Flair Group of Companies - Enterprise Network Infrastructure

A comprehensive enterprise network design and implementation project for a multi-floor organization with remote branch connectivity, demonstrating advanced networking concepts including VLANs, OSPF routing, IPSec VPN, and network security.

Project Status: Completed | Date: December 17, 2025

---

📋 Table of Contents

• Project Overview
• Key Features
• Network Architecture
• Technical Specifications
• Implementation Details
• Getting Started
• Project Structure
• Key Achievements
• Authors
• License

---

🎯 Project Overview

This project presents a professional-grade enterprise network infrastructure solution for Flair Group of Companies, a growing software firm based in Islamabad. The design addresses critical limitations in their legacy flat network by implementing a hierarchical, scalable, and secure network architecture.

Problem Statement

The organization faced:

• Security vulnerabilities in unmanaged flat networks
• IP address conflicts and wastage
• Performance bottlenecks across departments
• Lack of centralized management and monitoring

Solution

A modern hierarchical network design supporting ~120 users across multiple departments with:

• Multi-floor LAN segmentation using VLANs
• WAN connectivity via IPSec VPN
• Dynamic routing with OSPF
• Multi-layered security architecture
• Centralized services (DHCP, DNS, FTP, Syslog)

---

⭐ Key Features

Network Design

• Hierarchical Architecture - Core, Distribution, and Access layers following Cisco best practices
• VLAN Segmentation - 8 department-specific VLANs (HR, Finance, DevOps, IT Support, etc.)
• Router-on-a-Stick Configuration - Inter-VLAN routing with 802.1Q trunking
• VLSM IP Addressing - Efficient address allocation with Class B/C blocks and /30 point-to-point links

Routing & Connectivity

• OSPF Protocol - Dynamic routing with fast convergence in Area 0
• IPSec VPN - Site-to-Site encryption between Islamabad HQ and Karachi Branch
• ISP Backbone Simulation - Realistic 3-router mesh topology
• NAT/PAT Configuration - Secure internet access with VPN exemption rules

Security

• Access Control Lists (ACLs) - Department-level traffic segmentation
• Port Security - Unauthorized access prevention
• IDS/IPS Simulation - Intrusion detection with packet logging
• Network Address Translation - Internal IP protection

Services & Management

• DHCP - Automated IP configuration across VLANs
• DNS - Domain resolution for corporate intranet
• Web Hosting - Corporate intranet (www.flairgroup.com)
• FTP Service - Secure file transfers between branches
• Syslog Integration - Centralized logging and security alerts

Innovation

• IoT Smart Office - Remote control of environmental devices (lights, ceiling fans, door locks)
• Home Gateway Controller - Wireless IoT device management
• IoT Monitor Application - Real-time device control interface

---

🏗️ Network Architecture

Topology Overview

┌─────────────────────────────────────────────────────────────┐
│                      ISP BACKBONE (Public)                  │
│              ISP_Router_1 ── ISP_Router_2 ──────             │
│                    │              │                          │
│                    └──ISP_Router_3─┘                         │
└────────────────────────┬──────────────────┬──────────────────┘
                         │                  │
                    ┌────▼─────┐      ┌────▼──────┐
                    │Islamabad  │      │  Karachi  │
                    │   HQ      │      │  Branch   │
                    │(OSPF Area 0)    (OSPF Area 0)
                    └────┬─────┘      └────┬──────┘
                         │                  │
        ┌────────────────┼──────────────┐   │
        │                │              │   │
    ┌───▼───┐        ┌───▼───┐    ┌───▼───┐ ┌──────────────┐
    │ Floor  │        │ Floor │    │ Floor │ │Branch Switch │
    │   1    │        │   2   │    │   3   │ │   + IoT      │
    │ (HR,   │        │(Dev,  │    │(IT,   │ │   Gateway    │
    │Finance)│        │ Test) │    │Server)│ └──────────────┘
    └────────┘        └───────┘    └───────┘

Site Architecture

Islamabad Headquarters (3 Floors):

• Floor 1: HR, Finance, Front Office (VLAN 10-30)
• Floor 2: Software Development, Testing, R&D (VLAN 40-60)
• Floor 3: IT Support, Data Management, Server Farm (VLAN 70-80)

Karachi Branch:

• Local LAN (172.16.10.0/24)
• IoT Smart Office Infrastructure
• VPN Connection to HQ

