enterprise-network-multi-floor

Hierarchical, VLAN-segmented, and redundant enterprise network design for a 3-floor trading floor, including OSPF, DHCP, wireless access, and server integration using Cisco Packet Tracer.

TITLE SECTION

Project title: Enterprise Trading Floor Network Relocation & Redesign
Author: Thato Maputla
Date: 07 March 2026

OVERVIEW

The objective of this project was to design and implement a scalable, redundant, and secured network infrastructure for the new enterprise network to accommodate the relocation of a 500-user trading floor support center to a new three-level facility, with multiple departments per floor.

The design followed a hierarchical model with redundancy at every tier:

• Core Layer: Two routers connected to dual ISPs for internet resilience.
• Distribution Layer: Two multilayer switches providing inter-VLAN routing, OSPF dynamic routing, and redundant uplinks.
• Access Layer: 13 switches delivering departmental connectivity, VLAN segmentation, and port security.

Key features included:

• Subnetting & VLANs: Each department assigned a distinct subnet and VLAN for isolation and scalability.
• Redundancy: Dual routers, dual ISPs, and redundant switch uplinks ensured high availability.
• Wireless Access: Configured SSIDs per department, mapped to VLANs for secure mobility.
• Security: SSH access, encrypted passwords, banners, and port security for Finance VLAN.
• Core Services: DHCP, DNS, and HTTP servers in the server room with static IPs, DHCP helper addresses, and centralized management.
• Routing: OSPF configured across routers and multilayer switches for dynamic path selection and resilience.

OBJECTIVES

The aim and objectives of this project were to design and implement a secure, scalable, and redundant infrastructure solution for the company’s enterprise network to support the relocation of a 500-user trading floor support center into a new three-level facility. This had to be achieved while ensuring the infrastructure is available, segmented at the departmental level, wireless-enabled, and centralized. Key goals included:

1. Establishing a hierarchical network architecture with redundancy at the core, distribution, and access layers.
2. Providing dual ISP connectivity for internet resilience and business continuity.
3. Assigning dedicated VLANs and subnets for each department to enforce segmentation and improve traffic management.
4. Deploying wireless access across all departments, mapped to VLANs for secure mobility.
5. Configuring DHCP, DNS, and HTTP servers in the server room to deliver centralized services.
6. Implementing OSPF dynamic routing across routers and multilayer switches for efficient 7. path selection and redundancy.
7. Enforcing security measures such as SSH, password encryption, banners, and port security for sensitive departments.
8. Validating the design through end-to-end testing of inter-VLAN communication, DHCP/DNS functionality, and ISP failover.

NETWORK TOPOLOGY (Three-tier hierarchical design)

The network has a Hierarchical Extended Star Topology. There are two multilayer switches, which act as the distribution layer and provide connectivity to the access switches, which are allocated to different VLANs. The network has redundant connections to the router and the ISPs for high availability and fault tolerance.

Core Devices:

• 4 Cisco 2911 IRS G2 Routers
• 2 Cisco 3560-24PS Multilayer Switches
• 6 Cisco 2960-24TT IOS 15 Switches
  

NETWORK STRUCTURE

Floor	Departments	Expected Users
1st	Sales & Marketing, HR & Logistics	100 each
2nd	Finance & Accounts, Admin & HR	100 each
3rd	ICT, Server Room	120 users, 12 devices

VLAN CONFIGURATION

IP ADDRESSING

Base network: 192.168.10.0

First floor
Sales & Marketing: Network address = 192.168.10.0 ; subnet mask = 255.255.255.192/26 ; Host address range = 192.168.10.0 -> 192.168.10.62 ; broadcast address = 192.168.10.63
HR & Logistics : Network address = 192.168.10.64 ; subnet mask = 255.255.255.192/26 ; Host address range = 192.168.10.65 -> 192.168.10.126 ; broadcast address = 192.168.10.127

Second floor
Finance & Accounts: Network address = 192.168.10.128 ; subnet mask = 255.255.255.192/26 ; Host address range = 192.168.10.129 -> 192.168.10.190 ; broadcast address = 192.168.10.191
Admin & HR : Network address = 192.168.10.192 ; subnet mask = 255.255.255.192/26 ; Host address range = 192.168.10.193 -> 192.168.10.254 ; broadcast address = 192.168.10.255

Third floor
ICT: Network address = 192.168.11.0 ; subnet mask = 255.255.255.192/26 ; Host address range = 192.168.11.1 -> 192.168.11.62 ; broadcast address = 192.168.11.63
Server room : Network address = 192.168.12.192 ; subnet mask = 255.255.255.192/26 ; Host address range = 192.168.12.193 -> 192.168.12.254 ; broadcast address = 192.168.12.255

