Post on 04-Jan-2016
Desert View TCS
By Charlene Cooley
and
Dan Austin
User Requirements
7- to 10-year projected life– 100% WAN growth– 1,000% LAN growth
Speed– 1 Mbps for workstations– 100 Mbps for servers
Exclusively TCP/IP
User Requirements (cont.)
Frame Relay for WAN transport 2 LANs per building
– student/curriculum– administrative
Switched LAN infrastructure
User Requirements (cont.)
Classrooms– 24 workstations per classroom– 4 cable runs per classroom– switches located in lockable cabinets
File designation is enterprise or workgroup
User Requirements (cont.)
DNS & E-mail– master servers at district office– distributed DNS servers in each building– each building has a host for DNS & E-mail,
and a directory of staff & students
Topology Requirements Redundant paths between regional
servers Administrative server must be accessible
to teachers and staff in each building Library server must be available to entire
network Static IP for administrative hosts DHCP for student/curriculum hosts
Security Requirements
General– no access from Internet to intranet– 2 physical LAN structures– double firewall
Access Control Lists– prevent access from student/curriculum
network to administrative network (with certain exceptions)
LAN Cabling
NETWORK DESIGN EXAMPLES
DESERT VIEW
Catalyst 1900Classroom 1
Catalyst 1900Classroom 2
Catalyst 1900Classroom 3
Catalyst 1900Classroom 4
Catalyst 1900Library
100 Base-T 100 Base-T
100 Base-T
100 Base-T 100 Base-T
100 Base-T
Administrative
Netw ork
100 Base-T
Backbone
CSU/DSU
Frame Relay(1.54 Mbps)
100 Base-T 100 Base-T
100 Base-T
Cisco 2514
Library Server
Cisco Catalyst 1900(Teachers)
DHCP ServerApplication Server
Desert ViewClassroom Network Example
100 Base-T
ClassroomNetw ork
100 Base-T
Backbone
CSU/DSU
Frame Relay(1.54 Mbps)
Admin 1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6
100 Base-T
100 Base-T
100 Base-T 100 Base-T100 Base-T
100 Base-T
100 Base-T 100 Base-T
100 Base-T
Catalyst 5000
100 Base-T
100 Base-T
DNS Server
Netw ork Management Server
E-mail Server
Cisco 2514
Administrative Server
Desert ViewAdministrative Network Example
Cisco Catalyst 1900
100 Base-T
Backbone
CSU/DSU
Frame Relay(1.54 Mbps)
Admin1
Admin2
Admin3
Admin4
Admin5
Admin6
100 Base-T100 Base-T
100 Base-T 100 Base-T
100 Base-T 100 Base-T100 Base-T
100 Base-T
100 Base-T 100 Base-T
Catalyst 5000
CSU/DSU
Internet(POP)
Frame Relay(1.54 Mbps)
100 Base-T
Master NetworkManagement Server
Application Server
Administrative Server
Cisco 2514
E-mail Server
DNS Server
Desert ViewDistrict Network Example
WAN OVERVIEW
DESERT VIEW
Cisco 2514Serial Links
Regional Hub One
Cisco 2514Serial Links
Regional Hub Two
Cisco 2514Serial LinksDistrict Office
S0-DLCI100
S0-DLCI200
S0-DLCI300
S1-DLCI400
S1-DLCI500
S1-DLCI600
T1-1.544Mbps
T1-1.544Mbps
T1-1.544Mbps
FRAME RELAY WAN CONNECTIONS
IP ADDRESSING SCHEME AND NAMING CONVENTION
DESERT VIEW
IP Addressing Scheme for Desert View
Class B Address of 128.0.0.0/22 62 subnets
– Administrative subnets– Curriculum subnets– WAN subnets – Internet subnet
DHCP Servers will hold curriculum addresses
Naming Convention
Administrators– building name/{office|classroom} number
Curriculum– building name/classroom number
Network Management SNMP traps on network nodes CSWI Resource Manager & Campus
Network Management Software District Office
– master server collects information from regional hubs
Regional Hubs– will collect information from schools that are
attached
DESERT VIEW SECURITY
DESERT VIEW
ACLs
Standard ACL Applied to District Office Network (Incoming)
Standard ACL Applied to Administrative Networks (Incoming)
Extended ACL Applied to Classroom Network (Outgoing)
Building 2Backbone - 128.0.28.0/22Classroom - 128.0.32.0/22
Administrative - 128.0.36.0/22
Frame Relay
Internet
District OfficeInternet - 128.0.4.0/22
Backbone - 128.0.8.0/22Administrative - 128.012.0/22
Desert ViewIP Addressing Scheme
Building 1Backbone - 128.0.16.0/22Classroom - 128.0.20.0/22
Administrative - 128.0.24.0/22
ACLsDistrict Office Access-list 1 permit 128.0.24.0
0.0.3.255 Access-list 1 permit 128.0.36.0
0.0.3.255 Access-list 1 deny any any
Apply to E0 ip access-group 1 in
ACLsBuilding 1 Access-list 2 permit
128.0.12.0 .0.0.3.255 Access-list 2 permit 128.0.36.0
0.0.3.255 Access-list 2 deny any any
Apply to E1 ip access-group 2 in
ACLsBuilding 1 (Con’t) Access-list 101 permit tcp 128.0.20.0
0.0.3.255 eq smtp Access-list 101 permit udp 128.0.20.0
0.0.3.255 eq DNS Access-list 101 deny any any
Apply to E0 ip Access-group 101 out
ACLsBuilding 2 Access-list 3 permit
128.0.12.0 .0.0.3.255 Access-list 3 permit 128.0.24.0
0.0.3.255 Access-list 3 deny any any
Apply to E1 ip access-group 3 in
ACLsBuilding 2 (Con’t) Access-list 102 permit tcp 128.0.32.0
0.0.3.255 eq smtp Access-list 102 permit udp 128.0.32.0
0.0.3.255 eq DNS Access-list 102 deny any any
Apply to E0 ip Access-group 102 out
QUESTIONS?
DESERT VIEW