200 likes | 303 Views
Washington School District Project. Present State of Network. General Requirements: • Functional =7-10 Years • 100X Growth in LAN • 2X Growth in WAN • 10X Growth in Internet Connectivity. Initial Assumptions: • 1 Mbps Hosts • 100 Mbps Servers. Protocols Allowed = TCP/IP and IPX.
E N D
Present State of Network General Requirements: • Functional =7-10 Years • 100X Growth in LAN • 2X Growth in WAN • 10X Growth in Internet Connectivity Initial Assumptions: • 1 Mbps Hosts • 100 Mbps Servers Protocols Allowed = TCP/IP and IPX
Present State of Network Number of Users: Region Hub 1: One District Office/Data Center [75(A)+11[250(C) + 75(A)]=3650 connections Region Hub 2: One Service Center [75(A)+11[250(C) + 75(A)]=3650 connections Region Hub 3: Shaw Butte [11[250(C) + 75(A)]=3575 connections Total = 10875 connections Each Class Room is 24 Student + 1 Teacher = 25 connections Per Class rooms With 250/25=10 Class rooms Need Wiring
Wan Connections To Meet Requirements: • 2X WAN Core DS3 • 10X Internet DS3 • Frame Relay with Backup PVC’s
Local Area Network & Wiring Scheme R. E. Miller
Local Area Network & Wiring Scheme • Gigabit Switches Available for backbone From Switch to Switch • MDF 5500 Chassis Router • Extra - We have decided to put in a WIC Card for integrating the PBX to create a uniform dial Plan ability ( 4 Digit Dialing) • (100X) Growth in LAN Criteria has been met
District Supplied Servers and Functions 6 Services Per School & District Offices • DNS • DHCP • SNMP • Administrative • Library • Application At District only • TFTP server • Larger Scale servers Each Server will have its own backup service Enterprise Class Servers • DNS, DHCP, E-Mail • Application • Library Server Workgroup Class Servers • SNMP, HP-Open view • Administration • TFTP
Security USER ID and PASSWORD POLICY 1. USER ID · First six digits of last name, First initial of first name, number · (SmithJ1, SmithJ2, JohnsoM1) 2. PASSWORD · Maximum Password Age – 30 days · Minimum Password Age – 30 days · Minimum Password Length – 8 characters · Password Uniqueness – 12 ·Account Lockout
IGRP • stable routing in very large or complex networks. (No routing loops) • fast response to changes in network topology • low overhead • splitting traffic among several parallel routes taking into account error rates and level of traffic on different paths
Addressing and Management Using Class B Addressing 3 Subnets • Router gateway • Administrative • Curriculum 2 Subnets Unused Static addressing for Administrative Subnet Curriculum addressing will be provided by VLAN and DHCP Borrowing 8-bits will allow for up to 254 usable with subnet masks of 255.255.255.0
Addressing and Management School Gateway Host Range Broadcast Subnet Mask VLAN Desert view 160.10.0.1 160.10.0.2-160.10.0.254 160.10.0.255 255.255.255.0 160.10.1.1 160.10.1.2-160.10.1.254 160.10.1.255 255.255.255.0 Admin 160.10.2.1 160.10.2.2-160.10.2.254 160.10.2.255 255.255.255.0 Student Acacia 160.10.5.1 160.10.5.2-160.10.5.254 160.10.5.255 255.255.255.0 160.10.6.1 160.10.6.2-160.10.6.254 160.10.6.255 255.255.255.0 Admin 160.10.7.1 160.10.7.2-160.10.7.254 160.10.7.255 255.255.255.0 Student REMiller 160.10.10.1 160.10.10.2-160.10.10.254 160.10.10.255 255.255.255.0 160.10.11.1 160.10.11.2-160.10.11.254 160.10.11.255 255.255.255.0 Admin 160.10.12.1 160.10.12.2-160.10.12.254 160.10.12.255 255.255.255.0 Student
Security ACL Data Center ACL's: Data Center2 (config)#access-list 101 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 established Data Center2 (config) # interface SO Data Center2 (config-if)# ip access-group 101 out R.E.Miller ACL's:R.E.Miller(config)#access-list 103 permit tcp any 160.10.2.2 0.0.0.0 eq 25 R.E.Miller(config)#access-list 103 permit tcp any 160.10.2.2 0.0.0.0 eq 53 R.E.Miller(config)#access-list 103 deny ip 160.10.1.0 0.0.0.255 160.10.2.0 0.0.0.255 R.E.Miller(config)#access-list 103 permit ip any any R.E.Miller(config)# interface E1 R.E.Miller(config-if)# ip access-group 103 out R.E.Miller(config)#access-list 105 deny tcp 160.10.1.0 0.0.0.255 any eq 21 R.E.Miller(config)#access-list 105 deny tcp 160.10.1.0 0.0.0.255 any eq 23 R.E.Miller(config)#access-list 105 permit ip any any R.E.Miller(config)# interface E0 R.E.Miller(config-if)# ip access-group 105 in
Firewall Block intrusion with firewall and intrusion detection software Also utilizing ACL list
IDF Switches Catalyst 3548 XL Enterprise Edition WSC3548-XL-EN $4,995 Gigabit uplinks Multimode fiber Stackable VLAN Support
MDF Routers and Switches 1 WAN Connection 108 Fast Ethernet Connections 9 Multimode Fiber connections Total List cost $85,465
District MDF Routers and Switches 3 Wan Connections 108 Fast Ethernet Connections Total List Cost $72,460
Firewall Router Cisco 7120 Cisco PIX Firewall Software with Intrusion Detection Total List Cost $41,000
Total Cost • 30 IDF Switches $149,850 • MDF Switches $256,395 • 3 District MDF Switches $217,380 • Firewall Router $ 41,000 • Total List Cost $627,725 • * Discount of 40% *.6 • Total Parts Cost $376,635 • Labor is $50 per port run $ 56,250 • Setup of IDF’s and MDF’s $210,000 • Servers and Software $740,000 • Total Project Cost $1,382,615