VLAN	Department	IP Subnet	Host Range	Default Gateway
10	Sales & Marketing	192.168.10.0/26	192.168.10.1–62	192.168.10.1
20	HR & Logistics	192.168.10.64/26	192.168.10.65–126	192.168.10.65
30	Finance & Accounts	192.168.10.128/26	192.168.10.129–190	192.168.10.129
40	Admin & HR	192.168.10.192/26	192.168.10.193–254	192.168.10.193
50	ICT	192.168.11.0/26	192.168.11.1–62	192.168.11.1
60	Server Room	192.168.12.192/26	192.168.12.193–254	192.168.12.193

DEVICE CONFIGURATIONS

Switch Configurations

• Hostnames and banners for each department.
• Console and VTY passwords, SSH enabled.
• VLAN assignment and access/trunk ports configured.
• Switchport security enabled on Finance VLAN.

///sanitized commands (CLI)
enable
config t 
hostname Sales-Marketing 
banner motd # Welcome to Sales Marketing # 

line console 0 
password cisco 
enable password cisco 
exit

config t 
service password-encryption 
ip domain name Putlas.com 
username admin password cisco 
crypto key generate rsa 
line vty 0 15 
logi local 
transport input ssh 
do wr

//////////////////////////////

enable 
config t 
hostname HR-Logistics 
banner motd # Welcome to HR & Logistics #

line console 0 
password cisco 
login 
exit 

line vty 0 15 
password cisco 
login 
exit  
service password-encryption 
ip domain name Putlas.com 
username admin password cisco 
crypto key generate rsa 
line vty 0 15 
login local 
transport input ssh 
exit 
do wr 

/////////////////////////////

enable 
config t 
hostname Finance-Accounts 
banner motd # Welcome to Finance & Accounts #

line console 0 
password cisco 
login 
exit

line vty 0 15 
password cisco 
login 
exit  
service password-encryption 
ip domain name Putlas.com 
username admin password cisco 
crypto key generate rsa 
line vty 0 15 
login local 
transport input ssh 
exit 
do wr

/////////////////////////////////

enable 
config t 
hostname Admin-HR 
banner motd # Welcome to Admin & HR #

line console 0 
password cisco 
login 
exit

line vty 0 15 
password cisco 
login 
exit  
service password-encryption 
ip domain name Putlas.com 
username admin password cisco 
crypto key generate rsa 
line vty 0 15 
login local 
transport input ssh 
exit 
do wr

///////////////////////////////////

enable 
config t 
hostname ICT 
banner motd # Welcome to ICT #

line console 0 
password cisco 
login 
exit 

line vty 0 15 
password cisco 
login 
exit  
service password-encryption 
ip domain name Putlas.com 
username admin password cisco 
crypto key generate rsa 
line vty 0 15 
login local 
transport input ssh  
exit 
do wr

//////////////////////////////////

enable 
config t 
hostname Server-room 
banner motd # Welcome to Server room #

line console 0  
password cisco 
login 
exit

line vty 0 15 
password cisco 
login 
exit  
service password-encryption 
ip domain name Putlas.com  
username admin password cisco 
crypto key generate rsa 
line vty 0 15  
login local 
transport input ssh 
exit 
do wr

/// Assigning VLAN 10 to the sales and marketing department 
enable 
config t 
vlan 10 
name Sales-Marketing 
exit 
int range fa0/3-24 
switchport mode access  
switchport access vlan 10 
exit 
// Assigning the switch->router interface port to trunks 
int range fa0/1-2 
switchport mode trunk  
do wr  

/// Assigning VLAN 20 to the HR and Logistics department 
enable 
config t 
vlan 20 
name HR-Logistics 
exit 
int range fa0/3-24 
switchport mode access  
switchport access vlan 20 
exit 
// Assigning the switch->router interface port to trunks 
int range fa0/1-2 
switchport mode trunk 
do wr

/// Assigning VLAN 30 to the Finance and Accounts department 
enable 
config t 
vlan 30 
name Finance-Accounts 
exit 
int range fa0/3-24 
switchport mode access  
switchport access vlan 30  
exit 
// Assigning the switch->router interface port to trunks 
int range fa0/1-2 
switchport mode trunk 
do wr

/// Assigning VLAN 40 to the Admin and HR department 
enable 
config t 
vlan 40 
name Admin-HR 
exit 
int range fa0/3-24 
switchport mode access  
switchport access vlan 40 
exit 
// Assigning the switch->router interface port to trunks 
int range fa0/1-2 
switchport mode trunk 
do wr  

