TND Done

Transport Network Design
Name: Ashish Dhungana

Section: N2
Semester: Third
Program: Transport Network Design
Submitted by: Ashish Dhungana
Submitted to: Krishna Parajuli
TRANSPORT NETWORK DESIGN
Contents
Part 1 ...................................................................................................................................................... 4
Introduction ........................................................................................................................................... 4
Network Design Model ......................................................................................................................... 4
The Flat Network Model ...................................................................................................................... 4
The Star Network Model ...................................................................................................................... 4
The Ring Network Model ..................................................................................................................... 5
The Mesh Network Model .................................................................................................................... 6
The Three-Tier Network Model........................................................................................................... 6
Core layer .............................................................................................................................................. 8
Distribution layer .................................................................................................................................. 8
Access Layer .......................................................................................................................................... 8
Characteristics of scalable network ..................................................................................................... 8
Lan Redundancy Concept with possible layer 2 and layer 3 of the OSI model solution ................ 9
Fault Tolerance ................................................................................................................................... 10
High Availability ................................................................................................................................. 10
Switch and Router Redundancy Protocols and their effectiveness in supporting scalable
networks: ............................................................................................................................................. 10
Network Design for the NEC.............................................................................................................. 11
Router Configuration ......................................................................................................................... 12
Assigning IP address in Router.......................................................................................................... 13
Configuration of Layer-2 Switch in Cisco Packet Tracer Tools ..................................................... 14
Some basic security applied in layer 2 switch ................................................................................... 15
Configuring Remote Access ............................................................................................................... 15
Securing Privileged Exec Mode ......................................................................................................... 16
Selecting Network Devices .................................................................................................................. 16
Analyzing PVST+ and Rapid PVST+ protocols. .............................................................................. 17
Differences between PVST and Rapid PVST ................................................................................... 17
First-hop redundancy protocols in IPv4 and IPv6 ........................................................................... 18
HSRP .................................................................................................................................................... 19
Evaluation of Ether channel technology with solving bandwidth and load issues. ....................... 19
Ether channel ...................................................................................................................................... 19
Conclusion ........................................................................................................................................... 20
Part 2:................................................................................................................................................... 20
Introduction ......................................................................................................................................... 20
Ashish Dhungana/THIRD SEM/SEC N2 1

WAN (Wide Area Network) ............................................................................................................... 21

WAN Technologies: ............................................................................................................................ 21
Private WAN Technologies: ............................................................................................................... 21
Leased Lines ........................................................................................................................................ 21
Dialup ................................................................................................................................................... 21
Ethernet WAN..................................................................................................................................... 22
Public WAN technologies ................................................................................................................... 22
DSL ....................................................................................................................................................... 22
Wireless ................................................................................................................................................ 22
Virtual Private Network ..................................................................................................................... 22
Remote Access VPN ................................................................................................................................. 23
Site to Site VPN ......................................................................................................................................... 23
Types of Virtual Private Network (VPN) Protocols: ....................................................................... 23
Internet Protocol Security (IPsec) ..................................................................................................... 23
Layer 2 Tunneling Protocol (L2TP) .................................................................................................. 23
L2TP or Layer 2 .................................................................................................................................... 23
Point-To-Point Protocol (POP) .......................................................................................................... 24
SSL and TLS........................................................................................................................................ 24
Open VPN ............................................................................................................................................ 24
Secure Shell (SSH) .............................................................................................................................. 24
Features of Virtual Private Network................................................................................................. 24
Issues in VPN ....................................................................................................................................... 25
Deploying network monitoring tools and troubleshooting documentation ................................... 25
Site to site VPN with IP sec policy: .................................................................................................... 27
Troubleshooting Methods: ................................................................................................................. 30
Syslog Server ....................................................................................................................................... 30
NTP Server .......................................................................................................................................... 30
SMP ...................................................................................................................................................... 30
Troubleshooting LAN and WAN connectivity in different networks layer ..... Error! Bookmark not
defined.
WAN Router Initial Installation Scenario ........................................................................................ 30
Symptoms ............................................................................................................................................ 31
OSI Model ............................................................................................................................................ 31
Physical Layer ................................................................................................................................. 31
Data Link Layer .............................................................................................................................. 31

Network Layer................................................................................................................................. 31
Transport Layer .............................................................................................................................. 31
Session Layer ................................................................................................................................... 32
Presentation Layer .......................................................................................................................... 32
Application Layer ........................................................................................................................... 32
Evaluating troubleshooting methods with effectiveness in solving enterprise based network ..... 32
Troubleshooting Methodologies .................................................................................................... 32
Troubleshooting Principles ............................................................................................................ 33
Gathering information................................................................................................................ 34
Analyzing information ................................................................................................................ 34
Eliminating possible causes:....................................................................................................... 34
Formulating a hypothesis: .......................................................................................................... 34
Testing the hypothesis: ............................................................................................................... 34
Structured Troubleshooting Approaches ..................................................................................... 35
Mainly troubleshooting approaches include the following: ............................................................ 35
Top down: ..................................................................................................................................... 35
Bottom-up...................................................................................................................................... 35
Divide and conquer ....................................................................................................................... 36
Follow the path.............................................................................................................................. 36
Spot the differences....................................................................................................................... 36
Move the problem ......................................................................................................................... 36
Top-Down Troubleshooting Method ............................................................................................. 36
Bottom-Up Troubleshooting Method ............................................................................................ 36
Divide-and-Conquer Troubleshooting Method ............................................................................ 37
Follow-the-Path Troubleshooting Method.................................................................................... 37
Spot-the-Differences Troubleshooting Method ............................................................................ 37
Move-the-Problem Troubleshooting Method ............................................................................... 37
Conclusion ........................................................................................................................................... 38
Bibliography ........................................................................................................................................ 39

Part 1
Introduction:
In this task, we are hired as network administrator for designing a suitable network design for
NEC (Nepal Education Center) college which is located in Kathmandu valley. So, we have to
design which technology is the best and suitable for this big project and why? Also take care
of which kind of Network design and Network security is best for this project.
Network Design Model

As we know that network planning and designing is an iterative process encompassing
topological design, network-synthesis, and network-realization, and is aimed at ensuring that a
new telecommunications network or service meets the needs of the subscriber and operator.
Other alternatives model to the OSI model exists. They can be applied when designing a
network. We shall do a detailed examination of the three-tier model. In the succeeding section.
The caveats and guidelines for the three-tier approach will also be examined in more detail than
the other approaches, but designers should consider the positive and negative impacts of each
design model.
The Flat Network Model

The flat network design may assume many forms where the most designers are very
comfortable with this design model. In real scenario, most of the networks are developed from
this model. This network model includes no routers or layer 3 awareness of OSI model. This
network is one large Broadcast domain. Flat network model does not preclude the incorporation
of switches or bridges to isolate the collision domain boundaries and, depending upon the
protocols in use. This model could support up to a few hundred stations. But unfortunately,
though, this design rarely scales to support the demands of most networks in terms of users,
flexibility and security. Flat network model fails to address many important factors in network
design, the most significant of which is scalability.
The Star Network Model

The traditional star topology typically meets the needs of a small company as it first expands
to new locations. A single router, located at the company’s headquarters, interconnects all the
sites. Figure 4 illustrates this design.
The following list encompasses both the positive and negative aspects of such a topology, but
the negative aspects should be somewhat obvious:
• Low scalability
• Single point of failure
• Low cost
• Easy setup and administration

Fig of: Star Network Model
The Ring Network Model

This model is builds upon the star topology with a few signification modifications. This design
is typically used when a small company expands nationally and two or more sites are located
close together. The main benefits to use this model is that the single circuit failure will not
disconnect any location from the enterprise network but whereas the ring topology fails to
address these other considerations:
• Low scalability
• No single point of failure
• Higher cost
• Complex setup and configuration

Figure of: Ring Model Network
The Mesh Network Model

This network model typically appears in one of two forms which are full or partial. This
topology has multiple connection available. All devices of the network are connected directly
to other devices. The mesh topology provides redundant links across the network.
Let’s suppose that a network designer wishes to build a six-site solution. Under the hub-and-
spoke model, a total of six PVCs is needed (N-1). Under a full-mesh design, the number of
PVCs equals 21 [N(N-1)/2]. For a small network without a well-defined central data repository,
the costs may be worth the effort. In larger networks, the full-mesh design is a good tool to
consider, but the associated costs and scalability issues frequently demand the use of other
strategies. The partial-mesh model does not constrain the designer with a predefined number
of circuits per nodes in the network, which permits some latitude in locating and provisioning
circuits. However, this flexibility can cause reliability and performance problems. The benefit
is cost— fewer circuits can support the entire enterprise while providing specific data paths for
higher priority connections.
Figure of: Mesh Network Model
The Three-Tier Network Model

