Stampa questa pagina

CISCO CCNA

 Un caso da studiare .. : Implementazioni Wan/Lan

CISCO CCNA Threaded Case Study
MILAZZO “SNIFFER” TEAM  - (Antonio & Giuseppe Scarcella and Ugo Lopresti) - 2003

SUNNYSLOPE TCS

General Requirements

The school district is in the process of implementing an enterprise-wide network which include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites.

Access to the Internet from any site in the school district is also an integral part of this implementation. Once the network is in place, the school district will implement a series of servers to facilitate online automation of all of the district's administrative and many of the curricular functions.

Since this network implementation will have to continue to be functional for a minimum of 7-10 years, all design considerations include a minimum of 100x (times) growth in the LAN throughput, 2x (times) growth in the WAN core throughput, and 10x (times) growth in the District Internet Connection throughput. Any host computer in the network has at least 1.0 Mbps of bandwidth and all servers have at least 100 Mbps of bandwidth. Only two OSI layer 3&4 protocols is allowed to be implemented in this network, they are TCP/IP and Novell IPX.

TABLE OF CONTENTS

Wide Area Network

Local Area Network & Wiring Scheme

Logical Lan Design Model

Phisical Design Model

MDF/IDF Details

VCC, HCC, Lan Switch Ports

Cable Run Specification

Equipment Prices

District Supplied Servers and Functions

Address and Network Management

School IP Scheme

IGRP Details

IPX Details

Security

Access List Details

Internet Connectivity

User Counts

 SECTION 1 - WIDE AREA NETWORK

The Washington School District Wide Area Network (WAN) connect Sunnyslope School and administrative offices with the district office for the purpose of delivering data. The WAN is based on a two-layer hierarchical model. Three regional Hubs is established at the District Office/Data Center, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. School locations is connected into the WAN core Hub locations based on proximity to the Hub.

TCP/IP and Novel IPX are the only networking acceptable protocols to traverse the district WAN. All other protocols are filtered at the individual school sites using access routers. High-end, powerful routers are installed at each WAN core location. Access to the Internet or any other outside network connections is provided through the District Office/Data Center through a Frame Relay WAN link. For security purposes, no other connections are  permitted.

SECTION 2 - LOCAL AREA NETWORK & WIRING SCHEME

Two Local Area Network (LAN) segments are implemented in Sunnyslope school. The transport speeds is Ethernet 100BASE-TX, 1000BASE-T and 1000BASE-FX. Horizontal cabling is Category 5E Unshielded Twisted Pair (CAT5E UTP) and have the capacity (be tested) to accommodate 100 and 1000 Mbps. Vertical (Backbone) cabling is fiber optic multi-mode cable. The cabling infrastructure shall comply with TIA/EIA-568-A and TIA/EIA-569 standards.

One LAN is designated for student / curriculum usage and the other is designated for administration usage (see: SECURITY SECTION). The LAN infrastructure is based on Ethernet LAN switching. This is allow for a migration to faster speeds (more bandwidth) to the individual computers and between MDFs and IDFs without revamping the physical wiring scheme to accommodate future applications.

A Main Distribution Facility (MDF) room is established as the central point to which all LAN cabling is terminated and is also the point of presence (POP) for the Wide Area Network connection. All major electronic components for the network, such as the routers and LAN switches, is housed in this location. There are four Intermediate Distribution Facility (IDF) room established, because horizontal cabling lengths exceed TIA/EIA-568-A recommended distances. The IDF is connected directly to the MDF in a STAR or EXTENDED STAR topology.

Each room connection to network is able to support 24 workstations and be supplied with five CAT 5E UTP runs for data, with one run terminated at the teacher's workstation and one spared. These cable runs are terminated in the closest IDF or MDF. All CAT 5E UTP cable run is tested end-to-end for 100 Mbps (1000Mbps for server) bandwidth capacity. A single location in each room is designated as the wiring point of presence (POP) for that room. It is consist of a lockable cabinet containing all cable terminations and electronic components; i.e. data switches. From this location data services is distributed within the room via decorative wire molding. Network 1 is allocated for general curriculum usage and network 2 is allocated for administrative usage.