/// Assigning VLAN 50 to the ICT department 
enable 
config t 
vlan 50 
name ICT 
exit 
int range fa0/3-24 
switchport mode access  
switchport access vlan 50 
exit 
// Assigning the switch->router interface port to trunks 
int range fa0/1-2 
switchport mode trunk 
do wr

/// Assigning VLAN 60 to the Server room department 
enable 
config t 
vlan 60 
name Server-room 
exit 
int range fa0/3-24 
switchport mode access  
switchport access vlan 60 
exit 
// Assigning the switch->router interface port to trunks 
int range fa0/1-2 
switchport mode trunk 
do wr  

/// Securing the finance department ports 
config  
int range fa0/3-24 
switchport port-security maximum 2 
switchport port-security mac-address sticky 
switchport port-security violation shutdown 
do wr

Multilayer switches

• Inter-VLAN routing enabled (ip routing).
• VLAN interfaces configured with IP addresses and ip helper-address for DHCP.
• OSPF configured for dynamic routing across VLANs.

////trunking 
enable 
config t 
int range gig1/0/2-7 
switchport mode trunk 
exit 
int gig1/0/1  
no switchport  
ip address 195.136.17.1 255.255.255.252 
do wr 

////inter-vlan routing 
enable 
config t 
vlan 10 
vlan 20 
vlan 30 
vlan 40 
vlan 50 
vlan 60

int vlan 10 
no sh 
ip address 192.168.10.1 255.255.255.192 
ip helper-address 192.168.12.196 
exit

int vlan 20 
no sh 
ip address 192.168.10.65 255.255.255.192 
ip helper-address 192.168.12.196 
exit

int vlan 30 
no sh 
ip address 192.168.10.129 255.255.255.192 
ip helper-address 192.168.12.196 
exit

int vlan 40 
no sh 
ip address 192.168.10.193 255.255.255.192 
ip helper-address 192.168.12.196 
exit

int vlan 50 
no sh 
ip address 192.168.11.1 255.255.255.192 
ip helper-address 192.168.12.196 
exit

int vlan 60 
no sh 
ip address 192.168.12.193 255.255.255.192 
exit

enable 
config t 
ip routing 
router ospf 10 
router-id 1.1.1.5 
net 195.136.17.0 0.0.0.3 area 0 
net 195.168.10.0 0.0.0.63 area 0 
net 195.168.10.64 0.0.0.63 area 0 
net 195.168.10.128 0.0.0.63 area 0 
net 195.168.10.192 0.0.0.63 area 0 
net 195.168.11.0 0.0.0.63 area 0 
net 195.168.12.192 0.0.0.63 area 0 
do wr

enable 
config t 
ip routing 
router ospf 10 
router-id 1.1.1.7 
net 195.136.17.4 0.0.0.3 area 0 
net 195.168.10.0 0.0.0.63 area 0 
net 195.168.10.64 0.0.0.63 area 0 
net 195.168.10.128 0.0.0.63 area 0 
net 195.168.10.192 0.0.0.63 area 0 
net 195.168.11.0 0.0.0.63 area 0 
net 195.168.12.192 0.0.0.63 area 0 
do wr

Router configuration

• Gigabit and serial interfaces configured with IP addresses.
• Connected to dual ISPs for redundancy.
• OSPF routing configured with appropriate networks and router IDs.

///ISP configuration 
enable 
config t 
int se0/3/0 
ip address 195.136.17.38 255.255.255.252 
no sh 
int se0/3/1 
ip address 195.136.17.41 255.255.255.252 
no sh 
enable 
config t 
int se0/3/1 
ip address 195.136.17.42 255.255.255.252 
no sh 
int se0/3/0 
ip address 195.136.17.10 255.255.255.252 
no sh

///OSPF configuration 
router ospf 10 
router-id 1.1.1.1 
net 195.136.17.0 0.0.0.3 area 0 
net 195.136.17.36 0.0.0.3 area 0 
net 195.136.17.20 0.0.0.3 area 0 
do wr 
router ospf 10 
router-id 1.1.1.1 
net 195.136.17.8 0.0.0.3 area 0 
net 195.136.17.4 0.0.0.3 area 0 
net 195.136.17.20 0.0.0.3 area 0 
do wr

////IPS-1 
router ospf 10 
router-id 1.1.1.3 
net 195.136.17.36 0.0.0.3 area 0 
net 195.136.17.40 0.0.0.3 area 0  
////IPS-2 
router ospf 10 
router-id 1.1.1.4 
net 195.136.17.8 0.0.0.3 area 0 
net 195.136.17.40 0.0.0.3 area 0

Server room configuration

• DHCP, DNS, and HTTP servers configured with static IP addresses.
• DHCP pools configured for each VLAN with default gateway and DNS.

