No. 1
Room/Location Computer Room
Assets111 Connected With With Internet?
Student’s PC 1 N/A N/A
Student’s PC 2 N/A N/A
Student’s PC 3 N/A N/A
Student’s PC 4 N/A N/A
Student’s PC 5 N/A N/A
Student’s PC 6 N/A N/A
Student’s PC 7 N/A N/A
Student’s PC 8 N/A N/A
Student’s PC 9 N/A N/A
27
Floor No. 1
Room/Location Preschool Department
Assets Connected With With Internet?
Teacher’s PC N/A N/A
PC 1 N/A N/A
PC 2 N/A N/A
The proponents requested copies of REESMII – Dulong Bayan’s floor plans to map the current
locations of the information technology assets that are required to develop the new network
28
Figure 3.3.4: Upper REESMII - Dulong Bayan Building
The planning stage involves determining the feasible ways to make the new network
infrastructure design of REESMII – Dulong Bayan achieve the proponents’ set criteria: (1)
The proponents used Cisco Packet tracer Version 7.1.1 to design the new network
29
3.4.1 Cisco Packet Tracer Version 7.1.1
This cross-platform visual simulation tool designed by Cisco Systems allows users to create
network topologies and imitate modern computer networks. The software allows users to simulate
the configuration of Cisco routers and switches using a simulated command line interface. This
simulator allowed the proponents to design a new network for REESMII – Dulong Bayan without
needlessly scaring the school’s management into thinking that the proponents will have to design
the new network infrastructure by directly accessing the school’s valuable IT assets.
At this point, the proponents developed the topology based on the demands of the
30
3.6 Releasing Phase
At this point, the network design for REESMII – Dulong Bayan has been released. The
proponents conducted weekly briefings in order to keep track of the stakeholders’ demands and
At this point, the design is expected to be running smoothly as planned. The proponents may
be requested to add new features in this post-release phase depending on the preference of the
stakeholders. Suggestions will be considered as well as feedbacks. Upon the demand of the
stakeholders, the proponents may be directed to restart the whole project if the need arises, but this
will require another agreement because a demand such as this is already out of the project’s scope.
31
CHAPTER 4
The design of the topology was based from these sections of REESMII – Dulong Bayan’s
32
4.2 Device Configurations
4.2.1 Dynamic Host Configuration Protocol (DHCP) and The Network’s Scalability
were manually configured. While this still works for the school, when it grows bigger the
management will have to add more IT assets and or move other IT assets around the campus which
means more IT assets to manually configure. For instance, a computer which is removed from a
network and then added to another will need a new unique-unicast-IP address and subnet mask
(e.g. IP address: 192.0.2.1 and Subnet mask: 255.255.255.0) and the old IP address and subnet
mask will have to be reclaimed. Without dynamic host configuration protocol (DHCP), these
Imagine having to configure 100 desktop computers – that’s 400 processes! If one process
was done erroneously, that means two processes will fail and one desktop computer will not be
connected to the network. If there are overlapping processes, that means the assets which share the
same IP addresses will be affected. Human error is usually the main attrition and risk when it
comes to manual configuration in the absence of DHCP. This makes network scalability for most
organizations challenging.
With a dynamic host configuration protocol (DHCP), these processes will be automated and
will be managed centrally. This is the magic bullet to have a scalable network.
Employing dynamic host configuration protocol (DHCP) to the new network infrastructure
design of REESMII – Dulong Bayan will provide the following benefits for the school:
33
A more reliable IP address configuration. DHCP eliminates configuration errors caused
network administration:
The efficient handling of IP address changes for clients that must be updated
frequently, such as those for portable devices that move to different locations on a
wireless network.
