Translated from Vietnamese to English -

www.onlinedoctranslator.com

HO CHI MINH CITY NATIONAL UNIVERSITY

UNIVERSITY OF TECHNOLOGY
FACULTY
OF COMPUTER SCIENCE & ENGINEERING

COMPUTER NETWORKING (CO3094)

Assignment 2

NETWORK DESIGN AND

SIMULATION FOR A CRITICAL
LARGE HOSPITAL

Instructor:
Students
perform:

Ho Chi Minh City, May 2024

 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Index
1 Task assignment 3

2 Determine the appropriate network structure for the building 4

2.1Analysis of network system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Analysis of headquarters requirements . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 Analysis of branch requirements . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.3 Throughput requirements analysis . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2Network system details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 Head office in Ho Chi Minh City . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.2 Branches on DBP and BHTQ streets . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3Identify high load areas in the Hospital . . . . . . . . . . . . . . . . . . . . . . 8
2.4Choosing network architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.1 Network structure of the network system . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4.2General information about the network system . . . . . . . . . . . . . . . . . . . . . 10
2.5Wireless network design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Details of equipment used 11

3.1Devices used in the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1 Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.2 Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1.3 Access points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1.4 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.5 Modems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.6 Other equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2IP Addressing Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.1 Head office in Ho Chi Minh City (Buildings A and B) . . . . . . . . . . . . . . . . . . 15
3.2.2 Branch in DBP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2.3 Branch in BHTQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.2.4 IP diagram for ........................... 17
WAN
3.3System diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4 System throughput, bandwidth 18

4.1Head office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.2Branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5 System Design Using Packet Tracer 20

6 Check system using Ping, Traceroute 20

6.1Check the connection of machines in the same VLAN .................. 20
6.2Check connection to other VLAN machines . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.3Check the connection between PCs at the headquarters . . . . . . . . . . . . . . . . . . . . . . . . 22
6.4Check the connection between PCs at the headquarters and branches . . . . . . . . . . . . 23
6.5Connecting to a server in the DMZ area . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.6Connecting to the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.7Surveillance camera management system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

ASSIGNMENT 2 - COMPUTER NETWORK Page 1/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
6.8Email system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

7 System Review 27
7.1Technologies realized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.2Evaluation criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.3Future development orientation . . . . . . . . . . . . . . . . . . . . . . . . . . 28

ASSIGNMENT 2 - COMPUTER NETWORK Page 2/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

1 Task assignment

Order Full name MSSV Mission Comp

let
e
1 S - Design
- Configure the simulation system on Packet 100%
Tracer

- Write reports
2 - Design
- Configure the simulation system on Packet 100%
Tracer

- Write reports

Table 1: List of tasks and completion progress

ASSIGNMENT 2 - COMPUTER NETWORK Page 3/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

2 Determine the appropriate network structure for the building

2.1Analyze network system requirements

CCC (Computer & Construction Concept) was asked to design a computer network
to be deployed at the headquarters (Ho Chi Minh City) and 2 branches (DBPStreet and
BHTQ Street) of the hospital under construction.

2.1.1 Analysis of headquarters requirements

• Consists of two buildings A and B (each building has 5 floors, each floor has 10 rooms), the
first floor has an IT room and a local central cable system (using patch panels to manage
and connect wires).

• Medium size: 600 workstations, 10 servers, 12 network devices (or more

with security- specific devices).

• There is a data center and central cable room 50m from the two buildings.

• Use new technology for network infrastructure including wired and wireless
connections, fiber optics (GPON), and GigaEthernet 1GbE/10GbE. Organize the
network according to VLAN structure for different departments.

• The headquarters subnet connects to the two branch subnets using

two dedicated channels (Leased lines) for WAN connection and two digital
subscriber lines (DSL) for Internet access with load balancing. All traffic
to the Internet goes through the headquarters subnet.

• Use a combination of licensed and open source software, office

applications, client- server applications, multimedia applications and
databases.

• Requires high security (firewall, IPS/IDS, phishing detection), high

availability, robustness when errors occur, and easy system
upgrades.

• Propose VPN configuration for connection between branches and for remote
workers to connect to the hospital LAN.

• Propose a surveillance camera for the hospital.

2.1.2 Analysis of branch requirements

Branches are designed similarly to the headquarters but on a smaller scale:

• The branch building has 2 floors, the first floor has an IT room and a
local central cabling system.

• Small scale: 260 workstations, 2 servers, 5 or more network devices.

Deploy the connection between headquarters and branches through WAN links
(can choose one of the technologies such as SD-WAN, MPLS,...)
ASSIGNMENT 2 - COMPUTER NETWORK Page 4/28
HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

2.1.3 Throughput requirements analysis

The system's data flows and workloads (about 80% of the daily load is
concentrated in the peak hours of 9am - 11am and 3pm - 4pm) can be shared
between the headquarters and branches as follows:
• Servers for software updates, web access and database access,...
Estimated total download is about 1000 MB/day and estimated upload
is 2000 MB/day.

• Each workstation is used for browsing the Web, downloading documents and transacting with
customers,... The estimated total download is about 500 MB/day and the estimated upload is 100
MB/day.

• The WiFi connected devices of the guests accessing to download is about 500MB/day.
Hospital's network system is estimated to have a growth rate of 20% in 5 years (in
terms of number of users, network load, branch expansion, etc.).

2.2Network system details

Before preparing to build a network system, the first and most important thing to do
is to survey the location where the network system needs to be installed. The contents that
need to be surveyed include:

• About installation location:

– How many floors does the building have?

– How many rooms are there on each floor?

– What size is each room?

– The best carrier support for that installation location.
– Does the building have its own wiring or do you have to wire and install the wiring yourself?

• About hospital organization:

– Departmental layout in rooms and floors.

– What is the size of each department?
– Where are the servers located?
For this major assignment, our group assumed that we had successfully surveyed the locations where we were
preparing to install the network system and had the following results:

2.2.1 Head office in Ho Chi Minh City

• The headquarters has 2 buildings (A and B), each building has 5 floors with 600 workstations,
10 servers, 12 networking devices.

• Each floor is sized to accommodate about 60 people working at the same time.
• Found the best carrier for the building location.
• The building has its own wiring, no need to install wiring yourself.
• Each floor needs to provide a wireless network system, with a maximum of 60 devices connected at the

ASSIGNMENT 2 - COMPUTER NETWORK Page 5/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
same time for each floor. Each room must have no more than 6 workstations. A separate wireless
network for the Reception Room with a maximum of 70 devices connected at the same time.

ASSIGNMENT 2 - COMPUTER NETWORK Page 6/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

1. Floor 1:

• Reception:There are 6 workstations and a number of other wireless

network devices (maximum of 60). There is also a camera and a motion
sensor for security monitoring.

2. Floor 2:

• Server farm and DMZ:There are 5 servers serving internal hospital work
and 1 Web server in DMZ.

3. Floor 3:

• Human Resources Department:There are 6 workstations and some other

wireless network devices (maximum of 60).

4. Floor 4:

• Marketing and Sale Department:There are 6 workstations and some

other wireless network devices (maximum of 60).
• Administration:There are 6 workstations and some other wireless
network devices (maximum of 60).

5. Floor 5:

• Financial and Accounting Department:There are 6 workstations and

some other wireless network devices (maximum of 60).
• Research and Development Department:There are 6 workstations and
some other wireless network devices (maximum of 60).
• Drug storage room:There are 6 workstations and some other wireless
network devices (maximum of 60).

2.2.2 Branches on DBP and BHTQ streets

• Each branch has 2 floors with 260 workstations, 2 servers, 5 networking devices.

• Both branch buildings are identical and the survey results are the
same in both branches.

