Indonesi
an
Journa
l
of El
ect
ri
cal Engineer
ing
an
d
C
omputer
Scie
nce
Vo
l.
23
,
No.
1
,
Ju
ly
20
21
,
pp.
479
~
489
IS
S
N: 25
02
-
4752, DO
I: 10
.11
591/ijeecs
.v
23
.i
1
.
pp
479
-
489
479
Journ
al h
om
e
page
:
http:
//
ij
eecs.i
aesc
or
e.c
om
Des
i
gning
a secur
e campu
s networ
k and si
mu
lating
it using
C
isco p
acket
trac
er
Alaa H
. Ahme
d
1
,
Mo
k
ha
le
d
N.
A. Al
-
H
am
adani
2
1
Network
Depa
r
t
m
ent
,
Com
pute
r
Scie
nc
e and
Info
rm
at
ion
T
ec
hno
l
og
y
Coll
ege
.
Un
ive
rsit
y
of
Kirku
k,
Ir
aq
2
Depa
rtment of
El
e
cro
nic T
ec
hn
ique
s,
Al
-
H
awija
T
ec
hni
cal
Inst
i
tut
e
,
North
ern
T
ec
hni
ca
l
Univer
s
ity
,
Ira
q
Art
ic
le
In
f
o
ABSTR
A
CT
Art
ic
le
history:
Re
cei
ved
A
pr
18
, 202
1
Re
vised
Jun
1,
2021
Accepte
d
J
un
6
, 2
021
The
n
et
work
is
a
m
assive
par
t
o
f
li
fe
tod
a
y
.
I
t
p
art
i
ci
pa
te
s
not
o
nl
y
on
one
side
of
li
fe
b
ut
in
nea
r
l
y
eve
r
y
st
at
ion
,
espe
cially
in
educ
a
ti
ona
l
orga
ni
z
at
ions.
T
he
ke
y
ai
m
of
educ
a
ti
on
is
to
share
dat
a
and
knowled
ge
,
m
aki
ng
the
netw
ork
important
for
educ
a
ti
on.
I
n
par
ti
cu
la
r
,
it
i
s
essenti
al
t
o
ensure
th
e
ex
change
of
information;
thus,
no
one
ca
n
cor
rupt
it.
To
safe
an
d
trustworth
y
tra
n
sfers
bet
wee
n
users,
int
eg
rity
and
re
li
ab
il
i
t
y
are
cru
cia
l
questi
ons
in
al
l
data
tr
ansfe
r
p
roble
m
s.
The
r
ef
ore
,
w
e
hav
e
d
eve
lop
ed
a
sec
ure
c
ampus
n
et
work
(SCN
)
for
sending
and
re
ce
iv
ing
informat
ion
among
high
-
sec
uri
t
y
en
d
-
users.
W
e
cr
ea
t
ed
a
topol
og
y
for
a
ca
m
pu
s
of
m
ult
i
net
works
and
v
ir
tua
l
local
area
n
e
twork
s
(VLAN
s’
)
using
c
isco
pa
c
ket
t
racer.
W
e
al
so
int
roduc
ed
the
m
ost
critical
sec
uri
t
y
co
nfigura
t
ions,
the
net
working
used
in
our
arc
h
it
e
ct
ure
.
W
e
use
d
a
la
rg
e
num
ber
of
protoc
ols
to
prote
ct
and
ac
comm
odat
e
th
e
users of
the SC
N sche
m
e.
Ke
yw
or
d
s
:
IP
a
ddresse
s
Netw
ork
Secu
rity
Trun
k
VLAN
This
is an
open
acc
ess arti
cl
e
un
der
the
CC
B
Y
-
SA
l
ic
ense
.
Corres
pond
in
g
Aut
h
or
:
Mokhal
ed
N.
A.
Al
-
Ham
adan
i
Dep
a
rtm
ent o
f El
ect
rn
oic
Tec
hn
i
qu
e
s
Northe
rn Tec
hnic
al
U
niv
e
rsity
36001,
Ad
a
n,
Kir
kuk, I
raq
Em
a
il
:
Mok
hal
ed_h
wj@
ntu
.e
du.iq
1.
INTROD
U
CTION
Nowa
days,
the
netw
ork
has
beco
m
e
the
ne
ed
of
m
os
t
pe
op
le
,
espe
ci
al
ly
sci
ence
see
ke
rs.
A
lot
of
researc
hers
an
d
sci
entist
s
are
dep
e
nd
i
ng
e
xcessively
on
netw
orks
to
ge
t
m
or
e
infor
m
at
ion
.
Stud
e
nts’
al
s
o
involve
d
in
th
e
case
of
net
work
-
dep
e
nde
nt
for
a
lot
of
reasons
li
ke
sh
ari
ng
in
f
or
m
at
ion
,
an
d
kn
owle
dge
betwee
n
them
sel
ves.
T
hus,
t
he
netw
ork
is
a
n
im
po
rtant
de
m
and
of
e
ach
com
m
un
it
y
and
organ
iz
at
io
n
[1
]
-
[
3].
Nev
e
rtheless
,
the
n
et
w
ork
ca
n
fall
under
m
any
threats
and
intr
us
io
ns
;
an
d
the
reas
on
be
hi
nd
t
hat
is
the
dev
el
op
m
ent
of
we
b
te
ch
nolo
gies
an
d
se
rv
ic
es
[4
]
-
[
6].
