Networking Networking ProjectProject

Ailis Ailis

&&

LouiseLouise

General RequirementsGeneral Requirements The Washington School District is in the process of The Washington School District is in the process of

implementing an enterprise wide network which will include implementing an enterprise wide network which will include Local Area Networks (LANs) at each site and a Wide Area Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school Network (WAN) to provide data connectivity between all school sites. sites.

The WAN will connect all school and administrative offices with The WAN will connect all school and administrative offices with the district office for the purpose of delivering data. the district office for the purpose of delivering data.

The WAN will be based on a two layer hierarchical model. Three The WAN will be based on a two layer hierarchical model. Three regional Hubs will be established at the District Office, Service regional Hubs will be established at the District Office, Service Center and Shaw Butte Elementary School for the purpose of Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. forming a fast WAN core network.

School locations will be connected into the WAN core hub School locations will be connected into the WAN core hub locations based on proximity to hub. locations based on proximity to hub.

Routers will be installed at each WAN core location. Routers will be installed at each WAN core location. Access to the "Internet" or any other outside network Access to the "Internet" or any other outside network

connections will be provided through the District Office through connections will be provided through the District Office through a frame relay WAN link. For security purposes, no other a frame relay WAN link. For security purposes, no other connections will be permitted.   connections will be permitted.   

General RequirementsGeneral RequirementsContinuedContinued

Access to the "Internet" from any site in the school Access to the "Internet" from any site in the school district is also an integral part of this implementation. district is also an integral part of this implementation. Once the Network is in place the school district will Once the Network is in place the school district will implement a series of servers to facilitate online implement a series of servers to facilitate online automation of all of the districts administrative and automation of all of the districts administrative and many of the curricular functions. many of the curricular functions.

Since this network implementation will have to continue Since this network implementation will have to continue to be functional for a minimum of 7-10 years all design to be functional for a minimum of 7-10 years all design considerations should include 1000% growth in the considerations should include 1000% growth in the LAN's and 100% growth in the WAN. LAN's and 100% growth in the WAN.

The minimum requirement for initial implementation The minimum requirement for initial implementation design will be 1.0Mbps to any host computer in the design will be 1.0Mbps to any host computer in the network and 100Mbps to any server host in the network. network and 100Mbps to any server host in the network.

Only one OSI layer 3 & 4 protocols will be allowed to be Only one OSI layer 3 & 4 protocols will be allowed to be implemented in this network, this is TCP/IP.implemented in this network, this is TCP/IP.

Project GoalsProject Goals

The overall design will provide: The overall design will provide: Data connectivity to three regional Data connectivity to three regional

hubs hubs District wide Internet connectivity District wide Internet connectivity Security for the WAN Security for the WAN Connectivity to 1200 workstations Connectivity to 1200 workstations Secure Administrative LAN Secure Administrative LAN Internet, DNSInternet, DNS and E-mail services and E-mail services 100% 100% growth in 7-10 years growth in 7-10 years Deliver a robust, cost-effective Deliver a robust, cost-effective

WAN/LAN solution WAN/LAN solution

Desert View

Wing 1 & Wing 2 & Cafeteria

Wing 1 & Wing 1 & WWinging 2 2

Each Classroom:Each Classroom: Will contain approx. 23 students PC’s and 1 Lectures Will contain approx. 23 students PC’s and 1 Lectures

PC.PC. Each student PC will be wired back to a hub contained Each student PC will be wired back to a hub contained

in the wiring closet, CAT5 will be used to run these in the wiring closet, CAT5 will be used to run these hubs to the Switch contained in the IDF.hubs to the Switch contained in the IDF.

In the classroom there will be one Network Printer, In the classroom there will be one Network Printer, which is only available to the students in that which is only available to the students in that classroom this will also be run into one of the hubs.classroom this will also be run into one of the hubs.

Each classroom will run back to the nearest IDF and in Each classroom will run back to the nearest IDF and in to the corresponding switch which will have a fiber to the corresponding switch which will have a fiber connection to the MDF.connection to the MDF.

The cafeteria will set up to house 24 PC’s if needed.The cafeteria will set up to house 24 PC’s if needed.

Wing 3 & Portocabin & Library

Wing 3Wing 3 & Library & Library Wing 3 houses the main distribution facilityWing 3 houses the main distribution facility Administration offices including Principal and Administration offices including Principal and

vice principal etc are also found in this wingvice principal etc are also found in this wing Administration runs straight into aAdministration runs straight into a WS-C1912C-WS-C1912C-

EN#1 switch in the MDF.EN#1 switch in the MDF. Therefore administration staff, principal, network Therefore administration staff, principal, network

printers and servers have a 100mb connection printers and servers have a 100mb connection each.each.