• The branch building has 2 floors:

– 1st floordivided into 3 areas, including 2 small rooms and 1 large room. The
small room will be used as the Reception room and Server room, the large room
will be the working space for the staff.
– 2nd floordesigned as a studio, meaning there are no separate rooms for each floor.
Each floor is sized to accommodate 40 people working at the same time.

• Found the best carrier for the building location.

• The building has its own wiring, no need to install wiring yourself.

ASSIGNMENT 2 - COMPUTER NETWORK Page 7/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

• Each floor needs to provide a wireless network system, with a maximum of 130 devices
connected at the same time for each floor. A separate wireless network for the Reception Room
with a maximum of 260 devices connected at the same time.

Branch in DBP
1. Floor 1

• Information Technology (IT) Department:There are 52 workstations

and some other wireless network devices. (maximum of 130).
• Human Resources Department:There are 52 workstations and some
other wireless network devices. (maximum of 130).
• Reception:There are 52 workstations and several other wireless network
devices. There is also a camera and a motion sensor for security
monitoring. (maximum of 130).
• Server farm:There are 2 servers serving internal hospital work.
2. Floor 2

• Marketing and Sale Department:There are 52 workstations and

some other wireless network devices (maximum of 130).
• Financial and Accounting Department:There are 52 workstations and
some other wireless network devices (maximum of 130).
• Research and Development Department:There are 52 workstations and
some other wireless network devices. (maximum of 130).
• Administration:There are 52 workstations and some other wireless
network devices. (maximum of 130).

Branch in BHTQ
1. Floor 1

• Information Technology (IT) Department:There are 52 workstations

and some other wireless network devices.(maximum of 130)
• Human Resources Department:There are 52 workstations and some
other wireless network devices. (maximum of 130)
• Reception:There are 52 workstations and some other wireless network
devices. There is also a camera and a motion sensor for security
monitoring. (maximum of 130)
• Server farm:There are 2 servers serving internal hospital work.
2. Floor 2

• Marketing and Sale Department:There are 52 workstations and

some other wireless network devices (maximum of 130)
• Research and Development Department:There are 52 workstations and
some other wireless network devices. (maximum of 130)

• Administration:There are 52 workstations and some other wireless

network devices. (maximum of 130)

ASSIGNMENT 2 - COMPUTER NETWORK Page 8/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

2.3Identify heavy load areas in the Hospital

All traffic to the Internet of the system goes through the Headquarters network. Therefore, the
connection from the Headquarters Multi-switch to the Headquarters router is the area with the
highest load. This is where a large number of machines operate, operating for a long time with
high intensity. At the same time, this is also where many tasks are concentrated such as
connecting to servers, connecting to other important machines.

The 2nd floor of the headquarters and branches is the area where many PCs and servers are located
along with the central cable system, so this is also the area with the highest load.
After conducting a survey and reviewing the network system requirements, we
can easily identify areas with high loads in the Hospital, including:

• Web Server System:Allows all Internet users to search for information and
exchange information with the website. Therefore, it is necessary to ensure
access speed and stability.

• Data Center and Network (Headquarters:)Central to all traffic, high server utilization.

• Floor 1 (Sub-branch):There is an IT room where local traffic is aggregated and

server load is handled.

• For the above heavy load locations, the system will apply appropriate load balancing mechanisms.

Load-balancingis a method of distributing network traffic evenly across a pool

of resources supporting an application. Modern applications must handle millions
of users simultaneously and return accurate text, video, images, and other data
to each user quickly and reliably. To handle such high traffic, most applications
have multiple resource servers, where data is replicated between servers. A load
balancer is a device that sits between the user and the pool of servers and acts
as a moderator, ensuring that all resource servers are used equally.

Load balancing can be applied by letting heavy jobs and services such as
mail, file exchange, branch connection, etc. go through leased lines to ensure
strong transmission, fast and stable data transmission/reception speed; for
lighter jobs such as web access, it goes through xDSL lines to minimize system
costs. The system applies load balancing method when connecting the head
office with branches through 2 leased lines and 2 xDSL to access the Internet
with load balancing mechanism. Servers are also divided into separate jobs to
avoid overload when concentrating jobs on one server.

2.4Choosing network architecture

2.4.1 Network structure of the network system

We design the network structure according to the model.Hierarchical Network

Design.This model is now considered the industry-wide best practice for designing
reliable, sustainable, scalable, and cost-effective networks.

In the hierarchical network design model, the network system is divided into several levels

ASSIGNMENT 2 - COMPUTER NETWORK Page 9/28

HK241
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
(layers). These levels are connected to each other in a hierarchical form, allowing the network
system to be divided into

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 10/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Small blocks are easier to manage and these blocks limit local traffic. This model
can be applied to both LANs and WANs.
A common layered network model has 3 layers: Access Layer, Distribution
Layer, Core Layer.

Figure 1: Hierarchical model with 3 levels

Reason for choosing

• Scalability:The decentralized network model is designed to be easily

scalable, which is important as hospital networks are expected to grow 20%
over the next five years.

• Simple management:Organizing the network into layers makes maintenance,

troubleshooting, and upgrades more efficient.

• VLAN and security support:This design enables efficient VLAN deployment to

segregate traffic between departments, enhance security, and improve
performance.

• High Availability:This model integrates redundancy and fault tolerance

mechanisms at the core and distribution layers, ensuring uninterrupted
operation for critical hospital services.

• Cost savings in expansion:Future expansion, such as integrating additional

departments or facilities, can be accomplished by adding equipment at the
appropriate layers without changing the entire network.

However, this model also has its disadvantages.Disadvantages:

• High initial cost:Deploying a hierarchical network requires purchasing additional

equipment, such as core and distribution layer switches, which increases the initial cost.

• Complex configuration:This design requires careful planning and configuration,

especially for cross-layer communication, protocol redundancy, and VLAN
ASSIGNMENT 2 - COMPUTER NETWORK Page
HK241 11/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
management.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 12/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

• Redundancy in design:With smaller sub-branches, a full hierarchical design

may not be necessary due to low traffic demands.

• Challenges in maintenance:Ensuring the system is functioning properly and updated

regularly for all classes requires skilled personnel and constant monitoring.

After considering the pros and cons, the team concluded that a hierarchical network design is
the optimal choice for hospital networks due to its scalability, security, and efficient
management. Although it may increase complexity and initial costs, the long-term benefits
outweigh the drawbacks, ensuring stable and efficient network operations for critical healthcare
services.

2.4.2 General information about the network system

• The network architecture used includes:

– LAN: This is a local network used only within the building, for
working departments, for example:
∗VLAN 10: Administrator. ∗VLAN
20: Medical department.
∗VLAN 30: Client/patient.
– For each department, we will create a separate VLAN for that department.
This meets the need for private sharing between departments and
increases system performance by reducing broadcasting costs, making it
easy to detect errors. Another technique used is VLAN Trunking Protocol
(VTP). This technology makes managing VLANs (adding/ deleting/editing) more
synchronized and easier because only need to make changes on the switch
in VTP server mode, all changes will be updated to the switch in VTP client
mode.
– Subinterface: Used for routing between VLANs. It saves physical ports of the router.
With one physical port we can divide into many logical ports (subinterfaces).

– Subnet mask: Used to divide IP addresses. Here we use IP addresses

starting from 192.168.1.1. Each VLAN will have a different IP range to
help optimize IP address allocation.
– DMZ network subsystem: Includes web server system, dns for customers
and internal access. On the web server there are online transaction systems
of the hospital, Internet Hospital, lookup of hospital products and services,
advertising information,...

