Final Internship Report.pdf

BAHIR DAR UNIVERSITY

INSTITUTE OF TECHNOLOGY

SCHOOL OF COMPUTING & ELECTRICAL ENGINEERING

ELECTRICAL & COMPUTER ENGINEERING DEPARTMENT

INTERNSHIP REPORT

On

Bahir Dar University ICT Development Office Main Campus Data Center

By

Haimanot Tizazu

Host Company: BDU

Duration: March- June 2012

Submission Date: July 05, 2012

BAHIR DAR UNIVERSITY INSTITUTE OF TECHNOLOGY

SCHOOL OF COMPUTING & ELECTRICAL ENGINEERING

ELECTRICAL & COMPUTER ENGINEERING DEPARTMENT

INTERNSHIP REPORT

On

Bahir Dar University ICT Development Office Main Campus Data Center

By

Haimanot Tizazu

ID No. 126/2000

Host Company: BDU

Duration: March-June 2012

Submission Date: July 05, 2012

Dedications

This internship report is dedicated to my parents, and all my friends for being with me and

helping me in each and every difficulty I faced in this internship report completion and to my

teachers and all those who taught me, trained me and polished my abilities at Bahir Dar

University ,Institute of Technology.

Approval of the Internship Report I, hereby declare that this Internship Report is submitted to the partial fulfillment of the

internship program during the last four months. Any part of this report has not been reported or

copied from any report of the university and others.

Approved by:

______________________ _________________________

Academic Mentor Company Supervisor

Internship Report on Bahir Dar University ICT Development Office Main Campus Data Center

School of Computing & Electrical Engineering IoT, BDU

i

Acknowledgment

The special thank goes to my helpful supervisor Mr. Ferede Wollie, Network Administrator of

Bahir Dar University. The supervision and support that he gave truly help the progression and

smoothness of the internship program. The co-operation is much indeed appreciated. I express

my sincere thanks to my mentor Mr. Tinbit Admasu.

Haimanot T.



ii

Table of Contents

Acknowledgment…………………………………………………………………………………..i

List of figures……………………………………………………………………………………..iv

List of Acronyms & Abbreviations………………………………………………………………..v

Executive Summary………………………………………………………………………………vi

1 Background Information of Bahir Dar University…………………………………………….1

1.1 Mission…………………………………………………………………………………2

1.2 Vision…………………………………………………………………………………..2

1.3 Core Values…………………………………………………………………………….2

1.4 Main Products and Services............................................................................................3

1.5 Main Customers of Bahir Dar University.......................................................................3

1.6 The overall organizational structure and work flow of Bahir Dar University................4

1.7 ICT Development Office.................................................................................................6

2 The Overall Internship Experience…………………………………………………………..8

2.1 How I get in to the company………………………………………………………………8

2.2 The section of the Company I have been working on…………………………………….8

2.2.1 Hardware overview………………………………………………………………...8

2.2.2 Campus Hierarchical Network Design Overview………………………………...13

2.2.3 Security……………………………………………………………………………18

2.3 The Work Flow of Main Campus Data Center……………………………………….20

2.4 Work piece and work tasks I have been executing…………………………………...21

2.5 Procedures I have been following while performing my tasks……………………….27

2.6 How good I have been in performing my tasks……………………………………….27

2.7 Challenges I have faced while performing my tasks………………………………….27

3 The Overall Benefits I gained From the Internship………………………………………….28

3.1 Practical Skill…………………………………………………………………………28

3.2 Theoretical Knowledge……………………………………………………………….28

3.3 Interpersonal Communication Skills………………………………………………….29

3.4 Team Playing Skills…………………………………………………………………...29

3.5 Leadership Skills……………………………………………………………………...29



iii

3.6 Work Ethics Related Issue……………………………………………………………30

3.7 Entrepreneurship Skills……………………………………………………………….30

4 Conclusion and Recommendations ………………………………………………………….31

4.1 Conclusion………………………………………………………………………………31

4.2 Recommendations………………………………………………………………………32

5 References……………………………………………………………………………………33

6 Appendix……………………………………………………………………………………..34

6.1 Basic Cisco Catalyst Switch Configuration Command ………………………………..34

A .Distribution Switch Configuration …………………………………………………34

B. Access Switch Configuration……………………………………………………….36



iv

List of Figures

Figure 1.1 Main Customers of Bahir Dar University......................................................................3

Figure 1.2 Organizational Structure and work flow of Bahir Dar University.................................5

Figure 1.3 Structure of ICT Development Office of BDU............................................................6

Figure 2.1 Cisco twingig converter module……………………………………………………...10

Figure 2.2 Cisco Aironet1252 Access Point rear view…………………………………………..12

Figure 2.3 Hierarchical Campus Network Design……………………………………………….13

Figure 2.4 Core Layer……………………………………………………………………………14

Figure 2.5 Distribution Layer……………………………………………………………………16

Figure 2.6 Access Layer…………………………………………………………………………17

Figure 2.7 A typical secured network……………………………………………………………19

Figure 2.8 The work flow of main campus data center………………………………………….20

List of Tables

Table 2.1 Cisco Aironet1252 Access Point rear view…………………………………………...12

Table 2.2 Description of VTP mode……………………………………………………………..23



v

List of Acronyms & Abbreviations ARP Address Resolution Protocol ASA Adaptive Security Appliances BDU Bahir Dar University CRAC Computer Room Air Conditioning DHCP Dynamic Host Configuration Protocol DMZ Demilitarized Zone DNS Domain Name System FTP File Transfer Protocol GLBP Gateway Load Balancing Protocol HA High Availability HSRP Hot Standby Router Protocol ICT Information Communication Technology IGMP Internet Group Membership Protocol IIS Internet information Services INSA Information Network Security Agency IP Internet Protocol IPS Intrusion prevention systems IT Information Technology L2 Layer 2 L3 Layer 3 LAN Local Area network LWAPP Lightweight Access Point Protocol NAT Network Address Translation POE Power Over Ethernet QoS Quality of Service RU Rack Unit SSP Security Services Processor UNDP United Nations Development Program UNESCO United Nations Educational, Scientific and Cultural Organization VLAN Virtual Local Area Network VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol VTP Virtual Trunking protocol WCS Wireless Control System

http://www.google.com.et/url?sa=t&rct=j&q=unesco&source=web&cd=1&sqi=2&ved=0CGoQFjAA&url=http%3A%2F%2Fwww.unesco.org%2F&ei=RAroT8iJFYeP-wam15mxAw&usg=AFQjCNGothJfQFH0qdN7f5d6BxaB3HG-IQ�



vi

Executive Summary This report is about to explain what I did and learned during my internship period with Bahir Dar university

ICT development office, main campus data center. As the main purpose of internship is to learn by

working in practical environment and to apply the knowledge acquired during the studies in a

real world scenario in order to tackle the problems using the knowledge and skill learned during

the academic process.