---

📊 Technical Specifications

IP Addressing Scheme

Location	Block	Type	Details
Headquarters	192.168.0.0/16	Private Class C	8 x /24 VLANs (254 hosts each)
Branch Office	172.16.0.0/16	Private Class B	172.16.10.0/24 LAN
WAN Links	10.1.1.0/24	Private Class A	/30 subnets (2 usable IPs each)
ISP Backbone	11.0.0.0 - 12.0.0.0	Public Simulation	3 routers mesh

VLAN Configuration

VLAN ID	Department	Subnet	Gateway	Floor
10	Front Office	192.168.1.0/24	192.168.1.1	1
20	HR	192.168.2.0/24	192.168.2.1	1
30	Finance	192.168.3.0/24	192.168.3.1	1
40	Software Dev	192.168.4.0/24	192.168.4.1	2
50	Software Testing	192.168.5.0/24	192.168.5.1	2
60	R&D	192.168.6.0/24	192.168.6.1	2
70	IT Support	192.168.7.0/24	192.168.7.1	3
80	Data Management	192.168.8.0/24	192.168.8.1	3

Hardware Specification

Device	Model	Quantity	Role
Distribution Router	Cisco 2911 ISR	4	OSPF, Inter-VLAN routing, VPN termination
Access Switch	Cisco 2960	4	Layer 2 connectivity, VLAN trunking, Port Security
Web/DNS Server	Dedicated	1	Corporate intranet, domain resolution
Syslog Server	Dedicated	1	Centralized logging
FTP Server	Integrated	1	Secure file transfer
IoT Gateway	Cisco Home Gateway	1	Wireless device controller

Routing Protocol

• Protocol: OSPF (Open Shortest Path First)
• Area: Area 0 (Backbone)
• Process ID: 1
• Advertisements: LAN subnets + WAN serial links
• Convergence: Fast failover with automatic route recalculation

VPN Configuration

Parameter	Value
Type	Site-to-Site IPSec
Phase 1 (ISAKMP)	AES encryption, SHA hashing, Pre-Shared Keys
Phase 2 (IPSec)	Transform Set: esp-aes esp-sha-hmac
Interesting Traffic	192.168.0.0/16 ↔ 172.16.0.0/16
Encryption	End-to-End encrypted tunneling
NAT Exemption	VPN traffic excluded from translation

---

🔧 Implementation Details

1. VLAN & Inter-VLAN Routing

• Configuration: Router-on-a-Stick with 802.1Q trunking
• Sub-interfaces: Fa0/0.10 through Fa0/0.80 for each VLAN
• Routing: Layer 3 switching enables department isolation and controlled traffic flow

2. DHCP Service

• Configuration: DHCP pools on Distribution Routers (Floor 1, 2, 3)
• Excluded Addresses: .1 to .10 (router, servers), .50 (printers)
• Pools: Separate pools per VLAN (Pool_HR, Pool_Dev, etc.)

3. Security Implementation

• ACLs: Extended ACLs on VLAN sub-interfaces for departmental policies
• Printer Security: Bouncer rules restrict printer access by department
• IPS Simulation: Malicious traffic detection and blocking with packet counters
• Firewall: Port Address Translation (PAT) protects internal addressing

4. Network Services

• DNS: Maps www.flairgroup.com → 192.168.7.10 (Web Server)
• Web Server: Custom HTML intranet for employee announcements
• FTP Server: Authenticated file transfer (admin user) with full permissions
• Syslog: Real-time security alert collection from Core Router

5. WAN Connectivity

• ISP Backbone: 3-router mesh with Serial connections (realistic public internet)
• VPN Tunnel: AES-encrypted communication over public backbone
• NAT Rules: Split tunneling to allow concurrent internet access and VPN usage

6. IoT Integration

• Home Gateway: Central wireless controller for smart devices
• Devices: Ceiling Fan, Smart Light, Door Lock (remote control)
• Management: IoT Monitor Application for real-time control
• Isolation: Dedicated wireless segment separated from corporate traffic

---

🚀 Getting Started

Prerequisites

• Cisco Packet Tracer (Version 8.0 or later)
• Basic understanding of:
  • OSI model and network layers
  • IP addressing and subnetting
  • Routing protocols (OSPF)
  • VLANs and switching concepts
  • VPN and encryption basics