Th
ose
at
ta
cks
can
occur
in
m
any
diff
e
re
nt
ways
ei
ther
ph
ysi
cal
ly
da
m
aging
the
de
vices
or
lo
gical
ly
hack
ing
t
he
cod
es
.
T
hat
ty
pe
of
int
ru
si
on
ca
n
ca
us
e
a
lot
of
pro
blem
s
b
ecause of the
la
ck
of
v
e
racit
y. Th
eref
or
e
, s
ecu
rity
h
as a sign
ific
ant eff
ect
in
pr
otect
ing
the n
e
twor
k
from
tho
se
ty
pe
s
of
at
ta
cks
.
Netw
ork
sec
ur
it
y
can
be
ap
pl
ie
d
in
m
any
as
pects
of
t
he
ne
twork
in
orde
r
to
kee
p
it
fr
om
un
a
uthorize
d
acce
ss
.
Th
us
,
netw
ork
secu
rity
is
no
w
on
e
of
th
e
essenti
al
issue
s
in
m
any
fir
m
s
l
ike
un
i
ver
sit
ie
s.
As
c
onseq
ue
nc
e,
we
desig
ned
a
sec
ur
e
cam
pu
s
netw
ork
(SC
N)
w
hich
inc
lud
es
m
any
network
s
a
nd
each
net
wor
k
consi
sts
of
m
any
VL
ANs’
.
T
ho
s
e
net
works
are
sup
ported
by
a
secu
rity
syst
e
m
that
pr
even
ts
ou
tsi
de
acce
ss
without
a
uth
e
nt
ic
at
ion
.
Als
o,
it
pr
otect
s
t
he
sancti
ty
and
pr
ivacy
of
each
us
er
,
s
o
no
on
e
can
at
ta
ck
their
pr
i
vate
inf
or
m
at
i
on.
I
n
sect
ion
1,
we
e
xpla
ine
d
the
te
ch
no
l
ogie
s
th
at
we
use
d
to
im
ple
m
e
nt
SCN
wh
ic
h
is
pac
ke
t
tracer.
Als
o,
we
e
xp
la
ine
d
the
SCN
str
uc
ture
a
nd
t
he
require
d
res
ources
t
hat
we
use
d
t
o
create
the
SCN
topol
og
y.
I
n
sect
ion
2,
w
e
exp
la
ine
d
in
te
rn
et
prot
oco
l
(I
P
)
ad
dr
es
sing
m
et
ho
ds,
a
nd
th
e
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2502
-
4752
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci,
Vo
l.
23
, N
o.
1
,
Ju
ly
20
21
:
479
-
489
480
connecti
vity
be
tween
the
de
vi
ces
in
entire
ne
twork
.
Wh
ere
as,
virt
ual
loca
l
area
netw
ork
(V
L
A
N)
e
xp
la
natio
n
and
sim
ulati
on
has
bee
n
ta
ki
ng
par
t
in
sect
i
on
3.
Af
te
r
tha
t
in
sect
ion
4,
there
is
a
detai
le
d
il
lustrati
on
about
secur
it
y
an
d
co
nf
i
gurati
ons
th
at
we
ap
plied
in
the
cam
pu
s
topolo
gy
us
i
ng
p
acket
trace
r.
Finall
y,
in
sect
ion
5
a
secur
e
n
et
wor
k ca
m
pu
s scen
a
r
io w
il
l be
c
on
c
lud
e.
2.
METHO
D
OL
GY
Ci
sco
pac
ket
tracer
(CPT
)
is
the
m
ai
n
te
chn
ology
that
we
dep
e
nded
on
de
sign
i
ng
a
nd
s
i
m
ulati
ng
a
secur
e
cam
pu
s
netw
ork.
CPT
is
a
visu
al
sim
ulati
on
to
ol
th
at
has
bee
n
cre
at
ed
an
d
desi
gned
by
ci
sco
s
yst
e
m
.
CPT
ha
s
bee
n
us
e
d
as
an
ef
fe
ct
ive
to
ol
to
te
ach
a
nd
le
ar
n
ne
twork
com
m
un
ic
at
ion
in
real
ist
ic
way
[
7
]
,
[
8
]
.
It
offer
s
a
reali
sti
c
visu
al
iz
at
ion
and
sim
ulati
o
n
too
l
f
or
le
ar
ning
[
9
]
,
[
10
]
.
That
w
hat
help
the
us
ers
es
pe
ci
al
ly
stud
e
nts
to
c
re
at
e,
desig
n,
c
onfi
gure,
a
nd
tr
oubles
hoot
dif
fer
e
nt
ty
pe
of
netw
orks
s
uc
h
as
LA
N
an
d
WAN.
Also
, it help
s w
it
h
the sec
ur
i
ty
p
roblem
s b
y
us
in
g
secu
rity
p
r
oto
c
ols.
F
or
exam
ple, q
ualify
ing
the
us
e of so
m
e
pr
oto
c
ols
li
ke
sp
a
nn
i
ng
tree
protoc
ol
wh
ic
h
help
s
with
the
loopin
g
pro
bl
e
m
s;
especial
ly
wh
e
n
t
her
e
a
re
th
ree
switc
hes
c
onne
ct
ed
to e
ach
o
t
her.
2
.
1.
Im
plem
e
nt
ati
on
In
orde
r
to
des
ign
a
sec
ur
e
c
a
m
pu
s
netw
ork
(S
C
N),
we
use
d
diff
e
ren
t
de
vices
wire
d
a
nd
wire
le
ss
.
