Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title Higher National Diploma in Computing

Assessor Internal Verifier

Unit 15: Transport Network Design
Unit(s)
Design and Implement a network for EMC
Assignment title

Student’s name MNM Sihaf

List which assessment criteria Pass Merit Distinction
the Assessor has awarded.

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinction grade awarded

justified by the assessor’s comments on the Y/N
student work?
Has the work been assessed
Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria? Y/N
• Identifying opportunities for Y/N
improved performance?
• Agreeing actions? Y/N
Does the assessment decision need
Y/N
amending?

Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if required)
Date

Confirm action completed

Remedial action taken
Give details:

Assessor signature Date

Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)

MNM SIHAF TND Assignment Page | 1

Higher Nationals - Summative Assignment Feedback Form
Student Name/ID

Unit Title Unit 15: Transport Network Design

Assignment Number 1 Assessor

Date Received
Submission Date
26/07/2023 1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1 Explore LAN design principles and their application in the network design process
Pass, Merit & Distinction P1 P2 M1
Descripts

LO2 Implement a network using LAN design principles based on a predefined set of requirements
Pass, Merit & Distinction P3 P4 M2 M3 D1
Descripts

LO3 Produce an appropriate WAN solution to a set of organisational requirements

Pass, Merit & Distinction P5 P6 M4 M5
Descripts
LO4 Solve a range of network related problems using appropriate troubleshooting techniques and
methods

Pass, Merit & Distinction P7 P8 M6 D2

Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and
grades decisions have been agreed at the assessment board.

MNM SIHAF TND Assignment Page | 2

Assignment Feedback
Formative Feedback: Assessor to Student

Action Plan

Summative feedback

Feedback: Student to Assessor

Assessor Date
signature

Student sihaf700@gmail.com Date 26/07/2023

signature

MNM SIHAF TND Assignment Page | 3

Pearson Higher Nationals in
Computing
Unit 15: Transport Network Design

MNM SIHAF TND Assignment Page | 4

General Guidelines

1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.

Word Processing Rules

1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.

Important Points:

1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the
before mentioned compulsory information will result in rejection of your work.
2. Avoid using page borders in your assignment body.
3. Carefully check the hand in date and the instructions given in the assignment. Late submissions
will not be accepted.
4. Ensure that you give yourself enough time to complete the assignment by the due date.
5. Excuses of any nature will not be accepted for failure to hand in the work on time.
6. You must take responsibility for managing your own time effectively.
7. If you are unable to hand in your assignment on time and have valid reasons such as illness, you
may apply (in writing) for an extension.
8. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
9. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
10. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation and
a reference list.
11. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course

MNM SIHAF TND Assignment Page | 5

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as
my own without attributing the sources in the correct form. I further understand what it means to copy
another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
3. I know what the consequences will be if I plagiarise or copy another’s work in any of the
assignments for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own,
and where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding
agreement between myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not
attached to the assignment.

Student’s Signature: Date:

(sihaf700@gmail.com) (26/07/2023)

MNM SIHAF TND Assignment Page | 6

MNM SIHAF TND Assignment Page | 7
Higher National Diploma in Business
Assignment Brief
Student Name /ID Number MNM SIHAF/COL00081120

Unit Number and Title Unit 15: Transport Network Design

Academic Year 2021/22

Unit Tutor

Assignment Title

Issue Date

Submission Date

IV Name & Date

Submission format

The submission should be in the form of an individual written report. This should be written in a
concise, formal business style using single spacing and font size 12. You are required to make use
of headings, paragraphs and subsections as appropriate, and all work must be supported with
evidence. You must provide in-text citations and the reference list using Harvard referencing
system.

MNM SIHAF TND Assignment Page | 8

Unit Learning Outcomes:

Learning Outcomes

By the end of this unit students will be able to:

LO1: Explore LAN design principles and their application in the network design process.
LO2: Implement a network using LAN design principles based on a predefined set of
requirements.
LO3: Produce an appropriate WAN solution to a set of organisational requirements.
LO4: Solve a range of network related problems using appropriate troubleshooting techniques
and methods.

MNM SIHAF TND Assignment Page | 9

Assignment Brief and Guidance:

EMC Solutions is a privately owned, well-known Software company located in Colombo.

The Management of EMC Solutions has decided to extend their services to Kandy and as
a result a 3 stories building was purchased in the heart of Kandy. They are
planning to make it one of the state -of-the-art companies in Kandy with
the latest facilities.
It is expected to have nearly 150 employees in Kandy branch.

Department Number of Users Floor

Customer Care 10 1 s t Floor
Sales and Marketing 20 1 s t Floor
Finance 25 2 n d Floor
Legal 5 2 n d Floor
HR 10 2 n d Floor
Developers 55 3 r d Floor
Network Team 5 3 r d Floor
Server Room 8 Servers + SAN 3 r d Floor

Following requirements are given by the Management;

• All the departments must be separated with unique subnet and
should not communicate with each other unless there is a special
requirement.
• 10.254.1.0/24 is given and should be used for all the departments
except the server room. IPs should be assigned using DHCP.
• Server room and SAN should be in 192.168.1.32/2 7 subnet. (Uses
static IPs )
• High level of redundancy is expected in network design to eliminate
single point of failures and traffic bottlenecks.
• Multiple ISP connections need to be configured for gateway

MNM SIHAF TND Assignment Page | 10

 redundancy.
• Link aggregation need to be configure d to improve the Network
performance where necessary.
• Data transmission between Head office and Kandy need to be
secured with a proper WAN design.
• Sales and Marketing Team should be able to access resources at
Kandy office and the head office securely during the field visits.
• Proper methods for networking monitoring and troubleshooting
need to be established.
• Customer Care and Sales team should not be allowed to access the
Finance Web server in Kandy server Room.
• All possible network security mechanisms should be implemented.

Assume you are a trainee network engineer at EMC Solutions. Prepare a network
architectural design and implementation with your suggestions and
recommendations to meet the company requirements.

(Note: Clearly state your assumptions. You are allowed to design the network
according to your assumptions, but main requirements should not be violated)

MNM SIHAF TND Assignment Page | 11

Task 1
1.1. Examine the Network Design Models and their features. Justify your suggestion for
the above scenario.
1.2. Discuss and analyze LAN redundancy, bandwidth and load related issues with
reference to Layer 2/ Layer 3 redundancy protocols , and discuss possible
solutions that could be provided for the above scenario . Evaluate different Link
Aggregation protocols used in the industry and recommend a protocol/protocols
for the above scenario and justify your selection.

Task 2
2.1. Select LAN devices based on features and requirements.
2.2. Provide IP allocation plan and design the network for EMC Solutions (including
WAN) applying basic configuration commands for the network connectivity in the
LAN.
2.3. Implement Layer 2 and Layer 3 redundancy using switch and router redundancy
protocols in your network. Analyse the redundancy implementations for IPv4 and
IPv6. *Note: - Screenshots of Configuration scripts should be presented.

Task 3
3.1. Examine various WAN technologies including different VPN types and analyze the
features, benefits and drawbacks of them. Select the appropriate WAN technology
for EMC solutions.
3.2. Configure appropriate WAN protocols for the above scenario.
*Note: - Screenshots of Configuration scripts should be presented.

MNM SIHAF TND Assignment Page | 12

Task 4
4.1. Explain the importance of Network monitoring and troubleshooting to establish
network baselines and produce network documentation. Deploy the same.
4.2. Troubleshoot the below mentioned LAN and WAN connectivity issues of EMC
Solutions. Develop effective documentation for the used troubleshooting methods
clearly indicating the steps involved and evaluate their effectiveness in solving the
identified issues.
a. Kandy branch users cannot access the resources in the server located at
Colombo Head office.
b. Customer Care users can access File Servers at Kandy branch but Sales
and Marketing users cannot access the same Servers but can access the
Internet.

*Note: - Screenshots of scripts should be presented.

MNM SIHAF TND Assignment Page | 13

Grading Rubric

Grading Criteria Achieved Feedback

LO1 Explore LAN design principles and their application

in the network design process

P1 Examine the network design models and features of

scalable networks based on a given set of business
needs.
P2 Discuss LAN redundancy, bandwidth and load
related issues and possible solutions with reference to
Layer 2 and Layer 3 of the OSI Model.
M1 Analyse the switch and router redundancy protocols
and their effectiveness in supporting scalable
networks..
LO2 Implement a network using LAN design principles
based on a predefined set of requirements

P3 Select LAN devices based on features and

requirements, and apply basic configuration commands
for network connectivity.
P4 Implement a LAN design with Layer 2 and Layer 3
redundancy using switch and router redundancy
protocols.

MNM SIHAF TND Assignment Page | 14

M2 Analyse different switch redundancy protocols and
their effectiveness in solving redundancy issues
M3 Analyse Layer 3 redundancy implementations for
IPv4 and IPv6
D1 Evaluate different implementations of link
aggregation using EtherChannel to solve bandwidth and
load issues
LO3 Produce an appropriate WAN solution to a set of
organisational requirements

P5 Examine WAN technologies and select the

appropriate one for a set of enterprise requirements.

P6 Configure WAN protocols as part of an enterprise

network solution.
M4 Analyse the benefits and drawbacks of private and
public WAN technologies
M5 Evaluate features and benefits of different VPN
types based on organisational needs..

LO4 Solve a range of network related problems using

appropriate troubleshooting techniques and methods

MNM SIHAF TND Assignment Page | 15

P7 Deploy network monitoring tools and
troubleshooting methods to establish network
baselines and produce network documentation.
P8 Troubleshoot LAN and WAN connectivity issues at
different networking layers.
M6 Develop Effective documentation of
troubleshooting methods and steps based on a given
scenario.
D2 Evaluate troubleshooting methods and their
effectiveness in solving enterprise-wide networking
issues..

MNM SIHAF TND Assignment Page | 16

Pearson Higher Nationals in
Computing
Unit 15: Transport Network Design

MNM SIHAF TND Assignment Page | 17

Acknowledgement
First of all, I am always and forever grateful to the almighty. In preparation of my
assignment, I had to take the help and guidance of some respected individuals who deserve
my deepest respect and gratitude. As the completion of this assignment gave me much
pleasure, I would like to show my gratitude to my lecturer Miss Ama for giving me good
guidelines for the assignment throughout numerous consultations. I would also like to expand
my gratitude to all those who have directly and indirectly guided me in finishing this
assignment.

In addition, a big thank you to our co-ordinator who always motivated us throughout this time
period. I also thank the ESOFT Metro Campus for the guidance and space provided.

Last but not the least I would like to thank my parents for their support and my badge mates
for their valuable comments and suggestions on my assignment which gave me an inspiration
to improve the quality of the assignment.

Sihaf

MNM SIHAF TND Assignment Page | 18

Table of Contents
Task 01 ..................................................................................................................................... 21
Task 1.1 ................................................................................................................................ 21
Hierarchical network design model ................................................................................. 21
Suitable network design for EMC Solutions.................................................................... 24
Task 1.2 – Layer 2/ Layer 3 protocols, Link aggregation protocols and Router redundancy
protocols ............................................................................................................................... 26
LAN Redundancy ............................................................................................................ 26
Layer 2 Redundancy protocol .......................................................................................... 27
Layer 3 redundancy protocol ........................................................................................... 28
Bandwidth and Load Balancing ....................................................................................... 28
Router and Switch redundancy protocol .......................................................................... 29
Link Aggregation protocols ............................................................................................. 32
Recommended Link Aggregation for EMC Solutions ..................................................... 35
Task 02 ..................................................................................................................................... 35
Task 2.1 – LAN devices based on features and requirements ............................................. 35
Access layer switches....................................................................................................... 36
Distribution layer switches............................................................................................... 36
Core layer switches .......................................................................................................... 36
Router ............................................................................................................................... 37
Servers .............................................................................................................................. 38
Task 2.2 – IP allocation and network design of EMC Solutions ......................................... 38
IP table used for EMC solutions. ..................................................................................... 38
The blueprint .................................................................................................................... 39
The design in Cisco .......................................................................................................... 40
Configurations .................................................................................................................. 40
Task 2.3: Implementing Layer 2/3 redundancy ................................................................... 60

MNM SIHAF TND Assignment Page | 19

 Layer 2 redundancy .......................................................................................................... 60
Layer 3 redundancy .......................................................................................................... 60
Task 03 ..................................................................................................................................... 61
Task 3.1: WAN Technologies including different VPN types ............................................ 61
Appropriate WAN Technology for EMC Solutions ........................................................ 65
Task 3.2: Configuring appropriate WAN protocols ............................................................. 66
Task 3.3: Virtual Private Networks (VPN) types ................................................................ 69
Types of VPN for EMC Solutions ................................................................................... 69
Task 04 ..................................................................................................................................... 73
Task 4.1: Importance of network monitoring and troubleshooting ..................................... 73
Network Monitoring ........................................................................................................ 73
4.2: Deploying the monitoring tool ...................................................................................... 77
Installing DU meter .......................................................................................................... 77
Monitoring through DU meter ......................................................................................... 79
4.3: Troubleshooting LAN and WAN connectivity issues .................................................. 80
Troubleshooting methodology ......................................................................................... 80
4.4: Access Control List (ACL) Configuration .................................................................... 83
1. Kandy branch users cannot access the resources in the server located at Colombo
Head office. ...................................................................................................................... 83
2. Customer Care users can access File Servers at Kandy branch, but Sales and
Marketing users cannot access the same Servers but can access the internet. ................. 85
References................................................................................................................................ 87

MNM SIHAF TND Assignment Page | 20

 Task 01

Task 1.1

Hierarchical network design model

An organized method for designing and setting up a network infrastructure into various levels
or tiers is the hierarchical network design model. It offers a modular and expandable structure
that divides various network operations and enhances the effectiveness, manageability, and
performance of the network.
Hierarchical network design model is the suggested model for the described scenario for EMC
solutions. The access, distribution, and core layers make up this concept, commonly referred
to as the "three-layer" model. It contains access layer, distribution layer and core layer which
is explained below.

Access layer
The first layer in the Cisco three-layer hierarchical architecture is the access layer. Users can
access the network through this layer. Also, this layer links user devices to the network,
including PCs, IP phones, wireless access points, printers, and scanners. For building a
dependable, scalable, and affordable internetwork, the industry has widely used the Cisco
hierarchical (three-layer) internetworking model. The access, distribution, and core layers are
discussed in this section along with their function in the hierarchical network model.
With a hierarchical network design, the network is divided into distinct layers. The exact
functions that each layer, or tier, in the hierarchy performs help to identify its place within the
larger network. This aids the network designer and architect in choosing the best hardware,
software, and features for that network layer to fulfil particular duties. The design of LANs and
WANs can both use hierarchical structures.

MNM SIHAF TND Assignment Page | 21

Several protocols are used by user devices connected to this layer to find one another, break up
loops and communicate information. This layer provides access to the network for end users.
At this layer, a number of services and security regulations are also configured and enforced.
The following are access layer's primary duties.
• Establishing connections between multiple endpoints and the LAN network.
• Implementing several layer-2 switching services, such as spanning tree, virtual access
control, QoS, PoE, and ARP, and providing layer-2 switching.
• Applying various security measures, such as port security, DHCP snooping, and static
MAC address setting, to stop unauthorized devices from connecting to the Network.
• Access switches are connected switches in this tier. End-devices use the access switches
to join the LAN network. An access switch essentially forwards traffic between
connected devices and the rest of the LAN.

Distribution Layer
The second layer of the Cisco three-layer hierarchical architecture is the distribution layer. The
distribution switches are the switches connected in this layer. Distribution switches don't offer
any services to end devices, in contrast to access switches. Access switches are connected via
distribution switches.
The following are the distribution layer switches' primary responsibilities.
• Establishing communication between the switches at the access layer
• Combining links and traffic from LANs and WANs
• Providing upstream services for the access layer switches in the case of a distinct core
layer.
• Using ACLs to control and filter traffic.
• Controlling broadcast using VLANs.
• Provide load balancing and redundancy.
• Delivering routing services across several VLANs and routing domains
• Serving as a boundary between several LANs and broadcast domains
The distribution layer links the access layer to the core layer if the network has a separate core
layer.

Core layer

MNM SIHAF TND Assignment Page | 22

The Cisco three-layer hierarchical model's third layer is this one. The core switches are those
that operate in this layer. Distribution switches are connected by core switches. Core switches
minimize the amount of cable and switch ports required in complicated and massive networks
while maintaining data transmission across all LAN-connected devices.
Typically, core layer design is not done in small or medium LAN networks. They connect
distribution switches directly rather than constructing a separate core layer. In extensive
networks, this strategy fails.
The network backbone is another name for the core layer. The high-speed network components
that make up the core layer. They connect several campus components, including distribution
modules, service modules, the data centre, and the WAN, and are made to switch packets as
quickly as possible. (Anon., 2021)

Two-tier hierarchical model

The collapsed core model, sometimes referred to as the flat network design or the two-tier
hierarchical network model, is a condensed method of network architecture that merges the
core and distribution layers into a single layer. The access layer is at the bottom of the network's
structure in this model, while the collapsed core layer is at the top.
End-user devices like PCs, printers, and IP phones are linked to the network at the access layer.
Switches or wireless access points that offer local area network (LAN) connection are included
in this tier. The implementation of security regulations, the creation of virtual LANs (VLANs)
for segmentation, and the maintenance of quality of service (QoS) for local traffic fall under
the purview of the access layer.

MNM SIHAF TND Assignment Page | 23

The core and distribution layers are combined into one layer in the two-tier model. Network
traffic arriving from the access layer is collected at this layer. Both LAN local traffic and wide
area network (WAN) connections are handled by it. Usually, the high-capacity switches that
perform switching and routing tasks make up the collapsed core layer.
The two-tier hierarchical network model has a number of benefits. By lowering the number of
layers and devices to install and maintain, it first simplifies network management and
administration. Particularly for small to medium-sized networks with straightforward
requirements, this can lead to cost savings and improved operational efficiency.
The two-tier network model does, however, have significant drawbacks. The three-tier
hierarchical approach, which offers greater flexibility in adding or growing network segments,
may be more scalable but may not be as scalable as this one. Additionally, especially in bigger
and more complicated networks, there may be potential network congestion and bottlenecks
when the core and distribution functions are integrated.
Depending on the network's size and unique requirements, the two-tier hierarchical model may
be chosen. It frequently works well for tiny networks with simple needs and modest scaling
requirements. The two-tier model could be a good fit for businesses that value cost-
effectiveness and simplicity above scalability and versatility.
(CiscoPress, 2014)

Suitable network design for EMC Solutions

A three-tier hierarchical approach would be more appropriate for the EMC Solutions case than
a two-tier model. Below are the reasons why.

MNM SIHAF TND Assignment Page | 24

 • Scalability – Compared to the two-tier model, the three-tier model offers more
flexibility and scalability. A well-known software business, EMC Solutions, intends to
increase the scope of its services in Kandy. The Kandy branch has close to 150
employees, thus it is anticipated that the network infrastructure will need to expand in
the future. By separating the access, distribution, and core operations into different tiers,
the three-tier approach facilitates simpler scaling. As the organization expands, this
facilitates the installation of new network components and segments.
• Network segmentation and security – The three-tier model provides better network
security and segmentation. EMC Solutions mandates that departments be kept apart
with their own subnets and that communication between them be prohibited unless
there is a specific need for it. The distribution layer serves as an additional layer of
security and departmental separation in a three-tier scheme. It can construct VLANs,
enforce access control restrictions, and offer a managed communication border.
• Redundancy and resiliency – The three-tier model has superior redundancy and
resilience by design. Between the access and core levels, the distribution layer serves
as a buffer, improving fault tolerance and minimizing the effects of failures. At both
the distribution and core layers, redundant connections and components can be used to
prevent single points of failure and provide high availability.
• Performance and Traffic Management – Better performance and traffic control
capabilities are provided by the three-tier concept. The network is better able to handle
and prioritize various types of traffic when access, distribution, and core are separated
into their own layers. At the distribution layer, QoS regulations can be implemented to
guarantee that important traffic, like audio or video, is prioritized. The distribution layer
can also offer load balancing and link aggregation to disperse traffic among many
pathways, enhancing overall network performance.
• Future network expansion – The network infrastructure probably has to handle cutting-
edge technology and potential expansions given that EMC Solutions wants to make the
Kandy branch a cutting-edge business with the most modern facilities. The three-tier
model makes it simpler to integrate new services without upsetting the network
architecture, such as enhanced security measures, virtualization, or cloud connectivity.