I have discussed about every major aspect of the campus network, which I observed and

perceived during my internship program

This report is divided in to four sections. Section one will discuss about the background of Bahir

Dar University and ICT Development office. In section two will get the overall internship

experience of campus network design overview and basic switch configuration. Section three the

overall benefits I gained from during the internship program. The last section is conclusion and

recommendations of the previous sections which about ICT development office, main campus

data center.

The most important in an internship program is that the student should spend their time in a true

manner and with the spirit to learn practical orientation of theoretical study framework. This

report is about my internship that I have undergone at Bahir Dar University ICT development

office main campus data center from March – June 2012. During my internship I am able to learn

practical aspect of network and get good working experience.



1

1. Background Information of Bahir Dar University Bahir Dar University was established by merging two former higher education institutions;

namely the Bahir Dar Polytechnic and Bahir Dar Teachers’ College. The Bahir Dar Polytechnic

Institute, which has transformed itself into Technology and Textile institutes, was established in

1963 under the technical cooperation between the Government of USSR and the Imperial

Government of Ethiopia. The institute was a premier institute in producing technicians for the

nation. The Bahir Dar Teachers’ College, by then known as the Academy of Pedagogy, was

established in 1972 by the tripartite agreement of the Imperial Government of Ethiopia,

UNESCO and UNDP and started actual work in the following year under the auspices of the

Ministry of Education and Fine Arts. Its general objective was to train multipurpose primary

education professionals capable of adopting primary education to rural life and rural

development. Its specific objectives were to train primary school teacher trainers, supervisors,

educational leaders, adult education organizers and community development agents.

The two institutions of higher learning were integrated to form the Bahir Dar University

following the Council of Ministers regulation no. 60/1999 GC. The University was inaugurated

on May 6, 2000. Bahir Dar University is now among the largest universities in the Federal

Democratic Republic of Ethiopia, with more than 35,000 students in its 57 undergraduate and 39

graduate programs. Bahir Dar University has four colleges, three institutes, three faculties and

one school. The academic units of the University include College of Science, College of

Agriculture and Environmental Sciences, College of Medical and Health Sciences, College of

Business and Economics, Institute of Technology, Institute of Textile, Garment and Fashion

Design, Institute of Land Administration, Blue Nile Water Institute, Faculty of Humanities,

Faculty of Social Sciences, Faculty of Education and Behavioural Sciences and School of Law.



2

1.1 Mission

The mission of the Bahir Dar University is to contribute substantially for social, cultural,

economic, political, scientific and technological development of the nation; through the

provision of high quality education, active engagement in research and outreach activities for the

betterment of life, while offering our employees a conducive and rewarding working

environment that values, recognizes and appreciates their contributions.

1.2 Vision

The vision of the Bahir Dar University is to become one of the ten premier research universities

in Africa in 2025 recognized for its quality education, research and outreach activities.

1.3 Core Values

In fulfilling its mission and achieving its vision the Bahir Dar University will uphold, promote

and be guided by the following core values:

Quality: - University product should be of high quality and the University staffs

continuously strive for excellence in their academic and administrative endeavors.

Integrity: - in all our activities we will act with the quality of being honest and with

strong moral principles

Transparency- rules, regulations and decision makings at all levels to be transparent.

Accountability- University staff performing duties in an accountable manner and taking

full responsibility for actions and decisions they take thereof.

Rule of law-University community believe in rule of law and act accordingly.

Equality – the University is an equal opportunity employer and teaching institution

regardless of gender, status in society, ethnic background or religious affinity. The

University management never discriminates among its employees and treats them on

merit bases and respects their contributions.

Promote diversity-Advancement of human and intellectual diversity to enrich the

academic community and to overcome the barriers separating individuals, populations,

and cultures.



3

1.4 Main Products and Services

Universities, traditionally, have two main goals: to create and to disseminate knowledge. The

creation of knowledge is done through the research and its dissemination, is done through the

education.

1.5 Main Customers of Bahir Dar University

The customers of Bahir Dar University are divided in different groups of actors, who are linked

to the educational process being the main: current students, potential students, employees,

employers, government and industry. Which have classified the customers in internal and

external, emphasizing that the internal customer who are work to the satisfaction of external

customers (Juran 1988). Besides, to the authors the customers can be classified in primary ones

and secondary ones, based on their location being as internal customers or external ones and

based on the frequency of interaction that the institution has with them too. While consider that

the product of higher education is the education and then, depending on the role developed by

them during the course, the students can be classified as internal or external1

.

Figure1.1 Main Customers of Bahir Dar University

1 To Kanji and Tambi (1999), A Key Question for Higher Education: Who are the customers? Marco Antonio ,Carvalho Pereira



4

1.6 The overall organizational structure and work flow of Bahir Dar University

Bahir Dar University has to strive to emplace management system that is democratic, honest,

inspiring, transparent, and highly participatory. The University has two core processes and five

support processes. The University’s top management includes the president, four Vice

presidents, and deans/directors for academic units and seven process owners. The major focus of

the management in terms of governance and management includes improve efficiency on major

administration areas such as budget utilization, business process (procurement, finance, registrar,

etc.) efficiency and decision making system in a transparent manner. IT supported decision

making is one of the areas under governance and management which BDU will give special

attention to.