Logical Lan Design Model

Phisical Design Model

MDF/IDF Details

VCC/HCC, Lan Switch Ports

Cable Run Specification

Equipment Prices

SECTION 3 - SERVERS AND FUNCTIONS

There are five Enterprise Servers, and then placed on the network topology according to function and anticipated traffic patterns of users.

Sunnyslope school has a server for DNS and E-Mail services.

An administrative server placed on the administrative network to help automate administrative services which house the student tracking, attendance, grading and other administration functions. This server is only available to teachers and staff.

The school is implementing an automated library information and retrieval system which will house an online library for curricular research purposes. This library server is available to anyone at the school site

An application server will house all computer applications making it easier to update applications without changing. All computer applications are housed in a central server at each school location. As applications such as Word processing, Excel, PowerPoint , etc are requested by users these applications will be retrieved from the application server. This provide district support staff with a easy and efficient method for upgrading applications without having to reload new software on each computer in the district network. This server is available to anyone at the school site.

One (or more departmental/workgroup) other server is placed according to user group access needs.

 SECTION 4 - ADDRESSING AND NETWORK MANAGEMENT

A complete TCP/IP addressing and naming convention scheme for all hosts, servers, and network interconnection devices is developed and administered by the District Office. The implementation of unauthorized addresses is prohibited. The District Addressing Scheme is implemented in a Class B Addresses with appropriate subnetting, and Private Network Numbers.

All computers located on the administrative networks have static addresses, curriculum computers obtain addresses by utilizing Dynamic Host Configuration Protocol (DHCP). Each site have a server running DHCP and use only addresses consistent with the overall District Addressing Scheme. A master network management host is established at the District Office and have total management rights over all devices in the network. This host also serve as the router configuration host and maintain the current configurations of all routers in the network. Each region location (Hub) house a regional network management host to support its area. The management scheme for the data portion of the network is based on the Simple Network Management Protocol (SNMP) standards. The router is pointed to the master Network Management host for the purpose of downloading new or existing configurations. The District Office maintain the super user passwords for all network devices and configuration changes on these devices are authorized from the District Office: i.e., Routers and LAN Switches.

School IP Scheme

Assigned Address from 172.16.124.0 to 172.16.129.255

Subnet Mask 255.255.0.0

Student IP Addresses DHCP assigned from 172.16.125.11 to 172.16.129.254

IP Addresses for Router and Switches from 172.16.124.1 to 172.16.124.10

IP Addresses for Servers from 172.16.124.249 to 172.16.124.254

IGRP Details

IPX Details

SECTION 5 - SECURITY

Access to the Internet is provided at the District Office. A firewall is installed there to provide security for the WAN. Sunnyslope school have a router using access control lists to provide for more security.

This model is dictate that two physical LAN infrastructures is installed at all schools and the District Office, with one designated administrative and the other curriculum. Every computer and file server is categorized according to its function and placed on the appropriate LAN segment. By utilizing Access Control Lists (ACLs) on the router, all traffic from the curriculum LANs will is prohibited on the administration LAN. Exceptions to this ACL can be made on an individual basis. Applications such as E-Mail and Directory services is allowed to pass freely since they pose no risk. A user ID and Password Policy is published and strictly enforced on all computers in the school. All computers in the school network have full access to the Internet. All ACLs are controlled at the district office and exceptions to the ACLs are reviewed prior to implementation.

ACLs Details

SECTION 6 - INTERNET CONNECTIVITY

All Internet connectivity is supplied through the District Office with the District Office being the single point of contact for all schools and organizations within the district. This connection is highly controlled and capacity (bandwidth) upgraded as usage dictates. The Internet connection utilize double firewall implementation with a public network (Ethernet backbone) established for services that are exposed to the Internet such as master E-mail, Domain Name Services (DNS) and a World Wide Web server. All connectivity that is initiated from the Internet to the internal District network is protected via Access Control Lists (ACLs) on the routers that make up the double firewall architecture. Any connectivity initiated from the District to the Internet is  permitted to communicate freely. E-mail and DNS services communicate freely in both directions since these applications poses no security threat. A Web server is located on the public backbone and partitioned to allow any school to install a Web home page on the Internet. Individual Web servers that need total exposure to the Internet is not permitted on the internal District network. If schools require an independent web server host, this host will is placed on the public network backbone.