Download presentation
Presentation is loading. Please wait.
1
THREADED CASE STUDY SUNNYSLOPE Presented to Michael Barrett and Paul Flynn
2
Intoduction This is our presentation of the Threaded Case Study (TCS) as part of our “Certificate in Computers IT Support” TEAM: The team consists of Ken Henry, David Lynch and Rory Mc Caffrey GOAL: Our goal is to demonstrate our knowledge of Local Area Network (LAN) design and implementation. For our project we are working on Sunnyslope Elementary School in the Washington Elementary School District.
3
Background The district presently includes 33 schools, a district office, and a service center. This project will include connectivity between all district sites. All computers within the district are to be able to access the internet. The district will implement a number of servers at the main office to most intranet and internet needs. This network must be usable for the next 7-10 years and, therefore, must plan for 100x growth of LAN throughput, 2x growth in WAN core throughput, and 10x growth in Internet Connection throughput. All host computers must have a minimum of 1.0 Mbps throughput and all servers must have a 100Mbps throughput.
4
Physical Layout Placement of MDFs and IDFs Cable runs Placement of switches and routers Placement of servers
5
General Requirements Placment of MDFs and IDFs We chose our Main Distribution Facility in Building 300 West. This is the best location for the MDF because it is centrally located and contains the Point of Presence. It is also surrounded by administrators and faculty, so it maintains a high level of security at all times. The MDF covers only buildings 300 East, West, and the Computer Lab. Our IDFs are located in the following buildings: Maintenance, Building 200 West, Multi-Purpose Building, and Building 400 West. These are good locations because all rooms are away from school activity and in a safe closed off area
6
Cable Runs All backbone cabling from MDF to the IDFs will use multi-mode fiber optic cable. This benefits the network by not having to worry about unstable grounding techniques between buildings. It also allows distances between the MDF and the IDFs to not pose a problem.
7
Placement of Switches and Routers There is only one router in our entire network. It is placed in our Main Distribution Facility and serves as the main communication device. Switches are placed in every IDF and in our MDF. There is a switch in every room contained in a lockable cabinet. While more expensive than a hub, switches will serve for future expansion more efficiently than a hub. If the available 24 hosts were needed in a room, then they would be collision free. All switches in rooms are terminated at the nearest MDF or IDF.
8
Placement of Servers We chose to place the student servers together on a server switch. This switch resides in our MDF and is given 100 Mbps speed to the uplink. There is only one main server on this switch to begin with, but it remains for future needs for other servers. The administration server is running off of the router. This helps maintain logical security which will be discussed later on. The logic for there placement is in there classification. These main servers are enterprise servers and must be able to be reached by there entire networks. They will be easily administrated in one location and if need arise, future additions may be added to the server switch for additional enterprise servers. Although there will be no servers located in any IDFs, there is an extra 100 Mbps port available in each for possible future workgroup servers of any kind
9
Logical Layout Ip Addressing V-Lan implementation Broadcasts domains Server applications Routing protocol Security
10
IP Addressing IP addressing will be configured using private Class A IP addresses for both the administrations network and the student network. It was decided to logically administer the ip address in building which had MDF,S and IDF,S which gave us a a total of 5 buildings. The network has a max of 7 IP address in each room dedicated to routers, servers, and printers for future growth.It also has a total of 65 address for students which is more than enough to cover a maximum of 1032 users if all 24 hosts were needed in every room. There is also 190 addresses left in each room for administration.
11
IP Addressing continued: It was decided to give the lecture in each room an address of 10.x.x.65 and all would have the same address so when we were configuring access control list it would make it much easier. Network address of 10.x.x.x will be configured accordingly. The subnet for the network will be 255.0.0.0
12
IP Addressing system MDF IP address for this building is 10.1.X.X Within the room where the MDF is housed an address of 10.1.1.(1-7) is for router, server, printers etc. An address of 10.1.1.(8-63) for Students And an address of 10.1.1.(64-254) for Administration An address of 10.1.1.65 is dedicated to lectures with in this room. NB. The same was done for all rooms in this building An address of 10.1.2.X for room 2 with the same addresses for Servers-Students-and admin.
13
IP Address System Cont. IDF 1 IP address for this building is 10.2.X.X Within the room where the IDF are housed an address of 10.2.1.(1-7) server, printers etc. An address of 10.2.1.(8-63) for Students And an address of 10.2.1.(64-254) for Administration An address of 10.2.1.65 is dedicated to lectures with in this room. NB. The same was done for all rooms in this building An address of 10.2.2.X for room 2 with the same addresses for Servers-Students-and admin.
14
IP Address System cont. This address system was carried out on all the other buildings which had IDF’S It gave us a total of 5 different buildings All of these buildings we made into V-LAN’s
15
Entire network Backbone
16
MDF
17
IDF 1
18
IDF 2
19
IDF 3
20
IDF 4
21
Router Connections
22
V-lan Layout
23
V-LAN Impementation VLANS are a very important part of the network setup. Although the administration and students are on two separate networks, they still run through the same switches at layer two encapsulation processes. Therefore the Administration will be configured on VLAN 1 and the students on VLANs 2-6. We have decided to allow communication between student VLANs and allow administration access to all VLANs through two trunk ports. These trunk ports will allow VLANs to communicate while maintaining a level of security. VLANs are also an important part of keeping our broadcast domains at a minimum level.