5

Figure 1.2 Organzitional Structure and work flow of Bahir Dar University

Board

President Senate

University Council Managing Council

Legal Affairs Audit & Quality Assurance

Strategy Group

Vice President for Business & Development

Vice President for Information & Strategic

Communication

Vice President for Academic Affairs

Income Generation Process Owner

Planning, Budget & Finance Process

Owner

Procurement & Property Administration Process

Owner

Human Resource Management

Process Owner

Student Services Process Owner

Academic Affairs Executive Director

Vice President for Research & Community

Services



6

1.8 ICT Development Office

BDU knows that ICT is a means to advance the core academic processes, to facilitate

Administrative functions and research needs of the University. Thus the university has

reorganized the ICT development office as that of 2011 in a new fashion which comprises four

directorate directors under the executive Director, Indeed the office directly accounted to the

president of the University.

Objective

The overall objective of ICT Development office lies on addressing the key ICT needs in Bahir

Dar University. These include:-

• Build and Administrate Communication Infrastructure, Automation of business processes,

develop digital Content and Advanced Research facilities.

President

Executive Director

System Design & Development

E-learning training & Consultancy

Maintenance & Support

System & Network Administrator

Figure 1.3 Structure of ICT Development Office of BDU



7

Major tasks going on

• Student Information Management system has developed and implemented with two ICT

staff SIMS has began its function at the beginning of 2011 and now more than 80 percents

of students information are manipulated with this application system, Indeed it is expected

to change drastically the BDU students record and course management.

• Bahir Dar University has begun to build its network infrastructure in a new fashion with

more than 60 million Birr. BDU has outsourced its Local area network infrastructure

building. The project has started on June, 2011 and now most of the network devices are

delivered at the university’s store. The project has already trunk and punch down the

cables in the buildings.

• Has began developed different information systems, Store management system, Human

resource management systems and others.



8

2. The Overall Internship Experience

Nothing is a waste of time if you use the experience wisely.

— AUGSTE RODIN

2.1. How I get in to the company

I have been IT technician of main campus before two years at Bhair Dar university ICT

development office and in this time I have seen many changes and great growth in the section.

Though the company which I can get, the existing network Bahir Dar University is expansion by

Information Network Security Agency (INSA). While the expansion network of Bahir Dar

University has understood that in today’s world of information communication technology

implementing a reliable secure and scalable network infrastructure that automates different office

activities is of great importance. And with this regard has shown readiness to re-deploy a secured

and high performance ICT infrastructure. The BDU network includes LAN network redesign and

deployment, data centre design and construction, SAN and server systems.

2.2 The section of the Company I have been working on I have been doing my internship in the Bhair Dar University ICT Development office

specifically in the main campus data center. During the first month internship period from

hardware overview study to campus three-layer Cisco hierarchy model. While in the second

month I have spent in the configuration of distribution switch and access switch as well as

Microsoft windows server 2008.

2.2.1 Hardware overview

Cisco Catalyst 6500 E

The 15U Rack, 9-slot Cisco Catalyst 6509-E Switch provides high port densities that are ideal

for many wiring closet, distribution, and core network as well as data center deployments. The

Cisco Catalyst 6509-E supports Cisco Catalyst 6500 Series end-to-end operational consistency

benefits.

The Catalyst 6509-E switch is an enhanced version of the Catalyst 6509 switch. The 9-slot

horizontal chassis supports redundant power supplies, redundant supervisor engines, and slots for

up to eight modules.



9

Supports all Cisco Catalyst 6500 Series modules, including:

Supervisor engines

Fast Ethernet modules (with IEEE 802.3af Power over Ethernet [PoE])

Gigabit Ethernet modules (with IEEE 802.3af PoE)

10 Gigabit Ethernet modules

Flex WAN modules

Shared Port Adaptors/SPA Interface Processors

Multi-Gigabit services modules (content services ,firewall, intrusion detection, IP

Security [IPSec], VPN, network analysis, and Secure Sockets Layer [SSL]

acceleration)

Cisco Catalyst 4507 E switch

The Cisco Catalyst 4500 Series Switches enable borderless networks, providing high

performance, mobile, and secure user experience through Layer 2-4 switching investments. It

enables security, mobility, application performance, video, and energy savings over an

infrastructure that supports resiliency, virtualization, and automation. Cisco Catalyst 4500 Series

Switches provide borderless performance, scalability, and services with reduced total cost of

ownership and superior investment protection.

Cisco Catalyst 4500 has a centralized forwarding architecture that enables collaboration,

virtualization, and operational manageability through simplified operations. With forward and

backward compatibility spanning multiple generations, the new Cisco Catalyst 4500E Series

provides exceptional investment protection and deployment flexibility to meet the evolving

needs of organizations of all sizes. The Cisco Catalyst 4500E Series platform has 10 Gigabit

Ethernet (GE) uplinks and supports PoEP, enabling the customers to future proof their network.

Cisco Catalyst 3750 Series

The Cisco Catalyst3750 Series is an innovative line of multilayer Fast Ethernet and Gigabit

Ethernet switches featuring Cisco Stack Wise technology that allows customers to build a

unified, highly resilient switching system - one switch at a time. For midsized organizations and



10

enterprise branch offices, the Cisco Catalyst 3750 Series eases deployment of converged

applications and adapts to changing business needs by providing configuration flexibility,

support for converged network patterns, and automation of intelligent network services

configurations. In addition, the Cisco Catalyst 3750 Series is optimized for high-density Gigabit

Ethernet deployments and includes a diverse range of switches that meet access, aggregation, or

small-network backbone-connectivity requirements.

Cisco Catalyst 2960 Series The Cisco Catalyst 2960-S and 2960 Series Switches are the leading Layer 2 edge, providing

improved ease of use, highly secure business operations, improved sustainability, and a

borderless network experience. The Cisco Catalyst 2960-S Series switches include new Cisco

Flex Stack switch stacking capability with 1 and 10 Gigabit connectivity, and Power over

Ethernet Plus (PoE+) with the Cisco Catalyst 2960 Switches offering fast Ethernet access

connectivity and PoE capabilities. The Cisco Catalyst 2960-S and 2960 Series are fixed-

configuration access switches designed for enterprise, midmarket, and branch office networks to

provide lower total cost of ownership.

TwinGig Converter Module

The Cisco TwinGig Converter Module converts a single 10 Gigabit Ethernet X2 interface into

two Gigabit Ethernet port slots, which can be populated with appropriate Small Form-Factor

Pluggable (SFP) optics, providing a total of 12 wire-speed Gigabit Ethernet ports if used in all 6

X2 interface slots. The flexibility provided by the TwinGig Converter Module enables customers

to aggregate Gigabit Ethernet and 10 Gigabit Ethernet LAN access switches on a single line card.

