TCS – Sunset ElementaryPat Bruen, Conor Buckley, James Gallagher
This is our presentation of the Threaded Case Study (TCS) which is a portion of the Cisco Academy Curriculum
Our goal is to demonstrate our knowledge of Local Area Network (LAN) design and implementation. For our project we are working on Sunset Elementary School in the Washington Elementary School District.
Goals of the LAN design
Our LAN has been designed to cope with all the needs of a modern network in mind:
It will be secure (V-LANs, ACLs)
It will be extremely scalable
Our design is optimized for maximum bandwidth due to the large amount of video and high bandwidth traffic we anticipate.
WAN Topology
Our school is connected to the district WAN via a Cisco 7513 router at the district service centre. Three regional hubs are located at Shaw Butte, District Office/Data Centre and at the Service Centre. Each of these centres are connected to Cisco 7513 routers. Four leased T1 lines connect these three routers to form the WAN.
WAN – Logical Topology
Data CentreCisco 7513
Service CentreCisco 7513
Shaw ButteCisco 7513
Four T1 lines Four T1 lines
Four T1 lines
11 Schools, includingSunset, Acadia,Mt. Sky
11 Schools includingRE Miller and Royal
Palm
11 Schools includingDesert View and
SunnySlope
LAN – Cabling and Physical Topology
Our LAN will have a fibre optic backbone – connecting all IDFs to the MDF in building A (fibre cable runs are represented in blue). Cat 5 E cable will run from these IDFs and the MDF to each data termination point in the building.
Classroom Layout
Each data termination point will have four RJ-45 wall jacks containing CAT5-E cable. In each room teachers workstations will have a dedicated wall jack and all students machines will connect into 12 port Catalyst switches which then connect into Cisco 3524 24-Port Enterprise switches at the MDF and IDFs.
Classroom Layout
Location of Servers
All our servers are located in a small server room located beside the MDF.
Wiring Closets
Over the next four slides are details of our designs for an MDF and IDF in building A and two more IDFs in the Cafeteria (building C) and Administration (building B). Although only three IDFs were required according to IEEE standards for maximum distances, we decided to install another switch in building C in order to provide scalability in case of future development.
MDF – Building A Our MDF is located in building A. This room was chosen as
it has an out-swinging door (necessary for safety reasons), appears to be adequately large and is located next to the POP.
Our gateway to the WAN is a high-end Cisco 3661 AC router. This is in turn connected to a Catalyst 2948G-L3 switch – a switch which supports Layer 3 protocols including IP, RIP, IGRP, EIGRP. Because of this it can perform virtually all the routing needed within the network and can allow our router to concentrate on our link to the WAN. You will notice that the only connections to our router are the fibre optic links to the WAN and to the Catalyst 2948G-L3 switch.
MDF – Building A
The other three switches are 24 port Enterprise switches. These switches are capable of implementing VLANS which we will talk about later. Four CAT 5 E cable runs will run from each data termination point back to these switches.
Of these four CAT5 E cable runs, one will be connected to a teachers/admin computer and the other three will be connected to 12 port Catalyst 1912 switches into which all other hosts in the room will be connected. T
MDF – building A
IDF – Building AFibre Opticfrom MDF
Tw o Sw itches are locatedin each room and linked
back to this IDF. Each roomw ill have a dedicated droppoint for Admin/Teachers
w hich w ill be linked back toa specific Admin sw itch. Allother hosts w ill be linkedvia Catalyst 1912 sw itches
back to the IDF
33U 19in Wiring Closet#1
Cisco 3524PWR XL-EN
Cisco 3524PWR XL-EN
Cisco 3512PWR XL-EN
12U 19in Wiring Closet#1
3 X Catalyst 1912
Although this IDF onlyneeds 44 availableports (to service 11
rooms), w e have made60 available, both for
backbone connectionsand for future
scalability
IDFs – Buildings B and C The smaller IDFs located in buildings
B and C contain only one 24 port enterprise edition switch each. Again the rooms here are laid out in the same way as in building A. On the next slide is the layout for both of these IDFs.
