CMIT452 Network Implementation Proposal Paper I have attached the requirement for the paper network proposal Please use it a guideline for the term paper.

CMIT452 Network Implementation Proposal Paper I have attached the requirement for the paper network proposal Please use it a guideline for the term paper.

Network Proposal Paper

Don't use plagiarized sources. Get Your Custom Essay on
CMIT452 Network Implementation Proposal Paper I have attached the requirement for the paper network proposal Please use it a guideline for the term paper.
Just from $13/Page
Order Essay

Depicted below is a corporate network.

A corporation has two domain system servers (DNS), one web server, and SMTP server. All servers and their connecting routers are in the same subnet. A layer 3 switch is connected thru EtherChannel to another subnet.

The webserver and SMTP server are needed to communicate with Internet.

For security purposes, web access to SMTP and DNS servers are denied. The DNS servers should communicate only with each other and the Internet.

For this network, you are required to implement the following Layer 2 and Layer 3 services:

Implement a switch to switch connectivity using Trunking and aggregating links
Implement a PVLAN solution hosting DNS WWW and SMTP servers
For security implement VACL and PACL in Critical Subnet
Provide a verification plan for the above solution

Provide a technical proposal that addresses all issues described above.

The proposal should contain:

Cover page
Index Page
Executive summary
Technical details (including any assumptions)
Conclusion
Reference page

Writing Instructions

Your paper must have a minimum of 5 pages and a maximum of 10 pages of text, excluding the required title page and bibliography, Index page, Reference page, and optional tables. Text must be Times New Roman, 12 font, 1″ margin on all sides, and double spaced.

Students must follow “Publication Manual of the American Psychological Association, Fifth Edition (APA- 5)”, also known as APA style or format. Only a Microsoft Word file will be accepted as the final submission; no HTML or PDF files allowed.

All sources must be properly cited and must be credible. At least two sources must be Internet sources (for help in evaluating the credibility of web sources, go to www.umuc.edu/library/guides/evaluate.shtml). Once you have completed a good draft, it is strongly advised that you submit it to UMUC’s Effective Writing Center (EWC). In order to allow sufficient time for their review, you need to submit the draft to EWC two weeks prior to the paper’s due date. Network Proposal Paper
Depicted below is a corporate network.
A corporation has two domain system servers (DNS), one web server, and SMTP server. All
servers and their connecting routers are in the same subnet. A layer 3 switch is connected thru
EtherChannel to another subnet.
The webserver and SMTP server are needed to communicate with Internet.
For security purposes, web access to SMTP and DNS servers are denied. The DNS servers
should communicate only with each other and the Internet.
For this network, you are required to implement the following Layer 2 and Layer 3 services:
•
•
•
•
Implement a switch to switch connectivity using Trunking and aggregating links
Implement a PVLAN solution hosting DNS WWW and SMTP servers
For security implement VACL and PACL in Critical Subnet
Provide a verification plan for the above solution
Provide a technical proposal that addresses all issues described above.
The proposal should contain:
• Cover page
• Index Page
• Executive summary
• Technical details (including any assumptions)
• Conclusion
•
Reference page
Writing Instructions
Your paper must have a minimum of 5 pages and a maximum of 10 pages of text, excluding the
required title page and bibliography, Index page, Reference page, and optional tables. Text must
be Times New Roman, 12 font, 1″ margin on all sides, and double spaced.
Students must follow “Publication Manual of the American Psychological Association, Fifth
Edition (APA- 5)”, also known as APA style or format. Only a Microsoft Word file will be
accepted as the final submission; no HTML or PDF files allowed.
All sources must be properly cited and must be credible. At least two sources must be Internet
sources (for help in evaluating the credibility of web sources, go to
www.umuc.edu/library/guides/evaluate.shtml). Once you have completed a good draft, it is
strongly advised that you submit it to UMUC’s Effective Writing Center (EWC). In order to
allow sufficient time for their review, you need to submit the draft to EWC two weeks prior to
the paper’s due date.
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
CISCO NETWORK PROPOSAL
Prepare for:
Prof. Kusay Rukieh
Prepare by:
Ngu Nguyen
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
I.
Introduction
This is a technically network proposal document which provides implementation of the following
solutions for a corporation. After conducting the customer’s network requirement and the current
network topology, we, as the Network engineers, totally understand that a corporation has two
domain system servers (DNS), one web server, and SMTP server. All servers and their connecting
router are in the same subnet. A layer 3 switch is connected thru EtherChannel to another subnet.
The webserver and SMTP server are needed to communicate with the Internet. Also, For the
security, web access to SMTP and DNS servers are denied. The DNS server should communicate
only with each other and the Internet. Therefore, we provide the following network proposal:

