1 / 32

Acacia

Acacia. Threaded Case Study Aoife McIntyre Cordelia Carty Mary Kearns. Overview. The school district is in the process of implementing Local Area Networks (LANs) and a Wide Area Network (WAN) to provide data connectivity between all school sites.

ugo
Télécharger la présentation

Acacia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Acacia Threaded Case Study Aoife McIntyre Cordelia Carty Mary Kearns

  2. Overview • The school district is in the process of implementing Local Area Networks (LANs) and a Wide Area Network (WAN) to provide data connectivity between all school sites. • Access to the internet from any site in the school district. • Implement a series of servers to facilitate online automation of all the districts administrative and curricular functions.

  3. Overview (cont) • Network must be functional for a minimum of 7-10 years. • Provide for 100% growth in LAN. • TCP/IP and Novell IPX are the only OSI layer 3 and 4 protocols allowed. In our case we will use TCP/IP.

  4. User Requirements • Two Local Area Network (LAN) segments will be implemented. One VLAN will be designed for student curriculum usage and the other for administration. • The LAN infrastructure will be based on Ethernet LAN switching. The transport speeds will be Ethernet 10BASE-T, 100BASE- TX, and 100BASE-FX.

  5. Cabling • Horizontal cabling will be Cat5 Unshielded Twisted Pair (CAT5 UTP). It will be able to accommodate speeds of 100Mps. This has a maximum distance of 90m. • The vertical backbone will be fiber optic 1000 Base-FX, which will run between the MDF and the IDF.

  6. Wide Area Network (WAN) • The WAN will connect all of the schools to the three regional hubs and interconnect the regional hubs in a extended star topology. It will also connect the Data Center regional hub to the internet through a proxy server.

  7. Logical Addressing Scheme • One class C address allocated to the school • Students – 192.168.1.1 to 192.168.1.254 • Admin – 192.168.2.1 to 192.168.2.254 • Servers – 192.168.3.1 to 192.168.3.254 • The class C address has been sub-netted to allow for more hosts on the same network

  8. Logical Design

  9. Wiring Layout

  10. Zone Layout

  11. Classrooms • Each of the classroom must be able to support 24 workstations and be supplied with 4 data termination points. A single location in each room will be designated as the wiring point of presence (POP) for that room. It will consist of a lockable cabinet containing all cable terminations and electronic components; switches etc. • It requires that the network in Acacia must be able to support 325 computers, 250 computers for students and 75 computers for administration usage.

  12. Classroom Layout

  13. Main Distribution Frame (MDF) An MDF is a free-standing or wall-mounted rack for managing and interconnecting the telecommunications cable between the main distribution frame and the intermediate distribution frame (IDF). The MDF is also the connection point for your LAN to the district WAN.

  14. MDF

  15. MDF Equipment • Cisco 2611 Router with serial, Ethernet and dial-in facilities • 2 - Catalyst 3542 XL Ethernet Switches • Catalyst 3548 XL Enterprise Edition • 4  -24-port patch panels • 1 - 16-port patch panel • Fiber patch panel • Administrative server • Application server • DNS/E-mail server • Library server • Workgroup server • UPS • Monitor • Monitor shelf with keyboard tray • Ventilation Panel

  16. Intermediate Distribution Frame (IDF) An IDF is a free-standing or wall-mounted rack for managing and interconnecting the telecommunications cable between end user devices and a MDF. For example, there would be an IDF in each building or every 90 meters.

  17. IDF

  18. IDF Equipment • 3 - Catalyst 3542 Ethernet Switches • 4 - 24-port patch panels • Fibre patch panel • UPS • Ventilation Panel • Monitor • Monitor shelf with keyboard tray

  19. Servers • DNS/E-MAIL SERVER : The school host will be the local post office box and will store all e-mail messages. The update DNS process will flow from the individual school server to the Hub server and to the district server. All regional servers will be able to communicate between themselves, building reducdancy in the system. • ADMINISTRATIVE SERVER : This will contain the student tracking, attendance, grading and other administration functions. This server will only be available to teachers and staff.