IDF – Admin (Building B)
12U 19in Wiring Closet#1
Cisco 3524PWR XL-EN
Fibre Optic fromMDF
12U 19in Wiring Closet#3
3 X Catalyst 1912
Again this IDF is laid out inthe same w ay as the mainone, but simply on a smallerscale. Here w e have onerepresentation of a typicalroom below , connected
back to a Cisco 3524sw itch.
LAN Logical Topology
The next slide shows the logical topology for the backbone of our LAN.
We did not include the classrooms in this topology as we simply wanted to show how the backbone is connected logically
All of the cabling shown in the drawing (in red) is fibre optic cable.
LAN Backbone - Logical
IP Addressing Scheme
Class B Address
10.x.x.x
First x = building
Second x =room
Third x =host
IP Addressing for connections to Building A IDF
Library has three connection points Rooms 27-34 are connected through
the IDF The Addressing scheme for this is as
follows on next slide
Building A IDF Admin Students
Library 1 10.2.37.1-10.2.37.127
10.2.37.128-10.2.37.254
Library 2 10.2.38.1-10.2.38.127
10.2.38.128-10.2.37.254
Library 3 10.2.39.1-10.2.39.127
10.2.39.128-10.2.39.254
room27 10.2.27.1-10.2.27.127
10.2.27.128-10.2.27.254
room28 10.2.28.1-10.2.28.127
10.2.28.128-10.2.28.254
IP Addressing for connections to Building A MDF
Rooms 1-25 are connected to the MDF
Room number
Admin Student
1 10.1.1.1-10.1.1.127
10.1.1.128-10.1.1.254
2 10.1.2.1-10.1.2.127
10.1.2.128-10.1.2.254
26 10.1.26.1-10.1.26.127
10.1.23.128-10.1.26.254
IP Addressing for connections to Building B IDF
9 workstations Admin
10.3.1.1-10.3.1.9
Network printer1 10.3.1.10.
Network printer2 10.3.1.11
IP Addressing for connections to Building C IDF
2 Staff workstations 10.4.1.1
10.4.1.2
Printer Addresses
Printers in student rooms off MDF 10.1.room number.254 Printers in student rooms off IDFA 10.2.room number.254
Server AddressesAdmin server 10.1.27.1
Library server 10.1.27.2
Application server 10.1.27.3
DNS server 10.1.27.4
Email server 10.1.27.5
File server 10.1.27.6
DHCP 10.1.27.7
Internet connectivity
All connectivity that is initiated from the Internet to the internal district network will be protected via ACL's on the routers that make up the double firewall architecture. Any connectivity initiated from the district to the Internet will be permitted to communicate freely..
Access control lists Traffic filtering capabilities can be utilized
with Access Control Lists (ACL's).Support for the following network protocols are provided IP, IPX and AppleTalk. Access list configuration is used to control access to a network. ACL's can prevent certain traffic from entering or exiting a network and/or certain upper-layer protocols such as FTP, SMTP, DNS and so on.
Access List
Extended IP access list 101 permit 10.1.1.128 255.255.255.127 eq53
This permits student access to DNS
Use access lists to permit access to Email FTP etc
Deny ip any any
This denies access to anything else
V LANS Two VLANS required Student VLAN Curriculum VLAN Enterprise switch needed in MDF and
IDFs Eight enterprise version switches
needed in total with some ports left over for scalability
IGRP
IGRP is a distance-vector dynamic routing protocol. By default, it will exchange its routing tables with its directly connected neighbors every 90 seconds
Flash updates, triggered by topology changes, are also sent
IGRP
Any routing protocol will use up some of the bandwidth otherwise available for data, and IGRP, since it has various metrics with which to monitor and adjust network traffic. But the amount of data in these updates is dwarfed by the bandwidth of the router to router connections in the school district network.
However our Layer 3 backbone switch (Catalyst
2948G-L3) will perform a lot of the functions normally done by a router including the IGRP protocol.
Security
Internet connectivity will utilize a double firewall implementation with all Internet-exposed applications residing on a public backbone network. All connections from the Internet into the schools private network will be denied. The network will be divided into three logical network classifications; administrative, curriculum, and external with secured interconnections between them.
This concludes our Threaded Case Study for Sunset Elementary School
Thank you for your time.