This Corporation will have two subnets: one for the Server subnet (192.168.1.0/24), and
one for Critical subnet (192.168.2.0/24). They are communicated by a Router with the
Router-on-Stick configuration.

The connection between switches are configure as etherchannel to provide the redundant
links, and the communication between Vlans.

In the server subnet, we will implement Private VLAN(PVLAN) and Vlan Access-list
(VACL) to provide the security between servers.

In the Critical subnet, we will implement VACL and PACL (Port Access list) .

On the router, we will implement Router-on-The-Stick following the 802.1q to provide
communication between two subnets. Also, we will create a default route to provide the
internet access for the two subnet’s outbound access.
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
1. Network Topology
2. Connectivity Table
Device
Interface
Neighbor
IPv4 Address
R1
Gigabit Ethernet 0/0
ACSW1
192.168.1.1/192.168.2.1
R1
Gigabit Ethernet 0/0
ISP
ACSW1
Ethernet 0/1
DNS1
192.168.1.53
ACSW1
Ethernet 0/2
DNS2
192.168.1.54
ACSW1
Ethernet 0/3
Web server
192.168.1.80
ACSW1
Ethernet 0/4
SMTP server
192.168.1.25
ACSW1
Fast Ethernet 0/24
R1
ACSW1
Fast Ethernet 0/22
DSW
EtherChannel
ACSW1
Fast Ethernet 0/23
DSW
EtherChannel
DSW
Fast Ethernet 0/22
ACSW1
EtherChannel
DSW
Fast Ethernet 0/23
ACSW1
EtherChannel
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
DSW
Fast Ethernet 0/20
ACSW2
EtherChannel
DSW
Fast Ethernet 0/21
ACSW2
EtherChannel
ACSW2
Fast Ethernet 0/1
PC1(Critical Subnet)
192.168.2.10
ACSW2
Fast Ethernet 0/2
PC2(Critical Subnet)
192.168.2.20
II.
Implementation
1. Implement a PVLAN solution hosting DNS WWW and SMTP servers
As per requirement, we need to implement Private vlan for these servers. DNS servers will be
configured as community private vlan, and Web/SMTP will be configured as isolated private vlan.
Syntax: switch(config)# vlan [1-65535]
>>this command creates a vlan.
ACSW1(config-vlan)#private-vlan community
>>this command sets a vlan to be a community vlan.
switch(config)# vlan [1-65535]
>>this command creates a vlan.
switch (config)# private-vlan isolated
>>this command sets a vlan to be an isolated vlan.
switch(config)# vlan [1-65535]
>>this command creates a vlan.
switch(config)# private-vlan primary
>>this command set a vlan to be a primary vlan.
switch(config)# private vlan association vlan-id [1-65535]
>>this command defines a relationship between primary and private vlans.
switch(config)#interface interface-type [1-255]
>>this command accesses to an interface.
switch(config-if)#switchport mode private-vlan [host | promicous]
>>this command sets a interface to be either host or promiscuous.
switch(config-if)#switchport mode private-vlan host-association primary-vlan-id, privatevlan-id
>>this command defines an interface belonging to defined private vlan and associate primary
vlan.
switch(config-if)#switchport mode private-vlan [promiscuous | host]
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
>>this command set an interface to be either promiscuous or host mode.
switch(config-if)#switchport mode private-vlan mapping primary-vlan-id, private-vlan-id
>>this command maps a private vlan and primary vlan in the promiscuous mode’s interface.