Figure 2.1 Cisco twingig converter module



11

Cisco ASA 5520 and 5540 Security Appliance

The Cisco ASA 5500 Series Adaptive Security Appliance integrates firewall, IPS, and VPN

capabilities, providing an all-in-one solution for the enterprise network.

Cisco ASA 5585-X Security Appliance

The ASA 5585-X adaptive security appliance is a 2 RU, two-slot chassis accommodating up to

two AC power supply modules, which also contain the necessary cooling components for

operation, although you can install a fan module in the second bay. The Security Services

Processor (SSP) resides in slot 0 (the bottom slot) and the optional Intrusion Prevention System

Security Services Processor (IPS SSP) resides in slot 1 (the top slot). All port numbers are

numbered from right to left beginning with 0.

Cisco 5508 Wireless Controller

The Cisco 5500 Series Wireless Controller is a highly scalable and flexible platform that enables

system wide services for mission-critical wireless in medium to large-sized enterprises and

campus environments. Designed for 802.11n performance and maximum scalability, the 5500

Series offers enhanced uptime with RF visibility and protection, the ability to simultaneously

manage up to 500 access points; superior performance for reliable streaming video and toll

quality voice; and improved fault recovery for a consistent mobility experience in the most

demanding environments.

The Cisco 5500 Series Wireless Controller, designed for 802.11n performance and maximum

scalability, supports up to 250 lightweight access points and 7000 clients, making it ideal for

large-sized enterprises and high-density applications. A core component of the Cisco unified

wireless solution, these controllers deliver wireless security, intrusion detection, radio

management, quality of service (QoS), and mobility across an entire enterprise. The controllers

work in conjunction with other controllers, Cisco Wireless Control System (WCS), and access

points to provide network managers with a robust wireless LAN solution.

The Cisco 5500 Series Wireless Controller supports the Office Extend access point, which

provides secure communications from a controller to an access point at a remote location,

seamlessly extending the corporate WLAN over the Internet to an employee's residence.



12

Cisco Aironet 1250 Lightweight Access point

The lightweight access point (model: AIR-LAP1252) is part of the Cisco Integrated Wireless

Network Solution and requires no manual configuration before being mounted. The lightweight

access point is automatically configured by a Cisco wireless LAN controller using the

Lightweight Access Point Protocol (LWAPP).

In the Cisco Centralized Wireless LAN architecture, access points operate in lightweight mode

(as opposed to autonomous mode). The lightweight access points associate to a controller. The

controller manages the configuration, firmware, and controls transactions such as 802.1x

authentication. In addition, all wireless traffic is tunneled through the controller.

Key hardware features of the access point include:

• Two radio module slots for single or dual-radio operation • Ethernet port and console port • LEDs, • Multiple power sources • UL 2043 compliance • Anti-theft features

Figure 2.2 Cisco Aironet1252 Access Point rear view

1 2.4-GHz radio antenna 4 5-GHz radio antenna 2 Module slot 0 (2.4-GHz

radio module shown) 5 Module slot 1 (5-GHz module

shown) 3 LEDs 6 PC cable security slot

Table 2.1 Cisco Aironet1252 Access Point rear view



13

2.2.2 Campus Hierarchical Network Design Overview Cisco introduced the hierarchical design model, which uses a layered approach to network design

in 1999 (Figure 2.3). The building block components are the access layer, the distribution layer,

and the core (backbone) layer. The principal advantages of this model are its hierarchical

structure and its modularity.

Figure 2.3 Hierarchical Campus Network Design

In a hierarchical design, the capacity, features, and functionality of a specific device are

optimized for its position in the network and the role that it plays. This promotes scalability and

stability. The number of flows and their associated bandwidth requirements increase as they

traverse points of aggregation and move up the hierarchy from access to distribution to core.



14

Functions are distributed at each layer. A hierarchical design avoids the need for a fully-meshed

network in which all network nodes are interconnected.

The building blocks of modular networks are easy to replicate, redesign, and expand. There

should be no need to redesign the whole network each time a module is added or removed.

Distinct building blocks can be put in-service and taken out-of-service without impacting the rest

of the network. This capability facilitates troubleshooting, problem isolation, and network

management.

Core Layer

In a typical hierarchical model, the individual building blocks are interconnected using a core

layer. The core serves as the backbone for the network, as shown in Figure 2.4. The core needs to

be fast and extremely resilient because every building block depends on it for connectivity.

Current hardware accelerated systems have the potential to deliver complex services at wire

speed. However, in the core of the network a “less is more” approach should be taken. A

minimal configuration in the core reduces configuration complexity limiting the possibility for

operational error.

Figure 2.4 Core Layer



15

Although it is possible to achieve redundancy with a fully-meshed or highly-meshed topology,

that type of design does not provide consistent convergence if a link or node fails. Also, peering

and adjacency issues exist with a fully-meshed design, making routing complex to configure and

difficult to scale. In addition, the high port count adds unnecessary cost and increases complexity

as the network grows or changes. The following are some of the other key design issues to keep

in mind:

• Design the core layer as a high-speed, Layer3 (L3) switching environment utilizing only

hardware-accelerated services. Layer3 core designs are superior to Layer2 and other alternatives

because they provide:

– Faster convergence around a link or node failure.

– Increased scalability because neighbor relationships and meshing are reduced.

– More efficient bandwidth utilization.

Use redundant point-to-point L3 interconnections in the core (triangles, not squares) wherever

possible, because this design yields the fastest and most deterministic convergence results.

Avoid L2 loops and the complexity of L2 redundancy, such as Spanning Tree Protocol (STP)

and indirect failure detection for L3 building block peers.

Distribution Layer

The distribution layer aggregates nodes from the access layer, protecting the core from high-

density peering (Figure 2.5). Additionally, the distribution layer creates a fault boundary

providing a logical isolation point in the event of a failure originating in the access layer.

Typically deployed as a pair of L3 switches, the distribution layer uses L3 switching for its

connectivity to the core of the network and L2 services for its connectivity to the access layer.

Load balancing, Quality of Service (QoS), and ease of provisioning are key considerations for

the distribution layer.



