Threaded Case Study

ROYAL PALM NETWORK PROJECT

John Healy Tom Jamieson

Contents

Design Goals

WAN Design

Logical and Physical LAN Design

MDF Equipment Details

IDF Equipment DetailsWiring

Scheme

Equipment Criteria

Classroom Layout

IP Addressing

Security

VLANS

Access Control Lists

Conclusions

Design Goals

• To implement an enterprise-wide network for the Washington schools district which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites.

• All workstations will need Internet access.

• Functionality is to continue for 7-10 yrs.

Design Goals

•Design considerations will include:

• A minimum of 100x (times) growth in the LAN throughput.

• 2x (times) growth in the WAN core throughput.

•10x (times) growth in the District Internet Connection throughput.

•Only two OSI layer 3&4 protocols will be allowed to be implemented in this network, they are TCP/IP and Novell IPX.

Design Goals

• Two LAN segments will be implemented in each school and the District Office.

• Cat 5 cable will supply Ethernet speeds at 10base-T, 100base-TX and 100Base-FX. Each room will require support for up to 24 workstations.

• The minimum requirement for initial implementation design will be 1.0 Mbps to any host computer in the network and 100 Mbps to any server host in the network.

WAN Design

WAN Design

Logical LAN Design

Physical LAN Design

     

Fibre

CAT 5

MDF

IDF

MDF Equipment Details

2 x 24 Port Patchbays

2 x 3550-12G Switches

3600 Router

Administrative Server

Mail Server

File Server

Application Server

Uninterruptible Power Supply

PIX Firewall

IDF Equipment Details

IDF 1

10 ROOMS

40 PORTS

2 x 2924XL SWITCH

IDF 2

8 ROOMS

32 PORTS

1 x 2924XL

1 x 2912XL

SWITCH

IDF 3

6 ROOMS

24 PORTS

1 x 2924XL

SWITCH

IDF 4

12 ROOMS

48 PORTS

2 x 2924XL

SWITCH

IDF 5

5 ROOMS

20 PORTS

1 x 2924XL

SWITCH

IDF 6

3 ROOMS

12 PORTS

1 x 2924XL

SWITCH

IDF 8

8 ROOMS

32 PORTS

1 x 2924XL

1 x 2912XL

SWITCH

IDF 7

11 ROOMS

44 PORTS

2 x 2924XL

SWITCH

EACH IDF ALSO CONTAINS:

1 x 24 or 2x 24 port patchbays as per requirement.

Equipment will be housed in a lockable cabinet with a fan tray installed for heat regulation purposes.

Equipment Criteria

PIX 515E Firewall

• Security

• Performance• Reliability

• Virtual Private Networking

• Network Address Translation

• Low cost

Equipment Criteria

Cisco 3600 Router

• Modular Design• Analogue and Digital Voice Services• Serial Networking Capability• Mixed WAN Services

Equipment Criteria

Cisco 3550 Switch (MDF)• Stackable Design• IP Routing

• Advanced Quality of Service• Bandwidth Flexibility

• Security Access Control Lists

• VLAN Capability

Equipment Criteria

Cisco 2900XL Series Switch (IDF)• Modular Design

• Advanced Quality of Service• Bandwidth Flexibility

• Polices traffic flows using access control parameters (ACPs)

• VLAN Capability

• Integrates Seamlessly with Cisco 3550 Switch

Equipment Criteria

Cisco 112T FastHub

• Compatible with 10Mbps and 100Mbps connections

• Internal Bridging

• Autosensing Feature

• Full integration with 2900XL series switches

Equipment Requirements

PRODUCT AMOUNT

PIX Firewall 1

Cisco 3600 Router 1

Cisco 3550 Switch 2

Cisco 2900XL Switch

10 x 2924XL Switches2 x 2912XL Switches

112T FastHub 189

Wiring Scheme

• Cabling will be run via the existing data cable ducts connecting buildings and within buildings where supplied. Wiring will also be installed in ceiling spaces and wall cavities.

• All cabling to comply with local building codes.

• Cabling from the MDF to all IDFs will be Multimode Fibre pairs

• Cabling from IDFs to classroom hubs will be Cat5

Wiring Scheme

MDF to IDF•Wiring type will be 1Gb Multimode Fibre pairs.Fibre was chosen for the following

reasons:• Max speed• Distance required

• Scalability

• Resistance to EMF

Wiring Scheme

IDF to Classrooms• Wiring type will be CAT 5 cable. Max distance is 100m

CAT 5 was chosen for:• Efficiency and reliability• Cost

Typical Classroom Layout Wall Plate

3 x 12 Port Hubs

IP Addressing

IP Addressing

SecuritySecurity Implementation:

•A double firewall will be utilised

•The network will be segmented into two LAN infrastructures. One designated ‘Curriculum’ (for student use), and the other ‘Administrative’ (for teacher and administration use).

•Each LAN will have its own file server.

•Access Control Lists will prohibit traffic from the Curriculum LAN entering the Administrative LAN

•A strict password policy will be put in place and rigourously implemented

VLANS

Access Control Lists

The purpose of Access Control Lists are:

•To reinforce network security

•To provide basic traffic filtering capabilities

•Limit access to groups of computers or individual workstations.

Access Control Lists

ACLs provide security to the networks connected to the router by testing traffic against conditions contained in the ACL.

•If the conditions are true:•The individual packets are sent to their

destination from the router interface defined in the ACL configuration.

•If conditions are not true•The packet is discarded.

Access Control Lists

•The students will be denied access to the Administration interface of the router with the ACL.

•Students will only be allowed to access Curriculum, E-mail, and the Internet within the LAN and at the district office.

•Students will be denied access to the Administration segment of the LAN and Wan networks.

•Administration will have full access to all segments within the LAN and district office.

Conclusions

• Will be easy to implement and maintain • Places a strong emphasis on security • Builds in scalability

•Protects from future obsolescence by utilising modular hardware

•Exceed current requirements