4.2.2 Virtual Local Area Network (VLAN) Segmentation and the Network’s Security
investing in a secure network. With segmented VLANs, separated IT assets’ connection may now
be fully controlled. If one segment has the risk of being com111promised, then block all the
34
Figure 4.2.2.1: An Illustration of a Segmented Network
Employing virtual local area network (VLAN) segmentation to the new network
infrastructure design of REESMII – Dulong Bayan will provide the following benefits for the
school:
VLANs enable logical groupings. When users on a VLAN move to a new physical
location but continue to perform the same job function, the end-stations of those users do
not need to be reconfigured. Similarly, if users change their job functions, they need not
physically move: changing the VLAN membership of the end-stations to that of the new
team makes the users' end-stations local to the resources of the new team. If the accounting
staff of REESMII – Dulong Bayan suddenly wants to be a cashier, the IT staff will just
VLANs reduce the need to have routers deployed. Flooding of a packet is limited to the
switch ports that belong to a VLAN. REESMII – Dulong Bayan only needs one router to
35
Confined broadcast domains. By confining the broadcast domains, end-stations on a
VLAN are prevented from listening to or receiving broadcasts not intended for them.
Moreover, if a router is not connected between the VLANs, the end-stations of a VLAN
cannot communicate with the end-stations of the other VLANs. This is the type of security
which REESMII – Dulong Bayan should invest in because this will improve their current
setup.
Access control list (ACL) is especially important to a school’s network because to put it
simply, you do not want your students to be accessing files which they do not need to learn in the
school’s premises. According to Nanci Ellen of TechTarget: “An access control list (ACL) is a
table that tells a computer operating system which access rights each user has to a particular system
object, such as a file directory or individual file.” Each object has a security attribute that identifies
its access control list. “The list has an entry for each system user with access privileges. The most
common privileges include the ability to read a file - or all the files in a directory - to write to the
Employing access control list (ACL) protocol to the new network infrastructure design of
REESMII – Dulong Bayan will provide the following benefits for the school:
It provides a basic level of security. If you do not configure access lists on your router,
all packets passing through it could be allowed onto all parts of your network. Take for
example a guest’s computer, if there is no ACL, what stops him or her from accessing the
36
It monitors and limits assets’ access to the network. In Figure 5, host A can access the
Human Resources network, and host B is prevented from accessing the Human Resources
network.
While conventional network security often focuses more on routers (e.g. ACL) and blocking
traffic from the outside. Switches are internal to the organization, and designed to allow ease of
Switchport security makes it possible to limit the number and type of devices that are
allowed on the individual switchports. This enables to keep out an unauthorized entry into the
network.
decided to combine the power of access control list (ACL) and switchport security protocol to
secure the network adhering to a hierarchical, top-down approach model. This also added
sophistication in the security aspect of the network by ensuring two layers of protection: (1) the
router and every switch connected to it and (2) the switches and all the assets connected.
REESMII – Dulong Bayan will provide the following benefits for the school:
Fosters network availability. Reduce campus wide network outages caused by broadcast
storms by blocking non-standard hubs and switches. No denial-of-service DoS attack can
stop important activities from happening within REESMII – Dulong Bayan’s premises.
Fosters network reliability. Network port bandwidth can be guaranteed if limited to one
MAC address. Every assets’ internet speed can be limited provided these are connected to
38
Fosters DHCP availability. Reduce the risk of over subscription of DHCP IP Address per
VLAN by limiting one MAC address per port. No non-member of a VLAN group can just
Fosters network security. Limiting one MAC address per switch port is an attack
mitigation strategy. Password encryption and banner motd just to name a few of its
functions.
Network address translation (NAT) is the process where a network device, usually a firewall,
assigns a public address to a computer (or group of computers) inside a private network. The main
use of NAT is to limit the number of public IP addresses an organization or company must use,
The most common form of network translation involves a large private network using
192.168.0to 192.168.255.255). The private addressing scheme works well for computers that must
access resources inside the network. For instance, REESMI – Dulong Bayan’s cashier computers
needing access to file servers and printers. Routers inside the private network can route traffic
between private addresses with no trouble. However, to access resources outside the network, like
the Internet, these computers must have a public address in order for responses to their requests to
Employing network address translation (NAT) to the new network infrastructure design of
REESMII – Dulong Bayan will provide the following benefits for the school:
39
Restricts access to other services. A lack of complete bi-directional connectivity offered
by NAT is desirable as it restricts direct access to the LAN resources. Allocation of a static
IP address makes the network resource a potential target for hackers. The presence of an
simple yet effective solution to the nagging problem of limited telephone address space
offered by the contemporary network protocols such as the IPv4. The NAT process
generates sufficient IP addresses to be used locally that are subsequently mapped to the
network devices, equipment and communication mediums are installed within network
infrastructure. It is a method for ensuring network availability in case of a network device or path
Typically, network path redundancy is achieved through the addition of alternate network
paths, which are implemented through redundant standby routers and switches. When the primary
path is unavailable, the alternate path can be instantly deployed to ensure minimal downtime and
Employing network path redundancy to the new network infrastructure design of REESMII
– Dulong Bayan will provide the following benefits for the school:
40
Peace of mind. Business will not stop abruptly when the primary path becomes
unavailable. Staffs and students of REESMII – Dulong Bayan can count on that.