Also
,
we
use
d
diff
e
re
nt
ty
pes
of
c
omm
un
ic
a
ti
on
m
edia
to
c
onnect
the
de
vi
ces.
Af
te
r
c
on
necti
ng
t
he
de
vices
,
we
im
ple
m
ent
ed
m
any
i
m
portant
c
onfig
ur
a
ti
on
s
as
V
LA
Ns,
dynam
ic
host
c
onfig
ur
at
i
on
pr
oto
c
ol
(
D
HCP)
,
and
routin
g
in
form
ation
prot
oco
l
(
R
IP
)
.
More
over,
we
app
li
ed
sec
ur
it
y
and
m
anag
em
ent
te
chn
i
qu
es
in
the
m
ai
n
de
vices
of
the
netw
ork
;
to
m
ake
the
ca
m
pu
s
netw
ork
safe
r
a
nd
to
protect
it
f
r
om
interi
or
an
d
exteri
or
at
ta
cker
s. So
, t
he
sa
nctit
y and t
he pri
vacy o
f t
he
use
r wil
l be
grante
d.
2
.
2.
S
C
N
t
opolo
gy
The
t
opology
that
is
desig
ned
f
or
the
s
ecur
e
cam
pu
s
netw
ork
co
nsi
sts
of
f
our
m
ai
n
par
ts
or
bu
il
di
ngs.
Eac
h
par
t
co
ntain
s
dif
fe
ren
t
de
vices
as
s
witc
hes,
com
pu
te
r
s,
la
pt
ops,
sm
artp
hones,
phon
e
s,
pr
i
nters,
ac
ces
s
point,
wirele
ss
r
ou
te
r,
a
nd
serv
e
rs.
All
of
tho
se
de
vices
are
c
onnected
with
a
s
witc
h
that
connects
them
directl
y
with
a
router.
T
he
r
oute
rs
in
the
ca
m
pu
s
a
re
co
nn
ec
te
d
with
each
ot
her
dyna
m
ic
a
l
ly
as
it
’s
show
n i
n
F
igure
1.
Figure
1.
To
po
log
y
of
secu
re
ca
m
pu
s
netw
ork
Evaluation Warning : The document was created with Spire.PDF for Python.
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci
IS
S
N:
25
02
-
4752
Desig
ning
a
se
cure c
amp
us
ne
tw
or
k an
d
si
m
ula
ti
ng it
us
in
g
C
isc
o pa
cket
tracer
(
Ala
a H.
Ah
med
)
481
2
.
3
.
Requ
ir
e
d res
ou
rces
We
us
e
d
diff
e
re
nt
ty
pes
of
de
vices
in
our
work
to
sho
w
diff
e
re
nt
co
nn
ect
ivit
y
cases.
Most
of
t
he
dev
ic
es
are
c
onnected
us
in
g
ca
bles
li
ke
PCs.
Howe
ver,
s
om
e
of
t
he
m
con
nected
by
wi
reless
s
uch
as
sm
artph
on
e
s.
As
a
wireless
connecti
on
pro
vid
e
r,
we
us
e
d
two
dev
ic
es
i
n
dif
fer
e
nt
networks
su
c
h
as
wireles
s
routers
and acc
ess points
. T
he
d
e
sc
riptio
ns
of the
d
e
vices a
r
e:
4
R
ou
te
r
(
Ci
sc
o 821
1)
1 wirele
ss
rout
er (WRT
300N)
9
S
witc
hes
(
Ci
sco 2
960 )
1
se
rv
e
r(ser
ver
-
PT
)
Access
point
(
Access
po
i
nt
-
P
T)
17 PCs
(P
c
-
PT
)
3
la
pt
ops (La
pt
op
-
PT
)
1I
P
ph
one(
7960)
2
sm
art p
ho
nes
(S
m
artph
one
-
P
T)
2 pr
i
nter (Pri
nter
-
P
T)
Con
s
ole
cables
to
config
ur
e
t
he
Ci
sco
I
OS
dev
ic
es
via
the cons
ole
por
ts
Ether
net ca
bles as s
how
n
in
th
e topolo
gy
Copper
st
raig
ht
throu
gh
ca
bl
es
to
co
nn
e
ct
m
os
t
of
the
end d
e
vices
wi
th
switc
hes,
a
nd s
witc
hes wit
h routers
.
Serial
DTE
ca
bles
to
co
nnec
t
ro
ute
rs
with
each
ot
he
r
dynam
ic
al
l
y
Copper
c
r
os
s
-
over
ca
bles
to
c
onnect
the
t
hr
e
e
switc
he
s
with eac
h othe
r.
3.
IP AD
RESSE
S
An
I
P
a
ddress
is
an
i
nter
net
protoc
ol
a
ddre
ss
that
assi
gns
to
eac
h
de
vice
in
t
he
netw
ork
[
11
]
-
[
13
].
Each
de
vice
as
sign
s
a
un
i
qu
e
IP
a
ddres
s
to
be
recog
nizabl
e
an
d
visible
by
oth
e
r
dev
ic
e
s
in
th
e
netw
ork
so
that
it
can
sen
d
an
d
receive
data
easi
ly
without
any
m
i
ssi
ng.
Eac
h
one
c
on
sist
s
of
32
-
bi
t
nu
m
ber
w
hich
is
in
the f
orm
at
o
f
fo
ur
-
octet
num
ber
s sep
a
rated
by
a d
ot as 1
92.