In recent days most modern networks are designed around a form of the three-tier model.
Virtually all scalable networks follow the three-tier model for network design. This model is
particularly valuable when using hierarchical routing protocols and summarization, specifically
OSPF (Open Shortest Path First), but it is also helpful in reducing the impact of failures and
changes in the network. The design also simplifies implementation and troubleshooting, in
addition to contributing to predictability and manageability. These benefits greatly augment
the functionality of the network and the appropriateness of the model to address network design

goals. These benefits, which are typically incorporated in hierarchical designs, are either not
found inherently in the other models or not as easily included in them. Following is a closer
look at the benefits just mentioned. Scalability as shown in the previous models, scalability is
frequently limited in network designs that do not use the three-tier model. While there may still
be limitations in the hierarchical model, the separation of functions within the network provides
natural expansion points without significantly impacting other portions of the network.
Basically Three-tier Hierarchical Network Model consists of three layers:
The above picture can further explain based on the below picture:

Core layer:
In this layer, it consists of biggest, fastest, and very expensive routers with the high model
numbers and core layer is considered as the backbone of networks. The core layer of routers is
used to merge geographically separated networks. The Core Layer routers move information
on the network as fast as possible. The switches operating at core layer switches packets as fast
as possible. Core layer is the hub for the inter connects networks. There are some attributes of
this layer which is given below:
1. High speed
2. Reliability and Availability
3. Redundancy
4. Load balancing
5. Quality of service
6. No filters, packet handling or other overhead
Distribution layer:
The Distribution Layer is located between the access and core layers. The purpose of this layer
is to provide boundary definition by implementing access lists and other filters. Therefore, the
Distribution Layer defines policy for the network. Distribution Layer include high-end layer 3
switches. Distribution Layer ensures that packets are properly routed between subnets and
VLANs in your enterprise. Some of the attributes of this layer is given below:
1. Policy routing
2. Access control to core devices
3. Filtering
4. Separate multicast and broadcast domains. (using layer 2 and 3 technologies)
5. Media translation and boundaries (e.g. Fast Ethernet to Gigabit Ethernet)
6. Security
7. Routing between VLANS
Access Layer:
Access layer includes access switches which are connected to the end devices (Computers,
Printers, Servers etc.). Access layer switches ensures that packets are delivered to the end
devices. The key attributes of the access layer are given below:
1. Security
2. Authentication
3. Rate limiting
4. STP
5. High availability
Characteristics of scalable network:

➢ It helps us to provide QoS for different application.
➢ It helps to creating high performance networks.
➢ It helps to allows better network management and isolate causes of network trouble.

➢ It allows us to efficiently accommodate future growth.

➢ It provides better redundancy. Multiple links across multiple devices provides better
redundancy. If one switch is down, we have another alternate path to reach the
destination.
Lan Redundancy Concept with possible layer 2 and layer 3 of the OSI model solution:
Network redundancy is the process of adding additional instances of network devices and lines
of communication to help ensure network availability and decrease the risk of failure along the
critical data path. The underlying premise that explains the importance of network redundancy
is simple. Without any backup systems in place, all it takes is one point of failure in a network
to disrupt or bring down an entire system. Redundancy in networks helps to eliminate single
points of failure to ensure better network stability and uptime in the face of events that would
otherwise take the network offline.
Multiple devices can be connected together on a network using a switch. These switches, as
opposed to hubs, separate the collision domain and as such, they improve connectivity. These
switches operate at the data link layer (Layer 2) of the OSI model and they switch frames from
one port to the other based on their destination MAC addresses. The MAC addresses and port
information are learned dynamically from the source MAC address of frames and stored in a
MAC table on the switch. Finally, switches can be further segmented into different broadcast
domains using VLANs. When we have more devices/users than a switch can handle, we usually
introduce another switch and in large networks, these switches can easily become hundreds, or
even thousands across the switched domain. Cisco, and other large network vendors,
recommends a hierarchical design (tiered design) where lower capacity switches are used to
provide access to users and switches with a higher capacity and throughput are deployed at the
distribution and core layers. In order to prevent Layer 2 loops on a switched network, Switches
use the Spanning Tree Protocol to determine which ports can forward frames at a particular
time. The Spanning Tree Protocol is an algorithm which was developed by Radia Perlman (and
standardized as the IEEE 802.1D protocol). Basically, switches select a root bridge and based
on their closeness to the root bridge, they determine root ports, designated ports and blocking
ports. Any port that is determined to be a blocking port would not forward traffic to prevent
loops from occurring on the network. When there is a change on the network, the algorithm is
run again and ports are assigned new roles.
Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol that allows several routers
or multilayer switches to appear as a single gateway IP address. It provides redundancy for the
layer 3 functions in our networks. Other protocols that provide the same redundancy include
Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP).
VRRP is a standard protocol, but is very similar to HSRP in operation. GLBP becomes
advantageous when you start load balancing, which I will discuss later. But why do we need
these?
The figure below is a given network; the user’s machines are assigned a default gateway. They
use ARP to acquire the layer 2 address of the default gateway. As far as the user’s machine is
concerned, this is all they know. They have no backup or alternate default gateway. When the
router that is the default gateway goes down, or the physical path to the router, your machine
no longer has a default gateway. Even if there is another router present on that network

segment, its information does not match what the user’s machine is assigned. This is where
layer 3 redundancy comes in.
Figure: Network with No layer 3 Redundancy
In fact, there are two forms of redundancy that data centers use to ensure system will stay up
and running:
Fault Tolerance
A fault-tolerant redundant system provides full hardware redundancy, mirroring applications
across two or more identical systems that run-in tandem. Should anything go wrong with the
primary system, the mirrored backup system will take over with no loss of service. Ideal for
any operations in which any amount of downtime is unacceptable (such
as industrial or healthcare applications), fault-tolerance redundant systems are complex and
often expensive to implement.
High Availability
A software-based redundant system, high availability uses clusters of servers that monitor one
another and have failover protocols in place. If something goes wrong with one server, the
backup servers take over and restart applications that were running on the failed server. This
approach to network redundancy is less infrastructure intensive, but it does tolerate a certain
amount of downtime in that there is a brief loss of service while the backup servers boot up
applications.
Switch and Router Redundancy Protocols and their effectiveness in supporting scalable
networks:
The purpose of switch and router redundancy protocols is to support networks. These protocols
are all a form of first hop redundancy protocol whereby a number of physical routers are
configured to appear as if they were one logical router. By using these protocols, it makes client
configuration and communication simpler due to the configuration of a single default gateway
and the host machine will use standard protocols to communicate. These protocols present a
virtual router to the clients with the network with its own IP and MAC address and this IP

address is the default gateway of the clients. The MAC address is the address that will be sent
when an ARP request is sent by one of the clients. The responsibility is given to the redundancy
protocol to choose what physical router will forward the traffic and what one will be in standby
in case the active router fails. If this does happen, the clients will be unaware as the network
will not be affected due to the standby router holding the same IP address as the previous active
router. These redundancy protocols support scalable networks as by implementing these
protocols, it means there are alternative paths available if the dedicated path were to fail or
become unavailable. HSRP and the previously mentioned protocols provide load balancing
within the infrastructure and redundancy. It solves the problem that STP or RSTP+ does not
provide in terms of backup and network availability through different routes.
The HSRP works by through one router acting as active, and all the other routers as standby.
Although these standby routers are only ever used if the active router fails, it does mean that if
this failure does occur, the network is available and reliable. The active and standby routers
communicate by using multicast Hello messages, these are normally sent every three seconds.
If the standby router stops receiving the packets from the active router it will automatically
take over the active router role. VRRP works in the same way as HSRP, however is the open
standard whereas HSRP is a Cisco proprietary protocol. When configuring HSRP standby
groups, situations can be eliminated by which a single point of failure can cause traffic
interruptions. These protocols reduce the failover time that the network takes to re-converge;
HSRP supports IPv6 which is another example of how these protocols support scalable
networks. If the network engineer decided to add another service or device to the network, with
these protocols configured, the network would not be affected due to the short time it takes the
network to see the issue and re-converge and choose a new path. All of these factors are support
protocols for scalable networks as if they were not configured, the network would more than
likely see a delay, and load and bandwidth would be affected.
Network Design for the NEC

