To create a CCNA based Master Topology with IT services that any small to medium organization would need for its operations like Internet Access, Storage, Hosting and Network Services servers.

To develop the ability to apply theoretical concepts in practical scenarios by designing a master topology and effectively troubleshooting challenges encountered in an enterprise environment.

To showcase professional documentation that highlights the Network Design, Implementation, Troubleshooting, and Documentation competencies I have developed throughout my CCNA training.

• Internet access for all users in Enterprise.
• Centralized storage for sharing files.
• Segmented access per department.
• Inter-branch connectivity and services.

• Routing and switching as per design.
• DHCP–DNS for host provisioning.
• Local NTP, Syslog, and FTP services.
• Shared storage and internal hosting.

• Limit internal exposure to Internet.
• Enforce controlled user access.
• Maintain backups and logs for recovery.
• Secure centralized admin access.

I completed my B.Arch in 2023 and worked for two years in the AEC industry. Exploring different roles helped me understand that a technical career suited me better, and among IT domains, Networking emerged as the most engaging path for me.

I began with online learning to build my basics, then moved into structured training at Network Bulls, Gurgaon. Hands-on practice with Cisco equipment and simulations has significantly strengthened my understanding and confidence.

Since then, I have completed my CCNA training and am developing this project to showcase my skills. I am currently pursuing CCNP Enterprise training while expanding my lab portfolio and preparing for opportunities to start my IT career.

Topology Overview

▼Click to see Details

• Multi-site enterprise network with Central Site, Branch Offices, Private WAN, and a Web Services Zone.
• Central Site hosts Core, Distribution and Access layer design, and Enterprise Services with some services in other Branches.
• Private WAN provides connectivity between all branches and their access to the Internet.
• A central IT-Manager terminal provides control and secure management.

Unique Features

▼Click to see Details

• This lab is fully integrated with Linux server infrastructure for various services.
• I can take backup for all devices and servers configuration to my PC/Lab host through FTP.
• This portfolio website is hosted on my lab's internal web server reachable over the Internet whenever my PC and Lab is active.
• The Linux servers are reachable via Internal web brower and any PC in the lab can browse the Internet.

Layer 2 – Switching Features

▼VLAN & Subnetting

• Central Site: VLAN10 (10.1.1.0/24) Users, VLAN20 (20.1.1.0/24) Servers & Privileged Users.
• Branch 1: VLAN30 (30.1.1.0/24) Server, VLAN40 (40.1.1.0/24) Users.
• Branch 2: VLAN50 (50.1.1.0/24) Users, VLAN60 (60.1.1.0/24) Users.
• Branch 3: VLAN80 (80.1.1.0/24) Remote Users.
• Web Zone: VLAN70 (70.1.1.0/24) Developers & Web Server.
• Management VLAN100: Central (100.1.1.224/27), Branch 1 (100.1.1.192/27), Branch 2 (100.1.1.160/27).
• Router access via Loopback 0 with 126.126._._/32 addresses.

▼Trunking, EtherChannel & STP

• 802.1Q trunking configured on all switch uplinks and EtherChannel.
• CS-DS-1 and CS-DS-2 use 4-port EtherChannel (Po1) between them to increase bandwidth and provide distribution layer redundancy.
• CS-DS-1 is Root Bridge for VLAN10 & VLAN100; CS-DS-2 for VLAN20. This ensures load distribution through VLAN design.

▼STP Protection

• Loop Guard enabled on trunk uplinks and Port-Channel links.
• Root Guard on Distribution Switch prevents rogue root bridges.
• BPDU Guard enabled on all access ports.
• PortFast configured on access ports for fast convergence.

▼Port Security

• Sticky MAC learning with 2 MAC address limit on user ports with violation mode restrict and single MAC on server ports with violation mode shutdown.

Layer 3 – Routing Features

▼OSPF Multi-Area Design

• ISP-PoPs form Backbone Area 0.
• Central Site Core (CS-1, CS-2) operates in Area 1.
• Branch 1: Area 2, Branch 2: Area 3, Web Zone: Area 4, Branch 3: Area 5.
• Internet connection via Area 6.

▼OSPF Virtual-Link

• Virtual-Link between RS-WAN-Edge (126.126.131.1) and ISP-PoP1 (126.126.126.1) extends Area 0 reachability.
• RS-WAN-Edge provides remote user access via virtual-link due to port limitations and maintains network domain separation.

▼HSRP Default Gateways

• HSRP configured on VLAN sub-interfaces at CS-1 and CS-2.
• VLAN10: 10.1.1.1 (CS-1 primary, CS-2 backup).
• VLAN20: 20.1.1.1 (CS-2 primary, CS-1 backup).
• VLAN100: 100.1.1.225 (CS-1 primary, CS-2 backup).
• Interface tracking: CS-1 tracks G0/2, CS-2 tracks G0/3; priority reduction enables automatic failover and preemption.

▼Inter-VLAN & WAN Routing

• Inter-VLAN routing is enabled via sub-interfaces on each Branch router.
• Branch routers advertise local VLANs into OSPF.
• ISP core routers propagate routes between sites.
• ISP-Internet propagates default route into the internal network and directs traffic to Internet via default gateway of the network my PC is on.
• PAT on ISP-Internet with port forwarding for HTTP and FTP to internal servers.