168.1.0. T
he
I
P ad
dress
has
two vers
i
ons I
P
v4
a
nd
IP
v6 [
14
]
,
[
15
]
. W
her
e
IPv
4
ha
s
five
cl
asses A,
B,
C, D
,
a
nd
E
eac
h
one
ha
s
a
dif
fe
ren
t r
ang
e
of
ca
pacit
y.
For
exam
ple,
cl
ass
A
has
a
range
from
1
to
12
7
n
et
w
ork
a
ddr
esses
[
16
]
-
[
18
]
.
This
ca
n
be
wr
it
te
n
as
1.0.0.
0
t
o
126.2
55.25
5.2
55.
Th
us
,
Cl
a
ss
A
pro
vid
es
a
few
ver
y
la
rg
e
siz
es
of
netw
orks.
I
n
our
w
ork,
we
us
ed
I
P
addresses
with
cl
ass
c
to
connect
en
d
de
vices,
howe
ver
for
the
r
ou
te
r’
s
port
that
has
a
c
onnec
ti
on
with
oth
e
r
router
’s we
us
e
d IP
a
ddresse
s
of cla
ss
A.
In
orde
r
t
o
ass
ign
IP
s
f
or
eac
h
dev
ic
e
we
di
d
s
om
e
of
th
e
m
m
anu
al
ly
an
d
s
om
e
of
th
e
m
by
us
ing
DH
CP
prot
ocol
.
The
D
HCP
protoc
ol
is
a
dy
nam
ic
ho
st
config
ur
at
io
n
protoc
ol
that
ass
ign
s
a
n
IP
a
dd
ress
to
end
de
vices
de
pendin
g
on
th
e
co
nf
ig
urat
io
n
that
m
akes
on
s
om
e
dev
ic
es
li
ke
a
ser
ve
r
or
r
oute
r.
A
DH
CP
serv
e
r
al
lo
ws
com
pu
te
rs
to
request
I
P
ad
dr
ess
es
an
d
ne
tworki
ng
pa
r
a
m
et
ers
from
their
I
nter
net
serv
ic
e
pro
vid
er
(
ISP)
autom
at
ic
ally,
el
i
m
inati
ng
t
he
nee
d
f
or
a
network
a
dm
inist
r
at
or
or
us
er
to
assign
I
P
a
ddr
esses
to
al
l
netwo
r
k
dev
ic
es
m
anu
a
ll
y.
In
a
secur
e
ca
m
pu
s
netw
ork
,
we
co
nf
i
gu
red
a
ser
ve
r
to
pro
vid
e
the
PC
s
with
the
IP
a
ddress
es
as
it
is
sh
own
i
n
Fig
ure
2.
W
e
pu
t
192.1
68.4.6
a
s
a
sta
r
t
IP
ad
dr
e
ss
an
d
al
so
we
determ
ine
d
the m
axi
m
u
m
nu
m
ber
of 25
f
or en
d de
vice
s.
Figure
2
.
Ser
ve
r
c
onfig
ur
at
io
n t
o pro
vid
e
D
H
CP
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2502
-
4752
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci,
Vo
l.
23
, N
o.
1
,
Ju
ly
20
21
:
479
-
489
482
3
.
1.
Connec
tivit
y
The
c
onnecti
vi
ty
betwee
n
the
sam
e
networks
ha
ppens
dire
ct
ly
since
ther
e
are
switc
h
c
onnecti
on
s
betwee
n
the
de
vices.
In
t
he
par
ts
t
hat
ha
ve
two
or
th
ree
s
witc
hes,
we
use
d
tr
unks
t
o
c
onnect
t
hem
tog
et
her
.
Wh
e
re
Tr
unks
is
a
chan
nel
t
hat
al
lows
c
onnecti
vity
betw
een
the
V
LA
Ns’
that
ar
e
connecte
d
t
o
a
switc
h.
Howe
ver,
the
connecti
vity
be
tween
routers
will
need
net
work
r
ou
ti
ng
protoc
ols
sta
ti
c
or
dynam
ic
su
c
h
as
RIP.
R
IP
is
a
r
ou
te
r
in
form
at
ion
protoc
ol
that
is
r
esp
onsible
for
fin
ding
the
be
st
path
f
or
data
to
be
transm
itted
[
19
]
-
[
21
]
.
Also,
it
preve
nts
routing
lo
ops
by
li
m
iting
t
he
num
ber
of
pat
hs
from
so
ur
ce
de
vices
t
o
destinat
io
n
de
vices.
T
her
e
f
or
e
,
we
us
e
d
RIP
to
c
onnec
t
the
e
ntire
ne
t
work
with
ea
ch
oth
e
r;
s
o
t
he
e
nd
dev
ic
es
can
se
nd
an
d
receive
inf
or
m
at
ion
f
r
om
diff
ere
nt
ne
tworks
with
the
s
hortest
a
nd
sim
plest
path.
A
fter
that, we
ch
e
ck
ed
the
con
necti
vity
b
et
wee
n
t
he
e
nd d
e
vices
as is sho
wn in
Figures
3
a
nd
4.
Figure
3
.
Ro
uting
in
form
at
ion
pro
t
oco
l
(RIP)
Figure
4
.
Co
nnect
ivit
y
b
et
wee
n
d
evices
(c
on
t
inu
e
)
Evaluation Warning : The document was created with Spire.PDF for Python.
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci
IS
S
N:
25
02
-
4752
Desig
ning
a
se
cure c
amp
us
ne
tw
or
k an
d
si
m
ula
ti
ng it
us
in
g
C
isc
o pa
cket
tracer
(
Ala
a H.
