310 likes | 602 Views
Cisco TCS. Royal Palm WAN & LAN Layout and Design. By Team MANNIMAL. Overview/Executive Summary. Our Wide Area Network will use the IGRP routing protocol. The WAN will pass only Novell IPX and TCP/IP traffic. Routers will be programmed to disallow other
E N D
Cisco TCS Royal Palm WAN & LAN Layout and Design By Team MANNIMAL
Overview/Executive Summary Our Wide Area Network will use the IGRP routing protocol. The WAN will pass only Novell IPX and TCP/IP traffic. Routers will be programmed to disallow other protocols. Every LAN will have access to the internet and a series of servers will be online to automate all of the district's administrative and curricular functions. Since our WAN will be functional for 7-10 years, LAN throughput is allowed to grow 100 times, WAN core throughput 10 times, and District Internet Connection throughput 10 times. Our WAN allows a minimum of 1 Mbps for each host computer and 100 Mbps to the server hosts. Our LAN is Royal Palm and we will be working it into Shaw Butte as much as possible. There will be data connectivity between all schools. The WAN will be based on a 2-layer hierarchical model. Regional hubs will be established for Shaw Butte, the District Office/Data Center, and Service Center to form a very fast WAN core network. High-end routers will be installed in each WAN core location. The District Office/Data Center will provide a Frame Relay link to the Internet, which will be used for the rest of the WAN. No other connections to the outside are permitted because of security risks. Fiberoptic T1 leased lines will connect the WAN core and the core to the Internet. The whole T1 line will be leased. The IP address for the network will be 140.200.0.0 and 7 bits will be borrowed for subnetting to produce 126 subnets. This leaves around 510 hosts per subnet and meets the 100 times growth requirements. The Subnet mask would be 255.255.254.0.
Configuring Frame Relay on a Router: Router# enable Router# (password) Router# config t Router(config)# int s0 Router(config-if)# encapsulation frame-relay cisco Router(config-if)# frame-relay lmi-type cisco Router(config-if)# bandwidth 10000 Router(config-if)# frame-relay local-dlci 100 Router(config-if)# keepalive 20 Configuring PPP over T1 lines: Router(config)# int s1 Router(config-if)# encapsulation ppp Router(config-if)# ppp authentication chap Router(config-if)# ppp chap hostname Manimal Router(config-if)# ppp chap password manna WAN Router Config Implementing IPX: Router(config)# ipx routing Router(config)# ipx maximum-paths 2 Router(config)# int Ethernet 0.1 Router(config-if)# encapsulation novell-ether Router(config-if)# ipx network 140.200.0.0 In Service Center: Router(config-router)# network 140.200.16.1 Router(config-router)# network 140.200.16.3 In District Center: Router(config-router)# network 140.200.1.1 Router(config-router)# network 140.200.1.3 In Shaw Butte: Router(config-router)# network 140.200.8.1 Router(config-router)# network 140.200.8.3 Implementing an ACL for Security: Router(config)# access-list 1 deny 140.200.1.2 To Enable IGRP in Royal Palm: Router(config)# router igrp 100 Router(config-router)# network 140.200.177.1
File Servers Location of Domain Name/Email Services- Domain Name Services (DNS) and email delivery will be implemented in a hierarchical fashion with all services located on the master server at the district office. Each District Hub location will contain a DNS server to support the individual school serviced out of that location. Each school site will also contain a host for DNS and email services (local post office) that will maintain a complete directory of all staff personnel and student population for that location. The school host will be the local post office box and will store all email messages. The update DNS process will flow from the individual school server to the hub server and to the district server.
