1.

Smart Office Network Simulation

2. Campus Network Infrastructure Design
3. E-commerce Data Center Simulation
4. Multi-Branch Network with Centralized Services
5. ISP-Style Residential Network Setup
6. Secure Research Lab Infrastructure
7. Enterprise IT Department Network
8. University Lab Simulation
9. Small Business Network with Centralized Management
10. Simulated Hosting Provider Infrastructure

Project 1: Smart Office Network Simulation

Objective:
Design and configure a secure smart office network with isolated
departments, central services, and wireless access. This project simulates a
real-world organizational structure where internal resources must be
segmented and protected. Different routers within the network may operate
using distinct routing protocols (e.g., RIP, OSPF) to simulate a heterogeneous
routing environment.
Theoretical Concepts:
 VLANs for traffic isolation
 Subnetting for structured IP management
 802.1X for LAN authentication
 Port security and MAC filtering for endpoint control
 NAT for secure outbound communication
 Stateful firewall with ACLs for service protection
 WPA2 encryption for wireless integrity
Practical Setup:
Bloc
Description Devices
k
A Admin Dept (802.1X-secured) 3 PCs
B HR Dept (VLAN 20, Port Security) 3 PCs
R&D Dept (VLAN 30, MAC
C 3 PCs
Filtering)
Server Room (DNS, Web, Mail, 3
D
Firewall) Servers
2
E Wi-Fi Zone (WPA2-Secured)
Laptops
Total Devices: 9 PCs, 2 Laptops, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Sectio
Protocol Applied
n
802.1X
Admin
Authentication
HR Port Security
MAC Address
R&D
Filtering
Server Stateful Firewall +
s ACLs
Wi-Fi WPA2 with AES
Expected Outcomes:
 Secure wired and wireless connectivity
 Proper VLAN-based communication restriction
 Validated authentication for internal devices

Project 2: Campus Network Infrastructure Design

Objective:
Design a layered, multi-floor university building network. It must
accommodate department-wise VLANs, centralized data services, and secure
wireless access for students and staff. The routing configuration includes
different protocols at different router levels (e.g., OSPF on core router, RIP at
edge), demonstrating inter-protocol communication.
Theoretical Concepts:
 Multi-floor hierarchical network design
 Subnetting for efficient address distribution
 OSPF and RIP for dynamic inter-VLAN routing
 RADIUS for enterprise-grade wireless authentication
 Zone-Based Firewall (ZBF) for service protection
Practical Setup:
Bloc
Description Devices
k
Ground Floor (Static Port
A 5 PCs
Binding)
IT Dept (802.1X, VLAN
B 5 PCs
Trunking)
C Student Labs (MAC Filtering) 10 PCs
 3
D Data Center (ZBF Protected)
Servers
Library Wi-Fi (WPA2 + 3
E
RADIUS) Laptops
Total Devices: 20 PCs, 3 Laptops, 3 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
Admin
Static Port Binding
Floor
IT Dept 802.1X + VLAN Isolation
MAC Filtering + DHCP
Students
Snooping
Data
Zone-Based Firewall
Center
Wi-Fi WPA2 with RADIUS
Expected Outcomes:
 Floor-level VLANs with role-based access
 Dynamic routing for inter-VLAN communication
 Wireless access restricted to registered devices

Project 3: E-commerce Data Center Simulation

Objective:
Simulate a scalable e-commerce backend with secure departmental
operations and server protection.
Theoretical Concepts:
 VLANs for operational separation
 NAT/PAT for internal/external communication
 ACLs for user-based access control
 IDS/IPS for intrusion prevention
 WPA2-Enterprise for wireless security
Practical Setup:
Bloc
Description Devices
k
A Web Team (ARP Inspection) 3 PCs
B Admin Team (VLAN ACLs) 2 PCs
Support (DHCP Snooping + IP
C 3 PCs, 2 Laptops
Guard)
D Data Center (Firewall + IDS) DNS, Web, Mail
 Servers
E Wi-Fi Zone (WPA2-Enterprise) 2 Laptops
Total Devices: 8 PCs, 4 Laptops, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Sectio
Protocol Applied
n
Dynamic ARP
Web
Inspection
VLAN Access Control
Admin
Lists
Suppor DHCP Snooping + IP
t Guard
Server
IDS-integrated Firewall
s
Wi-Fi WPA2-Enterprise
Expected Outcomes:
 Operational isolation for web, admin, and support
 Secure server access with intrusion detection
 Role-based access and communication policies