The library is also wired like a classroom The library is also wired like a classroom houseing 24 PC’s with room for expantionhouseing 24 PC’s with room for expantion 10 PC’s will be dedicated to administration10 PC’s will be dedicated to administration 5 PC’s will be dedicated to the use of lecturers.5 PC’s will be dedicated to the use of lecturers.

Wing 4 & Wing 5 & PE building

Wing 4 & 5Wing 4 & 5 Each classroom has four CAT 5 Cable coming from Each classroom has four CAT 5 Cable coming from

the nearest IDF.the nearest IDF. There are 17 Classrooms within the Wing 4 and 5, There are 17 Classrooms within the Wing 4 and 5,

East and West.East and West. Each classroom houses 24 PC’s, 23 PC’s used by Each classroom houses 24 PC’s, 23 PC’s used by

the Student’s and 1 used by the Lecturer.the Student’s and 1 used by the Lecturer. Every classroom has a wall mounted Cabinet Every classroom has a wall mounted Cabinet

positioned at the Data termination point where the positioned at the Data termination point where the four CAT 5 UTP cable are coming into the room.four CAT 5 UTP cable are coming into the room.

The Lecturers PC will use one of these cables The Lecturers PC will use one of these cables directlydirectly

The 23 PC’s (students) will use the other cables, The 23 PC’s (students) will use the other cables, which will be attached to one of three hubs.which will be attached to one of three hubs.

Data Cabling Data Cabling SpecificationsSpecifications

Transport speeds will be Ethernet 10BaseT, 100BaseT and Transport speeds will be Ethernet 10BaseT, 100BaseT and 100BaseFX.100BaseFX.

The Horizontal Cabling shall be standard Category 5E The Horizontal Cabling shall be standard Category 5E Unshielded Twisted Pair (CAT 5E UTP) with 100+ mbps Unshielded Twisted Pair (CAT 5E UTP) with 100+ mbps capability. capability.

CAT 5E Plenum will be used in the drop ceilings and in CAT 5E Plenum will be used in the drop ceilings and in the walls in order to comply with fire codes. the walls in order to comply with fire codes.

All vertical (backbone) cabling shall be Fiber optic All vertical (backbone) cabling shall be Fiber optic Multimode cable. Multimode cable.

The cabling infrastructure shall comply with EIA/TIA 568 The cabling infrastructure shall comply with EIA/TIA 568 standards.standards.

Classroom DesignClassroom Design There are a total of There are a total of 3535 classrooms classrooms Each classroom will support 24 Each classroom will support 24

workstations.workstations. Every classroom will have four CAT 5E UTP Every classroom will have four CAT 5E UTP

Cable runs stemming from the nearest Cable runs stemming from the nearest Intermediate Distribution Facility (IDF).Intermediate Distribution Facility (IDF).

One of the four data cables will be One of the four data cables will be designated for teacher's workstation.designated for teacher's workstation.

The other data cables will be connected to The other data cables will be connected to one of three Hubs which will service only one of three Hubs which will service only the Student’s Workstations.the Student’s Workstations.

This will also allow for expansion.This will also allow for expansion.

Classroom ContextClassroom Context

33U 19in Wiring Closet#1

Each Hub is of typeWS-C412

IDF Design:IDF Design:

The Intermediate Distribution Facilities The Intermediate Distribution Facilities (IDF) will be connected directly to the (IDF) will be connected directly to the MDF in a extended star topology.MDF in a extended star topology.

There are six IDF’s located throughout There are six IDF’s located throughout the school with one IDF in each wing.the school with one IDF in each wing.

Each IDF is equipped with a 24 port Each IDF is equipped with a 24 port 10/100 Switch (Standard Edition) for the 10/100 Switch (Standard Edition) for the Student’s PC’s Student’s PC’s

A 12 port 10 Base T Switch Enterprise A 12 port 10 Base T Switch Enterprise Edition which will be only for Lectures Edition which will be only for Lectures PC’s.PC’s. This switch will support V-Lans. This switch will support V-Lans.