Ah
med
)
483
Figure
4
.
Co
nnect
ivit
y
b
et
wee
n
d
evices
4.
VLA
N
VLAN
or
virtua
l
local
area
ne
twork
is
a
group
of
loc
al
ar
ea
netw
orks
(
L
AN)
that
are
c
onnected
t
o
each
oth
e
r
t
o
a
dd
m
or
e
sec
ur
i
ty
and
m
anag
e
broa
dcast
do
m
ai
n
into
t
he
LANs
[
22
]
-
[
24
]
.
The
refor
e
,
i
n
secu
re
ca
m
pu
s
netw
ork,
we
us
e
d
VL
AN
s
in
so
m
e
pa
rts
to
sepa
rate
the
e
nd
dev
ic
e
s
into
dif
fere
nt
VL
ANs’
f
or
m
any
reasons
.
Firstl
y,
it
wil
l
pu
t
the
stud
e
nt,
le
ct
ur
ers
,
em
plo
ye
e
s,
m
anag
er
s,
a
nd
oth
e
r
sta
ff
in
dif
fer
e
nt
VL
AN
s
’
,
so
it
will
re
duce
the
t
raffic
.
Sec
ondly,
f
or
sec
ur
it
y
reas
on
s
,
VLAN
w
il
l
restrict
acce
ss
to
the
por
ts
by
non
-
aut
horized
people
[25]
.
VLAN
has
fiv
e
ty
pes
def
a
ult,
m
anag
em
ent
,
vo
ic
e
,
data,
and
native
VL
AN;
wh
e
re
de
fa
ult
VLAN
is
al
rea
dy
avail
able
in
ever
y
switc
h
and
al
l
port
s
a
re
assig
ned
t
o
it
.
So
,
it
is
easy
to
at
ta
ck
those
po
rts
by
ou
tsi
der
or
i
ns
ide
r
at
ta
cker
s
.
T
her
e
fore
,
cha
ngin
g
al
l
ports
to
a
nothe
r
V
LA
N
r
at
her
th
a
n
the d
e
fa
ult VL
AN whic
h wil
l be m
or
e sec
ur
e.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2502
-
4752
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci,
Vo
l.
23
, N
o.
1
,
Ju
ly
20
21
:
479
-
489
484
Sw
it
ch
c
onfi
gurati
on for VL
A
Ns
We
create
d
th
r
ee
VLANs
10,
20
,
an
d
30;
and
the
n
we
ass
ign
e
d
fa0
/
2,
fa
0/3
,
a
nd
fa
0/4
resp
ect
ively
,
on
e
port fo
r
eac
h o
ne of
them
We
m
ov
ed
al
l
the
oth
e
r
Fast
Ether
net
ports
fa0
/
5
–
fa
0/24
from
def
ault
VLA
N
t
o
ne
w
VLAN
w
hic
h
we
assigne
d
a
s a
VLAN
40 t
o b
e a sa
ver
.
We ch
a
nged
t
he
two
r
em
ai
nin
g
ports
Giga
bitEt
hernet 0/1
a
nd 0
/
2
to b
e in s
ta
ti
c tru
nk
m
ode as is sh
own
i
n
the con
fig
ur
at
i
on b
el
ow.
Since
fa0
/
1
c
onnects
the
root
switc
h wit
h
t
he
rou
te
r
, we c
ha
ng
e
d
it
s m
od
e t
o be tr
unk t
oo.
4
.
1.
Net
w
ork sec
urit
y
Ther
e
are
a
l
ot
of
te
c
hniq
ues
to
protect
the
netw
ork
from
interi
or
an
d
e
xt
erior
at
ta
cke
rs
.
Atta
cki
ng
cou
l
d
be
physi
cal
by
sabo
ta
gi
ng
,
ru
i
ning,
or
ste
al
ing
the
dev
ic
es;
or
it
can
be
by
hac
king
the
syst
em
an
d
acce
ssing
with
ou
t
a
uthorizat
ion.
Th
us
,
i
n
or
der
t
o
protect
the
net
work
fro
m
tho
se
ty
pes
of
at
ta
cks
,
we
need
a
strong
sec
ur
it
y
syst
e
m
.
Netw
ork
sec
uri
ty
is
a
set
of
poli
ci
es
an
d
proce
dur
es
that
m
on
it
or
the
entire
net
wor
k
con
ti
nu
ously
t
o
secu
re
an
d
preve
nt
it
fr
om
un
a
utho
rized
a
ccess.
Conseq
uen
tl
y,
in
SCN
w
e
us
ed
a
hi
gh
le
vel
of
secu
rity
in
t
he
m
ai
n
de
vices
li
ke
r
oute
rs
a
nd
switc
hes.
We
sec
ur
e
d
al
l
the
ports
s
o
t
hose
de
vices
w
ould
not
acce
pt a
ny acc
ess w
it
ho
ut au
t
hen
ti
cat
io
n.
In
the
r
ou
te
rs’
case,
we
sec
ur
e
d
VT
Y
li
ne
s
an
d
co
nsole
li
nes
by
a
ddin
g
pass
wor
ds
t
o
re
qu
i
re
authe
ntica
ti
on
from
the
us
er;
a
s
it
is
cl
ear
in
the
fo
ll
ow
i
ng
router
co
nfi
gur
at
ion
.