Project 4: Multi-Branch Network with Centralized Services

Objective:
Connect multiple geographically distributed branches (e.g., Lahore,
Islamabad, Karachi) to a central headquarters using secure routing and
centralized IT services. Different routing protocols are employed between HQ
and each branch (e.g., RIP between Lahore and HQ, OSPF between Karachi
and HQ), demonstrating protocol compatibility.
Theoretical Concepts:
 RIP and OSPF for WAN routing
 VLAN segmentation per branch
 Static DHCP and MAC binding
 Centralized application firewall
 WPA2-PSK for site Wi-Fi
Practical Setup:
Bloc
Description Devices
k
A Lahore Branch (Private VLAN) 5 PCs
B Islamabad Branch (MAC 5 PCs
 Binding)
C Karachi Branch (VLAN ACLs) 5 PCs
HQ Data Center (Firewall + 3
D
Servers) Servers
3
E Wi-Fi Zone (WPA2 PSK)
Laptops
Total Devices: 15 PCs, 3 Laptops, 3 Switches, 3 Routers, 1 Wireless Router,
3 Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
Private VLAN + Port
Lahore
Security
Islamaba MAC Binding + Static
d DHCP
Karachi VLAN ACLs
HQ Application Layer Firewall
Servers (L7)
Wi-Fi WPA2 Pre-Shared Key
Expected Outcomes:
 Independent branch traffic via isolated VLANs
 Secure branch-to-HQ data access via RIP/OSPF
 HQ server zone protected by advanced firewall filtering
 Secure Wi-Fi access for mobile employees only
Project 5: ISP-Style Residential Network Setup
Objective:
Simulate a real-world ISP architecture serving residential users, providing
secure, isolated access to the internet. Routers in this network employ a mix
of protocols—static routes at the client edge, dynamic routing at the core
(e.g., BGP or OSPF).
Theoretical Concepts:
 VLANs for individual customers
 Static and BGP routing
 NAT and port translation
 IPsec VPN tunnels for monitoring
 MAC filtering + WPA2 for support devices
Practical Setup:
Bloc
Description Devices
k
A–F Customer VLANs (Isolated 12 PCs
 Homes)
ISP Core (Firewall + VPN 2 Servers, 1
G
Router) Router
H Support Staff (WPA2 + ACL) 2 Laptops
Total Devices: 12 PCs, 2 Laptops, 1 Switch, 1 Router, 1 Wireless Router, 2
Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
Customer
VLAN Isolation
s
Firewall + IPsec
ISP Core
Tunneling
WPA2 + MAC
Support
Whitelisting
Expected Outcomes:
 Clients cannot access each other’s networks
 ISP maintains centralized service control
 Remote support teams can only access specific blocks

Project 6: Secure Research Lab Infrastructure
Objective:
Build a secure, segmented research network ensuring strict access control
for researchers, students, and administrators. Research zones may use RIP,
while the admin zone router operates with OSPF, showcasing multi-protocol
coexistence.
Theoretical Concepts:
 VLAN segmentation and rate limiting
 MAC binding and SSH access control
 Firewall-based DMZ for server protection
 WPA2-AES for wireless protection
Practical Setup:
Bloc
Description Devices
k
Researchers (IP-MAC
A 5 PCs
Binding)
Students (Rate Limiting
B 5 PCs
VLAN)
C Admin (SSH Access Only) 2 PCs
D Server Room (DMZ 3
 Firewall) Servers
Wi-Fi Zone (AES 2
E
Encryption) Laptops
Total Devices: 12 PCs, 2 Laptops, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
Researche
IP-MAC Binding
rs
VLAN + Rate
Students
Limiting
Admin SSH-Only Login
Servers DMZ + Firewall
Wi-Fi WPA2 with AES
Expected Outcomes:
 Students cannot access researcher data
 Admin tasks require secure login
 Wi-Fi access is strictly authenticated

Project 7: Enterprise IT Department Network

Objective:
Design a corporate-grade IT network supporting Helpdesk, Developers,
Admin, and Servers with strict monitoring and control. Multiple routing
protocols (e.g., OSPF and static) are configured across different router roles
to mimic enterprise-grade setups.
Theoretical Concepts:
 VLAN design per IT function
 ACLs on routed interfaces
 Host-based and edge firewalls
 DHCP snooping for endpoint validation
 WPA2-Enterprise for secure mobile access
Practical Setup:
Bloc
Description Devices
k
Helpdesk (DHCP Snooping +
A 4 PCs
Ports)
Developers (ACL-protected
B 5 PCs
VLAN)
C Admin (802.1X Authentication) 2 PCs
 Server Room (Syslog + Host 3
D
Firewall) Servers
2
E Wi-Fi Zone (WPA2-Enterprise)
Laptops
Total Devices: 11 PCs, 2 Laptops, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
DHCP Snooping + Port
Helpdesk
Security
Develope
ACLs + VLAN Isolation
rs
Admin 802.1X Authentication
Host Firewall + Syslog
Servers
Logging
Wi-Fi WPA2-Enterprise
Expected Outcomes:
 Network enforcement of department policies
 Secure and isolated development/test areas
 Centralized monitoring and logging of access