IDFIDF

24U 23in Wiring Closet#1

24 PORT 10/100 Sw itch

12 Port 10 Base T Sw itchEnterprise Edition

24 Mic 23in 2u Patch Panel

MDF DesignMDF Design

A Main Distribution Facility (MDF) room is established as A Main Distribution Facility (MDF) room is established as the central Point of Presence (POP) to which all LAN and the central Point of Presence (POP) to which all LAN and WAN cabling will be terminated and securedWAN cabling will be terminated and secured

This room will house a Cisco 3640#1 Router,This room will house a Cisco 3640#1 Router,PIX firewall,PIX firewall, WS-C1924C-EN Switch, WS-C1912C-EN#1 for WS-C1924C-EN Switch, WS-C1912C-EN#1 for Administration and the Five District Sservers. Administration and the Five District Sservers. ApplicationApplication DNSDNS EmailEmail LibraryLibrary AdministrationAdministration

Two uninterruptible power supplies (UPS) will serve to Two uninterruptible power supplies (UPS) will serve to provide back up protection against unexpected power provide back up protection against unexpected power outages.outages.

Main Distribution FacilityMain Distribution Facility

33U 23in Wiring Closet#1

CISCO3640#1

WS-C1912C-EN#1

WS-C1924c-en

12U 19in Wiring Closet#1

Servers-Administration

-Email-DNS

-Application-Library

Connection tothe WWW

IDF 1

IDF 2

IDF 3

IDF 4

IDF 5

IDF 6

MDF

Appl. DNS EMail Library Admin

Firewall

WAN LogicalWAN Logical

WAN requirementsWAN requirements

100 Mbps data delivery to any server 100 Mbps data delivery to any server host in the Network.host in the Network.

Access to the Internet at District Access to the Internet at District Office/Data Center via Frame Relay.Office/Data Center via Frame Relay.

Internet connectivity will employ a Internet connectivity will employ a firewall architecture.firewall architecture.

All connections from the Internet into All connections from the Internet into the District will be filtered by Access the District will be filtered by Access Control Lists.Control Lists.

WAN requirements ContWAN requirements Cont

Domain Names Service (DNS) and E-Domain Names Service (DNS) and E-Mail Services are delivered in a Mail Services are delivered in a hierarchical fashionhierarchical fashion

PPP will be implemented on all routers, PPP will be implemented on all routers, IGRP will be used for router updateIGRP will be used for router update

CSU/DSU’s will be required for CSU/DSU’s will be required for connection of school site routers to the connection of school site routers to the district WANdistrict WAN

PIX 515 Firewall PIX 515 Firewall

The PIX Firewall can protect one or more networks from intruders The PIX Firewall can protect one or more networks from intruders on an outer, unprotected network, multiple outside or perimeter on an outer, unprotected network, multiple outside or perimeter networksnetworks

It provides enough power for over 50,000 concurrent connections It provides enough power for over 50,000 concurrent connections and up to 170 Mbps of throughput. Connections between the and up to 170 Mbps of throughput. Connections between the networks can all be controlled by the PIX. networks can all be controlled by the PIX.

To effectively use the PIX a security policy should ensure that all To effectively use the PIX a security policy should ensure that all traffic from the protected networks passes only through the traffic from the protected networks passes only through the firewall to the unprotected network. firewall to the unprotected network.

The PIX Firewall allows servers such as those for Web access, The PIX Firewall allows servers such as those for Web access, SNMP, electronic mail (SMTP) to be located in the protected SNMP, electronic mail (SMTP) to be located in the protected network and controls who on the outside can access these network and controls who on the outside can access these servers.servers.

Typically, the inside network is an organization's own internal Typically, the inside network is an organization's own internal network, or intranet, and the outside network is the Internet, but network, or intranet, and the outside network is the Internet, but the PIX Firewall can also be used within an intranet to isolate or the PIX Firewall can also be used within an intranet to isolate or protect one group of internal computing systems and users from protect one group of internal computing systems and users from another. another.

IP AddressingIP Addressing

We will use a class A addressing We will use a class A addressing scheme.scheme.

10.x.x.x10.x.x.x Subnet mask 255.255.255.0Subnet mask 255.255.255.0 Wing 1Wing 1 Class1Class1

StudentsStudents 10.1.1.(1-40)10.1.1.(1-40) LecturerLecturer 10.1.1.(41-50)10.1.1.(41-50)

Ip Addressing scheme contdIp Addressing scheme contd

Wing 1Wing 1 Class 2Class 2 StudentsStudents 10.1.2.(1-40)10.1.2.(1-40) LecturersLecturers 10.1.2.(41-50)10.1.2.(41-50)

Wing 1Wing 1 Class 3Class 3 StudentsStudents 10.1.3.(1-40)10.1.3.(1-40) LecturersLecturers 10.1.3.(41-50)10.1.3.(41-50)

Wing 1 Class 4Wing 1 Class 4 StudentsStudents 10.1.4.(1-40)10.1.4.(1-40) LecturersLecturers 10.1.4(41-50)10.1.4(41-50)

Ip Addressing scheme contd.Ip Addressing scheme contd.