I
n
the
s
witc
h’
s
case
,
we
al
so
secur
e
d
al
l
por
ts;
al
so
,
we
dis
abled
so
m
e
protoc
ols
that
show
the
inf
orm
at
ion
of
the
de
vices
to
ot
her
s
su
c
h
a
s
ci
sco
disc
ov
e
r
y
pr
ot
o
col
(
C
DP
)
.
At
the
sa
m
e
tim
e,
we
enab
le
d
ot
her
prot
oco
ls
li
ke
s
pannin
g
tree
prot
oco
l
(
STP
)
i
n order
to pre
ven
t l
oopi
ng
betwee
n s
witc
hes.
a.
Rou
te
r
co
nfi
gu
rati
on for secu
r
it
y
We
sta
rt
the
se
cur
it
y
pro
cess
by
putt
in
g
a
pa
sswor
d
for
t
he
li
ne
co
nsole
in
orde
r
t
o
pr
e
ve
nt
rem
ote
acce
ss
by o
t
her
s
.
We
pu
t a
p
a
ss
word f
or li
ne
VTY
0 4
to
r
es
tric
t t
he
te
lnet
and SS
H u
nau
t
horized
access.
We
us
e
d
the
m
essage
-
di
gest a
lgorit
hm
MD5
to en
c
rypt
pass
words
as
sho
w
n
in
Fig
ure
5
.
Finall
y,
we
put
so
m
e
restrict
ed
feat
ur
es
in
creati
ng
ne
w
pass
words
s
uc
h
as
m
ini
m
u
m
le
ng
t
h,
a
nd
the
nu
m
ber
of
at
te
m
pts
.
Fo
r
e
xa
m
ple,
we
ve
rif
ie
d
rest
rict
ion
by
ente
rin
g
ne
w
us
er
with
w
eak
pass
wor
d
an
d
the ro
uter rejec
te
d
it
as it i
s s
how
n
i
n
the
Fig
ur
e
6.
Evaluation Warning : The document was created with Spire.PDF for Python.
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci
IS
S
N:
25
02
-
4752
Desig
ning
a
se
cure c
amp
us
ne
tw
or
k an
d
si
m
ula
ti
ng it
us
in
g
C
isc
o pa
cket
tracer
(
Ala
a H.
Ah
med
)
485
Figure
5
.
Ro
uter
sec
ur
it
y co
nfi
gurati
on
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2502
-
4752
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci,
Vo
l.
23
, N
o.
1
,
Ju
ly
20
21
:
479
-
489
486
Figure
6
.
Pass
word
rest
rict
ion
b.
Sw
it
ch
c
onfi
gurati
on for secu
r
it
y
We
disa
bled
th
e
CDP
protoc
ol
fr
om
all
the
dev
ic
es
,
an
d
th
e
reason
is
that
CDP
giv
es
in
form
ation
ab
out
the d
e
vices t
ha
t are a
dj
ace
ncy
to
a
sp
eci
fic
device
.
We
al
lo
wed
th
e
sp
a
nn
i
ng
tre
e
proto
col
t
o
ge
t
rid
of
the
l
oopi
ng
that
ca
n
happe
n
wh
e
n
t
her
e
is
a
cy
cl
e
of
switc
hes
i
n
the
topolo
gy.
Af
te
r
that
,
we
did
po
rt
secur
i
ty
fo
r
us
e
d
po
r
ts.
W
e
determ
i
ned
a
m
axi
m
um
of
2
de
vice
s
and
a
broa
dca
st
le
vel to be
80
% as is s
how
n i
n
Fig
ure
7
a
nd
the c
onfig
ur
at
i
on.
We
ver
ifie
d
t
he
secu
rity
co
nf
igurat
ion
s
of
ports
fa
0/1
,
f
a
0/2
, a
nd
fa
0/3
as
it
s shown i
n
th
e
Fig
ur
e
8.
Figure
7
.
S
witc
h
sec
ur
it
y co
nf
igurat
ion
Evaluation Warning : The document was created with Spire.PDF for Python.
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci
IS
S
N:
25
02
-
4752
Desig
ning
a
se
cure c
amp
us
ne
tw
or
k an
d
si
m
ula
ti
ng it
us
in
g
C
isc
o pa
cket
tracer
(
Ala
a H.
Ah
med
)
487
Figure
8
.
P
or
t
secur
it
y
ve
rific
at
ion
(conti
nue
)
Figure
8
.
P
or
t
secur
it
y
ve
rf
ic
at
ion
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2502
-
4752
Ind
on
esi
a
n
J
E
le
c Eng &
Co
m
p
Sci,
Vo
l.
23
, N
o.
1
,
Ju
ly
20
21
:
479
-
489
488
5.
CONCL
US
I
O
N
To
inc
rease
the
secur
it
y
le
vel
in
the
net
work’
s
syst
e
m
especial
ly
on
ca
m
puses,
we
pro
po
s
ed
a
secu
re
ca
m
pu
s
net
wor
k
(S
C
N)
sce
na
rio
desi
gn
i
ng
a
nd
sim
ulati
ng
us
in
g
the
ci
sco
pack
et
tracer
pro
gr
am
.
This
pap
e
r
pr
ese
nts
a
to
polo
g
y
that
co
nt
ai
ns
f
our
-
buil
ding,
with
different
netw
orks
and
dif
fere
nt
ty
pes
of
de
vic
es.
I
n
each
buil
ding,
we
sepa
rate
the
en
d
de
vice
s
into
dif
fer
e
nt
VLANs
f
or
secur
it
y
pur
poses.
