ACACIA

Threaded Case StudySeamus BurnsRonan ConaghanEugene Cullen

Requirements

Administration and Students to be logically divided via VLAN’sExpected lifetime of Network 7-10 yearsAllowed growth of 100x in LANThroughput of Wan can increase by 2xInternet Connection throughput can increase by 10xOnly TCP/IP and IPX protocols to be used

Logical Design

Physical Wiring Diagram:

VLAN’s

There will be two VLAN’s, one Administrative and one CurriculumVlans will be implemented at two switches -one in the IDF and one in the MDFExceptions will be made to facilitate the following

All students will be allowed to access the DNS and e-mail servers which are located on the administrative VLAN

All students will be allowed to access the library server which is also located on the administrative VLAN

Cabling

Cabling will have min 100Mbps capability 100 BaseTX Cat 5 UTP will be used in horizontal

cabling. This has a maximum run of 90M. Each classroom will be served by 4 Cat5 cables

1000BaseFX Multi-mode Fibre will be used in all vertical cabling applications. This means only two cables instead of several 100BaseFX cables. This future proofs us against cable bottlenecks in the backbone.

All servers will be connected back to switch with 1000BaseFX to safeguard against bottlenecks.

Classrooms

Each classroom has 4 data termination pointsEach classroom will have a lockable wall mounted closet where hubs will be located3 points for students via hubs1 point for direct connection to teachers PCNetwork printer will connect via hub

MDF Closet

Must be totally secureMust have temperature control Will be located in room with WAN POPAll servers will reside hereUPS will be located here also to allow servers to back up any data in the event of a power failure

MDF Closet (cont’d)

Will house an equipment rackRack will serve as cable termination pointRack will accept switches, router, patch panels

Closet Graphics (MDF)

IDF CLOSET

Application Server

Dns Server

Library Server

Work Group

Admin Server

Modular Servers

UPS

2610 Series Router

Retractable keyboard shelf

Monitor

WS-C3548-XL-EN Cisco Sw itch

24 Port Patch Panel

Fiber patch panel

24 Port Patch Panel

24 Port Patch Panel

24 Port Patch Panel

WS-C3548-XL-EN Cisco Sw itch

Closet Graphics (IDF)

IDF Cabinet

Work Group

Work GroupModular Servers

UPS

Retractable keyboard shelf

Monitor

WS-C3548-XL-EN Cisco Sw itch

24 Port Patch Panel

Fiber patch panel

24 Port Patch Panel

24 Port Patch Panel24 Port Patch Panel

WS-C3548-XL-EN Cisco Sw itch

Servers

DNS and E-Mail servers. Will act as a post office for the school Will maintain a complete record of staff and

students for that locationAdministrative Server For student tracking, attendance,grading, etc. Available only to admin staff and teachers Will run TCP/IP as its protocol suite

Workgroup servers Located to prevent unnecessary network

traffic

Servers(cont’d)

Library Server Research and retrieval system for online

research laboratory Will run TCP/IP as it’s protocol Available to everyone ie. Students and

staff

Application Server All computer applications to be housed

on this server

IP Addressing

One class C address allocated to schoolWe will use a class A addressing schemeImplemented via Network Address Translation on the RouterFurther enhanced by use of Port Address Translation

IP Addressing (cont’d)

Class A address 10. 10 . 10 . 1

Zone . Room No . Host

No

The curriculum lan will be assigned even numbers in the last octetThe administrative lan will be assigned odd numbers in the last octet

IP Addressing(cont’d)

Teachers PC will always be assigned number 1 in the last octet in all roomsMDF addresses 10.1.1.x(odd)IDF addresses 10.1.2.x(odd)The splitting of Administration and Curriculum addresses with even and odd numbers is to facilitate ACL’s

Access Control Lists (ACL’s)

ACL’s are implemented at the interfaces on the router to filter the flow of traffic across internal VLAN’s and to filter incoming and outgoing traffic.Proper implementation of ACL’s will allow access to all areas of the curriculum VLAN while at the same time preventing access to the administrative lan by any member of the curriculum lan

ACL’s (cont’d)

Implementation of An ACL on the wan side of the router will prevent any telnetting into the school networkACL’s allow a very concise level of traffic filtering down to individual host IP addresses so careful planning when allocating IP addresses optimizes their effectiveness

Example ACL

To prevent Telnet access into the school network Access list 101 deny any any eq

telnet

To allow students access to DNS and E-mail server Access list 101 permit 10.0.0.0

0.255.255.254 10.1.1.7 0.0.0.0

Firewall

2 Layer Firewall ACL’s & PixPIX is a Cisco hardware DevicePIX-1Ge-66 with Gigabit Eth. interfaceUses propietary operating systemPix will be implemented outside the school network to block all unsuitable dataACL’s act as second layer of firewall

Pros

Implementation of switching provides micro segmentation of networkRoom provided for expansionNAT hides internal pc’sUse of fibre guarantees bandwidthUse of VLAN’s provides internal security2 layer firewall for security

Cons

Expensive to implementTying network to proprietary productsincreases cost