Professional Documents
Culture Documents
CT100-3-2-SWIT
Switching Technologies
NP2F2009IT
HAND OUT DATE: 20 October 2021
HAND IN DATE: 25 March 2022
Weightage: 100%
Submitted by: Submitted To:
Sagar Paudel Basanta Shrestha
NP000418 Module Leader
INSTRUCTIONS TO CANDIDATES:
1. Assignment is to be submitted through online submission (Moodle).
2. Students are advised to underpin their answers with the use of
references (cited using the Harvard Name System of Referencing).
3. Late submission will be awarded zero (0) unless Extenuating
Circumstances (EC) are upheld.
4. Cases of plagiarism will be penalized.
5. You must obtain 50% overall to pass this module.
Acknowledgement
First, we would like to express deep gratitude towards Asia Pacific University (APU)
for providing this wonderful opportunity to advance our knowledge Switching
technologies. This provided assignment helped us to understand the importance of
networking. We would like to thank our campus Lord Buddha Education Foundation
Campus (LBEF) for providing all the study material, course contents without which
we would not have been able to produce fine results in network configuration.
We would also like to express thank you to our Module leader and teacher Mr.
Basanta Shrestha who not only taught the Network Security but also for being the
guidance we need in solving the problems and further enhancing the knowledge. we
are also very grateful to the Dean of Lord Buddha Education Foundation (LBEF), Dr.
Sandeep Kautish for coaching and instructing us.
Finally, we would like to thank all the teachers from LBEF for being the guidance and
encouragement to bring out the best of all.
The different approach must be implemented in a proposal that analyzes and recommends how
the VLAN concept can be implemented in the company so that network throughput is not
discarded and data packets are not overburdened, and users within the similar VLAN can be
connected in dissimilar parts of the structure and still interact with one another. To come up with
an efficient network architecture and meet the company's aims, some further recommendations
are suggested.
Greater security
Private and public dangers are reduced when VLANs are used. Segregating customers inside the
department increases safety and confidentiality by guaranteeing that customers can only reach
the networks directly pertain to their priorities. Risks from the outside are reduced as well.
Whenever an intruder gains direct exposure to one of your VLANs, they'll be restricted to that
network due to the borders or safeguards you've implemented to distinct this from the rest of
your networks (summit360, 2022).
1
Lower costs
VLANs save cost expenses as offices systems on networks connect with one another via VLAN
switches and don't require gateway as it is mostly used for transmitting traffic outside the VLAN.
As switches possess limited functionality over routers, it allows the VLAN to handle a faster
information flow. It reduces the necessity for traffic to be routed across a router in order to
interrelate with networked devices, lowering entire system lag (n-able, 2019).
A network's typical operating involves broadcasts. Broadcast transmission is required for the
effective functioning of several implementations such as standard and protocol. A layer 2
switched network is in a single broadcast domain; hence broadcasts may attain system divisions
that's so far away that a specific broadcast seems to have minimal range, consuming maximum
throughput. A broadcast domain is segmented using a layer 3 device (usually a routers).
Company can minimize broadcast traffic by segmenting a big network into fewer VLANs, so
that each broadcast might only be delivered to the appropriate VLAN (omnisecu, 2022).
Virtual Local Area Networks effectively regulate network so company potential customers have
a richer outcome/ performance. Company networks will have minimal connection issues as well
as increased stability for mission-critical services. It further facilitates route prioritization faster,
permitting companies to ensure that vital data transmission continues to transmit although when
low-priority traffic such as surfing the web increases (summit360, 2022).
2
2 Network Plan/layout for the company
2.1 Floor Plan
2.1.1 Before Switched and VLAN network implementation
This is the CPLC company's floor plan before the switch and VLAN were deployed. To
interconnect the various departments of the CPLC building, several types of outlets, such as
single and duplex, were employed. Without even any additional devices, the workplace contains
roughly 15 PCs. However, because the organization is growing quicker than projected, a network
infrastructure architecture with VLAN implementation is required. As seen in the following
diagram, all offices are joined in a single broadcast domain, and the majority of traffic is used
improperly. Furthermore, the security mechanism is inadequate because all departments are free
to communicate with one another.
