Design of a Secured Network Infrastructure for a University Campus

Shrihari ,ISE, 3rd Semester

Overview

This project presents the design of a secured, scalable, and logically segmented university campus network created using Cisco Packet Tracer. The model replicates a real-world enterprise environment in which several departments, administrative offices, hostels, and a centralized data center must communicate reliably while maintaining strict security boundaries. The architecture is built on VLAN-based segmentation, inter-VLAN routing, dynamic routing, and access control enforcement to ensure both security and performance within the institution. The system demonstrates how a campus can enforce data privacy, maintain clear boundaries between academic and administrative units, and optimize internal communication without compromising security. By translating theoretical networking concepts into a functioning simulation, the project bridges classroom learning with real-world application.

What This Model Represents

The network model is a full virtual simulation of a university-wide infrastructure created in Cisco Packet Tracer. It consists of multiple functional blocks such as the Department Block, Admin Block, Hostel Block, and Data Center. Each block operates as a dedicated network domain and communicates through properly configured routers and switches.

The Department Block includes the CS, CE, EC, and ME floors, each provided with separate VLANs for students and faculty. The Admin Block contains sensitive units like the library, accounts, and office staff, all placed on secured VLANs to prevent unauthorized access. The Hostel Block is designed with isolated Wi-Fi subnets, each configured with a unique passkey for a specific academic year, ensuring controlled access. The Data Center hosts centralized servers responsible for academic and administrative services, offering a unified platform for testing routing behaviors, ACL restrictions, and reachability. This model ensures that every device communicates using configured IP addressing, VLAN assignments, router-on-a-stick gateways, and policy-based routing. It represents a complete and functional simulation of a real campus network.

Objectives

The primary objectives of this project were to design a segmented university network, enable secure communication across VLANs, deploy dynamic routing to automate path selection, enforce access control to restrict movement between network blocks, and validate connectivity through systematic simulation tests.

System Design and ACL Implementation

1 Network Topology Summary

The network is built using Cisco 2911 routers, Cisco 2960 switches, Cisco Aironet access points, servers, and end devices. The Core Router connects the Department Block to the Data Center, while the Data Center Router manages and isolates server VLANs. Layer-2 switches provide VLAN-based segmentation for each floor or unit. Access Points are configured individually with WPA2 keys to maintain wireless isolation. Servers act as central authentication and resource nodes, supporting the testing environment. The entire design uses router-on-a-stick inter-VLAN routing, RIP version 2 for dynamic route sharing, and trunk links to transport multiple VLANs across switches. This structure ensures that all sections of the campus remain connected but properly segmented according to their operational requirements.

2 Access Control Configuration

To secure access to the Data Center, an access control list (ACL) is applied to the router interface. The ACL permits only ICMP traffic from departmental networks toward the Data Center, preventing unauthorized access to sensitive services. This selective permission enforces strict isolation between academic networks and server resources, allowing only basic connectivity tests while blocking higher-level protocols.

Results & Functions

How n Why