16

Figure 2.5 Distribution Layer

High availability in the distribution layer is provided through dual equal-cost paths from the

distribution layer to the core and from the access layer to the distribution layer. This results in

fast, deterministic convergence in the event of a link or node failure. When redundant paths are

present, failover depends primarily on hardware link failure detection instead of timer-based

software failure detection. Convergence based on these functions, which are implemented in

hardware, is the most deterministic.

Access Layer

The access layer is the first point of entry into the network for edge devices, end stations, and IP

phones (Figure 2.6). The switches in the access layer are connected to two separate distribution

layer switches for redundancy. If the connection between the distribution layer switches is an L3

connection, then there are no loops and all uplinks actively forward traffic.



17

Figure 2.6 Access Layer

A robust access layer provides the following key features:

• High availability (HA) supported by many hardware and software attributes.

• Inline power (POE) for IP telephony and wireless access points, allowing customers to

converge voice onto their data network and providing roaming WLAN access for users.

• Foundation services.

The hardware and software attributes of the access layer that support high availability include the

following:

• System-level redundancy using redundant supervisor engines and redundant power

supplies. This provides high-availability for critical user groups.

• Default gateway redundancy using dual connections to redundant systems (distribution

layer switches) that use GLBP, HSRP, or VRRP. This provides fast failover from one

switch to the backup switch at the distribution layer.

• Operating system high-availability features, such as Link Aggregation (EtherChannel or

802.3ad), which provide higher effective bandwidth while reducing complexity.

• Prioritization of mission-critical network traffic using QoS. This provides traffic

classification and queuing as close to the ingress of the network as possible.



18

• Security services for additional security against unauthorized access to the network

through the use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP

Inspection, and IP Source Guard.

• Efficient network and bandwidth management using software features such as Internet

Group Membership Protocol (IGMP) snooping. IGMP snooping helps control multicast

packet flooding for multicast applications.

2.2.3 Security

The world is becoming more interconnected with the advent of the Internet and new networking

technology. There is a large amount of personal, commercial, military, and government

information on networking infrastructures worldwide. Network security is becoming of great

importance because of intellectual property that can be easily acquired through the internet.

Perimeter Security

A network /internetwork perimeter is a secure boundary of a network that may include some or

all of the firewalls, routers, ids, VPN, mechanisms, DMZ and screened subnets.DMZ is outside

the Firewall screened subnet is an isolated sub-network connected to a dedicated firewall

interface.

Cisco ASA Firewall

A firewall is a network system or group of systems that manages access between two or more

networks. Firewall operations are based on one of three technologies:

• Packet filtering- Limits information that is allowed into a network based on the

destination and source address

• Proxy server (Application layer)- Requests connections on behalf of a client

• Stateful packet filtering - Limits information that is allowed into a network based not

only on the destination and source addresses, but also on the contents of the state table.



19

Figure 2.7 A typical secured network

The higher the security level of an interface the higher the trust level of the network connected to

that interface and vice-versa. As a result the above figure assign a security level of 100 to an

inside interface of a given LAN and the 0 security level to the outside interface which is

connected to the Internet or to service provider.

Server Farm Security

Deploying multilayer defense mechanisms is the first action that should be considered to secure

server farms. To add aditional protection to each of the council’s server farm from internal and

external attacks Cisco ASA 5500 firewalls and IPS modules will be deployed. The Cisco ASA

5500 firewalls and IPS modules will be configured to filter and inspect traffics that flow to/ from

those critical application servers according to access policies set by the BDU.

ASA Firewall Placement

The ASA firewall will be placed between the core/distribution switches and the redundant server

farm switches to secure any traffic flow between the server farms and the LAN users.

Network Device Security (Device Hardening)

Physical security/controls help protect the data’s environment and prevent potential attackers

from readily having physical access to the data. Examples of physical controls are

– Security systems to monitor for intruders



20

– Physical security barriers (for example, locked doors) while entering to data centers and

accessing network devices.

– Climate protection systems, to maintain proper temperature and humidity, in addition to

alerting personnel in the event of fire

– Security personnel to guard the data

2.3 The Work Flow of Main Campus Data Center

In the figure 11, main campus data center is under System & Network administrator. The work flow of main campus data center is from the president to network Administrator it is hierarchical steps.

President

Executive Director

System & Network Administrator

Case Team

Network Administrator

Figure 2.8 The work flow of main campus data center



21

2.4 Work piece and work tasks I have been executing

Work tasks which I have been executing during my internship period is basic switch

configuration, VLAN, VTP, Trunking configuration and Microsoft window server 2008 DNS,

DHCP, IIS, FTP and active Directory.

VLAN configuration

The hierarchical topology segments the network into physical building blocks, simplifying

operation and increasing availability. Each layer within the hierarchical infrastructure has a

specific role. By default, switches break up collision domains and routers break up broadcast

domains. The supervisor said that by creating virtual local area network (VLAN) in the

distribution layer, switches break up broadcast domains in a pure switched internetwork. A

VLAN is a logical grouping of network users and resources connected to administratively

defined ports on a switch. He said that when you create VLANs, you’re given the ability to

create smaller broadcast domains within a layer 2 switched internetworks by assigning different

ports on the switch to service different sub networks. A VLAN is treated like its own subnet or

broadcast domain, meaning that frames broadcast onto the network are only switched between

the ports logically grouped within the same VLAN.

VLANs consists of two basic goals

1. Creating the VLAN and

2. Assigning the proper port to that VLAN

In actuality, I am very concerned with the work During the Configuring of VLANs .VLANs can

be created on a VTP server switch or they can be created on each individual switches but in the

BDU campus area network created all VLNs on VTP server switches which makes it more

manageable and scalable. I have chosen the distribution layer switches to operate on a VTP

server mode and I have made all the access switches to operate in VTP clients, Hence All the

VLANs configured in distribution switch will be propagated to all the respected access switches.

Note: By default, all VLANs are allowed on all trunks. You can explicitly control which VLANs

are allowed on a trunk by using the switchport trunk allowed vlan vlan-id command on the

interface at each end of the trunk. In addition, it can specify a native VLAN other than the



22

default VLAN 1, using the switchport trunk native vlan vlan-id command. These two

measures can help reduce the possibility of VLAN attacks.