Network Services

▼DHCP Server

• Full DHCP scopes for VLANs: 10, 20, 30, 40, 50, 60, 70, 80, 100.
• Uses Dynamic DNS updates with TSIG key.
• Along with IP address and default gateway, it also binds and updates DNS records for local domain named lab.lan and provides NTP server's IP for time syncing in the Network.
• Maintains leases for all the devices in different subnets with hostname appended with domain name.
• Enabled via ISC DHCP Server daemon (dhcpd) on AlmaLinux.

▼DNS Server

• Authoritative for lab.lan forward zone and all reverse zones for subnets in the network.
• Hosts local domain name records for every router, switch, server and PC.
• Forwards DNS queries not found in local files to 8.8.8.8 & 8.8.4.4 (Google DNS Servers) and maintains local records for external resolved domains as well.
• Maintains dynamic IP address mapping to domain names for all the devices in different subnets in the internal network.
• For devices which do not get IP address via DHCP, static entries have been entered in the configurations files to resolve their hostname in the local domain.
• Enabled via BIND9 daemon (named) on AlmaLinux.

▼NTP Server

• Serves time to all enterprise networks by syncing itself to reliable sources.
• Set to Stratum 10 for internal stability.
• Uses public pool (0.pool, 1.pool) as upstream.
• Enabled via Chrony daemon (chronyd) on AlmaLinux.

Application/Data Services

▼SysLog & FTP Server

• SysLog collects system logs from all devices with Hostname and IP Address, enabling network monitoring, better incidence response.
• FTP server keeps backup for IOS configurations and transfers files between devices, helping to maintain configuration records and revert back to last working state in case of misconfiguration, device failure or system error.
• FTP service enabled via vsftpd daemon on AlmaLinux.
• SysLog service enabled via rsyslog daemon on AlmaLinux.

▼Storage Server

• It acts as the enterprise file storage system. Provides shared directories for internal users and IT operations.
• Two network drives have been created named General for all users and Management for IT/management staff.
• Management can access both drives while users are restricted to General drive only.
• Enabled via SAMBA daemon (smbd) on AlmaLinux.

▼Web Server

• Hosts the enterprise website and its related documentation.
• This portfolio website is hosted on my internal web server and becomes publicly accessible whenever my lab is online.
• For consistent access, I have uploaded this portfolio website on GitHub also.
• Ngrok service creates a secure public URL that forwards incoming HTTP traffic to my PC, which then passes it to my Lab’s NAT router. The NAT router performs PAT and forwards the request to the internal web server on port 80.
• Enabled via Apache Web Server daemon (httpd) on AlmaLinux and own website.

Zone-Wise Summary

▼Central Site

• Central site with max users and hosts core enterprise services including DHCP, DNS, NTP, and Storage servers.

▼Branch 1

• Provides access for VLAN30/40, and hosts infrastructure services like Syslog and FTP for the entire enterprise.

▼Branch 2

• Enables user access for VLAN50/60, extending enterprise reach to remote site.

▼Branch 3

• Supports isolated remote users through OSPF Virtual link.

▼Web Server Zone

• Hosts the enterprise’s public-facing web service in a segregated network for security and controlled access.

▼ISP Core (Simulated Provider)

• Serves as the backbone linking all sites & Internet access.

Security & Management

▼Access Control & Security

• ACL “Access” applied on VTY lines on all devices restricts management access via Telnet/SSH to 100.1.1.251 (IT Manager Terminal) and 126.126.130.1 (CS-E Router) only.
• BPDU, Root and Loop Guard prevent loops and rogue devices to initiate changes in the topology
• Sticky MAC prevents unauthorized devices to join the network with MAC limit per port depending on port role.
• PAT enabled on the ISP-Internet router isolates the private Internal network to public/outside network.
• Servers are only accessible via IT Manager Terminal and other servers through SSH or Web Browser to access its GUI.
• Ports not in use are administratively shutdown on all devices.

▼Monitoring & Backup

• Centralized Syslog and NTP synchronization via dedicated servers provides Monitoring capability.
• Configuration backup are maintained on FTP server to facilitate fast recovery.

Dynamic Host Configuration Protocol: Assigns IP addresses, subnet masks, default gateways, and DNS servers to network devices alongside mapping hostnames to leases in DNS zones.

• Centralized IP address management across all sites.
• Reduces manual configuration errors.
• Supports DHCP relay for remote subnets.
• Configured with lease times and exclusion ranges.
• Enabled via ISC DHCP Server daemon (dhcpd) on AlmaLinux.

Domain Name System: Translates human-readable domain names into IP addresses for both internal and external network communication.

• Internal DNS server for local domain resolution.
• Forwards external queries to ISP DNS servers.
• Improves network performance with DNS caching.
• Provides name resolution for internal services.
• Enabled via BIND9 daemon (named) on AlmaLinux.

System Logging: Centralized logging system that collects and stores log messages from network devices.

• Centralized log collection from all routers and switches.
• Real-time monitoring of network events and errors.
• Facilitates troubleshooting and security auditing.
• Enabled via rsyslog daemon on AlmaLinux.

File Transfer Protocol: Enables file transfer between network devices and provides centralized file storage.

• Centralized repository for configuration backups.
• Facilitates IOS image distribution and upgrades.
• Secure file sharing across the network.
• Enabled via vsftpd daemon on AlmaLinux.

Network Storage: Provides centralized network-attached storage for data management and sharing.

• Centralized data storage accessible from all sites.
• Enabled via SAMBA daemon (smbd) on AlmaLinux.
• Used for shared resources and documentation.

HTTP/HTTPS Services: Hosts website from both internal and external access.

• Hosts company's website.
• Provides documentation and resource access.
• Enabled via Apache Web Server daemon (httpd) on AlmaLinux.