3
2.1.2 After Switched and VLAN network implementation
The figure below depicts how each level is designed and how VLAN is deployed so that the
networks is not overwhelmed with traffic and users of the same VLAN may be placed across the
facility. Furthermore, to prevent data traffic, the network should be split into multiple broadcast
zones. The new facility is expected to accommodate roughly 75 people across all sectors, with
one department per level.
Figure ii: Floor Plan after the implementation of Switched and VLAN
Following the deployment of switched and VLAN technologies, this is the floor layout of each
department of the CPLC building. Each system on the first level of the building, i.e., the
4
Business and Marketing Department, is linked to a switch and given a VLAN number of 10.
VLAN 11 is assigned to the second floor's "Telecommunications department," VLAN 12 to the
third floor's "Network Call Centre(NCC)," and VLAN 13 and 14 to the fourth "Network
Operation Department" and fifth "Marketing Department”. All department of each floor is finally
connected with the distribution switch alongside the server room. As all department is in
different VLAN so neither of them is able to communicate to neighboring devices.
2.2 A plan to segment the network into different broadcast domains to avoid
bandwidth consumption.
Broadcasts are propagated out all connections excluding the one on which they were acquired by
switches. Whenever a switch receives a broadcast, for instance, it can send it to all other switches
and clients attached to the system which led to consume more bandwidth to the system (ccna-
200-301, n.d.).
A network which connects different hosts is known as a big broadcast domain. A difficulty with
a big broadcast domain is that hosts can send out too many broadcasts, causing the networks to
suffer. For instance, a network design with 100 to 200 users on specific LANs might result in
excessive broadcast traffic. This causes slow network activities because to the large quantity of
traffic it can generate, as well as delayed computer processes so that each broadcast packet must
be accepted and processed by the computer (ccna-200-301, n.d.).
Subnetting is a strategy for segmenting a network into distinct broadcast domains in order to
reduce bandwidth usage and increase network performance. It moreover allows an operator to set
security restrictions like which subnets are authorized to speak with each other. Additional
advantage is that it decreases the number of devices which are compromised by anomalous
broadcast traffic caused by outages, hardware/software issues, or suspicious intention(ccna-200-
301, n.d.).
5
2.3 VLAN Membership Types
A virtual LAN (VLAN) is a broadcast domain that is operationally configured and conceptually
separated by business, group, or software to enhance quality by restricting connectivity to
workstations in a certain VLAN while blocking access to other VLANs(docstore.mik, n.d.).
Static VLANs, for example, can be set up in a variety of ways, such as giving ports one through
three to the telecommunications department VLAN and ports five through ten to the
administrative VLAN. As a result, devices associated with port three in the communications
department will belong to that department, and if a user tries to change port three to associate
with another department, the network operator must modify the VLAN's port. As a result, while
this method may be complex to apply in large networks, it is convenient and secure.
Fallback VLAN support is one of the characteristics of dynamic VLAN, which allows you to
easily assign connection ports to VLAN for workstations whose MAC addresses aren't kept on
the VMPS server. If some clients approach your organization, you can provide them limited
online surfing or browsing access, as well as restrict client access to web pages using a fallback
VLAN. Configuring dynamic VLAN has a number of significant drawbacks, one of which is that
6
it provides little security functionality. If a device needs to be in the same VLAN as another, the
linked device's port must be added to the VMPS server. If this does not occur, the port to which
the device is connected will be turned off(firewall, 2018).
Recommendation:
Both static and dynamic VLAN membership have advantages and disadvantages, and each has
its own set of rules. As a network consultant for CPLC, I suggested static VLAN for our
assessment because the CPLC is simply a five-story structure with each department on each
floor, making Static VLAN implementation easy. Furthermore, CPLC is a medium-sized
corporation with approximately 75 people divided across branches. As a result, choosing Static
VLAN over the other varieties will assist the organization in achieving its goal. Since any ports
can be allocated to a single VLAN, no additional VLANs can be linked to it which save the
declared and intended VLAN, it offers a secure environment. VLAN provides safe and secure
functionality. Furthermore, if a device from a specific VLAN, such as Network Call Center
(NCC), attempts to connect to a port or VLAN belonging to another department, such as
Business and Marketing, the port will be shut off as it is regarded inappropriate. Assigning Static
VLANs has the advantage of allowing users to control where they travel within a large network.
