` 2018

Assignment 2 – Network
Report

STUDENT ID : 29984939
NAME : POOJA VISHAL PANCHOLI

FIT 9135 DATA COMMUNICATIONS - ASSIGNMENT 2

1. WLAN Site Survey
1.1 Sitemap

Dimensions: 10.8 m (width), 6 m (height)

Black Circles: Access Point Locations
Red Circles: Measurement Loctions

1.2 Access Points Details

Frequency Frequency Maximum

Access Network 802.11
MAC Address Band Channel Security Speed
Point Name Version
(GHz) (Mbps)
Access WPA2
Vivo 1601 BE:2F:3D:21:55:6C 2.4 6 802.11n 72.2
Point 1 Personal
Access
NETGEAR45 84:1B:5E:05:A8:26 2.4 13 802.11n Open 255.8
Point 2
Access WPA2
IPHONE A6:41:67:31:AE:9F 2.4 6 802.11n 144.4
Point 3 Personal

Figure 1 – Access Point Details

 1.3 Location Measurements
Refer the site map in section 1.1 for the locations
L1 L2 L3 L4 L5 L6 L7 L8 L9 L10 L11 L12 L13 L14 L15
Signal
-49 -44 -66 -77 -90 -93 -88 -82 -65 -89 -88 -74 -81 -85 -43
strength
AP1 Average
Signal -49 -49 -50 -53 -55 -58 -59 -60 -60 -61 -62 -64 -64 -64 -65
Value
Signal
-76 -71 -55 -57 -71 -65 -55 -35 -73 -49 -71 -70 -73 -86 -91
strength
AP 2 Average
Signal -55 -55 -55 -55 -58 -58 -58 -96 -55 -58 -58 -57 -57 -58 -72
Value
Signal
-80 -89 -63 -87 -92 -88 -82 -79 -59 -86 -95 -25 -32 -52 -59
strength
AP 3 Average
Signal -65 -66 -74 -64 -65 -65 -65 -65 -66 -66 -66 -66 -63 -66 -66
Value
Best AP AP AP AP AP AP AP AP
AP1 AP2 AP2 AP3 AP3 AP3 AP2
AP 1 2 2 2 2 2 2 3

Figure 2 – Location wise signal strength detection (dBm)

Channel Occupancy
The given access points work mainly over two channels, channel 6 and channel 13. Apparently,
network transmissions over channel 13 via access point 2 will have no interference as it does not
have to compete with other access points on the same channel. Mainly, there are two access
points sharing transmissions over channel 6. But, channel 6 is considered to be a non-overlapping
channel in the 2.4 GHz frequency band. Hence, the two access points do not interfere each other.

Interference
There were many non-transparent objects that were found between the access point and the
device that is using the WIFI. This in turn created interference between the two devices
connected and hence, the signal strength reduced. The improvements can be made by fixing the
configurations where the amount of interference is minimum and which introduces less
disturbance due to walls, windows, doors as well as human body. It was also noticed that the
devices connected to 2.4 GHz were having more interference due to attenuation created by the
human body as compared to those devices connected over 5 GHz frequency band.
Coverage
The area was covered by all the access points. All the access points were placed in the regions
in such a way that as soon as the device lost connectivity with one access point, the device is
connected to another access point automatically.

Upload and Download speeds

The speeds of upload and download of data using all the three devices were noticeably different
because channel 6 is a non-overlapping channel and will not interfere excessively. On the other
hand, channel 13 is an overlapping channel which was interfered by other access points in the
neighbourhood. Hence, this affected the download speed with many devices connected over the
channel 13.

Range of Access Points

The Access Point 2 (NETGEAR45) had the widest range among all the three access points and it
possibly covered all the locations of measurement even with the interference caused due to
walls, doors and electrical appliances in the kitchen.

Roaming
The overlapping signals enabled roaming for the end user devices. Hence, the devices when lost
connectivity from one access point, it can get connected to the access point without breaking
the connection with the device.
Task 2 : Network Configuration and Bug Fixing

Task a) Router Configuration

Following configuration was done to set up the static routes in the routers.
□ Router 1 Configuration :
To connect clients to servers : /sbin/ip route add 69.10.90.0/24 via 69.10.26.2
To connect clients to intranet : /sbin/ip route add 69.10.39.0/24 via 69.10.92.3

□ Router 2 Configuration :
To connect intranet to servers : /sbin/ip route add 69.10.90.0/24 via 69.10.52.2
To connect intranet to clients : /sbin/ip route add 69.10.37.0/24 via 69.10.92.2

□ Router 3 Configuration :
To connect servers to clients : /sbin/ip route add 69.10.37.0/24 via 69.10.26.1
To connect servers to intranet : /sbin/ip route add 69.10.39.0/24 via 69.10.52.1

Task b) Error Detection and Correction

Following errors were detected in the network configuration.
□ The subnet mask of the SSH server was not equivalent to the other servers in the subnet
mask.
Before detection: 69.10.92.10/24
After detection changed to: 69.10.90.10/24
Error Found: Destination Host Unreachable
Method to detect and test the fix: ping to the SSH server from client
This error was found out because the destination host was not reachable on the
network.

□ The port number of ethernet device 0 was given “30” instead of “24” in the dns server.
Before detection: 69.10.90.12/30
After detection changed to: 69.10.90.12/24
Error Found: No response received
Method to detect and test the fix: ping to the DNS server from client
This error was detected because no response was receieved from the other end because
the port was incorrect.

□ The same IP address (69.10.59.2/24) was detected between Router 1 and Router 4.
Before detection: 69.10.59.2/24 (Router 1) and 69.10.59.2/24
(Router 4)
 After detection changed to: 69.10.59.1/24 (Router 1) and 69.10.59.2/24
(Router 4)
Error Found: Network not reachable
Method to detect and test the fix: ping to any server from client
This error was detected because network was not reachable because there were
multiple same IPs while sending ping to the servers.

Task c) Gateway Router Configuration

The procedure to make Router 3 the default gateway was to add the default gateway routes
from from Router 1 and Router 2 to Router 3.
□ To create default gateway from Router 1 to Router 3
ip route add default via 69.10.26.2

□ To create default gateway from Router 2 to Router 3

ip route add default via 69.10.52.2

Task d) New Subnet Configuration

The router which is supposed to run the DHCP server needs to configure will have to set the following block of
statements in the router’s DHCP configuration.

subnet 192.168.192.0 netmask 255.255.240.0 {

pool {
range 192.168.192.127 192.168.192.254;
default-least-time 600;
option routers 192.168.192.1;
option domain-name “fit9135”;
option-domain-name-servers 69.10.90.12;
}
}
Task e) Implementation of Demilitarised Zone (DMZ)
For accepting packets from specific servers in the demilitarised zone, following commands are to be executed for
specific servers like HTTP packets for www, DNS packets for dns, ICMP packets for devices in demilitarised zone as
well as SSH packets for ssh.

#DNS Configuration
iptables -A FORWARD -p udp -d 69.10.90.12/24 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 69.10.90.12/24 --dport 53 -j ACCEPT

#HTTP Configuration
iptables -A FORWARD -p tcp -d 69.10.90.11/24 --dport www -j ACCEPT
iptables -A FORWARD -p tcp -s 69.10.90.11/24 --dport www -j ACCEPT

#SSH Configuration
iptables -A FORWARD -p tcp -d 69.10.90.10 --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -s 69.10.90.10 --dport 22 -j ACCEPT

#ICMP Configuration
iptables -A FORWARD -p icmp -d 69.10.90.12 -j ACCEPT
iptables -A FORWARD -p icmp -s 69.10.90.12 -j ACCEPT
iptables -A FORWARD -p icmp -d 69.10.90.11 -j ACCEPT
iptables -A FORWARD -p icmp -s 69.10.90.11 -j ACCEPT
iptables -A FORWARD -p icmp -d 69.10.90.10 -j ACCEPT
iptables -A FORWARD -p icmp -s 69.10.90.10 -j ACCEPT

Implementation Testing

According to the network configuration file,

the IP for the HTTP server : 69.10.90.11
the IP for the DNS server : 69.10.90.12
the IP for the SSH server : 69.10.90.10
the IP for the Intranet : 69.10.39.12
□ Testing the ping to HTTP Server:

Figure : Output of ping from client to HTTP Server

□ Testing the SSH Server:

Figure : Output of ping from client to SSH Server

 □ Testing the DNS Server:

Figure : Output of the Lynx command

b) For accepting the packets inside the company network, the following command needs to be added in the Router
3’s Firewall configuration

iptables -A FORWARD -s 69.10.0.0/16 -j ACCEPT

Test Cases:

□ Ping HTTP Server from the external client:

Figure : Output of the ping from external client to HTTP Server

 □ Access the SSH Server from the external client:

Figure : Output of the ping from client to SSH Server

□ Access the DNS Server from the external client:

c) To accept any packets that are related to the connections that are established inside the company network, we
need to add the following line in the Router 3’s Firewall configuration.

iptables -A FORWARD -m conntrack --ctstate ESTABLISHED.RELATED -j ACCEPT

Test Cases:

□ Pinging the HTTP Server from Intranet

Figure : Output of ping from HTTP Server to Intranet

d) To accept any SSH packets into company network, the below given configuration must be added to the Router
3’s Firewall configuration.

iptables -A FORWARD -p tcp -s 69.10.90.12 --sport ssh -d 69.10.0.0/16 -j ACCEPT

Test Cases:

□ Ping internal client from external client:

Client 4’s IP : 69.10.37.128
Client 6 login through SSH and trying to ping Client 4.
 Figure : Output of ping from external client to internal client

□ Ping external client from internal client:

Client 5’s IP : 192.168.192.128
Client 1 login through SSH and trying to ping Client 5.

Figure : output of ping from internal client to external client

e) Other clients which do not have access to SSH willnot be able to access the clients that are not in the same
subnet.

□ Ping from external client to internal client (without SSH):

Client 7’s IP : 192.168.192.129
Client 2 not login through SSH trying to ping Client 7.

Figure : Ping from internal client to external client without SSH