Transcript Acadia

Acacia
Threaded Case Study
Aoife McIntyre
Cordelia Carty
Mary Kearns
Overview



The school district is in the process of
implementing Local Area Networks (LANs) and a
Wide Area Network (WAN) to provide data
connectivity between all school sites.
Access to the internet from any site in the school
district.
Implement a series of servers to facilitate online
automation of all the districts administrative and
curricular functions.
Overview (cont)



Network must be functional for a
minimum of 7-10 years.
Provide for 100% growth in LAN.
TCP/IP and Novell IPX are the only OSI
layer 3 and 4 protocols allowed. In our
case we will use TCP/IP.
User Requirements


Two Local Area Network (LAN) segments
will be implemented. One VLAN will be
designed for student curriculum usage and
the other for administration.
The LAN infrastructure will be based on
Ethernet LAN switching. The transport
speeds will be Ethernet 10BASE-T,
100BASE- TX, and 100BASE-FX.
Cabling


Horizontal cabling will be Cat5 Unshielded
Twisted Pair (CAT5 UTP). It will be able to
accommodate speeds of 100Mps. This has
a maximum distance of 90m.
The vertical backbone will be fiber optic
1000 Base-FX, which will run between the
MDF and the IDF.
Wide Area Network (WAN)

The WAN will connect all of the schools to the three regional
hubs and interconnect the regional hubs in a extended star
topology. It will also connect the Data Center regional hub to
the internet through a proxy server.
Logical Addressing Scheme

One class C address allocated to the school




Students – 192.168.1.1 to 192.168.1.254
Admin – 192.168.2.1 to 192.168.2.254
Servers – 192.168.3.1 to 192.168.3.254
The class C address has been sub-netted to
allow for more hosts on the same network
Logical Design
Wiring Layout
Zone Layout
Classrooms


Each of the classroom must be able to support
24 workstations and be supplied with 4 data
termination points. A single location in each
room will be designated as the wiring point of
presence (POP) for that room. It will consist of a
lockable cabinet containing all cable terminations
and electronic components; switches etc.
It requires that the network in Acacia must be
able to support 325 computers, 250 computers
for students and 75 computers for
administration usage.
Classroom Layout
Main Distribution Frame (MDF)
An MDF is a free-standing or wallmounted rack for managing and
interconnecting the telecommunications
cable between the main distribution frame
and the intermediate distribution frame
(IDF). The MDF is also the connection
point for your LAN to the district WAN.
MDF
MDF Equipment















Cisco 2611 Router with serial, Ethernet and dial-in facilities
2 - Catalyst 3542 XL Ethernet Switches
Catalyst 3548 XL Enterprise Edition
4 -24-port patch panels
1 - 16-port patch panel
Fiber patch panel
Administrative server
Application server
DNS/E-mail server
Library server
Workgroup server
UPS
Monitor
Monitor shelf with keyboard tray
Ventilation Panel
Intermediate Distribution
Frame (IDF)
An IDF is a free-standing or wall-mounted
rack for managing and interconnecting the
telecommunications cable between end
user devices and a MDF. For example,
there would be an IDF in each building or
every 90 meters.
IDF
IDF Equipment







3 - Catalyst 3542 Ethernet Switches
4 - 24-port patch panels
Fibre patch panel
UPS
Ventilation Panel
Monitor
Monitor shelf with keyboard tray
Servers


DNS/E-MAIL SERVER : The school host will be the local
post office box and will store all e-mail messages. The
update DNS process will flow from the individual school
server to the Hub server and to the district server. All
regional servers will be able to communicate between
themselves, building reducdancy in the system.
ADMINISTRATIVE SERVER : This will contain the student
tracking, attendance, grading and other administration
functions. This server will only be available to teachers
and staff.
Servers (cont)


LIBRARY SERVER : Acacia is implementing an
automated library information and retrieval system,
which will contain an online library for curricular
research purposes. This server will be made available
to anyone at the school site.
APPLICATION SERVER : All computer applications will
be housed in a central server at each school location.
As applications such as Word processing, Excel,
PowerPoint etc are requested by users these
applications will be retrieved from the application
server. This server will be made available to anyone at
the school site.
Servers (cont)

