THREADED CASE THREADED CASE STUDYSTUDY

SUNNYSLOPESUNNYSLOPE

Presented to

Michael Barrett and Paul Flynn

IntoductionIntoduction This is our presentation of the Threaded Case Study (TCS)

as part of our “Certificate in Computers IT Support”

TEAM: The team consists of Ken Henry, David Lynch and Rory Mc

Caffrey

GOAL: Our goal is to demonstrate our knowledge of Local Area

Network (LAN) design and implementation. For our project we are working on Sunnyslope Elementary School in the Washington Elementary School District.

BackgroundBackground The district presently includes 33 schools, a district office,

and a service center. This project will include connectivity between all district sites.

All computers within the district are to be able to access the internet. The district will implement a number of servers at the main office to most intranet and internet needs.

This network must be usable for the next 7-10 years and, therefore, must plan for 100x growth of LAN throughput, 2x growth in WAN core throughput, and 10x growth in Internet Connection throughput. All host computers must have a minimum of 1.0 Mbps throughput and all servers must have a 100Mbps throughput.

Physical LayoutPhysical Layout

Placement of MDFs and IDFs

Cable runs

Placement of switches and routers

Placement of servers

General RequirementsGeneral Requirements Placment of MDFs and IDFs

We chose our Main Distribution Facility in Building 300 West. This is the best location for the MDF because it is centrally located and contains the Point of Presence. It is also surrounded by administrators and faculty, so it maintains a high level of security at all times. The MDF covers only buildings 300 East, West, and the Computer Lab. Our IDFs are located in the following buildings: Maintenance, Building 200 West, Multi-Purpose Building, and Building 400 West. These are good locations because all rooms are away from school activity and in a safe closed off area

Cable RunsCable Runs

All backbone cabling from MDF to the IDFs will use multi-mode fiber optic cable. This benefits the network by not having to worry about unstable grounding techniques between buildings.

It also allows distances between the MDF and the IDFs to not pose a problem.

Placement of Switches and RoutersPlacement of Switches and Routers There is only one router in our entire network. It is placed

in our Main Distribution Facility and serves as the main communication device.

Switches are placed in every IDF and in our MDF. There is a switch in every room contained in a lockable

cabinet. While more expensive than a hub, switches will serve for future expansion more efficiently than a hub. If the available 24 hosts were needed in a room, then they would be collision free. All switches in rooms are terminated at the nearest MDF or IDF.

Placement of ServersPlacement of Servers

We chose to place the student servers together on a server switch. This switch resides in our MDF and is given 100 Mbps speed to the uplink. There is only one main server on this switch to begin with, but it remains for future needs for other servers. The administration server is running off of the router. This helps maintain logical security which will be discussed later on. The logic for there placement is in there classification. These main servers are enterprise servers and must be able to be reached by there entire networks. They will be easily administrated in one location and if need arise, future additions may be added to the server switch for additional enterprise servers. Although there will be no servers located in any IDFs, there is an extra 100 Mbps port available in each for possible future workgroup servers of any kind

Logical LayoutLogical Layout

Ip Addressing

V-Lan implementation

Broadcasts domains

Server applications

Routing protocol

Security

IP AddressingIP Addressing IP addressing will be configured using private Class A IP

addresses for both the administrations network and the student network. It was decided to logically administer the ip address in building which had MDF,S and IDF,S which gave us a a total of 5 buildings.

The network has a max of 7 IP address in each room dedicated to routers, servers, and printers for future growth.It also has a total of 65 address for students which is more than enough to cover a maximum of 1032 users if all 24 hosts were needed in every room.

There is also 190 addresses left in each room for administration.

IP Addressing continued:IP Addressing continued:

It was decided to give the lecture in each room an address of 10.x.x.65 and all would have the same address so when we were configuring access control list it would make it much easier.

Network address of 10.x.x.x will be configured accordingly. The subnet for the network will be 255.0.0.0

IP Addressing systemIP Addressing system

MDF IP address for this building is 10.1.X.X Within the room where the MDF is housed an address of

10.1.1.(1-7) is for router, server, printers etc. An address of 10.1.1.(8-63) for Students And an address of 10.1.1.(64-254) for Administration An address of 10.1.1.65 is dedicated to lectures with in this

room. NB. The same was done for all rooms in this building

An address of 10.1.2.X for room 2 with the same addresses for Servers-Students-and admin.

IP Address System Cont.IP Address System Cont.

IDF 1 IP address for this building is 10.2.X.X Within the room where the IDF are housed an address of

10.2.1.(1-7) server, printers etc. An address of 10.2.1.(8-63) for Students And an address of 10.2.1.(64-254) for Administration An address of 10.2.1.65 is dedicated to lectures with in this

room. NB. The same was done for all rooms in this building

An address of 10.2.2.X for room 2 with the same addresses for Servers-Students-and admin.

IP Address System cont.IP Address System cont.

This address system was carried out on all the other buildings which had IDF’S

It gave us a total of 5 different buildings

All of these buildings we made into

V-LAN’s

Entire network BackboneEntire network Backbone

MDFMDF

IDF 1IDF 1

IDF 2IDF 2

IDF 3IDF 3

IDF 4IDF 4

Router ConnectionsRouter Connections

V-lan LayoutV-lan Layout

V-LAN ImpementationV-LAN Impementation

VLANS are a very important part of the network setup. Although the administration and students are on two separate networks, they still run through the same switches at layer two encapsulation processes. Therefore the Administration will be configured on VLAN 1 and the students on VLANs 2-6.

We have decided to allow communication between student VLANs and allow administration access to all VLANs through two trunk ports. These trunk ports will allow VLANs to communicate while maintaining a level of security. VLANs are also an important part of keeping our broadcast domains at a minimum level.

