Desert View TCS By Charlene Cooley and Dan Austin

User Requirements n 7- to 10-year projected life –100% WAN growth –1,000% LAN growth n Speed –1 Mbps for workstations –100 Mbps for servers n Exclusively TCP/IP

User Requirements (cont.) n Frame Relay for WAN transport n 2 LANs per building –student/curriculum –administrative n Switched LAN infrastructure

User Requirements (cont.) n Classrooms –24 workstations per classroom –4 cable runs per classroom –switches located in lockable cabinets n File designation is enterprise or workgroup

User Requirements (cont.) n DNS & –master servers at district office –distributed DNS servers in each building –each building has a host for DNS & , and a directory of staff & students

Topology Requirements n Redundant paths between regional servers n Administrative server must be accessible to teachers and staff in each building n Library server must be available to entire network n Static IP for administrative hosts n DHCP for student/curriculum hosts

Security Requirements n General –no access from Internet to intranet –2 physical LAN structures –double firewall n Access Control Lists –prevent access from student/curriculum network to administrative network (with certain exceptions)

LAN Cabling

NETWORK DESIGN EXAMPLES DESERT VIEW

WAN OVERVIEW DESERT VIEW

IP ADDRESSING SCHEME AND NAMING CONVENTION DESERT VIEW

IP Addressing Scheme for Desert View n Class B Address of /22 n 62 subnets –Administrative subnets –Curriculum subnets –WAN subnets –Internet subnet n DHCP Servers will hold curriculum addresses

Naming Convention n Administrators –building name/{office|classroom} number n Curriculum –building name/classroom number

Network Management n SNMP traps on network nodes n CSWI Resource Manager & Campus Network Management Software n District Office –master server collects information from regional hubs n Regional Hubs –will collect information from schools that are attached

DESERT VIEW SECURITY DESERT VIEW

ACLs n Standard ACL Applied to District Office Network (Incoming) n Standard ACL Applied to Administrative Networks (Incoming) n Extended ACL Applied to Classroom Network (Outgoing)

ACLs District Office n Access-list 1 permit n Access-list 1 permit n Access-list 1 deny any any Apply to E0 n ip access-group 1 in

ACLs Building 1 n Access-list 2 permit n Access-list 2 permit n Access-list 2 deny any any Apply to E1 n ip access-group 2 in

ACLs Building 1 (Con’t) n Access-list 101 permit tcp eq smtp n Access-list 101 permit udp eq DNS n Access-list 101 deny any any Apply to E0 n ip Access-group 101 out

ACLs Building 2 n Access-list 3 permit n Access-list 3 permit n Access-list 3 deny any any Apply to E1 n ip access-group 3 in

ACLs Building 2 (Con’t) n Access-list 102 permit tcp eq smtp n Access-list 102 permit udp eq DNS n Access-list 102 deny any any Apply to E0 n ip Access-group 102 out

QUESTIONS? DESERT VIEW