On The ACSW1 switch:
ACSW1(config)#vlan 20
ACSW1(config-vlan)#private-vlan community
ACSW1(config-vlan)#vlan 30
ACSW1(config-vlan)#private-vlan isolated
ACSW1(config-vlan)#vlan 100
ACSW1(config-vlan)#private-vlan primary
ACSW1(config-vlan)#private vlan association 20, 30
ACSW1(config-vlan)#exit
ACSW1(config)#interface range fa0/1 – 2
ACSW1(config-if)#switchport mode private-vlan host
ACSW1(config-if)#switchport mode private-vlan host-association 100 20
ACSW1(config-if)#exit
ACSW1(config)#interface range fa0/3 – 4
ACSW1(config-if)#switchport mode private-vlan host
ACSW1(config-if)#switchport mode private-vlan host-association 100 30
ACSW1(config-if)#exit
ACSW1(config)#interface fa0/24
ACSW1(config-if)#switchport mode private-vlan promiscuous
ACSW1(config-if)#switchport mode private-vlan mapping 100 20, 30

On The ACSW2:
ACSW2(config)#vlan 200
ACSW2(config-vlan)#name Critical Subnet
2. VACL for denying web access to SMTP and DNS servers
Vlan access-list need to be deployed on the DNS and SMTP servers.
Syntax: switch(config)# ip access-list [extended | standard] [ACL-number | ACL-name]
>>this command creates an access-list either standard or extended.
switch(config)#permit [tcp | udp | ip] source [host | any] [A.B.C.D] [host | any]
[A.B.C.D] eq [number | service name]
>>this command defines an ACL rule either allow/deny traffic from source to destination with a
service option.
switch (config)#vlan access-map access-map-name increment-access-map-number [1255]
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
>>this command creates an access-map either forward or drop when there is a match in the
defined ACL.
switch(config-access-map)# match ip add [ACL number | ACL name]
>>this command creates a matching policy for an access-map..
switch(config-access-map)#action [forward | drop]
>>this command creates an action for an access-map.
switch(config)#vlan filter [access-map] vlan-list [vlan-id]
>>this command applies this traffic filter on a defined vlan.