Als
o,
we
app
li
e
d
secur
it
y
te
chn
i
qu
e
s
for
the
r
oute
rs
that
co
nnect
the
networ
ks
an
d
f
or
swi
tc
hes
that
connect
the
end
de
vices
with
each
oth
e
r
to
pre
ven
t
outsi
de
or
unaut
horize
d
acce
sse
s.
More
over
,
this
pa
per
s
ho
ws
the
real
we
igh
t
of
so
m
e p
ro
t
oco
ls
in
c
onnecti
ng
and sec
ur
in
g
t
he
en
ti
re cam
pus syst
em
.
REFERE
NCE
S
[1]
S.
Pande
y
,
"
Modern
Network
Secur
i
t
y
:
Iss
ues
a
nd
Challenge
s
,
"
I
nte
rnational
Jo
urnal
of
Engi
ne
ering
Sc
ie
nc
e
an
d
Technol
ogy
(
IJEST
)
,
vol.
3,
no.
5
,
2011
.
[2]
M.
N.
Abdul
la
h,
I.
A
.
Sat
am,
R
.
W
.
Daoud,
S
.
N.
Shihab,
and
H.
A.
Kam
el
,
"D
esi
gn
and
impleme
nt
a
self
-
m
ana
g
e
d
computer
net
wo
rk
for
elec
tron
ic
exa
m
s
and
shar
ing,
"
I
ndonesian
Journal
of
El
e
c
tric
al
Engi
ne
eri
ng
and
Compute
r
Sci
en
c
e
,
vol
.
19
,
no.
1,
p
p.
466
-
4
75,
2020
,
doi
:
10
.
11591/i
j
eecs.v1
9.
i1.
pp466
-
475
.
[3]
M.
Naa
g
as,
E
.
Mique,
and
T
.
D.
Pala
o
ag,
"D
efe
nse
-
through
-
dec
ep
ti
on
N
etw
ork
Se
cur
ity
Model:
Se
cur
in
g
Univer
sit
y
Cam
pus
Network
from
DOS/DDOS
Atta
ck
,
"
Bulletin
of
Elec
tri
cal
En
gine
ering
and
In
formatic
s
,
vol
.
7
,
no.
4
,
p
p
.
59360
0,
2018
,
doi
:
10
.
11591/e
e
i.
v7i4
.
1
349
.
[4]
M
.
Jaha
nira
d
,
A.
L.
N.
Yah
y
a
,
an
d
R.
M.
Noor,
"
Com
pre
hensive
Network
Secur
ity
Approac
h
:
Sec
urity
Br
eache
s
at
Ret
ail
compan
y
-
A
Case
Stud
y
,
"
IJCSNS
Int
ernat
ional
Journal
of
Computer
Scien
ce
and
Net
work
Sec
urit
y
,
vo
l.
12
,
no.
8
,
2012
[5]
X
.
Zhou,
B.
Li,
Y.
Qi,
and
W
.
Dong,
"M
imic
Enc
r
y
pt
ion
Box
for
Network
M
ult
imedia
D
at
a
S
ec
uri
t
y
,
"
Hinda
wi
Sec
urit
y
and
Co
mm
unic
ati
on
N
e
tworks
,
2020.
[6]
L.
T.
Month
er
Aldwairi
,
"S
ec
ur
ity
t
ec
hniqu
es
f
or
int
e
ll
ig
ent
sp
am
sensing
and
anomal
y
de
te
c
tion
in
onl
ine
soc
ia
l
pla
tforms
,
"
Inte
r
nati
onal
Journal
of
Elec
tri
cal
a
nd
Computer
E
ngin
ee
ring
(
IJECE)
,
vol.
10,
no
.
1,
p
p
.
275
-
287
,
2020
,
doi
:
10
.
11
591/i
jece
.
v10i1
.
pp275
-
287
.
[7]
S
.
Li
angxu
,
I.
W
u,
Y.
Zha
ng
,
and
H.
Yin
,
"Com
p
ari
son
bet
we
en
ph
y
sic
al
dev
ices
and
sim
ula
tor
software
for
Cisc
o
net
work
technol
og
y
te
a
chi
ng
,
"
o
mputer
Sci
en
ce
&
E
ducat
ion
(
I
CCSE)
,
2013
8t
h
Inte
rnationa
l
Confe
renc
e
IE
E
E
,
2013
,
doi
:
10
.
11
09/ICCSE.
2013.
6554134
.
[8]
N
.
Sanam
,
"P
erf
orm
anc
e
Evalua
ti
on
of
W
ide
Area
Network
usin
g
Cisco
Packe
t
Tra
c
er,
"
Int
ernat
ional
Journal
of
Adv
anc
ed
Tr
ends
in
Comput
er
Sci
ence
a
nd
Engi
nee
rin
g,
vol.
8,
n
o.
6,
pp.
29
15
-
2919,
2019
,
doi:
10
.
30534/ij
at
cse
/2019/
3886
2019
.
[9]
I.
Shem
si,
"Boo
sting
Campus
N
et
work
Design
Us
ing
Cisco
Pa
cke
t
Tr
ac
e
r,
"
Int
ernati
onal
Jour
nal
of
Innov
ati
v
e
Sci
en
ce and
R
ese
arch
Techno
log
y
,
vo
l. 2, no. 11,
2017.
[10]
S.
Nage
ndra
m
,
K.
Ra
m
cha
nd,
a
nd
H.