Router Configuration:
S. How to do Screenshot
N work?
1: At first bring
in the USER
EXEC
MODE by
pressing
Enter
2: Then type
enable and
press enter to
inter into
privileged
mode

3 Then type
configure
terminal and
press enter
and insert
into global
configuratio
n mode
where you
can give the
router name
using the
hostname.
4 Then type
host keyword
and provide
the router
name as you
want and
press the
enter/
As you can
see the router
name was
changes
successfully
Assigning IP address in Router:

S. Steps for Screen Shots
N doing
Configuration

1 Bring into
global
configuration
mode and
then select
interface to
assigning the
IP address by
typing fast
Gigabit
Ethernet 0/1
Furthermore,
after the
entering to
the interface
type IP
address and
subnet mask
like as this
192.168.2.10
0
255.255.255.
0
And at last,
after finishing
these steps
type no
shutdown
command and
hit enter then
only you ip
will assigned
in that port.
Configuration of Layer-2 Switch in Cisco Packet Tracer Tools

S. Steps about how to Screen Shots
N do?

1 (a) Enable the

global
configurati
on mode as
like router.
(b) Type host
name and
required
switch
name and it
will be our
switch
name what
we put
name of
switch.
Some basic security applied in layer 2 switch:

S.N Steps about how to do? Screen shuts
1 Enable the global
configuration mode and type
line console 0 and hit the
enter button to secure the user
exec mode
Configuring Remote Access:

S.N How to do activate? Screen shuts
1 Enable the global
configuration mode and
type the line vty 0 15 and
press the enter.
2 Then type login and

press enter

Securing Privileged Exec Mode:

S.N Steps to do this mode activate Screen Shuts
1 Enable global configuration
mode and type enable secret
class and press enter and type
exit and press enter.
2 Then start up from by typing
enable then it will ask password.
As the network administrator of the NEC I have the responsibility to prepare network topology
and deploy it as required by the organization. Designing and deploying the network will be
possible but implementing the designed topology in the SMART way not only make
organization secured also reduces the time as well as the economy to. Well analyzing all the
requirement of the NEC is possible but if the mention the budget then it will be more effective
to choose security as well as other devices respectively. But as the network administrator I have
choose the low cost required devices with more features to create the secured environment for
the organization. As considering in the requirement part there are 20 classes where 40 students
will obtain the IP addresses in their devices.
Selecting Network Devices

There are many different suppliers of networking devices, however Cisco has been readily
available and key in developing networks. There are many different models of routers and
switches available from networking IT providers. Different models will provide different
features including different number of ports, forwarding rates etc. To select the networking
devices that was used for the prototype, the various routers and switches had to be analyzed to
see if they would be suitable to meet the requirements of the network. To make this selection,
there were various steps that had to be undertaken to ensure that the appropriate switch and
router was chosen. The switch that was chosen was the Cisco 2960 range as there were no
requirement to support Power over Ethernet (PoE), it had enough ports to support the design,
with enough spare ports to support scalability of the network and the routing protocols that
needed to be configured on the network were supported on the switch with the current operating
system version running. Within Cisco, they also have different categories which support
enterprise networks. These consist of Campus LAN switches, Data Centre switches, Cloud-
managed switches, Service Provider switches and Virtual Networking switches. Due to this
prototype following a Hierarchical Design, the switch category that was chosen was the
Campus LAN switch due to it being able to scale network performance within an enterprise
LAN 24 whilst providing high forwarding rates and multilayer switching. The Cisco 2960 was
a fixed configuration as this provided the network with a variety of port density configurations,
whilst meeting the requirement of scalability. Similarly, there are different router platforms
that network designers can choose from as well as having differing physical configurations and

features that are available. Within the Hierarchical Design and its distribution layer, routing is
required to enable devices outside the local network to communicate.
Analyzing PVST+ and Rapid PVST+ protocols.

To maintain a successful network, there should be redundancy must be implemented and
maintained. While adding additional connections gives essential layer 1 redundancy, it also
defined loops into the network. If a switch connection is lost, another link should take over
without creating a loop; Spanning Tree protocol (STP) is the layer 2 redundancy protocol that
is implemented to solve this problem. STP has evolved to quickly calculate which ports need
to be blocked so that a VLAN-based network isn’t affected by loops. As mentioned previously,
redundancy is one of the main factors that needs to be considered when designing and creating
a network. By implementing this layer 2 redundancy protocol, it improves the availability of
the network by implementing alternate paths with the use of additional cables and devices.
PVST+ is enhanced due to it maintaining a separate spanning tree instance for each VLAN that
is configured within the network. Each of these instances support Cisco proprietary extensions
such as PortFast, root guard, and loop guard. This protocol allows a VLAN trunk to be in
forwarding mode for some VLANs, whilst blocking others. This protocol allows spanning tree
to optimize the traffic for every VLAN, however similar to STP, convergence is slow. This
protocol load balances traffic at layer 2 by forwarding a number of VLANs on one trunk and
other VLANs on another due to the VLANs being treated as separate networks.
Rapid PVST+ is seen as a Cisco enhancement of Rapid Spanning Tree Protocol (RSTP) which
uses PVST+ whilst providing a separate instance of an IEEE standard for each VLAN. As
stated by Cisco, 2010 RSTP is an evolution of STP “that provides faster spanning tree
convergence”. Unlike PVST+, RSTP provides a single instance of spanning tree and faces
similar poor traffic flow speeds that STP faces. (Cisco, 2010, p.136). Each instance of Rapid
PVST+ supports Cisco proprietary extensions such as Port Fast, root guard, and loop guard
etc. This version of spanning tree addresses the convergence issues of the other versions and
the slow traffic flow speeds that is affected due to this. This version ensures that when a
connection is lost, another takes over much quicker.
As examined, PVST and Rapid PVST though better than their counterparts, both gives
advantage a network with their effectiveness in tackling redundancy issues inside a network.
Differences between PVST and Rapid PVST:

PVST and Rapid PVST both are the part of STP (Spanning Tree Protocols) used inside the
networks to avoid the loops in many kinds of switches. Some of the differences of PVST+
and Rapid PVST are given below: -
S. N PVST Rapid PVST
1 PVST is per-VLAN spanning tree It is an enhancement to STP
(which is the default for most cisco
switches). -
2 It means that you will run a spanning RSTP optimizes this by using P2P links
tree instance per VLAN. and taking up to only 2 seconds to
converge.

3 For example, you can have different For example, you can instead have one
root bridge on different VLANs (so that instance with VLAN 1-500 and another
spanning tree does not have to run as a instance with VLANs 501-1000
whole on the layer 2 domain, but can
run a different instance per-VLAN)
4 Support in older switches inside the Did not support old switches.
enterprise network.
5 CPU and memory requirements are high The CPU and memory requirements are
due to maintaining separate STP less than for Rapid PVST but more than
instances per VLAN for 802.1D.
First-hop redundancy protocols in IPv4 and IPv6

There are different First Hop Redundancy Protocols (FHRPs) that can be implemented within
a network. FHRPs enable an engineer to configure multiple physical routers making them
appear as though there are a single logical router. Using FHRPs make communication easier
due to a single default gateway can be configured and the end machine can use standard
protocols to communicate across the network. First hop derives from the first router hop that a
packet passes through. Redundancy protocols, both for IPv4 and IPv6 present a virtual router
to the clients on the network; this router holds its own IP and MAC address, and this IP is the
address which is configured on each of the end devices as the default gateway. The MAC
address is what will be returned when an Address Resolution Protocol (ARP) request is sent
by a host. The redundancy protocol is responsible for deciding which physical router actively
forwards traffic and which one is in standby mode; the standby router will take over from the
active router if it fails. To allow hosts to communicate outside a local network, a default
gateway is required to allows these packets, from either a LAN or VLAN to reach these remote
networks. If the default gateway fails however, the hosts within the local network will not be
able to communicate out to remote networks. The solution to this issue is FHRPs which allow
default gateway redundancy.
“Currently Cisco has support for Hot Standby Router Protocol (HSRP) and Gateway Load
Balancing (GLBP) in IPv6. There is an RFC5798 for Virtual Router Redundancy Protocol
(VRRP), but checking the Doc CD for this up to IOS 15.2M&T in the IPv6 configuration guide,
I did not see it. By default, IPv6 will use Router Advertisement (RA) to announce the presence
of a router on a segment and use the Default Router Preference (DRP) options inside ND to
determine the default gateway used. There is a good post on cisco ninja covering this and the
difference of operations in different versions of IOS that do and do not support all the same
DRP options.
IPv6 has a built-in redundancy mechanism inside ND called Neighbor Unreachability
Detection (NUD) using the Neighbor Solicitation (NS) and Neighbor Advertisement (NA) to
detect the failure. Reading RFC 5798, the most aggressive timers will only achieve failover
within 5 seconds, which would significantly increase the overhead of ND traffic in a real-world
network of say 254 hosts in most common IPv4 VLAN designs with a /24 subnet. There is a
good on packetlife.net that shows this down to about 1 second by adjusting the Router
Advertisement (RA) lifetime and Router Advertisement interval for more detailed information.

