Transcript Desert View
Networking Project
Ailis
&
Louise
General Requirements
The Washington School District is in the process of implementing an
enterprise wide network which will include Local Area Networks (LANs)
at each site and a Wide Area Network (WAN) to provide data
connectivity between all school sites.
The WAN will connect all school and administrative offices with the
district office for the purpose of delivering data.
The WAN will be based on a two layer hierarchical model. Three
regional Hubs will be established at the District Office, Service Center
and Shaw Butte Elementary School for the purpose of forming a fast
WAN core network.
School locations will be connected into the WAN core hub locations
based on proximity to hub.
Routers will be installed at each WAN core location.
Access to the "Internet" or any other outside network connections will
be provided through the District Office through a frame relay WAN link.
For security purposes, no other connections will be permitted.
General Requirements
Continued
Access to the "Internet" from any site in the school district is
also an integral part of this implementation. Once the Network
is in place the school district will implement a series of servers
to facilitate online automation of all of the districts
administrative and many of the curricular functions.
Since this network implementation will have to continue to be
functional for a minimum of 7-10 years all design considerations
should include 1000% growth in the LAN's and 100% growth in
the WAN.
The minimum requirement for initial implementation design will
be 1.0Mbps to any host computer in the network and 100Mbps
to any server host in the network.
Only one OSI layer 3 & 4 protocols will be allowed to be
implemented in this network, this is TCP/IP.
Project Goals
The overall design will provide:
Data connectivity to three regional hubs
District wide Internet connectivity
Security for the WAN
Connectivity to 1200 workstations
Secure Administrative LAN
Internet, DNS and E-mail services
100% growth in 7-10 years
Deliver a robust, cost-effective
WAN/LAN solution
Desert View
Wing 1 & Wing 2 & Cafeteria
Wing 1 & Wing 2
Each Classroom:
Will contain approx. 23 students PC’s and 1 Lectures
PC.
Each student PC will be wired back to a hub
contained in the wiring closet, CAT5 will be used to
run these hubs to the Switch contained in the IDF.
In the classroom there will be one Network Printer,
which is only available to the students in that
classroom this will also be run into one of the hubs.
Each classroom will run back to the nearest IDF and
in to the corresponding switch which will have a fiber
connection to the MDF.
The cafeteria will set up to house 24 PC’s if needed.
Wing 3 & Portocabin & Library
Wing 3 & Library
Wing 3 houses the main distribution facility
Administration offices including Principal and
vice principal etc are also found in this wing
Administration runs straight into a WS-C1912CEN#1 switch in the MDF.
Therefore administration staff, principal, network
printers and servers have a 100mb connection
each.
The library is also wired like a classroom
houseing 24 PC’s with room for expantion
10 PC’s will be dedicated to administration
5 PC’s will be dedicated to the use of lecturers.
Wing 4 & Wing 5 & PE building
Wing 4 & 5
Each classroom has four CAT 5 Cable coming from
the nearest IDF.
There are 17 Classrooms within the Wing 4 and 5,
East and West.
Each classroom houses 24 PC’s, 23 PC’s used by the
Student’s and 1 used by the Lecturer.
Every classroom has a wall mounted Cabinet
positioned at the Data termination point where the
four CAT 5 UTP cable are coming into the room.
The Lecturers PC will use one of these cables directly
The 23 PC’s (students) will use the other cables,
which will be attached to one of three hubs.
Data Cabling
Specifications
Transport speeds will be Ethernet 10BaseT, 100BaseT and
100BaseFX.
The Horizontal Cabling shall be standard Category 5E
Unshielded Twisted Pair (CAT 5E UTP) with 100+ mbps
capability.
CAT 5E Plenum will be used in the drop ceilings and in the walls
in order to comply with fire codes.
All vertical (backbone) cabling shall be Fiber optic Multimode
cable.
The cabling infrastructure shall comply with EIA/TIA 568
standards.
Classroom Design
There are a total of 35 classrooms
Each classroom will support 24 workstations.
Every classroom will have four CAT 5E UTP
Cable runs stemming from the nearest
Intermediate Distribution Facility (IDF).
One of the four data cables will be designated
for teacher's workstation.
The other data cables will be connected to one
of three Hubs which will service only the
Student’s Workstations.
This will also allow for expansion.
Classroom Context
Ea ch Hub is of type
W S -C412
33U 19in Wiring Clos et#1
IDF Design:
The Intermediate Distribution Facilities (IDF)
will be connected directly to the MDF in a
extended star topology.
There are six IDF’s located throughout the
school with one IDF in each wing.
Each IDF is equipped with a 24 port 10/100
Switch (Standard Edition) for the Student’s
PC’s
A 12 port 10 Base T Switch Enterprise Edition
which will be only for Lectures PC’s.
This switch will support V-Lans.
