DESIGN, IMPLEMENTATION AND MANAGEMENT OF JKUAT KAREN
SECURED LAN
|
AGANZE MURHABAZI ELIUD
JKC-BO1-0197/13M2
A Computer Systems Project Report Submitted in Partial
Fulfillment of the Requirements for the Degree of Bachelor of Science in
Information Technology
INFORMATION TECHNOLOGY DEPARTMENT
JOMO KENYATTA UNIVERSITY OF AGRICULTURE AND TECHNOLOGY
(c)SEMPTEMBER 2014
1.1.
Declaration by the Candidate
This project, which is my original work, has not been
presented for an academic award in any other University. No part of this
project may be reproduced without prior written permission of the author and/or
JKUAT.
_____________________________ _________________
___________
Name of Candidate Signature Date
I.T and Computing Department
Jomo Kenyatta University of Agriculture and Technology
(JKUAT)
Declaration by the Supervisor
This thesis has been submitted for examination with my
approval as University Supervisor.
_____________________________ _________________
___________
Name of Chief Supervisor Signature Date
Copyright
In presenting this project, I agree that Jomo Kenyatta
University of Agriculture and Technology (JKUAT), Information and Technology
(IT) Department, can photocopy it, and make the copies freely available only
for scholarly purposes.
1.
Abstract
This is a network based system on LAN security whose main aim
is to upgrade the existing network, handle traffic, provide reliable, fast
connection and available anytime and ensure security of users and the
system.
Through this system, network will provide more services and
good connection to reduce the current problem of non-reliability,
non-availability and other problem.
The network devices are accessible remotely in a secure place
away from the actual physical universitycampus where they are prone to various
types of damages. From this remote location, network administrator is able to
make configuration and they have been authenticated by the system and they have
the required authorization.
Dedication
I hereby dedicate this report to my parent Mrs. Jean P.
Muluka, my mother Josephine Munyeruka, all my brothers John HabaMungu, Issa
Murhabazi, Destin Murhabazi,Vctor Bwanangela,Big Fidel,Patrick Blaise M and
caracholini regular Monitor friends have guided and supported me throughout my
education and for providing me with everything I need.
Acknowledgement
I hereby thank the staff at the JKUAT Karen Campus networking
session (Nerve center) especially a Mr. Antony for the insight he gave me on
how their current manual system works and other related document to the current
network. He gave me a first-hand experience in the activities involved in the
university and the processes carried out. I would also like to thank my
lecturers for teaching me how to come up with meaningful solutions to problems
we face, my fellow classmates for the constructive criticism, my parents for
giving me a good education and sound advice, and most importantly God for the
strength, wisdom and understanding He gave me to carry out this project.
Table of Contents
Copyright
i
Abstract
iii
Dedication
iv
Acknowledgement
v
List of figures
x
List of tables
x
List of Abbreviations
x
CHAPTER ONE: INTRODUCTION
1
1.1. Project Overview
1
1.2 Organization structure of JKUAT Karen
Campus
1
Figure 1.1: Organization structure of JKUAT
Karen
1
1.3 Main objectives of project
1
1.4 General description of the project
process
2
1.4.1 The statement of problem
2
1.4.2 Proposed solution
2
1.5 Project Schedule
3
CHAPTER TWO: METHODOLOGY
4
2.0 Methodology
4
2.1 Research Methodology
4
2.2 Research Questions
4
2.3 Purpose of the Research
4
2.4 Research Techniques/ methods used
4
2.5 Research Technique used
8
2.5 Project methodology
8
2.5.1 System Development Life Cycle approach
Methodology
9
2.5.2 Top-Down Network Design Methodology
10
2.5.3 Plan, Design, Implement, Operate, and
Optimize (PPDIOO) methodology
10
2.5 Project Requirement specification
13
2.5.1 Software requirement
13
2.5.2 Hardware requirement
13
CHAPTER THREE: LITERATURE REVIEW
15
3.1 Introduction
15
3.2 LAN (local area network)
15
3.2.1. Peer-to-Peer Networks
15
3.2.2 Server-Based Networks
16
3.3 LAN Design
16
3.4 LAN Installation
17
3.5 LAN Security
17
CHAPTER FOUR: SYSTEM ANALYSIS
18
4.1 Introduction
18
4.2 System analysis activities
18
4.2.0 The importance of system analysis:
18
4.3 Requirement analysis
19
4.3.0 Identification of LAN design requirement
19
4.3.1 Equipment features
19
4.3.2 Design Redundancy
19
4.4 Existing Network
19
4.4.1 Current Network equipment
19
4.4.2 Physical configuration state
19
4.4.3 Network design topology
21
4.4.4 Current network design problem
24
4.4.5. Network addressing Schema and Naming
25
4.4.6 System analysis of the current Network
Management
27
4.4.7 Proposed system
32
4.4.7.0 Physical design
32
4.4.7.1Logical design
33
4.4.7.2 Proposed Management strategies
34
4.4.7.3 Proposed WAN
34
4.4.7.4 ProposedAddress schema
35
4.4.7.5 General Merits of proposed
system
36
CHAPTER FIVE: NETWORK DESIGN
37
5.0. Definition
37
5.1. Design principals
37
5.2 logical network topology
38
5.2.1 Flat versus Hierarchical Topologies
39
5.3 Switching technologies
43
5.3.0 Spanning Tree Protocol (STP)
43
5.3.1 VLAN (Virtual Local Area Network)
44
5.3.2 Designing Models for Addressing and
Numbering
45
5.3.3 Network security and management design
48
5.4.0 System design of Jkuat network management
online
48
5.4.0.1 Introduction
48
5.4.0.2 UML Diagrams
50
5.4.0.2.1 Activity diagrams
53
5.4.0.2.2 Sequence diagrams
55
5.4.0.2.3 Class Diagrams
56
5.4.0.3 Database design
57
5.4.0.2 Database Schema Tables
61
5.4.0.3 Entity relationship diagram
(ERD)
62
5.4.0.4 Interface design
64
5.4.1 Good interface design
64
CHAPTER SIX: SYSTEM TESTING AND IMPLEMENTATION
69
6.1 Coding
69
6.2 User Interface
69
6.3 System testing
76
6.2.1 Methods / Types of Testing
76
6.2.1.2 White Box Testing
77
6.2.2 The Testing Process
77
6.4 System implementation
80
6.4.1 System change over
80
6.4.1.2 Direct changeover
81
6.5 Changeover Technique Used
83
6.6 Chosen strategy
83
CHAPTER SEVEN: PROJECT APPRAISAL
84
7.1 Objectives met
84
7.2 Achievements
84
7.1.1 System Achievement
84
7.1.2 Personal Achievement
85
7.2 Limitations/ shortcomings
encountered.
85
7.3 Conclusion
85
7.4 Recommendations
86
References
87
Appendix
88
1. Interview Questions
88
2. Source codes
89
2.1. Login. Php
89
2.2. Db.php
89
List of figures
No table of figures entries found.
List of tables
List of Abbreviations
Abbreviation
|
Meaning
|
MySQL
|
My-structured query language
|
CRUD
|
Create, Read, Update & Delete database operations
|
CSS
|
Cascaded Style Sheet
|
Db
|
Database
|
DBMS
|
Database Management System
|
ERD
|
Entity Relationship Diagram
|
HTML
|
Hyper Text Markup Language
|
JKUAT
|
Jomo Kenyatta University of Agriculture and Technology
|
OO
|
Object Oriented
|
OOSAD
|
Object Oriented System Analysis and Design
|
RDBMS
|
Relational Database Management System
|
SDLC
|
Software Development Life Cycle
|
SSAD
|
Structured Software Analysis and Design
|
UML
|
Unified Modeling Language
|
DHCP
|
Dynamic Host Configuration Protocol
|
VLSM
|
Variable Length Subnet Mask
|
IP
|
Internet Address
|
TELNET
|
Teletype Network
|
DNS
|
Domain Name Service
|
TCP
|
Transmission Control Protocol
|
ACL
|
Access List Control
|
CIDR
|
Classless InterDomain Routing
|
GUI
|
Graphical User Interface
|
LAN
|
Local Area Network
|
WAN
|
Wide Area Network
|
MAC
|
Media Access Control
|
QOS
|
Quality Of Service
|
TCP/IP
|
Transmission Control Protocol/Internet Address
|
VTP
|
Virtual Terminal Protocol
|
STP
|
Spanning Tree Protocol
|
RSTP
|
Rapid Spanning Tree Protocol
|
CHAPTER ONE: INTRODUCTION
1.1. Project Overview
This project is based on the JKUAT
Karen Campus Network design and implementation secured
JKUAT is public educational institution which provide
certificate, diploma, undergraduate courses and postgraduate. Locate along
Bogani road. The existing network have faced challenge due to the growing
number of student in the last 5 years where by internet users has grown as with
poor network infrastructure and services provided , This has made the network
slow, unavailable all the time, unreliable and difficult to manage.
1.2. 1.2 Organization structure of JKUAT Karen Campus
Figure 1.1: Organization
structure of JKUAT Karen
1.3 Main objectives of
project
Our major objective will to make a secure system that is able
to perform the following system Functionalities:
· Increase speed of processing and response time.
· Design and implementation network security and Qos.
· IP Address management &provide redundancy link to
avoid link failure.
· Provide flexibility to meet user requirement.
· Upgrading existence LAN and integration of voice in
network.
· Once login with valid username and password in the
network the administrator can perform assignment of Address, troubleshooting
and configuration.
· To perform secure login and provide remote access to
the network by using telnet.
1.4 General
description of the project process
1.3. 1.4.1 The statement of problem
The current network is facing the following
problem;
Ø No redundancy: large failure domain, device failure,
no network segmentation and link failure also synchronization
Ø Accessibility and availability: the current network
is not available all the time due to failure of device and link.
Ø Security: with the current system security is not
implemented to protect users.
Ø Manageability: due to local based management of
network. Network administrator and technician are required to move one location
to another and troubleshooting is becoming.
Ø Flat Network Design : no scalability and large point
of failure
1.4.2 Proposed solution
The proposal system will ensure availability, security,
redundancy, manageability and better performance of application. Where the user
will be divide in terms of VLAN and all access to services will be allowed by
Access Control List, also reduce link failure and device failure by
implementing routing protocol and lastly to integrate voice communication in
form of IP telephone in addition we have to implement 2 routers to manage
traffic. Our system proposal network will allow only network administrator to
login from a remote location for configuration and troubleshooting using telnet
particular switches.
These are service will be provided by this network;
ü Telnet
ü IP telephone
ü VLAN(virtual local area network)
ü Port Security
ü Rapid STP( rapid spanning tree)
ü HTTP
ü Routing Protocol
ü DHCP sever and Protocol to provide IP addresses to
devices on campus. There have been no DHCP outages year to date, exceeding the
SLA goal of 99.95% availability.
The expect output from this project is LAN and Wireless
implementation in the campus
Buildings. User may connect to the network anywhere within the
campus. LAN and Wireless
Networking for small area offers computer connectivity with no
strings attached.
1.5 Project Schedule
Table 1.1: Project
Schedule
CHAPTER TWO:
METHODOLOGY
2.0 Methodology
Methodology is the systematic, theoretical analysis of the
methods applied to a field of study, or the theoretical analysis of the body of
methods and principles associated with a branch of knowledge.
2.1 Research Methodology
Research can be defined as the process of carrying out a
diligent inquiry or critical examination of a given phenomenon-implies an
exhaustive study, investigation or experimentation following some logical
sequence.
Research is a process of arriving at effective solutions to
problems through systematic collection, analysis and interpretation of data.
The main purpose of research is to discover answers to
questions. Research methodology is the process followed in conducting the
research.