In summary, the three-tier hierarchical network model is recommended for EMC Solutions due
to its scalability, improved network segmentation and security, redundancy and resiliency,

MNM SIHAF TND Assignment Page | 25

performance and traffic management capabilities, and support for future network expansions.
It provides a robust and flexible framework to meet the organization's current requirements and
accommodate future growth and technological advancements.

Task 1.2 – Layer 2/ Layer 3 protocols, Link aggregation protocols and

Router redundancy protocols

To ensure high availability, ideal performance, and scalability in a network architecture, LAN
redundancy, bandwidth, and load balancing are crucial factors to take into consideration. These
problems can be solved by layer 2 and layer 3 redundancy techniques as well as link
aggregation.

LAN Redundancy
The ability to sustain network resilience requires redundancy. Redundant pathways are
provided between devices by multiple physical links. When a single connection or port fails,
the network can still function. Additionally, redundant networks help spread out the traffic load
and boost capacity. Layer loops must be prevented by managing multiple pathways. The ideal
routes are picked, and in the event that the primary connection fails, a backup path is readily
available. The management of layer redundancy uses "Spanning tree protocols." If the primary
default gateway fails, a client can utilize an alternative default gateway thanks to redundant
devices such as multilayer switches and routers. Now, a client may have several routes to
various potential default gateways.
Network availability is ensured via LAN redundancy in the event of device or link failures.
There are two standard redundancy protocols:
1. Spanning Tree Protocol – Network loops are avoided by STP by obstructing
superfluous pathways. Although it guarantees there is only one active path in the
network, it may result in less-than-ideal bandwidth usage.
2. Rapid Spanning Tree Protocol – RSTP is an improved form of STP that offers quicker
link failover and convergence.
The most possible solution for LAN redundancy for EMC Solutions can be implementing
RSTP across all switches in the network to provide fast convergence and link failover.

MNM SIHAF TND Assignment Page | 26

Layer 2 Redundancy protocol
In order to ensure high availability and fault tolerance in local area networks (LANs), layer 2
redundancy protocol make sure that if one network device or connection fails, another one may
take over without interfering with network communication. These protocols function at the OSI
models data connection layer, or layer 2.
The Spanning Tree Protocol (STP) and its variations, such as the Rapid Spanning Tree Protocol
(RSTP) and Multiple Spanning Tree Protocol (MSTP), are two of the most widely used Layer
2 redundancy protocols. By identifying a single "root bridge" and figuring out the shortest route
from each network device to the root bridge, STP avoids loops in the network. STP reconverges
the network in the event of a link or device loss by dynamically recalculating the shortest path,
enabling the network to function using other pathways.
The Virtual Router Redundancy Protocol (VRRP), another Layer 2 redundancy protocol, offers
redundancy for IP addresses connected to virtual routers. One router serves as the master and
the others as backups in VRRP, which enables several routers to share a virtual IP address.
Another router in the group serves as the new master router in the event that the master router
fails, maintaining connection.
A prominent Layer 2 redundancy protocol that offers first-hop redundancy for IP networks is
the Hot Standby Router Protocol (HSRP). By designating one router as the active router and
the others as standby routers, HSRP enables many routers to operate as a group. The standby
routers are prepared to take over in case the active router fails while the active router manages
traffic.
These Layer 2 redundancy protocols provide advantages such greater network resilience,
higher network uptime, and the ability for automated failover. They make sure that redundant
devices or connections can take over the functioning of the network promptly in the event that
a primary device or link fails, minimizing downtime and maintaining network connectivity.
Layer 2 redundancy techniques improve network dependability and contribute to a more solid
and durable network infrastructure by removing single points of failure.
(Antaira, 2022)

MNM SIHAF TND Assignment Page | 27

Layer 3 redundancy protocol
The OSI model's network layer, or Layer 3, is where layer 3 redundancy methods are intended
to ensure high availability and fault tolerance. With the help of these protocols, network
connectivity and routing capabilities are maintained even in the event that one router or link
fails.
The Virtual Router Redundancy Protocol (VRRP) is a popular Layer 3 redundancy protocol.
With VRRP, many routers may operate as a single unit, with one acting as the virtual router
master and the others serving as backups. The backups keep track of the virtual router master's
availability while the master manages traffic for a particular IP subnet. In the event of a master
failure, one of the backups is chosen to serve as the replacement master, maintaining routing
services.
The Hot Standby Router Protocol (HSRP) is another common Layer 3 redundancy protocol. In
order for HSRP to function, a set of routers is used, with one acting as the active router and the
rest acting as standby routers. The standby routers keep track of the availability of the active
router while the active router sends traffic. One of the backup routers becomes the new active
router in the event that the active router fails, maintaining routing operations.
Another Layer 3 redundancy technique that enables many routers to share a virtual IP address
as the default gateway for a network is the Gateway Load Balancing technique (GLBP). GLBP
uses a load-balancing algorithm to spread traffic among many routers and offers automated
failover in the event of router failure.
These Layer 3 redundancy protocols provide advantages including enhanced network
performance, greater network availability, and seamless failover capabilities. They guarantee
that the network can continue to route traffic uninterrupted even in the case of a router or
connection failure. In settings where continuous communication and little downtime are
essential, such as business networks, data centres, and service provider networks, Layer 3
redundancy protocols are essential.
(Stibbards, 2021)

Bandwidth and Load Balancing

Using bandwidth and load balancing techniques, network performance can be increased, traffic
can be split over several links, and congestion can be avoided. Two popular methods are:
1. Layer 2 Link Aggregation (LAG) – LAG merges many physical lines into a single
logical link. It is also known as EtherChannel or port-channel. It offers higher
bandwidth and device load balancing.

MNM SIHAF TND Assignment Page | 28

 2. Layer 3 Equal Cost Multipath (ECMP) – In a routed network, ECMP divides traffic
among numerous equal-cost paths. It distributes traffic among several next-hop IP
addresses.
According to bandwidth and load balancing the best solution for EMC is Link Aggregation
Protocols. It is advised to use LACP (Link Aggregation Control Protocol) for link aggregation
in the context of EMC Solutions. As it is a standard protocol supported by various vendors
including Cisco used for LAG.
An industry-standard protocol which is LACP enables automatic link aggregation group
establishment and dynamic negotiation. It offers improved flexibility and interoperability,
making it a good option for a multi-vendor setting.
LACP can be used to connect many physical links into a single logical link, boosting available
bandwidth and enabling load balancing. This would guarantee effective network resource use
and enhance overall network performance for EMC Solutions.
The network architecture for EMC Solutions would fulfil the needs of high availability,
bandwidth optimization, and load balancing by utilizing RSTP for LAN redundancy and LACP
for link aggregation.

Router and Switch redundancy protocol

Redundancy protocols for switches and routers are essential for maintaining the availability,
fault tolerance, and scalability of networks. These protocols offer techniques for load
balancing, failover, and effective use of network resources. Let's examine a few of the often-
employed switch and router redundancy mechanisms and how well they support scalable
networks:

Spanning Tree Protocol (STP) and Rapid Spanning Tree protocol (RSTP) – In Layer 2
networks, STP and RSTP offer loop prevention and link redundancy. In order to avoid loops
and enable failover in the event of link or switch failures, they block duplicate paths. They may
produce sub-optimal bandwidth consumption and slower convergence times in bigger
networks, even though they are successful for small to medium-sized networks.

Virtual Router Redundancy Protocol (VRRP) – By supplying a virtual IP address that is shared
among a group of routers, VRRP enables router redundancy. In order to enable seamless
failover in the event of router failure, it makes sure that one router serves as the primary

MNM SIHAF TND Assignment Page | 29

gateway and the others serve as backups. By dividing traffic among several routers, VRRP
offers load balancing and scalability.

Hot Standby Router Protocol (HSRP) and Gateway Load Balancing Protocol (GLBP) – Similar
to VRRP, Cisco's proprietary HSRP and GLBP protocols offer load balancing and router
redundancy. While GLBP offers load balancing across several routers using virtual MAC
addresses, HSRP supports failover to a backup router. By dispersing traffic and offering
redundancy at the router level, these technologies improve network scalability.
Open Shortest Path First (OSPF) Protocol – Dynamic routing protocols like OSPF enable load
balancing, quick convergence, and scalability. Multiple equal-cost paths are possible, allowing
for load balancing over a variety of routes and enhancing network scalability. Scalability is
provided via OSPF's hierarchical structure and regions, which divide the network into smaller
portions.

Border Gateway Protocol (BGP) – BGP is a routing protocol for outside gateways that is used
between autonomous systems. By effectively transmitting routing information and carrying out
path selection based on policies, it provides scalability and resilience in large-scale networks.
Hierarchical routing is made possible by the autonomous system (AS) structure of BGP, which
minimizes the size and complexity of routing tables.

Overall Redundancy protocols for switches and routers are crucial for enabling scalable
networks because they offer fault tolerance, load balancing, and effective resource use. These
protocols allow for network growth without sacrificing availability and efficiency. Networks
can be scaled effectively using protocols like VRRP, HSRP, GLBP, OSPF, and BGP, which
enable redundancy and load distribution among numerous devices and pathways. Scalability is
supported by dynamic routing protocols like OSPF and BGP's hierarchical structure, effective
routing table maintenance, and capacity for handling massive networks. To guarantee that these
protocols are effective in supporting scalable networks, it is crucial to appropriately design and
optimize them based on the size, complexity, and traffic patterns of the network.
In summary, dynamic routing protocols and switch and router redundancy protocols are
essential elements in creating scalable networks. They offer resource utilization that is
effective, load balancing, and redundancy, allowing networks to expand and adjust to changing
demands.