Minimal downtime. Gone are the days when an organization requires to make a day worth
of maintenance to fix an error. With network path redundancy, an alternate path on standby
can be powered up instantly as soon as the primary path becomes unavailable due to an
4.2.7 Hot Standby Routing Protocol (HSRP) and The Network’s Resiliency: Backup
Hot standby routing protocol (HSRP) is a routing protocol that provides backup to a router
in the event of failure. Using HSRP, several routers are connected to the same segment of an
Ethernet, FDDI or token-ring network and work together to present the appearance of a single
virtual router on the LAN. The routers share the same IP and MAC addresses, therefore in the
event of failure of one router, the hosts on the LAN are able to continue forwarding packets to a
consistent IP and MAC address. The process of transferring the routing responsibilities from one
41
The proponents posit that HSRP is essential to REESMI – Dulong Bayan’s design since one
link failure alone can potentially disrupt its administrative processes. A down-time is not welcome
in any institution.
The spanning tree protocol (STP) was introduced into the networking world as a means to
prevent layer 2 network loops - frame broadcast storms - from disrupting the service of a local area
network. STP uses clever mechanisms to prevent loops by virtually disconnecting redundant links.
The proponents posit that STP is essential to REESMI – Dulong Bayan’s design since a lot
of devices were added to the network. Needless to mention, a lot of connections as well.
Therefore, despite the new design being more effective than its previous network infrastructure, it
42
4.2.9 Link Aggregation and The Network’s Resiliency: QoS
Link aggregation or EtherChannel is the process used to bundle ports together in an ethernet
switch to achieve higher bandwidth. Link aggregation is useful when interconnecting switches
together and when interconnecting other devices to a switch. EtherChannel help improves the
quality of operation when ethernet switches are interconnected using multiple physical interfaces.
The proponents posit that out of the different improvements implemented in the design, link
aggregation is the only improvement which directly addresses quality of service because its
Table 6: Equipment
43
RJ45 Set of 100 Box 2 Php 970 Php 1,940
Gigabyte R220-X31 Server Box 3 Php 24,990 Php 74,970
Total Price = Php 306,380
The proponents estimated the annual gains of REESMII – Dulong Bayan to calculate for
Since the proponents used the following information to calculate for the ROI: (1) REESMI
– Dulong Bayan’s added annual gains after the improvement and (2) equipment’s total price, let
Gains be equal to Added Annual Gains (AAG) and let Investment Costs be equal to Total Price.
The proponents calculated REESMII – Dulong Bayan’s annual gains after the improvement
under the assumption that: (1) advertisements about the improvements took place and (2) more
students flocked the school. The proponents did not include the school’s expenses.
44
Figure: 4.3.3: Academic Expenses
Php 40,000 and the average-annual tuition fee for elementary (private) is Php 80,000.
The proponents assumed that REESMI – Dulong Bayan will have an additional of 5 preschool
Computing for the added annual gains (AAG) of REESMII – Dulong Bayan:
Added Annual Gains = (Preschool Students * Php 40,000) + (Elementary Students * Php 80,000)
45
Computing for the simple ROI:
Php 693,620
Simple Return of Investment (ROI) = Php 306,380 x 100
The annual return of investment is a whopping 226.392%! Although this figure was
calculated in the absence of the school’s annual expense and is only an assumption - particularly
the students that enrolled after the assumed advertisement - it can still be concluded that investing
46
CHAPTER 5
This chapter tackles the overall evaluation of the new-network topology for REESMII –
Dulong Bayan. The strengths and opportunities of the design was discussed here. Everything that
was written in this section was based from the data gathered from the evaluation form handed to
the Ruther E. Esconde School of Multiple Intelligences Inc.’s prime information technology
head, Ms. Karen C. Flores. Although the scores given by the prime IT head was based from her
47
CHAPTER 6
CONCLUSION
Having a scalable, secure, and resilient network is not only an asset to an organization, but
also a wise investment most especially if the means to acquire one is not out of question.