2.2 Research Questions
Research questions are meant to guide your information
gathering as you conduct your research. The research questions I used can be
viewed in the appendix section.
1.4. 2.3 Purpose of the Research
The purpose of the research was to find out how the current
systems function and to get a clear picture on the impact the proposed system
would bring.
The research was also aimed at eliciting user challenges with
the current system and what improvements they would like to see.
2.4 Research Techniques/ methods used
There are a variety of data collection and analysis techniques
that I considered before selecting the most suitable method for this project.
These techniques included:
a) Questionnaires
b) Interviews
c) Observation
d) Record Inspection / Document Review
e) Sampling
f) (a) Use of questionnaires
A questionnaire is a special document that allows the analyst
to ask a number of standard questions set to be asked to a large number of
people in order to gather information from them. It is used when:
· The system analyst is located at a considerably long
distance from the respondent.
· There is a large number of respondents such that
interviewing them will be limited by time.
· The questions to be asked are simple and straight
forward and require direct answers
· It is used as a means to verify facts found using other
methods.
Advantages of using questionnaires are:
· They provide a cheap means of gathering information /
data from a large number of people.
· They encourage individuals to provide response without
fear, intimidation or victimization.
· The respondents can complete the questionnaire at their
own convenience with minimal or limited interruption of their work.
· Questions are presented consistently to all without
bias.
Disadvantages of using questionnaires are:
· Response is often too slow since the respondents
complete and return the form at their own convenience.
· They don't provide an opportunity for respondents to
obtain clarification of questions which may appear vague or ambiguous.
· Does not provide an opportunity for the analyst to
observe respondents' reactions.
· The design of the questionnaire requires an expert who
may charge expensively and may not be economically when used for a small group
of users.
· All forms may not be returned and also not all
questions may be answered which leads to incomplete data for analysis.
Requirements for preparing a questionnaire include:
· Questions should be simple and clear
· The questions should be objectively oriented and one
should avoid leading questions.
· The questions should be logically organized
· The form should be neat.
(b) Interviewing
This is a direct face-to-face conversation between the system
analyst (the interviewer) and users (interviewees). He obtains answers to
questions he asks the interviewee. He gets the interviewee's suggestions and
recommendations that may assist during the design of the proposed system.
Interviews serve the following purposes:
· Acts as a method of fact-finding to gather facts about
the existing system.
· Used for verifying facts gathered through other
methods.
· Used for clarifying facts gathered through other
methods.
· Used to get the user involved in the development of the
new system.
Interviews are used in the following
circumstances:
· When the respondents are few e.g. corporate managers
· When the respondents are physically available and
accessible
· When the main emphasis of the system investigation is
people
· When the analyst wishes to seek direct answers,
opinions, suggestions and detailed information.
· When the analyst wishes to verify validity of facts
collected through other techniques.
· When immediate response is required
Interviews have the following advantages:
· The analyst can frame questions differently to
individuals depending on their levels of understanding. Thus it allows
detailed facts to be gathered.
· The analyst can observe non-verbal communication from
the respondents or interviewees.
· The response rate rends to be high
· Provides immediate response
· The analyst can get detailed facts from each respondent
Disadvantages of interviews are:
· Costly and time consuming when used on a large number
of people
· Success highly depends on the analyst human relation
skills, expertise and experience
· May not be practical due to location of respondent
· May make the respondents to feel that they are being
summoned or grilled by analyst
· Interviews can fail due to:
- Ambiguous questions being asked
- Personal questions being asked
- Inadequate time allocation for the exercise
- Lack of earlier preparation by both parties
- When the analyst is biased on using technical jargon
(c) Observation
Observation is the most effective fact-finding technique but
requires the analyst to participate in performance some activities carried out
by the user. He may choose to watch them as they perform their activities and
gather the facts intended.
This method is best used in the following circumstances:
· When the validity of facts gathered through other
methods is questionable
· When complexity of certain aspects of a system prevent
a clear explanation by the respondents or the user
· Used to confirm that the procedures specified in the
manuals are being followed.
· When one needs to obtain first hand and reliable
information
Guidelines when using the observation method
include:
· There should be permission from concerned authorities
before the exercise
· Gathered facts should be recorded
· Those to be observed should be notified and the purpose
of the exercise explained
· The analyst should be objective and avoid personal
option. He should have an open mind
· The analyst should also be record ordinary events
Advantages of observation method include:
· Data gathered is highly reliable thus the method can be
used to verify facts collected through other methods
· The analyst can see what is being done clearly
including the tasks which are difficult to explain clearly in writing or in
words.
· Inaccuracy or inaccurately described tasks can easily
be identified.
· It allows the analyst to easily compare gathered facts
through other methods and what actually happened on the ground
· Relatively cheap compared to other methods
Disadvantages of observation are:
· People feel uncomfortable when being observed and
behave abnormally thus influence the analyst's conclusions
· The exercise may take place at odd times
inconveniencing those involved
· The analyst may observe exceptional activities, leaving
some critical areas. His patience and expertise play a great role
· The tasks being observed may be interrupted and the
analyst may gather wrong facts
(d) Record inspection / Document
review
This method involves perusing through literature or documents
to gain a better understanding about the existing system. Examples of
documents that are perused include sales orders, job descriptions, existing
systems documentation, management reports, procedure manuals, organized
structure charts, trade journals etc.
This method is best used when:
· The analyst needs to have a quick overview of the
existing system
· The information required cannot be obtained through any
other techniques
Advantages of this method are:
· It is comparatively cheap compared to other techniques
· It is a faster methods of fact finding especially when
documents to be considered are few
Disadvantages of this method are:
· Time consuming if the documents are many or if they are
not within the same locality
· Unavailability of relevant documents makes this method
unreliable
· Its success depends on the expertise of the analyst
· Most of the documents or information obtained may be
outdated
(e) Sampling
Sampling is the systematic selection of representative
elements of a population. The selected elements are examined closely and the
results assumed to reveal useful information about the entire population.
This method is used when the target population:
· Is too large and it is impractical to study every
element of the population
· Contains homogenous elements (elements with similar
characteristics)
Advantages of sampling are:
· It reduces the cost e.g. by avoiding to examine every
document or talking to everyone in the organization to gather facts
· It spends up fact finding process
· It improves effectiveness since one can concentrate on
few people and fewer documents and get adequate accurate information
· May reduce biasness, if a representative sample is
taken. All the elements of the population stand a chance of being selected.
Disadvantages include:
· The sample may not be representative enough which may
lead to incorrect and bias conclusions.
· The expertise of the analyst is required since sampling
involves a lot of mathematical computation
2.5 Research Technique used
The research method I decided to use was the interview
approach. I prepared a list of questions to serve as my interview guide then
visited Easy coach and conducted interviews with the relevant personnel.
I also used the observation technique to some extent to
observe the rate of service in the company and also the actual process of
capturing parcel data.
2.5 Project
methodology
"Many network design tools and methodologies in use today
resemble the "connect-the-dots" game that some of us played as
children. These tools let you place Internetworking devices on a palette and
connect them with local-area network (LAN) or wide-area network (WAN) media.
The problem with this methodology is that it skips the steps of analyzing a
customer's requirements and selecting devices and media based on those
requirements". Priscilla Oppenheimer (2004) Good network design must recognize
that a customer's requirements embody many business and technical goals
including requirements for availability, scalability, affordability, security,
and manageability. Many customers also want to specify a required level of
network performance, often called a service level. To meet these needs,
difficult network design choices and tradeoffs must be made when designing the
logical network before any physical devices or media are selected.
1.5. 2.5.1 System Development Life Cycle approach
Methodology
Based on Priscilla Oppenheimer (2004), network
design is divided into some
Major phases. The phases that will be used in this project
are:
Phase 1
Investigation
H
Phase 2
Analysis
Phase 3
Design
Phase 4
Simulation
Figure 2.2: System Development Life Cycle
approach
Phase 1:Investigation
The investigation phase is the most important step in planning a
project; this is to find out everything that will be involved with the project.
During the investigation phase, it discovers that the need for the project such
as what the user's need, doing a site survey. For the buildings and
environment, number of user and everything.
Phase 2: Analysis
This analysis phase is step when committees are formed and
committee members determine what needs to be done. Each committee should create
a task list. For each task, write down the resources required and how long it
will take to complete. This phase is to analyses all the details that have been
gathered in an investigation phase. It will develop analysis strategy;
determine the parameters and the requirement for the project. The analyses are
about user, host, network and functional requirements
Phase 3: Design
This design phase decide the network architecture of the
project. It also include overall system, interfaces, assumptions, nodes and as
appropriate. This deliverables of this phase will be in logical design and
physical design such as network design and diagrams ready to be turned over for
development.
Phase 4: Simulation
In this phase the designs are mapped to the simulation tool.
The configuration for simulation includes the network configuration management,
hardware configuration management and the security of the project. The hardware
and software are installing
1.6. 2.5.2 Top-Down Network Design Methodology
Top-down network design is a methodology for designing
networks that begins at the upper layers of the OSI reference model before
moving to the lower layers. It focuses on applications, sessions, and data
transport before the selection of routers, switches, and media that operate at
the lower layers. The top-down network design process includes exploring
divisional and group structures to find the people for whom the network will
provide services and from whom you should get valuable information to make the
design succeed.
1.7. 2.5.3 Plan, Design, Implement, Operate, and Optimize
(PPDIOO) methodology
The network design methodology presented in this section is
derived from the Cisco Prepare, Plan,
Design, Implement, Operate, and Optimize (PPDIOO) methodology,
which reflects a network's lifecycle. The following sections describe the
PPDIOO phases and their relation to the network design methodology, and the
benefits of the lifecycle approach to network design. Subsequent sections
explain the design methodology in detail.
Figure 2.3. PPDIOO Network Lifecycle Influences
Design
The following describes each PPDIOO phase:
Prepare phase: The Prepare phase involves
establishing the organizational (business) requirements, developing a network
strategy, and proposing a high-level conceptual architecture, identifying
technologies that can best support the architecture. Financial justification
for the network strategy is established by assessing the business case for the
proposed architecture.
Plan phase: This phase involves identifying the
network requirements, which are based on
the goals for the network, where the network will be installed,
who will require which network services, and so forth. The Plan phase also
involves assessing the sites where the network will be installed and any
existing networks, and performing a gap analysis to determine if the existing
system infrastructure, sites, and operational environment can support the
proposed system. A project plan helps manage the tasks, responsibilities,
critical milestones, and resources required to implement the changes to the
network. The project plan should align with the scope, cost, and resource
parameters established in the original business requirements. The output of
this phase is a set of network requirements.
Design phase: The initial requirements
determined in the Plan phase drive the network design specialists' activities.
These specialists design the network according to those initial requirements,
incorporating any additional data gathered during network analysis and network
audit (when upgrading an existing network) and through discussion with managers
and network users. The network design specification that is produced is a
comprehensive detailed design that meets current business and technical
requirements and incorporatesspecifications to support availability,
reliability, security, scalability, and performance. This design specification
provides the basis for the implementation activities.
Implement phase: Implementation and
verification begins after the design has been approved. The network and any
additional components are built according to the design specifications, with
the goal of integrating devices without disrupting the existing network or
creating points of vulnerability.
Operate phase: Operation is the final test of
the design's appropriateness. The Operate phase involves maintaining network
health through day-to-day operations, which might include maintaining high
availability and reducing expenses. The fault detection and correction and
performance monitoring that occur in daily operations provide initial data for
the network lifecycle's Optimize phase.
Optimize phase: The Optimize phase is based on
proactive network management, the goal of which is to identify and resolve
issues before real problems arise and the organization is affected. Reactive
fault detection and correction (troubleshooting) are necessary when proactive
management cannot predict and mitigate the failures. In the PPDIOO process,
the
Benefits of the Lifecycle Approach to Network
Design
The network lifecycle approach provides many benefits, including
the following:
lowering the total cost of network
ownership:
1. Identifying and validating technology requirements
2. Planning for infrastructure changes and resource
requirements
3. Developing a sound network design aligned with technical
requirements and business goals
4. Accelerating successful implementation
5. Improving the efficiency of the network and of the staff
supporting it
6. Reducing operating expenses by improving the efficiency of
operation processesand tools
Increasing network availability:
1. Assessing the state of the network's security and its ability
to support the proposed design
2. Specifying the correct set of hardware and software releases
and keeping them operational and current
3. Producing a sound operational design and validating network
operation
4. Staging and testing the proposed system before deployment
5. Improving staff skills
6. Proactively monitoring the system and assessing availability
trends and alerts
7. Proactively identifying security breaches and defining
remediation plans
improving business agility:
1. Establishing business requirements and technology
strategies
2. Readying sites to support the system to be implemented
3. Integrating technical requirements and business goals into a
detailed design and
4. demonstrating that the network is functioning as specified
5. Expertly installing, configuring, and integrating system
components
6. Continually enhancing performance
Accelerating access to applications and
services:
1. Assessing and improving operational preparedness to support
current and plannednetwork technologies and services
2. Improving service-delivery efficiency and effectiveness by
increasing availability,resource capacity, and performance
3. Improving the availability, reliability, stability of the
network and the applications running on it
4. Managing and resolving problems affecting the system and
keeping softwareapplications current
For this project we have decided to go with System Development
Life Cycle approach Methodology
Because it is efficient.
2.5 Project
Requirement specification
1.8. 2.5.1 Software requirement
ü Network Simulator: Cisco Packet Tracer version 6.0.1
ü Coding Interface: Cisco IOS command Line
ü Microsoft Office 2013
ü Microsoft Visio 2013
ü UML Diagrammer
ü Cisco Aspine
ü Wampserver 2.4
ü Programming language : PHP
5.4,Javascript,HTML,Ajax,JQuery
ü Database MySQL
1.9. 2.5.2 Hardware
requirement
ü Laptop or Desktop
ü RAM 2 Gb and above
ü INTEL Duo core and AMD Processor
2.5.3 Operation System
ü Windows 7 and 8
CHAPTER THREE: LITERATURE REVIEW
1.10. 3.1 Introduction
This chapter will elaborate about the literature and finding
from relevant articles or papers about the element that related to this
project. The literature review is a body text that aims to review the critical
points of current knowledge on particular topics (Sitiamanath Masor, 2007).For
this project, related to networking area and more specifics to network design
and data implementation of LAN. To continue the report for project "Design and
Implementation of JKAUT LAN security ", literature review is important in order
to study the basic about the subject of the project. Literature review is a
process to search, collect, analyze and concluded all debates and issues raised
in the work that been done in the past (Halina B Abdul, 2007).
It also provide the examples, case studies and other relevant work that have
done by other people in the past, it gives the chance to investigate areas and
read the subject that user may not have thought about before. The literature
review focuses on the various theory and basic network knowledge used in the
project. Project methodology will discuss detail about type of methodology,
techniques, hardware or software requirements and project planning to develop
the project, so that the planning for the project proposed to meet project
objectives, scopes and requirements.
3.2 LAN (local area
network)
Cody L. Horton (1998). »In its simplest form, a LAN is a
communications network that provides users of workstations with a transmission
medium and a path for sharing local and remote computer resources» . A LAN
consists of the network cable also called network media, protocols, and network
interface cards (NIC), servers, workstations (clients), and other network
devices. LANs are separated into two broad categories, peer-to-peer and
server-based. The distinction between peer-to-peer and server-based networks is
important because each category provides different capabilities.
1.11. 3.2.1. Peer-to-Peer Networks
Connection between similar device (computer to computer) for
sharing information .Peer-to-peer networks are suitable for small organizations
where the network will consist of 10 or fewer computers. A peer-to-peer network
is workable in situations where network security is notimportant, and no
centralized network administration is required. In a peer-to-peer network,
all
Computers on the network can function as both clients and
servers. In this type of network, each client can share resources with any
computer on the network, and there is no centralized control over shared
resources. The peer relationship means that no one computer has higher access
priority or heightened responsibility to provide shared resources or network
management.
Peer-to-peer networks are not capable of handling high volumes
of network traffic, but in networks of 10 or fewer they provide an easy means
of sharing data and resources. Each computer in the peer network has the
responsibility of administering its own user database, which means that the
users must have a password and user account on even' computer in the network.
Peer-to-peer networks are less expensive and easier to install than
server-based networks, but they also provide less functionality and are not
very expandable. While it may appear that peer-to-peer networks are unworthy of
consideration because of their limitations, keep in mind that peer-to-peer
networks offer some powerful inducements particularly to smaller organizations
and networks. Peer-to-peer networks are the easiest and least expensive types
of networks to install. Most peer-to peer networks require only an operating
system, such as Windows XP or Windows for Workgroups, network interface cards,
and a common network medium. Once the computers are connected, users can
immediately begin sharing information and resources. [Tittel, Hudson, 1998]
1.12. 3.2.2 Server-Based Networks
Server-based networks, also known as "client/server" networks,
rely on special purpose computers
Called servers that provide centralized management, coordinate
and support to other computers, and resources on the network. In a server-based
network, dedicated servers are installed for the purpose of providing network
services such as: user logons, maintaining the authorized user accounts
database, storing files, providing resources and shared applications to users,
and providing network security.
There are a number of reasons to implement a server-based
network, including centralized control over network resources through the use
of network security control over the network using the server's configuration
and setup. Server-based networks are scalable and allow for future network
growth and expansion. These networks are robust and can support a large number
of users depending on how the server is configured. Server-based networks can
be tailored to meet the needs of small or large organizations, and they can
handle high volumes of network traffic. Server-based networks are much more
powerful than peer-to-peer networks, but they are also more expensive than
peer-to-peer networks. Additionally, server-based networks require more
administration, more training, and higher levels of technical expertise to
implement than required in peer-to-peer networks.A WAN provides connectivity
between more than one LAN, and most WANs are a combination of LANs and other
types of communications components connected by communication links called WAN
links [MS PRESS, 1996].
1.13. 3.3 LAN Design
LAN technology has changed in the recent year with new
technologies such as technologies as Layer 3 switching, LAN switching, and
VLANs, building campus LANs is becoming more complex than in the past. Today,
the following three technologies are required to build successful campus
networks;
ü Token Ring switchingOffers the same functionality as
Ethernet switching but uses Token Ring technology. You can use a Token Ring
switch as either a transparent bridge or source-route bridge.
ü Copper Data Distributed Interface (CDDI)provides a
single-attachment station (SAS) or dual-attachment station (DAS) to two
Category 5 unshielded twisted-pair (UTP), 100 Mbps RJ-45 connectors.
ü Fiber Distributed Data Interface (FDDI)Provides an SAS or
DAS connection to the FDDI
ü Backbone network using two multimode, media interface
connector (MIC) fiber- optic connections.
"An office network consist of a Local Area Network (LAN) or group
of LANs that all connected into one enterprise network. (Cisco Documentation,
2006).
3.4 LAN
Installation
These are in term of ease of installation, total cost,
reliability, performance and security as state from Mitchell (2007). The
article said that wired LAN use Ethernet cables and network adapters. Although
two computers can be directly wiredto each other using an Ethernet crossover
cable or different devices can be connected using straight through cable, wired
LAN generally also require centraldevices like hubs, switches, or routers to
accommodate more computers. In term ofinstallation, wired LAN used an Ethernet
cables. The cable must be run from eachcomputer to another computer or to the
central device. It can be time-consuming anddifficult to run cables under the
floor or through walls, especially when computers sit inDifferent rooms.
3.5 LAN
Security
Without adequate protection or network security, many
individuals, businesses, and governments are at risk of losing that asset.
Network security is the process by which digital .Network security is the
process by which digital information assets are protected, the goals security
are to protect confidentiality, maintain integrity, and assure availability.
(Salah Alabady, 2009)With the current increase number of LANs and personal
computers security has become very critical issues when it comes to protect
users, asserts and privacy of users.Security has one purpose, to protect
assets. With the advent of personal computers, LANs, and the wide-open world of
the Internet, the networks of today are more open.
CHAPTER FOUR: SYSTEM ANALYSIS
2. Introduction
A system analysis involves evaluation of the current system
using the gathered facts or information. System analysis involves
understanding and specifying in detail what the system will do. One should
evaluate whether the current and projected user needs are being met. If not,
he should give a recommendation of what is to be done. Analysis involves
detailed assessment of the components of the existing system and the
requirements of the system.
The objectives or aims of system analysis are:
Ø To determine information needs of an organization and
the users of that information.
Ø Determination of the current activities of the system
i.e. functions involved in conversation of inputs to outputs.
Ø Determination of the intended systems output.
Ø Determination of the resources required for the
intended system.
Ø Determination of capabilities required in the system
to meet information needs of the organization.
4.1 System analysis activities
i) Analysis of the organization environment.
The analyst should evaluate in details information needs of the organization
environment e.g. information needs of the consumers, suppliers, competitors,
government departments etc.
ii) Analysis of the present system. The
analyst should study the current system and identify its weaknesses and its
strengths. He should establish the ability of current system in meeting the
stated information needs. This guides a decision to be made on whether the
existing system stands to be improved, changed or done away with altogether.
Some aspects of the existing controls, files, user interaction, methods,
procedures, functions and existing hardware and software.
iii) Requirement analysis - involves
determination of user requirements e.g. tasks performed, output expected,
proposed system development cycle and user goals.
The following are also determined:-
ü Maximum, minimum and average levels of activities.
ü Labor intensive tasks - the tasks that are manual and
can easily computerized.
ü Activities or tasks that involve complex or repetitive
computation.
ü Procedures that have become obsolete.
Once all the facts are analyzed and documented a formal report
is written called statement of requirements.
4.1.0 The
importance of system analysis:
i) It helps the analyst or system developer to gain
understanding of the existing system.
ii) It allows the analyst or system developer to record
existing system information in a standard form to aid design of a new system.
It also facilitates understanding of the system by the user staff.
iii) Enables the analyst or developer to define existing
system procedure into a logical model.
Helps the analyst to write or produce statement of requirements,
which guides the development team throughout subsequent stages of the
development life cycle.
4.2 Requirement
analysis
2.1. 4.3.0 Identification of LAN design requirement
ü High speed connectivity to access layer switch
ü Scalability(support data, voice and video)
ü Availability(24x7)
ü Manageability(VLAN, Telnet)
ü Security(implementation of VLAN,ACL, Port security)
ü High speed redundant links between switches on LAN and the
access layer devices
ü Identification of available hardware for LAN
2.2. 4.3.1 Equipment features
ü 3X1841 Routers (Main, Admin, Academic)
ü 12XSwitches (Admin, Directors, library, academic, lab_201,
lab_203, ACE,LB_2,LB_3)
ü Server( DNS,DHCP)
ü 4XWireless router (Academic, Library,Law,Server1)
ü IP telephone
4.3.2 Design Redundancy
ü Use of multiple layer 2 link to increase available
bandwidth.
ü Design that incorporate redundancy by using layer 3
switches.
ü Implementation of routing protocol.
4.4 Existing
Network
4.4.1 Current Network equipment
In the current network we have the following devices with serve
the campus:
ü 2 HP Switches in the sever room
ü 1 HP switch in library
ü 1 PH switch in law school
ü 3 Linksys (Cisco) WRT300N wireless router (AC-AP)
4.4.2 Physical configuration state
Under physical we have the following;
ü Locate in 6 building (LB, Academics, BLD, ACE, Library and
Directors office).
ü LAN cable in both offices is CAT6 Ethernet.
ü Flat network without redundancy.
ü The current network is inadequate for growth.
ü 1 configured VLAN management.
ü Addressing and Naming are inconstancy and poorly.
ü 25 PCs connected via wireless router (AC-AP) in
library
The figure bellow shows the physical configuration state
Figure 4.1: JKUAT Karen network building
Figure 4.2: physical network building
Note: connect cable used in the current network are;
1. Between switch to switch we have UTP cable (crossover
cable)
2. Between core switch and normal switches we have Fiber optic
cable.
Physical network design involves the selection of LAN and WAN
technologies for campus and enterprise network designs. Physical Network
Design,» is to give you information about the scalability, performance,
affordability, and manageability characteristics of typical options, to help
you make the right selections for your particular customer. The cabling that
connects buildings is exposed to more physical hazards than the cabling within
buildings. Fig 4 shows how different switches connect from different building
to the core switch.
4.4.3 Network design topology
The definition of the word topology states than
an item's topology defines its physicalappearance. In many ways a LAN's
topology is the same, it is representative of the LAN's physical appearance It
is determined by how transmission channels are used to connect networkdevices.
Typically, it refers to how the LAN is physically set up and the cabling
strategy beingused. It is acknowledged that topology is the foundation of a
LAN.
It should be pointed out that within the context of LANs, the
word topology takes on a dualmeaning. Both aspects are important to how the LAN
will function.
1. First, topology refers to the physical appearance of the LAN.
This is known as thephysical topology.
2. The second aspect refers to how the LAN functions. This
logical topology is determined by how the messages are transmitted from device
to device.
There are three fundamental topologies, star, bus and ring. From
these three, a number of hybrid topologies have developed, including tree,
star-wired ring, clustered star and hierarchical star.
2.3. 4.4.3.1 Star
topology
In a star topology, the hub or switch is placed in the logical
center of the network. The remaining network devices are connected to this
central hub like the points on a star.
2.4. 4.4.3.2 Bus
topology
A bus topology is a linear configuration. It places all of the
network devices on one length of cable, similar to stops on a city bus route.
The hubs, server, stations and peripheral devices all use the same continuous
length of transmission channel.
2.5. 4.4.3.3 Ring
topology
A ring topology places all of the network devices in a circle. It
uses one transmission channel to connect all devices. Each device is connected
to the next one. The last device is connected to the first closing the
circle.
2.6. 4.4.3.4 Flat
Network
In a flat network all connecting devices are on the same level
Table of advantages and disadvantages
|
Star
|
Bus
|
Ring
|
Advantages
|
ü fault easy to locate and isolate
ü central management
|
ü Adaptable to environment changes
ü Easy to expand and add devices
|
No reliance on central device
|
Disadvantages
|
Single point of failure
|
Lack of central control
Single point of failure
|
Device can be added only when the network is inoperative
|
Table 4.1. Comparison between network topologies
Figure 4.3. Flat network
2.7. 4.4.3.5
Hierarchical network
In a hierarchical design all connecting devices are still on the
same level, but these are interconnected at a level above it
Figure 4.4. Hierarchical design
In the traditional Cisco network design model there are three
basic levels
1. Access: Where switching is the primary
activity.
2. Distribution: Where routing occurs.
3. Core: Which forms a backbone for connecting
the distribution level segments of large networks.
Due to significant benefits of hierarchical design over flat
design which including
Ø The network is easy to scale
Ø The problem domain can be more easily isolated
Ø It creates logical interconnection points where
protocols changes can occur Failure in
Table comparison between hierarchical and flat network
design
|
Flat Network
|
Hierarchical Network
|
Advantages
|
Uses for small network and statics
|
Large and enterprise network
|
|
Single collision domain
|
large
|
|
|
Scalable, manageable
|
Limitations
|
Limited number of stations
|
unlimited
|
|
Single point of failure
|
no
|
|
Broadcast domain layer 3 switches and router
|
Have 3 layers;
Access. Distribution and core
|
Table 4.2. Comparisons between hierarchical and flat
network design
Note: We have decided to choose this
model which will be adequate for our network to make it efficient compare to
the current network which use flat network design
2.8. 4.4.4 Currentnetwork design problem
Figure 4.5. Current network
design
The red circle represents the problem of the current network
design, with no interconnection between devices there is high probability of
failure. For example if we take the link between core switch and director's
switch, in case there is a failure or a problem between core and director all
other switches cannot access service. There are issue of single point of
failure in each sub network.
2.9. 4.4.4.1
Logical configuration state
Figure 4.6. Current logical design
2.10. 4.4.5. Network addressing Schema
and Naming
A structured model for addressing means that addresses are
meaningful, hierarchical, and planned. IP addresses that include a prefix and
host part are structured. Assigning an IP network number to an enterprise
network, then subnetting the network number and subnetting the subnets, is a
structured (hierarchical) model for IP addressing.
Figure 4.7: Addressing schema
4.4.5.1 Auditing
the existing Network
It is a process of acquiring information about network.
Considering the existing information of users provide up to day information .it
can be gather from existing management software.
Types of routers
ü Avaya
ü Cisco wireless routers
ü Network services provided by the current system(Dhcp,
Wi-Fi,DNS)
2.11. 4.4.5.2 Existing network Management
a. Difficult to troubleshoot and maintenance because it required
to shut down the network and required physical presence and there is no remote
assistance.
b. No help desk, support was provided by calling technician
physically using
IP telephone which needed physical and it consumes time to be
assisted.
.
c. Limited number of IP address in some location due to the
problem of VLANs. Some VLANs was assigned less IP address and other location of
the network there is no VLANs at all. This problem makes hard to connect to the
network or access to service is not available to all user everywhere.
4.4.6 System analysis of the current
Network Management
4.4.6.1 How the
current network is managed
a. In case there is a problem encounter by the user the need to
call the IT technician
b. 1st assessment is physically, the IT technician go
to the site/location/building where the problem was reported.
c. The technician checks the problem and provide solution
immediately if possible, if not the problem will be solved after a particular
time.
d. All types of assistance is physical which required times
4.4.6.2 Flowchart
of the current network management
In case there is a problem encounter by the user the need to call
the IT technician
e. 1st assessment is physically, the IT technician go
to the site/location/building where the problem was reported.
Figure 4.8: flowchart diagram of existing system
4.4.6.3 Weakness of the current system
ü There is no reference of the previous problem occurred
in the past.
ü Though the manual system, it takes a considerably long
time to move from one building to another for solving network issue.
ü Slow response time which result in inefficiency and
ineffectiveness of flowof daily activities.
ü Technician keeps on repeating the same task for common
for common problem
ü There is no permanent help desk service to deal with
daily problem and queries of user/client.
4.4.6.4 Proposed Solution to the current system problem:
ü The new system allows user/client to post their problem
and queries.
ü The system help user to check their problem solution
online without help desk assistance
ü User can request for online assistance
ü It will save time and resources
ü It allows to generate a report weekly report of user
queries
ü This system allows the network administrator and
technician to track down the problem based on the location of request.
ü The queriestracking will first of all computerize the
process of managing the client/user's problem and queries.
ü The administration will be in a position to store
client/user queriesonline and track them from any location.
ü Through the use of a database each problem/query will
be uniquely identified hence there will be no problem of problem sharing the
same Ids and the process of retrieving patient files will be faster.
ü Since the system is online, the administrator have
access to querieshistory from any location provided that there is internet
connectivity and that they have the appropriate login credentials.
Figure 4.9. Flowchart of the proposed system
Figure 4.10. Activity diagram of the proposed
system
4.4.6.5 Analysis of
network traffic
This stage involve the verification of set of application
protocol used in the network and determination the application traffic pattern.
For our network I used the Wireshark Network Analyzerv.1.106
to capture and analyses the traffic. The figure below shows the network traffic
associated with protocol.
Figure 4.11: network traffic and protocols
Figure4.12: Jkuat karen network traffic and
protocols
Fig 10 and 11 show the traffic within the network by providing
source and destination IP address during the transmission of package and
protocols which have been used.
4.4.6.6 Strength of
the current network:
· Good quality wiring.
· Reusability of existing equipment e.g. switches.
etc.
· Physical security to access critical location.
· Adequate space for data center.
4.4.6.7 Weakness of
the current network:
The current network has the following weakness:
· No redundancy whereby we have large failure domain,
link failure and device failure.
· No state full firewall the existing firewall can
perform filtering
· Poor maintenance of network infrastructures.
· Manageability of network, in case of problem the
technician or network administration need to be physical to the campus, which
is losses of time and resources.
· Switch synchronization issue , in case there is a
problem with electricity the network take time synchronize so that the use can
access
· Limited scalability: the network users grow rapidly
than expected, which affect the network users and required to upgrade to
support future users.
· There is only one VLAN in the current network, we need
to create more VLANs.
· Manage end point to protect network by verify id.
4.4.7 Proposed system
2.12. 4.4.7.0 Physical design
Figure4.13. Proposed physical design
Under the proposed physical design we have address the aspect of
network topology design, where by in new physical we have the aspect of
hierarchical design to avoid link and device failure and solve the problem of
redundancy.
The merit of this new physical design are;
ü Allow expansion.
ü Allow redundancy.
ü Reduce failure.
ü Increase accessibility and reliability.
ü It uses hybrid topology.
4.4.7.1 Logical design
Figure 4.14. Proposed logical design
The merits of the new proposed logical design Ares;
ü Make the network scalable
ü Availability
ü Reduce large domain failure.
ü Create link and devices redundancy by adding 3 router to
ensure if one fails 2 will keep running and serve.
ü Allow integration of voice and video in one network.
ü Reduce broadcast domain.
4.4.7.1 Proposed
security strategies
The new system has the following security features;
a. Port shutdown or port security, which blocks any attempt of
port sniffing.
b. Implementation of VLAN virtual local area network, this
segment network into sub network. Which will separate user in the network. The
purpose is to deny access students or unauthorized staff to access critical
information like database of marks and finance.
c. Secured wireless access point (WAP) and deploy wireless round
the campus.
2.13. 4.4.7.2Proposed Management
strategies
The merit of this system under management are
following;
f. Easy troubleshoot and maintenance without affecting the work
crucial tasks.
g. Implement a web based system for dealing with day to day
problem by just fill a form and send to people who are in charge of network.
This will save of moving one building to another and will improve the time of
response and improve management.
h. With the implementation of Telnet service, which allow
authorized technician or administrator to access the network remotely and
perform necessary task required. Any access using telnet must be secured which
will request username and password before operating.
i. Implementation of DHCP server for better management of IP
address and automatic getting IP address without enter it manually.
2.14. 4.4.7.3 Proposed WAN
Figure 4.15. Proposed WAN
Merit of proposed WAN are;
ü Filter unwanted package based on access control list;
ü Reduce broadcast domain.
ü Support redundancy.
ü Coordinate and route all the traffic across the
network.
ü Support growth.
ü All these is to ensure the network meet user
requirement at least 80%
2.15. 4.4.7.4 Proposed Address
schema
Subnet network
|
Point to point link
|
VLAN
|
Switches
|
Main or Backbone
10.20.0.253/24
|
10.20.0.1/24
Se0/1/1
Se 0/1/0
|
NO
|
NO
|
|
|
|
|
Administrator 192.168.60.0/24
|
192.168.60.13/30
Se0/1/1
Se 0/1/0
|
|
|
|
|
Staff 192.168.60.64/27
|
|
|
|
Student 192.168.60.16/25
|
192.168.60.67/29
|
|
|
Lecture 192.168.60.32/28
|
192.168.60.66/29
|
|
|
Admin 192.168.60.96/28
|
192.168.60.101/29
|
|
|
|
|
Academic 192.168.70.0/24
|
192.168.70.9/30
Se 0/1/0
Se 0/1/1
|
|
|
|
|
Student 192.168.70.32/25
|
|
|
|
Staff 192.168.70.64/27
|
|
|
|
Admin 192.168.70.96/28
|
|
|
|
Lectures 192.168.70.16/28
|
|
DNS
|
192.168.50.34/27
|
|
|
|
|
|
|
Table 4.1: Address Schema
4.4.7.5 General Merits of proposed system
The major objective of the JKUAT LAN's security is to:
i. Increase the efficiency of the network
ii. Improve network speed and bandwidth.
iii. Improve management.
iv. Secure user privacy and network infrastructures
v. Assure availability 24x7.
vi. Reduce link failure by making the network redundant.
vii. Reduce the time involved in generation reports.
viii. Good management of IP address and support scalability.
CHAPTER FIVE: NETWORK
DESIGN
2.16. 5.0. Definition
Dictionaries generally define design as planning how to create
something, or the actual plans themselves. However, when you think of designing
something, whether it is a product, an addition to a house, or a network, you
likely contemplate a broader use of the word design.
2.17. 5.1. Design principals
Cisco has developed the Plan-Design-Implement-Operate-Optimize
(PDIOO) network life cycle to describe the multiple phases through which a
network passes. This life cycle phases are briefly described as follows:
ü Plan phase: The detailed network
requirements are identified, and the existing network is reviewed.
ü Design phase: The network is designed
according to the initial requirements and additional data gathered during
analysis of the existing network. The design is refined with the client.
ü Implement phase: The network is built
according to the approved design.
ü Operate phase: The network is operational
and is being monitored. This phase is the ultimate test of the design.
ü Optimize phase: During this phase, issues
are detected and corrected, either before problems arise or, if no problems are
found, after a failure has occurred. Redesign might be required if too many
problems exist.
ü Retirement phase: Although not part of
the PDIOO acronym, this phase is necessary when part of the network is outdated
or is no longer required.
Figure 5.1: illustration of PDIOO
Network design should include the following tasks,
· Determine requirements
· Analyze the existing network, if one exists
· Prepare the preliminary design
· Complete the final design development
· Deploy the network
· Monitor, and redesign if necessary
· Maintain documentation (as a part of all the other
tasks)
Figure 5.2: illustrate the tasks
Note: The Campus LAN Design addresses four primary wired LAN
requirements shared by organizations, including the need to:
· Offer reliable access to organization resources
· Minimize time required to absorb technology
investments
· Provide a productive and consistent user experience
· Reduce operation costs
2.18. 5.2 logical network topology
Designing a network topology is the first step in the logical
design phase of the top down network design methodology. To meet a customer's
goals for scalability and adaptability, it is important to architect a logical
topology before selecting physical products or technologies. During the
topology design phase, you identify networks and interconnection points, the
size and scope of networks, and the types of internetworking devices that will
be required, but not the actual devices.
Figure 5.3: JKUAT LAN logical design
2.19. 5.2.1 Flat versus Hierarchical
Topologies
2.20. 5.2.1.0 Flat network topology
A flat networktopology is adequate for small networks. With a
flat network design, there is no hierarchy. Each network device has essentially
the same job, and the network is not divided into layers or modules. A flat
network topology is easy to design and implement, and it is easy to maintain,
as long as the network stays small. When the network grows, however, a flat
network is undesirable. The lack of hierarchy makes troubleshooting difficult.
Rather than being able to concentrate troubleshooting efforts in just one area
of the network, you might need to inspect the entire network. Although mesh
networks feature good reliability, they have many disadvantages if they are not
designed carefully.
Figure 5.4: Flat network design
All the devices are on the same level, computers and
switches.
2.20.1.1. 5.2.1.1 Hierarchical Design
Model
The hierarchical design model is used to break the design up into
modular groups or layers. Breaking the design up into layers allows each layer
to focus on specific functions, which simplifies the design and provides
simplified deployment and management.
Modularity in network design allows you to create design elements
that can be replicated throughout the network. Replication provides an easy way
to scale the network as well as a consistent deployment method. In flat or
meshed network architectures, changes tend to affect a large number of systems.
Hierarchical design helps constrain operational changes to a subset of the
network, which makes it easy to manage as well as improve resiliency. Modular
structuring of the network into small, easy-to-understand elements also
facilitates resiliency via improved fault isolation.
A hierarchical design includes the following three layers:
i. Access layer: Provides workgroup/user access
to the network.
ii. Distribution layer: Aggregates access layers
and provides connectivity to services.
iii. Core layer: Provides connection between
distribution layers for large LAN environments.
Figure 5.5: Hierarchical design for JKUAT Karen
Campus
i. Access Layer
The access layer is the point at which user-controlled and
user-accessible devices are connected to the network. The access layer provides
both wired and wireless connectivity and contains features and services that
ensure security and resiliency for the entire network.
Device Connectivity
The access layer provides high-speed user-controlled and
user-accessible device connectivity. Once expensive options, high-speed access
technologies like Gigabit Ethernet and 802.11n wireless are now standard
configurations on end-user devices.
Figure 5.6: device connectivity of JKUAT LAN
Campus
1. Switches used in access layer
i. School of law, labs, academic, nerve center switch
ii. Library, finance admission switch
2. Wireless access pint Linksys
3. IP telephone
4. Printers
5. Servers
6. Desk and laptop
ii. Distribution Layer
The distribution layer serves many important services for the
LAN. The primary function is to serve as an aggregation point for multiple
access layer switches in a given location or campus. In a network where
connectivity needs to traverse the LAN end-to-end, whether between different
access layer devices or from an access layer device to the WAN, the
distribution layer facilitates this connectivity.
Figure 5.7: distribution layer JKUAT LAN Campus
Scalability
In any network where multiple access layer devices exist at a
location to serve end-user connectivity, it becomes impractical to interconnect
each access switch as the access layer grows beyond two or three switches. The
distribution layer provides a logical point to summarize addressing and to
create a boundary for protocols and features necessary for the access layer
operation. Another benefit of the distribution layer boundary is that it
creates fault domains that serve to contain failures or network changes to
those parts of the network directly affected.
iii. Core Layer
In a large LAN environment there often arises a need to have
multiple distribution layer switches. One reason for this is that when access
layer switches are located in multiple geographically dispersed buildings, you
cansave costly fiber-optic runs between buildings by locating a distribution
layer switch in each of those buildings. As networks grow beyond three
distribution layers in a single location, organizations should use a core layer
to optimize the design. Another reason to use multiple distribution layer
switches is when the number of access layer switches connecting to a single
distribution layer exceeds the performance goals of the network designer. In a
modular and scalable design, you can collocate distribution layers for data
center, WAN connectivity, or Internet Edge services.
In environments where multiple distribution layer switches exist
in close proximity and where fiber optics provide the ability for high-speed
interconnect, a core layer reduces the network complexity, as shown in the
following two figures.
Figure 5.8: JKUAT LAN core layer
5.3 Switching
technologies
Campus network design topologies should meet a customer's goals
for availability and performance by featuring small bandwidth domains, small
broadcast domains, redundancy, mirrored servers, and multiple ways for a
workstation to reach a router for off-net communications.
2.21. 5.3.0Spanning Tree Protocol
(STP)
An open standard protocol, documented in IEEE 802.1D, used in a
switched environment to create a loop-free logical topology and logical tree
with no redundancy.
ü Potential loop detection and port blocking
ü Redundancy without switching loops
ü To prevent switching loops, STP:
1. Forces certain interfaces into a standby or blocked state
2. Leaves other interfaces in a forwarding state
3. Reconfigures the network by activating the appropriate standby
path, if the forwarding path becomes unavailable
Due to the weakness of STP which are;
a. Passively waited for the network to converge before it
transitioned a port into the forwarding state.
b. To achieve quick convergence, a network administrator had to
carefully tune the conservative default values for the Maximum Age and Forward
Delay timers, which put the stability of the network at stake.
The implementation of more reliable STP called RSTP (Rapid STP)
introduced In 2004, the IEEE incorporated its 802.1w standard, «Rapid
Reconfiguration of Spanning
Tree,» into the IEEE 802.1D standard. The goal of the 802.1w
committee was to standardize
an improved mode of switch operation that reduces the time STP
takes to converge to a least-cost spanning tree and to restore service after
link failures. Which solved all the of normal STP with the following
solution;
7. Can actively confirm that a port can safely transition to the
forwarding state without having to rely on any timer configuration.
8. To achieve convergence or convergence in a few hundred
milliseconds.
9. There is now a synchronization mechanism that takes place
between RSTP-compliant bridges so that they actively build the topology as
quickly as possible.
Figure5.9: Spanning tree illustration in Switching
5.3.1 VLAN (Virtual Local Area
Network)
A virtual LAN (VLAN)is an emulation of a
standard LAN that allows data transfer to take place without the traditional
physical restraints placed on a network. A VLAN is a set of LAN devices that
belong to an administrative group. Group membership is based on configuration
parameters and administrative policies rather than physical location. Members
of a VLAN communicate with each other as if they were on the same wire or hub,
when they might be located on different physical LAN segments. Members of a
VLAN communicate with members in a different VLAN as if they were on different
LAN segments, even when they are located in the same switch. Because VLANs are
based onlogical instead of physical connections, they are extremely
flexible.
Figure 5.10: illustration of VLANs in JKUAT Karen's
LAN
Switches have been configured to recognize VLAN student, VLAN
lectures, VLAN staff, VLAN technician and VLAN admin, they can exchange frames
across the interconnection link, and the recipient switch can determine the
VLAN into which those frames should be sent by examining the VLAN tag. The link
between the two switches is sometimes called a trunk linkor simply atrunk.Trunk
links allow the network designer to stitch together VLANs that span multiple
switches.
Figure 5.11: trunk port between switches
2.22. 5.3.2Designing Models for
Addressing and Numbering
A structuredaddressing means that addresses are meaningful,
hierarchical, and planned. IP addresses that include a prefix and host part are
structured. Assigning an IP network number to a campus network, then subnetting
the network number and subnetting the subnets, is a structured (hierarchical)
model for IP addressing.
A clearly documented structured model for addressing facilitates
management and troubleshooting. Structure makes it easier to understand network
maps, operate network management software, and recognize devices in protocol
analyzer traces and reports. Structured addresses also facilitate network
optimization and security because
2.23. 5.3.2.0 Static and Dynamic Addressing for End Systems
Dynamic addressing reduces the configuration
tasks required to connect end systems to an internetwork. Dynamic addressing
also supports users who change and automation of station or LAN. DHCPprotocol
have minimize configuration tasks for IP end system .In our network we are
using both static and dynamic addressing IP. Static addresses
are used for servers, routers, switches,and printers.
Comparison between static versus dynamic addressing include the
following:
ü The number of end systems devices: When
there are more than 30 systems, dynamic addressingis usually preferable.
ü Renumbering:If it is likely you will need
to renumber systems in the future andthere are many end systems, dynamic
address assignment is the better choice.Renumbering for public addresses will
become necessary if a new ISP is selected. Inaddition, you might plan to
renumber because the current plan is not well structuredor will run out of
numbers soon.
ü High availability: Statically assigned
IP addresses are available anytime. Dynamicallyassigned IP addresses have to be
acquired from a server first. If the server fails, anaddress cannot be
acquired. To avoid this problem, you can deploy redundant DHCPservers or use
static addresses.
ü Security:With dynamic address assignment,
in most cases, any device that connectsto the network can acquire a valid
address. This imposes some security risk.
ü Address tracking: If a management requires that addresses
betracked, static addressing might be easier to implement than dynamic
addressing.
ü Additional parameters: If end systems
need information beyond an address, dynamicaddressing is useful because a
server can provide additional parameters to clientsalong with the address. For
example, a DHCP server provides a subnet mask, a default gateway,
2.24. 5.3.2.1 Hierarchical Routing
Hierarchical routing means that knowledge of the network topology
and configuration is localized. No single router needs to understand how to get
to each other network segment.
Hierarchical routing requires that a network administrator assign
addresses in a hierarchical fashion. IP addressing and routing have been
somewhat hierarchical for a long time, but in recent years, as the Internet and
enterprise intranets have grown, it has become necessary to add more
hierarchy.
Identifies a block of host numbers and is used for routing to
that block. Traditional routing, also known as classful routing, does not
transmit any information about the prefix length. With classful routing, hosts
and routers calculate the prefix length by looking at the first few bits of an
address to determine its class.
Classless routing protocols, on the other hand, transmit a prefix
length with an IP address. This allows classless routing protocols to group
networks into one entry and use the prefix length to specify which networks are
grouped. Classless routing protocols also accept any arbitrary prefix length,
rather than only accepting lengths of 8, 16, or 24, which the classful system
dictated.
2.25. 5.3.2.2 IP address subnetting
2.26. 5.3.2.2.0 VLANS
Table 5.1: VLAN table
VLAN Number
|
Name
|
VLAN 100
|
Student
|
VLAN 200
|
Lectures
|
VLAN 300
|
Staff
|
VLAN 400
|
Technician
|
2.27. 5.3.2.2.1 VLANS IP address
Table 5.2: VLAN IP address
VLAN Name
|
IP address
|
Subnet Mask
|
192.168.60.0/24
|
Student
|
192.168.60.128/25
|
255.255.255.128
|
Lectures
|
192.168.60.16/28
|
255.255.255.240
|
Staff
|
192.168.60.32/28
|
255.255.255.240
|
Technician
|
192.168.60.48/28
|
255.255.255.240
|
Vlans
|
192.168.60.64/28
|
255.255.255.240
|
192.168.70.0/24
|
|
Student
|
192.168.70.128/25
|
255.255.255.128
|
Lectures
|
192.168.70.16/28
|
255.255.255.240
|
Staff
|
192.168.70.32/28
|
255.255.255.240
|
Technician
|
192.168.70.48/28
|
255.255.255.240
|
Vlans
|
192.168.70.64/28
|
255.255.255.240
|
|
2.28. 5.3.2.2.3 Point to pint IP address
This is apply on WAN between 2 or more router connecting
different LANS
Table 5.3: point to point router IP address
Router name
|
IP address
|
Subnet mark
|
|
Interfaces
|
|
Administration
|
192.168.60.5/30 s0/0/1
192.168.60.6/30 s0/1/0
|
255.255.255.252
|
Academic
|
192.168.70.5/30 s0/0/1
192.168.70.6/30 s0/1/0
|
255.255.255.252
|
Main
|
10.20.0.1/24 s0/0/1
10.20.0.2/24 s0/1/0
|
255.255.0.0
|
2.29. 5.3.1.2.4 DNS and DHCP server IP address
Table 5.4: DNS and DHCP IP address
DNS server
|
192.168.60.34
|
255.255.255.240
|
DHCP server
|
192.168.60.33
|
255.255.255.240
|
2.30. 5.3.3 Network security and
management design
Network security involved the implementation of the following
services;
ü Port shut down: this service allow to shut unused port of
the switch, the purpose is block any sniffing by unauthorized users.
ü Implementation of switch and router authentication and
identification which allows only authorized user to access, make changes and
make configuration at remote location or locally.
ü Implementation of access list control to assign privilege
to authorized uses to access and perform task according to privilege
assigned.
Management design involve the following services;
ü Creation of web based application to deal with request of
users and provide them solution.
ü Implementation of secured telnet of all switches in
network to allow easy troubleshooting and maintenance.
2.31. 5.4.0 System design of Jkuat
network management online
2.32. 5.4.0.1 Introduction
System Design is a process of designing how the intended
system will look like once it becomes operational. It is meant to produce a
design specification for the new system.
In system design, I specified in detail how the parts of the
system would be implemented.
I used the Object Oriented Analysis and Design (OOAD)
approach. This is because it provides a way of thinking about a problem using
real world concepts instead of using adhoc function concepts.
The major benefits of using OOAD are:
i) It promotes better understanding of user requirements.
ii) It leads to cleaner designs.
iii) There is design flexibility.
iv) Decomposition of the system is consistent.
v) Software can be reused.
vi) It facilitates easy maintenance.
vii) There is implementation flexibility
The object oriented (OO) methodology has 3 elements namely;
notation, process and Tools.
a) Notation
This is a collection of graphical symbols for expressing the
model of the system.
The Unified Modeling Language (UML) provides a very robust set
of notation which grows from analysis to design.
The UML is mainly a collection of graphical notations that
methods use to express the designs.
The UML is also used for visualizing, specifying,
constructing, and documenting the artifacts of a software system.
The advantages of UML are that:
i) It captures the business processes.
ii) It enhances communication and ensures the right
communication.
iii) It has the capability to capture the logical architecture
independent of the implementation language.
iv) It enables reuse of design.
The UML refers to things like classes, components,
relationships, packages, etc.
b) Process / Method
A process is an extensive set of guidelines that addresses the
technical and organizational aspects of software development focusing on
requirements, analysis and design.
Process basically encapsulates the activities leading to the
orderly construction of a system model.
c) Tools.
A tool is automated support for every stage of the SDLC.
It helps the designer in creating designs much more
quickly.
Tools support validations like consistency checking,
completeness checking and constraint checking.
Tools also help in code generation, reverse engineering, round
trip engineering, conversion from SSAD to OOAD, quick documentation, etc.
The tools used included UMLDiagrammer, White star UML and
Microsoft Visio 2013.
Models Object Oriented Development
There are 4 + 1 views of the OO model. These views are:
o The process view
o Deployment View
o Logical View
o Dynamic View +
o Use Case View
For each dimension, a number of diagrams are defined that
denote a view of the system's model.
The use case is central since its contents drive the
development of other views.
5.4.0.2 UML
Diagrams
The following UML diagrams were used in the design of the
Patient Records Tracking System.
i) Use case diagrams
ii) Behavioral diagrams: Activity diagrams.
iii) Interaction diagrams: Sequence diagrams
iv) Class diagram
2.33. 5.4.0.2.0 Use case diagrams
Figure 5.12: use case diagram of administrator
Figure 5.13: use case diagram of jkuat network mngt
system online
Figure 5.14: use case diagram of administrator
5.4.0.2.1 Activity
diagrams
Figure 5.15: activity diagram of jkuat network mngt
system online
Figure 5.16: activity diagram of administrator
5.4.0.2.2 Sequence
diagrams
Figure 5.17: sequence diagram for administrator
Figure 5.17: sequence diagram for user
5.4.0.2.3 Class Diagrams
Figure 5.18: class diagram of jkuat network mngt
system online
5.4.0.3 Database
design
Database design is the process of producing a detailed data
model of a database. It contains all the needed logical and physical design
choices and physical storage parameters needed to generate a design in data
definition language, which can then be used to create a database. It can also
be used to describe many different parts of the design of an overall database
system.
The process of doing database design generally consists of a
number of steps which will be carried out by the database designer. Usually,
the designer must:
· Determine the relationships between the different data
elements.
· Superimpose a logical structure upon the data on the basis
of these relationships.
5.4.0.3.0 Design process
The following are the steps to be followed during database
design:
i). Determine the purpose of the database - This helps prepare
for the remaining steps.
ii). Find and organize the information required - Gather all
of the types of information to record in the database, such as product name and
order number.
iii). Divide the information into tables - Divide information
items into major entities or subjects, such as problem. Each subject then
becomes a table.
iv). Turn information items into columns - Decide what
information needs to be stored in each table. Each item becomes a field, and is
displayed as a column in the table. For example, an Admin table might include
fields such as user name and password.
v). Specify primary keys - Choose each table's primary key.
The primary key is a column, or a set of columns, that is used to uniquely
identify each row. An example might be user ID or Problem ID.
vi). Set up the table relationships - Look at each table and
decide how the data in one table is related to the data in other tables. Add
fields to tables or create new tables to clarify the relationships, as
necessary.
vii). Refine the design - Analyze the design for errors.
Create tables and add a few records of sample data. Check if results come from
the tables as expected. Make adjustments to the design, as needed.
viii). Apply the
normalization
rules - Apply the data normalization rules to see if tables are
structured correctly. Make adjustments to the tables
The person who is doing the design of a database is a person
with expertise in the area of database design, rather than expertise in the
domain from which the data to be stored is drawn e.g. financial information,
biological information etc. Therefore the data to be stored in the database
must be determined in cooperation with a person who does have expertise in that
domain, and who is aware of what data must be stored within the system.
This process is one which is generally considered part of
requirement analysis, and requires skill on the part of the database designer
to elicit the needed information from those with the domain knowledge.
2.34. 5.4.0.3.1 Normalization
Database normalization is the process of efficiently
organizing data in the DB. It can also be described as the
accuraterepresentation of data, relationships and constraints.Normalization is
a systematic way of ensuring that a database structure is suitable for
general-purpose querying and free of certain undesirable
characteristics--insertion, update, and deletion anomalies--that could lead to
a loss of integrity. The main goals of normalization are to:
i) Eliminate redundant data in a DB.
|
ii) Ensure data dependencies make sense.
|
Figure 5.19: current form used to manage network
|
2.35. 5.4.0.3.3 Process of normalization
These are the steps taken from the unnormalized form (UNF) to
the normalized form. UNF is the table that contains one or more repeating
forms. The steps are: Table problem
Employee_id
|
problem description
|
Full Name
|
Department
|
Building
|
Date of problem
|
Type of problem
|
Status
|
|
|
Employee ID
|
Department
|
Building
|
Date of solution
|
Solution
|
Solved by
|
Type of problem
|
status
|
1. First normal form (1NF)
The first normal form (1NF) involves the removal of repeating
groups. The question remains, "What is a repeating group?" example of repeating
groups: Employee ID(JKC-FIN-0100) ,Full-name(Adam Juma) status(Unsolved),
Department(Finance, Academic), Building(LAB, Academic), Type of problem(No
connection, Connectivity), solution(solved),solved by, and type of problem
For a given problem , one or more solution and one or more solution can exist.
For each repeating group you encounter, the repeating group is moved to a
separate table. In this case, you end up with two new tables that store the
contact and category data. The following outlines the new structure and
entities:
1) Problem : Problem ID(primary
key) ,Type of problem , problem description ,Date of problem and
Status
2) Employee: Employee ID(primary
key), Full Name, Department, Building
3) Solution: Solution ID (primary
key), Date of solution, solution, Solved by,
Status
4) Report: Report ID(primary
key) ,Solution ID , Employee ID, Date of report
The problem table is a parent to the problem id and Solution
tables. The two relationships are one to many. In other words, each problem can
have one or more solution and can be associated with one or more categories.
2. Second normal form(2NF)
Second normal form (2NF) is the second step in normalizing a
database. 2NF builds on the first normal form (1NF). A 1NF table is in 2NF form
if and only if all of its non-prime attributes are functionally dependent on
the whole of every candidate key.
2NF is achieved by removing partial dependencies: the
functionally dependent attributes are removed from the relation by placing them
in a new relation along with a copy of their determinant.
Identification of attribute
Problem (Problem ID, Date of problem, problem
description, Date of problem and Status)
Employee (Employee ID, Full Name, Department and
Building)
Solution (Solution ID, Date of solution, solution,
Solved by and Status)
Report (Report ID, Solution ID, Employee ID, and Date
of report)
Functional dependency:
Employee ID Full Name, Department and Building
Solution ID Solution, Date of solution, status and
solved by
Report ID Employee ID, Solution ID, Problem ID,
Department and Building
Problem ID Type of problem, problem description, Date
of problem and Status
Figure5.20: full dependency
Partial dependency
Solution ID, Employee ID Problem ID, Type of problem,
problem description, Status, Solved by
Problem ID Type of problem, problem description,
Date of problem
Employee ID, problem ID building, department, type of
problem
3. Third normal form(3NF)
Third normal form (3NF) is the third step in normalizing a
database and it builds on the first and second normal forms, 1NF and 2NF. 3NF
states that all column reference in referenced data that are not dependent on
the primary key should be removed. Another way of putting this is that only
foreign key columns should be used to reference another table, and no other
columns from the parent table should exist
Problem table: Problem ID (primary
key), Type of problem, problem description, Date of problem and
Status
Employee table: Employee ID
(primary key), Full Name, Department, Building
Solution table: Solution ID
(primary key), Date of solution, solution, Solved by,
Status
Report table: Report ID (primary
key),Solution ID, Employee
ID, Date of report
5.4.0.2 Database Schema Tables
Table Problem
Name
|
Date type
|
Null
|
Problem ID
|
Integer(12)
|
not null
|
Type of problem
|
Varchar(255)
|
not null
|
Date of problem
|
Time stamp
|
not null
|
problemdesc
|
Varchar(255)
|
Not null
|
status
|
Varchar(20)
|
not null
|
Table solution
Name
|
Date type
|
Null
|
Solution ID
|
Integer(12)
|
not null
|
solution
|
Varchar(255)
|
not null
|
Date of solution
|
Time stamp
|
not null
|
status
|
Varchar(20)
|
not null
|
Solved by
|
Varchar(25)
|
not null
|
Table employee
Name
|
Date type
|
Null
|
Employee ID
|
Integer(12)
|
not null
|
Full name
|
Varchar(255)
|
not null
|
Department
|
Varchar(25)
|
not null
|
Building
|
Varchar(20)
|
not null
|
Table report
Name
|
Date type
|
Null
|
Report ID
|
Integer(12)
|
not null
|
Employee ID
|
Integer(12)
|
not null
|
Problem ID
|
Integer(12)
|
not null
|
Solution ID
|
Integer(12)
|
not null
|
Date of report
|
Timestamp
|
not null
|
Table comment
Name
|
Date type
|
Null
|
comment ID
|
Integer(12)
|
not null
|
Full name
|
Varchar(255)
|
not null
|
Date
|
timestamp
|
not null
|
message
|
Varchar(20)
|
not null
|
Table user
Name
|
Date type
|
Null
|
ID
|
Integer(12)
|
not null
|
username
|
Varchar(255)
|
not null
|
password
|
Varchar(255)
|
not null
|
5.4.0.3 Entity relationship diagram (ERD)
An Entity Relationship Diagram (ERD) is a diagram that shows
how tables in a database are linked together and how they interact with each
other in the database. It can be described as a graphical representation of the
data requirements for a database.
There are 5 major parts to an ERD:
a) Entity
An entity represents a person, place, or thing that you want
to track in a database. E.g. in this system, a customer, admin are entities.
The entity becomes a table in the database.
Each occurrence of the entity is an «Entity
Instance». This is becomes a record or a «row» in the table.
E.g. a single name is an instance of the entity -tbl_problem.
b) Attribute
An attribute describes various characteristics about an
individual entity. They tell us more about an entity. The characteristics
become the «columns» in the table. E.g. each problem has an Id and a
problem type.
c) Primary Key
A primary is an attribute of group of attributes that uniquely
identifies an instance of the entity.
d) Relationship
A relationship describes how one or more entities interact
with each other. A verb is often used to describe the relationship. E.g. a
problem has a unique problem ID.
Relationships can be between two instances of entities or
more. Other times you don't even need an instance for a relationship to occur.
Relationships are explained through cardinality.
e) Cardinality
Cardinality is the count of instances that are allowed or are
necessary between entity relationships E.g. A client can have zero, one or
multiple problem, but each problem can only belong to one solution. One of the
ways to represent cardinality in an ERD is by use of Crow's Foot Notation.
There are four different ways to represent cardinality using
Crow's foot Notation.
· One-Mandatory means that you must have
at least one and only one instance.
· Many-Mandatory means that you must
have at least one instance but you can have several instances.
· One-Optional means that you don't have
to have an instance but if you do, you can only have one.
· Many-Optional means that you don't
have to have an instance but if you do, there isn't a limit as to how many
instances you can have.
Figure 5.21: ERD diagram
5.4.0.4 Interface design
Interface design is the design of
websites,
computers,
appliances,
machines,
mobile communication
devices, and
software
applications with the focus on the
user's
experience and interaction. The goal of user interface design is to
make the user's interaction as simple and efficient as possible oftenreferred
to as
user-centered
design.
5.4.1 Good interface design
A good interface design stems from knowing your users,
including understanding their goals, skills, preferences, and
tendencies. The following should be considered when designing the
interface:
· Keep the interface simple. The best
interfaces are almost invisible to the user. They avoid unnecessary elements
and are clear in the language they use on labels and in messaging.
· Create consistency and use common User
Interface elements.By using
common
elements in your UI, users feel more comfortable and are able to get
things done more quickly. It is also important to create patterns in
language, layout and design throughout the site to help facilitate efficiency.
Once a user learns how to do something, they should be able to transfer that
skill to other parts of the site.
· Be purposeful in page layout.
Consider the spatial relationships between items on the page and
structure the page based on importance. Careful placement of items can help
draw attention to the most important pieces of information and can aid scanning
and readability.
· Strategically use color and texture.
You can direct attention toward or redirect attention away from items using
color, light, contrast, and texture to your advantage.
· Use typography to create hierarchy and
clarity. Carefully consider how you use typeface. Different sizes,
fonts, and arrangement of the text to help increase scan ability, legibility
and readability.
· Make sure that the system communicates what's
happening. Always inform your users of location, actions,
changes in state, or errors. The use of various UI elements to communicate
status and, if necessary, next steps can reduce frustration for your user.
Figure 5.22: interface design
Figure 5.23. Home page
Figure 5.24. Login Page
Figure 5.26. Problem
Figure 5.27. Solution and comment
Figure 5.28: FAQ
CHAPTER SIX: SYSTEM TESTING
AND IMPLEMENTATION
6.1 Coding
Coding / Programming is the process of translating system
specifications prepared during design stage into a full operational system
(program code (solution).
This was done using:
· PHP
· JavaScript
· Wampserver
· Dreamweaver.
· MySQL.
· Ajax
· Packet tracer simulation
· Cisco ios command
6.2 User Interface
The following are some screenshots of the online courier
management system.
Login Page
Figure 6.0: login form
Figure 6.1: home Page
Figure 6.2: solution form
Figure 6.3: problem Page Screenshot.
Figure 6.4: view
problem
Figure 6.5: Employee page.
Figure 6.6: Network Schema
Figure 6.7: Student
computer DHCP
Figure 6.8: Lecture computer DHCP
Figure 6.9: Show interface route from Director
Switch
Figure 6.10: Access control list Director Router
Figure 6.11: Access control list and login
Figure 6.12: Telnet and ping IP address
Figure 6.13: Spanning tree configuration
Figure 6.14: Ping IP address
.
6.3 System
testing
System testing is the exhaustive and thorough process that
determines whether the system produces the desired results under known
conditions.
Test data must be carefully prepared, results reviewed and
corrections made in the system.
To ensure testing is clear and comprehensive a systematic test
plan must be employed.
The development team and users prepare Test plan with details
on how tests will be carried out. It must detail: -Expected inputs, Expected
outputs, Expected error reactions, Expected communications, Expected
termination, etc.
6.2.1 Methods /
Types of Testing
6.2.1.1 Functional testing
This is a software testing technique whereby the internal
workings of the item being tested are not known by the tester. For example, in
a black box test on software design the tester only knows the inputs and what
the expected outcomes should be and not how the program arrives at those
outputs. The tester does not ever examine the programming code and does not
need any further knowledge of the program other than its specifications.
Advantages of functional testing
· The test is unbiased because the designer and the
tester are independent of each other.
· The tester does not need knowledge of any specific
programming languages.
· The test is done from the point of view of the
user, not the designer.
· Test cases can be designed as soon as the
specifications are complete.
Disadvantages of functional testing
· The test can be redundant if the software designer
has already run a test case.
· The test cases are difficult to design.
· Testing every possible input stream is unrealistic
because it would take an inordinate amount of time; therefore, many program
paths will go untested.
6.2.1.2 White Box
Testing
Also known as glass box, structural, clear box and open box
testing.
It is a software testing technique whereby explicit knowledge
of the internal workings of the item being tested is used to select the test
data.
Unlike black box testing, white box testing uses specific
knowledge of programming code to examine outputs. The test is accurate only if
the tester knows what the program is supposed to do. He or she can then see if
the program diverges from its intended goal.
White box testing does not account for errors caused by
omission, and all visible code must also be readable.
6.2.2 The Testing
Process
The most widely used testing process consists of 5 stages:
i) Unit testing
ii) Module testing
iii) Sub-system testing
iv) System testing
v) Acceptance (alpha) testing.
i) Unit Testing
Unit testing is where individual components are tested
independently to ensure they operate correctly.
ii) Module Testing
A module is a collection of dependent components e.g. an
object class, an abstract data type or collection of procedures and functions.
Module testing is where related components (modules) are tested without other
system modules.
iii) Sub-System Testing
Sub-systems are integrated to make up a system. Sub-system
testing aims at finding errors of unanticipated interactions between
sub-systems and system components. Sub-system testing also aims at validating
that the system meets the functional and non-functional components.
iv) Acceptance Testing (Alpha Testing)
Acceptance testing is also known as alpha testing or last
testing.
In this case the system is tested with real data (from client)
and not simulated test data.
Acceptance testing:
Ø Reveals errors and omissions in systems requirements
definition.
Ø Test whether the system meets the users' needs or if
the system performance is acceptable.
Acceptance testing is carried out till users /clients agree
it's an acceptable implementation of the system.
NB: Beta Testing
Beta testing approach is used for software to be marketed. It
involves delivering it to a number of potential customers who agree to use it
and report problems to the developers. After this feedback, it is modified and
released again for another beta testing or general use.
6.2.2.1 Test Data
Test
|
Action
|
Expected
|
Result
|
Login Test
|
User attempts to login.
|
The user should be redirected to the Admin page after a
successful login attempt
|
Login successful and the user redirected to the Admin Page.
|
Security Test
|
User browses the website pages.
|
A user should be able to view only the pages that he/she is
authorized to view.
|
User has access to authorized pages and denied access to
unauthorized pages.
|
Information
Management Test
|
Admin performs CRUD database operations.
|
The admin should be able to perform the CRUD database
operations.
|
Records successfully viewed, updated and deleted.
|
File problem
|
File detail to the database containing problem details
|
The user should be able to send the records of the parcel from
the database.
|
Data successfully added.
|
Logout test
|
User tries to logout of the system.
|
A user should be able to successfully logout.
|
User successfully logs out of the system.
|
Ping
|
Technician ping the device before telnet
|
Technician knows the IP address of the device
|
Device respond ping
|
telnet
|
Technician tries to login to remote device
|
Technician should be able to access the device by providing
correct credential
|
Successful login
|
DHCP
|
Students and lectures try to get IP address automatically once
connect cable or access Wi-Fi
|
User are supposed to get IP address and access his VLANS
|
Automatic get IP address
|
Access routers and switches
|
Technician tries to access a device
|
Provide correct password
For global, privilege and configuration mode
|
Access authorized
|
Table 6.1: Test Data
6.2.2.2 Tests Justification
Unit Testing
Unit testing was conducted to ensure that the individual
system components were functioning correctly as required.