VV-LAN -LAN CContinuedontinued All buildings which had a MDF or IDF was made into a V-LAN. 6 in

all. Both trunk ports will be located on the server switch and be regular

10/100 Mbps running at full duplex. One trunk port will be for administration and the other for students.

Any student port coming out of IDF 1 will be on VLAN 2. Any student port coming out of IDF 2 will be on VLAN 3. Any student port coming out of the MDF will be on VLAN 4. Any student port coming out of IDF 3 will be on VLAN 5 And any student port coming out of IDF4 will be on VLAN 6. Any port that is not in use will be assigned to the student VLAN for

that MDF/IDF.

Trunking ports on V-LANSTrunking ports on V-LANS

These trunk ports will allow VLANs to communicate while maintaining a level of security. VLANs are also an important part of keeping our broadcast domains at a minimum level.

VLANs are also an important part of keeping our broadcast domains at a minimum level.

Both trunk ports will be located on the server switch and be regular 10/100 Mbps running at full duplex.

One trunk port will be for administration and the other for students.

Broadcast DomainsBroadcast Domains

With a possible user count of 1032 in the student network, broadcasts are bound to be a problem. With the help of VLANs and the router, the network can remain at a low congested stated.

Each VLAN will hold its own broadcast domain and not allow broadcasts from other VLANs to intrude. Although the student VLANs can communicate with each other, the router breaks up the VLANs into and separates them to their proper domain.

Braodcast DomainsBraodcast Domains

Server ApplicationsServer Applications

Each server in the MDF will run their own applications. The student server will serve as the main DNS server, The student server will provide any needed applications to the student network. These applications could include a student directory for school files or direct e-mail to teachers for questions.

The administration runs off of the router and will allow access for administrative services. This will be the teachers main DNS and maintain administrative applications such as direct attendance programs and e-mail. Having these applications on separate servers allows for a high level of security and growth for the future of the network.

Server PlacementServer Placement

Routing ProtocolRouting Protocol

Since there is only one router in the Sunnyslope network, the routing protocol will simply be for the WAN link to the pop. Any other school communicating on the same network will be able route packets to our router and vise versa.

The routing protocol that is going to be configured this network’s router is IGRP. This way there will be a guarantee that other school’s packets won’t be discarded because of hop count. Also with IGRP’s autonomous system number there will be an additional security measure.

Physical SecurityPhysical Security Each and every IDF as well as the MDF contains a

lockable cabinet. These will be used to organize and keep all unauthorized personnel away from the actual router, switches and servers if the room might be penetrated.

Each room will also have a lockable cabinet so that devices may not be tampered with by any unauthorized person.

Logical SecurityLogical Security

The logical security of the network contains almost all levels of security on the OSI layer. We have already discussed the physical security, but the logical portion of VLANs play a very important roll in the network’s security.

VLANs make the network secure in one way by not

allowing the student VLANs to communicate to the Administration VLAN. In this way, we can provide a totally switched environment with very little ACL’s to keep students out of the administration network.

Wan DesignWan Design

All schools will be connected through point-to-point connections to a regional hub. There will be a regional hub at the district office, service center, and Shaw Butte Elementary School.

All point-to-point connections will be running at a T1 connection speed and internet connections to schools will be provided by the district office through frame relay

PPP Configuration:PPP Configuration: PPP is a very important part of the Wan Design. It will allow for full use of

bandwidth with its capability of network protocol multiplexing. It is reliable with its link configuration and quality testing. It also provides for error detection and allows for the use of the Dynamic Control Host Protocol. PPP is an ideal layer two encapsulation WAN protocol for our design because of these features. As opposed to a packet-switched, virtual circuit protocol such as Frame Relay, it is a dedicated link that will be useful in the connections between the schools and the offices; these are the places where we will want the most reliability and error detection.

Although Frame Relay is cost effective and fast, it would not provide the reliability needed to these points. PPP also has an optional authentication phase that can use CHAP and/or PAP to protect unauthorized traffic through the connected routers. In our case we will use CHAP because it provides encrypted passwords from router to router.

ISDNISDN

ISDN is an alternative to leased lines.

It generally is used for networking small LANS.

FRAME RELAYFRAME RELAY

Frame Relay will be our main type of connection for internet services. It is a very high performance and efficient data technology. It operates at the physical and data link layers

The main Frame Relay connection will be through the data center. Since there is only one PVC we will not have to configure any additional sub-interfaces.

Access Control ListsAccess Control Lists

The ACL.S will be set up at the router allowing students access to nothing but the internet on e1.

An Access list will also be set up for filtering WAN activies.

An access list will be set up for Admin Server

Equipment Used in Network Equipment Used in Network DesignDesign

Router – Cisco 4500m- Quantity 1 Router Accessories – NP-2E module consisting of 2

ethernet ports-Quantity 2 Switches - WS-C1912-EN Quantity 3

WS-1912-EN Quantity 4 WS-C2828-EN Quantity 1

Switch Accessories 4 port 100B FX Module 1 port 100B TX Module 4 Lockable Cabinets-For IDFs-50-70381 1 Lockable Cabinet -For MDF-50-70244

Pros of this Network DesignPros of this Network Design

Speed: With fiber going to each switch, there is 1 gigabit of bandwidth available with possible improvements in technology.

Less interference: Fiber has less interference from magnetic fields.

Non-centralised: Control is closer, if there is a local problem.

There is room for future growth in this network.

Cons of this Network DesignCons of this Network Design

Non- Centralised: With an IDF in each building there may be difficulty locating a problem.

Cost: The quantity of switches and fibre needed has increased the cost.

Security: With many locations, there is more of a possibility of break-in or theft.