Skip to content
/ Bugs_network Public

Cisco Packet Tracer group project documenting a multi‑floor office network. Short description: Topology, VLAN/subnet design, DHCP/DNS, RIP/OSPF routing, ACLs and NAT/DMZ configurations with Packet Tracer lab files and diagrams.

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kxngHADES/Bugs_network

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
images
images
 
 
Final Product.pkt
Final Product.pkt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Bugs Network

License Version Status

Author

Project summary

A concise documentation of the "Bugs network" topology and configuration for a multi-floor office environment. This README explains the topology, VLAN and subnet allocations, DHCP/DNS setup, routing (RIP/OSPF), ACLs, NAT/DMZ considerations, and contains references used during the lab and deployment.

Authors

  • Ndaedzo MudauGitHub LinkedIn

  • Mandihlume Lesedi BakubakiGitHub LinkedIn

License

This project is licensed under CC-BY-NC 4.0. See the LICENSE file for details.

Table of contents

Topology

topology

Floor 1 — DEV / PO / Servers

The floor uses a hybrid topology (star for departmental segments, mesh for inter-switch links) with VLAN segmentation to isolate traffic and provide redundancy. Switches interconnect via a mesh and VLANs control broadcast domains and gateways.

Development Team (VLAN 10)

  • Network: 192.168.1.0/29 (255.255.255.248)
  • Router (R1): 192.168.1.1
  • DHCP: 192.168.1.2 (pool start: 192.168.1.3)
  • DNS: 10.0.0.3
  • Hosts: 3 end-users
  • Notes: DHCP and router addresses are static

Quick tests / diagnostics

  • PDU test image: PDU-DEV-CHECH
  • Broadcast ping image: dev_broadcast

Product Owners (VLAN 20)

  • Network: 192.168.1.8/29 (255.255.255.248)
  • Router (R2): 192.168.1.9
  • DHCP: 192.168.1.10 (pool start: 192.168.1.11)
  • DNS: 10.0.0.3
  • Hosts: 3 end-users

Diagnostics and connectivity

  • PO PDU: PO PDU
  • PO broadcast test: po broadcast
  • PO → DEV PDU: po to dev pdu

Servers on Floor 1 (VLAN 30)

  • Network: 10.0.0.0/28 (255.255.255.240)
  • R1: 10.0.0.1
  • R2: 10.0.0.2
  • DNS: 10.0.0.3
  • Prod web server: 10.0.0.4
  • Routing: RIP v2 is configured between R1 and R2 for 192.168.1.0 and 10.0.0.0 networks

Connectivity verification

  • Floor 1 servers reachability: s1

Floor 2 — Shared router, Tester, UX

Floor 2 uses a star topology with a shared router providing DHCP for VLANs via sub-interfaces (e.g. Fa1/0.40, Fa1/0.50).

Devices:

  • Switch
  • 4 end users (2 Tester, 2 UX)
  • Shared router (ROAS) configured as DHCP server for VLANs 40 and 50

Tester (VLAN 40)

  • Network: 192.168.1.16/29
  • Router: 192.168.1.17
  • Sub-interface example: Fa1/0.40

UX (VLAN 50)

  • Network: 192.168.1.24/29
  • Router: 192.168.1.25
  • Sub-interface example: Fa1/0.50

Images

  • Router DHCP screenshot: router dhcp
  • Router interfaces screenshot: router int

ACLs (floor 2)

  • Deny traffic from Tester VLAN → UX VLAN
  • Deny traffic from UX VLAN → Tester VLAN
  • Allow all other traffic
  • Apply extended ACL (e.g. ACL 100) on incoming interface as required

Floor 3 — DMZ / Staging / Firewall

Floor 3 operates as a DMZ behind a firewall (outside / DMZ / inside contexts). The staging web server was moved to a dedicated address space to simplify firewall/NAT configuration.

SSH / Access notes (current)

SSH
username: Bradley
password: asg
aaa authentication ssh console LOCAL
crypto key generate rsa modulus 1024
ssh 172.16.3.3 255.255.255.255 outside

Staging and DMZ

  • Staging server initially used 192.168.1.32/30 but was moved to 10.0.10.0/24
  • Firewall gateway: 10.0.10.1
  • Static NAT is used to present a public IP to the staging host
  • Firewall rules restrict traffic into DMZ: only allow HTTP (80) and HTTPS (443) from authorized external IPs and specific internal subnets (e.g., development)

Operational commands & verification

  • Use show xlate to inspect NAT translations
  • Use no forward-port interface (or equivalent firewall command) to prevent lateral movement from internal VLANs into the DMZ
  • Regular monitoring (e.g., Wireshark) is recommended for audits and troubleshooting

Routing

Inter-router links and point-to-point segments:

  • Dev ↔ PO: 192.168.1.44/30 (Dev: .45, PO: .46)
  • Dev ↔ Shared: 192.168.1.48/30 (Dev: .49, Shared: .50)
  • Shared ↔ PO: 192.168.1.52/30 (PO: .53, Shared: .54)

Routing protocols and redistribution

  • R1 ↔ R2: RIP v2 for the 192.168.1.0 and 10.0.0.0 networks
  • R3 (Shared): OSPF used; redistribution with RIP configured to ensure full reachability
  • Path preferences tuned by OSPF cost and static floating routes as failover

Example floating static routes

  • ip route 192.168.1.44 255.255.255.252 192.168.1.49 200
  • ip route 192.168.1.52 255.255.255.252 192.168.1.54 200

Notes on convergence and design

  • RIP: slower convergence (periodic updates), hop-count metric, limited to 15 hops
  • OSPF: faster convergence with LSAs, uses cost metric
  • When redistributing, carefully control route maps/filters and metric translation to avoid loops and bloat

Best practices suggested

  • Use route filtering/route-maps when redistributing between protocols
  • Monitor routing tables and path selection for anomalies
  • Implement periodic audits and monitoring on firewall and NAT translations

References

About

Cisco Packet Tracer group project documenting a multi‑floor office network. Short description: Topology, VLAN/subnet design, DHCP/DNS, RIP/OSPF routing, ACLs and NAT/DMZ configurations with Packet Tracer lab files and diagrams.

Topics

networking firewall nat rip routing ipv4 acl ospf ssh-tunnel network-engineering subnetting cisco-packet-tracer dmz vpn-tunnelling

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository