Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networking Project Ailis&Louise. General Requirements The Washington School District is in the process of implementing an enterprise wide network which.

Similar presentations


Presentation on theme: "Networking Project Ailis&Louise. General Requirements The Washington School District is in the process of implementing an enterprise wide network which."— Presentation transcript:

1 Networking Project Ailis&Louise

2 General Requirements The Washington School District is in the process of implementing an enterprise wide network which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites. The Washington School District is in the process of implementing an enterprise wide network which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites. The WAN will connect all school and administrative offices with the district office for the purpose of delivering data. The WAN will connect all school and administrative offices with the district office for the purpose of delivering data. The WAN will be based on a two layer hierarchical model. Three regional Hubs will be established at the District Office, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. The WAN will be based on a two layer hierarchical model. Three regional Hubs will be established at the District Office, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. School locations will be connected into the WAN core hub locations based on proximity to hub. School locations will be connected into the WAN core hub locations based on proximity to hub. Routers will be installed at each WAN core location. Routers will be installed at each WAN core location. Access to the "Internet" or any other outside network connections will be provided through the District Office through a frame relay WAN link. For security purposes, no other connections will be permitted. Access to the "Internet" or any other outside network connections will be provided through the District Office through a frame relay WAN link. For security purposes, no other connections will be permitted.

3 General Requirements Continued Access to the "Internet" from any site in the school district is also an integral part of this implementation. Once the Network is in place the school district will implement a series of servers to facilitate online automation of all of the districts administrative and many of the curricular functions. Access to the "Internet" from any site in the school district is also an integral part of this implementation. Once the Network is in place the school district will implement a series of servers to facilitate online automation of all of the districts administrative and many of the curricular functions. Since this network implementation will have to continue to be functional for a minimum of 7-10 years all design considerations should include 1000% growth in the LAN's and 100% growth in the WAN. Since this network implementation will have to continue to be functional for a minimum of 7-10 years all design considerations should include 1000% growth in the LAN's and 100% growth in the WAN. The minimum requirement for initial implementation design will be 1.0Mbps to any host computer in the network and 100Mbps to any server host in the network. The minimum requirement for initial implementation design will be 1.0Mbps to any host computer in the network and 100Mbps to any server host in the network. Only one OSI layer 3 & 4 protocols will be allowed to be implemented in this network, this is TCP/IP. Only one OSI layer 3 & 4 protocols will be allowed to be implemented in this network, this is TCP/IP.

4 Project Goals The overall design will provide: The overall design will provide: Data connectivity to three regional hubs Data connectivity to three regional hubs District wide Internet connectivity District wide Internet connectivity Security for the WAN Security for the WAN Connectivity to 1200 workstations Connectivity to 1200 workstations Secure Administrative LAN Secure Administrative LAN Internet, DNS and E-mail services Internet, DNS and E-mail services 100% growth in 7-10 years 100% growth in 7-10 years Deliver a robust, cost-effective WAN/LAN solution Deliver a robust, cost-effective WAN/LAN solution

5 Desert View

6 Wing 1 & Wing 2 & Cafeteria

7 Wing 1 & Wing 2 Each Classroom: Each Classroom: Will contain approx. 23 students PC’s and 1 Lectures PC. Will contain approx. 23 students PC’s and 1 Lectures PC. Each student PC will be wired back to a hub contained in the wiring closet, CAT5 will be used to run these hubs to the Switch contained in the IDF. Each student PC will be wired back to a hub contained in the wiring closet, CAT5 will be used to run these hubs to the Switch contained in the IDF. In the classroom there will be one Network Printer, which is only available to the students in that classroom this will also be run into one of the hubs. In the classroom there will be one Network Printer, which is only available to the students in that classroom this will also be run into one of the hubs. Each classroom will run back to the nearest IDF and in to the corresponding switch which will have a fiber connection to the MDF. Each classroom will run back to the nearest IDF and in to the corresponding switch which will have a fiber connection to the MDF. The cafeteria will set up to house 24 PC’s if needed. The cafeteria will set up to house 24 PC’s if needed.

