a76d5861814d773baa5e08fa8de7480d.ppt
- Количество слайдов: 31
Networking Project Ailis & Louise
General Requirements n n n The Washington School District is in the process of implementing an enterprise wide network which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites. The WAN will connect all school and administrative offices with the district office for the purpose of delivering data. The WAN will be based on a two layer hierarchical model. Three regional Hubs will be established at the District Office, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. School locations will be connected into the WAN core hub locations based on proximity to hub. Routers will be installed at each WAN core location. Access to the "Internet" or any other outside network connections will be provided through the District Office through a frame relay WAN link. For security purposes, no other connections will be permitted.
General Requirements Continued Access to the "Internet" from any site in the school district is also an integral part of this implementation. Once the Network is in place the school district will implement a series of servers to facilitate online automation of all of the districts administrative and many of the curricular functions. n Since this network implementation will have to continue to be functional for a minimum of 7 -10 years all design considerations should include 1000% growth in the LAN's and 100% growth in the WAN. n The minimum requirement for initial implementation design will be 1. 0 Mbps to any host computer in the network and 100 Mbps to any server host in the network. n Only one OSI layer 3 & 4 protocols will be allowed to be implemented in this network, this is TCP/IP. n
Project Goals n n n n n The overall design will provide: Data connectivity to three regional hubs District wide Internet connectivity Security for the WAN Connectivity to 1200 workstations Secure Administrative LAN Internet, DNS and E-mail services 100% growth in 7 -10 years Deliver a robust, cost-effective WAN/LAN solution
Desert View
Wing 1 & Wing 2 & Cafeteria
Wing 1 & Wing 2 n n n Each Classroom: Will contain approx. 23 students PC’s and 1 Lectures PC. Each student PC will be wired back to a hub contained in the wiring closet, CAT 5 will be used to run these hubs to the Switch contained in the IDF. In the classroom there will be one Network Printer, which is only available to the students in that classroom this will also be run into one of the hubs. Each classroom will run back to the nearest IDF and in to the corresponding switch which will have a fiber connection to the MDF. The cafeteria will set up to house 24 PC’s if needed.
Wing 3 & Portocabin & Library
Wing 3 & Library Wing 3 houses the main distribution facility n Administration offices including Principal and vice principal etc are also found in this wing n n Administration runs straight into a WS-C 1912 CEN#1 switch in the MDF. Therefore administration staff, principal, network printers and servers have a 100 mb connection each. The library is also wired like a classroom houseing 24 PC’s with room for expantion n n 10 PC’s will be dedicated to administration 5 PC’s will be dedicated to the use of lecturers.
Wing 4 & Wing 5 & PE building
Wing 4 & 5 n n n Each classroom has four CAT 5 Cable coming from the nearest IDF. There are 17 Classrooms within the Wing 4 and 5, East and West. Each classroom houses 24 PC’s, 23 PC’s used by the Student’s and 1 used by the Lecturer. Every classroom has a wall mounted Cabinet positioned at the Data termination point where the four CAT 5 UTP cable are coming into the room. The Lecturers PC will use one of these cables directly The 23 PC’s (students) will use the other cables, which will be attached to one of three hubs.
Data Cabling Specifications Transport speeds will be Ethernet 10 Base. T, 100 Base. T and 100 Base. FX. n The Horizontal Cabling shall be standard Category 5 E Unshielded Twisted Pair (CAT 5 E UTP) with 100+ mbps capability. n CAT 5 E Plenum will be used in the drop ceilings and in the walls in order to comply with fire codes. n All vertical (backbone) cabling shall be Fiber optic Multimode cable. n The cabling infrastructure shall comply with EIA/TIA 568 standards.
Classroom Design n n n There a total of 35 classrooms Each classroom will support 24 workstations. Every classroom will have four CAT 5 E UTP Cable runs stemming from the nearest Intermediate Distribution Facility (IDF). One of the four data cables will be designated for teacher's workstation. The other data cables will be connected to one of three Hubs which will service only the Student’s Workstations. This will also allow for expansion.
Classroom Context
IDF Design: The Intermediate Distribution Facilities (IDF) will be connected directly to the MDF in a extended star topology. n There are six IDF’s located throughout the school with one IDF in each wing. n Each IDF is equipped with a 24 port 10/100 Switch (Standard Edition) for the Student’s PC’s n A 12 port 10 Base T Switch Enterprise Edition which will be only for Lectures PC’s. n n This switch will support V-Lans.