The design is highly functional. Based from the data gathered from the evaluation form, the
design works more than the school intends it to. Wireless-area-network access and secure
connections for the computer room – just to name a few. More importantly, no student can access
unsanctioned sites in the internet while using the assets in the computer room thanks to access
The design is highly reliable. Based from the data gathered from the evaluation form, faulty
switches and or routers now have less impact over the business. School staffs can now rest easy
The design’s usability exceeds the school’s expectations. Based from the data gathered from
the evaluation form, the learning curve to understand the inner workings of the design is not steep.
The design is highly efficient. Based from the data gathered from the evaluation form, no
The design is highly maintainable. Based from the data gathered from the evaluation form,
the network schemes are flexible enough such that it can be modified to meet the school’s needs.
The design is highly portable. Based from the data gathered from the evaluation form, the
network can support additional devices at any given time with less effort.
48
With provably high functionality, high reliability, high efficiency, high maintainability, high
portability, and exceedingly high usability, the proponents indubitably conclude that the new
network topology for REESMII – Dulong Bayan is a scalable, secure, and resilient design which
49
APPENDICES
IP Address Table
VLAN Table
50
Network Address Translation Table
51
Evaluation
52
53
54
Evaluation Photoshoot
55
Network Topology
ISP
56
Building A
57
Building B - 2nd floor
58
Device Configuration
59
duplex auto Pri_Switch
speed auto
! !
interface GigabitEthernet0/1.60 version 12.2
no ip address no service timestamps log datetime msec
! no service timestamps debug datetime msec
interface GigabitEthernet0/2 no service password-encryption
ip address 1.1.1.1 255.255.255.248 !
ip nat outside hostname Pri_Core
duplex auto !
speed auto enable secret 5 $1$mERr$hppjZ6qgFKiQvLDBJrS7O0
! !
interface Vlan1 !
no ip address !
shutdown ip dhcp pool AdminPool
! !
interface Vlan10 !
mac-address 00e0.a375.8d01 spanning-tree mode rapid-pvst
no ip address spanning-tree extend system-id
! spanning-tree vlan 1,20,30,40 priority 0
ip nat inside source list Internet_Access interface spanning-tree vlan 2-19,21-29,31-39,41-1024 priority
GigabitEthernet0/2 overload 24576
ip classless !
ip route 0.0.0.0 0.0.0.0 1.1.1.3 interface Port-channel1
! switchport mode trunk
ip flow-export version 9 !
! interface FastEthernet0/1
! switchport mode trunk
ip access-list extended Guest_Wifi_Access !
deny ip 10.10.60.0 0.0.0.255 host 172.16.100.252 interface FastEthernet0/2
permit ip any any switchport mode trunk
ip access-list standard Internet_Access !
permit 10.10.60.0 0.0.0.255 interface FastEthernet0/3
permit 10.10.10.0 0.0.0.255 switchport mode trunk
permit 10.10.20.0 0.0.0.255 !
permit 10.10.30.0 0.0.0.255 interface FastEthernet0/4
permit 10.10.50.0 0.0.0.255 switchport access vlan 50
! switchport mode access
! !
! interface FastEthernet0/5
! switchport mode trunk
! !
line con 0 interface FastEthernet0/6
! switchport mode trunk
line aux 0 !
! interface FastEthernet0/7
line vty 0 4 switchport mode trunk
login !
! interface FastEthernet0/8
! switchport mode trunk
! !
end interface FastEthernet0/9
switchport mode trunk
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
switchport mode trunk
!
interface FastEthernet0/12
switchport mode trunk
60
!
interface FastEthernet0/13
switchport mode trunk Admin_Switch
!
interface FastEthernet0/14 !
switchport mode trunk version 12.2
! no service timestamps log datetime msec
interface FastEthernet0/15 no service timestamps debug datetime msec
switchport mode trunk no service password-encryption
! !
interface FastEthernet0/16 hostname Admin_Switch
switchport mode trunk !