File Servers cont. • Administrative Server Location, Purpose and Availability- Each school location • will contain an Administration server which will house the student tracking, • attendance, grading, and other administrative functions. • Application Server Location, Purpose and Availability- All computer applications • will be housed in a central server at each school location. This Server will be running • TCP/IP as its OSI layer 3&4 protocols and will be made available to anyone at the • school site. • Departmental or Workgroup Servers Placement- Any other servers at the school • sites will be considered departmental servers and will be placed according to user • group access needs. Library Server Location, Purpose and Availability- The Library server will contain • an online library for curricular research. The Server will be running TCP/IP as its OSI • layer 3&4 protocols and will be made available to anyone at the school site
WAN Addressing Scheme • Addressing Scheme • The IP addressing scheme for our WAN will utilize static addressing for the administrative • networks. However, for curriculum computers, we will use Dynamic Host Configuration Protocol (DHCP) • to dynamically assign addresses. This reduces the amount of work the network administrator must do • and it also allows addresses that are no longer used to be reused by other network devices. The District • Office will administer the IP addresses. The WAN will use Network Address Translation (NAT) and • Simple Network Management Protocol (SNMP). The District Office will have total management control • over the entire WAN and there will be a regional management host on each regional hub to support each area. • The District Office will have all of the super-user passwords for network devices for security reasons. • There are 7 Groups of IP addresses that will be used in our network: • WAN Core • Data Center Router to Site Routers • Service Center Router to Site Routers • Shaw Butte Router to Site Routers • Schools Connected to Service Center Hub • Schools Connected to Shaw Butte Hub • Schools Connected to District Center Hub
WAN Addressing Scheme WAN Core: (Subnet Mask is always 255.255.254.0) Location Connects to Assigned Port IP Assigned Port ID Wire Address DC S0 SC S0 140.200.1.1 140.200.1.2 140.200.1.0 DC S1 SC S1 140.200.2.1 140.200.2.2 140.200.2.0 DC S2 SC S2 140.200.3.1 140.200.3.2 140.200.3.0 DC S3 SC S3 140.200.4.1 140.200.4.2 140.200.4.0 DC S4 SB S0 140.200.8.1 140.200.8.2 140.200.8.0 DC S5 SB S1 140.200.9.1 140.200.9.2 140.200.9.0 DC S6 SB S2 140.200.10.1 140.200.10.2 140.200.10.0 DC S7 SB S3 140.200.11.1 140.200.11.2 140.200.11.0 SC S4 SB S4 140.200.16.1 140.200.16.2 140.200.16.0 SC S5 SB S5 140.200.17.1 140.200.17.2 140.200.17.0 SC S6 SB S6 140.200.18.1 140.200.18.2 140.200.18.0 SC S7 SB S7 140.200.19.1 140.200.19.2 140.200.19.0
WAN Addressing Scheme • Service Center Router to Site Routers: DC = Data Center • SC = Service Center • (Subnet Mask is always 255.255.254.0) SB = Shaw Butte • Location Connects to Assigned Port IP Assigned Port ID Wire Address • SC S8 SC2 S0 140.200.51.1 140.200.51.2 140.200.51.0 • SC S9 Abe Lincoln S0 140.200.40.1 140.200.40.2 140.200.40.0 • SC S10 Lookout Mtn. S0 140.200.41.1 140.200.41.2 140.200.41.0 • SC S11 Moon Mtn. S0 140.200.42.1 140.200.42.2 140.200.42.0 • SC S12 Blue Sky S0 140.200.43.1 140.200.43.2 140.200.43.0 • SC S13 Sahuaro S0 140.200.44.1 140.200.44.2 140.200.44.0 • SC S14 Sunburst S0 140.200.45.1 140.200.45.2 140.200.45.0 • SC S15 Sweetwater S0 140.200.46.1 140.200.46.2 140.200.46.0 • SC S16 Tumbleweed S0 140.200.47.1 140.200.47.2 140.200.47.0 • SC S17 Mtn. Sky S0 140.200.48.1 140.200.48.2 140.200.48.0 • SC S18 Acacia S0 140.200.49.1 140.200.49.2 140.200.49.0 • SC S19 Sunset S0 140.200.50.1 140.200.50.2 140.200.50.0 • SC BRI0 Community 140.200.52.1 140.200.52.2 140.200.52.0 • School BRI0
