Transcript Sunnyslope
THREADED CASE
STUDY
SUNNYSLOPE
Presented to
Michael Barrett and Paul Flynn
Intoduction
This is our presentation of the Threaded Case Study (TCS)
as part of our “Certificate in Computers IT Support”
TEAM:
The team consists of Ken Henry, David Lynch and Rory Mc
Caffrey
GOAL:
Our goal is to demonstrate our knowledge of Local Area
Network (LAN) design and implementation. For our project
we are working on Sunnyslope Elementary School in the
Washington Elementary School District.
Background
The district presently includes 33 schools, a district office, and
a service center. This project will include connectivity between
all district sites.
All computers within the district are to be able to access the
internet. The district will implement a number of servers at the
main office to most intranet and internet needs.
This network must be usable for the next 7-10 years and,
therefore, must plan for 100x growth of LAN throughput, 2x
growth in WAN core throughput, and 10x growth in Internet
Connection throughput. All host computers must have a
minimum of 1.0 Mbps throughput and all servers must have a
100Mbps throughput.
Physical Layout
Placement of MDFs and IDFs
Cable runs
Placement of switches and routers
Placement of servers
General Requirements
Placment of MDFs and IDFs
We chose our Main Distribution Facility in Building 300
West. This is the best location for the MDF because it is
centrally located and contains the Point of Presence. It is
also surrounded by administrators and faculty, so it
maintains a high level of security at all times. The MDF
covers only buildings 300 East, West, and the Computer
Lab. Our IDFs are located in the following buildings:
Maintenance, Building 200 West, Multi-Purpose Building,
and Building 400 West. These are good locations because
all rooms are away from school activity and in a safe
closed off area
Cable Runs
All backbone cabling from MDF to the IDFs will use
multi-mode fiber optic cable. This benefits the network by
not having to worry about unstable grounding techniques
between buildings.
It also allows distances between the MDF and the IDFs to
not pose a problem.
Placement of Switches and Routers
There is only one router in our entire network. It is placed
in our Main Distribution Facility and serves as the main
communication device.
Switches are placed in every IDF and in our MDF.
There is a switch in every room contained in a lockable
cabinet. While more expensive than a hub, switches will
serve for future expansion more efficiently than a hub. If
the available 24 hosts were needed in a room, then they
would be collision free. All switches in rooms are
terminated at the nearest MDF or IDF.
Placement of Servers
We chose to place the student servers together on a server
switch. This switch resides in our MDF and is given 100
Mbps speed to the uplink. There is only one main server
on this switch to begin with, but it remains for future needs
for other servers. The administration server is running off
of the router. This helps maintain logical security which
will be discussed later on. The logic for there placement is
in there classification. These main servers are enterprise
servers and must be able to be reached by there entire
networks. They will be easily administrated in one
location and if need arise, future additions may be added to
the server switch for additional enterprise servers.
Although there will be no servers located in any IDFs,
there is an extra 100 Mbps port available in each for
possible future workgroup servers of any kind
Logical Layout
Ip Addressing
V-Lan implementation
Broadcasts domains
Server applications
Routing protocol
Security
IP Addressing
IP addressing will be configured using private Class A IP
addresses for both the administrations network and the
student network. It was decided to logically administer the
ip address in building which had MDF,S and IDF,S which
gave us a a total of 5 buildings.
The network has a max of 7 IP address in each room
dedicated to routers, servers, and printers for future
growth.It also has a total of 65 address for students which
is more than enough to cover a maximum of 1032 users if
all 24 hosts were needed in every room.
There is also 190 addresses left in each room for
administration.
IP Addressing continued:
It was decided to give the lecture in each room an
address of 10.x.x.65 and all would have the same
address so when we were configuring access control list
it would make it much easier.
Network address of 10.x.x.x will be configured
accordingly. The subnet for the network will be
255.0.0.0
IP Addressing system
MDF
IP address for this building is 10.1.X.X
Within the room where the MDF is housed an address of
10.1.1.(1-7) is for router, server, printers etc.
An address of 10.1.1.(8-63) for Students
And an address of 10.1.1.(64-254) for Administration
An address of 10.1.1.65 is dedicated to lectures with in this
room.
NB. The same was done for all rooms in this building
An address of 10.1.2.X for room 2 with the same addresses
for Servers-Students-and admin.
IP Address System Cont.
IDF 1
IP address for this building is 10.2.X.X
Within the room where the IDF are housed an address of
10.2.1.(1-7) server, printers etc.
An address of 10.2.1.(8-63) for Students
And an address of 10.2.1.(64-254) for Administration
An address of 10.2.1.65 is dedicated to lectures with in this
room.
NB. The same was done for all rooms in this building
An address of 10.2.2.X for room 2 with the same addresses
for Servers-Students-and admin.
IP Address System cont.
This address system was carried out on all the other
buildings which had IDF’S
It gave us a total of 5 different buildings
All of these buildings we made into
V-LAN’s
Entire network Backbone
MDF
IDF 1
IDF 2
IDF 3
IDF 4
Router Connections
V-lan Layout
V-LAN Impementation
VLANS are a very important part of the network setup.
Although the administration and students are on two
separate networks, they still run through the same switches
at layer two encapsulation processes. Therefore the
Administration will be configured on VLAN 1 and the
students on VLANs 2-6.
We have decided to allow communication between student
VLANs and allow administration access to all VLANs
through two trunk ports. These trunk ports will allow
VLANs to communicate while maintaining a level of
security. VLANs are also an important part of keeping our
broadcast domains at a minimum level.
