tcs!!! - Angelfire
Download
Report
Transcript tcs!!! - Angelfire
Cisco’s Threaded Case Study
Desert View
Andy Gall
Ken Schroeder
John Byers
SCHOOL PLAN
•Design a school network that will allow all connected
workstations the ability to connect at a minimum of 1 Mbps.
•Design the network in such a manner that there is reliable
security separating the curriculum & administrative systems.
•Design the school network at a minimum of cost to the school
but one that allows for future technologies to be added easily.
A
B
Section Andrew
Frank
Section Brian
Section Charlie
Section Daniel
Section Edward
George
Cut Sheet
Sample Label
IDF
Andrew
Brian
Charlie
Daniel
Edward
Frank
George
A101d1
B203d1
C302d1
D407d1
E509d1
F601d1
G702d1
A101d2
B203d2
C302d2
D407d2
E509d2
F601d2
G702d2
A101d3
A203d3
C302d3
D407d3
E509d3
F601d3
G702d3
A101d4
A203d4
C302d4
D407d4
E509d4
F601d4
G702d4
= IDF
= CAT 5
= IDF
= CAT 5 drops to
rooms (4 each)
Network Equipment
Category 5 Plenum Cable
Fiber Optic Cable (4 pair)
Cisco Router
Cisco Switches
Cisco Hubs
Equipment racks/cabinets
Patch panels
Fiber Optic Cable
Connecting two pairs from school MDF
to every IDF (total 7 locations).
Total length required: 8000 ft.
Price quoted from DataComm 11/1/99.
– $630/1000 foot pack {Item DBC1832}
– $5040 for all Horizontal cross-connects
Category 5 Plenum Cable
31,050 ft. needed for all vertical CC
Price quoted from DataComm 11/1/99
– $550/2000 foot pack
$8800 for entire project Cat 5 needs
Cisco Router
Cisco 2600 Series Router
Channelized T1/E1 for connection to
Central Office
2 Fiber Modules for connection to LAN
Gateway to Internet
– Estimated cost: $6,000
Cisco Switches
Cisco 2924-xl-a, 24 port 10/100 BaseT
– 50 Classroom Switches
Cisco ws-c-2924-xl-en, 22 port 10/100
Ethernet & 2 100BaseFX
– 7 IDF Switches
Cisco 2912-mf 12 port
100BaseFx w/ 4port
100BaseT Module
– 2 MDF Switches
Cisco Hubs
Cisco 1538 8 port 10/100BaseT
– 50 Classroom extension hubs
Rack Equipment
Classroom Cabinets {x50}
– Locked cabinet w/ 32 port patch panel
Panduit DP32588110B
Intermediate Distribution Facilities {x7}
– Patch Panel--Panduit CD48BL or CD24BL
– Fiber Panel-- Panduit FAP6WST
– Media Rack--Panduit CMR19X47
– Cable Management --WMPVSF20 & WMPFS
Cloud
Frame Relay
District Office
T1 Line
1924MF Switches
2621 Router
1924C Switch
1924 XL Switch
Hub
Teacher
Laser printer
Most Students
Rest of students
Cloud
District Office
T1 Line
1924MF Switches
2621 Router
1924C Switch
32 Port 10/100 Hub
Hub
Teacher
Students
Laser printer
Network Project Cost
Router
MDF Switch
IDF Switches
Classroom Switches
Hubs
Fiber Cable
Category 5 Cable
Network Equipment
$6,000
$5356 x 2
$2005 x 7
$1670 x 50
$500 x 50
$5,040
$8,800
$5,000
TOTAL: $158,092
Network Project Cost
Router
MDF Switch
IDF Switches
Classroom 32 Port
Hubs
Fiber Cable
Category 5 Cable
Network Equipment
$6,000
$5356 x 2
$2005 x 7
$500 x 50
$5,040
$8,800
$5,000
TOTAL: $74,587
Magic
Internet
Central Office
10.5.0.x
10.6.0.1
fx0
Administration
10.6.0.x
10.5.0.1 e0
Cisco 2600
10.7.0.1
fx1
Curriculum
10.7.0.x
Specific IP addresses
Teacher workstations, Servers, and Printers
will be Static IP addresses.
Teacher Workstations: 10.6.0.10-250
Network Printers: 10.7.0.100-150
Students will obtain an IP
address from the DHCP server.
Numbers will be in the range of
10.7.1.x to 10.7.5.x
Access List Logic
Basic Premise; all workstations on 10.5.x.x and workstations on
10.6.x.x have access to devices located on the 10.7.x.x subnetwork.
However, ONLY port 80 will be allowed OUT of any device located
on the 10.7.x.x subnetwork.
F.M. Internet
80
Access List
In order for the curriculum and administrative
portions of the network to remain segmented, an
access list will be placed on the school router.
The only data that can travel from the student
computers to any other part of the network is HTTP.
Access-list 105 permit IP 10.6.0.0 0.0.0.255 10.7.0.0 0.0.255.255
Access-list 105 deny IP 10.7.0.0 0.0.255.255 10.6.0.0 0.0.255.255
Access-list 105 permit TCP 10.7.0.0 0.0.255.255 any eq 80
Interface fx1
IP Access-group 105 in
VLAN
In The
order
the students
to
goal to
is tokeep
limit student
activity on limited
administrative
only
theirbut
specified
address range,
the
locations,
still allow administrators
to use student
services.
{I.E. Printers
or Library
Server}
need for
a Virtual
LAN has
been
created.
On every switch in the IDF’s, we will specify which
ports are for VLAN1 (Administrative) and which ports
are for VLAN2 (Curriculum).
Servers
NAME
Administrative Server:
Curriculum Server:
Library Server:
Network Server:
IPX Name
IP Address
DV_Admin
DV_App
DV_Lib
DV_Net
10.6.0.20
10.7.0.10
10.7.0.30
10.7.0.20
•Note:
The Network Server will be running the Cisco Server Suite 1000,
allowing DHCP for student machines, e-mail storage, and other
WAN activities.
SPEED
•Design a school network that will allow all connected
workstations the ability to connect at a minimum of 1 Mbps.
However, the TCS also requires that the LAN will grow at
1000% over the next 5 years. This breaks down to a
minimum of 10 Mbps per workstation.
With the system that we have designed, the
network will perform at 100 Mbps to every
teacher workstation and 90% of all
student workstations.
Security
•Design the network in such a manner that there is reliable
security separating the curriculum & administrative systems.
With our network design, students can perform all their
activities in their network. However, they cannot access
information on the Administration server because of the
VLAN. They cannot access information located at the
Central office because of the restrictions in the Router’s
Access List. They can reach the Internet through the
Network Server’s DHCP’s functions and the permissions
set in the Router’s Access List.
Growth
Due to the fact that we are responsible for the performance of
our network,
we wanted
to create
the best possible
•Design
the school
network
at a minimum
of cost toperforming
the school
network.
With the
layout technologies
of the IDF’s and
classroom
but one
that allows
for future
to be
added easily.
cabinets, upgrading the entire network could be modified
by simply changing the Network components. However,
by creating a switched network NOW, the need to upgrade the
network has been postponed as this design will perform
the tasks necessary for many years. We were also required to
supply 24 student workstation ports. We have designed for a
possible 30 workstation in each room.