As before mentioned ip addressing scheme As before mentioned ip addressing scheme will continue to follow this pattern i.e.will continue to follow this pattern i.e. 10.?.x.x10.?.x.x

The ? Will change according to the different wings of The ? Will change according to the different wings of the building and also in accordance with the MDF.the building and also in accordance with the MDF.

10.x.?.x10.x.?.x The ? Here will change in accordance to the different The ? Here will change in accordance to the different

classrooms.classrooms. 10.x.x.?10.x.x.?

The ? Here changes in accordance with the host.The ? Here changes in accordance with the host.

MDF IP Addressing schemeMDF IP Addressing scheme

MDF ip addressing schemeMDF ip addressing scheme 10.10.1.x 10.10.1.x

The router 10.10.1.(1-10)The router 10.10.1.(1-10) Administration Server 10.10.1.11Administration Server 10.10.1.11 Application Server 10.10.1.12Application Server 10.10.1.12 DNS Server 10.10.1.13DNS Server 10.10.1.13 Library Server 10.10.1.14Library Server 10.10.1.14 Email Server10.10.1.15Email Server10.10.1.15

Access control ListsAccess control Lists

Access control lists provide basic Access control lists provide basic filtering capabilities and network filtering capabilities and network security by blocking unwanted internet security by blocking unwanted internet traffic, and limiting access to groups of traffic, and limiting access to groups of computers or individual workstations.computers or individual workstations.

ACL’s provide security to the network ACL’s provide security to the network directly connected to the router.directly connected to the router.

ACL’s can be used to block applicationsACL’s can be used to block applications Student using ftp download software. Student using ftp download software.

Access control lists contd.Access control lists contd.

We will use access control lists to stop students We will use access control lists to stop students from accessing administration & lecturer from accessing administration & lecturer information.information.

Also to prevent lecturers accessing Also to prevent lecturers accessing administration information.administration information.

We will ensure that administration has access to We will ensure that administration has access to all information students, lecturers and district all information students, lecturers and district office.office.

Access from the district office network into Access from the district office network into Desert View will be permitted. Desert View will be permitted.

Also we will allow that lecturers can crossover Also we will allow that lecturers can crossover into students information.into students information.

VLAN’SVLAN’S The purpose of VLAN's are to create logical network segments The purpose of VLAN's are to create logical network segments

of the physical LAN infrastructure resulting in multiple of the physical LAN infrastructure resulting in multiple broadcast domains. broadcast domains.

This is also known as micro segmentation. Consequently, This is also known as micro segmentation. Consequently, broadcast frames are only switched between the ports on the broadcast frames are only switched between the ports on the same VLAN.same VLAN.

Broadcast traffic within each segment is not transmitted Broadcast traffic within each segment is not transmitted outside the VLAN. Therefore, adjacent ports do not receive outside the VLAN. Therefore, adjacent ports do not receive any broadcast traffic generated from other VLAN's.any broadcast traffic generated from other VLAN's.

This results in increased network performance.This results in increased network performance. AdvantageAdvantage

VLAN's: the user can move to another area of the campus and still VLAN's: the user can move to another area of the campus and still stay in the same VLAN groupstay in the same VLAN group

DisadvantageDisadvantage VLANs initially require significant administrative overhead; VLANs initially require significant administrative overhead;

however, the benefits far out way the cost because any subsequent however, the benefits far out way the cost because any subsequent adds, moves, and changes within the network are greatly adds, moves, and changes within the network are greatly simplified. An added benefit of VLAN's is the establishment of simplified. An added benefit of VLAN's is the establishment of secure user groups. secure user groups.

ConclusionConclusion

In conclusion we feel that our design:In conclusion we feel that our design: Reaches initial traffic requirments to Reaches initial traffic requirments to

hosts.hosts. Gives the students the same capabilities Gives the students the same capabilities

as teachers, but they are segemented as teachers, but they are segemented and thus restricted in their access to and thus restricted in their access to internal school functions.internal school functions.

It is a secure design.It is a secure design. Allows room for expansion.Allows room for expansion.