MNM SIHAF TND Assignment Page | 30

 (Anon., 2022)
In scalable networks, switch and router redundancy protocols are essential for maintaining high
availability and fault tolerance. These protocols offer techniques for load balancing and
failover, enabling uninterrupted operation even in the case of device malfunctions or link
interruptions. Here are a few popular redundancy protocols together with information on how
well they support scalable networks.
STP, a Layer 2 redundancy technology, stops network topologies from looping. A root bridge
is chosen, and redundant links are blocked while determining the quickest route to each
network segment. STP offers fundamental redundancy, but because of its blocking mechanism,
it may not utilize the network to its full potential. Furthermore, the convergence times are
slower. STP reduces bandwidth use by disabling redundant links, making it unsuitable for
highly scalable networks. Additionally, STP takes longer to converge in bigger networks,
which might cause network outage during topology changes.
(Sheldon, 2021)
STP can be improved upon with the Rapid Spanning Tree Protocol (RSTP), which provides
quicker convergence times and less downtime. It offers additional port roles that enable quicker
connection transitions during topology changes, like backup and alternate ports. RSTP is more
effective than STP at identifying and fixing network changes.
Compared to STP, RSTP is more suited for scalable networks. Due to its quicker convergence
times, network changes and topology changes need less downtime. However, load balancing
is not a feature of RSTP; it is still only capable of Layer 2 redundancy.
(kmbh, 2021)
The Layer 3 virtual router redundancy protocol (VRRP) offers redundancy for the default
gateway. It enables numerous routers to cooperate as a single gateway and share a real IP
address. While the other routers are in standby mode, one router takes on the active duty. When
the active router dies, one of the backup routers effortlessly takes over.
As it offers a dependable and seamless failover solution for default gateway redundancy, VRRP
is effective in scalable networks. Clients are guaranteed constant connectivity, and scaling is
possible by including additional routers in the VRRP group.
(Juniper, 2022)
Similar to VRRP, Hot Standby Router Protocol (HSRP) offers redundancy for the default
gateway. It makes it possible for several routers to operate in active-standby harmony. While

MNM SIHAF TND Assignment Page | 31

the backup router waits to take over in the event of a breakdown, the active router forward
traffic.
Scalability is achieved using HSRP since it makes it simple to add new routers to the group. It
offers load balancing and smooth failover capabilities. However, because HSRP is a Cisco-
exclusive protocol, compatibility in situations with several vendors may be constrained.
(Sharma, 2022)
An external routing protocol utilized by different autonomous systems is called Border
Gateway Protocol (BGP). Through its capacity to choose several paths based on different
criteria, it offers redundancy and load balancing. Multiple connections to various ISPs can be
established using BGP for redundancy and traffic optimization.
BGP performs exceptionally well in scalable networks, especially in service provider and big
enterprise networks. It features strong routing policies, route aggregation scalability, and the
capacity to split traffic across numerous ISP connections.
(Fortinet, 2022)
In conclusion, it is crucial to consider redundancy protocols that offer quick convergence, load
balancing abilities, and seamless failover while designing a scalable network. Different
characteristics offered by protocols like STP, RSTP, VRRP, HSRP and BGP are useful for
varied network requirements and layer requirements. The choice of redundancy protocols is
influenced by various elements, including network size, topology, and particular business
requirements.

Link Aggregation protocols

In order to enhance bandwidth, provide redundancy, and enable load balancing, the Link
Aggregation Protocol, also known as Link Aggregation Control Protocol (LACP) or IEEE
802.3ad, is a protocol that combines many physical network lines into a single logical link.
Multiple parallel links between network equipment, such as switches or routers, can be
considered as a single logical link thanks to link aggregation. To the linked devices, this logical
connection, often referred to as a Link Aggregation Group (LAG) or Link Aggregation Bundle,
appears as a single high-bandwidth connection.
Multiple full-duplex Ethernet lines that are all operating at the same speed are combined via
link aggregation into a solitary logical link with a single Media Access Control (MAC) address.
(Prinka, 2021)
Benefits of link aggregation

MNM SIHAF TND Assignment Page | 32

Link aggregation protocols, like LACP, make it easier for network devices to negotiate and
dynamically configure link aggregation. To decide which links should be aggregated and to set
the settings for the logical link, LACP exchanges control messages between devices.
Link aggregation can be set in a variety of ways, such as Active mode, in which the link
aggregation group is actively negotiating and exchanging control messages, and Passive mode,
in which the device merely reacts to received control messages. The link aggregation group's
member devices are coordinated and compatible thanks to these modes.
Other than this there are more benefits which is mentioned below,
• Increased bandwidth – Link aggregation enhances the overall bandwidth available by
aggregating numerous links. This is particularly helpful in high-demand settings like
data centres where a single connection would not be able to manage the necessary
traffic.
• Redundancy – By enabling one or more links to fail without bringing the entire network
down, link aggregation offers redundancy. Traffic is automatically diverted to the other
active links in the event that one link goes down, maintaining connectivity.
• Load balancing – By spreading traffic over several links, link aggregation keeps any
one link from getting overloaded. As a result, the network performs better, and the
bandwidth is used more effectively.
• Flexibility – Network capacity may be easily scaled and increased thanks to link
aggregation. The aggregation group can be expanded as necessary, giving flexibility to
meet expanding network demands.

In business networks, data centres, and other settings where high bandwidth, redundancy, and
load balancing are crucial, link aggregation is frequently employed. It offers a practical and
affordable option for enhancing the performance and resilience of networks.
(Prinka, 2021)

MNM SIHAF TND Assignment Page | 33

There are 2 protocols used to create link aggregation. They are,
• Link Aggregation Control Protocol (LACP) – The IEEE 802.3ad standard defines
LACP, an industry-standard protocol. Between network devices, it provides dynamic
negotiation and automated configuration of link aggregation. In order to decide which
links should be aggregated and to create the parameters for the logical link, LACP
functions by sending control messages between devices. The link aggregation group's
member devices are compatible with one another thanks to LACP, which allows active
and passive modes of operation.
• Port Aggregation Protocol (PAgP) – Cisco uses the proprietary PAgP protocol for link
aggregation. By permitting dynamic negotiation and link aggregation group
establishment, it works similarly to LACP. To set up and manage link aggregation,
Cisco equipment communicate via PAgP using control messages. Both desired and
automatic aggregation negotiation modes are supported by PAgP, with desirable mode
actively negotiating the aggregation and automatic mode waiting for the other device
to start the discussion.

Similar capability is offered by both LACP and PAgP, which accomplish link aggregation by
fusing many physical links into a single logical link. To construct a successful aggregation, it
is crucial to make sure that the devices on both ends of the link aggregation group support the
same protocol. While PAgP is exclusive to Cisco devices, LACP is an open standard protocol
that is widely supported by other vendors. When operating in a heterogeneous network
environment or when compatibility with non-Cisco devices is necessary, LACP is advised.

MNM SIHAF TND Assignment Page | 34

 (Dooley, 2016)

Recommended Link Aggregation for EMC Solutions

For link aggregation with EMC Solutions, the Link Aggregation Control Protocol (LACP) is
advised. Since LACP is an industry-standard protocol as described by the IEEE 802.3ad
standard, a wide range of networking equipment from diverse vendors support it.
In order to build a reliable and adaptable network infrastructure, EMC Solutions must provide
compatibility and interoperability with a wide range of networking hardware. Multiple physical
connections can be combined into a single logical link using the dynamic negotiation and
automated configuration features of LACP.
There are various advantages of using LACP for link aggregation in the network of EMC
Solutions. It increases redundancy by enabling failover in the event of link failures, permits
improved bandwidth by aggregating numerous connections, and offers load balancing
capabilities to spread network traffic across the aggregated lines. Additionally, LACP supports
both active and passive modes of operation, giving users a variety of configuration options
based on the particular needs of their network.
Due to its extensive use, interoperability with a variety of devices, and flexibility in terms of
bandwidth extension, redundancy, and load balancing, LACP is often the suggested option for
link aggregation in EMC Solutions.

Task 02

Task 2.1 – LAN devices based on features and requirements

So, we can conclude two characteristics about a LAN from its name, its locality and the fact
that its devices are networked. And that local component is what really distinguishes a LAN
from other network types like Wide Area Networks (WANs) and Metropolitan Area Networks
(MANs).
LANs are normally restricted to a single building, though this is not a strict requirement. There
could be only a few devices in that space, which could be your home or a small business. A
much larger space, such as an entire office building with hundreds or thousands of devices,
may likewise exist.

MNM SIHAF TND Assignment Page | 35

The LAN devices can be Access layer switches, Distribution layer switches, Core layer
switches, Router and Firewalls which are used in EMC Solutions.

Access layer switches

The access layer is the lowest level and most basic layer in the hierarchical networking model
of these three layers. A Layer 2 switch that supports the connectivity of end node devices to
the network is an access layer switch. Comparing it to switches at the distribution layer, it is
generally not a high-powered switch.

Distribution layer switches

A distribution switch is a switch from the distribution layer that serves as a vital link and bridge
between the access layer switch and the core layer switch. A distribution switch is also referred
to as an aggregation switch for this reason. Also, the distribution switch makes sure that
corporate traffic is correctly routed between subnets and VLANs. The workgroup layer switch
is another name for this layer switch.

Core layer switches

The topside core layer switch is used by the other access and distribution layers in the enterprise
hierarchical network design. In some cases, core switches must deal with external traffic from
other egresses devices. It aggregates all the traffic flows from distribution layer devices and
access layer devices. Thus, sending high numbers of packets is crucial for core switches. High-
speed switches and routers that are tuned for performance and availability always make up the
core layer.
The switch used in EMC Solutions is the 2950-24 switch. Cisco 2950-24 switch offers a range
of features and capabilities for small to medium-sized businesses. The Cisco Catalyst 2950-24
switch has 24 Fast Ethernet ports, which support data transfer rates of up to 100 Mbps. It
operates at Layer 2 of the OSI model and supports various Layer 2 switching features, such as
forwarding and filtering network traffic based on MAC addresses, VLANs, Spanning Tree
Protocol, Quality of Service features, management and monitoring capabilities, and Power over
Ethernet capabilities. It can be interconnected with other switches to create larger network
topologies and supports stacking using Cisco's Stack Wise technology.

MNM SIHAF TND Assignment Page | 36

Router
In order to facilitate secure data transfer between the head offices and the Kandy branch, the
router should offer Virtual Private Network (VPN). In order to control access to resources and
guarantee network security, it should also provide Access Control Lists (ACLs).
A router is a layer 3 device which is used to transmit packets from one network to another.
Based on the destination IP address and the entry in the routing table, it passes the packet
through one of its ports. It locates an ideal path between the source and destination networks
by using a routing table.
The router used for EMC solutions is the 2811 router. A network device made by Cisco
Systems is the 2811 router. It is intended for branch offices or small- to medium-sized
organizations and is a member of the Cisco 2800 family of routers. The 2811 router is ideal for
a variety of networking requirements thanks to its extensive feature set and functionalities.
The 2811 router is designed to route network traffic between different networks. It provides
built-in security features, voice and video capabilities, multiple WAN interfaces, and LAN
connectivity. It has a modular design that allows for expansion and customization and can be
managed and configured using Cisco's command-line interface (CLI) or web-based GUI. It
also supports various management protocols like Simple Network Management Protocol
(SNMP) and Remote Monitoring (RMON).