WAN Addressing Scheme Data Center Router to Site Routers: (Subnet Mask is always 255.255.254.0) Location Connects to Assigned Port IP Assigned Port ID Wire Address DC S8 DC S0 140.200.35.1 140.200.35.2 140.200.35.0 DC S9 Cholla S0 140.200.24.1 140.200.24.2 140.200.24.0 DC S10 Chaparall S0 140.200.25.1 140.200.25.2 140.200.25.0 DC S11 Desert Foot S0 140.200.26.1 140.200.26.2 140.200.26.0 DC S12 Ironwood S0 140.200.27.1 140.200.27.2 140.200.27.0 DC S13 John Jacobs S0 140.200.28.1 140.200.28.2 140.200.28.0 DC S14 Lake View S0 140.200.29.1 140.200.29.2 140.200.29.0 DC S15 Washington S0 140.200.30.1 140.200.30.2 140.200.30.0 DC S16 Road Run S0 140.200.31.1 140.200.31.2 140.200.31.0 DC S17 Mtn. View S0 140.200.32.1 140.200.32.2 140.200.32.0 DC S18 Sunny Slope S0 140.200.33.1 140.200.33.2 140.200.33.0 DC S19 Desert View S0 140.200.34.1 140.200.34.2 140.200.34.0 DC S20 Internet (ISP) ISP provided ISP provided ISP provided
WAN Addressing Scheme Shaw Butte Router to Site Routers: (Subnet Mask is always 255.255.254.0) Location Connects to Assigned Port IP Assigned Port ID Wire Address SB S8 SB2 S0 140.200.56.1 140.200.56.2 140.200.56.0 SB S9 Arroyo S0 140.200.57.1 140.200.57.2 140.200.57.0 SB S10 Palo Verde S0 140.200.58.1 140.200.58.2 140.200.58.0 SB S11 Orangewood S0 140.200.59.1 140.200.59.2 140.200.59.0 SB S12 Ocotillo S0 140.200.60.1 140.200.60.2 140.200.60.0 SB S13 Maryland S0 140.200.61.1 140.200.61.2 140.200.61.0 SB S14 Manzanita S0 140.200.62.1 140.200.62.2 140.200.62.0 SB S15 Cactus Wren S0 140.200.63.1 140.200.63.2 140.200.63.0 SB S16 AltaVista S0 140.200.64.1 140.200.64.2 140.200.64.0 SB S17 Royal Palm S0 140.200.65.1 140.200.65.2 140.200.65.0 SB S18 R.E. Miller S0 140.200.66.1 140.200.66.2 140.200.66.0
WAN Addressing Scheme Schools Connected to Service Center Hub: (Subnet Mask is always 255.255.254.0) Location Connects to Administration IP (E1) Curriculum IP (E0) SC S8 SC2 140.200.77.1-254 N/A SC S9 Sunset 140.200.81.1-254 140.200.78/80.1-254 SC S10 Acacia 140.200.85.1-254 140.200.82/84.1-254 SC S11 Mountain Sky 140.200.89.1-254 140.200.86/88.1-254 SC S12 Tumbleweed 140.200.93.1-254 140.200.90/92.1-254 SC S13 Sweetwater 140.200.97.1-254 140.200.94/96.1-254 SC S14 Sunburst 140.200.101.1-254 140.200.98/100.1-254 SC S15 Sahuaro 140.200.105.1-254 140.200.102/104.1-254 SC S16 Blue Sky 140.200.109.1-254 140.200.106/108.1-254 SC S17 Moon Mountain 140.200.113.1-254 140.200.110/112.1-254 SC S18 Lookout Mtn. 140.200.117.1-254 140.200.114/116.1-254 SC S19 Abraham Lincoln 140.200.121.1-254 140.200.118/120.1-254 SC BRI0 Comm. School 140.200.125.1-254 140.200.122.1-254
WAN Addressing Scheme Schools Connected to Shaw Butte Hub: (Subnet Mask is always 255.255.254.0) Location Connects to Administration IP (E1) Curriculum IP (E0) SC S8 SB2 140.200.137.1-254 140.200.134/136.1-254 SC S9 Arroyo 140.200.141.1-254 140.200.138/140.1-254 SC S10 Palo Verde 140.200.145.1-254 140.200.142/144.1-254 SC S11 Orangewood 140.200.149.1-254 140.200.146/148.1-254 SC S12 Ocotillo 140.200.153.1-254 140.200.150/152.1-254 SC S13 Maryland 140.200.157.1-254 140.200.154/156.1-254 SC S14 Manzanita 140.200.161.1-254 140.200.158/160.1-254 SC S15 Cactus Wren 140.200.165.1-254 140.200.162/164.1-254 SC S16 Alta Vista 140.200.169.1-254 140.200.166/168.1-254 SC S17 Royal Palm 140.200.177.1-254 140.200.170/176.1-254 SC S18 R. E. Miller 140.200.181.1-254 140.200.178/180.1-254