////DHCP 
IPv4 = 192.168.12.196 
Subnet mask = 255.255.255.192 
Default gateway = 192.168.12.193

////DNS 
IPv4 = 192.168.12.197 
Subnet mask = 255.255.255.192 
Default gateway = 192.168.12.193

////HTTP 
IPv4 = 192.168.12.198 
Subnet mask = 255.255.255.192 
Default gateway = 192.168.12.193

////DHCP server configuration 
service -> on 
Pool name = serverPool1 
Default gateway = 192.168.10.1 
DNS server = 192.168.12.197 
Start IP address = 192.168.10.5 
(Add)

Pool name = serverPool2 
Default gateway = 192.168.10.65 
DNS server = 192.168.12.197 
Start IP address = 192.168.10.70 
(Add)

Pool name = serverPool3 
Default gateway = 192.168.10.129 
DNS server = 192.168.12.197 
Start IP address = 192.168.10.135 
(Add)

Pool name = serverPool4 
Default gateway = 192.168.10.193 
DNS server = 192.168.12.197 
Start IP address = 192.168.10.198 
(Add)

Pool name = serverPool5 
Default gateway = 192.168.11.1 
DNS server = 192.168.12.197 
Start IP address = 192.168.11.5 
(Add)

Pool Name	VLAN	Default Gateway	DNS Server	Start IP
serverPool1	10	192.168.10.1	192.168.12.197	192.168.10.5
serverPool2	20	192.168.10.65	192.168.12.197	192.168.10.70
serverPool3	30	192.168.10.129	192.168.12.197	192.168.10.135
serverPool4	40	192.168.10.193	192.168.12.197	192.168.10.198
serverPool5	50	192.168.11.1	192.168.12.197	192.168.11.5

TESTING

Test	Steps	Expected Result
VLAN Connectivity	Ping default gateway in each VLAN	Success
Inter-VLAN Routing	Ping across VLANs	Success
DHCP Assignment	Reconnect PCs, check IP	IP assigned from correct pool
DNS Resolution	Test hostname resolution	Correct IP returned
Wireless Access	Connect to departmental SSID	IP assigned, connectivity verified
Redundant ISP	Shutdown one ISP/router	Traffic continues via second ISP
Switch Security	Connect unauthorized device to Finance	Port shuts down, violation logged
Static IP Devices	Ping servers from VLAN PCs	Successful communication
OSPF Routing	show ip route on routers/switches	All VLANs present
Trunking	show interfaces trunk	VLANs 10–60 carried across trunks

(VLAN & IP Addressing)

1. Sales-Marketing VLAN 10, ping its default gateway = PASS
2. HR-Logistics VLAN 20, ping its default gateway = PASS
3. Finance-Accounts VLAN 30, ping its default gateway = PASS
4. Admin-HR VLAN 40, ping its default gateway = PASS
5. ICT VLAN 50, ping its default gateway = PASS
6. Server-room VLAN 60, ping its default gateway = PASS
   
   
   
   
   
   

(Inter-VLAN Routing)

1. Ping Sales-Marketing -> HR-Logistics = PASS
2. HR-Logistics -> Finance-Accounts = PASS
3. Finance-Accounts -> Admin-HR = PASS
4. Admin-HR -> ICT = PASS
5. ICT -> Server-room = PASS
6. Server-room -> Sales-Marketing = PASS
   
   
   
   
   
   
   
   

CONCLUSION

This network design ensures:

1. Redundancy: Dual routers, dual ISPs, multilayer switches.
2. Scalability: VLAN-based design allows future expansion.
3. Security: Switchport security on sensitive VLANs.
4. Mobility: Wireless network coverage for all departments.
5. Dynamic Services: DHCP and DNS are configured in the server room.

The network is fully functional, future-proof, and secure for a trading floor with 500 employees.

Skills demonstrated

• Hierarchical Network Design
• VLAN Design & Segmentation
• IP Subnetting & Addressing
• Inter-VLAN Routing
• Dynamic Routing with OSPF
• Redundancy & Failover
• Trunking & Port Configuration
• DHCP Configuration
• DNS & HTTP Services
• Static IP Assignment
• Switchport Security
• SSH Access & Password
• Wireless Access Points configuration
• Integration with VLANs