Installation & Setup

1. Clone the Repository

   git clone https://github.com/yourusername/flair-enterprise-network.git
   cd flair-enterprise-network

2. Open in Packet Tracer

   • Launch Cisco Packet Tracer
   • File → Open → Select flair-network-topology.pkt
   • Wait for all devices to fully boot (2-3 minutes)

3. Verify Connectivity

   - From HQ PC → Ping to Branch PC (verify VPN tunnel)
   - Check routing tables: Show ip route (on each router)
   - Verify OSPF adjacencies: Show ip ospf neighbor
   

4. Access Services

   • Web Access: Open browser on any PC → Enter www.flairgroup.com
   • DNS Resolution: Verify domain resolution works
   • FTP Access: Connect using FTP client (user: admin)
   • IoT Control: Open IoT Monitor → Connect to Home Gateway

Quick Start Commands

# View OSPF neighbor relationships
show ip ospf neighbor

# Display routing table with OSPF routes (marked with O)
show ip route

# Verify VPN security associations
show crypto session brief

# Check interface status and IP addresses
show ip interface brief

# View ACL traffic counters
show access-lists

# Display DHCP pools
show ip dhcp pool

# Verify VLAN configuration
show vlan brief

---

📁 Project Structure

flair-enterprise-network/
├── README.md                           # Project documentation
├── ARCHITECTURE.md                     # Detailed architecture guide
├── CONFIGURATION.md                    # Step-by-step configuration guide
├── SETUP_GUIDE.md                      # Installation and setup instructions
│
├── packet-tracer-files/
│   ├── flair-network-topology.pkt      # Complete network simulation
│   ├── flair-network-backup.pkt        # Backup configuration
│   └── README.md                       # Packet Tracer file guide
│
├── configuration-files/
│   ├── router-configs/
│   │   ├── floor1-router.conf          # Floor 1 router configuration
│   │   ├── floor2-router.conf          # Floor 2 router configuration
│   │   ├── floor3-router.conf          # Floor 3 router configuration (Core)
│   │   └── branch-router.conf          # Branch office router
│   │
│   ├── switch-configs/
│   │   ├── floor1-switch.conf
│   │   ├── floor2-switch.conf
│   │   ├── floor3-switch.conf
│   │   └── branch-switch.conf
│   │
│   ├── isp-configs/
│   │   ├── isp-router1.conf
│   │   ├── isp-router2.conf
│   │   └── isp-router3.conf
│   │
│   └── README.md                       # Configuration file guide
│
├── documentation/
│   ├── IP_ADDRESSING_PLAN.md          # VLSM and subnet documentation
│   ├── VLAN_CONFIGURATION.md          # VLAN design and policies
│   ├── ROUTING_PROTOCOL.md            # OSPF implementation details
│   ├── VPN_SECURITY.md                # IPSec VPN configuration
│   ├── ACL_RULES.md                   # Access control policies
│   ├── DHCP_CONFIGURATION.md          # DHCP pool setup
│   ├── SERVICES_SETUP.md              # DNS, Web, FTP, Syslog
│   ├── IOT_IMPLEMENTATION.md          # Smart office IoT system
│   └── PERFORMANCE_ANALYSIS.md        # Testing results and metrics
│
├── diagrams/
│   ├── network-topology.png           # Overall topology diagram
│   ├── ip-addressing-plan.png         # IP block distribution
│   ├── vlan-layout.png                # VLAN organization
│   ├── osi-layer-mapping.png          # Layer-wise architecture
│   └── iot-infrastructure.png         # IoT system diagram
│
├── test-scenarios/
│   ├── connectivity-tests.md          # Ping and traceroute tests
│   ├── routing-convergence.md         # OSPF failover scenarios
│   ├── vpn-encryption-test.md         # VPN tunnel verification
│   ├── security-tests.md              # ACL and firewall tests
│   ├── service-availability.md        # DNS, DHCP, FTP testing
│   └── iot-control-tests.md           # Smart device control tests
│
├── images/
│   ├── screenshots/
│   │   ├── routing-table-hq.png       # HQ routing table verification
│   │   ├── routing-table-branch.png   # Branch routing table
│   │   ├── vpn-status.png             # VPN security associations
│   │   ├── acl-logs.png               # IPS/IDS packet counters
│   │   ├── dhcp-pools.png             # DHCP configuration
│   │   ├── web-server.png             # Corporate intranet screenshot
│   │   └── iot-monitor.png            # IoT control interface
│   │
│   └── diagrams/
│       └── [architecture diagrams]
│
├── project-report/
│   ├── Project_Report-BSSE-III-B.pdf # Full academic report
│   ├── presentation-slides.pdf        # Project presentation
│   └── summary.md                     # Executive summary
│
├── scripts/
│   ├── router-config-backup.sh        # Backup script
│   ├── network-test.sh                # Automated testing script
│   └── README.md                      # Script documentation
│
├── TROUBLESHOOTING.md                 # Common issues and solutions
├── CONTRIBUTORS.md                    # Team member information
├── LICENSE                            # Project license (MIT)
└── .gitignore                         # Git ignore file