So, as we know that IPv6 uses ND and has a mechanism for detecting default routers and
failover, why do we need FHRPs? I would think that FHRPs are there for the same reason we
have so many protocols that sort of overlap we are always looking for a better mouse trap.
And in limited testing, relying on ND for default router and failover does not scale to provide
the predictable and reliable configurations that the FHRPs do. For example, I found no
preempt capabilities for the default router election. I will also make a nod to IPv6 security and
mention that NUD has no authentication mechanism. Authentication can be accomplished
using Secure Neighbor Discovery (SeND).
Now back to FHRPs, let’s do what we do and mock up a very basic FHRP network on a LAN
segment, and take a look at a few configuration parameters. We’ll start with HSRP, then GLBP,
as well as some packet captures with Wireshark and discuss some of the differences between
the IPv4 and IPv6 versions of each. The very basic FHRP network will use HOST1, R1, and
R2 on the LAN for the FHRP and a WAN router with serial interfaces for tracking and failover
scenarios.
HSRP
Hot Standby Router Protocol (HSRP) is Cisco proprietary and was the first FHRP to be
developed. HSRP is configured on a given interface and that interface will be part of a standby
group. As mentioned above, HSRP has multiple routers configured into a standby group, which
will share a virtual IP address and MAC address, whilst providing a default gateway. The
reason behind having a physical IP as well as a virtual is to provide the redundancy; these IP
addresses can either be IPv4 or IPv6 depending on what the network uses. Within HSRP, there
is a priority number; one of the routers will have a higher priority number which means it is
the preferred router, thus the active one. The other standby routers will be configured with the
same virtual IP as the hosts hold this as their default gateway and are not affected if a standby
router takes over.
First step to configure HSRP for IPv6 is to enable HSRP version 2 to support IPv6 standby
version 2. After that, the standby commands are pretty much the same as with IPv4 – creating
groups and adding tracking and preemption capabilities. After configuration of HSRP and the
Active -> Standby negotiation is complete, the Active HSRP router will send the RAs, and the
IPv6 hosts will use the new link local address that is auto configured with the command standby
1 ipv6 autoconfig.
Evaluation of Ether channel technology with solving bandwidth and load issues.
Ether channel
Ether channel is also known as port bonding. It is a port channel technology that is used to
group several ports which is two to eight into one logical channel. My report will demonstrate
the Ether Channel technology and how it helps to solve bandwidth and load issues.
As we know that most of the networks will usually have a number of links between switches
to provide redundancy resiliency on the network. Within a network that is configured with STP,
this protocol will put numerous ports into blocking mode to protect the network from loops and
layer 3 routing protocols will view these links as individual ones. Once ether channel has been
implemented, STP and the layer 3 routing protocols will treat the grouped links as an individual

one which will stop STP from 28 blocking the given ports. There are two aggregation protocols
that can be used to implement ether channel; Port Aggregation Protocol (PAgP) and Link
Aggregation Control Protocol (LACP). PAgP is Cisco’s proprietary protocol that can be used
to configure channels and ether channel on ports. The links in the group must have the same
parameters such as speed, duplex, VLAN information otherwise the ports will not be grouped
into a channel. Once this channel is active, it will be added to STP ad a single bridge port and
PAgP will send packets in 30 second intervals to manage the link for consistency e.g. link
additions, changes and failures. PAgP uses “auto” and “desirable”; auto enables PAgP only if
a PAgP device is detected and desirable enables PAgP unconditionally.
LACP is non-proprietary, thus is used between other vendor networks. It has the same purpose
as PAgP, however uses different commands to configure ether channel on the network. LACP
uses the commands “active” and “passive”; active enables LACP unconditionally and passive
enables LACP only if a LACP device is detected. Ether channel can be configured without
PAgP or LACP by using the command “on”, however Cisco advises one of the protocols to be
used to assist with compatibility issues whilst also managing link additions and failures
between the configured switches. Ether channel helps solve bandwidth issues as it helps
achieve greater speeds by grouping links, thus increasing the amount of bandwidth due to the
links being seen as one link instead of multiple. This technology also solves load balancing
issues as it will balance the traffic load across the links, increasing efficiency on the network.
Another benefit of using ether channel is the redundancy it provides; due to there being multiple
links grouped into one logical channel, there are more available links to mitigate against a loss
of links.
Conclusion:
In the end of this part of the report, I had including the network design models with their
contribution to design the scalable and reliable network. After analyzing different network
design models explained the detailed concept about LAN redundancy with possible solution of
layer 2 and layer 3 of OSI model. Also covered how the redundancy protocols support scalable
networks with the complete network design as per the requirement of NEC. Also included the
selection of the networking devices for the prototype of NEC. After that compared between
PVST and RAPID PVST along with their effectiveness in solving redundancy issues. In
addition, I involved detail explanation of how the first-hop redundancy protocols will work for
IPv4 and IPv6. At last I included the evaluation of Ether Channel technology solving bandwidth
and load issues as required of the task.
Part 2:
Introduction:
As required by the task I will examine WAN technologies and select the appropriate one for a
set of enterprise requirements and analyze the benefits and drawbacks of public and private
WAN technologies. While implementing the designed topology WAN connectivity is the main
way to communicate with branch networks. After that finishing these all parts I will show the
configure WAN protocols as part of an enterprise network. I will include by deploying network
monitoring tools and troubleshooting methods to establish network baselines and produce
network documentation. Also, step by step process of troubleshooting methods with

troubleshoot LAN and WAN connectivity issues at different networking layers and evaluated
features and benefits of different VPN types based on organizational needs. At last will
conclude the entire task with troubleshooting methods and their effectiveness in solving
enterprise wide networking issues.
WAN (Wide Area Network)

A Wide Area Network (WAN) differs to that of a LAN in that a WANs infrastructure is
typically leased from a service provider instead of owning the infrastructure which is usually
what occurs within a LAN. Defined by Cisco, 2010, p.200, a WAN is a “Data communications
network that serves users across a broad geographic area and often uses transmission devices
provides by common carriers.” There are a number of different WAN technologies that can be
implemented within a network. A given set of requirements will define which WAN
technology is appropriate for the enterprise network.
WAN Technologies:
There are various kinds of WAN technologies, however these can be broken down to either be public
or private WAN technologies. There are benefits and drawbacks to these technologies and these will
be analyzed below.
Private WAN Technologies:
Leased Lines
Leased Lines is a form of private WAN technologies due to these being point-to-point lines
that are leased from a service provider. These lines are permanent dedicated connections which
provide WAN communication paths from a customer’s site to the provider’s network.
Organizations pay a monthly fee to lease these lines from a service provider which enables
them to use the line. The fee of these lines differs due to there being different capabilities, the
bandwidth that is required and the distance between the connected points.
There are a number of benefits and drawbacks to using leased lines, the advantages being
simplicity, quality and availability. They require minimal knowledge to install and maintain,
the links normally provide high service quality, and due to the dedicated connection, it removes
latency between the connections. The drawbacks are cost and there is limited flexibility. The
point-to-point links tend to be the more expensive type of WAN access, as well as each
endpoint requiring an interface on the router, which increases the equipment. Leased lines have
a fixed capacity, which means that the bandwidth may not meet the requirements specifically.
Dialup
Dialup is another form of WAN access and can be used when there is no other technology
available. This technology is appropriate when there is a requirement for intermittent, low-
volume data transfers.
There are multiple advantages and disadvantages of this technology, the advantages being
simplicity, availability, and low implementation cost. The disadvantages consist of the low data
rates and a long connection time. Similar to that of leased lines, due to this also being a
dedicated circuit, there is little delay or latency for point-to-point traffic, however due to the
low bit rates, voice and video traffic is not effectively sent over the network.

