NNITS Network Infrastructure Project

1. Company Overview

Company Name: NNITS (Namibia National Institute of Technology Services)

Industry: Information Technology and Administration

Headquarters: Kavango East, Namibia

Branches: Kavango West, Zambezi, Ohangwena, Oshana, Omusati, Kunene, Oshikoto, Khomas

NNITS is a simulated organization representing a medium-scale enterprise providing technology services and administrative support across Namibia. The headquarters in Kavango East manages human resources, IT, and finance departments, while branch offices focus on administrative tasks and communicate with HQ for coordination and resource management.

All routers and switches, are secured using the password Mario@2025 to ensure proper access control.

2. Project Purpose

The purpose of this project was to create a realistic and fully functional network infrastructure that simulates the operation of a medium-sized organization. This project allows students to demonstrate their networking skills in a practical environment by configuring and managing routers, switches, and PCs within a simulated enterprise network. Specifically, the project focuses on:

• Planning and implementing efficient IP addressing schemes and subnetting for different network segments.
• Creating VLANs and configuring inter-VLAN routing to separate departments logically while allowing controlled communication.
• Using OSPF as a dynamic routing protocol to enable seamless communication between HQ and branch offices.
• Configuring DHCP servers to automatically assign IP addresses to devices, simplifying network administration.
• Applying network security features, including password encryption, login blocks, and banners to protect devices from unauthorized access.
• Documenting every step professionally to create a comprehensive project portfolio for academic or professional purposes.

3. Network Design Overview

The network topology consists of nine routers, one for each branch and one central HQ router. Each branch router connects to the HQ router using serial interfaces to simulate point-to-point WAN links. Each router also connects to a switch, which in turn connects to three PCs representing branch employees. The HQ router is connected to a more complex internal network, divided into three VLANs representing the HR, IT, and Finance departments. The VLANs ensure logical separation of departments while still allowing controlled communication between them through router subinterfaces using dot1Q encapsulation.

4. IP Addressing and Subnetting

All IP addresses in this network use private addressing according to RFC 1918. Each VLAN and branch subnet was carefully planned to provide sufficient IP addresses for all devices while minimizing waste:

• HQ VLANs (/28): VLAN 11 – HR: 10.0.11.0/28, VLAN 12 – IT: 10.0.12.0/28, VLAN 13 – Finance: 10.0.13.0/28. Each VLAN has 16 usable host addresses, with the first address reserved for the router gateway.
• Branch Subnets (/26–/27): Each branch has a dedicated subnet such as Khomas 10.0.20.0/26 or Zambezi 10.0.30.0/27, allowing for proper network separation and scalability.
• WAN Links (/30): Point-to-point connections between HQ and branch routers are assigned /30 subnets for efficient IP utilization.

Reserved IP addresses include the first IP in each subnet for the router interface (default gateway) and additional addresses can be allocated for static servers or devices if required.

5. VLAN Implementation at HQ

VLANs were configured at the HQ switch to logically separate the three main departments. Router subinterfaces were created for each VLAN using dot1Q encapsulation, enabling inter-VLAN routing. This allows PCs in HR, IT, and Finance to communicate securely while maintaining departmental isolation.

6. OSPF Configuration

OSPF (Open Shortest Path First) was configured on all routers to allow dynamic routing between HQ and all branches. The process ID 10 was used, and all routers were included in Area 0. OSPF enables the automatic exchange of routing information, ensuring that all branch PCs can communicate with HQ VLANs and that routing tables remain updated as network changes occur.

7. DHCP Configuration

DHCP servers were implemented on all routers to automate IP address allocation. The HQ router serves VLANs with /28 subnets, and branch routers serve their respective branch subnets (/26 or /27). The first IP address in each subnet is reserved as the default gateway. DNS servers were also configured to allow PCs to resolve domain names properly.

8. Security Mechanisms

• Enable Secret Password: enable secret Mario@2025 – encrypts privileged access passwords.
• Service Password Encryption: service password-encryption – ensures all plain-text passwords in configuration files are encrypted.
• Login Block: login block-for 60 attempts 3 within 30 – protects against brute-force login attempts.
• Banners: Legal warning banners were configured on all routers and switches for compliance and security awareness.

9. Switch Port Configuration

The HQ switch was configured with trunk ports connecting to the router to carry all VLANs. Access ports were assigned to VLANs 11 (HR), 12 (IT), and 13 (Finance), while branch switches had access ports for their connected PCs. This setup ensures that department traffic is properly segmented and routed through the HQ router.

10. WAN Connectivity

Each branch router connects to the HQ router using serial point-to-point links with /30 subnets. This design ensures efficient use of IP addresses while maintaining clear separation of WAN traffic. Branch devices can communicate with HQ VLANs, and vice versa, through OSPF dynamic routing.

11. Learning Outcomes

• Designed and implemented a realistic multi-branch network topology representing a medium-scale enterprise.
• Applied subnetting and IP address planning to allocate resources efficiently across LANs and WANs.
• Configured VLANs and inter-VLAN routing to separate department traffic while allowing secure communication.
• Implemented OSPF to ensure dynamic routing and maintain connectivity across all branches.
• Configured DHCP servers to automate IP address management for both HQ VLANs and branch networks.
• Applied network security mechanisms such as password encryption, login block, and legal banners to protect the network.
• Enhanced professional documentation and reporting skills by detailing configurations and design decisions.

12. Project Summary

This project demonstrates a fully functional enterprise network using Cisco Packet Tracer, integrating IP planning, VLAN segmentation, DHCP management, OSPF dynamic routing, and multiple security mechanisms. It illustrates how a central HQ can manage multiple branches, maintain network efficiency, and