The Fast Ethernet ports connected to the hosts on the network can be set up as static access

because they are not to be used as trunk ports. Use the switchport mode access command to set

the access mode

VTP

VTP stands for VLAN trunking protocol VTP is a Cisco proprietary Layer 2 messaging protocol

that manages the addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a

network-wide basis. Cisco's VLAN Trunk Protocol reduces administration loads in a switched

network. When a new VLAN is created on one VTP server, the VLAN is distributed through all

switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP

provides the following benefits:

• VLAN configuration consistency across the network

• Mapping scheme that allows a VLAN to be trunked over mixed media

• Accurate tracking and monitoring of VLANs

• Dynamic reporting of added VLANs across the network

• Plug-and-play configuration when adding new VLANs

A VTP domain, also called a VLAN management domain, consists of trunked switches that are

under the administrative responsibility of a switch or switches in server VTP mode. A switch can

be in only one VTP domain with the same VTP domain name. The default VTP mode for the

2960 and 3560 switches is server mode. VLAN information is not propagated until a domain

name is specified and trunks are set up between the devices.

http://en.wikipedia.org/wiki/Cisco�

http://en.wikipedia.org/wiki/Proprietary_protocol�

http://en.wikipedia.org/wiki/VLAN�



23

The following table describes the three VTP modes.

VTP Mode Description

VTP server

You can create, modify, and delete VLANs and specific other

configuration parameters, such as VTP version and VTP pruning, for the

entire VTP domain.VTP servers advertise their VLAN configuration to

other switches in the same VTP domain and synchronize their VLAN

configuration with other switches based on advertisements received over

trunk links.

VTP server is the default mode.

VTP client

VTP clients behave the same way as VTP servers, but you cannot create,

change, or delete VLANs on a VTP client.

VTP transparent

VTP transparent switches do not participate in VTP. A VTP transparent

switch does not advertise its VLAN configuration nor synchronize its

VLAN configuration based on received advertisements. Transparent

switches do forward VTP advertisements that they receive out their trunk

ports in VTP Version 2.

Table 2.2 .Description of VTP mode

Trunk

Trunking is a process of connecting switches together so that they can send VLAN information

between each other. A trunk port is a point to point connection between switches, a switch and a

router, or even a switch and a server, and it carries the traffic of multiple VLANS.



24

Configuration of trunk involves identifying trunk ports and selecting the encapsulation type.

Identifying the trunk ports is a useful task in such a way that it eases VLAN configuration and

administration.

He remained that, all the uplink ports connecting access switches to distribution switches,

distribution switches to core switches, edge switches to core switches and DMZ switches to core

switches are set to be trunk ports.

Ports on the 2960 and 3560 switches are set to dynamic auto by default. This means that they are

willing to negotiate a trunk with the neighbor; however, if both sides are set to dynamic auto, the

link will remain in access mode. This can be done by configuring one end of the trunk using the

switchport mode trunk command. On the 3560 switches, I also need to configure the trunk

encapsulation with the switchport trunk encapsulation command. The 3560 switch can use

either Inter-Switch Link (ISL) or 802.1Q encapsulation, whereas the 2960 switch only supports

802.1Q.

DHCP

I spend some more time working on Dynamic host configuration protocol DHCP is defined in

RFC 2131 and is built around a client/server model—hosts requesting IP addresses use a DHCP

client, whereas address assignment is handled by a DHCP server.

Hosts can be manually configured to use a static IP address, subnet mask, default gateway

address, and so on. That might be appropriate for some devices, such as servers, which would

need stable and reserved addresses. For the majority of end user devices, static address

assignment can become a huge administrative chore. Because DHCP is a dynamic mechanism,

IP addresses are offered on a leased basis. Before the offered lease time expires, the client must

try to renew its address; otherwise, that address may be offered up to a different client.

DHCP Design Considerations

• DHCP servers which in BDU are the distribution switches. The distribution switches are

configured as a DHCP server because DHCP is designed to work within a broadcast

domain. They offer the client devices in the BDU network IP address, subnet mask, and

default gateway address from the respective



25

• DHCP excluded addresses within the IP subnet that should be reserved and not offered to

clients

• DHCP pool uses a text string pool-name to define the pool or scope of addresses that will

be offered. The network command identifies the IP subnet and subnet mask of the

address range. The subnet should be identical to the one configured on the Layer 3

interface.

• The DHCP leas time ………..

• The DNS name of the university is

• The IP address for the DNS server is

Network Address Translation

Furthermore, another lesson I have learned during my internship period at Main Campus

Datacenter is that the internet is expanding at an exponential rate. As the amount of information

and resources increases, it is becoming a requirement for even the smallest businesses and homes

to connect to the Internet. Network Address Translation (NAT) is a method of connecting

multiple computers to the internet (or any other IP network) using one IP address. This allows

home users and small businesses to connect their network to the Internet cheaply and efficiently.

The impetus towards increasing use of NAT comes from a number of factors:

A world shortage of IP addresses

Security needs

Ease and flexibility of network administration

The rest of the internship period was spend working on Microsoft server 2008 configuration like

DNS, DHCP, IIS, Active directory and FTP server with my supervisor. In fact, it was a very

important experience to me because it expanded my practical knowledge and helped me to

develop new practical skills and abilities.

Microsoft Window Server 2008 Active Directory Domain Services

Active Directory domain services are used primarily to manage Users and Resource management

across Enterprise infrastructures spanning the physical subnets across the globe. Active Directory

domain provides distributed database to store and manage application data, user data and

computer data respectively.



26

Active directory structure comprises of Single forest, with multiple domains and child domains.

Administrator can configure active directory domain based on the physical subnets, it is

advisable to install directory server on the physical site.

Active directory provides different security boundaries in the form of

a) Forest

b) Domain

c) Organizational Units

AD plays two basic functions within a network: that of a directory service containing a

hierarchical listing of all the objects within the network, and that of an authentication and

security service that controls and provides access to network resources. These two roles are

different in nature and focus, but they combine together to provide increased user capabilities

while decreasing administrative overhead.

The Active Directory itself is defined by a schema that indicates how each object is represented

within the data store. For example, a user object has, among other things, a first name, last name,

logon name, e-mail address, and password. If you’re familiar with databases, you should already

be familiar with the term schema since a database schema refers to the structure of the database

in the same way the Active Directory schema defines the Active Directory’s structure.

Domain Name System (DNS) is a system for naming computers and network services that maps

those names to network addresses and organizes them into a hierarchy of domains. DNS naming

is used on TCP/IP networks, such as the Internet and most corporate networks, to locate

computers and services by using user-friendly names. When a user enters the DNS name of a

computer in an application, DNS can look up the name and provide other information that is

associated with the computer, such as its IP address or services that it provides for the network.

This process is called name resolution.

Name systems, such as DNS, make it easier to use network resources by providing users with a

way to refer to a computer or service by a name that is easy to remember. DNS looks up that

name and provides the numeric address that operating systems and applications require to

identify the computer on a network.



27

2.5 Procedures I have been following while performing my tasks

Procedures I have been using during my internship period in BDU, main campus data center

performing my tasks are:-

1. Analyze each network hardware equipments in data center

2. Identified the three layer Campus hierarchical network model

3. Analyze Cisco switch command

4. Configuration of distribution layer switch

5. Configuration of access layer switch

In the first month of my internship program, it was all about study technical details regarding the

application of each network hardware infrastructure in the data center as well as identified the

Identified the three layers Campus hierarchical network model. While the procedures which

carried out during the second month is from analyzing Cisco switch command to the study of

VLAN, VTP, Trunk and configuration of distribution and access layer switch.

2.6 How good I have been in performing my tasks

During my internship program I work my tasks in enthusiasm, as well as my supervisor is such a

sincere man when I ask a question he answered courteously. All in all I did my task effectively

and efficiently, and I was punctual when I performed my tasks.

2.7 Challenges I have faced while performing my tasks

I can truly say that during my internship with main campus data center that I was challenged, and

through all those challenges I grew as a person as well as a student. Not only was the work that I

was doing beneficial to get knowledge, but it also made me have to work hard to get it right

knowledge. I learned how to configured distribution layer and access layer switch is new for me,

how to multi-task and manage my time.



28

3. The Overall Benefits I gained From the Internship

One thing I have learned in a long life: that all our science, measured against

reality, is primitive and childlike—and yet is the most precious thing we have.

—ALBERT EINSTEIN

Introduction

Internship is the beginning of the road that will take me to the point I want to be at after my

graduation. Internship is a practice I need to perform, because it prepares me for the business life

that I aim at.

3.1 Practical Skill

The Internship will have the opportunity to connect classroom theory with current industry

challenges, and have exposure to the latest technologies. Opportunities to converse and interact

with a large pool of talented experienced department members will provide a deeper insight to

the overall operation, as well as provide a valuable pool of resources to assist in completion of

internship program. This internship program was exactly what I needed to nurture the lack of

practical skills I had. I would acquire practical experience to complement the theoretical content

of my studies.

3.2 Theoretical Knowledge

During my internship period in the main campus datacenter, upgrade my theoretical knowledge,

when I have been learned the course of Data Communication and Computer Networks in the

classroom. What looks like campus enterprise network which the three Cisco hierarchy layers,

the configuration of distribution and access switch and Microsoft window server 2008 DNS ,

DHCP ,IIS ,FTP and Active directory domain service.



29

3.3 Interpersonal Communication Skills

During my internship period the Interpersonal skills, which are the life skills I use every day to

communicate and interact with other people, individually and in groups are good for me.

Not only how I communicate with others, but also I got confidence and my ability to listen and

understand. Problem solving, decision making and personal stress management are also

considered interpersonal skills. Through this internship, I found that I matured and I gained many

new perspectives, such as problem solving skill, diversity, effective communication, teamwork

and service recovery, attention to detail, time management, personal empowerment, self-

confidence, responsibility and cultural sensitivity.

My supervisor was so kind to answer with patience and teach me much that made this internship

so enjoyable. I had gotten a wonderful internship that spent such a happy moment with all of

them. Though, still have so much to learn, I think this challenge was what should include in my

career. This helped much on my future planning

3.4 Team Playing Skills

In the section of the company I had been working, most of the time I had work with my

supervisor though gained in terms of improving my team playing skill during my internship

period in main campus ICT development office, data center is most valuable .

3.5 Leadership Skills

Leadership skills are the tool, behaviors, and capabilities that a person needs in order to be

successful at motivating and directing others. Yet true leadership skills involve something more;

the ability to help people grow in their own abilities. It can be said that the most successful

leaders are those that drive other to active their own success. I gained leadership skills from my

supervisor during the internship period which include managing time, motivating individuals,

giving feedback and building teams



30

3.6 Work Ethics Related Issue

An internship is an opportunity to learn the skills and behaviors along with the work values that

are required for success in the workplace. Workplace ethics are established codes of conduct that

reflect the values of the organization or company where you are employed. I have seen possess a

willingness to work hard from my supervisor during my internship period. In addition to working

hard it is also important to work smart. This means I acquired the most efficient way to complete

tasks and finding ways to save time while completing daily assignments. It’s also important to

care about my job and complete all projects while maintaining a positive attitude.

3.7 Entrepreneurship Skills

“Entrepreneurship is the ability to “create and build something from practically nothing. It is

initiating, doing, achieving and building an enterprise or organization, rather than just watching,

analyzing or describing one. It is the knack of sensing an opportunity where others see chaos,

contradiction and confusion. It is the ability to build a founding team to complement your own

skills and talents. It is the know-how to find, marshal and control resources and to make sure

you don’t run out of money when you need it most. Finally, it is the willingness to take

calculated risks, both personal and financial, and then to do everything possible to get the odds in

your favour.” 1

An entrepreneurship education program consists of wide-ranging subjects, and in every

entrepreneurship education program, learning something at outside classroom like internship in a

company plays an important role, as well as normal lectures in classroom. Of course, in this

respect, the good relationship between educational institutions and business society is very

important for the purpose of implementing an internship program as a part of curriculum.

Interns gain firsthand understanding of entrepreneurship along with enhanced technical,

professional, and communication skills.

In this internship I have gained self confidence, information seeking, problem seeking and sees

and acts on opportunities of business in networking. Though helping me to clarify my vision and

decided whether or not to forge ahead with the idea.