Ethernet WAN
Ethernet started off as a LAN access technology, due to the maximum cable length being on
kilometer. However, there are newer Ethernet standards that use fiber-optic cables which make
it possible for Ethernet to now be a WAN technology e.g. it can range from 5km to 70km
depending on the IEEE base used.
An Ethernet WAN has multiple benefits consisting of reduced expenses and administration,
easy integration with existing networks and enhanced business productivity. It provides a high-
bandwidth layer 2 network which supports managing of data, voice and video within the same
infrastructure; this increases bandwidth and allows companies to inexpensively connect sites
to other sites and networks.
Public WAN technologies
DSL
As mentioned previously, this technology is an always-on connection that will use existing
telephone lines to transport high-bandwidth data, whilst providing IP services to users. An
Ethernet signal is converted from an end device to a DSL signal using a DSL modem which is
then sent to the central office. A remote user must connect to an ISP before an IP connection
is established through the Internet to the enterprise network.
This technology has multiple benefits and drawbacks such as it is achieving fast data rates, no
additional wiring and security due it normally accessing a separate network the main section
of the network. The drawbacks of this technology are the proximity, the greater the distance,
the less efficient the service will be, slower uploads and if the lines are busy with other
communications occurring, the connection may be slow.
Wireless
Wireless uses the unlicensed radio spectrum to transmit and receive data; due to this spectrum
being unlicensed, it is accessible to anyone who has a wireless device. There are multiple
wireless technologies that have evolved that allow wireless access to travel further than the
local transmission range of 100 feet. One of these technologies is Municipal Wi-Fi which
provides high-speed Internet access for free or for a low cost. To connect to this Wi-Fi, a user
needs a wireless modem; this provides a stronger radio frequency than wireless adapters do.
Virtual Private Network:

VPN stands for Virtual Private Network (VPN), that allows a user to connect to a private
network over the Internet securely and privately. VPN creates an encrypted connection that is
called VPN tunnel, and all Internet traffic and communication is passed through this secure
tunnel. A VPN is an encrypted virtual connection between private networks over a public
network and uses a VPN tunnel which is routed through the Internet from the private network
of the organization to the remote site or end device. VPNs have multiple benefits such as cost
saving, security, scalability, and compatibility with broadband technology.
In the given below this is two types of VPN basically which was described below:

Remote Access VPN:

Remote Access VPN permits a user to connect to a private network and access all its services
and resources remotely. The connection between the user and the private and resources
remotely. The connection between the user and the private network occurs through the
Internet and the connection is secure and private. Remote Access VPN is useful for home
users and business users both. An employee of a company, while he/she is out of station, uses
a VPN to connect to his/her company’s private network a remotely access files and resources
on the private network. Private users or home users of VPN, primarily use VPN services to
bypass regional restrictions on the Internet and access blocked websites. Users aware of
Internet security also use VPN services to enhance their Internet security and privacy.
Site to Site VPN:

A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large
companies. Companies or organizations, with branch offices in different locations, use Site-
to-site VPN to connect the network of one office location to the network at another office
location.
• Intranet based VPN: When several offices of the same company are connected using
Site-to-Site VPN type, it is called as Intranet based VPN.
• Extranet based VPN: When companies use Site-to-site VPN type to connect to the
office of another company, it is called as Extranet based VPN.
Basically, Site-to-site VPN create a imaginary bridge between the networks at geographically
distant offices and connect them through the Internet and sustain a secure and private
communication between the networks. In Site-to-site VPN one router acts as a VPN Client
and another router as a VPN Server as it is based on Router-to-Router communication. When
the authentication is validated between the two routers only then the communication starts.
Types of Virtual Private Network (VPN) Protocols:
Internet Protocol Security (IPsec):

Internet Protocol Security, known as IPsec, is used to secure Internet communication across
an IP network. IPsec secures Internet Protocol communication by verifying the session and
encrypts each data packet during the connection.
IPsec runs in 2 modes:
• (i) Transport mode
• (ii) Tunneling mode
The work of transport mode is to encrypt the message in the data packet and the tunneling
mode encrypts the whole data packet. IPsec can also be used with other security protocols to
improve the security system.
Layer 2 Tunneling Protocol (L2TP):

L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with
another VPN security protocol like IPsec to establish a highly secure VPN connection. L2TP
generates a tunnel between two L2TP connection points and IPsec protocol encrypts the data
and maintains secure communication between the tunnel.

Point-To-Point Protocol (POP)

PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet.
It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one
of the most widely used VPN protocol and has been in use since the time of Windows 95. Apart
from Windows, PPTP is also supported on Mac and Linux.
SSL and TLS:

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection
where the web browser acts as the client and user access is prohibited to specific applications
instead of entire network. Online shopping websites commonly uses SSL and TLS protocol.
It is easy to switch to SSL by web browsers and with almost no action required from the user
as web browsers come integrated with SSL and TLS. SSL connections have “https” in the
initial of the URL instead of “http”.
Open VPN:
Open VPN is an open-source VPN that is commonly used for creating Point-to-Point and
Site-to-Site connections. It uses a traditional security protocol based on SSL and TLS
protocol.
Secure Shell (SSH):

Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and
also ensures that the tunnel is encrypted. SSH connections are generated by a SSH client and
data is transferred from a local port on to the remote server through the encrypted tunnel.
Features of Virtual Private Network:

Privacy:
You should know what kind of privacy you really need. Is it for surfing, downloading, going
past the Great Firewall of China or simply accessing blocked sites? Many VPN services offer
one or more of these capabilities.
Software/features:
Platforms should not be limited to ease of use; they should include features such as kill switches
and DNS leak prevention tools which provide a further layer of protection. Support: Customer
support must be reliable, fast and easy to access. The customer service should also be able to
answer questions in the least amount of time. Free trials/money-back guarantee: These two
ensure that users get to evaluate a service first before committing to one.
Security:
One should consider the level of security that a service offers. This can prevent hackers and
agencies from accessing your data. Cross-platform support: A VPN solution should be able to
run on any device. To do this, setup guides for different platforms should be provided by the
vendor.
Price:

Make sure that the price you pay should be would be equivalent to the service you get. You
can do this by comparing the features and prices of different services. The number of
servers/countries: For VPN services, the more servers there are, the better the service. This
allows users to connect from virtually all over the world. It will also enable them to change
their locations at will.
Speed:
It’s common knowledge that using VPN comes with reduction in Internet speed. This is due to
the fact that signals need to travel long distances and the demands of the encryption and
decryption processes. Choose a service that has minimal impact on Internet speed.
Issues in VPN:
Unable to Establish a Tunnel:
A problem that could persist despite the absence of obvious causes, this issue may be caused
by IP packet filtering or the presence of a proxy server between the client and the VPN server.
Tweaking the configurations setting can resolve this issue.
Rejected VPN connection:
Rejection of VPN connection is one of the most common problems associated with the
solution’s use. There are a lot of factors that can cause this problem, among them is the failure
of the Routing and Remote Access service, DNS problems, issues with the authentication
process and lack of dial-in privileges. Unable to Reach Locations Beyond VPN Servers: Also
a common problem, this issue is caused by lack of permission to access the entire VPN network
or a number of routing factors. This can be resolved by tweaking the settings.
Acceptance of Unauthorized Connections:
Although an uncommon problem, this situation does occur and could cause far more serious
security issues. This problem could be caused by bugs in operating systems.” (Nestor Gilbert,
2018).
Deploying network monitoring tools and troubleshooting documentation:

S. Configuration Expected Screen shots
N Name Output
BIJAY KUMAR YADAV/THIRD SEM/SEC N2 25

1 IP addressing Should not

ping. able to ping
with core
switch
without
using access
in layer2 and
trunk in
layer3(NEC
Cores witch)
Actual Output Remarks

As expected, being in same Successfully
network not able to ping with the
tested
gate way IP of core switch.
S. Name Expect Screen shots (Output)

N ed
Output
1 IP Should
addressi be able
ng ping to ping
by with
using core
access switch
and . First
trunk. assigni
ng the
access
to
layer-2
switch
and
trunk
in
layer 3
to
ping.
ASHISH DHUNGANA/THIRD SEM/SEC N2 26

S. Process Screen Shots

N
1 (Assign
ing
access
to layer-
2
switch)
2 Assigni
ng trunk
in layer-
3
Site to site VPN with IP sec policy:

At first active all the router used in the site-to-site VPN by following upper steps and scripts after
that follow the following steps and scripts: -
S. Scripts Used Screen Shots
N along with tools
steps guide

1 Assign the Cisc

ip address o
in the Pack
router et
interfaces Trac
by er
selecting
the
interface
through
the
interface
giga0/0
and
assigning
the IP
address
through
the ip
address
required ip
address
and sub net
mask.
(Head
quarter
Router)
2 Similarly
give the
connection
between
your router
and ISP
routers.
3 Configure
same way
in the ISP
router too.
From the
facing site
of the head
quarter
router to
ISP
routers.

