Enterprise Network Infrastructure
A comprehensive multi-VLAN enterprise network architecture for The Enterprise Co., featuring 8 network segments with integrated routing, NAT/PAT, and advanced security controls.
Project Overview
This project delivers a scalable and secure enterprise network design built on multi-VLAN segmentation principles. The Enterprise Edge Router serves as the core routing device, providing connectivity for multiple network segments including wireless, CCTV, server, VoIP, and broadcast networks through 8 dedicated VLANs.
The configuration implements NAT overload (PAT) for internet access through a UTM Firewall Gateway, ensuring efficient network segmentation, improved fault isolation, and reliable inter-VLAN communication. The infrastructure supports specialized networks for different operational requirements while maintaining centralized security and management controls.
Organization: The Enterprise Co. | Domain: theenterpriseco.com | Last Updated: March 19, 2025
Network Architecture
WAN Connection
- External Interface: Gi0/0/1
- IP Address: 10.10.1.254/24
- Gateway: 10.10.1.1
- NAT Type: Overload (PAT)
Management Network
- Interface: GigabitEthernet0
- IP Address: 10.10.5.112/24
- VRF: Mgmt-intf
- Access: SSH v2 Only
VLAN Network Segments
| VLAN | Purpose | Network | Interface | Gateway |
|---|---|---|---|---|
| 10 | Broadcast Media Network | 10.10.15.0/24 | Gi0/0/0.10 | 10.10.15.1 |
| 20 | Enterprise Management | 10.10.25.0/24 | Gi0/0/2.20 | 10.10.25.1 |
| 30 | WiFi Network | 10.10.35.0/24 | Gi0/2/0 | 10.10.35.1 |
| 40 | CCTV Network | 10.10.45.0/24 | Gi0/2/1 | 10.10.45.1 |
| 50 | Server Network | 10.10.55.0/24 | Gi0/2/2 | 10.10.55.1 |
| 60 | IP Phone Network | 10.10.65.0/24 | Gi0/2/3 | 10.10.65.1 |
| 70 | Broadcast Network | 10.10.75.0/24 | Gi0/2/4 | 10.10.75.1 |
| 80 | Access Network | 10.10.85.0/24 | Gi0/2/5 | 10.10.85.1 |
Key Features
Multi-VLAN Routing & NAT
8 segregated VLANs with inter-VLAN routing and NAT/PAT translation on the external interface. Structured IP allocation follows 10.10.X5.0/24 pattern for consistent network design.
Security & Access Control
SSH v2 authentication with privilege level 15 access, VTY line restrictions, NAT access lists, and SNMP monitoring with read-only community string for enhanced security.
Network Services
DNS resolution (8.8.8.8, 4.2.2.2), NTP time synchronization with authenticated servers (pool.ntp.org), and comprehensive network documentation with MermaidJS diagrams.
Network Topology Visualisation
10.10.15.0/24
Broadcast Media Network] VLAN20[VLAN 20
10.10.25.0/24
Enterprise Mgt Network] VLAN30[VLAN 30
10.10.35.0/24
WiFi Network] VLAN40[VLAN 40
10.10.45.0/24
CCTV Network] VLAN50[VLAN 50
10.10.55.0/24
Server Network] VLAN60[VLAN 60
10.10.65.0/24
IP Phone Network] VLAN70[VLAN 70
10.10.75.0/24
Broadcast Network] VLAN80[VLAN 80
10.10.85.0/24
Access Network] end Internet --> FW FW --> Router Router --> VLAN10 Router --> VLAN20 Router --> VLAN30 Router --> VLAN40 Router --> VLAN50 Router --> VLAN60 Router --> VLAN70 Router --> VLAN80
Security Configuration
Access Control
- SSH Version 2 enabled for secure remote access
- Local authentication with privilege level 15
- VTY lines (0-4, 5-15) configured for SSH only
- Username "mosud" with administrative privileges
NAT Configuration
- NAT overload (PAT) on Gi0/0/1
- All internal networks in NAT_INTERNAL ACL
- Inside interfaces: All VLAN interfaces
- Outside interface: Gi0/0/1 (WAN)
DNS Services
- Primary DNS: 8.8.8.8 (Google)
- Secondary DNS: 4.2.2.2 (Level3)
- Domain: theenterpriseco.com
Monitoring & Time Sync
- SNMP Community: enterprise_net (RO)
- NTP Servers: 1.pool.ntp.org, 0.pool.ntp.org
- NTP Authentication: Enabled (Key 1)
Technologies Used
- Cisco IOS
- VLANs & NAT/PAT
- SSH v2
- MermaidJS
- SNMP & NTP
- DNS Services