A network designed in CISCO packet tracer, for a company with requirements provided in a brief. There is also an extension to the task, consisting of an improved version of the network ensuring all requirements are still met, in an improved way
This project originated from a CISCO Packet Tracer Network Building Coursework, with the objective to design, construct, implement, troubleshoot, and test a network for a hypothetical multi-department and multi-site company that met the requirements provided with the task. During the process, a variety of improvements has been identified, however because they were outside of scope of the task, they couldn't be implemented.
One network has been designed within the scope of the task. The second one is a redesign that goes beyond the scope, made to improve resilience, reliability, scalability and performance of the original design, while making it more compatible with real-world enterprise standards.
The first implementation satisfied all assignment requirements and included:
- Inter-VLAN routing via multilayer switching
- Dynamic routing using OSPF
- Basic network segmentation (departmental VLANs)
- DHCP services for automatic IP allocation
- SSH-enabled remote device management
- Access Control Lists (ACLs) for traffic restriction
- Basic WAN connectivity between sites
The network was fully functional and passed connectivity and routing validation tests.
Although operational, several design limitations were identified:
Single Points of Failure
- Single multilayer switch per site
- No gateway redundancy
- Limited WAN failover capability
Limited Layered Security
- No DHCP Snooping
- No Dynamic ARP Inspection
- No structured trust boundaries
Scalability Constraints
- Flat OSPF structure
- Limited hierarchy between core, distribution, and access
- Basic subnetting strategy without long-term expansion planning
Limited Real-World Alignment
- No high availability protocol (e.g., HSRP)
- No structured edge firewall model
- No advanced segmentation for server infrastructure
These limitations formed the basis for the redesigned implementation.
- Dual/redundant multilayer switches per site eliminating single point of failure
- HSRP for gateway redundancy and one multilayer switch to be in standby mode
- Redundant uplinks between access and distribution layers
- Hierarchical core–distribution–access architecture
- Multi-area OSPF with backbone Area 0
- Site-level OSPF areas to reduce routing overhead and a border router at the network edge
- Improved IP addressing structure
- Dedicated management network
- SSH-only remote management with encrypted credentials
- Structured ACL placement and refinement
- Port Security on access interfaces
- DHCP Snooping to prevent rogue DHCP servers
- Dynamic ARP Inspection (DAI) to mitigate spoofing
- Logical isolation of server, user and management networks
- NAT/PAT for controlled outbound access
- Deployment of firewalls at site boundaries with packet inspection policies
- VPN for secure intersite connectivity
- Department segmentation with l2 switches
- Centralised DHCP server deployment
- Dedicated server VLANs
- Segmented management VLAN
- Improved WAN edge configuration
- Structured internal service distribution
The redesigned network achieves:
- Elimination of major single points of failure
- Improved availability and failover capability
- Enhanced routing efficiency and scalability
- Stronger multi-layer security posture
- Better alignment with enterprise networking standards
- Enterprise network design methodology
- Scalable routing design and optimisation
- OSPF multi-area configuration
- VLAN segmentation strategy
- High availability and fault-tolerant system planning
- Risk identification and mitigation in infrastructure design
- Structured troubleshooting and root cause analysis
- Technical documentation and design justification
- Translating business requirements into technical solutions
- Designing beyond minimum requirements with long-term scalability in mind and tackling vulnerabilities spotted
- Cisco Packet Tracer
- OSPF (Single & Multi-Area)
- HSRP
- VLANs & Inter-VLAN Routing
- ACLs (Standard & Extended)
- DHCP
- NAT / PAT
- Port Security
- DHCP Snooping
- Dynamic ARP Inspection
- SSH