Computer-Networks – LAB

CSE3003
ASSIGNMENT-11
Priyansh Sachidanand Singh
21BCE7306
Date: - 10-08-2023
Prof. :- Y Mohamed Sirajudeen(L43+L44)
Configuring networks in CPT
Q) A small hospital requires a network infrastructure that
supports critical healthcare systems and provides secure
access to patient records. Design and configure a network
using Cisco switches, routers, and a firewall to ensuredata
confidentiality, integrity, and availability. Implement VLANs,
access control lists, and a DMZ for hosting public-facing
services.
=>
In this project, the goal is to design and configure a secure
network infrastructure tailored to the needs of a small
hospital. The project encompasses the use of Cisco switches,
routers, and a firewall to create a network that supports
critical healthcare systems while ensuring the confidentiality,
integrity, and availability of patient records. The network
design involves the implementation of VLANs, access control
lists (ACLs), and a Demilitarized Zone (DMZ) for public-facing
services.
The project's focus is on achieving data security and
operational efficiency. VLANs are used to segregate network
traffic, ensuring different departments operate within their
own secure segments. ACLs are implemented to control
access and permit only essential services to critical devices,
preventing unauthorized access and potential threats. The
DMZ provides a secure environment for hosting public
services while isolating them from internal systems.
This project aims to strike a balance between data security
and seamless communication. The network design supports
healthcare professionals in their daily tasks, while the
security measures implemented safeguard sensitive patient
data. The meticulous integration of networking components
and security features demonstrates the hospital's
commitment to delivering quality healthcare services while
upholding the highest standards of data protection.
The proposed network design is not only technologically
advanced but also aligned with industry best practices. By the
project's conclusion, a comprehensive network infrastructure
will have been established, reflecting the hospital's
dedication to providing top-tier healthcare services in a
secure digital environment.
Setup:-
Network Topology: Our network design comprises multiple
interconnected components, each serving a specific purpose
while maintaining data security.
It contains Doctors office , Reception Area, Ward Area, Guest
user Area,Main area.

Doctor's Office:
Switch: Connected to the Server, Laptop, PC, and Access
Point (PT AC) for Wi-Fi.
Access Point (PT AC): Provides Wi-Fi access to devices in the
Doctor's office.
Outside the Doctor's Office:
Access Point (PT AC): Connected to 3 guest users'
smartphones and tablets.
Main Reception Area:
Reception Area Switch: Connected to a printer, billing
counter, enquiry desk, and entrance in Area 1.
Printer, Billing Counter, Enquiry Desk: Devices in the
Reception area.

Ward Area:
General Ward Switch: Connected to PCs "Ward1 pc," "ward2
pc," test room PC, and lab report PC in Area 2.
Private Ward Switch: Connected to PC "ward 3," test room 1
PC, vaccination room PC, and lab report room PC in Area 2.
Interconnections:
Doctor's Office Switch is connected to the "Main Server
Router."
Reception Area Switch is connected to the "Reception Area
Router."
General Ward and Private Ward Switches are connected to
the "Ward Area Router."
All three routers (Main Server Router, Reception Area
Router, and Ward Area Router) are interconnected.
Basic Configurations:
-Dr. Office Configuration
Switch Configuration:
Access the switch's configuration mode:
Switch> enable
Switch# configure terminal

Create VLAN for the Doctor's Office:

Switch(config)# vlan
Switch(config-vlan)# name Doctor_Office
Switch(config-vlan)# exit

Assign ports to VLAN :

Switch(config)# interface range fastEthernet0/1 - 3
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan
Switch(config-if-range)# exit

Router Configuration:
Access the router's configuration mode:
Router> enable
Router# configure terminal

Configure the interface connected to the Doctor's Office

VLAN:
Router(config)# interface FastEthernet0/0
Router(config-if)# ip address 40.1.1.1 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit
Create an access control list (ACL) for the Doctor's Office
VLAN:
Router(config)# access-list 100 permit ip 40.1.1.0 0.0.0.255 any
Router(config)# access-list 100 deny ip any any
Router(config)# exit

Apply the ACL to the interface connected to the Doctor's

Office VLAN:
Router(config)# interface FastEthernet0/0
Router(config-if)# ip access-group 100 in
Router(config-if)# exit

Server Configuration:
Access the Server's configuration mode:
Server> enable
Server# configure terminal

Configure the Server's IP address and subnet mask:

Server(config)# interface FastEthernet0
Server(config-if)# ip address 40.1.1.2 255.255.255.0
Server(config-if)# no shutdown
Server(config-if)# exit