WAN Addressing Scheme Schools Connected to District Center Hub: (Subnet Mask is always 255.255.254.0) Location Connects to Administration IP (E1) Curriculum IP (E0) SC S8 DC2 140.200.191.1-254 N/A SC S9 Cholla 140.200.195.1-254 140.200.192/194.1-254 SC S10 Chaparral 140.200.199.1-254 140.200.196/198.1-254 SC S11 Desert Foothill 140.200.203.1-254 140.200.200/202.1-254 SC S12 Ironwood 140.200.207.1-254 140.200.204/206.1-254 SC S13 John Jacobs 140.200.211.1-254 140.200.208/210.1-254 SC S14 Lake View 140.200.215.1-254 140.200.212/214.1-254 SC S15 Washington 140.200.219.1-254 140.200.216/218.1-254 SC S16 Road Runner 140.200.223.1-254 140.200.220/222.1-254 SC S17 Mountain View 140.200.227.1-254 140.200.224/226.1-254 SC S18 Sunnyslope 140.200.231.1-254 140.200.228/230.1-254 SC S19 Desert View 140.200.235.1-254 140.200.232/234.1-254
Security Issues and Concerns Number of Logical Network Classifications-The network will be divided into three logical network classifications, Administrative, curriculum and external with secured interconnections between them. Services Exposed to the Internet-Internet Connectivity will utilize a double firewall implementation with all Internet-exposed applications residing on a public backbone network. For security reasons, the only services exposed to the internet will be DNS and email. WAN Security via Router- By utilizing Access Control Lists (ACLs) on the routers, all traffic from the curriculum LANs will be prohibited on the administration LAN. Exceptions to this ACL can be made on an individual basis. Applications such as email and directory services will be allowed to pass freely since they pose no risk. User ID and Password-A user ID and Password Policy will be published and strictly enforced on all computers in the district.
Summary LAN Network Specifications: • Materials used- • Cat 5 UTP horizontal cabling • Fiber backbone cabling • Type of Ethernet • 100 Base-TX from MDF to each IDF • 10 Base-T from IDF to hosts • One MDF located within the POP; Nine IDFs located throughout the campus • The use of the Dell “Wireless Classroom” has been proposed but has not been monetarily accounted for • IGRP and IP have both been implemented • Two V-LANs have been set up; one for Students another for Faculty/Administration • There are two ACLs and a Firewall to provide added network security
LAN Budget Royal Palm School Budget: • Number Item Name Each Total • 1 Cisco 2500 Router $2265.95 $2265.95 • 2 Cisco Catalyst 2912 Switch $5112.95 $10,225.90 • 9 Cisco Catalyst 2924 10/100 Switch $1090.00 $9810.00 • 1 Cisco PIX 515 Firewall $2267.95 $2267.95 • 173 TAA Compliant 12 Port 10/100 Hub $218.39 $38,873.42 • 16 Ellipse 800 USB Free Standing UPS 800VA $186.06 $2976.96 • 1 72x36x19 Startech Computer Rack $1402.95 $1402.95 • 9 72x30x19 Startech Computer Rack $893.95 $8045.55 • Total: $75,868.68
WAN Budget • Washington School DistrictWAN Budget: • Number Item Name Each Total • 1 Cisco 7507 Router $19,395.00 $19,395.00 • 2 Cisco 3600 Router $4,599.00 $9,198.00 • 36 Cisco 2500 Router $2265.95 $81,574.20 • 1 T1 Setup Charge $500.00 $500.00 • 1 T1 Leased Line Cost (annually) $9,120.00 $9,120.00 • Total: $119,787.20
LAN IP Addressing Scheme IP Addressing Scheme for the Royal Palm School • Network IP Address: 69.0.0.0 • Subnet Mask: 255.224.0.0 • 6 Subnets allowed: 2 used (69.32.0.0, 69.64.0.0) and 4 for future expansion (69.96.0.0, 69.128.0.0, 69.160.0.0, 69.192.0.0)
Network IP Address: 69.32.0.0 Reserved Server IP Addresses: 69.32.1.1/23 Reserved Switch IP Addresses: 69.32.1.24/47 Reserved Router IP Addresses: 69.32.1.48/71 Reserved for Network Admin.: 69.32.1.72/254 Building 1: 69.32.2.1 to 69.32.4.254 Building 2: 69.32.5.1 to 69.32.7.254 Building 3: 69.32.8.1 to 69.32.10.254 Building 4: 69.32.11.1 to 69.32.13.254 Building 5: 69.32.14.1 to 69.32.16.254 Cafeteria: 69.32.17.1 to 69.32.19.254 Science Building: 69.32.20.1 to 69.32.22.254 Computer Building: 69.32.23.1 to 69.32.25.254 LAN Subnet 1: Administration