On the ACSW1 switch:
ACSW1(config)#ip access-list extended No_Web_Access
ACSW1(config-ext-nac)#permit tcp any host 192.168.1.25 eq 80
ACSW1(config-ext-nac)#permit tcp any host 192.168.1.25 eq 443
ACSW1(config-ext-nac)#permit tcp any host 192.168.1.53 eq 80
ACSW1(config-ext-nac)#permit tcp any host 192.168.1.53 eq 443
ACSW1(config-ext-nac)#permit tcp any host 192.168.1.54 eq 80
ACSW1(config-ext-nac)#permit tcp any host 192.168.1.54 eq 443
ACSW1(config)#vlan access-map VACL01 10
ACSW1(config-access-map)# match ip add No_Web_Access
ACSW1(config-access-map)#action drop
ACSW1(config)#vlan access-map VACL01 20
ACSW1(config-access-map)#action forward
ACSW1(config)#vlan filter VACL01 vlan-list 20, 30
3. VACL and PACL in Critical Subnet (192.168.2.0/24)
In the critical subnet, we need to implement Vlan access-list and port access-list to secure this
hosts.
Syntax: switch(config)# ip access-list [extended | standard] [ACL-number | ACL-name]
>>this command creates an access-list either standard or extended.
switch(config)#permit [tcp | udp | ip] source [host | any] [A.B.C.D] [host | any]
[A.B.C.D] eq [number | service name]
>>this command defines an ACL rule either allow/deny traffic from source to destination with a
service option.
switch (config)#vlan access-map access-map-name increment-access-map-number [1255]
>>this command creates an access-map either forward or drop when there is a match in the
defined ACL.
switch(config-access-map)# match ip add [ACL number | ACL name]
>>this command creates a matching policy for an access-map..
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
switch(config-access-map)#action [forward | drop]
>>this command creates an action for an access-map.
switch(config)#vlan filter [access-map] vlan-list [vlan-id]
>>this command applies this traffic filter on a defined vlan.
a. VACL
Allow only traffic DNS, WEB, and SMTP between PC1, PC2 in Critical subnet to Server
subnet. Deny all other traffic.
ACSW2(config)#ip access-list extended Critical_Subnet
ACSW2(config)#permit tcp host 192.168.2.10 host 192.168.1.25 eq 25
ACSW2(config)#permit udp host 192.168.2.10 host 192.168.1.53 eq 53
ACSW2(config)#permit udp host 192.168.2.10 host 192.168.1.53 eq 53
ACSW2(config)#permit tcp host 192.168.2.10 host 192.168.1.80 eq 80
ACSW2(config)#permit tcp host 192.168.2.10 host 192.168.1.80 eq 443
– Do the same configuration for PC2 (192.168.2.20)
ACSW2(config)#vlan access-map VACL02 10
ACSW2(config-access-map)# match ip add Critical_Subnet
ACSW2(config-access-map)#action forward
ACSW2(config)#vlan access-map VACL02 20
ACSW2(config-access-map)#action drop
ACSW1(config)#vlan filter VACL01 vlan-list 200
b. PACL
Deny Telnet and SSH between two hosts: 192.168.2.10 and 192.168.2.20.

On the ACSW2 switch, configure the PACL to block the telnet and SSH:
ACSW2(config)#ip access-list extended No_Telnet_SSH
ACSW2(config-ext-nac)#deny tcp host 192.168.2.10 host 192.168.2.20 eq 22
ACSW2(config-ext-nac)#deny tcp host 192.168.2.10 host 192.168.2.20 eq 23
ACSW2(config-ext-nac)#permit ip any any
ACSW2(config-ext-nac)#exit
ACSW2(config)#interface fa0/1
ACSW2(config-if)#ip access-group No_Telnet_SSH in
4. Port Channel between DSW switch and ACSW1 Switch, ACSW2 switch
Port channel need to be configured between DSW, and ACSW1, ACSW2 to make redundant links.
Syntax: switch(config)#interface interface-type number [1-255]
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
>>this command accesses to an interface.
switch (config-if)#channel-group [1-255] mode [active | passive | auto | desire | on]
>>this command creates a channel either LACP(open standard) or PAgP (Cisco).
switch (config)#interface port-channel [1-255]
>>this command accesses an port channel interface.
switch (config-if)#switchport trunk encapsulation [dot1q | isl]
>>this command set an encapsulation type on this port channel interface.
switch (config-if)#switchport mode [trunk | access | static]
>>this command selects interface type either trunk, access or static.

On The DSW Switch
DSW1(config)#int range fast Ethernet 0/22 – 23
DSW1(config-if)#channel-group 1 mode active
DSW1(config)#interface port-channel 1
DSW1(config-if)#switchport trunk encapsulation dot1 q
DSW1(config-if)#switchport mode trunk
DSW1(config)#int range fast Ethernet 0/20 – 21
DSW1(config-if)#channel-group 2 mode active
DSW1(config)#interface port-channel 2
DSW1(config-if)#switchport trunk encapsulation dot1 q
DSW1(config-if)#switchport mode trunk

On The ACSW1
ACSW1(config)#int range fast Ethernet 0/22 – 23
ACSW1(config-if)#channel-group 1 mode active
ACSW1(config)#interface port-channel 1
ACSW1(config-if)#switchport trunk encapsulation dot1 q
ACSW1(config-if)#switchport mode trunk

