Transcript Cisco tcs2 - Liberty High School

Cisco TCS
Royal Palm WAN & LAN
Layout and Design
By Team
MANNIMAL
Overview/Executive Summary
Our Wide Area Network will use the IGRP routing protocol. The WAN will
pass only Novell IPX and TCP/IP traffic. Routers will be programmed to disallow other
protocols. Every LAN will have access to the internet and a series of servers will be online
to automate all of the district's administrative and curricular functions. Since our WAN will
be functional for 7-10 years, LAN throughput is allowed to grow 100 times, WAN core
throughput 10 times, and District Internet Connection throughput 10 times. Our WAN allows
a minimum of 1 Mbps for each host computer and 100 Mbps to the server hosts. Our LAN
is Royal Palm and we will be working it into Shaw Butte as much as possible. There will be
data connectivity between all schools. The WAN will be based on a 2-layer hierarchical model.
Regional hubs will be established for Shaw Butte, the District Office/Data Center, and Service
Center to form a very fast WAN core network. High-end routers will be installed in each WAN
core location. The District Office/Data Center will provide a Frame Relay link to the Internet,
which will be used for the rest of the WAN. No other connections to the outside are permitted
because of security risks. Fiberoptic T1 leased lines will connect the WAN core and the core to
the Internet. The whole T1 line will be leased. The IP address for the network will be
140.200.0.0 and 7 bits will be borrowed for subnetting to produce 126 subnets. This leaves
around 510 hosts per subnet and meets the 100 times growth requirements. The Subnet mask
would be 255.255.254.0.
WAN Specs
WAN Protocols
WAN Router Config
Configuring PPP over T1 lines:
Router(config)# int s1
Router(config-if)# encapsulation ppp
Router(config-if)# ppp authentication chap
Router(config-if)# ppp chap hostname Manimal
Router(config-if)# ppp chap password manna
Implementing IPX:
Router(config)# ipx routing
Router(config)# ipx maximum-paths 2
Router(config)# int Ethernet 0.1
Router(config-if)# encapsulation novell-ether
Router(config-if)# ipx network 140.200.0.0
Configuring Frame Relay on a Router:
Router# enable
Router# (password)
Router# config t
Router(config)# int s0
Router(config-if)# encapsulation frame-relay cisco
Router(config-if)# frame-relay lmi-type cisco
Router(config-if)# bandwidth 10000
Router(config-if)# frame-relay local-dlci 100
Router(config-if)# keepalive 20
In Service Center:
Router(config-router)# network 140.200.16.1
Router(config-router)# network 140.200.16.3
To Enable IGRP in Royal Palm:
Router(config)# router igrp 100
Router(config-router)# network 140.200.177.1
Implementing an ACL for Security:
Router(config)# access-list 1 deny 140.200.1.2
In District Center:
Router(config-router)# network 140.200.1.1
Router(config-router)# network 140.200.1.3
In Shaw Butte:
Router(config-router)# network 140.200.8.1
Router(config-router)# network 140.200.8.3
File Servers
Location of Domain Name/Email Services- Domain Name Services (DNS) and
email delivery will be implemented in a hierarchical fashion with all services located
on the master server at the district office. Each District Hub location will contain a
DNS server to support the individual school serviced out of that location. Each
school site will also contain a host for DNS and email services (local post office) that
will maintain a complete directory of all staff personnel and student population for
that location. The school host will be the local post office box and will store all email
messages. The update DNS process will flow from the individual school server to
the hub server and to the district server.
File Servers cont.
•Administrative Server Location, Purpose and Availability- Each school location
will contain an Administration server which will house the student tracking,
attendance, grading, and other administrative functions.
•Application Server Location, Purpose and Availability- All computer applications
will be housed in a central server at each school location. This Server will be running
TCP/IP as its OSI layer 3&4 protocols and will be made available to anyone at the
school site.
•Departmental or Workgroup Servers Placement- Any other servers at the school
sites will be considered departmental servers and will be placed according to user
group access needs.