4 As like
Head
quarter
router
configurati
on follow
the same
script and
steps to
configure
branch
router.
5 Give the
connection
between
the Branch
office
network to
the ISP
network by
selecting
the
interface
and
assigning
the ip
address.
5 Allow the
connection
between
the branch
office and
ISP
network by
selecting
the
interface
and
assigning
the IP
address in
the facing
port with
similar
networks.

Troubleshooting Methods:
There are many different troubleshooting methods that can be used and implemented in a
network to solve enterprise-wide networking issues. This report will evaluate a number of
troubleshooting methods and their effectiveness in a network.
Syslog Server
Syslog is a logging tool which sends log events from all devices that it is configured on to the
server that it is set up on. Syslog messages are sent over UDP and the IP transport mechanism
is defined rather than the syslog content. It is down to the application to develop informative
logs for the receiver. The message that is captured will contain a severity level and a facility;
the facility is the type of message that is being sent e.g. any, authorization, fire etc. and the
severity shows the important of the message e.g. emergency to debug, this level can be defined
by the administrator. Syslog helps to reduce the downtime of the network as it logs the
messages and lets the administrator know what events are occurring on the network, which can
mitigate against a loss of connection. These logs are also a form of alert system due to the
severity level that is sent with the messages, and this alerts the administrator to if the network
needs to be troubleshooted, or whether an unauthorized user is attempting to access the
network.
NTP Server
When logs are being examined, it is essential to the network administrator that the correct date
and time are recorded for each event that is held in the syslog server. Although the time and
date can be set manually across all devices, it is easier to have an NTP source on a server which
synchronizes the time across all devices to be the same. Using NTP also helps to ensure that
the clock speed is the same, and it doesn’t drift. NTP was established for clock synchronization,
which also helps to synchronize the time across the whole of the network.
SMP
Simple Network Management Protocol (SNMP) is used to receive information for the agent on
the network. The administrator can poll the switch which will return with a response on its
health information e.g., memory utilization, link status, firewall filter statistics etc. The switch
is also capable of undergoing a process called trap whereby it sends event information to the
network manager without the manager polling the switch. To communicate this information, a
Management Information Base (MIB) is used; a MIB has a tree structure which defines groups
of objects into related sets. MIBs are identified by Object Identifiers (OID) and these names
the objects. Once configured, SNMP GETs can be received on given interfaces. Vendors
recommend restricting access to specific interfaces and clients e.g., management network.
WAN Router Initial Installation Scenario

A common problem when bringing new internetworking nodes online is that systems on one
side of the new node often are unable to communicate with systems on the other side. The
problem scenario that follows explores this kind of situation in the context of a private X.25
WAN. In this case, several problems are uncovered during troubleshooting before a final
resolution is achieved.

Symptoms
No traffic of any kind can pass through a newly installed router used to interconnect an Ethernet
based network segment with a private X.25 WAN. Local-area networks (LANs) previously
interconnected with the X.25 WAN continue to communicate without disruption of service.
However, users trying to make connections cannot get through to resources on the new
segment.
OSI Model:
The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to
describe the functions of a networking system. The OSI model characterizes computing
functions into a universal set of rules and requirements in order to support interoperability
between different products and software. In the OSI reference model, the communications
between a computing system are split into seven different abstraction layers: Physical, Data
Link, Network, Transport, Session, Presentation, and Application.
Created at a time when network computing was in its infancy, the OSI was published in 1984
by the International Organization for Standardization (ISO). Though it does not always map
directly to specific systems, the OSI Model is still used today as a means to describe Network
Architecture.
Physical Layer
The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw
unstructured data bits across the network from the physical layer of the sending device to the
physical layer of the receiving device. It can include specifications such as voltages, pin layout,
cabling, and radio frequencies. At the physical layer, one might find “physical” resources such
as network hubs, cabling, repeaters, network adapters or modems.
Data Link Layer

At the data link layer, directly connected nodes are used to perform node-to-node data transfer
where data is packaged into frames. The data link layer also corrects errors that may have
occurred at the physical layer.
The data link layer encompasses two sub-layers of its own. The first, media access control
(MAC), provides flow control and multiplexing for device transmissions over a network. The
second, the logical link control (LLC), provides flow and error control over the physical
medium as well as identifies line protocols.
Network Layer
The network layer is responsible for receiving frames from the data link layer, and delivering
them to their intended destinations among based on the addresses contained inside the frame.
The network layer finds the destination by using logical addresses, such as IP (internet
protocol). At this layer, routers are a crucial component used to quite literally route information
where it needs to go between networks.
Transport Layer
The transport layer manages the delivery and error checking of data packets. It regulates the
size, sequencing, and ultimately the transfer of data between systems and hosts. One of the
most common examples of the transport layer is TCP or the Transmission Control Protocol.

Session Layer
The session layer controls the conversations between different computers. A session or
connection between machines is set up, managed, and terminal at layer 5. Session layer
services also include authentication and reconnections.
Presentation Layer
The presentation layer formats or translates data for the application layer based on the syntax
or semantics that the application accepts. Because of this, it at times also called the syntax
layer. This layer can also handle the encryption and decryption required by the application
layer.
Application Layer
At this layer, both the end user and the application layer interact directly with the software
application. This layer sees network services provided to end-user applications such as a web
browser or Office 365. The application layer identifies communication partners, resource
availability, and synchronizes communication. Protocols that are used at this layer are HTTP,
Telnet, FTP etc.
To troubleshoot using the OSI model, the recommended approach in the bottom-up approach.
This approach starts from layer 1 and will move up the layers until the issue is found.
Evaluated above are a number of troubleshooting methods and their effectiveness in solving
enterprise-wide networking issues. Without these methods being implemented a network
administrator will not know what is happening in the background of the network; the logs
created by syslog are beneficial in seeing different events, NTP synchronizes not only time
across the network, but will update the logs in the syslog server with the correct time that the
event took place.
Evaluating troubleshooting methods with effectiveness in solving enterprise based

network
“Most modern enterprises depend heavily on the smooth operation of their network
infrastructure. Network downtime usually translates to loss of productivity, revenue, and
reputation. Network troubleshooting is therefore one of the essential responsibilities of the
network support group. The more efficiently and effectively the network support personnel
diagnose and resolve problems, the lower impact and damages will be to business. In complex
environments, troubleshooting can be a daunting task, and the recommended way to diagnose
and resolve problems quickly and effectively is by following a structured approach. Structured
network troubleshooting requires well-defined and documented troubleshooting procedures.
This task explains the benefits of structured troubleshooting and identifies the leading
principles that are at the core of all troubleshooting methodologies. Implementing
troubleshooting procedures was defined above task, with a discussion on gathering and
analyzing information and solving the problem. Finally, the generic troubleshooting processes
and their relation to network maintenance processes are analyzed along with the role of change
control and documentation.
Troubleshooting Methodologies
Troubleshooting is not an exact science, and a particular problem can be diagnosed and
sometimes even solved in many different ways. However, when you perform structured

troubleshooting, you make continuous progress, and usually solve the problems faster than it
would take using an ad hoc approach. There are many different structured troubleshooting
approaches. For some problems, one method might work better, whereas for others, another
method might be more suitable. Therefore, it is beneficial for the troubleshooter to be familiar
with a variety of structured approaches and select the best method or combination of methods
to solve a particular problem.
Troubleshooting Principles
Troubleshooting is the process that leads to the diagnosis and, if possible, resolution of a
problem. Troubleshooting is usually triggered when a person reports a problem. Some people
say that a problem does not exist until it is noticed, perceived as a problem, and reported as a
problem. This implies that you need to differentiate between a problem, as experienced by the
user, and the actual cause of that problem. The time a problem is reported is not necessarily the
same time at which the event causing the problem happened. Also, the reporting user generally
equates the problem to the symptoms, whereas the troubleshooter often equates the problem to
the root cause. For example, if the Internet connection fails on Saturday in a small company, it
is usually not a problem, but you can be sure that it will turn into a problem on Monday morning
if it is not fixed before then. Although this distinction between symptoms and cause of a
problem might seem philosophical, you need to be aware of the potential communication issues
that might arise from it.
Generally, reporting of a problem triggers the troubleshooting process. Troubleshooting starts
by defining the problem. The second step is diagnosing the problem during which information
is gathered, the problem definition is refined, and possible causes for the problem are proposed.
Eventually this process should lead to a hypothesis for the root cause of the problem. At this
time, possible solutions need to be proposed and evaluated. Next, the best solution is selected
and implemented. Following figure illustrates the main elements of a structured
troubleshooting approach and the transition possibilities from one step to the next.
Flow Chart of a Structured Troubleshooting Approach