On The ACSW2
ACSW2(config)#int range fast Ethernet 0/20 – 21
ACSW2(config-if)#channel-group 2 mode active
ACSW2(config)#interface port-channel 2
ACSW2(config-if)#switchport trunk encapsulation dot1 q
ACSW2(config-if)#switchport mode trunk
5. Configure Router-on-The-Stick configuration on router R1 and Internet access.
– On the router:
Syntax: Router(config)# interface interface-type 0/0.x
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
>>this command creates a sub-interface (logical) over an interface (physical).
Router(config-sub-if)#ip add A.B.C.D netmask A.B.C.D
>> this command creates a ip address for an interface.
Router(config-sub-if)#encapsulation [dot1q | ISL ] vlan-id [1-65534]
>> this command selects the encapsulation type either dot1q(standard), or ISL(Cisco).
Router(config)# interface interface-type
>> this command accesses to a physical interface.
Router(config)#no shut
>> this command enables an interface up.
– On The switch:
ACSW2(config)#interface interface-type number [1 – 255]
>> this command accesses to an interface.
ACSW2(config-if)#switchport [trunk | access | static] encapsulation [dot1q | ISL]
>> this command set type of traffic over a trunk link.
ACSW2(config-if)# switchport mode [trunk | access | static]
>> this command sets an interface’s type.
ACSW2(config-if)#switchport trunk allowed vlan vlan-id, [1-65534]
>> this command defines vlans which are allowed on a trunk link.
In order to allow communication between Critical subnet and Server subnet, we need to configure
VLAN routing on the R1 router. Also, we need to configure default route to provide the Internet
access for both internal subnets (192.168.1.0/24 and 192.168.2.0/24).
a. Router-on-The-Stick
– On The router
Router(config)#hostname R1
R1(config)# interface Gigabit Ethernet 0/0.100
R1(config-sub-if)#ip add 192.168.1.1 255.255.255.0
R1(config-sub-if)#encapsulation dot1q 100
R1(config)# interface Gigabit Ethernet 0/0.200
R1(config-sub-if)#ip add 192.168.2.1 255.255.255.0
R1(config-sub-if)#encapsulation dot1q 200
R1(config)# Gigabit Ethernet 0/0
R1(config)#no shut

On The ACSW1 switch
ACSW2(config)#interface fast ethernet 0/24
ACSW2(config-if)#switchport trunk encapsulation dot1q
ACSW2(config-if)# switchport mode trunk
ACSW2(config-if)#switchport trunk allowed vlan 1, 100, 200
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
b. Configure Default Gateway for the internal access the internet
R1(config)#ip route 0.0.0.0 0.0.0.0 interface gigabit Ethernet 0/1
>>This command sets default gateway which provide outbound access for all internal network
subnet with the next hop as an interface.
6. Provide a verification plan for the above solution
a. Implement a PVLAN solution hosting DNS WWW and SMTP servers

Because we implement Private VLAN in the Server subnet, two dns servers are able to
communicate each other as they belong to the Community VLAN:

From DNS server 1 command prompt, ping to DNS server 2, it will be successful.

From DNS server1 server2’s command prompt, ping to WWW, and SMTP servers, it will
not be successfully, since they belong to the Isolated VLAN.

From WWW server’s command prompt ping to STMP server, it will not successful since
they belong to the Isolated VLAN.

From DNS, WWW, and SMTP’s command prompt, ping to google.com or any internet
site, it will successful since we implement default-route.

From ACSW1, use the command “show vlan” and “show run | i vlan” to verify the defined
VLAN configuration.
b. VACL for denying web access to SMTP and DNS servers

From www server, open browser and try to access SMTP (192.168.1.25) and DNS
(192.168.1.53/192.168.1.54) servers. The result will be not successful.

From ACSW1, use the command “show run access-list” to verify the defined ACL.
c. VACL and PACL in Critical Subnet (192.168.2.0/24)

From PC1(192.168.2.10)’s command prompt, ssh and telnet to PC2 (192.168.2.20). The
result will be not successful.
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh

From PC1’s command prompt, ping to PC2, the result will be successful.

