* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Royal Palm
Survey
Document related concepts
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer security wikipedia , lookup
Registered jack wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
Wake-on-LAN wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Nonblocking minimal spanning switch wikipedia , lookup
Distributed firewall wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Threaded Case Study ROYAL PALM NETWORK PROJECT John Healy Tom Jamieson Contents Design WAN Logical and Physical Goals Design LAN Design MDF Equipment IDF Equipment Equipment Details Details Criteria IP Addressing Classroom Wiring Layout Scheme Security VLANS Conclusions Access Control Lists Design Goals • To implement an enterprise-wide network for the Washington schools district which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites. • All workstations will need Internet access. • Functionality is to continue for 7-10 yrs. Design Goals •Design considerations will include: • A minimum of 100x (times) growth in the LAN throughput. • 2x (times) growth in the WAN core throughput. •10x (times) growth in the District Internet Connection throughput. •Only two OSI layer 3&4 protocols will be allowed to be implemented in this network, they are TCP/IP and Novell IPX. Design Goals • Two LAN segments will be implemented in each school and the District Office. • Cat 5 cable will supply Ethernet speeds at 10base-T, 100base-TX and 100Base-FX. Each room will require support for up to 24 workstations. • The minimum requirement for initial implementation design will be 1.0 Mbps to any host computer in the network and 100 Mbps to any server host in the network. WAN Design WAN Design Logical LAN Design Physical LAN Design Fibre CAT 5 MDF IDF MDF Equipment Details PIX Firewall 2 x 24 Port Patchbays 3600 Router 2 x 3550-12G Switches File Server Administrative Server Mail Server Uninterruptible Power Supply Application Server IDF Equipment Details IDF 8 8 ROOMS IDF 6 32 PORTS 3 ROOMS 1 x 2924XL 12 PORTS IDF 5 1 x 2924XL 5 ROOMS SWITCH IDF 7 11 ROOMS 44 PORTS 2 x 2924XL SWITCH 1 x 2912XL SWITCH 20 PORTS 1 x 2924XL IDF 4 SWITCH 12 ROOMS 48 PORTS IDF 3 2 x 2924XL 6 ROOMS SWITCH 24 PORTS 1 x 2924XL IDF 2 SWITCH 8 ROOMS IDF 1 10 ROOMS 40 PORTS 2 x 2924XL SWITCH 32 PORTS 1 x 2924XL 1 x 2912XL SWITCH EACH IDF ALSO CONTAINS: 1 x 24 or 2x 24 port patchbays as per requirement. Equipment will be housed in a lockable cabinet with a fan tray installed for heat regulation purposes. Equipment Criteria PIX 515E Firewall • Security • Performance • Reliability • Virtual Private Networking • Network Address Translation • Low cost Equipment Criteria Cisco 3600 Router • Modular Design • Analogue and Digital Voice Services • Serial Networking Capability • Mixed WAN Services Equipment Criteria Cisco 3550 Switch (MDF) • Stackable Design • IP Routing • Advanced Quality of Service • Bandwidth Flexibility • Security Access Control Lists • VLAN Capability Equipment Criteria Cisco 2900XL Series Switch (IDF) • Modular Design • Integrates Seamlessly with Cisco 3550 Switch • Advanced Quality of Service • Bandwidth Flexibility • Polices traffic flows using access control parameters (ACPs) • VLAN Capability Equipment Criteria Cisco 112T FastHub • Compatible with 10Mbps and 100Mbps connections • Autosensing Feature • Internal Bridging • Full integration with 2900XL series switches Equipment Requirements PRODUCT AMOUNT PIX Firewall 1 Cisco 3600 Router 1 Cisco 3550 Switch 2 Cisco 2900XL Switch 10 x 2924XL Switches 2 x 2912XL Switches 112T FastHub 189 Wiring Scheme • Cabling will be run via the existing data cable ducts connecting buildings and within buildings where supplied. Wiring will also be installed in ceiling spaces and wall cavities. • All cabling to comply with local building codes. • Cabling from the MDF to all IDFs will be Multimode Fibre pairs • Cabling from IDFs to classroom hubs will be Cat5 Wiring Scheme MDF to IDF •Wiring type will be 1Gb Multimode Fibre pairs. Fibre was chosen for the following reasons: • Max speed • Distance required • Scalability • Resistance to EMF Wiring Scheme IDF to Classrooms • Wiring type will be CAT 5 cable. Max distance is 100m CAT 5 was chosen for: • Efficiency and reliability • Cost Typical Classroom Layout Wall Plate 3 x 12 Port Hubs IP Addressing IP Addressing Security Security Implementation: •A double firewall will be utilised •The network will be segmented into two LAN infrastructures. One designated ‘Curriculum’ (for student use), and the other ‘Administrative’ (for teacher and administration use). •Each LAN will have its own file server. •Access Control Lists will prohibit traffic from the Curriculum LAN entering the Administrative LAN •A strict password policy will be put in place and rigourously implemented VLANS Access Control Lists The purpose of Access Control Lists are: •To reinforce network security •To provide basic traffic filtering capabilities •Limit access to groups of computers or individual workstations. Access Control Lists ACLs provide security to the networks connected to the router by testing traffic against conditions contained in the ACL. •If the conditions are true: •The individual packets are sent to their destination from the router interface defined in the ACL configuration. •If conditions are not true •The packet is discarded. Access Control Lists •The students will be denied access to the Administration interface of the router with the ACL. •Students will only be allowed to access Curriculum, E-mail, and the Internet within the LAN and at the district office. •Students will be denied access to the Administration segment of the LAN and Wan networks. •Administration will have full access to all segments within the LAN and district office. Conclusions • Will be easy to implement and maintain • Places a strong emphasis on security • Builds in scalability •Protects from future obsolescence by utilising modular hardware •Exceed current requirements