IDF
24 PORT 10/100 Sw itc h
12 Port 10 Bas e T Sw itc h
Enterpris e Edition
24 Mic 23in 2u Patc h Panel
24U 23in Wiring Closet#1
MDF Design
A Main Distribution Facility (MDF) room is established as the
central Point of Presence (POP) to which all LAN and WAN
cabling will be terminated and secured
This room will house a Cisco 3640#1 Router,PIX firewall, WSC1924C-EN Switch, WS-C1912C-EN#1 for Administration and
the Five District Sservers.
Application
DNS
Email
Library
Administration
Two uninterruptible power supplies (UPS) will serve to provide
back up protection against unexpected power outages.
Main Distribution Facility
CISCO3640#1
W S -C1924c-e n
WS-C1912C-EN#1
Se r ve r s
-Ad m in is tr atio n
-Em ail
-DNS
-Ap p licatio n
-L ib r ar y
12U 19in Wiring Closet#1
33U 23in Wiring Closet#1
IDF 1
Appl.
DNS
EMail
Library
Adm in
IDF 4
IDF 2
IDF 5
MDF
IDF 6
IDF 3
Firewall
Connection to
the W W W
WAN Logical
WAN requirements
100 Mbps data delivery to any server host in
the Network.
Access to the Internet at District Office/Data
Center via Frame Relay.
Internet connectivity will employ a firewall
architecture.
All connections from the Internet into the
District will be filtered by Access Control Lists.
WAN requirements Cont
Domain Names Service (DNS) and E-Mail
Services are delivered in a hierarchical fashion
PPP will be implemented on all routers, IGRP
will be used for router update
CSU/DSU’s will be required for connection of
school site routers to the district WAN
PIX 515 Firewall
The PIX Firewall can protect one or more networks from intruders on
an outer, unprotected network, multiple outside or perimeter
networks
It provides enough power for over 50,000 concurrent connections
and up to 170 Mbps of throughput. Connections between the
networks can all be controlled by the PIX.
To effectively use the PIX a security policy should ensure that all
traffic from the protected networks passes only through the firewall
to the unprotected network.
The PIX Firewall allows servers such as those for Web access, SNMP,
electronic mail (SMTP) to be located in the protected network and
controls who on the outside can access these servers.
Typically, the inside network is an organization's own internal
network, or intranet, and the outside network is the Internet, but the
PIX Firewall can also be used within an intranet to isolate or protect
one group of internal computing systems and users from another.
IP Addressing
We will use a class A addressing
scheme.
10.x.x.x
Subnet mask 255.255.255.0
Wing 1 Class1
Students
Lecturer
10.1.1.(1-40)
10.1.1.(41-50)
Ip Addressing scheme contd
Wing 1
Students
Lecturers
Wing 1
Class 2
10.1.2.(1-40)
10.1.2.(41-50)
Class 3
Students
Lecturers
10.1.3.(1-40)
10.1.3.(41-50)
Wing 1 Class 4
Students
Lecturers
10.1.4.(1-40)
10.1.4(41-50)
Ip Addressing scheme contd.
As before mentioned ip addressing scheme
will continue to follow this pattern i.e.
10.?.x.x
10.x.?.x
The ? Will change according to the different wings of the
building and also in accordance with the MDF.
The ? Here will change in accordance to the different
classrooms.
10.x.x.?
The ? Here changes in accordance with the host.
MDF IP Addressing scheme
MDF ip addressing scheme
10.10.1.x
The router 10.10.1.(1-10)
Administration Server 10.10.1.11
Application Server 10.10.1.12
DNS Server 10.10.1.13
Library Server 10.10.1.14
Email Server10.10.1.15
Access control Lists
Access control lists provide basic filtering
capabilities and network security by blocking
unwanted internet traffic, and limiting access
to groups of computers or individual
workstations.
ACL’s provide security to the network directly
connected to the router.
ACL’s can be used to block applications
Student using ftp download software.
Access control lists contd.
We will use access control lists to stop students from
accessing administration & lecturer information.
Also to prevent lecturers accessing administration
information.
We will ensure that administration has access to all
information students, lecturers and district office.
Access from the district office network into Desert
View will be permitted.
Also we will allow that lecturers can crossover into
students information.
VLAN’S
The purpose of VLAN's are to create logical network segments of the
physical LAN infrastructure resulting in multiple broadcast domains.
This is also known as micro segmentation. Consequently, broadcast
frames are only switched between the ports on the same VLAN.
Broadcast traffic within each segment is not transmitted outside the
VLAN. Therefore, adjacent ports do not receive any broadcast traffic
generated from other VLAN's.
This results in increased network performance.
Advantage
VLAN's: the user can move to another area of the campus and still stay in
the same VLAN group
Disadvantage
VLANs initially require significant administrative overhead; however, the
benefits far out way the cost because any subsequent adds, moves, and
changes within the network are greatly simplified. An added benefit of
VLAN's is the establishment of secure user groups.
Conclusion
In conclusion we feel that our design:
Reaches initial traffic requirments to hosts.
Gives the students the same capabilities as
teachers, but they are segemented and thus
restricted in their access to internal school
functions.
It is a secure design.
Allows room for expansion.