V-LAN Continued
All buildings which had a MDF or IDF was made into a V-LAN. 6 in
all.
Both trunk ports will be located on the server switch and be regular
10/100 Mbps running at full duplex. One trunk port will be for
administration and the other for students.
Any student port coming out of IDF 1 will be on VLAN 2.
Any student port coming out of IDF 2 will be on VLAN 3.
Any student port coming out of the MDF will be on VLAN 4.
Any student port coming out of IDF 3 will be on VLAN 5
And any student port coming out of IDF4 will be on VLAN 6.
Any port that is not in use will be assigned to the student VLAN for
that MDF/IDF.
Trunking ports on V-LANS
These trunk ports will allow VLANs to communicate
while maintaining a level of security. VLANs are also an
important part of keeping our broadcast domains at a
minimum level.
VLANs are also an important part of keeping our
broadcast domains at a minimum level.
Both trunk ports will be located on the server switch and
be regular 10/100 Mbps running at full duplex.
One trunk port will be for administration and the other for
students.
Broadcast Domains
With a possible user count of 1032 in the student network,
broadcasts are bound to be a problem. With the help of
VLANs and the router, the network can remain at a low
congested stated.
Each VLAN will hold its own broadcast domain and not
allow broadcasts from other VLANs to intrude. Although
the student VLANs can communicate with each other, the
router breaks up the VLANs into and separates them to
their proper domain.
Braodcast Domains
Server Applications
Each server in the MDF will run their own applications. The
student server will serve as the main DNS server, The student
server will provide any needed applications to the student
network. These applications could include a student directory
for school files or direct e-mail to teachers for questions.
The administration runs off of the router and will allow access
for administrative services. This will be the teachers main
DNS and maintain administrative applications such as direct
attendance programs and e-mail. Having these applications on
separate servers allows for a high level of security and growth
for the future of the network.
Server Placement
Routing Protocol
Since there is only one router in the Sunnyslope network,
the routing protocol will simply be for the WAN link to the
pop. Any other school communicating on the same
network will be able route packets to our router and vise
versa.
The routing protocol that is going to be configured this
network’s router is IGRP. This way there will be a
guarantee that other school’s packets won’t be discarded
because of hop count. Also with IGRP’s autonomous
system number there will be an additional security
measure.
Physical Security
Each and every IDF as well as the MDF contains a
lockable cabinet. These will be used to organize and keep
all unauthorized personnel away from the actual router,
switches and servers if the room might be penetrated.
Each room will also have a lockable cabinet so that devices
may not be tampered with by any unauthorized person.
Logical Security
The logical security of the network contains almost all
levels of security on the OSI layer. We have already
discussed the physical security, but the logical portion of
VLANs play a very important roll in the network’s
security.
VLANs make the network secure in one way by not
allowing the student VLANs to communicate to the
Administration VLAN. In this way, we can provide a
totally switched environment with very little ACL’s to keep
students out of the administration network.
Wan Design
All schools will be connected through point-to-point
connections to a regional hub. There will be a regional hub
at the district office, service center, and Shaw Butte
Elementary School.
All point-to-point connections will be running at a T1
connection speed and internet connections to schools will
be provided by the district office through frame relay
PPP Configuration:
PPP is a very important part of the Wan Design. It will allow for full use of
bandwidth with its capability of network protocol multiplexing. It is reliable
with its link configuration and quality testing. It also provides for error
detection and allows for the use of the Dynamic Control Host Protocol. PPP
is an ideal layer two encapsulation WAN protocol for our design because of
these features. As opposed to a packet-switched, virtual circuit protocol
such as Frame Relay, it is a dedicated link that will be useful in the
connections between the schools and the offices; these are the places where
we will want the most reliability and error detection.
Although Frame Relay is cost effective and fast, it would not provide the
reliability needed to these points. PPP also has an optional authentication
phase that can use CHAP and/or PAP to protect unauthorized traffic through
the connected routers. In our case we will use CHAP because it provides
encrypted passwords from router to router.
ISDN
ISDN is an alternative to leased lines.
It generally is used for networking small LANS.
FRAME RELAY
Frame Relay will be our main type of connection for
internet services. It is a very high performance and
efficient data technology. It operates at the physical and
data link layers
The main Frame Relay connection will be through the data
center. Since there is only one PVC we will not have to
configure any additional sub-interfaces.
Access Control Lists
The ACL.S will be set up at the router allowing students
access to nothing but the internet on e1.
An Access list will also be set up for filtering WAN
activies.
An access list will be set up for Admin Server
Equipment Used in Network
Design
Router – Cisco 4500mQuantity 1
Router Accessories – NP-2E module consisting of 2
ethernet ports-Quantity 2
Switches - WS-C1912-EN
Quantity 3
WS-1912-EN
Quantity 4
WS-C2828-EN
Quantity 1
Switch Accessories 4 port 100B FX Module
1 port 100B TX Module
4 Lockable Cabinets-For IDFs-50-70381
1 Lockable Cabinet -For MDF-50-70244
Pros of this Network Design
Speed: With fiber going to each switch, there is 1 gigabit
of bandwidth available with possible improvements in
technology.
Less interference: Fiber has less interference from
magnetic fields.
Non-centralised: Control is closer, if there is a local
problem.
There is room for future growth in this network.
Cons of this Network Design
Non- Centralised: With an IDF in each building there may
be difficulty locating a problem.
Cost: The quantity of switches and fibre needed has
increased the cost.
Security: With many locations, there is more of a
possibility of break-in or theft.