ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.
-
date post
22-Dec-2015 -
Category
Documents
-
view
219 -
download
0
Transcript of ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.
ACACIA
Threaded Case StudySeamus BurnsRonan ConaghanEugene Cullen
Requirements
Administration and Students to be logically divided via VLAN’sExpected lifetime of Network 7-10 yearsAllowed growth of 100x in LANThroughput of Wan can increase by 2xInternet Connection throughput can increase by 10xOnly TCP/IP and IPX protocols to be used
Logical Design
Physical Wiring Diagram:
VLAN’s
There will be two VLAN’s, one Administrative and one CurriculumVlans will be implemented at two switches -one in the IDF and one in the MDFExceptions will be made to facilitate the following
All students will be allowed to access the DNS and e-mail servers which are located on the administrative VLAN
All students will be allowed to access the library server which is also located on the administrative VLAN
Cabling
Cabling will have min 100Mbps capability 100 BaseTX Cat 5 UTP will be used in horizontal
cabling. This has a maximum run of 90M. Each classroom will be served by 4 Cat5 cables
1000BaseFX Multi-mode Fibre will be used in all vertical cabling applications. This means only two cables instead of several 100BaseFX cables. This future proofs us against cable bottlenecks in the backbone.
All servers will be connected back to switch with 1000BaseFX to safeguard against bottlenecks.
Classrooms
Each classroom has 4 data termination pointsEach classroom will have a lockable wall mounted closet where hubs will be located3 points for students via hubs1 point for direct connection to teachers PCNetwork printer will connect via hub
MDF Closet
Must be totally secureMust have temperature control Will be located in room with WAN POPAll servers will reside hereUPS will be located here also to allow servers to back up any data in the event of a power failure
MDF Closet (cont’d)
Will house an equipment rackRack will serve as cable termination pointRack will accept switches, router, patch panels
Closet Graphics (MDF)
IDF CLOSET
Application Server
Dns Server
Library Server
Work Group
Admin Server
Modular Servers
UPS
2610 Series Router
Retractable keyboard shelf
Monitor
WS-C3548-XL-EN Cisco Sw itch
24 Port Patch Panel
Fiber patch panel
24 Port Patch Panel
24 Port Patch Panel
24 Port Patch Panel
WS-C3548-XL-EN Cisco Sw itch
Closet Graphics (IDF)
IDF Cabinet
Work Group
Work GroupModular Servers
UPS
Retractable keyboard shelf
Monitor
WS-C3548-XL-EN Cisco Sw itch
24 Port Patch Panel
Fiber patch panel
24 Port Patch Panel
24 Port Patch Panel24 Port Patch Panel
WS-C3548-XL-EN Cisco Sw itch
Servers
DNS and E-Mail servers. Will act as a post office for the school Will maintain a complete record of staff and
students for that locationAdministrative Server For student tracking, attendance,grading, etc. Available only to admin staff and teachers Will run TCP/IP as its protocol suite
Workgroup servers Located to prevent unnecessary network
traffic
Servers(cont’d)
Library Server Research and retrieval system for online
research laboratory Will run TCP/IP as it’s protocol Available to everyone ie. Students and
staff
Application Server All computer applications to be housed
on this server
IP Addressing
One class C address allocated to schoolWe will use a class A addressing schemeImplemented via Network Address Translation on the RouterFurther enhanced by use of Port Address Translation
IP Addressing (cont’d)
Class A address 10. 10 . 10 . 1
Zone . Room No . Host
No
The curriculum lan will be assigned even numbers in the last octetThe administrative lan will be assigned odd numbers in the last octet
IP Addressing(cont’d)
Teachers PC will always be assigned number 1 in the last octet in all roomsMDF addresses 10.1.1.x(odd)IDF addresses 10.1.2.x(odd)The splitting of Administration and Curriculum addresses with even and odd numbers is to facilitate ACL’s
Access Control Lists (ACL’s)
ACL’s are implemented at the interfaces on the router to filter the flow of traffic across internal VLAN’s and to filter incoming and outgoing traffic.Proper implementation of ACL’s will allow access to all areas of the curriculum VLAN while at the same time preventing access to the administrative lan by any member of the curriculum lan
ACL’s (cont’d)
Implementation of An ACL on the wan side of the router will prevent any telnetting into the school networkACL’s allow a very concise level of traffic filtering down to individual host IP addresses so careful planning when allocating IP addresses optimizes their effectiveness
Example ACL
To prevent Telnet access into the school network Access list 101 deny any any eq
telnet
To allow students access to DNS and E-mail server Access list 101 permit 10.0.0.0
0.255.255.254 10.1.1.7 0.0.0.0
Firewall
2 Layer Firewall ACL’s & PixPIX is a Cisco hardware DevicePIX-1Ge-66 with Gigabit Eth. interfaceUses propietary operating systemPix will be implemented outside the school network to block all unsuitable dataACL’s act as second layer of firewall
Pros
Implementation of switching provides micro segmentation of networkRoom provided for expansionNAT hides internal pc’sUse of fibre guarantees bandwidthUse of VLAN’s provides internal security2 layer firewall for security
Cons
Expensive to implementTying network to proprietary productsincreases cost