Phase 1: Project Overview

<aside> 💡

Tool being used: Cisco Packet Tracer

Steps:

Build a topology with one router, one switch and four PCs.
1. Each PC will represent a department in the company
  1. Finance
  2. Human Resources(HR)
  3. IT
  4. Customer Support
Configure a VLAN on the switch to separate traffic for each department
Setup Routing so the different VLANs can communicate with each other
Enable DHCP on the router so devices get an IP address when they connect.
Secure the network by creating an Access Control List to block Customer Support from IT. </aside>

This is a classic Router-on-a-Stick setup. Since we using a single physical router, one switch, all inter-VLAN routing will happen through a single router interface split into sub-interfaces — one per VLAN.

1. Network Topology Diagram (Phase 1)

Router-on-a-stick Topology

                                                                Router-on-a-stick Topology

2. VLANs (Traffic Segmentation)

VLAN ID	Department	Subnet	Usable hosts
VLAN 10	Finance	192.168.10.0/24	254
VLAN 20	HR	192.168.20.0/24	254
VLAN 30	IT	192.168.30.0/24	254
VLAN 40	Customer Support	192.168.40.0/24	254
VLAN 99	Management	192.168.99.0/24	————-

3. Network Addressing Table

Device	Interface	VLAN	Department	IP Address/Profile	Default Gateway
R1	Gig0/0.10	10	Finance	192.168.10.1	—————
R1	Gig0/0.20	20	HR	192.168.20.1	—————
R1	Gig0/0.30	30	IT	192.168.30.1	—————
R1	Gig0/0.40	40	Customer Support	192.168.40.1	—————
R1	Gig0/0.99	99	Management	192.168.99.1	—————
SW1	Gig0/1	10	Finance	—————	—————
SW1	Fa0/1	20	HR	—————	—————
SW1	Gig0/2	30	IT	—————	—————
SW1	Fa0/2	40	Customer Support	—————	—————
PC-Finance	Fa0/0	10	Finance	DHCP Assigned	192.168.10.1
PC-HR	Fa0/0	20	HR	DHCP Assigned	192.168.20.1
PC-IT	Fa0/0	30	IT	DHCP Assigned	192.168.30.1
PC-Support	Fa0/0	40	Customer Support	DHCP Assigned	192.168.40.1

4. Switch Management

Management Interface

Device	Hostname	Interface	VLAN	IP Address	Subnet Mask	Default Gateway
Switch	SW1	VLAN 99 SVI	99	192.168.99.2	255.255.255.0	192.168.99.1
Router	R1	Gig0/0.99	99	192.168.99.1	255.255.255.0	———

Remote Access Configuration

Setting Value

Protocol SSH v2

VTY Lines 0 — 4

Authentication Method Local username and password

Session Timeout 5 minutes

Encryption Key RSA 1024 bit

Domain Name network.local

Setting	Value
Protocol	SSH v2
VTY Lines	0 — 4
Authentication Method	Local username and password
Session Timeout	5 minutes
Encryption Key	RSA 1024 bit
Domain Name	network.local

Access Policy

Rule	Detail
Permitted Access	IT Department only (192.168.30.0/24)
Access Method	SSH from PC-IT via VLAN 30
Blocked Departments	Finance, HR, Customer Support
Physical Access	Console port only
Password Storage	Encrypted via `service password-encryption`

5. DHCP, Switch and Router Configuration

Stage 1 — Basic Device Setup

Setting up Router and security

# Enable terminal config
$>enable
$>configure terminal or conf t
# Assign hostname
$>hostname R1
# Disable DNS lookup to prevent CLI delays
$>no ip domain-lookup
# Sets the password required to enter privileged exec mode
$> enable secret cisco
# Enter console line configuration
$> line console 0
# Set console access password
$> password admin 
# Enforce password requirement on console
$> login
#Encrypt passwords
$> service password-encryption

Setting up Switch and security

#Enable terminal config
$>enable
$>configure terminal or conf t
#Assign hostname
$>hostname SW1
#Disables DNS lookup 
$>no ip domain-lookup
# Sets the password required to enter privileged exec mode
$> enable secret cisco
#Switch to config console port
$> line console 0
#Require a password to enter console mode
$> password cisco
# enables passwords
$> login
#Encrypt passwords
$> service password-encryption

Stage 2 — Create VLANs on the Switch

**Make sure to be in configuration mode to access these settings
! ============================================
! STAGE 2 - VLAN CREATION
! Purpose: Create logical network segments to separate department traffic
! Device: Switch
! ============================================

# Create Finance department VLAN
$> vlan 10
$> name FINANCE

# Create Human Resources department VLAN
$> vlan 20
$> name HR

# Create IT department VLAN
$> vlan 30
$> name IT

# Create Customer Support VLAN - restricted access
# Will be enforced via ACL in later stage
$> vlan 40
$> name SUPPORT

# Create dedicated management VLAN
# Kept separate from user VLANs
# Following Cisco best practice
$> vlan 99
$> name MANAGEMENT

Stage 3 — Assign Access Ports on the Switch

! ============================================
! STAGE 3 - ACCESS PORT ASSIGNMENT
! Purpose: Assign physical switch ports to their respective department VLANs
! Device: Switch
! Note: Finance and IT assigned Gigabit ports due to higher bandwidth requirements      
! HR and Customer Support assigned FastEthernet as workloads are less demanding
! ============================================

# Assign Finance PC to VLAN 10
$> interface Gig0/1
#configures a Cisco switch port to function as an access port
$> switchport mode access
$> switchport access vlan 10
$> description PC-Finance

# Assign HR PC to VLAN 20
$> interface Fa0/1
$> switchport mode access
$> switchport access vlan 20
$> description PC-HR

# Assign IT PC to VLAN 30
$> interface Gig0/2
$> switchport mode access
$> switchport access vlan 30
$> description PC-IT

# Assign Customer Support PC to VLAN 40
$> interface Fa0/2
$> switchport mode access
$> switchport access vlan 40
$> description PC-Support