– Using DHCP: This is a protocol that allows automatic allocation of IP

addresses along with other related configurations such as subnet mask and
default gateway. Computers are automatically configured, thus reducing
the need for intervention in the appropriate network system in large-scale
models. It provides a central database to track all computers in the
network system. The most important purpose is to avoid the case of two
different computers having the same IP address.
∗Without DHCP, machines can configure IP manually (static IP
configuration). Configuring a static IP address for a few machines is possible,
ASSIGNMENT 2 - COMPUTER NETWORK Page
HK241 13/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
but for many machines it is time-consuming and error-prone. DHCP is responsible
for quickly, automatically and centrally managing the distribution of IP addresses
within a network.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 14/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

∗The way DHCP works is when a device requests an IP address from

a router then the router will immediately assign an available IP
address to that device.
∗DHCP has many advantages, but it also has limitations.
For example, we should not use dynamic IP addresses, changing IP
addresses for fixed devices that need continuous access.

• Use star topology for each building (headquarters and 2 branches)

At each layer, machines communicate with each other through the network by pushing
data to the switch at each layer. This switch will perform the routing of all data sources
at its layer. The layer 2 switches will be connected to each other through the layer 3
switch. Advantages:

– Low cost.
– It allows easier network management and troubleshooting, expanding the
network by adding additional devices will be much faster and easier.
– If one machine has a problem, it does not affect the others.

2.5Wireless network design

Use wifi network for laptop and phone usage of users and customers in
transaction and reception areas. Advantages:

• Allows multiple users to connect over the same network in a very short
time without any configuration, connections can be made through routers
or hotspot technology. This ease of use and convenience is not available
in wired networks.

• Installing a WiFi access point is relatively easy compared to a wired network connection.
Compared to a wired network connection, wireless networks offer significant advantages in
terms of cost and labor.

Besides, we have disadvantages:

• Although wireless networks have used many encryption techniques, Wifi

is still vulnerable to hacking. Due to its wireless nature, it is highly
vulnerable to attacks, especially public wifi networks. Since public wifi
networks are open to anyone, hackers can impose their fake network ID.
Users can unknowingly connect to this fake ID and become victims of
cyber attacks.

• Wifi speed will decrease as we move away from the access point. In
multi-story buildings, Wifi strength can vary on different floors.

To improve wifi security, we use the WPA2/PSK security standard.

3 Details of equipment used

3.1Devices used in the system
ASSIGNMENT 2 - COMPUTER NETWORK Page
HK241 15/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
3.1.1 Router
• Router:Used to connect between branches and the internet, using Cisco 2811 router

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 16/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 2: Router2811

– Total ports: 2.
– Number of expansion slots: 9.
– Ethernet technology: FastEthernet.
– Standard memory: 256 MB.
– Maximum memory: 760 MB.

– Flash memory: 64MB/256MB.

3.1.2 Switch
• Layer 2 Switch:Used to create connection devices on the same floor, using switch 2960-24TT.

Figure 3: Switch2960-24TT

– Number of ports: 24 x 10/100 Ethernet Ports.

– Feature set: LAN Base.

– Switching bandwidth: 32Gps.
– Flash memory: 32MB.
– Forwarding bandwidth: 16Gps.

• Layer 3 Switch:Connecting VLANs at different levels requires the support

of layer 3 switches, which also provide higher speed and better security.
Use layer 3 switch 3560-24PS.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 17/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 4: Layer 3 Switch 3560-24PS

– Number of ports: 24 x 10/100 Ethernet Ports.

– Flash memory: 32 MB.

– Feature set: IP base.

3.1.3 Access point

• Access point:is a wireless network device that acts as a gateway for devices to
connect to a local area network. They are used to extend the wireless coverage
of an existing network so that a large number of customers can access it when
they come to the bank. Use the LINKSYS WAP54G Wireless-G Access Point.

Figure 5: Wireless-G Access Point LINKSYS WAP54G

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 18/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

– Wireless security: 128-bit WPA encryption, MAC address filtering

– Maximum speed reaches 54Mbps under wireless G standard (802.11g) and 11Mbps
under wireless B standard (802.11b)

3.1.4 Firewall
• Firewall:Ensure secure access. Limit risks from malicious data when
accessing the Internet. Use Cisco 5506 firewall.

Figure 6: Cisco 5506 firewall

– Maximum 3DES/AES VPN throughput: 250Mbps.