Library Server Location, Purpose and Availability- The Library server will contain
an online library for curricular research. The Server will be running TCP/IP as its OSI
layer 3&4 protocols and will be made available to anyone at the school site
WAN Addressing Scheme
Addressing Scheme
The IP addressing scheme for our WAN will utilize static addressing for the administrative
networks. However, for curriculum computers, we will use Dynamic Host Configuration Protocol (DHCP)
to dynamically assign addresses. This reduces the amount of work the network administrator must do
and it also allows addresses that are no longer used to be reused by other network devices. The District
Office will administer the IP addresses. The WAN will use Network Address Translation (NAT) and
Simple Network Management Protocol (SNMP). The District Office will have total management control
over the entire WAN and there will be a regional management host on each regional hub to support each area.
The District Office will have all of the super-user passwords for network devices for security reasons.
There are 7 Groups of IP addresses that will be used in our network:
WAN Core
Data Center Router to Site Routers
Service Center Router to Site Routers
Shaw Butte Router to Site Routers
Schools Connected to Service Center Hub
Schools Connected to Shaw Butte Hub
Schools Connected to District Center Hub
WAN Addressing Scheme
WAN Core:
(Subnet Mask is always 255.255.254.0)
Location
DC S0
DC S1
DC S2
DC S3
DC S4
DC S5
DC S6
DC S7
SC S4
SC S5
SC S6
SC S7
Connects to
SC S0
SC S1
SC S2
SC S3
SB S0
SB S1
SB S2
SB S3
SB S4
SB S5
SB S6
SB S7
Assigned Port IP
140.200.1.1
140.200.2.1
140.200.3.1
140.200.4.1
140.200.8.1
140.200.9.1
140.200.10.1
140.200.11.1
140.200.16.1
140.200.17.1
140.200.18.1
140.200.19.1
Assigned Port ID
140.200.1.2
140.200.2.2
140.200.3.2
140.200.4.2
140.200.8.2
140.200.9.2
140.200.10.2
140.200.11.2
140.200.16.2
140.200.17.2
140.200.18.2
140.200.19.2
Wire Address
140.200.1.0
140.200.2.0
140.200.3.0
140.200.4.0
140.200.8.0
140.200.9.0
140.200.10.0
140.200.11.0
140.200.16.0
140.200.17.0
140.200.18.0
140.200.19.0
WAN Addressing Scheme
Service Center Router to Site Routers:
(Subnet Mask is always 255.255.254.0)
Location
SC S8
SC S9
SC S10
SC S11
SC S12
SC S13
SC S14
SC S15
SC S16
SC S17
SC S18
SC S19
SC BRI0
Connects to
SC2 S0
Abe Lincoln S0
Lookout Mtn. S0
Moon Mtn. S0
Blue Sky S0
Sahuaro S0
Sunburst S0
Sweetwater S0
Tumbleweed S0
Mtn. Sky S0
Acacia S0
Sunset S0
Community
School BRI0
Assigned Port IP
140.200.51.1
140.200.40.1
140.200.41.1
140.200.42.1
140.200.43.1
140.200.44.1
140.200.45.1
140.200.46.1
140.200.47.1
140.200.48.1
140.200.49.1
140.200.50.1
140.200.52.1
DC = Data Center
SC = Service Center
SB = Shaw Butte
Assigned Port ID
140.200.51.2
140.200.40.2
140.200.41.2
140.200.42.2
140.200.43.2
140.200.44.2
140.200.45.2
140.200.46.2
140.200.47.2
140.200.48.2
140.200.49.2
140.200.50.2
140.200.52.2
Wire Address
140.200.51.0
140.200.40.0
140.200.41.0
140.200.42.0
140.200.43.0
140.200.44.0
140.200.45.0
140.200.46.0
140.200.47.0
140.200.48.0
140.200.49.0
140.200.50.0
140.200.52.0
WAN Addressing Scheme
Data Center Router to Site Routers:
(Subnet Mask is always 255.255.254.0)
Location
DC S8
DC S9
DC S10
DC S11
DC S12
DC S13
DC S14
DC S15
DC S16
DC S17
DC S18
DC S19
DC S20
Connects to
DC S0
Cholla S0
Chaparall S0
Desert Foot S0
Ironwood S0
John Jacobs S0
Lake View S0
Washington S0
Road Run S0
Mtn. View S0
Sunny Slope S0
Desert View S0
Internet (ISP)
Assigned Port IP
140.200.35.1
140.200.24.1
140.200.25.1
140.200.26.1
140.200.27.1
140.200.28.1
140.200.29.1
140.200.30.1
140.200.31.1
140.200.32.1
140.200.33.1
140.200.34.1
ISP provided
Assigned Port ID
140.200.35.2
140.200.24.2
140.200.25.2
140.200.26.2
140.200.27.2
140.200.28.2
140.200.29.2
