Download Royal Palm

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
Document related concepts

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

Computer security wikipedia , lookup

Registered jack wikipedia , lookup

Network tap wikipedia , lookup

Wireless security wikipedia , lookup

Wake-on-LAN wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Nonblocking minimal spanning switch wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Virtual LAN wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Transcript 
Threaded Case Study
ROYAL PALM
NETWORK PROJECT
John Healy Tom Jamieson
Contents
Design
WAN
Logical and Physical
Goals
Design
LAN Design
MDF Equipment IDF Equipment Equipment
Details
Details
Criteria
IP Addressing
Classroom
Wiring
Layout
Scheme
Security
VLANS
Conclusions
Access Control
Lists
Design Goals
• To implement an enterprise-wide network for the
Washington schools district which will include Local
Area Networks (LANs) at each site and a Wide Area
Network (WAN) to provide data connectivity
between all school sites.
• All workstations will need Internet access.
• Functionality is to continue for 7-10 yrs.
Design Goals
•Design considerations will include:
• A minimum of 100x (times) growth in the LAN
throughput.
• 2x (times) growth in the WAN core throughput.
•10x (times) growth in the District Internet Connection
throughput.
•Only two OSI layer 3&4 protocols will be
allowed to be implemented in this network, they
are TCP/IP and Novell IPX.
Design Goals
• Two LAN segments will be implemented in each
school and the District Office.
• Cat 5 cable will supply Ethernet speeds at
10base-T, 100base-TX and 100Base-FX. Each
room will require support for up to 24 workstations.
• The minimum requirement for initial
implementation design will be 1.0 Mbps to any host
computer in the network and 100 Mbps to any
server host in the network.
WAN Design
WAN Design
Logical LAN Design
Physical LAN Design
Fibre
CAT 5
MDF
IDF
MDF Equipment Details
PIX Firewall
2 x 24 Port
Patchbays
3600 Router
2 x 3550-12G
Switches
File Server
Administrative
Server
Mail Server
Uninterruptible
Power Supply
Application
Server
IDF Equipment Details
IDF 8
8 ROOMS
IDF 6
32 PORTS
3 ROOMS
1 x 2924XL
12 PORTS
IDF 5
1 x 2924XL
5 ROOMS
SWITCH
IDF 7
11 ROOMS
44 PORTS
2 x 2924XL
SWITCH
1 x 2912XL
SWITCH
20 PORTS
1 x 2924XL
IDF 4
SWITCH
12 ROOMS
48 PORTS
IDF 3
2 x 2924XL
6 ROOMS
SWITCH
24 PORTS
1 x 2924XL
IDF 2
SWITCH
8 ROOMS
IDF 1
10 ROOMS
40 PORTS
2 x 2924XL
SWITCH
32 PORTS
1 x 2924XL
1 x 2912XL
SWITCH
EACH IDF ALSO CONTAINS:
1 x 24 or 2x 24 port patchbays as per requirement.
Equipment will be housed in a lockable cabinet with a
fan tray installed for heat regulation purposes.
Equipment Criteria
PIX 515E Firewall
• Security
• Performance
• Reliability
• Virtual Private Networking
• Network Address Translation
• Low cost
Equipment Criteria
Cisco 3600 Router
• Modular Design
• Analogue and Digital Voice Services
• Serial Networking Capability
• Mixed WAN Services
Equipment Criteria
Cisco 3550 Switch (MDF)
• Stackable Design
• IP Routing
• Advanced Quality of Service
• Bandwidth Flexibility
• Security Access Control Lists
• VLAN Capability
Equipment Criteria
Cisco 2900XL Series Switch (IDF)
• Modular Design
• Integrates Seamlessly with Cisco 3550 Switch
• Advanced Quality of Service
• Bandwidth Flexibility
• Polices traffic flows using access
control parameters (ACPs)
• VLAN Capability
Equipment Criteria
Cisco 112T FastHub
• Compatible with 10Mbps and 100Mbps connections
• Autosensing Feature
• Internal Bridging
• Full integration with 2900XL series switches
Equipment Requirements
PRODUCT
AMOUNT
PIX Firewall
1
Cisco 3600 Router
1
Cisco 3550 Switch
2
Cisco 2900XL
Switch
10 x 2924XL
Switches
2 x 2912XL Switches
112T FastHub
189
Wiring Scheme
• Cabling will be run via the existing data cable
ducts connecting buildings and within buildings
where supplied. Wiring will also be installed in
ceiling spaces and wall cavities.
• All cabling to comply with local building codes.
• Cabling from the MDF to all IDFs will be
Multimode Fibre pairs
• Cabling from IDFs to classroom hubs will be
Cat5
Wiring Scheme
MDF to IDF
•Wiring type will be 1Gb Multimode Fibre pairs.
Fibre was chosen for the following reasons:
• Max speed
• Distance required
• Scalability
• Resistance to EMF
Wiring Scheme
IDF to Classrooms
• Wiring type will be CAT 5 cable. Max distance is
100m
CAT 5 was chosen for:
• Efficiency and reliability
• Cost
Typical Classroom Layout
Wall Plate
3 x 12 Port Hubs
IP Addressing
IP Addressing
Security
Security Implementation:
•A double firewall will be utilised
•The network will be segmented into two LAN
infrastructures. One designated ‘Curriculum’ (for
student use), and the other ‘Administrative’ (for
teacher and administration use).
•Each LAN will have its own file server.
•Access Control Lists will prohibit traffic from the
Curriculum LAN entering the Administrative LAN
•A strict password policy will be put in place and
rigourously implemented
VLANS
Access Control Lists
The purpose of Access Control Lists are:
•To reinforce network security
•To provide basic traffic filtering capabilities
•Limit access to groups of computers or individual
workstations.
Access Control Lists
ACLs provide security to the networks
connected to the router by testing traffic
against conditions contained in the ACL.
•If the conditions are true:
•The individual packets are sent to their
destination from the router interface defined in
the ACL configuration.
•If conditions are not true
•The packet is discarded.
Access Control Lists
•The students will be denied access to the
Administration interface of the router with the ACL.
•Students will only be allowed to access Curriculum,
E-mail, and the Internet within the LAN and at the
district office.
•Students will be denied access to the Administration
segment of the LAN and Wan networks.
•Administration will have full access to all segments
within the LAN and district office.
Conclusions
• Will be easy to implement and maintain
• Places a strong emphasis on security
• Builds in scalability
•Protects from future obsolescence by utilising
modular hardware
•Exceed current requirements
Related documents
Networks
Networks
File
File
Introduction-to
Introduction-to
Normal Distribution Probability Calculations
Normal Distribution Probability Calculations
Developing an Adaptive Measure to Climate Change for PEI
Developing an Adaptive Measure to Climate Change for PEI
5780 Part-1 Spring 2001 - University of North Texas
5780 Part-1 Spring 2001 - University of North Texas
Semester 3 Chapter 4 - Institute of Technology Sligo
Semester 3 Chapter 4 - Institute of Technology Sligo
Chapter 4 - LAN Design
Chapter 4 - LAN Design
5780 Part-1 Spring 2001
5780 Part-1 Spring 2001
Enterprise Servers
Enterprise Servers
Content-based recommendation systems
Content-based recommendation systems
Local Area Networks
Local Area Networks
IDF Awarded NIH Grant for USIDNET
IDF Awarded NIH Grant for USIDNET
Understanding Inverse Document Frequency: On theoretical
Understanding Inverse Document Frequency: On theoretical