It is noteworthy, however, that the solution to a network problem cannot always be readily
implemented and an interim workaround might have to be proposed. The difference between a
solution and a workaround is that a solution resolves the root cause of the problem, whereas a
workaround only alleviates the symptoms of the problem.
Although problem reporting and resolution are definitely essential elements of the
troubleshooting process, most of the time is spent in the diagnostic phase. One might even
believe that diagnosis is all troubleshooting is about. Nevertheless, within the context of
network maintenance, problem reporting and resolution are indeed essential parts of

troubleshooting. Diagnosis is the process of identifying the nature and cause of a problem. The
main elements of this process are as follows:
Gathering information:
Gathering information happens after the problem has been reported by the user (or anyone).
This might include interviewing all parties (user) involved, plus any other means to gather
relevant information. Usually, the problem report does not contain enough information to
formulate a good hypothesis without first gathering more information. Information and
symptoms can be gathered directly, by observing processes, or indirectly, by executing tests.
Analyzing information:
After the gathered information has been analyzed, the troubleshooter compares the symptoms
against his knowledge of the system, processes, and baselines to separate normal behavior from
abnormal behavior.
Eliminating possible causes:
By comparing the observed behavior against expected behavior, some of the possible problems
causes are eliminated.
Formulating a hypothesis:
After gathering and analyzing information and eliminating the possible causes, one or more
potential problem causes remain. The probability of each of these causes will have to be
assessed and the most likely cause proposed as the hypothetical cause of the problem.
Testing the hypothesis:
The hypothesis must be tested to confirm or deny that it is the actual cause of the problem. The
simplest way to do this is by proposing a solution based on this hypothesis, implementing that
solution, and verifying whether this solved the problem. If this method is impossible or
disruptive, the hypothesis can be strengthened or invalidated by gathering and analyzing more
information.
All troubleshooting methods include the elements of gathering and analyzing information,
eliminating possible causes, and formulating and testing hypotheses. Each of these steps has
its merits and requires some time and effort; how and when one moves from one step to the
next is a key factor in the success level of a troubleshooting exercise. In a scenario where you
are troubleshooting a complex problem, you might go back and forth between different stages
of troubleshooting Gather some information, analyze the information, eliminate some of the
possibilities, gather more information, analyze again, formulate a hypothesis, test it, reject it,
eliminate some more possibilities, gather more information, and so on.
If you do not take a structured approach to troubleshooting and go through its steps back and
forth in an ad hoc fashion, you might eventually find the solution however, the process in
general will be very inefficient. Another drawback of this approach is that handing the job over
to someone else is very hard to do; the progress results are mainly lost. This can happen even
if the troubleshooter wants to resume his own task after he has stopped for a while, perhaps to
take care of another matter. A structured approach to troubleshooting, regardless of the exact
method adopted, yields more predictable results in the long run. It also makes it easier to pick
up where you left off or hand the job over to someone else without losing any effort or results.
A troubleshooting method that is commonly deployed both by inexperienced and experienced

troubleshooters is the shoot-from-the-hip method. Using this method, after a very short period
of gathering information, the troubleshooter quickly makes a change to see if it solves the
problem. Even though it may seem like random troubleshooting on the surface, it is not. The
reason is that the guiding principle for this method is knowledge of common symptoms and
their corresponding causes, or simply extensive relevant experience in a particular environment
or application. This technique might be quite effective for the experienced troubleshooter most
times, but it usually does not yield the same results for the inexperienced troubleshooter.
Following figure shows how the shoot from the hip goes about solving a problem, spending
almost no effort in analyzing the gathered information and eliminating possibilities.
The Shoot-from-the-Hip Troubleshooting Method

Assume that a user reports a LAN performance problem and in 90 percent of the past cases
with similar symptoms, the problem has been caused by duplex mismatch between users'
workstation (PC or laptop) and the corresponding access switch port. The solution has been to
configure the switch port for 100-Mbps full duplex. Therefore, it sounds reasonable to quickly
verify the duplex setting of the switch port to which the user connects and change it to 100-
Mbps full duplex to see whether that fixes the problem. When it works, this method can be
very effective because it takes very little time. Unfortunately, the downside of this method is
that if it does not work, you have not come any closer to a possible solution, you have wasted
some time (both yours and users), and you might possibly have caused a bit of frustration.
Experienced troubleshooters use this method to great effect. The key factor in using this method
effectively is knowing when to stop and switch to a more methodical (structured) approach.
Structured Troubleshooting Approaches
A structured troubleshooting method is used as a guideline through a troubleshooting process.
The key to all structured troubleshooting methods is systematic elimination of hypothetical
causes and narrowing down on the possible causes. By systematically eliminating possible
problem causes, you can reduce the scope of the problem until you manage to isolate and solve
the problem. If at some point you decide to seek help or hand the task over to someone else,
your findings can be of help to that person and your efforts are not wasted.
Mainly troubleshooting approaches include the following:

Top down:
Using this approach, you work from the Open Systems Interconnection (OSI) model's
application layer down to the physical layer.
Bottom up:
The bottom-up approach starts from the OSI model's physical layer and moves up to the
application layer.

Divide and conquer:

Using this approach, you start in the middle of the OSI model's stack (usually the network
layer) and then, based on your findings, you move up or down the OSI stack.
Follow the path:
This approach is based on the path that packets take through the network from source to
destination.
Spot the differences:
As the name implies, this approach compares network devices or processes that are operating
correctly to devices or processes that are not operating as expected and gathers clues by spotting
significant differences. In case the problem occurred after a change on a single device was
implemented, the spot-the-differences approach can pinpoint the problem cause by focusing on
the difference between the device configurations, before and after the problem was reported.
Move the problem:
The strategy of this troubleshooting approach is to physically move components and observe
whether the problem moves with the components.
These all-troubleshooting approaches are described below:
Top-Down Troubleshooting Method
The top-down troubleshooting method uses the OSI model as a guiding principle. One of the
most important characteristics of the OSI model is that each layer depends on the underlying
layers for its operation. This implies that if you find a layer to be operational, you can safely
assume that all underlying layers are fully operational as well. So for instance, if you are
researching a problem of a user that cannot browse a particular website and you find that you
can establish a TCP connection on port 80 from this host to the server and get a response from
the server, you can typically draw the conclusion that the transport layer and all layers below
must be fully functional between the client and the server and that this is most likely a client
or server problem and not a network problem. Be aware that in this example it is reasonable to
conclude that Layers 1 through 4 must be fully operational, but it does not definitively prove
this. For instance, non-fragmented packets might be routed correctly, while fragmented packets
are dropped. The TCP connection to port 80 might not uncover such a problem. Essentially,
the goal of this method is to find the highest OSI layer that is still working. All devices and
processes that work on that layer or layers below are then eliminated from the scope of the
problem. It might be clear that this method is most effective if the problem is on one of the
higher OSI layers. This approach is also one of the most straightforward troubleshooting
methods, because problems reported by users are typically defined as application layer
problems, so starting the troubleshooting process at that layer is an obvious thing to do. A
drawback or impediment to this method is that you need to have access to the client's
application layer software to initiate the troubleshooting process, and if the software is only
installed on a small number of machines, your troubleshooting options might be limited.
Bottom-Up Troubleshooting Method
The bottom-up troubleshooting approach also uses the OSI model as its guiding principle with
the physical layer (bottom layer of the OSI stack) as the starting point. In this approach you
work your way layer by layer up toward the application layer, and verify that relevant network
elements are operating correctly. You try to eliminate more and more potential problem causes