MNM SIHAF TND Assignment Page | 37

Servers
A LAN server, also known as a file server, is a specialized, fast computer that stores the files
and application applications for computers connected to a network. Access to programs and
files on a LAN server is granted by a network administrator. LAN users can download
programs and files so they can access them straight from their device's hard disk.
The server used in EMC Solutions is the packet tracer server. Packet Tracer provides a
simulated environment to practice server configurations, but does not offer the same
performance, scalability, or real-world constraints as physical servers.

Apart from the LAN devices end devices like PCs are also used here so that it can be connected
to a LAN and communicate with other devices on the network such as servers, switches and
routers.
The requirements of each department will determine the precise type of Computers used.
Developers might need high-performance workstations with powerful CPUs, plenty of RAM,
and dedicated graphics cards, whereas customer care and sales teams might simply need entry-
level desktop or laptop computers.
(Anon., 2018)

Task 2.2 – IP allocation and network design of EMC Solutions

IP table used for EMC solutions.

Departmen Developers Finance S&M HR CC Legal Network team

t
No of 55 25 20 10 10 5 5
users

Block size 64 32 32 16 16 8 8

MNM SIHAF TND Assignment Page | 38

Network 10.254.1.0 10.254.1.64 10.254.1.96 10.254.1.128 10.254.1.144 10.254.1.160 10.254.1.168
ID

First usable 10.254.1.1 10.254.1.65 10.254.1.97 10.254.1.129 10.254.1.145 10.254.1.161 10.254.1.169

IP

Last usable 10.254.1.62 10.254.1.94 10.254.1.126 10.254.1.142 10.254.1.158 10.254.1.166 10.254.1.174

IP

Broadcast 10.254.1.63 10.254.1.95 10.254.1.127 10.254.1.143 10.254.1.159 10.254.1.167 10.254.1.175

ID

Subnet 255.255.255.19 255.255.255.22 255.255.255.22 255.255.255.24 255.255.255.24 255.255.255.24 255.255.255.24

mask 2 4 4 0 0 8 8

Vlan id 10 20 30 40 50 60 70

Variable Length Subnet Mask (VLSM), which is used to assign IP addresses to various
corporate departments, as shown in the IP table. By allocating various subnet masks to
various subnets in accordance with the size needs of each subnet, VLSM enables more
effective utilization of IP addresses.
The company has assigned various subnet sizes to each department based on its own user
counts using VLSM. The subnet sizes are selected to support the user base and offer a
enough number of usable IP addresses.
For instance, the Developers department is given a subnet with a block size of 64, resulting
in 62 usable IP addresses, although having 55 users. The network ID of the subnet is
10.254.1.0, and the first and last usable IP addresses are 10.254.1.1 and 10.254.1.62,
respectively. This subnet's subnet mask is 255.255.255.192. Additionally, VLAN ID 10 is
linked to the Developers department.
Similar to this, VLSM is used to assign IP addresses to other departments based on the
number of users in those departments. As a result, each department has a unique subnet size,
network ID, useable IP address, subnet mask, and VLAN ID.

The blueprint

MNM SIHAF TND Assignment Page | 39

 The design in Cisco

Configurations

MNM SIHAF TND Assignment Page | 40

Configuring a hostname to the router and adding banner

Setting date and time

MNM SIHAF TND Assignment Page | 41

Sub – interface configuration

MNM SIHAF TND Assignment Page | 42

MNM SIHAF TND Assignment Page | 43
Port security

MNM SIHAF TND Assignment Page | 44

Creating vlans and Trunking
In the main switch

In department switch

MNM SIHAF TND Assignment Page | 45

MNM SIHAF TND Assignment Page | 46
VLAN Test cases from department to department

MNM SIHAF TND Assignment Page | 47

MNM SIHAF TND Assignment Page | 48
MNM SIHAF TND Assignment Page | 49
DHCP configuration

MNM SIHAF TND Assignment Page | 50

DHCP configuration test cases

MNM SIHAF TND Assignment Page | 51

MNM SIHAF TND Assignment Page | 52
MNM SIHAF TND Assignment Page | 53
PC Tracert test case from department to department

MNM SIHAF TND Assignment Page | 54

MNM SIHAF TND Assignment Page | 55
MNM SIHAF TND Assignment Page | 56
Password Configuration
1. Console password Configuration

MNM SIHAF TND Assignment Page | 57

2. Auxiliary Password Configuration

MNM SIHAF TND Assignment Page | 58

3. Telnet password Configuration

MNM SIHAF TND Assignment Page | 59

Task 2.3: Implementing Layer 2/3 redundancy

Layer 2 redundancy

Layer 3 redundancy

MNM SIHAF TND Assignment Page | 60

Task 03

Task 3.1: WAN Technologies including different VPN types

Wide area networks, or WANs, are private networks that link LANs and numerous
geographically dispersed locations together. A company's wide area network (WAN) links its
headquarters with branch offices and other locations so those remote locations can access
corporate resources and applications. A WAN may use wired or wireless connections, privately
owned or those acquired from a service provider, as well as both types of connections.
Enterprises continue to prefer wired WANs. Below are some WAN technologies and VPN
types.

ROBO – The term "remote office/branch office," or "ROBO," refers to a company location
that is not the corporate headquarters. ROBOs might perform the same functions as the main
office or offer a unique, customized service. ROBOs may be just a few kilometres from the
main office or may be located abroad. Since IT employees are typically based in main offices,
problems can be solved and data storage for ROBOs is ensured remotely, which might present
problems for either side.
Benefits of ROBO
• Organizations can better serve local markets, clients, or customers by establishing local
presences in a variety of locales thanks to ROBO.
• Organizations can cut expenditures on travel, logistics, and infrastructure by
decentralizing operations by using ROBO locations. Cost savings and better resource
allocation may result from this.
• By placing staff members closer to their workplaces, cutting down on commuting times,
and offering localized support, ROBO locations can increase productivity. Employee
efficiency and satisfaction may rise as a result.
• Better business continuity and catastrophe recovery planning may be facilitated by
ROBO sites. Other ROBO locations can carry on with business if one location
encounters an interruption or outage, minimizing downtime and guaranteeing ongoing
services.
Drawbacks of ROBO

MNM SIHAF TND Assignment Page | 61

 • Keeping processes, IT infrastructure, and security uniform across all ROBO locations
can be difficult when managing several ROBO locations. For centralized management,
this may call for more resources and work.
• It might be difficult to ensure dependable and secure network connectivity between the
main office and ROBO locations, especially when working with remote or dispersed
geographical areas. Strong networking solutions and dependable service providers
might be needed for this.
• ROBO sites could make maintaining data security and compliance standards more
difficult. In a decentralized system, maintaining consistent security controls, data
backups, and local law compliance may be more difficult.
• Careful planning and coordination may be needed when allocating resources and
organizing activities among various ROBO locations. This include overseeing the
management of personnel, assets, supplies, and resource allocation in general.
(Paul, 2023)

VPN – A virtual private network is software that establishes secure connections between
authorized remote workers with a company's network and resources. VPN client software
typically uses remote access and site-to-site setups and operates on individual user devices.
Employees in branch offices initially utilized VPNs as a secure, economical way to access
company systems. VPNs are now beneficial for BYOD, mobile workers, remote workers, and
more.
Benefits of VPN
• In comparison to MPLS or dedicated leased lines, Internet VPNs are less expensive.
• They provide adaptability, scalability, and secure connectivity for branch offices and
remote users.
• VPNs are simple to set up and manage, and encryption guarantees data privacy.

Drawbacks of VPN
• Traffic on the internet and variable network circumstances might have an impact on
VPN performance.
• It can be difficult to maintain VPN infrastructure and make sure security settings are
correct.

MNM SIHAF TND Assignment Page | 62

 • For network security, VPNs could necessitate extra steps like installing firewalls and
intrusion detection systems.
(Zohair, 2021)

MPLS – Multiprotocol Label Switching sometimes known as MPLS, is a routing method used
to control and amplify network traffic flows. MPLS uses labels, which carry details about a
packet's predetermined path and priority level, to transport traffic by forwarding data packets
at Layer 2 rather than Layer 3. Due to its superior performance, high level of service, and
dependability, MPLS has maintained its popularity among businesses despite its greater cost.
Additionally, MPLS works with any protocol or mode of transport, including IP and Ethernet.
Benefits of MPLS
• Low latency, minimum packet loss, and consistent and predictable performance are all
features of MPLS.
• For added security, it can be used in conjunction with encryption methods and provides
secure connectivity.
• Multipoint connectivity is supported by MPLS, enabling effective interconnection of
numerous branches.

Drawbacks of MPLS
• MPLS can be expensive, especially for businesses with numerous locations.
• For network improvements or expansions, collaboration with service providers can be
necessary.
(Anon., 2022)
Frame Relay – This is a layer 1 and layer 2 operating open system linking wide area network
(WAN) protocol. Therefore, even if high bandwidth, stability, and flexibility are achievable for
a customer compared with Leased Connections, the value can be minimized through fewer
tools, easier installation, and less complexity. Frame relays are telecom services that use packet
switching for low-cost data transport between local area networks (LAN) and wide area
networks for sporadic traffic (WAN). Frame Relay speeds up data transport by transferring
data to a frame-sized unit and leaving any necessary error correction at the endpoints. Local
area networks (LAN) with T-1 lines on significant backbones, as well as Public Wide Area
Networks (WAN) and Private Network Environments (PNE) with the lease, are frequently
connected via frame relay. Data is transferred to the Private VC Network rather than the open

MNM SIHAF TND Assignment Page | 63

Internet, which further increases security. Large organizations use this technology often
nowadays to guarantee that data is transferred to numerous LAN locations at a high level and
securely.
Benefits of Frame Relay
• It moves at faster speeds. This is because there is no mistake detection, which makes it
less costly. It delivers higher performance than X.25.
• As needed, the bandwidth is dynamically assigned.
• Due to the inclusion of the congestion management method, the overhead network is
reduced.
• It permits 9,000-byte frame sizes, which are adequate for all LAN frame kinds.
• It is less expensive than typical WAN networks.
• It offers timing and performance guarantees.
Drawbacks of Frame Relay
• The frame relay does not have access to flow or error controls. Protocols at the upper
layers should take this into consideration.
• Packets are additionally delayed by each node they transit through.
• It permits frames with varied lengths, allowing different users to produce different
delays.
• Sensitive data, like speech or video, cannot be delivered in real time because to the
various delays.
(Anon., 2022)
SD-WAN – An upcoming WAN technology is a software-defined WAN. In order to route
traffic over a network, it employs principles from software-defined networking. To increase
bandwidth and move data, SD-WAN builds a virtual overlay on top of already-existing WAN
lines and connections. Businesses can utilize SD-WANs to set up failover strategies and
prioritize business-critical traffic. The goal of SD-WANs, which are controlled by centralized
controllers, is to make network operations such as security and dependability simpler.
Benefits of SD – WAN
• Through intelligent traffic routing and optimization, SD-WAN enables improved
application performance.
• It increases network scalability and agility, making the addition of new branches or
links efficient.