140.200.30.2
140.200.31.2
140.200.32.2
140.200.33.2
140.200.34.2
ISP provided
Wire Address
140.200.35.0
140.200.24.0
140.200.25.0
140.200.26.0
140.200.27.0
140.200.28.0
140.200.29.0
140.200.30.0
140.200.31.0
140.200.32.0
140.200.33.0
140.200.34.0
ISP provided
WAN Addressing Scheme
Shaw Butte Router to Site Routers:
(Subnet Mask is always 255.255.254.0)
Location
SB S8
SB S9
SB S10
SB S11
SB S12
SB S13
SB S14
SB S15
SB S16
SB S17
SB S18
Connects to
Assigned Port IP
SB2 S0
140.200.56.1
Arroyo S0
140.200.57.1
Palo Verde S0
140.200.58.1
Orangewood S0 140.200.59.1
Ocotillo S0
140.200.60.1
Maryland S0
140.200.61.1
Manzanita S0
140.200.62.1
Cactus Wren S0 140.200.63.1
AltaVista S0
140.200.64.1
Royal Palm S0 140.200.65.1
R.E. Miller S0
140.200.66.1
Assigned Port ID
140.200.56.2
140.200.57.2
140.200.58.2
140.200.59.2
140.200.60.2
140.200.61.2
140.200.62.2
140.200.63.2
140.200.64.2
140.200.65.2
140.200.66.2
Wire Address
140.200.56.0
140.200.57.0
140.200.58.0
140.200.59.0
140.200.60.0
140.200.61.0
140.200.62.0
140.200.63.0
140.200.64.0
140.200.65.0
140.200.66.0
WAN Addressing Scheme
Schools Connected to Service Center Hub:
(Subnet Mask is always 255.255.254.0)
Location
SC S8
SC S9
SC S10
SC S11
SC S12
SC S13
SC S14
SC S15
SC S16
SC S17
SC S18
SC S19
SC BRI0
Connects to
Administration IP (E1)
SC2
140.200.77.1-254
Sunset
140.200.81.1-254
Acacia
140.200.85.1-254
Mountain Sky
140.200.89.1-254
Tumbleweed
140.200.93.1-254
Sweetwater
140.200.97.1-254
Sunburst
140.200.101.1-254
Sahuaro
140.200.105.1-254
Blue Sky
140.200.109.1-254
Moon Mountain 140.200.113.1-254
Lookout Mtn.
140.200.117.1-254
Abraham Lincoln 140.200.121.1-254
Comm. School 140.200.125.1-254
Curriculum IP (E0)
N/A
140.200.78/80.1-254
140.200.82/84.1-254
140.200.86/88.1-254
140.200.90/92.1-254
140.200.94/96.1-254
140.200.98/100.1-254
140.200.102/104.1-254
140.200.106/108.1-254
140.200.110/112.1-254
140.200.114/116.1-254
140.200.118/120.1-254
140.200.122.1-254
WAN Addressing Scheme
Schools Connected to Shaw Butte Hub:
(Subnet Mask is always 255.255.254.0)
Location
SC S8
SC S9
SC S10
SC S11
SC S12
SC S13
SC S14
SC S15
SC S16
SC S17
SC S18
Connects to
SB2
Arroyo
Palo Verde
Orangewood
Ocotillo
Maryland
Manzanita
Cactus Wren
Alta Vista
Royal Palm
R. E. Miller
Administration IP (E1)
140.200.137.1-254
140.200.141.1-254
140.200.145.1-254
140.200.149.1-254
140.200.153.1-254
140.200.157.1-254
140.200.161.1-254
140.200.165.1-254
140.200.169.1-254
140.200.177.1-254
140.200.181.1-254
Curriculum IP (E0)
140.200.134/136.1-254
140.200.138/140.1-254
140.200.142/144.1-254
140.200.146/148.1-254
140.200.150/152.1-254
140.200.154/156.1-254
140.200.158/160.1-254
140.200.162/164.1-254
140.200.166/168.1-254
140.200.170/176.1-254
140.200.178/180.1-254
WAN Addressing Scheme
Schools Connected to District Center Hub:
(Subnet Mask is always 255.255.254.0)
Location
SC S8
SC S9
SC S10
SC S11
SC S12
SC S13
SC S14
SC S15
SC S16
SC S17
SC S18
SC S19
Connects to
DC2
Cholla
Chaparral
Desert Foothill
Ironwood
John Jacobs
Lake View
Washington
Road Runner
Mountain View
Sunnyslope
Desert View
Administration IP (E1)
140.200.191.1-254
140.200.195.1-254
140.200.199.1-254
140.200.203.1-254
140.200.207.1-254
140.200.211.1-254
140.200.215.1-254
140.200.219.1-254
140.200.223.1-254
140.200.227.1-254
140.200.231.1-254
140.200.235.1-254
Curriculum IP (E0)
N/A
140.200.192/194.1-254
140.200.196/198.1-254
140.200.200/202.1-254
140.200.204/206.1-254
140.200.208/210.1-254
140.200.212/214.1-254
140.200.216/218.1-254
140.200.220/222.1-254
140.200.224/226.1-254
140.200.228/230.1-254
140.200.232/234.1-254
Security Issues and Concerns
Number of Logical Network Classifications-The network will be divided into three
logical network classifications, Administrative, curriculum and external with
secured interconnections between them.
Services Exposed to the Internet-Internet Connectivity will utilize a double firewall
implementation with all Internet-exposed applications residing on a public
backbone network. For security reasons, the only services exposed to the internet
will be DNS and email.
WAN Security via Router- By utilizing Access Control Lists (ACLs) on the routers,
all traffic from the curriculum LANs will be prohibited on the administration LAN.
Exceptions to this ACL can be made on an individual basis. Applications such as email
and directory services will be allowed to pass freely since they pose no risk.
User ID and Password-A user ID and Password Policy will be published and strictly enforced on all
computers in the district.
Summary
LAN Network Specifications:
•
•
•
•
•
•
•
Materials used– Cat 5 UTP horizontal cabling
– Fiber backbone cabling
Type of Ethernet
– 100 Base-TX from MDF to each IDF
– 10 Base-T from IDF to hosts
One MDF located within the POP; Nine IDFs located throughout the campus
The use of the Dell “Wireless Classroom” has been proposed but has not been
monetarily accounted for
IGRP and IP have both been implemented
Two V-LANs have been set up; one for Students another for
Faculty/Administration
There are two ACLs and a Firewall to provide added network security
LAN Budget
Royal Palm School Budget:
•
Number
Total
•
•
•
•
•
•
•
•
1
2
9
1
173
16
1
9
Item Name
Each
Cisco 2500 Router
$2265.95 $2265.95
Cisco Catalyst 2912 Switch
$5112.95 $10,225.90
Cisco Catalyst 2924 10/100 Switch
$1090.00 $9810.00
Cisco PIX 515 Firewall
$2267.95 $2267.95
TAA Compliant 12 Port 10/100 Hub $218.39 $38,873.42
Ellipse 800 USB Free Standing UPS 800VA
$186.06 $2976.96
72x36x19 Startech Computer Rack
$1402.95 $1402.95
72x30x19 Startech Computer Rack
$893.95 $8045.55
•
Total:
$75,868.68
WAN Budget
Washington School District WAN Budget:
Number
Item Name
Each
1
2
36
1
1
Cisco 7507 Router
Cisco 3600 Router
Cisco 2500 Router
T1 Setup Charge
T1 Leased Line Cost (annually)
$19,395.00 $19,395.00
$4,599.00 $9,198.00
$2265.95 $81,574.20
$500.00 $500.00
$9,120.00 $9,120.00
Total:
$119,787.20
Total
LAN Logical Diagram
LAN Wire Diagram
LAN IP Addressing Scheme
IP Addressing Scheme for the Royal Palm School
• Network IP Address:
• Subnet Mask:
69.0.0.0
255.224.0.0
• 6 Subnets allowed: 2 used (69.32.0.0, 69.64.0.0) and 4 for
future expansion (69.96.0.0, 69.128.0.0, 69.160.0.0,
69.192.0.0)
LAN Subnet 1: Administration
•
•
•
Network IP Address:
69.32.0.0
Reserved Server IP Addresses:
69.32.1.1/23
Reserved Switch IP Addresses:
69.32.1.24/47
•
Reserved Router IP Addresses:
69.32.1.48/71
•
Reserved for Network Admin.:
69.32.1.72/254
•
Building 1:
69.32.2.1 to 69.32.4.254
•
Building 2:
69.32.5.1 to 69.32.7.254
•
Building 3:
69.32.8.1 to 69.32.10.254
•
Building 4:
69.32.11.1 to
69.32.13.254
•
Building 5:
69.32.14.1 to
69.32.16.254
•
Cafeteria:
69.32.17.1 to
69.32.19.254
•
Science Building:
69.32.20.1 to
69.32.22.254
•
Computer Building:
69.32.23.1 to
69.32.25.254
LAN Subnet 2: Students
•
•
Network IP Address:
69.64.0.0
•
Reserved Server IP Addresses:
69.64.1.1/23
•
•
•
•
Reserved Switch IP Addresses:
69.64.1.24/47
•
Reserved Router IP Addresses:
69.64.1.48/71
•
Reserved for Network Admin.:
69.64.1.72/254
•
•
•
•
Building 1:
69.64.2.1 to
69.32.4.254
Building 2:
69.64.5.1 to
69.32.7.254
Building 3:
69.64.8.1 to
69.32.10.254
Building 4:
69.64.11.1 to