Network IP Address: 69.64.0.0 Reserved Server IP Addresses: 69.64.1.1/23 Reserved Switch IP Addresses: 69.64.1.24/47 Reserved Router IP Addresses: 69.64.1.48/71 Reserved for Network Admin.: 69.64.1.72/254 Building 1: 69.64.2.1 to 69.32.4.254 Building 2: 69.64.5.1 to 69.32.7.254 Building 3: 69.64.8.1 to 69.32.10.254 Building 4: 69.64.11.1 to 69.32.13.254 Building 5: 69.64.14.1 to 69.32.16.254 Cafeteria: 69.64.17.1 to 69.32.19.254 Science Building: 69.64.20.1 to 69.32.22.254 Computer Building: 69.64.23.1 to 69.32.25.254 LAN Subnet 2: Students This leaves more than ample room for growth for each building and reserved address.
LAN ACL Implementation • Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=25 • Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=53 • Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=80 • Router(config)# access-list 169 deny ip 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 • Router(config)# access-list 169 permit any any • Router(config)# int e1 • Router(config-if)# ip access-group 169 in • Router(config-if)# exit • This ACL allows the students only DNS, e-mail, and HTTP access and increases the network’s security.
Routed Protocol: IP Routing Protocol: IGRP Internal network address: 69.0.0.0 External network address: 201.192.105.0 Autonomous system number: 69 IGRP: (in config t mode at router) Router(config)# hostname Mannimal Mannimal(config)# router igrp 69 Mannimal(config)# network 201.192.105.0 Mannimal(config)# network 69.0.0.0 This sets up IGRP as the router’s routing protocol and names the router Mannimal. IP: Mannimal(config)# int s0 Mannimal(config-if)# ip address 201.192.105.1 255.255.255.0 Mannimal(config-if)# clockrate 56000 Mannimal(config-if)# exit Mannimal(config)# int e0 Mannimal(config-if)# ip address 69.32.1.48 255.224.0.0 Mannimal(config-if)# exit Mannimal(config)# int e1 Mannimal(config-if)# ip address 69.64.1.48 255.224.0.0 Mannimal(config-if)# exit This sets up IP addressing for the router and router interfaces. LAN Router Config
Internet Connectivity Internet Connectivity: All of the Internet connectivity supplied will be through the District Office and will be highly controlled and bandwidth will be upgraded as usage dictates. Our connection will have two firewalls to protect theinner public network. ACLs will keep curriculum from administration and will help with the firewalls. Inside the network, DNS, Email, and other servers will be allowed to transmit freely. Each school will havea partition of the public network to put on the World Wide Web as well.
User Policies • User ID and Password-A user ID and Password Policy will be • published and strictly enforced on all computers in the district. • LAN security via Router:All LANs will have an Access Control List • (ACL), this creates a firewall from the teacher LAN to the • student LAN. The teachers can see onto the students curriculum • but the students do not have access to the teacher's.
Recommendation/Final Assessment The preceding proposal provides internetwork connectivity throughout the Royal Palm Middle School, as well as access to the Internet for all classrooms and hosts. While ensuring reliability and manageability, our network is both scalable and adaptable. The network also provides security preventing unauthorized access throughout the entire network. Finally, the network we designed is cost effective and provides for further growth and development.
Credits • Special Thanks go out to Tony because without him this project could not have been possible • Thanks to Big Manna Dawg • Theman is STILL Cisco god • Jarret, Get Your Own Sock • Alex still rules the 100’s club