1 Jeffrey Timmons, Professor of Entrepreneurship, Babson College, 1989



31

4. Conclusion and Recommendations

4.1. Conclusion

After going through the whole period of internship as an intern I’ve observed so many

professional activities and learnt as well. This internship was very fruitful to me because I had to

cover many different fields. I also learnt new concepts and new ways of working.

During this internship period I acquired practical experience to complement the theoretical

content of my study for campus Cisco three-layer hierarchical model tasks and detailed

configuration of each layers, wireless local area network (WLAN) and network security of main

campus data center.

To conclude, I think that this internship was very beneficial to me as I learnt a lot, and it made

me discover work's in a real world.



32

4.2. Recommendations

The Data Center is the hub of the University’s computing resources, which are shared by the

academic, research, and administrative communities. These facilities provide a secure,

enterprise-wide, reliable, and redundant infrastructure for the delivery of mission-critical

University systems. As per earns observation some suggestion for the improvement of the

situation are given below:

• Access floors: One of the key predesigned considerations that affect almost every aspect

of success within a data center environment is the access floor, or “raised floor” as it is

often referred to. This infrastructure is every bit as important to cooling, equipment

support, grounding, and electrical and communications connectivity as the building

structure supporting it. Main campus data center uses class room building, the building

should be maintained in standard data center designed way. Optimizes airflow and heat

dissipation allowing the computing equipment to run more efficiently, so the data center

should be installed raised floor in standard way.

• Cable Management: All data cabling should be under the floor, both ends of the cable

should be labeled and tagged for proper identification.

• The data center hardware identification should be with the appropriate, fully qualified

server names, and all equipments within the cabinets. If implement in this way the

hardware is easily identifiable.

• The data center should be protected in building grounding and lightning protection

system.

• ICT Development Office must configure FTP protocol for the retrieve of files based on

FTP protocol.

• I strongly recommend that the university should use licensed antivirus.

• Training program should be started for both academic and administrator staff.



33

5. References

1. Sean Odom, Hanson Nottingham, Cisco Switching Black Book, The Coriolis Group,

2001

2. Todd Lammel, CCNA Cisco Certified Network Associate Study Guide 6th edition, Wiley

publishing, Inc.2007.

3. Bahir Dar University Network Infrastructure Low Level Design (LLD) document, INSA,

2011. 4. The five years strategic plan (2011-2016) of Bahir Dar University፡ devised with

balanced score card (BSC), 2011.

http://www.bdu.edu.et/attachments/article/54/Finalized%20Strategic%20Plan.pdf

5. Campus Network for High Availability Design Guide, Cisco Systems, Inc., 2008.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_recovery_DG/camp

usRecovery.html

6. ICT Development Office ,http://www.bdu.edu.et/index.php/services/ict/65-

administration/ict-office/135

7. Cisco Aironet 1250 Series Access Point, http://www.hardware.com/store/cisco/AIR-LAP1252AG-E-K9

8. Cisco Networking Academy, CCNA SWITCH Lab Manual Cisco Press, 2011

http://www.bdu.edu.et/index.php/services/ict/65-administration/ict-office/135�

http://www.bdu.edu.et/index.php/services/ict/65-administration/ict-office/135�

http://www.hardware.com/store/cisco/AIR-LAP1252AG-E-K9�

http://www.hardware.com/store/cisco/AIR-LAP1252AG-E-K9�



34

6. Appendix

6.1 Basic Cisco Catalyst Switch Configuration Command

A .Distribution Switch Configuration

Switch>enable

Switch#config t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname DLS

DLS (config)#enable password cisco

DLS (config)#enable secret Cisco

DLS (config)#service password-encryption

DLS (config)#line con

DLS (config)#line console 0

DLS (config-line)#password cisco

DLS (config-line)#login

DLS (config-line)#exit

DLS (config)#line vty 0 4

DLS (config-line)#password cisco

DLS (config-line)#login

DLS (config-line)#exit

DLS (config)#banner motd #******************************

ELCTRICAL&COMPUTER ENGINEERING DEPARTMENT

DISTRUBUTIONSWITCH

*************************************************************#

DLS (config)#vlan 10

DLS (config-vlan)#name electronicslab

DLS (config-vlan)#vlan 20

DLS (config-vlan)#name controllab

DLS (config)#interface fastEthernet 0/23

DLS (config-if)#switchport trunk encapsulation dot1q



35

DLS (config-if)#switchport mode trunk

DLS (config)#vtp domain SWLAB

DLS (config)#vtp version 2

DLS (config)#vtp mode server

DLS(config)# interface vlan 1

DLS(config-if)# ip address 10.1.1.101 255.255.255.0

DLS (config)#ip dhcp pool Mother

DLS (dhcp-config)#network 10.133.0.0 255.255.255.0

DLS (dhcp-config)#default-router 10.133.1.254

DLS (dhcp-config)#ip dhcp pool vlan10



DLS (dhcp-config)#lease 5

DLS (dhcp-config)#ip dhcp pool vlan20



DLS (dhcp-config)#lease 5



36

B. Access Switch Configuration

Switch>enable

Switch#config t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname ASL

ASL(config)#enable password cisco

ASL(config)#enable secret Cisco

ASL(config)#service password-encryption

ASL(config)#line con

ASL(config)#line console 0

ASL(config-line)#password cisco

ASL(config-line)#login

ASL(config-line)#exit

ASL(config)#line vty 0 4

ASL(config-line)#password cisco

ASL(config-line)#login

ASL(config-line)#exit

ASL(config)#banner motd #******************************

ELCTRICAL&COMPUTER ENGINEERING DEPARTMENT ACCESS SWITCH***#

ASL(config)#interface ranage fastEthernet 0/1-12

ASL(config-if)#switchport access vlan 10

ASL(config-if)#switchport mode access

ASL(config)#interface ranage fastEthernet 0/13-23

ASL(config-if)#switchport access vlan 20

ASL(config-if)#switchport mode access

ASL(config)#interface fastEthernet 0/24

ASL(config-if)#switchport trunk encapsulation dot1q

ASL(config-if)#switchport mode trunk

ASL(config)#vtp domain SWLAB

ASL(config)#vtp version 2

ASL(config)#vtp mode clinet

Final Internship Report.pdf

Documents

Transcript of Final Internship Report.pdf