Desert View TCS
description
Transcript of Desert View TCS
![Page 1: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/1.jpg)
Desert View TCS
By Charlene Cooley
and
Dan Austin
![Page 2: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/2.jpg)
User Requirements
7- to 10-year projected life– 100% WAN growth– 1,000% LAN growth
Speed– 1 Mbps for workstations– 100 Mbps for servers
Exclusively TCP/IP
![Page 3: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/3.jpg)
User Requirements (cont.)
Frame Relay for WAN transport 2 LANs per building
– student/curriculum– administrative
Switched LAN infrastructure
![Page 4: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/4.jpg)
User Requirements (cont.)
Classrooms– 24 workstations per classroom– 4 cable runs per classroom– switches located in lockable cabinets
File designation is enterprise or workgroup
![Page 5: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/5.jpg)
User Requirements (cont.)
DNS & E-mail– master servers at district office– distributed DNS servers in each building– each building has a host for DNS & E-mail,
and a directory of staff & students
![Page 6: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/6.jpg)
Topology Requirements Redundant paths between regional
servers Administrative server must be accessible
to teachers and staff in each building Library server must be available to entire
network Static IP for administrative hosts DHCP for student/curriculum hosts
![Page 7: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/7.jpg)
Security Requirements
General– no access from Internet to intranet– 2 physical LAN structures– double firewall
Access Control Lists– prevent access from student/curriculum
network to administrative network (with certain exceptions)
![Page 8: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/8.jpg)
LAN Cabling
![Page 9: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/9.jpg)
NETWORK DESIGN EXAMPLES
DESERT VIEW
![Page 10: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/10.jpg)
Catalyst 1900Classroom 1
Catalyst 1900Classroom 2
Catalyst 1900Classroom 3
Catalyst 1900Classroom 4
Catalyst 1900Library
100 Base-T 100 Base-T
100 Base-T
100 Base-T 100 Base-T
100 Base-T
Administrative
Netw ork
100 Base-T
Backbone
CSU/DSU
Frame Relay(1.54 Mbps)
100 Base-T 100 Base-T
100 Base-T
Cisco 2514
Library Server
Cisco Catalyst 1900(Teachers)
DHCP ServerApplication Server
Desert ViewClassroom Network Example
![Page 11: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/11.jpg)
100 Base-T
ClassroomNetw ork
100 Base-T
Backbone
CSU/DSU
Frame Relay(1.54 Mbps)
Admin 1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6
100 Base-T
100 Base-T
100 Base-T 100 Base-T100 Base-T
100 Base-T
100 Base-T 100 Base-T
100 Base-T
Catalyst 5000
100 Base-T
100 Base-T
DNS Server
Netw ork Management Server
E-mail Server
Cisco 2514
Administrative Server
Desert ViewAdministrative Network Example
Cisco Catalyst 1900
![Page 12: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/12.jpg)
100 Base-T
Backbone
CSU/DSU
Frame Relay(1.54 Mbps)
Admin1
Admin2
Admin3
Admin4
Admin5
Admin6
100 Base-T100 Base-T
100 Base-T 100 Base-T
100 Base-T 100 Base-T100 Base-T
100 Base-T
100 Base-T 100 Base-T
Catalyst 5000
CSU/DSU
Internet(POP)
Frame Relay(1.54 Mbps)
100 Base-T
Master NetworkManagement Server
Application Server
Administrative Server
Cisco 2514
E-mail Server
DNS Server
Desert ViewDistrict Network Example
![Page 13: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/13.jpg)
WAN OVERVIEW
DESERT VIEW
![Page 14: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/14.jpg)
Cisco 2514Serial Links
Regional Hub One
Cisco 2514Serial Links
Regional Hub Two
Cisco 2514Serial LinksDistrict Office
S0-DLCI100
S0-DLCI200
S0-DLCI300
S1-DLCI400
S1-DLCI500
S1-DLCI600
T1-1.544Mbps
T1-1.544Mbps
T1-1.544Mbps
FRAME RELAY WAN CONNECTIONS
![Page 15: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/15.jpg)
IP ADDRESSING SCHEME AND NAMING CONVENTION
DESERT VIEW
![Page 16: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/16.jpg)
IP Addressing Scheme for Desert View
Class B Address of 128.0.0.0/22 62 subnets
– Administrative subnets– Curriculum subnets– WAN subnets – Internet subnet
DHCP Servers will hold curriculum addresses
![Page 17: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/17.jpg)
Naming Convention
Administrators– building name/{office|classroom} number
Curriculum– building name/classroom number
![Page 18: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/18.jpg)
Network Management SNMP traps on network nodes CSWI Resource Manager & Campus
Network Management Software District Office
– master server collects information from regional hubs
Regional Hubs– will collect information from schools that are
attached
![Page 19: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/19.jpg)
DESERT VIEW SECURITY
DESERT VIEW
![Page 20: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/20.jpg)
ACLs
Standard ACL Applied to District Office Network (Incoming)
Standard ACL Applied to Administrative Networks (Incoming)
Extended ACL Applied to Classroom Network (Outgoing)
![Page 21: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/21.jpg)
Building 2Backbone - 128.0.28.0/22Classroom - 128.0.32.0/22
Administrative - 128.0.36.0/22
Frame Relay
Internet
District OfficeInternet - 128.0.4.0/22
Backbone - 128.0.8.0/22Administrative - 128.012.0/22
Desert ViewIP Addressing Scheme
Building 1Backbone - 128.0.16.0/22Classroom - 128.0.20.0/22
Administrative - 128.0.24.0/22
![Page 22: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/22.jpg)
ACLsDistrict Office Access-list 1 permit 128.0.24.0
0.0.3.255 Access-list 1 permit 128.0.36.0
0.0.3.255 Access-list 1 deny any any
Apply to E0 ip access-group 1 in
![Page 23: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/23.jpg)
ACLsBuilding 1 Access-list 2 permit
128.0.12.0 .0.0.3.255 Access-list 2 permit 128.0.36.0
0.0.3.255 Access-list 2 deny any any
Apply to E1 ip access-group 2 in
![Page 24: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/24.jpg)
ACLsBuilding 1 (Con’t) Access-list 101 permit tcp 128.0.20.0
0.0.3.255 eq smtp Access-list 101 permit udp 128.0.20.0
0.0.3.255 eq DNS Access-list 101 deny any any
Apply to E0 ip Access-group 101 out
![Page 25: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/25.jpg)
ACLsBuilding 2 Access-list 3 permit
128.0.12.0 .0.0.3.255 Access-list 3 permit 128.0.24.0
0.0.3.255 Access-list 3 deny any any
Apply to E1 ip access-group 3 in
![Page 26: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/26.jpg)
ACLsBuilding 2 (Con’t) Access-list 102 permit tcp 128.0.32.0
0.0.3.255 eq smtp Access-list 102 permit udp 128.0.32.0
0.0.3.255 eq DNS Access-list 102 deny any any
Apply to E0 ip Access-group 102 out
![Page 27: Desert View TCS](https://reader036.fdocuments.us/reader036/viewer/2022062409/56814ef3550346895dbc828e/html5/thumbnails/27.jpg)
QUESTIONS?
DESERT VIEW