– Maximum connections/second: 5000.

– Concurrent connections: 50000.

– Bandwidth transmission speed: 100 MB/s

3.1.5 Modems
• Modem:is a hardware device that converts data from a digital format, used for
direct communication between devices with dedicated wiring systems, into a
device suitable for transmission media such as telephone lines or radio. There
are 2 popular modems: DSL and cable. Use DSL-AX82U Modem, DSL because
they have more stable speeds than cable modems.

Figure 7: DSL-AX82U

– Maximum WLAN data transmission rate: 5400 Mbit/s.

– LAN data transmission speed: 10/100/1000 Mbit/s.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 19/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

3.1.6 Other equipment

In addition to the above devices, there are other devices: servers, computers
participating in the LAN, wireless connection devices,...

3.2IP Addressing Plan

3.2.1 Head office in Ho Chi Minh City (Building A and B)
Building A:

Table 2: VLAN of Building A

V F IP Sub Gat
rang ne e
e t w
M a
as y
k
VLAN10 Floor 1 192.168.10.0/24 255.2 192.168.10.1
55.
25
5.0
VLAN20 Floor 2 192.168.20.0/24 255.2 192.168.20.1
55.
25
5.0
VLAN30 Floor 3 192.168.30.0/24 255.2 192.168.30.1
55.
25
5.0
VLAN40 Floor 4 192.168.40.0/24 255.2 192.168.40.1
55.
25
5.0
VLAN50 Floor 5 192.168.50.0/24 255.2 192.168.50.1
55.
25
5.0

Building B:

Table 3: VLAN of Building B

V F IP Sub Gate
range ne w
t ay
M
as
k
VLAN60 Floor 1 192.168.60.0/24 255.2 192.168.60.1
55.
25
5.0
VLAN70 Floor 2 192.168.70.0/24 255.2 192.168.70.1
55.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 20/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
25
5.0
VLAN80 Floor 3 192.168.80.0/24 255.2 192.168.80.1
55.
25
5.0
VLAN90 Floor 4 192.168.90.0/24 255.2 192.168.90.1
55.
25
5.0
VLAN100 Floor 5 192.168.100.0/24 255.2 192.168.100.1
55.
25
5.0

All internal IP addresses of the above workstations are dynamically assigned by DHCP protocol.
Internal network IP addresses of servers in the Server farm are all statically assigned.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 21/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

3.2.2 Branch in DBP

Table 4: Network addresses of VLANs

VLAN Floor (Equipment) IP range Subnet Mask Gateway

VLAN11 Floor 1 172.16.10.0/24 255.255.255.0 172.16.10.1
VLAN12 Floor 2 172.16.20.0/24 255.255.255.0 172.16.20.1
VLAN13 Server 172.16.50.0/24 255.255.255.0 172.16.50.1

Table 5: Intermediate network array

IP range Subnet Mask

172.16.30.0/30 255.255.255.25
2

IP of workstations are dynamically assigned by DHCP protocol. IP of servers are

statically assigned.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 22/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

3.2.3 Branch in BHTQ

VLAN Floor (Equipment) IP range Subnet Mask Gateway

VLAN21 Floor 1 10.0.10.0/2 255.255.255.0 10.0.10.1
4
VLAN22 Floor 2 10.0.20.0/2 255.255.255.0 10.0.20.1
4
VLAN23 Server 10.0.50.0/2 255.255.255.0 10.0.50.1
4

Table 6: VLAN configuration

IP range Subnet Mask

10.0.30.0/3 255.255.255.252
0

Table 7: Intermediate network array

IP of workstations are dynamically assigned by DHCP protocol. IP of servers are

statically assigned.

3.2.4 IP diagram for WAN

Subnet Name IP range Subnet Mask

Headquarters - DBP 100.100.2.0/24 255.255.255.0
Branch
Headquarters - BHTQ 100.100.3.0/24 255.255.255.0
Branch

Table 8: WAN Network

3.3System diagram
The system includes 1 router used to connect branches and connect to
the outside Internet via DSL modem.
Each floor is equipped with 1 switch to connect computers in the floor. These switches will
be connected to Multilayer Switch. Floor 1 at the head office and branches uses 2 switches because it
has a larger number of computers than the other floors.
The servers are located in a different area and are directly connected to the Multilayer
Switch to increase download speed.

• In addition, on the first floor there is also an Access Point to provide wifi for
customers when coming to the bank. For connection between branches:

– The headquarters connects to the branches by WAN connection using OSPF protocol.
– The headquarters uses two leased-lines directly to the routers at the branch
side. The branches only need to connect to the headquarters without having to
connect to each other.
– 2 DSL modems are designed to balance load when transmitting data to the internet.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 23/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

4 Throughput, bandwidth of the system

Throughput:is the amount of information successfully transmitted over a
network in a unit of time.
Bandwidth:is the maximum speed that a website can transmit in 1 second. In
other words, it is the capacity of the network connection to transmit maximum
data between the website and the user in 1 unit of time.
According to the topic:

• System data flows and workloads (about 80% of daily load is concentrated in
peak hours 9am - 11am and 3pm - 4pm)

• Servers for software updates, web access and database access,...

Estimated total download is about 1000 MB/day and estimated upload
is 2000 MB/day.

• Each workstation is used for Web browsing, document downloading and customer
transactions, etc. The estimated total download is approximately 500 MB/day and the
estimated upload is 100 MB/day.

• The WiFi connected devices of the guests accessing to download is about 500MB/day.
Hospital's network system is estimated to have a growth rate of 20% in 5 years (in terms
of number of users, network load, branch expansion, etc.).

4.1Head office
The headquarters consists of 600 workstations (PCs), 10 servers and assumes 100
wireless network accesses.
Total download and upload traffic in 1 day:

10×(1000 + 2000) + 600×(500 + 100) + 100×500 = 440000MB/day

(1)
Since the working time in a day is 8 hours, the throughput of the
system is:

440000
8×3600 = 15.28MB/s =122.22(Mbps) (2)
Since 80% of network traffic is concentrated in 3 peak hours, the system bandwidth is:

440000∗0
,8 = 32.592MB/s =260.742(Mbps) (3)
3×3600
To meet the demand in the next 5 years, the system bandwidth will increase by 20%.
Therefore, the required bandwidth is:

260.742×1,2 = 312.89(Mbps) (4)

4.2Branches
The branch consists of 260 workstations, 2 servers and assumes 50
wireless network accesses. Total download and upload traffic in 1 day: 2×(1000

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 24/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering
+ 2000) + 260×(500 + 100) + 50×500 = 187000MB/day
Since the working time in a day is 8 hours, the throughput of the
system is:
(5)

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 25/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

187000
8×3600 = 6.493MB/s =51.943(Mbps) (6)
Since 80% of network traffic is concentrated in 3 peak hours, the system bandwidth is:

187000∗0
,8 = 13.851MB/s =114.4095(Mbps) (7)
3×3600
To meet the demand in the next 5 years, the system bandwidth will increase by 20%.
Therefore, the required bandwidth is:

114.4095×1,2 = 137.2914(Mbps) (8)

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 26/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

5 System Design Using Packet Tracer

Figure 8: System overview

6 Check the system using Ping, Traceroute

6.1Check the connection of machines in the same VLAN
We have 2 PCs in Building A of the main branch located in the same network.VLAN 10

Figure 9: Ping within the same VLAN

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 27/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 10: Ping results within the same VLAN

6.2Check connection to other VLAN machines

We have 2 PCs on different networks.VLAN 10 (Layer 1)withVLAN 20 (Layer 2)

Figure 11: Ping different VLAN

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 28/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 12: Ping results for different VLANs

6.3Check the connection between PCs at the headquarters

We have 2 PCs located in 2 different locations in Building A and Building B.