MNM SIHAF TND Assignment Page | 64

 • As an alternative to pricey MPLS connections, SD-WAN can make use of cellular or
internet connections that are more affordable.

Drawbacks of SD – WAN
• SD-WAN implementation and management can call for particular training and
experience.
• To suit certain requirements, SD-WAN solutions may need to be carefully evaluated
due to their different capabilities.
• To deploy SD-WAN successfully, additional hardware or software may be required,
depending on the solution.
(Sturt, 2022)

Appropriate WAN Technology for EMC Solutions

The user chooses to use Frame Relay as the organization's best WAN technology for the
EMC solution. The main benefit of frame relay is that it is a packet-switching method. Each
packet in packet switching networks has a distinct destination address that is used to convey
data from source to destination. After being packetized, data is commonly multiplexed
statistically. Statistical multiplexing enables numerous users to share an equal bandwidth by
assuming that not every subscriber would utilize it at the same time.
This does not include the usage of expensive point-to-point connections that employ circuit
switching, such specialized leased lines. Because they are rented and set aside for sole usage
24 hours a day, 7 days a week, leased lines are expensive. Leased lines are used by
subscribers to acquire bandwidth, whether or not it is actually utilised. Multiple data
connections may be sent via the network simultaneously thanks to statistical multiplexing,
and no one client is charged for exclusivity. As a result, this offers circuit-switched networks
a major cost benefit. The second advantage of frame relay is that it offers exceptional
network throughput and knowledge latency because to its variable-length frames and minimal
overhead. Frame relay may successfully encapsulate protocols due to its variable-length
frames. Its payload may contain a number of higher-layer LAN protocols, including the
Internet protocol (IP), due to its protocol independence.
The Frame relay network has a minimal overhead because it is not concerned with error
correction or flow control. As a result, switching user data takes up the majority of the
network's resources. The Committed Information Rate (CIR) of frame relay is an additional

MNM SIHAF TND Assignment Page | 65

advantage. The Committed Information Rates which are determined by the service provider
and the subscriber represent the volume of data traffic that the network plans to support under
typical network conditions.

Task 3.2: Configuring appropriate WAN protocols

Colombo

MNM SIHAF TND Assignment Page | 66

MNM SIHAF TND Assignment Page | 67
Kandy

MNM SIHAF TND Assignment Page | 68

Task 3.3: Virtual Private Networks (VPN) types
VPN stands for Virtual Private Network. A safe and encrypted connection may be established
using this technology across a public network, like the internet. Through the usage of VPNs,
users may access and send data through shared or open networks as if they were directly linked
to a private network.
A VPN's main function is to offer data transmission privacy and security. All data exchanged
between the user's device and the VPN server when connected to a VPN is encrypted, rendering
it unreadable by any unauthorized parties who may intercept it. Passwords, financial
transactions, and organizational data are just a few examples of the sensitive information that
may be protected by this encryption's secrecy and integrity.
(Kaspersky, 2021)

Types of VPN for EMC Solutions

Depending on their particular needs and architecture, EMC Solutions may want to have a look
at one of the several types of VPNs for their network. Here are three popular VPN
configurations.
• Site-to-site VPN – A network-to-network VPN is another name for this kind of VPN.
Through the internet, it connects local networks from various sites or places and enables
safe communication between them. Organizations with several branches or offices that
need to securely exchange data and access resources in various places should use site-
to-site VPNs. It offers a safe and secure tunnel between the websites, preserving the
confidentiality and integrity of the data.
• Remote access VPN – Using a client-to-site VPN or a remote access VPN, individual
users or remote workers can safely connect to the company's network from a distance.
Users may utilize it to access data, programs, and resources on the corporate network
just as if they were in the office physically. VPNs for remote access are frequently used
for telecommuting, distant work, or giving mobile workers safe access.
• Extranet VPN – An extranet VPN extends the organization's internal network's secure
network connectivity to reliable outside partners, suppliers, or clients. It enables safe
interaction and cooperation between the business and its outside partners while granting
restricted access to particular products or services. Extranet VPNs are frequently used
to enable safe data transmission and collaboration with reliable outside parties during
B2B (business-to-business) interactions.
(Ali, 2022)

MNM SIHAF TND Assignment Page | 69

Features and benefits of Site-to-site VPN
A network-to-network VPN, sometimes referred to as site-to-site VPN, has a number of
features and advantages that make it a useful option for businesses like EMC Solutions.
• Secure connectivity – A safe and encrypted connection may be established between
several networks, such as the main office and a branch office, using a site-to-site VPN.
It makes sure that information sent between these places is secure, private, and shielded
from illegal access or interception.
• Scalability – Site-to-Site VPN is extremely scalable and can meet an organization's
expanding demands. The VPN may be simply expanded to link these new locations if
EMC Solutions grows its business and adds more branch offices or distant sites.
• Cost effective – Comparing the implementation of a Site-to-Site VPN to other options
like leased lines or dedicated connections, it is typically less expensive. Organizations
may use the infrastructure and connectivity that is already in place for the internet,
which eliminates the need for extra physical connections.
• Remote network access – Remote workers or remote sites can safely access the network
resources of the company with the help of a site-to-site VPN. It enables seamless
integration and cooperation between many locations and guarantees constant access to
shared documents, programs, and services.
• Centralized management – Network administrators may centrally monitor and
administer the VPN infrastructure with Site-to-Site VPN. Processes for configuration,
monitoring, and troubleshooting are made easier since updates and modifications can
be made from a single location.
• Flexible and wide compatibility – Site-to-Site VPN is compatible with a variety of
vendor devices since it supports a broad range of networking hardware and protocols.
Because of this flexibility, businesses may select the hardware and software options
that best meet their unique needs.
• Data protection and compliance – Site-to-Site VPN enables enterprises to adhere to data
protection and compliance standards by encrypting data transfer between networks. It
lowers the possibility of data breaches or unauthorized access and guarantees that
sensitive information is sent securely.
• High reliability – A secure network connection between sites is made possible by site-
to-site VPN, guaranteeing the ongoing availability of resources and services. In the

MNM SIHAF TND Assignment Page | 70

 event of network disturbances or failures, it offers failover and redundancy options,
enabling smooth failover.
(Micheal, 2020)
Features and benefits of Remote access VPN
Client-to-site VPNs, also known as remote access VPNs, provide a number of features and
advantages that make them an excellent choice for businesses like EMC Solutions.
• Secure remote connectivity – For remote workers or users using the company's network
resources outside of the office, Remote Access VPN offers a safe and secure
connection. It guarantees that information sent between the remote device and the
company network is secure and kept private from unauthorized access.
• Flexibility and mobility – Users can access to the corporate network using Remote
Access VPN from any location with an internet connection, allowing for flexibility and
mobility in work arrangements. In order to increase productivity and cooperation,
employees may safely access resources, data, apps, and services as if they were in the
office.
• Easy deployment and Management – The speedy provision of secure remote access to
employees by enterprises is made possible by the simple deployment and management
of remote access VPN. On the distant device, a VPN client program must normally be
installed. This software may be monitored and configured by network administrators
from a central location.
• Cost effective – When opposed to offering dedicated remote access solutions like leased
lines or dedicated connections, implementing Remote Access VPN is typically more
cost-effective. By utilizing already-existing internet connectivity, it does not require
further physical infrastructure.
• Enhanced security – Strong authentication and encryption technologies are used by
distant Access VPN to provide safe distant connections. This lowers the risk of data
breaches and maintains compliance with data protection rules by protecting sensitive
data from interception and unauthorized access.
• Access control and granular permissions – Organizations may set granular permissions
and access control policies for distant users using a remote access VPN. Administrators
can impose multi-factor authentication for additional protection, set specific access
privileges, and limit access to particular resources or apps.

MNM SIHAF TND Assignment Page | 71

 • Seamless integration – The seamless integration of Remote Access VPN with current
network infrastructure and security solutions enables businesses to make the most of
their present investments. It supports a variety of devices and operating systems,
providing interoperability across many platforms.
• Increased productivity – Remote employees may communicate with coworkers in real-
time and access the resources they need with the help of a Remote Access VPN,
regardless of where they are physically located. Employees may operate remotely
without restrictions, which boosts productivity and facilitates efficient workflow.
(Anthony, 2021)
The best VPN type would be a combination of Site-to-Site VPN and Remote Access VPN
based on the specifications and situation given to EMC Solutions.
EMC Solutions has several sites, including a new branch office in Kandy and a main office in
Colombo. A Site-to-Site VPN implementation will enable safe communication and information
transfer between these sites. It guarantees secure resource access and cross-site collaboration
for all departments, including Customer Care, Sales & Marketing, Finance, Legal, HR,
Developers, and Network Team. This kind of VPN connects the two locations securely and
securely, enabling smooth integration and data transfer.
Implementing a Remote Access VPN is essential since EMC Solutions has a team of staff
members that might need to work remotely or access resources while on the go. Employees
may safely connect to the company's network using this form of VPN from any remote location,
guaranteeing they have access to the relevant documents, programs, and services. The Sales
and Marketing team will particularly benefit from this because they may need to use Kandy
office services while on field trips. Employees may securely connect to the network and carry
out their tasks while ensuring the security and integrity of the data with the help of a Remote
Access VPN.
EMC Solutions can create a secure and dependable network infrastructure that enables
communication, collaboration, and data exchange between their main office and the new
branch office as well as offering secure remote access for their employees by implementing
both Site-to-Site VPN and Remote Access VPN. It guarantees the safety of the organization's
information and assets while facilitating seamless communication among sites.