OTHER SERVERS: Any other servers
implemented at the school sites will be
departmental servers and will be placed
according to user group access needs.
VLAN’s
A VLAN is a logical grouping of devices or users that can
be grouped by function, department, or application,
regardless of their physical segment location. VLAN
configuration is done at the switch via software .
Two VLANs will be used on the LAN:



VLAN 1 will be used for the administration segment.
VLAN 2 will be used for curriculum.
All changes and moves will be controlled and managed
accordingly.
VLAN’s
Vlans are implemented for the following reasons:
 Reduces administration costs related to moves,
additions and changes
 Provides better control broadcasts
 Tightens network security
 Distributes traffic load
 Relocates servers into secured locations
 Saves money by using existing hubs
Access Control Lists (ACL’s)

ACL’s permit or deny certain users (or an entire
network segment) access to network resources.
These are set up by the network administrator
and add security to the network, as well as limit
network traffic and increase network
performance. ACLs are either standard numbers
1-99) or extended (numbers 100-199)
ACL’s



Students have access to:
 Application server
 Internet
 Library server
Students are denied access to:
 Any activity on the DNS server
 Administrative server
Teachers have access to:
 Internet
 DNS server for e-mail
 Administrative server at Acacia
 Application server at Acacia
 Library server at Acacia
Example ACL

Enter global configuration mode


Permits all users access to email/DNS server


Acacia(config)# access-list 101 permit tcp 192.168.1.0 0.0.0.255
192.168.3.2 0.0.0.0
Blocks all student/curriculum traffic from access the admin
network


Acacia(config)# access-list 101 permit tcp 192.168.1.0 0.0.0.255
192.168.3.1 0.0.0.0
Permits all users access to the library server


Config t
Acacia(config)# access-list 101 deny 192.168.1.0 0.0.0.255
192.168.2.0 0.0.255.255
Permits all other traffic

Acacia(config)# access-list 101 permit any any
IGRP



IGRP is a distance vector Interior Gateway Protocol.
Distance vector routing protocols mathematically
compare routes using some measurement of distance.
This measurement is known as the distance vector.
Routers using a distance vector protocol must send all or
a portion of their routing table in a routing-update
message at regular intervals to each of their neighboring
routers.
As routing information is reproduced through the
network, routers can identify new destinations as they
are added to the network, learn of failures in the
network, and, most importantly, calculate distances to all
known destinations.
IGRP Implementation



Acacia# config t
Acacia(config)# router igrp 100
Acacia(config-router)# network 192.168.1.0
Acacia(config-router)# network 192.168.2.0
Acacia(config-router)# network 192.168.3.0
Acacia(config-router)#exit
Firewalls



A system designed to prevent unauthorized access to or
from a private network. Firewalls can be implemented in
both hardware and software, or a combination of both.
Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks
connected to the Internet, especially intranets.
All messages entering or leaving the intranet pass
through the firewall, which examines each message and
blocks those that do not meet the specified security
criteria.
Security

Double firewall implementation






ACL’s act as second layer of firewall
Network will be divided into 3 logical network
classifications: staff/administrative, curriculum and
servers
Two separate VLANs: Curriculum and
Staff/Administration
Utilization of access control lists
User ID and Password Policy published and strictly
enforced on all computers in the District
All traffic from Curriculum LAN prohibited on
Administrative LAN.
Pros





The network speed can be upgraded without much
change in the physical cabling
With 4 CAT5 cables in every data termination point
in the rooms, extra computers or other devices can
be used in the classrooms as needed
ACLs provide very strong security : students in the
curriculum network cannot get into administrator
network
Use of VLAN’s provide internal security
Troubleshooting made simpler using switches
Cons





There is no redundancy of router link at POP. If the WAN
link fails there will be no access to other resources in the
district or access to the Internet
The use of switches increase the network latency as well
as initial cost of the network
Expensive to implement
Password security is based on user cooperation
Non – Centralized – With IDFs in each building, it is
difficult to locate problems