! enable secret 5 $1$mERr$hppjZ6qgFKiQvLDBJrS7O0
interface FastEthernet0/17 !
switchport mode trunk !
! !
interface FastEthernet0/18 !
switchport mode trunk username cisco privilege 1 password 0 cisco
! !
interface FastEthernet0/19 !
switchport mode trunk spanning-tree mode rapid-pvst
! spanning-tree extend system-id
interface FastEthernet0/20 spanning-tree vlan 1-1024 priority 61440
switchport mode trunk !
channel-group 1 mode desirable interface FastEthernet0/1
! switchport mode trunk
interface FastEthernet0/21 !
switchport mode trunk interface FastEthernet0/2
channel-group 1 mode desirable switchport mode trunk
! !
interface FastEthernet0/22 interface FastEthernet0/3
switchport mode trunk switchport access vlan 10
! switchport mode access
interface FastEthernet0/23 !
switchport mode trunk interface FastEthernet0/4
! switchport access vlan 10
interface FastEthernet0/24 switchport mode access
switchport access vlan 60 !
switchport mode access interface FastEthernet0/5
! switchport access vlan 10
interface GigabitEthernet0/1 switchport mode access
! !
interface GigabitEthernet0/2 interface FastEthernet0/6
! switchport access vlan 10
interface Vlan1 switchport mode access
no ip address !
shutdown interface FastEthernet0/7
! !
! interface FastEthernet0/8
! !
! interface FastEthernet0/9
line con 0 !
! interface FastEthernet0/10
line vty 0 4 !
login interface FastEthernet0/11
line vty 5 15 !
login interface FastEthernet0/12
! !
! interface FastEthernet0/13
! !
End interface FastEthernet0/14
!
61
interface FastEthernet0/15 enable secret 5 $1$mERr$hppjZ6qgFKiQvLDBJrS7O0
! !
interface FastEthernet0/16 !
! !
interface FastEthernet0/17 !
! username cisco privilege 1 password 0 cisco
interface FastEthernet0/18 !
! !
interface FastEthernet0/19 spanning-tree mode pvst
! spanning-tree extend system-id
interface FastEthernet0/20 spanning-tree vlan 1-1024 priority 61440
! !
interface FastEthernet0/21 interface FastEthernet0/1
! switchport mode trunk
interface FastEthernet0/22 !
! interface FastEthernet0/2
interface FastEthernet0/23 switchport mode trunk
! !
interface FastEthernet0/24 interface FastEthernet0/3
switchport access vlan 10 switchport access vlan 20
! switchport mode access
interface GigabitEthernet0/1 !
! interface FastEthernet0/4
interface GigabitEthernet0/2 switchport access vlan 20
! switchport mode access
interface Vlan1 !
no ip address interface FastEthernet0/5
shutdown !
! interface FastEthernet0/6
interface Vlan10 !
mac-address 0060.4701.6401 interface FastEthernet0/7
ip address 10.10.10.250 255.255.255.0 !
! interface FastEthernet0/8
ip default-gateway 10.10.10.3 !
! interface FastEthernet0/9
! !
! interface FastEthernet0/10
! !
line con 0 interface FastEthernet0/11
! !
line vty 0 4 interface FastEthernet0/12
login local !
transport input telnet interface FastEthernet0/13
line vty 5 15 !
login interface FastEthernet0/14
! !
! interface FastEthernet0/15
! !
end interface FastEthernet0/16
!
interface FastEthernet0/17
!
Accounting_Switch interface FastEthernet0/18
!
! interface FastEthernet0/19
version 12.2 !
no service timestamps log datetime msec interface FastEthernet0/20
no service timestamps debug datetime msec !
no service password-encryption interface FastEthernet0/21
! !
hostname Accounting_Switch interface FastEthernet0/22
! !
62
interface FastEthernet0/23 !
! interface FastEthernet0/3
interface FastEthernet0/24 switchport access vlan 30
! switchport mode access
interface GigabitEthernet0/1 !
! interface FastEthernet0/4
interface GigabitEthernet0/2 switchport access vlan 30
! switchport mode access
interface Vlan1 !
no ip address interface FastEthernet0/5
shutdown switchport access vlan 30
! switchport mode access
interface Vlan20 !
mac-address 0001.9641.7701 interface FastEthernet0/6
ip address 10.10.20.250 255.255.255.0 switchport access vlan 30
! switchport mode access
ip default-gateway 10.10.20.3 !
! interface FastEthernet0/7
! !
! interface FastEthernet0/8
! !
line con 0 interface FastEthernet0/9
! !
line vty 0 4 interface FastEthernet0/10
login local !
transport input telnet interface FastEthernet0/11
line vty 5 15 !
login interface FastEthernet0/12
! !
! interface FastEthernet0/13
! !
End interface FastEthernet0/14
!
interface FastEthernet0/15
!
Academic_Switch interface FastEthernet0/16
!
! interface FastEthernet0/17
version 12.2 !
no service timestamps log datetime msec interface FastEthernet0/18
no service timestamps debug datetime msec !
no service password-encryption interface FastEthernet0/19
! !
hostname Academic_Switch interface FastEthernet0/20
! !
enable secret 5 $1$mERr$hppjZ6qgFKiQvLDBJrS7O0 interface FastEthernet0/21
! !
! interface FastEthernet0/22
! !
! interface FastEthernet0/23
username cisco privilege 1 password 0 cisco !
! interface FastEthernet0/24
! !
spanning-tree mode rapid-pvst interface GigabitEthernet0/1
spanning-tree extend system-id !
spanning-tree vlan 1-1024 priority 61440 interface GigabitEthernet0/2
! !
interface FastEthernet0/1 interface Vlan1
switchport mode trunk no ip address
! shutdown
interface FastEthernet0/2 !
switchport mode trunk interface Vlan30
63
mac-address 00e0.8fe2.7601 switchport mode access
ip address 10.10.30.6 255.255.255.248 !
! interface FastEthernet0/7
ip default-gateway 10.10.30.3 switchport access vlan 40
! switchport mode access
! !
! interface FastEthernet0/8
! switchport access vlan 40
line con 0 switchport mode access
! !
line vty 0 4 interface FastEthernet0/9
login local switchport access vlan 40
transport input telnet switchport mode access
line vty 5 15 !
login interface FastEthernet0/10
! switchport access vlan 40
! switchport mode access
! !
End interface FastEthernet0/11
switchport access vlan 40
Com_Lab_Switch switchport mode access
!
! interface FastEthernet0/12
version 12.2 switchport access vlan 40
no service timestamps log datetime msec switchport mode access
no service timestamps debug datetime msec !
no service password-encryption interface FastEthernet0/13
! switchport access vlan 40
hostname Com_Lab_Switch switchport mode access
! !
enable secret 5 $1$mERr$hppjZ6qgFKiQvLDBJrS7O0 interface FastEthernet0/14
! switchport access vlan 40
! switchport mode access
! !
! interface FastEthernet0/15
username cisco privilege 1 password 0 cisco switchport access vlan 40
! switchport mode access
! !
spanning-tree mode rapid-pvst interface FastEthernet0/16
spanning-tree extend system-id switchport access vlan 40
spanning-tree vlan 1-1024 priority 4096 switchport mode access
! !
interface FastEthernet0/1 interface FastEthernet0/17
switchport mode trunk switchport access vlan 40
! switchport mode access
interface FastEthernet0/2 !
switchport mode trunk interface FastEthernet0/18
! switchport access vlan 40
interface FastEthernet0/3 switchport mode access
switchport access vlan 40 !
switchport mode access interface FastEthernet0/19
! switchport access vlan 40
interface FastEthernet0/4 switchport mode access
switchport access vlan 40 !
switchport mode access interface FastEthernet0/20
! switchport access vlan 40
interface FastEthernet0/5 switchport mode access
switchport access vlan 40 !
switchport mode access interface FastEthernet0/21
! switchport access vlan 40
interface FastEthernet0/6 switchport mode access
switchport access vlan 40 !
64
interface FastEthernet0/22 switchport mode trunk
switchport access vlan 40 !
switchport mode access interface FastEthernet0/2
! switchport mode trunk
interface FastEthernet0/23 !
switchport access vlan 40 interface FastEthernet0/3
switchport mode access switchport access vlan 100
! switchport mode access
interface FastEthernet0/24 !
switchport access vlan 40 interface FastEthernet0/4
switchport mode access switchport access vlan 100
! switchport mode access
interface GigabitEthernet0/1 !