MNM SIHAF TND Assignment Page | 72

Task 04

Task 4.1: Importance of network monitoring and troubleshooting

Network Monitoring
The process of continuously checking a computer network for issues like delayed traffic or
component failure is known as network monitoring. In order to immediately alert network
administrators to issues via text, email, or other applications like Slack, network monitoring
systems continuously scan the network. In contrast to network security or intrusion detection
systems, network monitoring software focuses on internal network problems such overloaded
routers, downed servers, or network connection issues that may affect other devices.
Network monitoring systems can also start a failover to remove problematic circuits or devices
from service until the problem can be fixed. A proactive network monitoring solution should
be able to spot anomalies that, if left unchecked, could cause an outage and stop operations
before they start.
Maintaining network integrity requires constant monitoring. The best network monitoring tools
offer a dashboard or visualization that shows the status of the monitored network components
at a glance, highlighting any abnormal parameters that need further investigation or
components like switches, routers, firewalls, servers, and software services, applications, or
URLs that may be the cause of network disturbances. A network monitoring system should
have high availability components for maximum efficacy, allowing a fail-over to a different
network monitoring installation to be used automatically in the event of a hardware or software
failure of systems running the network management tool.
(vmware, 2022)
Importance of network monitoring
Continuous network monitoring enables you to troubleshoot bottlenecks in addition to hard
breakdowns. You can evaluate the condition of your network using metrics like throughput,
latency, packet reordering, and jitters.
• Proactive Issue Detection – Network monitoring enables the early identification of
potential network problems such equipment breakdowns, performance bottlenecks, and
security breaches. Network administrators can resolve issues before they worsen by
keeping an eye on critical indicators and getting real-time notifications, which
minimizes downtime and lessens the impact on users.

MNM SIHAF TND Assignment Page | 73

 • Optimal performance and ability – Administrators can track network performance
parameters like bandwidth usage, latency, and packet loss through monitoring.
Administrators can pinpoint regions of congestion, optimize network resources, and
make sure the network is operating at its most effective level by regularly monitoring
these indicators. This results in enhanced user experience and improved application
performance.
• Security incident response – Network monitoring is essential for spotting security
issues and taking appropriate action. Administrators can spot odd activities like illegal
access attempts or data exfiltration by watching network traffic and examining patterns.
Data breaches, the protection of sensitive information, and the maintenance of network
integrity can all be avoided with prompt detection and response to security problems.
• Capacity planning and scalability – Administrators can evaluate the network's capacity
and make future expansion plans by keeping an eye on network traffic and resource
usage. Administrators can plan network upgrades, expansions, or modifications to the
network architecture to meet rising demand by observing trends and predicting traffic
patterns.
• Compliance and auditing – Network monitoring and data retention are mandated by
regulatory standards in several sectors. By providing thorough records of network
operations, security issues, and performance data, network monitoring assists
enterprises in meeting these compliance demands. These documents can be used to
show compliance with regulations during audits and investigations.
• Troubleshooting and root cause analysis – Monitoring data offers useful information
for root cause analysis and troubleshooting when network problems occur. Network
administrators are better able to analyse previous data, spot trends, and pinpoint the
origin of issues. This shortens downtime, speeds up problem resolution, and lessens the
impact on corporate operations.
• SLAs and performance monitoring – In order to track and report on performance
parameters, network monitoring is essential for service providers and organizations
with service level agreements (SLAs). It helps businesses to guarantee that they offer
services at the agreed-upon levels and to demonstrate compliance during SLA reviews
or customer interactions.
In conclusion, maintaining network performance, assuring availability, spotting and addressing
security risks, planning for future expansion, adhering to regulations, and diagnosing network

MNM SIHAF TND Assignment Page | 74

faults all depend on network monitoring. It enables businesses to manage their networks
proactively, offer dependable services, and offer a seamless user experience.
(Manageengine, 2023)
Common methods for monitoring a network
Along with network design and implementation, a strategy for network management and
monitoring is just as important. If there is no network monitoring in place, even the tiniest
problems can cripple a network that has been carefully designed and planned.
When putting in place a network monitoring solution, organizations and network
administrators follow a few standard procedures. With information about the nodes and
parameters that need to be monitored, these common practices help define a basic starting
strategy.
Let's look at four categories of network monitoring, along with specific mechanisms and
protocols, that can provide the right level of visibility an organization needs.

Configuration Monitoring – For those in charge of traditional network components that make
use of local configuration files, configuration monitoring checks are absolutely necessary.
From a performance and IT security point of view, automated tools that can compare similarly
configured devices for inaccuracies are essential.
Most of the time, these tools compare the command-line output of a device configuration file
to other files on the network that do the same things. Network teams can look into differences
in configurations to make sure that all network parts work the same way.
Key features of configuration monitoring include automatic rollback for unauthorized
modifications, real-time monitoring of network configuration changes, and configuration
comparison across network devices to identify any inaccuracies. By ensuring transparency,
accountability, and consistency in network configurations, these features minimize risks and
preserve the network infrastructure's integrity and security.

Availability Monitoring – The simplest method for network teams to determine whether a
device is up and running is availability monitoring. Some tools for availability monitoring do
more than just check to see if a device is fully online or offline. This group frequently includes
hardware checks for network devices and specific interface status notifications.
Examples of commonly used protocols that monitor network availability include the following:

MNM SIHAF TND Assignment Page | 75

 • Internet Control Message Protocol (ICMP) – An ICMP ping is a straightforward
confirmation test that shows whether a device is open on the organization.
• Simple Network Management Protocol (SNMP) – Monitors devices and interface
status.
• Event Logs – A collection servers can trigger alerts when uplinks, interfaces or routes
become unavailable.
• Ping – he most well-known strategy. ICMP pings are sent to a monitored device, and
the responses are used to determine whether or not a device or service is available.

Performance Monitoring – Performance monitoring and network availability monitoring share

some similarities, but they are distinct from one another.
Accessibility observing is more worried about the functional status of the parts that contain the
organization framework. Wellbeing observing does this as well, however with included
accentuation the end client's exhibition experience. As a result, suboptimal path selection,
network utilization, and latency are the primary focus of performance monitoring.
Examples for performance monitoring protocols are,
• SNMP – This sends alerts when interfaces, switch CPU and memory become
overutilized
• Event logs – This triggers alerts when utilization reaches specific thresholds or when
unexpected routing changes occur.
• Flow-based monitoring – This lets you see which conversations are taking place in
particular network flows and how much bandwidth is used by each flow.
• Packet capture analysis – Networked conversations can be thoroughly analysed by this,
revealing transport issues that upper-layer monitoring tools cannot see.
• Streaming telemetry – To quickly identify and resolve complex issues, this is a
collection and analysis of real-time network health and performance data

Cloud infrastructure Monitoring – Much of the time, private and public cloud occurrences can
utilize similar sorts of organization observing devices carried out on corporate organizations.
However, a number of cloud service providers provide their very own set of integrated network
monitoring tools. Customers often get these cloud monitoring tools for free, but they usually
can't work with other third-party tools that businesses already use.

MNM SIHAF TND Assignment Page | 76

Associations should gauge the upsides and downsides of dealing with different, conveyed
network observing administrations as opposed to investing more energy and work to unify
checking into a small bunch of instruments. Although putting those tools into use is more time-
consuming, they contribute to the provision of full cloud and corporate network visibility.
(Andrew, 2021)

4.2: Deploying the monitoring tool

Installing DU meter

MNM SIHAF TND Assignment Page | 77

MNM SIHAF TND Assignment Page | 78
Monitoring through DU meter

MNM SIHAF TND Assignment Page | 79

4.3: Troubleshooting LAN and WAN connectivity issues

Troubleshooting methodology

Identify the problem – Often, identification is the simplest step. An incoming phone call from
a user, a help desk ticket, an email, a log file entry, or any number of other sources might
achieve it. Users will frequently let you know when there is an issue.
It's critical to understand that not all problems have a clear fundamental cause. An unsuccessful
login attempt, for instance, can appear to point to a username or password issue, but the true
problem might be a lack of network access that prevents the authentication data from being
compared to a remote server.
The very first thing to keep in mind while troubleshooting a problem is that the symptoms are
not the problem. Finding the root cause of the symptoms that are manifesting themselves is
crucial while troubleshooting. You must interrogate the user in order to do that. Ask specific
questions regarding the symptoms’ onset and potential causes. If the user can reproduce the
issue for you, it can be very useful. Find out if anything has changed that could be the problem’s
cause. Make a backup copy of the system before you do anything to ensure that everything will
stay exactly as it is.
Specific steps here may include,
• Gathering information from log files and error messages

MNM SIHAF TND Assignment Page | 80

 • Questioning users
• Identifying symptoms
• Determining recent changes
• Duplicating the problem
• Approaching multiple problems one at a time
• Narrowing the scope of the problem

Establishing a theory of probable cause – Words like the theory and probability suggest that
you are assuming, even if that assumption is supported by facts. This phase's formatting
respects the possibility that the root cause (step 1) may not have been correctly determined.
However, troubleshooting may be started because the reason is detailed enough.
Make a list of potential reasons after the underlying cause of the symptoms has been identified.
Once all potential reasons have been listed, use your technical expertise to order the list. From
most likely to least likely, the probable reasons should be stated in order of likelihood. Don't
be scared to challenge the obvious either. If a power loss at the workstation is the symptom,
for instance, is the power cable plugged in, and if so, is the outlet getting electricity?
Furthermore, the issue has to be escalated to a higher level if no likely reason can be found.

