Transcript Acadia

ACACIA
Threaded Case Study
Seamus Burns
Ronan Conaghan
Eugene Cullen
Requirements
Administration and Students to be logically
divided via VLAN’s
Expected lifetime of Network 7-10 years
Allowed growth of 100x in LAN
Throughput of Wan can increase by 2x
Internet Connection throughput can increase
by 10x
Only TCP/IP and IPX protocols to be used
Logical Design
Physical Wiring Diagram:
VLAN’s
There will be two VLAN’s, one
Administrative and one Curriculum
Vlans will be implemented at two switches one in the IDF and one in the MDF
Exceptions will be made to facilitate the
following


All students will be allowed to access the DNS
and e-mail servers which are located on the
administrative VLAN
All students will be allowed to access the library
server which is also located on the
administrative VLAN
Cabling
Cabling will have min 100Mbps capability



100 BaseTX Cat 5 UTP will be used in horizontal
cabling. This has a maximum run of 90M. Each
classroom will be served by 4 Cat5 cables
1000BaseFX Multi-mode Fibre will be used in all
vertical cabling applications. This means only two
cables instead of several 100BaseFX cables. This
future proofs us against cable bottlenecks in the
backbone.
All servers will be connected back to switch with
1000BaseFX to safeguard against bottlenecks.
Classrooms
Each classroom has 4 data termination
points
Each classroom will have a lockable wall
mounted closet where hubs will be
located
3 points for students via hubs
1 point for direct connection to teachers
PC
Network printer will connect via hub
MDF Closet
Must be totally secure
Must have temperature control
Will be located in room with WAN POP
All servers will reside here
UPS will be located here also to allow
servers to back up any data in the
event of a power failure
MDF Closet (cont’d)
Will house an equipment rack
Rack will serve as cable termination
point
Rack will accept switches, router, patch
panels
Closet Graphics (MDF)
Fiber patch panel
24 Port Patch Panel
24 Port Patch Panel
24 Port Patch Panel
24 Port Patch Panel
WS-C3548-XL-EN Cisco Sw itch
WS-C3548-XL-EN Cisco Sw itch
2610 Series Router
Monitor
Retractable keyboard shelf
Library Serv er
A dmin Serv er
Work Group
A pplic ation Serv er
Dns Serv er
UPS
IDF CLOSET
Modular Servers
Closet Graphics (IDF)
Fiber patch panel
24 Port Patch Panel
24 Port Patch Panel
24 Port Patch Panel
24 Port Patch Panel
WS-C3548-XL-EN Cisco Sw itch
WS-C3548-XL-EN Cisco Sw itch
Monitor
Retractable keyboard shelf
Modular Servers
Work Group
Work Group
UPS
IDF Cabinet
Servers
DNS and E-Mail servers.


Will act as a post office for the school
Will maintain a complete record of staff and
students for that location
Administrative Server



For student tracking, attendance,grading, etc.
Available only to admin staff and teachers
Will run TCP/IP as its protocol suite
Workgroup servers

Located to prevent unnecessary network traffic
Servers(cont’d)
Library Server



Research and retrieval system for online
research laboratory
Will run TCP/IP as it’s protocol
Available to everyone ie. Students and staff
Application Server

All computer applications to be housed on
this server
IP Addressing
One class C address allocated to school
We will use a class A addressing
scheme
Implemented via Network Address
Translation on the Router
Further enhanced by use of Port
Address Translation
IP Addressing (cont’d)
Class A address 10. 10 . 10 . 1
Zone . Room No . Host No
The curriculum lan will be assigned even
numbers in the last octet
The administrative lan will be assigned odd
numbers in the last octet
IP Addressing(cont’d)
Teachers PC will always be assigned
number 1 in the last octet in all rooms
MDF addresses 10.1.1.x(odd)
IDF addresses 10.1.2.x(odd)
The splitting of Administration and
Curriculum addresses with even and
odd numbers is to facilitate ACL’s
Access Control Lists (ACL’s)
ACL’s are implemented at the interfaces on
the router to filter the flow of traffic across
internal VLAN’s and to filter incoming and
outgoing traffic.
Proper implementation of ACL’s will allow
access to all areas of the curriculum VLAN
while at the same time preventing access to
the administrative lan by any member of the
curriculum lan
ACL’s (cont’d)
Implementation of An ACL on the wan
side of the router will prevent any
telnetting into the school network
ACL’s allow a very concise level of traffic
filtering down to individual host IP
addresses so careful planning when
allocating IP addresses optimizes their
effectiveness
Example ACL
To prevent Telnet access into the school
network

Access list 101 deny any any eq telnet
To allow students access to DNS and Email server

Access list 101 permit 10.0.0.0
0.255.255.254 10.1.1.7 0.0.0.0
Firewall
2 Layer Firewall ACL’s & Pix
PIX is a Cisco hardware Device
PIX-1Ge-66 with Gigabit Eth. interface
Uses propietary operating system
Pix will be implemented outside the
school network to block all unsuitable
data
ACL’s act as second layer of firewall
Pros
Implementation of switching provides
micro segmentation of network
Room provided for expansion
NAT hides internal pc’s
Use of fibre guarantees bandwidth
Use of VLAN’s provides internal security
2 layer firewall for security
Cons
Expensive to implement
Tying network to proprietary products
increases cost