69.32.13.254
Building 5:
69.64.14.1 to
69.32.16.254
Cafeteria:
69.64.17.1 to
69.32.19.254
Science Building: 69.64.20.1 to
69.32.22.254
Computer Building:
69.64.23.1
to 69.32.25.254
This leaves more than ample room for growth for each
building and reserved address.
LAN ACL Implementation
•
•
•
•
•
•
•
•
Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=25
Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=53
Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=80
Router(config)# access-list 169 deny ip 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255
Router(config)# access-list 169 permit any any
Router(config)# int e1
Router(config-if)# ip access-group 169 in
Router(config-if)# exit
• This ACL allows the students only DNS, e-mail, and HTTP access and increases the
network’s security.
LAN Router Config
•
•
•
•
IP
IGRP
69.0.0.0
•
IP:
•
•
69
•
•
•
•
Mannimal(config)# int s0
Mannimal(config-if)# ip address
201.192.105.1 255.255.255.0
Mannimal(config-if)# clockrate 56000
Mannimal(config-if)# exit
Mannimal(config)# int e0
Mannimal(config-if)# ip address 69.32.1.48
255.224.0.0
Mannimal(config-if)# exit
Mannimal(config)# int e1
Mannimal(config-if)# ip address 69.64.1.48
255.224.0.0
Mannimal(config-if)# exit
•
Routed Protocol:
Routing Protocol:
Internal network address:
External network address:
201.192.105.0
Autonomous system number:
•
•
IGRP:
(in config t mode at router)
•
•
•
•
Router(config)# hostname Mannimal
Mannimal(config)# router igrp 69
Mannimal(config)# network 201.192.105.0
Mannimal(config)# network 69.0.0.0
•
This sets up IGRP as the router’s routing
protocol and names the router Mannimal.
•
•
•
•
•
This sets up IP addressing for the router and
router interfaces.
LAN to LAN Concerns
Internet Connectivity
Internet Connectivity:
All of the Internet connectivity supplied will be through the
District Office and will be highly controlled and bandwidth will be
upgraded as usage dictates. Our connection will have two firewalls to
protect theinner public network. ACLs will keep curriculum from
administration and will help with the firewalls. Inside the network,
DNS, Email, and other servers will be allowed to transmit freely.
Each school will havea partition of the public network to put on the
World Wide Web as well.
User Policies
•User ID and Password-A user ID and Password Policy will be
published and strictly enforced on all computers in the district.
LAN security via Router: All LANs will have an Access Control List
(ACL), this creates a firewall from the teacher LAN to the
student LAN. The teachers can see onto the students curriculum
but the students do not have access to the teacher's.
Recommendation/Final
Assessment
The preceding proposal provides internetwork
connectivity throughout the Royal Palm Middle School, as
well as access to the Internet for all classrooms and hosts.
While ensuring reliability and manageability, our network
is both scalable and adaptable. The network also provides
security preventing unauthorized access throughout the
entire network. Finally, the network we designed is cost
effective and provides for further growth and
development.
Credits
• Special Thanks go out to Tony because
without him this project could not have
been possible
• Thanks to Big Manna Dawg
• Theman is STILL Cisco god
• Jarret, Get Your Own Sock
• Alex still rules the 100’s club