24
V-LAN Continued All buildings which had a MDF or IDF was made into a V-LAN. 6 in all. Both trunk ports will be located on the server switch and be regular 10/100 Mbps running at full duplex. One trunk port will be for administration and the other for students. Any student port coming out of IDF 1 will be on VLAN 2. Any student port coming out of IDF 2 will be on VLAN 3. Any student port coming out of the MDF will be on VLAN 4. Any student port coming out of IDF 3 will be on VLAN 5 And any student port coming out of IDF4 will be on VLAN 6. Any port that is not in use will be assigned to the student VLAN for that MDF/IDF.
25
Trunking ports on V-LANS These trunk ports will allow VLANs to communicate while maintaining a level of security. VLANs are also an important part of keeping our broadcast domains at a minimum level. VLANs are also an important part of keeping our broadcast domains at a minimum level. Both trunk ports will be located on the server switch and be regular 10/100 Mbps running at full duplex. One trunk port will be for administration and the other for students.
26
Broadcast Domains With a possible user count of 1032 in the student network, broadcasts are bound to be a problem. With the help of VLANs and the router, the network can remain at a low congested stated. Each VLAN will hold its own broadcast domain and not allow broadcasts from other VLANs to intrude. Although the student VLANs can communicate with each other, the router breaks up the VLANs into and separates them to their proper domain.
27
Braodcast Domains
28
Server Applications Each server in the MDF will run their own applications. The student server will serve as the main DNS server, The student server will provide any needed applications to the student network. These applications could include a student directory for school files or direct e-mail to teachers for questions. The administration runs off of the router and will allow access for administrative services. This will be the teachers main DNS and maintain administrative applications such as direct attendance programs and e-mail. Having these applications on separate servers allows for a high level of security and growth for the future of the network.
29
Server Placement
30
Routing Protocol Since there is only one router in the Sunnyslope network, the routing protocol will simply be for the WAN link to the pop. Any other school communicating on the same network will be able route packets to our router and vise versa. The routing protocol that is going to be configured this network’s router is IGRP. This way there will be a guarantee that other school’s packets won’t be discarded because of hop count. Also with IGRP’s autonomous system number there will be an additional security measure.
31
Physical Security Each and every IDF as well as the MDF contains a lockable cabinet. These will be used to organize and keep all unauthorized personnel away from the actual router, switches and servers if the room might be penetrated. Each room will also have a lockable cabinet so that devices may not be tampered with by any unauthorized person.
32
Logical Security The logical security of the network contains almost all levels of security on the OSI layer. We have already discussed the physical security, but the logical portion of VLANs play a very important roll in the network’s security. VLANs make the network secure in one way by not allowing the student VLANs to communicate to the Administration VLAN. In this way, we can provide a totally switched environment with very little ACL’s to keep students out of the administration network.
33
Wan Design All schools will be connected through point-to-point connections to a regional hub. There will be a regional hub at the district office, service center, and Shaw Butte Elementary School. All point-to-point connections will be running at a T1 connection speed and internet connections to schools will be provided by the district office through frame relay
34
PPP Configuration: PPP is a very important part of the Wan Design. It will allow for full use of bandwidth with its capability of network protocol multiplexing. It is reliable with its link configuration and quality testing. It also provides for error detection and allows for the use of the Dynamic Control Host Protocol. PPP is an ideal layer two encapsulation WAN protocol for our design because of these features. As opposed to a packet-switched, virtual circuit protocol such as Frame Relay, it is a dedicated link that will be useful in the connections between the schools and the offices; these are the places where we will want the most reliability and error detection. Although Frame Relay is cost effective and fast, it would not provide the reliability needed to these points. PPP also has an optional authentication phase that can use CHAP and/or PAP to protect unauthorized traffic through the connected routers. In our case we will use CHAP because it provides encrypted passwords from router to router.
35
ISDN ISDN is an alternative to leased lines. It generally is used for networking small LANS.
36
FRAME RELAY Frame Relay will be our main type of connection for internet services. It is a very high performance and efficient data technology. It operates at the physical and data link layers The main Frame Relay connection will be through the data center. Since there is only one PVC we will not have to configure any additional sub-interfaces.
37
Access Control Lists The ACL.S will be set up at the router allowing students access to nothing but the internet on e1. An Access list will also be set up for filtering WAN activies. An access list will be set up for Admin Server
38
Equipment Used in Network Design Router – Cisco 4500m-Quantity 1 Router Accessories – NP-2E module consisting of 2 ethernet ports-Quantity 2 Switches - WS-C1912-ENQuantity 3 WS-1912-ENQuantity 4 WS-C2828-ENQuantity 1 Switch Accessories 4 port 100B FX Module 1 port 100B TX Module 4 Lockable Cabinets-For IDFs-50-70381 1 Lockable Cabinet -For MDF-50-70244
39
Pros of this Network Design Speed: With fiber going to each switch, there is 1 gigabit of bandwidth available with possible improvements in technology. Less interference: Fiber has less interference from magnetic fields. Non-centralised: Control is closer, if there is a local problem. There is room for future growth in this network.
40
Cons of this Network Design Non- Centralised: With an IDF in each building there may be difficulty locating a problem. Cost: The quantity of switches and fibre needed has increased the cost. Security: With many locations, there is more of a possibility of break-in or theft.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.