By allocating certain connection ports on switching devices throughout the firm network, the
network operator can govern connectivity and restrict network connections so that consumers
can use them.
7
3 Common issues in VLAN
3.1 Collison domain Issues
Layer two switches have collision domain in each switchport which means that collision occur
on one port has no impact on the others. Whenever individuals make numerous VLAN's and
assign connections to multiple VLAN's, the amount of collision domains in a VLAN is reduced.
For instance, if an users have all 48 ports in a VLAN, users will have 48 collision domains in a
single broadcast domain, and if an users allocate the ports to other VLAN, such as 24 ports, you
will reduce the amount of collision domains in a VLAN. A collision-less P2P connection is
possible when a system connection is made to a switchport and full-duplex mode is enabled.
Latency on such a route can happen for a variety of circumstances (cisco, 2007).
Traffic loops
Switching Inband Connectivity Overload
VLAN is overburdened or overcrowded
8
4 Importance of Spanning Tree Algorithm (STA) to solve issues in
VLAN
STP (Spanning Tree Protocol), which disables one of the links, was developed to break the loop
cycle. The purpose of the STP protocol is to prevent looping in networking devices. Basically,
STP uses the STA (Spanning Tree Algorithm) to discover multiple links and assure loop
avoidance. The STP algorithm takes on 802.1D IEEE methods and also is in charge of detecting
functional redundant paths in the network and disconnecting one of them, hence avoiding
network loops. For instance, if all of the channels in a networked system with three switches are
approved, data transmission will continue to flow from one switch to the next, and so on
(Antoniou, 2011).
Src: (https://www.pluralsight.com/content/dam/pluralsight/resources/blog/2007/11/switching-
and-stp/wp/img/spanning-tree-protocol.jpg)
Explanation:
The company CPLC networks required STA (Spanning Tree Algorithm) for resolving network
loops as well as resolve VLAN issues and eradicating loopholes in the corporate network system,
resulting in increased business effectiveness and efficiency and reduced cost times. Whenever
the company network loop advances, the network might not even be damaged, but it causes
problems for the network operator and the employees who must use the relevant data sent via the
networks. When the similar relevant data is sent to the similar port repeatedly, the corporation's
9
network throughput for that port may suffer. Aside from that, many LANs are hampered by a
huge quantity of data consumption, ensuing in inadequate throughput, so STP is utilized to
mitigate the delinquent. In cases where the network's connectivity is overdue, it may alter its
procedure to increase connection speeds. It provides a root bridge if certain paths are available to
ensure traffic is transferred efficiently. STP allows for more efficient interaction and gives a
backup option in case if the connectivity is interrupted (juniper, 2021).
Recommendation:
The 802.1D STP standard is a good choice for a CPLC company. It is one of the first standards
in the IEEE 802 series, which covers all forms of Ethernet and Wi-Fi configurations, as well as
contain range of additional protocols. Due to its longevity, it still works well, and STP is
available on all switch devices. It provides sub-second standardization in the event of a
connection loss, and also scale up to bigger network system and also have the possibility to have
alternative STP topologies and root bridges for distinct VLANs. As a result, it's a no-brainer to
implement them (Dooley, 2016).
10
5 VLAN Management
VLAN Management is largely used to deploy remote switch control utilizing protocols like
Syslog, SNMP, SSH, and telnet, as well as to establish IP connectivity to the switches. It
logically divides your switchports into subnets, preventing VLANs from communicating with
one another without the use of a router. As a result, the router/firewall serves as a gatekeeper,
allowing the organization to manage traffic within the network. The NAC and VLAN
management are frequently combined (omnisecu, 2022).
Some of the common feature provided by SolarWinds Network Performance Monitor are given
as: Supervising via SNMP, reveals developed distribution incoming traffic, assessment of
network packets with NetPath, create advanced network visualizations, make a heat map of your
Wi-Fi network and provide systems notifications and updates. The NetPath function lets users to
monitor traffic flows step by step, that can aid in more efficiently diagnosing the source of
throughput connectivity problems. It can simply transition from SNMP tracking to packet
inspection, giving users complete control over which configuration settings they examine.
