Description

1. Project Title

"Establishing and Securing an Enterprise Multi-Department Network Infrastructure "

2. Executive Summary

This project aims to design and implement a comprehensive Local Area Network (LAN) for an integrated enterprise, ensuring complete isolation between departments (Finance, Sales, and Management) to enhance performance and security. The design leverages the Router-on-a-Stick model for inter-VLAN routing, incorporates automation protocols for dynamic IP address allocation, and enforces rigorous security policies, including Port Security and encrypted remote access via SSH.

3. Technologies and Protocols Used

Based on the configuration, the project utilizes a robust suite of networking technologies:

• Inter-VLAN Routing (Router-on-a-Stick): Facilitates communication between different departments via a single physical interface using sub-interfaces.

• VLAN (IEEE 802.1Q): Segments the network into logical groups (VLAN 10 for Finance, VLAN 20 for Sales, and VLAN 30 for Management).

• DHCP (Dynamic Host Configuration Protocol): Automates IP address assignment while reserving specific ranges for servers and gateways through Excluded Addresses.

• Port Security: Secures Layer 2 by binding switch ports to specific MAC addresses using Sticky MAC addresses.

• SSH (Secure Shell): Provides secure, encrypted remote management for network devices, replacing the insecure Telnet protocol.

• Local AAA: Implements a local user database with defined Privilege Levels for controlled access.

• Spanning Tree Protocol (PVST+): Prevents Layer 2 loops and ensures network stability.

4. Technical Achievements

• Network Segmentation: Successfully isolated traffic for each department, reducing collision domains and optimizing overall network speed.

• Automated Address Management: Minimized human error by activating three distinct DHCP pools for efficient resource allocation.

• Device Hardening: Enhanced device security by protecting the Enable Secret password and enabling encryption for all local users.

• Physical Intrusion Prevention: Utilized the violation restrict feature on switch ports to block unauthorized devices from accessing the network.

• Professional Management Infrastructure: Configured domain-name and vty lines to establish a professional environment for secure remote administration