8 Wing 3 & Portocabin & Library

9 Wing 3 & Library Wing 3 houses the main distribution facility Wing 3 houses the main distribution facility Administration offices including Principal and vice principal etc are also found in this wing Administration offices including Principal and vice principal etc are also found in this wing Administration runs straight into a WS-C1912C- EN#1 switch in the MDF. Administration runs straight into a WS-C1912C- EN#1 switch in the MDF. Therefore administration staff, principal, network printers and servers have a 100mb connection each. Therefore administration staff, principal, network printers and servers have a 100mb connection each. The library is also wired like a classroom houseing 24 PC’s with room for expantion The library is also wired like a classroom houseing 24 PC’s with room for expantion 10 PC’s will be dedicated to administration 10 PC’s will be dedicated to administration 5 PC’s will be dedicated to the use of lecturers. 5 PC’s will be dedicated to the use of lecturers.

10 Wing 4 & Wing 5 & PE building

11 Wing 4 & 5 Each classroom has four CAT 5 Cable coming from the nearest IDF. Each classroom has four CAT 5 Cable coming from the nearest IDF. There are 17 Classrooms within the Wing 4 and 5, East and West. There are 17 Classrooms within the Wing 4 and 5, East and West. Each classroom houses 24 PC’s, 23 PC’s used by the Student’s and 1 used by the Lecturer. Each classroom houses 24 PC’s, 23 PC’s used by the Student’s and 1 used by the Lecturer. Every classroom has a wall mounted Cabinet positioned at the Data termination point where the four CAT 5 UTP cable are coming into the room. Every classroom has a wall mounted Cabinet positioned at the Data termination point where the four CAT 5 UTP cable are coming into the room. The Lecturers PC will use one of these cables directly The Lecturers PC will use one of these cables directly The 23 PC’s (students) will use the other cables, which will be attached to one of three hubs. The 23 PC’s (students) will use the other cables, which will be attached to one of three hubs.

12 Data Cabling Specifications Transport speeds will be Ethernet 10BaseT, 100BaseT and 100BaseFX. The Horizontal Cabling shall be standard Category 5E Unshielded Twisted Pair (CAT 5E UTP) with 100+ mbps capability. The Horizontal Cabling shall be standard Category 5E Unshielded Twisted Pair (CAT 5E UTP) with 100+ mbps capability. CAT 5E Plenum will be used in the drop ceilings and in the walls in order to comply with fire codes. CAT 5E Plenum will be used in the drop ceilings and in the walls in order to comply with fire codes. All vertical (backbone) cabling shall be Fiber optic Multimode cable. All vertical (backbone) cabling shall be Fiber optic Multimode cable. The cabling infrastructure shall comply with EIA/TIA 568 standards. The cabling infrastructure shall comply with EIA/TIA 568 standards.

13 Classroom Design Classroom Design There are a total of 35 classrooms There are a total of 35 classrooms Each classroom will support 24 workstations. Each classroom will support 24 workstations. Every classroom will have four CAT 5E UTP Cable runs stemming from the nearest Intermediate Distribution Facility (IDF). Every classroom will have four CAT 5E UTP Cable runs stemming from the nearest Intermediate Distribution Facility (IDF). One of the four data cables will be designated for teacher's workstation. One of the four data cables will be designated for teacher's workstation. The other data cables will be connected to one of three Hubs which will service only the Student’s Workstations. The other data cables will be connected to one of three Hubs which will service only the Student’s Workstations. This will also allow for expansion. This will also allow for expansion.

14 Classroom Context

15 IDF Design: IDF Design: The Intermediate Distribution Facilities (IDF) will be connected directly to the MDF in a extended star topology. The Intermediate Distribution Facilities (IDF) will be connected directly to the MDF in a extended star topology. There are six IDF’s located throughout the school with one IDF in each wing. There are six IDF’s located throughout the school with one IDF in each wing. Each IDF is equipped with a 24 port 10/100 Switch (Standard Edition) for the Student’s PC’s Each IDF is equipped with a 24 port 10/100 Switch (Standard Edition) for the Student’s PC’s A 12 port 10 Base T Switch Enterprise Edition which will be only for Lectures PC’s. A 12 port 10 Base T Switch Enterprise Edition which will be only for Lectures PC’s. This switch will support V-Lans. This switch will support V-Lans.