Project 8: University Lab Simulation
Objective:
Simulate a full academic infrastructure across Networking Lab, AI Lab, and
Admin with secure student-access networks. The core router may run OSPF
while lab zones operate with RIP or static routing for teaching purposes.
Theoretical Concepts:
 VLANs and MAC filters for lab isolation
 Time-restricted access control
 Firewall ACLs for service usage
 WPA2 hidden SSID Wi-Fi configuration
Practical Setup:
Bloc
Description Devices
k
Networking Lab (VLAN + Port
A 5 PCs
Security)
5 PCs, 2
B AI Lab (Static IP + MAC Filtering)
Laptops
C Admin (SSH Access Control) 2 PCs
D Server Room (Time ACLs) 3 Servers
E Wi-Fi Zone (Hidden SSID WPA2) 2 Laptops
Total Devices: 12 PCs, 4 Laptops, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
Networkin
VLAN + Port Security
g
MAC Filtering + Static
AI Lab
IP
Admin SSH Restriction
Time-based Access
Servers
Control
Wi-Fi WPA2 + Hidden SSID
Expected Outcomes:
 Hands-on training for lab-specific routing setups
 Security through segmentation and limited access windows
 Secure Wi-Fi only accessible to authenticated clients

Project 9: Small Business Network with Centralized Management
Objective:
Build a secure network for a retail business involving Sales, Inventory, and
Finance with centralized service control. This network includes branch
routers using RIP, while the central office uses static or OSPF routing.
Theoretical Concepts:
 VLAN-based departmental segmentation
 VPN tunnel for sensitive finance traffic
 ACL-controlled access to shared servers
 Client isolation in Wi-Fi
Practical Setup:
Bloc
Description Devices
k
A Sales (Port Security + DHCP) 4 PCs
Inventory (VLAN + MAC
B 3 PCs
Filtering)
C Finance (VPN to Servers) 3 PCs
Server Room (App Whitelist + 3
D
ACLs) Servers
E Wi-Fi (Client Isolated WPA2) 2
 Tablets
Total Devices: 10 PCs, 2 Tablets, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Section Protocol Applied
DHCP Snooping + Port
Sales
Security
Invento MAC Filtering + VLAN
ry Isolation
Finance VPN Tunnel
ACLs + Whitelisted
Servers
Services
Wi-Fi WPA2 + Client Isolation
Expected Outcomes:
 Finance is shielded from rest of network
 Guest users have no access to business resources
 Inventory data is isolated from sales operations

Project 10: Simulated Hosting Provider Infrastructure

Objective:
Deploy a secure network for a web-hosting company offering DNS, mail, and
web services to multiple clients. Different routers handling client access and
core infrastructure run mixed protocols (e.g., EIGRP, static, or BGP), enabling
advanced routing demonstrations.
Theoretical Concepts:
 Private VLANs for multi-tenancy
 IDS/IPS + firewall integration
 Dynamic and static mixed routing
 Enterprise wireless configuration for IT staff
Practical Setup:
Bloc
Description Devices
k
A Client A (Private VLAN + ACLs) 2 PCs
Client B (MAC Binding + DHCP
B 2 PCs
Guard)
2
C Support Staff (Enterprise Wi-Fi)
Laptops
3
D Hosting Servers (Firewall + IDS)
Servers
Total Devices: 4 PCs, 2 Laptops, 2 Switches, 1 Router, 1 Wireless Router, 3
Servers, 1 ISP
Security Protocol Summary:
Sectio
Protocol Applied
n
Client
VLAN + ACLs
A
Client IP-MAC Binding + DHCP
B Guard
Suppor
WPA2-Enterprise
t
Server
IDS/IPS + L7 Firewall
s
Expected Outcomes:
 Each client accesses only their assigned service
 IDS detects service abuse or injection attempts
 Enterprise-grade wireless ensures only authorized IT staff connect