Figure 13: Ping between two headquarters

Figure 14: Ping results between 2 headquarters

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 29/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

6.4Check the connection between PCs at the headquarters and branches

Perform a ping to test the connection between the headquarters and the sub-
headquarters.

Figure 15: Ping between headquarters and sub-headquarters

Figure 16: Ping results between headquarters and sub-headquarters

6.5Connecting to a server in the DMZ area

Perform ping to check server connection

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 30/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 17: Ping from computer to server

Figure 18: Ping results from computer to server

6.6Connecting to the Internet

Check your connection to the Internet by accessing google.com (IP address is
8.8.8.8).

Figure 19: Connecting to the Internet

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 31/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 20: Results of connecting to the Internet

6.7Surveillance camera management system

Access to the surveillance camera management system (account and password: admin)

Figure 21: Accessing the surveillance camera management system

Figure 22: Results when accessing the surveillance camera system

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 32/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

6.8Email system
Proceed to send and receive emails to test the email functionality.

Figure 23: Accessing the email system

PC2 logs in to the account [email protected] (account and password: test1),

then sends an email to [email protected] .

Figure 24: Compose a letter

PC3 logs into the account [email protected] (account and password: test2), then
proceeds to receive and view the email content.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 33/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

Figure 25: Receive mail

7 System Evaluation
7.1Technologies that have been realized
1. VLAN Configuration and Inter-VLAN Routing

• Divide the network into independent VLANs, creating traffic isolation between
departments, enhancing security and supporting management.
• Use Inter-VLAN Routing so that VLANs can communicate efficiently over Layer 3.
2. OSPF routing protocol:Provides dynamic routing capabilities, optimizing traffic
between sites and automatically recovering in the event of a failure.

3. DHCP Server:Automatically assign IP addresses to devices in the network,

reducing errors compared to manual configuration.

4. Wireless system:Using Access Point supporting dual-band and WPA3

security standard, ensuring stable connection, high security.

7.2Evaluation criteria
1. Reliability:

• Advantages: The system uses a hierarchical network model with redundancy

mechanisms at the core and distribution layers to ensure high reliability and
minimize downtime. Furthermore, the application of technologies such as GPON and
high-speed Ethernet (1GbE/10GbE/40GbE) provides stable performance.
• Disadvantages: The system can be affected if core devices or WAN
lines have serious failures without adequate redundancy.

2. Ease of Upgrade:

• Advantages: The hierarchical model allows for the addition of devices at each
layer without changing the entire system. Modern devices with scalable ports and
bandwidth make it easy to upgrade as the network grows at an expected rate of
20% over the next 5 years.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 34/28
 Ho Chi Minh City University of Technology Faculty of
Computer Science and Engineering

• Disadvantages: Upgrades can be costly and require skilled personnel to

configure new devices without disrupting network operations.

3. Diverse Support Software:

• Advantages: The system supports many open source and copyrighted

software such as HIS, RIS-PACS, LIS, CRM, along with office,
multimedia and database applications, ensuring full satisfaction of
hospital usage needs.
• Disadvantages: Managing and maintaining multiple types of software requires
highly skilled IT staff and centralized management resources such as powerful
servers and databases.

4. Network Safety

• Advantages: Using VLANs for each department helps reduce the risk of
unauthorized access. VPN and SD-WAN protocols enhance security for
inter-facility connectivity.
• Disadvantages: Disadvantages: The system has not fully implemented
anti-attack measures such as firewalls, phishing detection or data
protection from serious security vulnerabilities.

7.3Future development orientation

1. Deploy a powerful firewall system:Configure and deploy next-generation
firewalls such as Cisco Firepower to protect the entire network.

2. Building a secure VPN mechanism:

• Deploy site-to-site VPN and VPN for remote workers with high security
protocols like IPsec or SSL.
• Incorporate two-factor authentication (2FA) to enhance remote access security

3. Add load balancer:Add a load balancing mechanism to serve the system

during peak times, limiting congestion or server crashes.

ASSIGNMENT 2 - COMPUTER NETWORK Page

HK241 35/28