! interface FastEthernet0/5
interface GigabitEthernet0/2 !
! interface FastEthernet0/6
interface Vlan1 !
no ip address interface FastEthernet0/7
shutdown !
! interface FastEthernet0/8
interface Vlan40 !
mac-address 0090.0cd6.ad01 interface FastEthernet0/9
ip address 10.10.40.250 255.255.255.0 !
! interface FastEthernet0/10
ip default-gateway 10.10.40.3 !
! interface FastEthernet0/11
! !
! interface FastEthernet0/12
! !
line con 0 interface FastEthernet0/13
! !
line vty 0 4 interface FastEthernet0/14
login local !
transport input telnet interface FastEthernet0/15
line vty 5 15 !
login interface FastEthernet0/16
! !
! interface FastEthernet0/17
! !
end interface FastEthernet0/18
!
interface FastEthernet0/19
!
Server_Switch interface FastEthernet0/20
!
! interface FastEthernet0/21
version 12.2 !
no service timestamps log datetime msec interface FastEthernet0/22
no service timestamps debug datetime msec !
no service password-encryption interface FastEthernet0/23
! !
hostname Server_Switch interface FastEthernet0/24
! switchport access vlan 100
enable secret 5 $1$mERr$hppjZ6qgFKiQvLDBJrS7O0 switchport mode access
! !
! interface GigabitEthernet0/1
! !
! interface GigabitEthernet0/2
! !
spanning-tree mode pvst interface Vlan1
spanning-tree extend system-id no ip address
! shutdown
interface FastEthernet0/1
65
! speed auto
! !
! interface GigabitEthernet0/1
! no ip address
line con 0 duplex auto
! speed auto
line vty 0 4 shutdown
login !
line vty 5 15 interface GigabitEthernet0/2
login ip address 1.1.1.3 255.255.255.248
! duplex auto
! speed auto
! !
End interface Vlan1
no ip address
shutdown
!
ISP router bgp 300
bgp log-neighbor-changes
! no synchronization
version 15.1 neighbor 1.1.1.1 remote-as 65535
no service timestamps log datetime msec network 0.0.0.0 mask 255.255.255.255
no service timestamps debug datetime msec network 100.100.100.0 mask 255.255.255.0
no service password-encryption !
! ip classless
hostname Router !
! ip flow-export version 9
! !
! !
! !
! !
! !
! !
! !
ip cef line con 0
no ipv6 cef !
! line aux 0
! !
! line vty 0 4
! login
license udi pid CISCO2911/K9 sn FTX1524E17G
! !
! !
! !
!
! End
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 100.100.100.1 255.255.255.0
duplex auto
66
BIBLIOGRAPHY
Al Sarhan, R. (2016). Computer Network Design for Universities in Developing Countries. pp.1-
73.
Bandolin, S. (2016). For the Local Area Network (I-AN) Cabling and Rehabilitation. pp.1-61.
Bisht, N. and Singh, S. (2015). Analytical Study of Different Network Topologies. pp.1-127.
Dela Cruz, A., Parabuac, M. and Tiglao, N. (2017). Design and implementation of a low-cost
Dela Rosa, J. (2017). Network Infrastructure Design for Litware Limited. pp.1-58.
Hernandez, J. and Pedroza, C. (2014). The Influence of the Network Topology on the Agility of
Lemuel, A. (2015). Faculty of Science Computer and Mathematics: Champs SDN BHD Network
Design. pp.1-77.
Lunar, M., Dacayo, P. and Idmilao, G. (2015). Wide Area Network Design for Bureau of Fire
Protection. pp.1-134.
67
Meador, B. (2014). A Survey of Computer Network Topology and Analysis Examples. pp.1-103.
Okeke, I. (2014). The Influence of Network Topology on the Operational Performance of the
Pascual, J. (2015). A Network Topology Design for Ron.net Internet Café. pp.1-39.
Santra, S. and Acharya, P. (2013). A Study and Analysis on Computer Network Topology for
68