Exit configuration mode:

Server(config)# exit

Laptop Configuration:
Access the Laptop's configuration mode:
Laptop> enable
Laptop# configure terminal

Configure the Laptop's IP address and subnet mask:

Laptop(config)# interface FastEthernet0
Laptop(config-if)# ip address 40.1.1.3 255.255.255.0
Laptop(config-if)# no shutdown
Laptop(config-if)# exit

Exit configuration mode:

Laptop(config)# exit

PC Configuration:
Access the PC's configuration mode:

PC> enable
PC# configure terminal

Configure the PC's IP address and subnet mask:

PC(config)# interface FastEthernet0
PC(config-if)# ip address 40.1.1.4 255.255.255.0
PC(config-if)# no shutdown
PC(config-if)# exit

Exit configuration mode:

PC(config)# exit

Access Point Configuration:

Access the Access Point's configuration mode:
AccessPoint> enable
AccessPoint# configure terminal

Configure the Access Point's IP address and subnet mask:

AccessPoint(config)# interface FastEthernet0
AccessPoint(config-if)# ip address 40.1.1.5 255.255.255.0
AccessPoint(config-if)# no shutdown
AccessPoint(config-if)# exit

Exit configuration mode:

AccessPoint(config)# exit

Reception Area Configuration-

Switch Configuration:
Access the switch's configuration mode:
Switch> enable
Switch# configure terminal

Create VLAN for the Main Reception Area:

Switch(config)# vlan
Switch(config-vlan)# name Main_Reception_Area
Switch(config-vlan)# exit

Assign ports to VLAN :

Switch(config)#interfacerangefastEthernet0/10-12
Switch(config-if-range)#switchportmodeaccess
Switch(config-if-range)#switchportaccessvlan
Switch(config-if-range)# exit

Router Configuration:
Access the router's configuration mode:
Router> enable
Router# configure terminal

Configure the interface connected to the Main Reception

Area VLAN:
Router(config)#interface-FastEthernet0/1
Router(config-if)# ip address 40.1.2.1 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit

Create an access control list (ACL) for the Main Reception

Area VLAN:
Router(config)# access-list 110 permit ip 40.1.2.0 0.0.0.255
any
Router(config)# access-list 110 deny ip any any
Router(config)# exit

Apply the ACL to the interface connected to the Main

Reception Area VLAN:
Router(config)# interface FastEthernet0/1
Router(config-if)# ip access-group 110 in
Router(config-if)# exit

Printer Configuration:
Access the Printer's configuration mode:
Printer> enable
Printer# configure terminal

Configure the Printer's IP address and subnet mask:

Printer(config)# interface FastEthernet0
Printer(config-if)# ip address 40.1.2.2 255.255.255.0
Printer(config-if)# no shutdown
Printer(config-if)# exit

Exit configuration mode:

Printer(config)# exit

Billing Counter Configuration:

Access the Billing Counter's configuration mode:
BillingCounter> enable
BillingCounter# configure terminal

Configure the Billing Counter's IP address and subnet mask:

BillingCounter(config)# interface FastEthernet0
BillingCounter(config-if)# ip address 40.1.2.3 255.255.255.0
BillingCounter(config-if)# no shutdown
BillingCounter(config-if)# exit

Exit configuration mode:

BillingCounter(config)# exit
Enquiry Desk Configuration:
Access the Enquiry Desk's configuration mode:
EnquiryDesk> enable
EnquiryDesk# configure terminal

Configure the Enquiry Desk's IP address and subnet mask:

Enquiry Desk(config)# interface FastEthernet0
EnquiryDesk(config-if)# Ip address 40.1.2.4 255.255.255.0
EnquiryDesk(config-if)# no shutdown
EnquiryDesk(config-if)# exit

Exit configuration mode:

Enquiry Desk(config)# exit

General Ward Area Configuration

Switch Configuration:
Access the switch's configuration mode:
Switch> enable
Switch# configure terminal

Create VLAN for the General Ward Area:

Switch(config)# vlan
Switch(config-vlan)# name Ward_General
Switch(config-vlan)# exit
Assign ports to VLAN :
Switch(config)# interface range fastEthernet0/13 - 15
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 50
Switch(config-if-range)# exit

Router Configuration:
Access the router's configuration mode:
Router> enable
Router# configure terminal

Configure the interface connected to the General Ward

Area VLAN:
Router(config)# interface FastEthernet0/2
Router(config-if)# Ip address 40.1.3.1 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit

Create an access control list (ACL) for the General Ward

Area VLAN:
Router(config)# access-list 120 permit Ip 40.1.3.0 0.0.0.255
any
Router(config)# access-list 120 deny Ip any any
Router(config)# exit

Apply the ACL to the interface connected to the General

Ward Area VLAN:
Router(config)# interface FastEthernet0/2
Router(config-if)# Ip access-group 120 in
Router(config-if)# exit

Private Ward Area Configuration

Switch Configuration:
Access the switch's configuration mode:
Switch> enable
Switch# configure terminal

Create VLAN for the Private Ward Area:

Switch(config)# vlan
Switch(config-vlan)# name Ward_Private
Switch(config-vlan)# exit

Assign ports to VLAN :

Switch(config)# interface range fastEthernet0/16 - 18
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 60
Switch(config-if-range)# exit

Router Configuration:
Access the router's configuration mode:
Router> enable
Router# configure terminal
Configure the interface connected to the Private Ward Area
VLAN:
Router(config)# interface FastEthernet0/3
Router(config-if)# Ip address 40.1.4.1 255.255.255.0
Router(config-if)# no shutdown
Router(config-if)# exit

Create an access control list (ACL) for the Private Ward Area
VLAN:
Router(config)# access-list 130 permit Ip 40.1.4.0 0.0.0.255
any
Router(config)# access-list 130 deny Ip any any
Router(config)# exit

Apply the ACL to the interface connected to the Private

Ward Area VLAN:
Router(config)# interface FastEthernet0/3
Router(config-if)# Ip access-group 130 in
Router(config-if)# exit

DMZ Configuration
The DMZ setup for public-facing services can be extended to
include devices in the Main Reception Area or the Ward Area,
depending on the specific services that need to be exposed
to the public.
Access each switch's configuration mode:
Switch# configure terminal

Create a VLAN for the DMZ and assign a name:

Switch(config)# vlan
Switch(config-vlan)# name DMZ
Switch(config-vlan)# exit

Assign switch ports to the DMZ VLAN:

Switch(config)# interface range fastEthernet0/7 - 9
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan
Switch(config-if-range)# exit

Similarly if needed repeat above steps for other devices and

areas if needed.

Network Setup Summary and Conclusion

In this network setup, we have designed and configured a
comprehensive healthcare facility network using Cisco Packet
Tracer. The network is segmented into several areas,
including the Doctor's Office, Main Reception Area, General
Ward, and Private Ward. Each area is designed to provide
secure and efficient communication while maintaining data
confidentiality, integrity, and availability. The network design
incorporates VLANs, access control lists (ACLs), and a
Demilitarized Zone (DMZ) for hosting public-facing services.
Let's summarize the key points of the network and conclude
its significance.

Network Summary:

1. Doctor's Office:
- Devices: Server, Laptop, PC, Access Point
- VLAN: VLAN 10
- Subnet: 40.1.1.0/24

2. Main Reception Area:

- Devices: Printer, Billing Counter, Enquiry Desk
- VLAN: VLAN 40
- Subnet: 40.1.2.0/24

3. General Ward:
- Devices: "W1 pc," "w2 pc," Test Room PC, Lab Report PC
- VLAN: VLAN 50
- Subnet: 40.1.3.0/24

4. Private Ward:
- Devices: "ward 3" PC, Test Room1 PC, Vaccination Room
PC, Lab Report Room PC
- VLAN: VLAN 60
 - Subnet: 40.1.4.0/24

5. Interconnections:
- Routers connect different areas, facilitating communication
using static routes.

6. Security Measures:
- ACLs on routers control traffic flow between VLANs,
enhancing security.
- DMZ setup isolates public-facing services (e.g., a web
server) from internal network devices.

Network Conclusion:
The healthcare facility network's design prioritizes both
functionality and security. The careful segmentation of areas
into VLANs ensures efficient communication while
maintaining isolation and reducing the attack surface. The
implementation of access control lists (ACLs) adds an
additional layer of security by regulating traffic between
areas. The Demilitarized Zone (DMZ) effectively isolates
public-facing services, such as the web server, safeguarding
internal resources from potential threats originating from the
public internet.
This network design reflects best practices for network
security and segregation, particularly within sensitive
environments such as healthcare facilities. It provides
healthcare professionals with the tools needed for efficient
patient care while safeguarding patient data and critical
infrastructure.
As with any network design, it's essential to continuously
monitor and update security measures to adapt to evolving
threats and technological advancements. By implementing
these strategies, the healthcare facility can maintain a
secure, efficient, and responsive network environment that
meets the needs of patients and medical staff alike.