Module Testing
This was conducted to ensure that the individual system
modules could operate independently without relying on the tracking system.
Sub-System Testing
This was conducted to validate that the system met the
functional and non-functional requirements.
Acceptance Testing (Alpha Testing)
This was conducted to review any errors or omissions in the
systems requirements definition.
White box testing
Test cases were derived that:
· Guaranteed that all the independent parts within the
modules had been exercised at least once.
· Exercised all the logical decisions on their true and
false states.
· Exercised internal data structure to ensure their
validity.
Black box Testing
Sets of inputs were derived that fully exercised all the
functional requirements of the system.
It tried to find errors in the following categories:
· Incorrect or missing functions.
· Interface errors.
· Errors in data structures or external database
access.
· Performance errors.
· Initialization and termination errors.
6.4 System
implementation
After thorough testing by the programmers, the system is then
implemented into the working environment, replacing the original system.
6.4.1 System change over
System changeover is the process of putting the new
information system online and retiring the old system. There are four
strategies that can be used to do this:
(i) Parallel running
(ii) Direct changeover
(iii) Pilot running
(iv) Phased changeover
6.4.1.1 Parallel
running
The old system and the new system are run together for a
period of time. The old system is stopped only when it is certain that the new
system is running correctly.
With this strategy, the old and the new system are both used
alongside each other, both being able to operate independently. If all goes
well, the old system is stopped and new system carries on as the only
system.
Advantages:
i) If there are initial problems with the new system then the
old one can still be used.
ii) Both systems can easily be compared.
iii) Easy to train staff by letting they learn new skills on
the parallel system.
iv) Easy to evaluate because the new and old systems are both
running.
Disadvantages:
i) Expensive - both systems are being run as fully operating
versions so both are doing the same job. This may mean duplication of
staff and hardware.
ii) Risky - there is a greater chance of confusion or errors
if the two different systems are being run side-by-side.
|
6.4.1.2 Direct changeover
The old system is stopped and the following day the new system
is used. This could be disastrous if there are errors in the new system.
With this strategy, the changeover is done in one operation,
completely replacing the old system in one go. This usually takes place
on a set date, often after a break in production or a holiday period so that
time can be used to get the hardware and software for the new system installed
without causing too much disruption.
Advantages:
i) The most rapid of all the strategies, provided it works.
ii) Less risk of confusion between old and new systems.
Disadvantages:
i) Most stressful for the users - the old system has gone so
there is no going back if they have difficulties.
ii) Most difficult to train staff on as the new system was not
in place to learn before the changeover.
iii) Most stressful for the developers - all the data and
files from the old system will have to be converted ready for use on the new
one.
iv) Most risky - if the new system does not work properly then
there is nothing to fall back on.
6.4.1.3 Pilot
running
The new system could be tried by part of the company such as
one branch.
If all goes well, then the rest of the company can change to
the new system
With this strategy, the new system replaces the old one in one
operation but only on a small scale. For example it might be tried out in
one branch of the company or in one location. If successful then the
pilot is extended until it eventually replaces the old system completely.
Advantages:
i) Easy to control, the pilot can be halted at any time.
ii) Easy to evaluate because the new and old systems are both
running.
iii) Low risk, if a small-scale pilot fails then not too much
has been lost.
iv) Easy to train staff by letting them learn new skills on
the pilot system.
Disadvantages:
i) It can be slow to get a pilot to completely replace the old
system.
ii) A pilot may not show up problems that a full-scale
implementation would. This is because a system can work well as a small-scale
pilot but has difficulties when it is scaled up to a full operating system with
more realistic volumes of data to be processed.
6.4.1.4 Phased
changeover
With this strategy, the new system is brought in in stages
(phases). If each phase is successful then the next phase is started,
eventually leading to the final phase when the new system fully replaces the
old one.
Advantages:
i) Very structured, each phase can be fully evaluated before
moving onto the next one.
ii) Lower risk, a well-planned and controlled introduction of
the new system.
iii) Easy to train staff by letting them to learn new skills
on each phase as it is introduced.
Disadvantages:
i) Slower than direct implementation.
ii) Although each phase is easy to evaluate, you have to wait
until all the phases are complete before you can evaluate the whole change
over.
6.5 Changeover Technique Used
After thorough evaluation and scrutiny, the changeover
technique that I decided to use was the parallel running technique. This is
because:
· It allows for ease of implementation.
· End users are more likely to respond positively and
offer less resistance to the new system.
· If there are initial problems with the new system then
the old one can still be used as the problems are getting fixed.
· It is easy to train staff by letting them learn new
skills on the parallel system.
· It is easy to evaluate because the new and old systems
are both running.
6.6 Chosen
strategy
This the type of implementation used our new network system since
there is another system running currently. The 2 system will run together
This the type of implementation used our network management
system since there was not help desk system. It will take over the manual
system.
CHAPTER SEVEN: PROJECT APPRAISAL
7.1 Objectives met
The JKUAT Network Management System Online was able to meet
all its objectives. That include:
· A secure working DMBS for sending problem detail.
· A successfully designed universal database for parcel
records data sharing.
· A system that would queries problem and solution
information by a clients, department and building from anywhere
· It also satisfied client problem.
· The different modules worked as specified in the
requirements specification section.
The design, implementation and management of JKUAT secured LAN
was able to meet all its objectives. That include:
· A secure administrator login access.
· Perform secured Telnet requesting accurate credential.
· Allow student, lectures and staff to get dynamic IP
address using DHCP
· Successful implementation of VLANs and access list
control.
· Allow redundant link between networks in case of
failure.
· It also satisfied client problem.
7.2 Achievements
Achievements included System and Personal achievements.
7.1.1 System Achievement
The system met all the specified functional requirements. That
include:
· The system is able to solve problem encounter by client
and allow client to post problem
· Information are saved in a database that can be
remotely accessed by authorized personnel.
· The system also provides security to the consignment
records.
· The network provides security to access switches and
routers
· Better IP address management by using DHCP
· Secured network remote access using telnet
· Secured VLANs access by implementing ACL
7.1.2 Personal Achievement
· This project enabled me to apply most of the concepts I
have learnt.
· I was also able to learn new programming languages
function in PHP e.g. PDO and MySQL and this helped me to grow as a
programmer.
· I was also able to gain experience in using many
software e.g. Dreamweaver, UML diagrammed, AJAX, java script, Microsoft Visio
and Wampserver.
· I was able to learn networking and it configuration and
this helped me to grow as a network designer and analyst.
· I gained experience in using network simulation
software e.g. packet tracer, cisco ios command line.
7.2 Limitations/ shortcomings
encountered.
The following limitations were encountered during the system
development:
· It took a lot of time to learn again network
configuration and design
· Shortage of devices during implementation
· A lot of errors were encountered during the development
of the system.
· A lot of errors and misconfiguration were encountered
during the development of the system and the network.
· There were financial constraints encounters during the
development of the system.
· There were technical support constraints encounters
during the development of the system.
· At times, there was no internet connectivity and
therefore one could not seek help from the online community or conduct
research.
3. Conclusion
All in all, the jkuat network management online and design,
implementation and management of jkuat secure LAN were a success since it met
all its objectives and it satisfied the user specifications and client need.
The system is also in line with the Kenyan Vision 2030 of
incorporating Information Technology in our workplaces.
It also shows how different technologies (PHP (PDO)&MySQL
(MySQLi), WAMP sever and Cisco Packet Tracer) can be integrated to create good
user applications which help reduce the cost of operations.
7.3 Recommendations
i). The network management database should be backed up at
different servers to allow redundancy of the records.
ii). The network should have more be backed up servers to
allow redundancy in the network.
iii). A scanning module should be added to allow scanning of
old records to be added in the database.
iv). The university requires to add more access point to
facilitate availability of the network
v). The network should be able to extend to accommodate
growing number of students and application hosted in.
vi). The system should also be extended to capture
References
1. Geoff Haviland(2009),Designing High-Performance Campus
Intranets with Multilayer Switching
2. Amal Fahad(2011),A Wireless Intranet for Baghdad
University
3. Yusuf Bhaiji (2008),CCIE Professional Development Series
Network Security Technologies and Solutions
4. Kenneth D. Stewart III and Aubrey Adams(2008)Designing and
Supporting Computer Networks CCNA Discovery Learning Guide
5. Diane Teare(2008),Authorized Self-Study Guide Designing for
Cisco Internetwork Solutions (DESGN), Second Edition
6. Eric Vyncke(2010),LAN Switch Security What Hackers Know
About Your Switches
7. Priscilla Oppenheimer(2011),Top-Down Network Design, Third
Edition
8. Cody L. Horton(1998), K-12 LOCAL AREA NETWORK (LAN) DESIGN
GUIDE
9. Yue Pan,Jeffery Chung and ZiYue Zhang(2012),ENSC 427
Communication Networks Analysis of Performance of VoIP Over various scenarios
OPNET 14.0
10. E.E.J. Vonk(2005),Design and implementation of a hotspot
network: independent of Wi-Fi service providers
11. Geoff Haviland(2013,)Designing High-Performance Campus
Intranets with Multilayer Switching
12. Mardav Wala(2006),Designing a LAN for Campus Layout
13. Tamirat Atsemegiorgis (2013), Building a Secure Local Area
Networking
14. Diane Teare (2008,)Authorized Self-Study Guide Designing
for Cisco Internetwork Solutions (DESGN) Second Edition
15. Improving Contact Center Demonstrations at Cisco
Systems
16. Appendix
1. Interview Questions
Interviewee name: ..........................................
Interviewer:
..................................................................
Date: .....................................................
Time:
.................................................................
Place:
...........................................................................................................................................................
Subject:
........................................................................................................................................................
|
Time
Allocation
|
Interviewer
Question or objective
|
Interviewee
Response
|
1 to 2 min
|
Open the interview:
-Introduce myself
-Thank interviewee for their valuable time
State the purpose of the interview
|
|
10 min
|
Question 1
How does the current system operate?
Follow -up
|
|
5 min
|
What are the challenges encountered with the current
system?
Follow-up
|
|
5 min
|
What Changes would you like to see?
Follow-up
|
|
2 min
|
Who is authorized to access the records?
Follow-up
|
|
2 min
|
Thank the interviewee for their time and cooperation.
Leave.
|
|
Table 3: Interview
Questions
4. Source codes
4.1. Login. Php
<?php
include("includes/header.php");
?>
<div id="content">
<section>
<h1>Please login with your credentials</h1>
<span class='required'>*</span>This is a required
field
<form action='validate_login.php' method="POST">
<label for="usernname">Username:</label>
<input name="username" class="username" required size=30
placeholder='Masterpro' type="text"/> *
</br></br>
<label for="password">Password:</label>
<input name="password" class="password" required size=30
type="password"/> *
</br>
<input type="submit" value="Login" name="submit"/>
</form>
</section>
</div>
<hr>
<footer>
Copyright, JKUAT 2014 KENYA. All rights reserved.
</footer>
</body>
</html>
4.2. Db.php
<?php
/* Database config */
$db_host= 'localhost';
$db_user= 'root';
$db_pass= '';
$db_database = 'network';
/* End config */
$db = new PDO('mysql:host='.$db_host.';dbname='.$db_database,
$db_user, $db_pass);
$db->setAttribute(PDO::ATTR_ERRMODE,
PDO::ERRMODE_EXCEPTION);
?>
|