From PC1, and PC2’s command prompt, use the command “nslookup google.com”, it will
successful resolve the ip add of the google.com. Please remember that we assume that PC1
and PC2 have been already configured DNS option with the ip add of DNS server
(192.168.1.53/192.16.1.54).

From PC1, and PC2’s command prompt, configure the mailbox with the server gateway is
SMTP server (192.168.1.25), it will be successful.

From PC1, and PC2’s command prompt, use the browser to web access to WEB server
(192.168.1.80), it will be successful.

From ACSW2, use the command “show run access-list” to verify the defined ACL.
d. Port Channel between DSW switch and ACSW1 Switch, ACSW2 switch
From DSW switch and ACSW1 Switch, ACSW2 switch, use the follow command to verify:

Switch# show etherchannel summary
>> to verify the brief info about the current channel port.
e. Configure Router-on-The-Stick configuration on router R1 and Internet access.

From PC1, and PC2’s command prompt, use the command “nslookup google.com”, it will
successful resolve the ip add of the google.com. Please remember that we assume that PC1
and PC2 have been already configured DNS option with the ip add of DNS server
(192.168.1.53/192.16.1.54).

From PC1, and PC2’s command prompt, configure the mailbox with the server gateway is
SMTP server (192.168.1.25), it will be successful.

From PC1, and PC2’s command prompt, use the browser to web access to WEB server
(192.168.1.80), it will be successful.
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh

From PC1, and PC2’s command prompt, use the browser to web access google.com, it will
be successful

ACSW1#show interface fast Ethernet 0/24 switchport
>>to verify the trunk status, vlans allowed on the interface.

R1# show ip interface brief
>> to verify the sub-interface ip add

R1#show ip route
>>to verify default route.

On the PC1, and PC2’s command prompt, use the command: “tracert google.com” to
verify the traffic passing over their gateway.
Work Cites:
Ngu Nguyen
CMIT_452_Cisco Network Proposal
Prof. Kusay Rukieh
[1] Hucaby David. CCNP Routing and Switching SWITCH 300-115 Official Cert Guide.
Indianapolis, IN 46240, ID: Cisco Press, 1 Edition, Dec26, 2014.
[2] McQuerry Stephen. “VLAN Access Control List”. Cisco: General Networking: Cisco Press.
Oct11, 2002.
[3] Bhaji Yusuf. “Security Features on Switches”. Cisco: Security: Cisco Press. Jul3, 2008
[4] Janowski Michal. (Jun 7, 2014). “Understand Etherchannel Load Balancing”. Retrieved
fromPacketpushers.net.
http://packetpushers.net/understand-etherchannel-load-balancing-catalyst-switches/
[5] …
Purchase answer to see full
attachment

Homework On Time
Calculate the Price of your PAPER Now
Pages (550 words)
Approximate price: -

Why Choose Us

Top quality papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional academic writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

Free revisions

If you feel that we missed something, send the order for a free revision. You will have 10 days to send the order for revision after you receive the final paper. You can either do it on your own after signing in to your personal account or by contacting our support.

On-time delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & confidential

We use several checkers to make sure that all papers you receive are plagiarism-free. Our editors carefully go through all in-text citations. We also promise full confidentiality in all our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

You are welcome to choose your academic level and the type of your paper. Our academic experts will gladly help you with essays, case studies, research papers and other assignments.

Admissions

Admission help & business writing

You can be positive that we will be here 24/7 to help you get accepted to the Master’s program at the TOP-universities or help you get a well-paid position.

Reviews

Editing your paper

Our academic writers and editors will help you submit a well-structured and organized paper just on time. We will ensure that your final paper is of the highest quality and absolutely free of mistakes.

Reviews

Revising your paper

Our academic writers and editors will help you with unlimited number of revisions in case you need any customization of your academic papers