40 Enterprise Network Design and Implementation For Airports
40 Enterprise Network Design and Implementation For Airports
40 Enterprise Network Design and Implementation For Airports
Table of Contents
1
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
Tables Figures
Figure 1 Network Diagram ........................................................................................................................... 5
Figure 2 Network Topology.......................................................................................................................... 6
Figure 3 Figure 4 Work Breakdown Structure of Project ............................................................................. 7
Figure 5 Development plan IP Addressing ................................................................................................... 8
Figure 6 IP Addressing on Switches ............................................................................................................. 8
Figure 7. IP Addresses Access Switches ...................................................................................................... 9
Figure 8 IP Addresses Access Points ............................................................................................................ 9
Figure 9 VLAN Status ................................................................................................................................ 10
Figure 10 VTP status .................................................................................................................................. 11
Figure 11 DHCP pool ................................................................................................................................. 12
Figure 12 Ping test ...................................................................................................................................... 13
Figure 13 EIGRP Status .............................................................................................................................. 14
Figure 14 NAT Show .................................................................................................................................. 14
Figure 15 show ports status......................................................................................................................... 15
Figure 16 ACL Access Control List ........................................................................................................... 15
Figure 17 Pinging Internet router, R1, R2. ................................................................................................. 16
Figure 18 Testing ........................................................................................................................................ 17
Figure 19 Connectivity ............................................................................................................................... 18
Figure 20 Preview ....................................................................................................................................... 19
2
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
1. Executive Summary
In this project we design and implement a secure network for modern airport in which we maintain the
security, quality, and safety of systems. The project has been provided with different utilities to introduce
a network with a high security level for the airport. These utilities are hardware firewalls, an IP access
control list, Mac address port security, a domain server and s proxy server. All of these utilities have been
configured to provide a secure environment for the entire network and to prevent hackers from entering
sensitive departments like the flight management and service providers departments. The total cost of this
project 45,000$ [1]
2. Introduction
Airports are the sensitive places around the world. Technology plays many different roles to protect
and represent a high quality of services for these places. Computer networking is the most crucial part of
modern airports because this new technology takes the most important responsibilities, rather than people
doing the tasks as in previous decades.
We installed and configure the network devices such as switches, routers, computers, IP Phones, & APs.
We made topology and created IP address with minimum wastage of IP addresses. This project also consists
of hardware-based firewalls, an IP access control list, MAC address control, a domain server and a proxy
server are the tools that applied to prevent the hackers accessing the flight management department, which
is the important department for any airport.
The network is designed to be scalable based upon requirements because scalability has been the most
important consideration during the planning phase. Further security appliances such as IPS, IDS, NGFW
etc. can be added to improve security and make the network bullet proof.
3. Project Scope
The project calls for the design and implementation of a secure network for a modern airport based in
South Asia in which we maintain the security, quality, and safety of systems
3
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
4. Project Statement
The project goals and objectives include:
1. Building a highly resilient Network used in large airports and used by millions of uses per year.
2. Building a high throughput network
3. Providing a high security level for the airport’s network
4. Providing a high quality of service for the airport’s network
5. Maintaining the passengers’ safety
6. Maintaining passengers’ info
7. Supporting the FMS (flight management system)
In this project we will implement the security for servers and internal network as well. The project is design
to secure the network from the following threats:
1- Unauthorized access devices.
2- Unencrypted or plaintext information.
3- DHCP Snooping.
4- Internal Access.
5- Project Requirements
Requirements for the network are:
1. All 100 employees be interconnected whether its LAN or WLAN.
2. We’ve to accommodate about 200 IP addresses, since everyone has smartphone and requires
internet connectivity.
3. Employees need internet access
4. Only Cisco Networking devices will be used.
5. The network must be secure, redundant and fast.
4
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
6. Network Topology
The network is connected to the internet with a Firewall and the servers are in a DMZ (Demilitarized
Zone). In this way, the outside world can access the servers but cannot access the internal network. [2]
3 Wireless Access Points are also used for accommodating employees’ smartphones/laptops.
5
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
6
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
7. Required Configuration
Routers, Switches and firewall will have to be configured with at least the following technologies:
1. IP addresses, Basic Security
2. DHCP
3. Routing protocol preferably EIGRP
4. NAT (Network Address Translation
5. ACL (Access Control Lists)
8. Planning
Work Breakdown Structure of project:
7
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
9. Development Plan:
10. IP addressing
Switch1 and Switch2:
The IP Addresses on MLSwitch2 were assigned as proposed, however the interfaces were closed because
there was unidentified problem in communicating between VLANs.
Access Switches:
8
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
The same mistake was made for access points however, since APs are not available in NETSIM, no problem
arose.
Device IP Address Description
AP1 192.168.1.5/26 Wireless VLAN10
AP2 192.168.1.69/26 Wireless VLAN20
AP3 192.168.1.133/26 Wireless VLAN30
AP4 192.168.1.197/26 Wireless VLAN40
10.1 VLANs
Switchport mode access makes the port an access port or a port that can be connected to only a PC or 1
VLAN. Switchport access vlan 10 assigns the port to vlan 10 and creates vlan 10 if it doesn’t exist.
9
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
10
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
11
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
12
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
PC in VLAN 40
As soon as PC is set to get IP Address from DHCP, it gets its IP Address. The following screenshot shows
successful ping from VLAN40 to its gateway, VLAN10’s gateway, VLAN20’s gateway.
13
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
14
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
15
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
10.7 Testing
Pinging Internet router, R1, R2.
16
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
Figure 18 Testing
17
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
10.8 Connectivity
There is a feature of pinging all nodes from all nodes in Riverbed Modeler. Following graph was obtained
as a result:
Figure 19 Connectivity
18
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
Figure 20 Preview
The top line shows the number of packets sent and received whereas the bottom blue line represents the
number of packets lost which is 0. All devices are able to communicate with each other successfully and
same graph was obtained from all devices.
19
ENTERPRISE NETWORK DESIGN AND IMPLEMENTATION FOR AIRPORTS
11. Conclusion
In this report, we present the design and deployment of a secure network for airport. In this project we
configured VLANs, Access and trunk ports, VTP, NAT, EIGRP routing protocol and DHCP on switches
& provide screenshots and test connectivity in depth. The documentation & configuration are the part of
project. The proposed system will provide enhanced security, scalability and high availability and will
satisfy employees in better way.
12. References
[1] Ashraf H. Ali, ""Enterprise Network Design and Implementation for Airports" by Ashraf," 27 April
2016. [Online]. Available: https://scholar.valpo.edu/ms_ittheses/2/. [Accessed 5 May 2019].
[2] W. Staff, "DMZ - demilitarized zone," WEBOPEDIA, N.D N.D N.D. [Online]. Available:
http://www.webopedia.com/TERM/D/DMZ.html. [Accessed 4 April 2019].
[3] Cisco, "Cisco 2951 Integrated Services Router," Cisco, N.D N.D N.D. [Online]. Available:
http://www.cisco.com/c/en/us/products/routers/2951-integrated-services-router-isr/index.html.
[Accessed 4 April 2019].
[4] Cisco, "Cisco Catalyst 2960X-48TS-L Switch," Cisco, N.D N.D N.D. [Online]. Available:
http://www.cisco.com/c/en/us/support/switches/catalyst-2960x-48ts-l-switch/model.html. [Accessed
4 April 2019].
[5] Linksys, "LINKSYS EA9300 MAX-STREAM AC4000 TRI-BAND WI-FI ROUTER," Linksys, N.D
N.D N.D. [Online]. Available: https://www.linksys.com/us/p/EA9300/. [Accessed 7 April 2019].
20
How to Choose a DRM Software to protect your document?