16 IDF

17 MDF Design MDF Design A Main Distribution Facility (MDF) room is established as the central Point of Presence (POP) to which all LAN and WAN cabling will be terminated and secured A Main Distribution Facility (MDF) room is established as the central Point of Presence (POP) to which all LAN and WAN cabling will be terminated and secured This room will house a Cisco 3640#1 Router,PIX firewall, WS- C1924C-EN Switch, WS-C1912C-EN#1 for Administration and the Five District Sservers. This room will house a Cisco 3640#1 Router,PIX firewall, WS- C1924C-EN Switch, WS-C1912C-EN#1 for Administration and the Five District Sservers. Application Application DNS DNS Email Email Library Library Administration Administration Two uninterruptible power supplies (UPS) will serve to provide back up protection against unexpected power outages. Two uninterruptible power supplies (UPS) will serve to provide back up protection against unexpected power outages.

18 Main Distribution Facility

19 Firewall

20 WAN Logical

21 WAN requirements 100 Mbps data delivery to any server host in the Network. 100 Mbps data delivery to any server host in the Network. Access to the Internet at District Office/Data Center via Frame Relay. Access to the Internet at District Office/Data Center via Frame Relay. Internet connectivity will employ a firewall architecture. Internet connectivity will employ a firewall architecture. All connections from the Internet into the District will be filtered by Access Control Lists. All connections from the Internet into the District will be filtered by Access Control Lists.

22 WAN requirements Cont Domain Names Service (DNS) and E-Mail Services are delivered in a hierarchical fashion Domain Names Service (DNS) and E-Mail Services are delivered in a hierarchical fashion PPP will be implemented on all routers, IGRP will be used for router update PPP will be implemented on all routers, IGRP will be used for router update CSU/DSU’s will be required for connection of school site routers to the district WAN CSU/DSU’s will be required for connection of school site routers to the district WAN

23 PIX 515 Firewall The PIX Firewall can protect one or more networks from intruders on an outer, unprotected network, multiple outside or perimeter networks The PIX Firewall can protect one or more networks from intruders on an outer, unprotected network, multiple outside or perimeter networks It provides enough power for over 50,000 concurrent connections and up to 170 Mbps of throughput. Connections between the networks can all be controlled by the PIX. It provides enough power for over 50,000 concurrent connections and up to 170 Mbps of throughput. Connections between the networks can all be controlled by the PIX. To effectively use the PIX a security policy should ensure that all traffic from the protected networks passes only through the firewall to the unprotected network. To effectively use the PIX a security policy should ensure that all traffic from the protected networks passes only through the firewall to the unprotected network. The PIX Firewall allows servers such as those for Web access, SNMP, electronic mail (SMTP) to be located in the protected network and controls who on the outside can access these servers. The PIX Firewall allows servers such as those for Web access, SNMP, electronic mail (SMTP) to be located in the protected network and controls who on the outside can access these servers. Typically, the inside network is an organization's own internal network, or intranet, and the outside network is the Internet, but the PIX Firewall can also be used within an intranet to isolate or protect one group of internal computing systems and users from another. Typically, the inside network is an organization's own internal network, or intranet, and the outside network is the Internet, but the PIX Firewall can also be used within an intranet to isolate or protect one group of internal computing systems and users from another.

24 IP Addressing We will use a class A addressing scheme. We will use a class A addressing scheme. 10.x.x.x 10.x.x.x Subnet mask 255.255.255.0 Subnet mask 255.255.255.0 Wing 1Class1 Wing 1Class1 Students10.1.1.(1-40) Students10.1.1.(1-40) Lecturer10.1.1.(41-50) Lecturer10.1.1.(41-50)

25 Ip Addressing scheme contd Wing 1Class 2 Wing 1Class 2 Students10.1.2.(1-40) Students10.1.2.(1-40) Lecturers10.1.2.(41-50) Lecturers10.1.2.(41-50) Wing 1Class 3 Wing 1Class 3 Students10.1.3.(1-40) Students10.1.3.(1-40) Lecturers10.1.3.(41-50) Lecturers10.1.3.(41-50) Wing 1 Class 4 Wing 1 Class 4 Students10.1.4.(1-40) Students10.1.4.(1-40) Lecturers10.1.4(41-50) Lecturers10.1.4(41-50)

26 Ip Addressing scheme contd. As before mentioned ip addressing scheme will continue to follow this pattern i.e. As before mentioned ip addressing scheme will continue to follow this pattern i.e. 10.?.x.x 10.?.x.x The ? Will change according to the different wings of the building and also in accordance with the MDF. The ? Will change according to the different wings of the building and also in accordance with the MDF. 10.x.?.x 10.x.?.x The ? Here will change in accordance to the different classrooms. The ? Here will change in accordance to the different classrooms. 10.x.x.? 10.x.x.? The ? Here changes in accordance with the host. The ? Here changes in accordance with the host.

27 MDF IP Addressing scheme MDF ip addressing scheme MDF ip addressing scheme 10.10.1.x 10.10.1.x The router 10.10.1.(1-10) The router 10.10.1.(1-10) Administration Server 10.10.1.11 Administration Server 10.10.1.11 Application Server 10.10.1.12 Application Server 10.10.1.12 DNS Server 10.10.1.13 DNS Server 10.10.1.13 Library Server 10.10.1.14 Library Server 10.10.1.14 Email Server10.10.1.15 Email Server10.10.1.15

28 Access control Lists Access control lists provide basic filtering capabilities and network security by blocking unwanted internet traffic, and limiting access to groups of computers or individual workstations. Access control lists provide basic filtering capabilities and network security by blocking unwanted internet traffic, and limiting access to groups of computers or individual workstations. ACL’s provide security to the network directly connected to the router. ACL’s provide security to the network directly connected to the router. ACL’s can be used to block applications ACL’s can be used to block applications Student using ftp download software. Student using ftp download software.

29 Access control lists contd. We will use access control lists to stop students from accessing administration & lecturer information. We will use access control lists to stop students from accessing administration & lecturer information. Also to prevent lecturers accessing administration information. Also to prevent lecturers accessing administration information. We will ensure that administration has access to all information students, lecturers and district office. We will ensure that administration has access to all information students, lecturers and district office. Access from the district office network into Desert View will be permitted. Access from the district office network into Desert View will be permitted. Also we will allow that lecturers can crossover into students information. Also we will allow that lecturers can crossover into students information.

30 VLAN’S The purpose of VLAN's are to create logical network segments of the physical LAN infrastructure resulting in multiple broadcast domains. The purpose of VLAN's are to create logical network segments of the physical LAN infrastructure resulting in multiple broadcast domains. This is also known as micro segmentation. Consequently, broadcast frames are only switched between the ports on the same VLAN. This is also known as micro segmentation. Consequently, broadcast frames are only switched between the ports on the same VLAN. Broadcast traffic within each segment is not transmitted outside the VLAN. Therefore, adjacent ports do not receive any broadcast traffic generated from other VLAN's. Broadcast traffic within each segment is not transmitted outside the VLAN. Therefore, adjacent ports do not receive any broadcast traffic generated from other VLAN's. This results in increased network performance. This results in increased network performance. Advantage Advantage VLAN's: the user can move to another area of the campus and still stay in the same VLAN group VLAN's: the user can move to another area of the campus and still stay in the same VLAN group Disadvantage Disadvantage VLANs initially require significant administrative overhead; however, the benefits far out way the cost because any subsequent adds, moves, and changes within the network are greatly simplified. An added benefit of VLAN's is the establishment of secure user groups. VLANs initially require significant administrative overhead; however, the benefits far out way the cost because any subsequent adds, moves, and changes within the network are greatly simplified. An added benefit of VLAN's is the establishment of secure user groups.

31 Conclusion In conclusion we feel that our design: Reaches initial traffic requirments to hosts. Reaches initial traffic requirments to hosts. Gives the students the same capabilities as teachers, but they are segemented and thus restricted in their access to internal school functions. Gives the students the same capabilities as teachers, but they are segemented and thus restricted in their access to internal school functions. It is a secure design. It is a secure design. Allows room for expansion. Allows room for expansion.


Download ppt "Networking Project Ailis&Louise. General Requirements The Washington School District is in the process of implementing an enterprise wide network which."

Similar presentations


Ads by Google