Furthermore, it can substantially decrease disruptions and discover, analyze, and repair
multiple network connectivity problem quickly and cost - effectively(comparitech, 2022).
11
SolarWinds' network performance monitor offers sophisticated warnings that can help you
decrease the number of network insights you receive. It can send out warnings in response to
uncomplicated or complicated layered trigger events. Aside from that, it can swiftly identify
weak spots in the network and improve connectivity without jeopardizing the health and speed of
the network application services (comparitech, 2022).
Src: (http://koreabizwire.com/wp/wp-content/uploads/2015/10/NPM_Summary.jpg)
12
5.1.2 Datadog Network Monitoring
This Network Monitoring Software is primarily concerned with the status of all networking
devices and is based on Software-as-a-Service, which manages system bandwidth. It has the
ability to combine network management efforts for several locations as well as cloud platforms
(comparitech, 2022).
The following are a few of the features of Datadog Network Monitoring: Realtime networks
mapping and security related policy evaluation, machine learning-adjusted effectiveness criterion
warnings, and synchronization with SNMP and other datasets. The Datadog software's traffic
flow assessment option allows users to inspect each and every networking device and ports
connection to determine maximum output and consumption. Users may look at traffic quantities
from one network site to other and see what's going on each connection (comparitech, 2022).
Src: (https://imgix.datadoghq.com/img/blog/network-performance-monitoring/network-
performance-monitoring-service-2-new.png?auto=format&w=1140)
Recommendations
13
installation process is simple and takes only a few hours. SolarWinds can help with the smooth
operation of the system or network because the organization has several departments. Other
reason for its recommendation is a good network management tool was required by the Network
Operations Department in order to give a high-quality solution to the organization and its clients,
and SolarWinds Network Performance Monitor met that requirement. Furthermore, it simplifies
the management of network devices throughout the CLPC facility for network administrators.
Because the organization has its own network server and different employees work from home,
they need network connection to fulfill their responsibilities. As a result, having effective
network management solutions to control the company's network is vital (solarwinds, 2022).
Extended ACL
Extended ACL can be used to disrupt traffic from specified addresses or the entire network. Data
can be regulated using extended ACLs based on protocols like the IP, TCP, ICMP, and UDP
(itglobal, 2022).
Standard ACL
The standard ACL can only examine the source IP address of network packets. Standard ACL is
less efficient and resilient than extended ACL, but it uses less computer resources. Furthermore,
it employs the numbers 1-99 or 1300-1999 in order for the gateway to distinguish it as a standard
ACL with the supplied address as the source IP address (itglobal, 2022).
6.1 VLAN can be extended across the Wide Area Network (WAN).
VLANs can be extended in a variety of ways to allow them to be transferred across a Wide Area
Network (WAN). EoMPLS or Ethernet over Multi-Protocol Label Switching is one of the
approaches for the organization to extend VLAN over WAN.
Src: (https://dave.dev/images/blog/ME3750_11.png#center)
EoMPLS or Ethernet over Multi-Protocol Label Switching is a channeling method which acts as
handovers mechanism which transmit Layer 2 Ethernet packets via a MPLS link, permitting
Layer 2 switches to be associated despite the fact presence in multiple positions, which can be
further portraited in the Company CPLC Scenario. The Point-to-Point connection layer two
circuits are used by EoMPLS. EoMPLS can transmit data over VLANs, allowing traffic to be
delivered across many networks. It can transmit several VLANs to several endpoints or combine
and link layer 2 and layer 3 operations on a connection line utilizing dot1q encapsulation on sub-
15
interfaces. Even though, it can be used in many areas, but VLANs must be there in both
structures, though they are detached by a dedicated link. If two VLANs are linked together, such
as VLAN 15 in Cyberjaya and VLAN 25 in another location at Cyberjaya, Ethernet over Multi-
Protocol Label Switching will accept every packet which enters in the ports and transmit it to the
core, spitting it out the matched ports on another side. However, because of the complicated
connection among Layer 2 and 3, it can be challenging to operate although it is simple to setup.
It is complicated to debug and pushes the network's organized architecture out of
sync(WELCHER, 2019).