  20. Servers (cont) • LIBRARY SERVER : Acacia is implementing an automated library information and retrieval system, which will contain an online library for curricular research purposes. This server will be made available to anyone at the school site. • APPLICATION SERVER : All computer applications will be housed in a central server at each school location. As applications such as Word processing, Excel, PowerPoint etc are requested by users these applications will be retrieved from the application server. This server will be made available to anyone at the school site.

  21. Servers (cont) • OTHER SERVERS: Any other servers implemented at the school sites will be departmental servers and will be placed according to user group access needs.

  22. VLAN’s A VLAN is a logical grouping of devices or users that can be grouped by function, department, or application, regardless of their physical segment location. VLAN configuration is done at the switch via software . Two VLANs will be used on the LAN: • VLAN 1 will be used for the administration segment. • VLAN 2 will be used for curriculum. • All changes and moves will be controlled and managed accordingly.

  23. VLAN’s Vlans are implemented for the following reasons: • Reduces administration costs related to moves, additions and changes • Provides better control broadcasts • Tightens network security • Distributes traffic load • Relocates servers into secured locations • Saves money by using existing hubs

  24. Access Control Lists (ACL’s) • ACL’s permit or deny certain users (or an entire network segment) access to network resources. These are set up by the network administrator and add security to the network, as well as limit network traffic and increase network performance. ACLs are either standard numbers 1-99) or extended (numbers 100-199)

  25. ACL’s • Students have access to: • Application server • Internet • Library server • Students are denied access to: • Any activity on the DNS server • Administrative server • Teachers have access to: • Internet • DNS server for e-mail • Administrative server at Acacia • Application server at Acacia • Library server at Acacia

  26. Example ACL • Enter global configuration mode • Config t • Permits all users access to email/DNS server • Acacia(config)# access-list 101 permit tcp 192.168.1.0 0.0.0.255 192.168.3.1 0.0.0.0 • Permits all users access to the library server • Acacia(config)# access-list 101 permit tcp 192.168.1.0 0.0.0.255 192.168.3.2 0.0.0.0 • Blocks all student/curriculum traffic from access the admin network • Acacia(config)# access-list 101 deny 192.168.1.0 0.0.0.255 192.168.2.0 0.0.255.255 • Permits all other traffic • Acacia(config)# access-list 101 permit any any

  27. IGRP • IGRP is a distance vector Interior Gateway Protocol. Distance vector routing protocols mathematically compare routes using some measurement of distance. This measurement is known as the distance vector. • Routers using a distance vector protocol must send all or a portion of their routing table in a routing-update message at regular intervals to each of their neighboring routers. • As routing information is reproduced through the network, routers can identify new destinations as they are added to the network, learn of failures in the network, and, most importantly, calculate distances to all known destinations.

  28. IGRP Implementation • Acacia# config tAcacia(config)# router igrp 100 • Acacia(config-router)# network 192.168.1.0Acacia(config-router)# network 192.168.2.0Acacia(config-router)# network 192.168.3.0 • Acacia(config-router)#exit

  29. Firewalls • A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. • Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. • All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

  30. Security • Double firewall implementation • ACL’s act as second layer of firewall • Network will be divided into 3 logical network classifications: staff/administrative, curriculum and servers • Two separate VLANs: Curriculum and Staff/Administration • Utilization of access control lists • User ID and Password Policy published and strictly enforced on all computers in the District • All traffic from Curriculum LAN prohibited on Administrative LAN.

  31. Pros • The network speed can be upgraded without much change in the physical cabling • With 4 CAT5 cables in every data termination point in the rooms, extra computers or other devices can be used in the classrooms as needed • ACLs provide very strong security : students in the curriculum network cannot get into administrator network • Use of VLAN’s provide internal security • Troubleshooting made simpler using switches

  32. Cons • There is no redundancy of router link at POP. If the WAN link fails there will be no access to other resources in the district or access to the Internet • The use of switches increase the network latency as well as initial cost of the network • Expensive to implement • Password security is based on user cooperation • Non – Centralized – With IDFs in each building, it is difficult to locate problems

More Related