Washington School District Project. General Requirements: Functional =7-10 Years 100X Growth in LAN...
-
Upload
eric-rodgers -
Category
Documents
-
view
216 -
download
0
Transcript of Washington School District Project. General Requirements: Functional =7-10 Years 100X Growth in LAN...
Washington School District Project
General Requirements:
• Functional =7-10 Years
• 100X Growth in LAN
• 2X Growth in WAN
• 10X Growth in Internet Connectivity
4-T1T1
T1
T1
T1
4-T1 4-T1
Desert View
R. E. Miller
AcaciaData Center Service Center
Shaw Butte
4-T1
Initial Assumptions:• 1 Mbps Hosts• 100 Mbps Servers
Protocols Allowed = TCP/IP and IPX
Present State of Network
Present State of NetworkNumber of Users:
Region Hub 1: One District Office/Data Center[75(A)+11[250(C) + 75(A)]=3650 connectionsRegion Hub 2: One Service Center[75(A)+11[250(C) + 75(A)]=3650 connectionsRegion Hub 3: Shaw Butte[11[250(C) + 75(A)]=3575 connections
Total = 10875 connections
Each Class Room is 24 Student + 1 Teacher= 25 connections Per Class roomsWith 250/25=10 Class rooms Need Wiring
DS3
DS3DS3
Desert View
R. E. Miller
Acacia
Data Center Service Center
Shaw Butte
DS3
DS3DS3
DS3
DS2
DS2
DS2
To Meet Requirements:• 2X WAN Core DS3• 10X Internet DS3
• Frame Relay with Backup PVC’s
Wan Connections
R. E. Miller
Local Area Network & Wiring Scheme
Local Area Network & Wiring Scheme
• Gigabit Switches Available for backbone From Switch to Switch• MDF 5500 Chassis Router• Extra - We have decided to put in a WIC Card for integrating the PBX to create a uniform dial Plan ability ( 4 Digit Dialing)
• (100X) Growth in LAN Criteria has been met
Local Area Network & Wiring Scheme
6 Services Per School & District Offices• DNS• DHCP• SNMP• Administrative• Library• Application
At District only• TFTP server • Larger Scale servers
Each Server will have its own backup service
Enterprise Class Servers• DNS, DHCP, E-Mail• Application • Library Server
Workgroup Class Servers• SNMP, HP-Open view• Administration• TFTP
District Supplied Servers and Functions
DS3
DS3DS3
Desert View
R. E. Miller
Acacia
Data Center Service Center
Shaw Butte
DS3
DS3DS3
DS3
DS2
DS2
DS2
Firew all
Web ServerDNS
HP Open viewSNMP
Monitoring Tools
AdministrationApplication DNS
DHCPEMail
Library Serv er
TFTPMonitoring Tools
District Supplied Servers and Functions
USER ID and PASSWORD POLICY
1. USER ID· First six digits of last name, First initial of first name, number· (SmithJ1, SmithJ2, JohnsoM1) 2. PASSWORD· Maximum Password Age – 30 days· Minimum Password Age – 30 days· Minimum Password Length – 8 characters· Password Uniqueness – 12· Account Lockout
Security
•stable routing in very large or complex networks. (No routing loops) •fast response to changes in network topology •low overhead•splitting traffic among several parallel routes taking into account error rates and level of traffic on different paths
IGRP
Addressing and ManagementUsing Class B Addressing3 Subnets
• Router gateway • Administrative • Curriculum
2 Subnets Unused
Static addressing for Administrative Subnet
Curriculum addressing will be provided by VLAN and DHCP
Borrowing 8-bits will allow for up to 254 usable with subnet masks of 255.255.255.0
Administrativ e Curriculum
Addressing and ManagementSchool Gateway Host Range Broadcast Subnet Mask VLANDesert view 160.10.0.1 160.10.0.2-160.10.0.254 160.10.0.255 255.255.255.0
160.10.1.1 160.10.1.2-160.10.1.254 160.10.1.255 255.255.255.0 Admin160.10.2.1 160.10.2.2-160.10.2.254 160.10.2.255 255.255.255.0 Student
Acacia 160.10.5.1 160.10.5.2-160.10.5.254 160.10.5.255 255.255.255.0160.10.6.1 160.10.6.2-160.10.6.254 160.10.6.255 255.255.255.0 Admin160.10.7.1 160.10.7.2-160.10.7.254 160.10.7.255 255.255.255.0 Student
REMiller 160.10.10.1 160.10.10.2-160.10.10.254 160.10.10.255 255.255.255.0160.10.11.1 160.10.11.2-160.10.11.254 160.10.11.255 255.255.255.0 Admin160.10.12.1 160.10.12.2-160.10.12.254 160.10.12.255 255.255.255.0 Student
Security
Data Center ACL's: Data Center2 (config)#access-list 101 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 established Data Center2 (config) # interface SO Data Center2 (config-if)# ip access-group 101 out R.E.Miller ACL's: R.E.Miller(config)#access-list 103 permit tcp any 160.10.2.2 0.0.0.0 eq 25 R.E.Miller(config)#access-list 103 permit tcp any 160.10.2.2 0.0.0.0 eq 53 R.E.Miller(config)#access-list 103 deny ip 160.10.1.0 0.0.0.255 160.10.2.0 0.0.0.255 R.E.Miller(config)#access-list 103 permit ip any any R.E.Miller(config)# interface E1 R.E.Miller(config-if)# ip access-group 103 outR.E.Miller(config)#access-list 105 deny tcp 160.10.1.0 0.0.0.255 any eq 21 R.E.Miller(config)#access-list 105 deny tcp 160.10.1.0 0.0.0.255 any eq 23 R.E.Miller(config)#access-list 105 permit ip any any R.E.Miller(config)# interface E0 R.E.Miller(config-if)# ip access-group 105 in
ACL
FirewallBlock intrusion with firewall and intrusion detection software
Also utilizing ACL list
Firewall Router
Ditrict Router
Outside Web ServiceEmailDNS
IDF SwitchesCatalyst 3548 XL Enterprise Edition WSC3548-XL-EN $4,995
Gigabit uplinks Multimode fiber Stackable VLAN Support
MDF Routers and Switches
1 WAN Connection
108 Fast Ethernet Connections
9 Multimode Fiber connections
Total List cost $85,465
District MDF Routers and Switches3 Wan Connections
108 Fast Ethernet Connections
Total List Cost $72,460
Firewall RouterCisco 7120
Cisco PIX Firewall Software with Intrusion Detection
Total List Cost $41,000
Total Cost 30 IDF Switches $149,8503 MDF Switches $256,3953 District MDF Switches $217,3801 Firewall Router $ 41,000
Total List Cost $627,725* Discount of 40% *.6Total Parts Cost $376,635
Labor is $50 per port run $ 56,250Setup of IDF’s and MDF’s $210,000Servers and Software $740,000Total Project Cost $1,382,615