View
229
Download
0
Embed Size (px)
Citation preview
Threaded Case Study
ROYAL PALM NETWORK PROJECT
John Healy Tom Jamieson
Contents
Design Goals
WAN Design
Logical and Physical LAN Design
MDF Equipment Details
IDF Equipment DetailsWiring
Scheme
Equipment Criteria
Classroom Layout
IP Addressing
Security
VLANS
Access Control Lists
Conclusions
Design Goals
• To implement an enterprise-wide network for the Washington schools district which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites.
• All workstations will need Internet access.
• Functionality is to continue for 7-10 yrs.
Design Goals
•Design considerations will include:
• A minimum of 100x (times) growth in the LAN throughput.
• 2x (times) growth in the WAN core throughput.
•10x (times) growth in the District Internet Connection throughput.
•Only two OSI layer 3&4 protocols will be allowed to be implemented in this network, they are TCP/IP and Novell IPX.
Design Goals
• Two LAN segments will be implemented in each school and the District Office.
• Cat 5 cable will supply Ethernet speeds at 10base-T, 100base-TX and 100Base-FX. Each room will require support for up to 24 workstations.
• The minimum requirement for initial implementation design will be 1.0 Mbps to any host computer in the network and 100 Mbps to any server host in the network.
WAN Design
WAN Design
Logical LAN Design
Physical LAN Design
Fibre
CAT 5
MDF
IDF
MDF Equipment Details
2 x 24 Port Patchbays
2 x 3550-12G Switches
3600 Router
Administrative Server
Mail Server
File Server
Application Server
Uninterruptible Power Supply
PIX Firewall
IDF Equipment Details
IDF 1
10 ROOMS
40 PORTS
2 x 2924XL SWITCH
IDF 2
8 ROOMS
32 PORTS
1 x 2924XL
1 x 2912XL
SWITCH
IDF 3
6 ROOMS
24 PORTS
1 x 2924XL
SWITCH
IDF 4
12 ROOMS
48 PORTS
2 x 2924XL
SWITCH
IDF 5
5 ROOMS
20 PORTS
1 x 2924XL
SWITCH
IDF 6
3 ROOMS
12 PORTS
1 x 2924XL
SWITCH
IDF 8
8 ROOMS
32 PORTS
1 x 2924XL
1 x 2912XL
SWITCH
IDF 7
11 ROOMS
44 PORTS
2 x 2924XL
SWITCH
EACH IDF ALSO CONTAINS:
1 x 24 or 2x 24 port patchbays as per requirement.
Equipment will be housed in a lockable cabinet with a fan tray installed for heat regulation purposes.
Equipment Criteria
PIX 515E Firewall
• Security
• Performance• Reliability
• Virtual Private Networking
• Network Address Translation
• Low cost
Equipment Criteria
Cisco 3600 Router
• Modular Design• Analogue and Digital Voice Services• Serial Networking Capability• Mixed WAN Services
Equipment Criteria
Cisco 3550 Switch (MDF)• Stackable Design• IP Routing
• Advanced Quality of Service• Bandwidth Flexibility
• Security Access Control Lists
• VLAN Capability
Equipment Criteria
Cisco 2900XL Series Switch (IDF)• Modular Design
• Advanced Quality of Service• Bandwidth Flexibility
• Polices traffic flows using access control parameters (ACPs)
• VLAN Capability
• Integrates Seamlessly with Cisco 3550 Switch
Equipment Criteria
Cisco 112T FastHub
• Compatible with 10Mbps and 100Mbps connections
• Internal Bridging
• Autosensing Feature
• Full integration with 2900XL series switches
Equipment Requirements
PRODUCT AMOUNT
PIX Firewall 1
Cisco 3600 Router 1
Cisco 3550 Switch 2
Cisco 2900XL Switch
10 x 2924XL Switches2 x 2912XL Switches
112T FastHub 189
Wiring Scheme
• Cabling will be run via the existing data cable ducts connecting buildings and within buildings where supplied. Wiring will also be installed in ceiling spaces and wall cavities.
• All cabling to comply with local building codes.
• Cabling from the MDF to all IDFs will be Multimode Fibre pairs
• Cabling from IDFs to classroom hubs will be Cat5
Wiring Scheme
MDF to IDF•Wiring type will be 1Gb Multimode Fibre pairs.Fibre was chosen for the following
reasons:• Max speed• Distance required
• Scalability
• Resistance to EMF
Wiring Scheme
IDF to Classrooms• Wiring type will be CAT 5 cable. Max distance is 100m
CAT 5 was chosen for:• Efficiency and reliability• Cost
Typical Classroom Layout Wall Plate
3 x 12 Port Hubs
IP Addressing
IP Addressing
SecuritySecurity Implementation:
•A double firewall will be utilised
•The network will be segmented into two LAN infrastructures. One designated ‘Curriculum’ (for student use), and the other ‘Administrative’ (for teacher and administration use).
•Each LAN will have its own file server.
•Access Control Lists will prohibit traffic from the Curriculum LAN entering the Administrative LAN
•A strict password policy will be put in place and rigourously implemented
VLANS
Access Control Lists
The purpose of Access Control Lists are:
•To reinforce network security
•To provide basic traffic filtering capabilities
•Limit access to groups of computers or individual workstations.
Access Control Lists
ACLs provide security to the networks connected to the router by testing traffic against conditions contained in the ACL.
•If the conditions are true:•The individual packets are sent to their
destination from the router interface defined in the ACL configuration.
•If conditions are not true•The packet is discarded.
Access Control Lists
•The students will be denied access to the Administration interface of the router with the ACL.
•Students will only be allowed to access Curriculum, E-mail, and the Internet within the LAN and at the district office.
•Students will be denied access to the Administration segment of the LAN and Wan networks.
•Administration will have full access to all segments within the LAN and district office.
Conclusions
• Will be easy to implement and maintain • Places a strong emphasis on security • Builds in scalability
•Protects from future obsolescence by utilising modular hardware
•Exceed current requirements