---

✅ Key Achievements

Operational Efficiency

✓ Eliminated broadcast storms through VLAN segmentation
✓ Optimized traffic flow between departments via OSPF routing
✓ Reduced network latency (<10ms round-trip time over VPN)

Data Security

✓ 100% encryption for inter-site communication via IPSec VPN
✓ Multi-layer defense with ACLs and Port Security
✓ IDS/IPS simulation detecting and blocking malicious traffic
✓ Centralized security logging via Syslog

Scalability & Reliability

✓ Hierarchical design supporting future expansion
✓ Zero packet loss in connectivity tests
✓ DHCP and DNS automating address management
✓ Redundant ISP backbone ensuring fault tolerance

Innovation

✓ IoT smart office system with remote device control
✓ Automated lighting, temperature, and security management
✓ Professional-grade service integration

---

📈 Performance Metrics

Metric	Result	Status
Packet Loss (HQ to Branch)	0%	✅ Excellent
Average Latency	<10ms	✅ Excellent
VPN Tunnel Stability	100%	✅ Operational
OSPF Convergence	<5s	✅ Fast
File Transfer (FTP)	No data corruption	✅ Reliable

---

🛠️ Technologies Used

• Simulation Platform: Cisco Packet Tracer 8.0+
• Routing Protocol: OSPF (Open Shortest Path First)
• Security: IPSec VPN, ACLs, Port Security
• Network Services: DHCP, DNS, FTP, Syslog
• IoT Platform: Cisco Home Gateway
• Documentation: Markdown, Network Diagrams (Lucidchart/Draw.io)

---

📚 Learning Outcomes

This project demonstrates proficiency in:

1. Network Architecture Design

   • Hierarchical network modeling
   • VLAN design and implementation
   • IP addressing and VLSM

2. Dynamic Routing

   • OSPF configuration and optimization
   • Route advertisement and convergence
   • Multi-area routing concepts

3. Network Security

   • IPSec VPN tunnel establishment
   • Access Control List implementation
   • Firewall and NAT configuration
   • Intrusion detection simulation

4. Service Integration

   • DHCP pool configuration
   • DNS resolution setup
   • Web server and FTP deployment
   • Syslog centralization

5. IoT & Modern Networking

   • Wireless gateway configuration
   • Smart device integration
   • Remote management systems

---

🤝 Contributing

This is an academic project. Contributions in the form of:

• Documentation improvements
• Additional test scenarios
• Performance optimization suggestions
• Configuration file refinements

are welcome! Please create issues or pull requests with detailed descriptions.

---

📝 Authors

ID	Name	Role
242184	Fatima Atta	Network Design & Documentation
242252	Muhammad Shozab	OSPF Routing & VPN Configuration
242258	Farwa Khalid	Security & ACL Implementation
242278	Muhammad Ahmad	IoT Integration & Testing

Submitted To: Ms. Sabahat Ajaz
Course: Computer Networks (BSSE-III-B)
Institution: [Your University Name]
Date: December 17, 2025

---

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

You are free to use, modify, and distribute this project for educational and professional purposes.

---

📞 Support & Questions

For questions or issues:

1. Check TROUBLESHOOTING.md for common problems
2. Review the documentation folder
3. Check existing GitHub issues
4. Create a new issue with detailed description

---

🔗 Quick Links

• Network Architecture Guide
• Configuration Instructions
• IP Addressing Plan
• Security Documentation
• Performance Analysis

---

Last Updated: December 17, 2025
Status: Complete & Production-Ready
GitHub Stars: ⭐ Feel free to star if this helped you!

---

This project demonstrates enterprise-grade network design principles suitable for academic study, professional portfolios, and real-world implementations.