IDF
MDF Design A Main Distribution Facility (MDF) room is established as the central Point of Presence (POP) to which all LAN and WAN cabling will be terminated and secured n This room will house a Cisco 3640#1 Router, PIX firewall, WSC 1924 C-EN Switch, WS-C 1912 C-EN#1 for Administration and the Five District Sservers. n Application n DNS n Email n Library n Administration n Two uninterruptible power supplies (UPS) will serve to provide back up protection against unexpected power outages. n
Main Distribution Facility
Firewall
WAN Logical
WAN requirements n n 100 Mbps data delivery to any server host in the Network. Access to the Internet at District Office/Data Center via Frame Relay. Internet connectivity will employ a firewall architecture. All connections from the Internet into the District will be filtered by Access Control Lists.
WAN requirements Cont Domain Names Service (DNS) and E-Mail Services are delivered in a hierarchical fashion n PPP will be implemented on all routers, IGRP will be used for router update n CSU/DSU’s will be required for connection of school site routers to the district WAN n
PIX 515 Firewall n n n The PIX Firewall can protect one or more networks from intruders on an outer, unprotected network, multiple outside or perimeter networks It provides enough power for over 50, 000 concurrent connections and up to 170 Mbps of throughput. Connections between the networks can all be controlled by the PIX. To effectively use the PIX a security policy should ensure that all traffic from the protected networks passes only through the firewall to the unprotected network. The PIX Firewall allows servers such as those for Web access, SNMP, electronic mail (SMTP) to be located in the protected network and controls who on the outside can access these servers. Typically, the inside network is an organization's own internal network, or intranet, and the outside network is the Internet, but the PIX Firewall can also be used within an intranet to isolate or protect one group of internal computing systems and users from another.
IP Addressing n We will use a class A addressing scheme. n 10. x. x. x n Subnet mask 255. 0 n Wing 1 Class 1 Students n Lecturer n 10. 1. 1. (1 -40) 10. 1. 1. (41 -50)
Ip Addressing scheme contd n Wing 1 n n n Students Lecturers Wing 1 n Class 2 10. 1. 2. (1 -40) 10. 1. 2. (41 -50) Class 3 Students Lecturers 10. 1. 3. (1 -40) 10. 1. 3. (41 -50) Wing 1 Class 4 n n Students Lecturers 10. 1. 4. (1 -40) 10. 1. 4(41 -50)
Ip Addressing scheme contd. n As before mentioned ip addressing scheme will continue to follow this pattern i. e. n 10. ? . x. x n n 10. x. ? . x n n The ? Will change according to the different wings of the building and also in accordance with the MDF. The ? Here will change in accordance to the different classrooms. 10. x. x. ? n The ? Here changes in accordance with the host.
MDF IP Addressing scheme n MDF ip addressing scheme n 10. 1. x The router 10. 1. (1 -10) n Administration Server 10. 1. 11 n Application Server 10. 1. 12 n DNS Server 10. 1. 13 n Library Server 10. 1. 14 n Email Server 10. 1. 15 n
Access control Lists Access control lists provide basic filtering capabilities and network security by blocking unwanted internet traffic, and limiting access to groups of computers or individual workstations. n ACL’s provide security to the network directly connected to the router. n ACL’s can be used to block applications n n Student using ftp download software.
Access control lists contd. n n n We will use access control lists to stop students from accessing administration & lecturer information. Also to prevent lecturers accessing administration information. We will ensure that administration has access to all information students, lecturers and district office. Access from the district office network into Desert View will be permitted. Also we will allow that lecturers can crossover into students information.
VLAN’S n n n The purpose of VLAN's are to create logical network segments of the physical LAN infrastructure resulting in multiple broadcast domains. This is also known as micro segmentation. Consequently, broadcast frames are only switched between the ports on the same VLAN. Broadcast traffic within each segment is not transmitted outside the VLAN. Therefore, adjacent ports do not receive any broadcast traffic generated from other VLAN's. This results in increased network performance. Advantage n n VLAN's: the user can move to another area of the campus and still stay in the same VLAN group Disadvantage n VLANs initially require significant administrative overhead; however, the benefits far out way the cost because any subsequent adds, moves, and changes within the network are greatly simplified. An added benefit of VLAN's is the establishment of secure user groups.
Conclusion In conclusion we feel that our design: n Reaches initial traffic requirments to hosts. n Gives the students the same capabilities as teachers, but they are segemented and thus restricted in their access to internal school functions. n It is a secure design. n Allows room for expansion.