so that you can narrow down the scope of the potential problems. A benefit of this method is
that all of the initial troubleshooting takes place on the network, so access to clients, servers,
or applications is not necessary until a very late stage in the troubleshooting process. Based on
experience, you will find that most network problems are hardware related. If this is applicable
to your environment, the bottom-up approach will be most suitable for you. A disadvantage of
this method is that, in large networks, it can be a time-consuming process, because a lot of
effort will be spent on gathering and analyzing data and you always start from the bottom layer.
The best bottom-up approach is to first reduce the scope of the problem using a different
strategy and then switch to the bottom-up approach for clearly bounded parts of the network
topology.
Divide-and-Conquer Troubleshooting Method
The divide-and-conquer troubleshooting method strikes a balance between the top-down and
bottom-up troubleshooting approaches. If it is not clear which of the top-down or bottom-up
approaches will be more effective for a particular problem, an alternative is to start in the
middle (typically the network layer) and perform some tests such as ping. Ping is an excellent
connectivity testing tool. If the test is successful, you can assume that all lower layers are
functional, and so you can start a bottom-up troubleshooting starting from this layer. However,
if the test fails, you can start a top-down troubleshooting starting from this layer. Whether the
result of the initial test is positive or negative, this method will usually result in a faster
elimination of potential problems than what you would achieve by implementing a full top-
down or bottom-up approach. Therefore, the divide-and-conquer method is considered a highly
effective troubleshooting approach.
Follow-the-Path Troubleshooting Method
The follow-the-path approach is one of the most basic troubleshooting techniques, and it
usually complements one of the other troubleshooting methods such as the top-down or the
bottom-up approach. The follow-the-path approach first discovers the actual traffic path all the
way from source to destination. Next, the scope of troubleshooting is reduced to just the links
and devices that are actually in the forwarding path. The principle of this approach is to
eliminate the links and devices that are irrelevant to the troubleshooting task at hand.
Spot-the-Differences Troubleshooting Method
Another common troubleshooting approach is called spotting the differences. By comparing
configurations, software versions, hardware, or other device properties, links, or processes
between working and nonworking situations and spotting significant differences between them,
this approach attempts to resolve the problem by changing the nonoperational elements to be
consistent with the working ones. The weakness of this method is that it might lead to a working
situation, without clearly revealing the root cause of the problem. In some cases, you are not
sure whether you have implemented a solution or a workaround. Following figure shows two
routing tables one belongs to Branch2, experiencing problems, and the other belongs to
Branch1, with no problems. If you compare the content of these routing tables, as per the
spotting-the-differences approach, a natural deduction is that the branch with problems is
missing a static entry. The static entry can be added to see whether it solves the problem.
Move-the-Problem Troubleshooting Method
Move the problem is a very elementary troubleshooting technique that can be used for problem
isolation: You physically swap components and observe whether the problem stays in place,

moves with the component, or disappears entirely. Following figure shows two PCs and three
laptops connected to a LAN switch, among which laptop B has connectivity problems.
Assuming that hardware failure is suspected, you must discover if the problem is on the switch,
the cable, or the laptop. One approach is to start gathering data by checking the settings on the
laptop with problems, examining the settings on the switch, comparing the settings of all the
laptops, and the switch ports, and so on. However, you might not have the required
administrative passwords for the PCs, laptops, and the switch. The only data that you can gather
is the status of the link LEDs on the switch and the laptops and PCs. What you can do is
obviously limited. A common way to at least isolate the problem (if it is not solved outright) is
cable or port swapping. Swap the cable between a working device and laptop B (the one that
is having problems). Move the laptop from one port to another using a cable that you know for
sure is good. Based on these simple moves, you can isolate whether the problem is cable,
switch, or laptop related.
Move the Problem: Laptop B Is Having Network Problems

Just by executing simple tests in a methodical way, the move-the-problem approach enables
you to isolate the problem even if the information that you can gather is minimal. Even if you
do not solve the problem, you have scoped it to a single element, and you can now focus further
troubleshooting on that element. Note that in the previous example if you determine that the
problem is cable related, it is unnecessary to obtain the administrative password for the switch,
PCs, and laptops. The drawbacks of this method are that you are isolating the problem to only
a limited set of physical elements and not gaining any real insight in what is happening, because
you are gathering only very limited indirect information. This method assumes that the problem
is with a single component. If the problem lies within multiple devices, you might not be able
to isolate the problem correctly.
Conclusion:
While implementing the designed topology WAN connectivity is the main way to
communicate with branch networks. So as required by the task I examined WAN technologies
and select the appropriate one for a set of enterprise requirements and analyzed the benefits
and drawbacks of private and public WAN technologies. After finishing this step, I included
by deploying network monitoring tools and troubleshooting methods to establish network
baselines and produce network documentation. Also, step by step process of troubleshooting
methods with troubleshoot LAN and WAN connectivity issues at different networking layers
and evaluated features and benefits of different VPN types based on organizational needs. At
last concluded the entire task with troubleshooting methods and their effectiveness in solving
enterprise-wide networking issues.

Bibliography
https://financesonline.com/vpn-software-analysis-features-types-benefits-pricing/#features
https://www.forcepoint.com/cyber-edu/osi-model
https://searchnetworking.techtarget.com/definition/virtual-LAN
http://www.omnisecu.com/cisco-certified-network-associate-ccna/per-vlan-spanning-tree-
pvst-and-per-vlan-spanning-tree-plus-pvst+.php
https://www.techopedia.com/definition/30186/network-design
https://www.ciscopress.com/articles/article.asp?p=2202411&seqNum=7
https://www.cisco.com/c/en/us/support/switches/catalyst-2960-24tt-lswitch/model.html
https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integratedservices-
routers-isr/data_sheet-c78-732542.html#ProductSpecifications

TND Done

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

TND Done

Uploaded by

Copyright:

Available Formats

Transport Network Design

Name: Ashish Dhungana

Ashish Dhungana/THIRD SEM/SEC N2 1

WAN (Wide Area Network) ............................................................................................................... 21

Ashish Dhungana/THIRD SEM/SEC N2 2

Ashish Dhungana/THIRD SEM/SEC N2 3

Network Design Model

The Flat Network Model

The Star Network Model

Ashish Dhungana/THIRD SEM/SEC N2 4

Fig of: Star Network Model

The Ring Network Model

Ashish Dhungana/THIRD SEM/SEC N2 5

Figure of: Ring Model Network

The Mesh Network Model

Figure of: Mesh Network Model

The Three-Tier Network Model

Ashish Dhungana/THIRD SEM/SEC N2 6

Ashish Dhungana/THIRD SEM/SEC N2 7

Characteristics of scalable network:

Ashish Dhungana/THIRD SEM/SEC N2 8

➢ It allows us to efficiently accommodate future growth.

Ashish Dhungana/THIRD SEM/SEC N2 9

Figure: Network with No layer 3 Redundancy

Ashish Dhungana/THIRD SEM/SEC N2 10

Network Design for the NEC

Ashish Dhungana/THIRD SEM/SEC N2 11

Ashish Dhungana/THIRD SEM/SEC N2 12

Assigning IP address in Router:

Ashish Dhungana/THIRD SEM/SEC N2 13

Configuration of Layer-2 Switch in Cisco Packet Tracer Tools

Ashish Dhungana/THIRD SEM/SEC N2 14

1 (a) Enable the

Some basic security applied in layer 2 switch:

Configuring Remote Access:

2 Then type login and

Ashish Dhungana/THIRD SEM/SEC N2 15

Securing Privileged Exec Mode:

Selecting Network Devices

Ashish Dhungana/THIRD SEM/SEC N2 16

Analyzing PVST+ and Rapid PVST+ protocols.

Differences between PVST and Rapid PVST:

Ashish Dhungana/THIRD SEM/SEC N2 17

First-hop redundancy protocols in IPv4 and IPv6

Ashish Dhungana/THIRD SEM/SEC N2 18

Ashish Dhungana/THIRD SEM/SEC N2 19

Ashish Dhungana/THIRD SEM/SEC N2 20

WAN (Wide Area Network)

Private WAN Technologies:

Ashish Dhungana/THIRD SEM/SEC N2 21

Public WAN technologies

Virtual Private Network:

Ashish Dhungana/THIRD SEM/SEC N2 22

Remote Access VPN:

Site to Site VPN:

Types of Virtual Private Network (VPN) Protocols:

Internet Protocol Security (IPsec):

Layer 2 Tunneling Protocol (L2TP):

Ashish Dhungana/THIRD SEM/SEC N2 23

Point-To-Point Protocol (POP)

SSL and TLS:

Secure Shell (SSH):

Features of Virtual Private Network: