This is a simulated cybersecurity project built in Cisco Packet Tracer. It demonstrates network segmentation, threat detection, logging, access control, and incident response using a multilayer switch and multiple VLANs.
To implement core cybersecurity concepts in a simulated enterprise network environment using practical tools such as VLAN segmentation, ACLs, port security, DHCP snooping, ARP inspection, syslog, and simulated attacks.
- Multilayer Switch (MLS) used for Inter-VLAN Routing
- Switch0–Switch3 for VLAN distribution
- 4 VLANs:
- VLAN 10: Management
- VLAN 20: HR
- VLAN 30: Finance
- VLAN 40: Guests
- VLAN 99: Isolated attacker network
- VLAN Segmentation
- Port Security (restrict MACs on ports)
- DHCP Snooping (on Switch1 and Switch0)
- Dynamic ARP Inspection (on Switch0)
- Access Control List (ACL) to block attacker (BLOCK_ATTACKER)
- Attacker in VLAN 99 assigned static IP
- Spoofing attempt simulated and blocked
- Syslog Server receives security logs
- NTP used for time synchronization
- Tested attacker’s ability to reach sensitive VLANs
- Verified ACL functionality using
ping
tests - Verified blocking via DHCP Snooping & ARP Inspection
show log
,show ip dhcp snooping binding
,show mac address-table
used for validation
ip access-list extended BLOCK_ATTACKER
deny ip 192.168.99.10 0.0.0.0 any
permit ip any any
ip dhcp snooping
ip dhcp snooping vlan 10,20,30,40,99
int fa0/5
ip dhcp snooping trust
ip arp inspection vlan 99
int fa0/4
ip arp inspection trust
show vlan brief
show ip interface brief
show running-config
show mac address-table
show ip dhcp snooping binding
show ip arp inspection
show log
CyberShield.pkt
: Main Packet Tracer fileREADME.md
: This documentation filetopology.png
: Network topology image
This simulation offers a full-stack view of how security can be layered in an enterprise network. From segmentation and ACLs to logging and spoofing defense, it serves as a strong foundational project for entry-level network security learning and demonstration.