16
7 Network Design and Explanation
The network is made up of two buildings as indicated in the following figure. The new building
on the left side includes five levels with their own switches and devices. There are five distinct
departments in total in new building. Moreover, the two building is connected with WAN
connection. The department that handles server room is Network Operation, that houses a service
of the business’s server farms and programs. One of the most significant servers is the Network
Call Centre (NCC) server, which can only be accessed by NCC staff. Each floor has its own
access switch, that is then linked to the main core switch.
Explanation
In the new facility, five distinct VLANs have been deployed, each of which is segregated into
various levels. Rather than acquiring extra switches, this should cut bandwidth use and reap the
benefits of the core switch's facility to generate perfectly rational partition. While distinct
VLANs are not legalized to interact with 1 other, users in the similar VLAN can still interact
with the similar operations, although convinced VLANs are positioned on additional floors and
therefore are not connected to the access floor switch. The notion of InterVLAN routing,
essentially facilitates routing between distinct VLANs, is used to enable all VLANs to interact
with each other. A network device capable of routing must be provided when transmission across
multiple VLANs is necessary. Since network connection services are centered on departments
17
rather than actual switch locations, the usage of VLANs and the Trunk concept is adequate to
accomplish the network.
The notion of InterVLAN Routing may be applied to the circumstance, but only the same
departments are allowed to interact with one other, and applying it would enable every other
VLANs to share information. As a result, an access control list must be introduced to the VLAN
connection in order to gain supervision over network traffic across VLANs.
18
8 Conclusion
To summarize, the entire assessment was about creating documentation for analyzing,
evaluating, explaining, and recommending VLAN (Virtual Local Area Network) and also how to
enforce it in the Cyber Petronet Limited Company (CPLC) as a network consultant to reduce
bandwidth consumption as their company growth. Many subjects were addressed in the
evaluation, including the advantages of creating VLAN in the organization because it reduces
throughput, security guarantees, and static VLAN membership in the network has been
recommended since it has numerous advantages including access control and easiness of
configuration. Ultimately, available components and lectures were used to aid in the completion
of this task, and recommendation of network design for CPLC were taken.
19
References
Antoniou, S. (2011, September 28). How to Prevent Loops with STP: Spanning Tree Protocol.
Retrieved from pluralsight :
https://www.pluralsight.com/blog/software-development/spanning-tree-protocol-tutorial?
exp=1
cisco. (2007, November 16). Common Causes of Slow IntraVLAN and InterVLAN Connectivity
in Campus Switch Networks. Retrieved from cisco:
https://www.cisco.com/c/en/us/support/docs/lan-switching/virtual-lans-vlan-trunking-
protocol-vlans-vtp/23637-slow-int-vlan-connect.html
comparitech. (2022, January 17). 12 Best Network Monitoring Tools & Software of 2022.
Retrieved from comparitech: https://www.comparitech.com/net-admin/network-
monitoring-tools/
Dooley, K. (2016, October 4). 6 Common Spanning Tree Mistakes and How to Avoid Them.
Retrieved from auvik: https://www.auvik.com/franklyit/blog/spanning-tree-mistakes/
juniper. (2021, January 20). Spanning-Tree Protocol Overview. Retrieved from juniper:
https://www.juniper.net/documentation/us/en/software/junos/stp-l2/topics/topic-map/
spanning-tree-overview.html
20
n-able. (2019, July 8). How VLAN Works. Retrieved from n-able:
https://www.n-able.com/blog/what-are-vlans
omnisecu. (2022). Advantages of Virtual Local Area Network (VLAN). Retrieved from omnisecu:
https://www.omnisecu.com/cisco-certified-network-associate-ccna/advantages-of-
vlan.php
omnisecu. (2022). What is switch management VLAN and how to configure Management VLAN.
Retrieved from omnisecu: https://www.omnisecu.com/cisco-certified-network-associate-
ccna/what-is-management-vlan-and-how-to-configure-management-vlan.php
solarwinds. (2022). Leader in Network Management Software and Monitoring Tools. Retrieved
from solarwinds: https://www.solarwinds.com/network-management-software#
WELCHER, P. (2019, October 16). WORKING WITH EOMPLS. Retrieved from netcraftsmen:
https://netcraftsmen.com/working-with-eompls/
21