Rao,
"H
y
brid
Secur
ity
an
d
Ene
rg
y
Aw
ar
e
Routi
ng
for
W
ire
le
ss
Ad
hoc
Networks,"
Inter
nati
onal
Journ
al
of
R
ecent
Technol
ogy
an
d
Engi
ne
ering
(
IJR
TE)
,
vol.
8,
no.
2
,
2019
,
doi:
10
.
35940/ijr
te
.
b3659
.
078219
.
[11]
P
.
Patha
k,
S.
Ma
junde
r,
C
.
Mondal,
and
M.
K.
,
"Colle
ge
N
et
wor
k
Scena
rio
Im
pl
ementa
t
ion
b
y
u
sing
Cisco
Pack
et
Tra
c
er,
"
Int
ernat
ional
Journal
of
Adv
ance
d
Re
se
arch
in
Computer
and
Comm
un
ic
ati
on
Engi
ne
ering
,
vol.
7
,
no.
1
,
pp.
299
-
304
,
20
18.
[12]
Z
.
A.
Jaa
z,
S.
S.
Olei
wi
,
S.
A
.
S
ah
y
,
and
I
.
A.
B
ara
z
anc
h
i,
"D
a
tabase
t
ec
hniqu
es
for
resilient
netw
ork
m
onit
oring
and
inspec
t
ion,"
TEL
KOMNIK
A
Tele
communi
cat
ion
,
Computing,
Elec
troni
cs
and
Control
,
vol.
18,
no.
5,
p
p.
2412
-
2420
,
2020
,
doi
:
10
.
12
928/T
EL
KO
MN
IKA
.
v18i5.
1430
5
.
[13]
S
.
N.
Sis
at
,
"IP
Subnett
ing
,
"
Inte
rnational
Journ
al
of
El
e
ct
ronics
,
Comm
unic
ati
o
n
&
Soft
Compu
ti
ng
Scienc
e
an
d
Engi
ne
ering
,
vol
.
2
,
no
.
5
,
pp
.
5
-
9,
2013
.
[14]
Md.
A
.
Hos
sain,
and
M.
Z
anna
t
,
"S
imulat
ion
and
Design
of
Unive
rsit
y
Area
Netw
ork
Scena
r
io(UAN
S)
using
Cisco
Packe
t
Trace
r
,
"
Global
J
ournal
of
Computer
Sc
i
enc
e
and
Techn
ology
:
G
Int
erdi
scipl
inary
,
vol
.
19,
no.
3,
2019
,
doi:
10
.
34257/G
JCS
TGVO
L19I
S3P
G7
.
[15]
M
.
J
.
Ars
had,
A
.
Farooq,
S.
Ahs
an,
and
M.
Shah
baz
,
"A
Path
To
wards
IP
-
V6
Tra
nsiti
on
Str
at
eg
i
es
for
Scie
n
ti
f
i
c
Resea
rch
:
An O
ver
vie
w,"
Li
fe S
ci
en
ce J
ournal
,
vol.
9
,
no
.
1
,
pp
.
599
-
602,
2012
.
[16]
J.
D.
McC
abe,
“
Network
Anal
y
s
is,
Design
and
A
rch
itect
ur
e,
”
El
s
ev
i
er
Inc
.
,
2007.
[17]
S.
I
saa
c
and
J.
Abdu,
"
Com
par
at
iv
e
Anal
y
sis
Bet
wee
n
IPv4
AN
D
I
Pv6,"
Int
ernati
onal
Jour
nal
of
Information
Syste
ms
and
Eng
ine
ering
,
vol
.
3
,
no.
2
,
2015
,
doi
:
10.
24924/ijise/
2
016.
11/v4.iss
2/20.
26
.
[18]
Z
.
Ham
id
and
S.
Daud,
"A
Com
par
at
ive
Stu
d
y
be
twee
n
IP
v4
and
IPv6,"
in
Inte
rnationa
l
Confe
renc
e
on
Engi
ne
ering, Te
chnol
ogy
&
Voc
ati
onal Educ
a
ti
o
n
,
2020
.
[19]
O
.
K
.
Sula
iman,
A.
M.
Sir
ega
r
,
K.
Nasution,
an
d
T.
Hara
m
ai
n
i,
"Bell
m
an
Ford
a
lgori
thm
-
in
Ro
uti
ng
Inform
atio
n
Protocol
(RIP),"
in
Journal
of
Ph
ysic
s Conf
ere
nc
e
Serie
s
,
201
8,
do
i
:10
.
1088/1742
-
6596/1007/
1/01
2009
.
[20]
D
.
Liu
,
B.
Barb
er,
and
L
.
Digra
n
de
,
"Im
ple
m
ent
i
ng
RIP,
Vers
ion
2,
"
in
Cisco
CCNA/
CCENT
Ex
a
m
640
-
802,
640
-
822,
640
-
816
Pr
eparati
on
K
it
,
Sy
ngress
,
2009,
pp
.
197
-
232
.
[21]
V
.
Bagga
n
,
A.
K.
Sahoo,
P.
K
.
Sara
ngi,
and
S.
P.
Chat
urve
n
di
,
"A
comprehe
nsive
anal
y
s
is
and
expe
riment
al
eva
lu
at
ion
of
routi
ng
informati
on
protoc
o
l:
An
el
uci
da
ti
on,
"
Mate
ria
l
s
Today:
Pro
ce
ed
ings
,
2020
,
doi:
10
.
1016/j.m
at
pr.
2020
.
10.
676
Evaluation Warning : The document was created with Spire.PDF for Python.