Test the theory to determine the cause – The first two stages are most intriguing because no
setup modifications are necessary for them. Changes shouldn't be done unless you are at least
somewhat certain that you have a workable answer. The "information-gathering" phase
includes this step.
Experienced administrators frequently proceed through stages one, two, and three swiftly and
casually. Since problems and their symptoms are frequently recognizable, determining the
likely source of an error message or malfunctioning gadget is made easy. You could find
yourself going all the way back to step one at this point: Determine the issue. You might have
to restart your investigation if you test your idea to determine the likely reason and realize that
you were mistaken.
Consider if you can solve the issue on your own or whether it has to be escalated to a higher
authority after developing your theory of likely cause. You should test your theory to discover
whether it is the real cause if it is within your powers. You must choose how to test your idea
since it was founded on the most probable reason. If your theory is proven, you will go on to

MNM SIHAF TND Assignment Page | 81

the next round. If the hypothesis is found to be false, you must go back to step two or step one,
as applicable, and proceed with the troubleshooting process.

Establish plan of action and implement solution – Before taking any remedial action after a
troubleshooting issue's underlying cause has been found, it is essential to make a strategy.
Planning ahead ensures that requirements and possible ramifications are considered, preventing
rash actions that can cause more disruptions. For instance, certain patches could call for system
restarts or prolonged downtime, demanding cautious scheduling to reduce the impact on
business operations. In other situations, downloading applications, updates, drivers, or even the
complete operating system files may be required before moving further with the fix. It may be
necessary to follow change management processes and test alterations in a staging environment
before putting them into use in a production environment.
For future use and knowledge exchange, it is crucial to document the intricate procedures,
instructions, and scripts involved in the resolution. Additionally, securing data integrity and
reducing the likelihood of data loss by backing up important data that could be at danger during
the recovery process. Before making any modifications to the system, it could also be necessary
to get consent from other IT staff members or adhere to particular procedures. Planning ahead
allows IT workers to approach the troubleshooting process methodically and reduce the
possibility of unexpected repercussions or network infrastructure outages.
Simply we must create and implement an action plan after testing the likely reason to identify
the real cause. Most frequently, simple solutions are required for basic situations. To guarantee
that the strategy is followed out properly, you might need to put it in writing if the scenario is
problematic. This is an additional chance to take the issue to a higher level, if required.

Verify Full System Functionality and Implement Preventive Measures – After executing the
plan, one must make sure the system is completely functional. Fantastic if everything goes as
planned. That may find that you have the capacity to, based on observations and the problem.
Put preventative steps in place to make sure the issue doesn't come up again. We must go back
to step one and continue the troubleshooting process if complete system functioning has not
been attained.

Document findings – When a issue develops in the future, keeping a record of the
troubleshooting procedures, adjustments, updates, hypotheses, and research may be helpful.

MNM SIHAF TND Assignment Page | 82

Once everything is up and running, it is crucial to record the procedure. You will keep track of
your observations, actions, and results here. There will be material accessible to help someone
through the process if the issue recurs. Troubleshooting and problem-solving procedure.
Additionally, this documentation records the history of the users and the equipment, making it
possible to recognize and record recurring problems. The significance of recording both
successful and unsuccessful results cannot be emphasized. By doing this, you can cut down on
time spent troubleshooting in the future and stop others from making the same errors you did.
(Dammon, 2021)

4.4: Access Control List (ACL) Configuration

1. Kandy branch users cannot access the resources in the server located at Colombo
Head office.

Network documentation – Restricting access from Kandy branch to Colombo head office
server
Objective: This network documentation's goal is to describe the setup and security precautions
made to limit access from the Kandy branch to the server at the EMC Solutions headquarters
in Colombo.

MNM SIHAF TND Assignment Page | 83

Network topology: Diagram showing the network structure between the Colombo headquarters
and the Kandy branch. The server's locations at the Kandy branch and the Colombo
headquarters are clearly marked.
ACL configuration: Documenting the configuration procedures used to enforce access
limitations from the Kandy branch to the server in the Colombo Head Office. Providing
information on how the necessary network equipment (firewalls, switches, and routers) used
to implement the access control are configured. Describing the access control measures taken
to prevent the Kandy branch from accessing the server.
Firewall Configuration: Give specifics about the firewall settings that were made on the
network hardware to prevent access from the Kandy branch to the server. Specify which source
IP addresses or subnets are barred from accessing the server in your documentation. Include
any extra firewall rulesets or settings that are used to enforce the access limitations.
Network security mechanisms: The network security measures used to make sure the access
restrictions are adequately implemented are listed and described. Include information on any
access control lists, intrusion detection or prevention systems, or other security measures that
have been put in place. Any encryption or tunnelling technologies that were utilized to protect
communication between the Kandy branch and the Colombo head office should be
documented.
Testing and verification: Record the testing processes used to confirm that the access
restrictions are active and operating as intended. Include the test findings as well as any
necessary procedures taken for debugging any issues discovered during the testing process.
Troubleshooting guidelines: Give IT staff a set of troubleshooting instructions they may use if
the access limits cause them any problems. Include typical troubleshooting techniques, error
notifications, and suggested actions to fix any access-related issues.
Network diagrams and configurations: Include pertinent network diagrams showing the
network's architecture and the precise access restriction setups. Include the configuration files
or code snippets needed to configure the network devices that will be used to enforce the access
control.
Access control measures put in place to limit access from the Kandy branch to the server at the
Colombo Head Office may be thoroughly referenced by EMC Solutions. This documentation
is a helpful tool for network managers, IT specialists, and potential troubleshooting situations.
It makes sure that the access limits are properly recorded and can be efficiently upheld to
safeguard the security and integrity of the server.

MNM SIHAF TND Assignment Page | 84

 2. Customer Care users can access File Servers at Kandy branch, but Sales and
Marketing users cannot access the same Servers but can access the internet.

Network documentation – To impose access controls for EMC Solutions, where users of
Customer Care may access File Servers at the Kandy branch, but users of Sales and
Marketing cannot access the same servers while still having internet access.
Router configuration: Set up access control lists (ACLs) on the branch router in Kandy. Make
an ACL that permits the subnet of Customer Care users to access the File Servers. To prevent
the subnet of users from Sales and Marketing from accessing the File Servers, another ACL
has to be set. To impose the access limitations, apply the ACLs to the relevant router
interfaces.
Firewall configuration: Set up access control settings on the Kandy branch's firewall. Make a
policy that permits the subnet of Customer Care users to access the File Servers. Implement a
different policy that prevents the subnet of users from Sales and Marketing from accessing
the file servers. Make that the firewall policy permits the subnet of the Sales and Marketing
users to access the internet.
Switch configuration: To divide network traffic, set up VLANs on the switches. Assign the
users of the Customer Care department to a particular VLAN with access to the file
servers. A distinct VLAN that does not have access to the file servers but does enable internet
access should be given to the users of sales and marketing.

MNM SIHAF TND Assignment Page | 85

ACL Configuration: Create a document with the unique access control guidelines for users of
customer care, sales, and marketing. Indicate the protocols, source and destination IP
addresses, and the relevant ports for the access control rules. Each user group's access
permissions should be clearly stated.
These access control measures will allow Customer Care users to access the file servers at the
Kandy branch while restricting access for Sales and Marketing users, who will still have
internet access. To maintain network security and guarantee that the appropriate access limits
are successfully applied, it is imperative to evaluate and update these access control policies
on a regular basis.

MNM SIHAF TND Assignment Page | 86

References
Ali, F., 2022. makeuseof. [Online]
Available at: https://www.makeuseof.com/types-of-vpns-when-to-use-them
[Accessed 13 June 2023].
Andrew, 2021. techtarget. [Online]
Available at: https://www.techtarget.com/searchnetworking/tip/4-categories-of-network-
monitoring
[Accessed 6 June 2023].
Anon., 2018. Switches in Cisco. Fiberoptics, 1(2), p. 4.
Anon., 2021. Access, Distribution, Core explained. Computer networking notes, 2(1), p. 5.
Anon., 2022. Redundancy protocol Configuration. 1 ed. s.l.:Cisco guides.
Anon., 2022. techcults. [Online]
Available at: www.techcults.com
[Accessed 31 May 2023].
Anon., n.d. [Online].
Antaira, 2022. antaira. [Online]
Available at: https://www.antaira.com
[Accessed 12 June 2023].
Anthony, 2021. Techradar. [Online]
Available at: https://www.techradar.com/vpn/remote-access-vpn
[Accessed 13 June 2023].
CiscoPress, 2014. Hierachical and Flat network design. Cisco press, 1(3), p. 4.
Dammon, 2021. Comptia. [Online]
Available at: https://www.comptia.org/blog/troubleshooting-methodology
[Accessed 7 June 2023].
Dooley, K., 2016. Auvik. [Online]
Available at: https://www.auvik.com/franklyit/blog/network-basics-link-aggregation/
[Accessed 13 June 2023].
Fortinet, 2022. Foertinet. [Online]
Available at: www.fortinet.com
[Accessed 31 May 2023].
Juniper, 2022. Juniper. [Online]
Available at: https://www.juniper.net
[Accessed 31 May 2023].
Kaspersky, 2021. kaspersky. [Online]
Available at: https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn
[Accessed 13 June 2023].
kmbh, 2021. geeksforgeeks. [Online]
Available at: www.geeksforgeeks
[Accessed 31 May 2023].
Manageengine, 2023. Manage Engine. [Online]
Available at: https://www.manageengine.com
[Accessed 3 June 2023].

MNM SIHAF TND Assignment Page | 87

Micheal, 2020. techtarget. [Online]
Available at: https://www.techtarget.com/searchsecurity/answer/Are-there-security-
benefits-to-using-a-site-to-site-VPN
[Accessed 13 June 2023].
Paul, 2023. techtarget. [Online]
Available at: www.techtarget.com
[Accessed 31 May 2023].
Prinka, 2021. geeksforgeeks. [Online]
Available at: https://www.geeksforgeeks.org/link-aggregation-control-protocol/
[Accessed 13 June 2023].
Sharma, 2022. geeksforgeeks. [Online]
Available at: www.geeksforgeeks.com
[Accessed 31 May 2023].
Sheldon, R., 2021. techtarget. [Online]
Available at: www.techtarget.com
[Accessed 31 May 2023].
Stibbards, A., 2021. sunset learning. [Online]
Available at: https://www.sunsetlearning.com
[Accessed 12 June 2023].
Sturt, R., 2022. Netify. [Online]
Available at: www.netify.com
[Accessed 31 May 2023].
vmware, 2022. vmware. [Online]
Available at: https://www.vmware.com
[Accessed 3 June 2023].
Zohair, 2021. security gladiators. [Online]
Available at: www.securitygladiators.com
[Accessed 31 May 2023].

MNM SIHAF TND Assignment Page | 88