Acacia
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

Acacia PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

Acacia. Threaded Case Study Aoife McIntyre Cordelia Carty Mary Kearns. Overview. The school district is in the process of implementing Local Area Networks (LANs) and a Wide Area Network (WAN) to provide data connectivity between all school sites.

Download Presentation

Acacia

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Acacia

Acacia

Threaded Case Study

Aoife McIntyre

Cordelia Carty

Mary Kearns


Overview

Overview

  • The school district is in the process of implementing Local Area Networks (LANs) and a Wide Area Network (WAN) to provide data connectivity between all school sites.

  • Access to the internet from any site in the school district.

  • Implement a series of servers to facilitate online automation of all the districts administrative and curricular functions.


Overview cont

Overview (cont)

  • Network must be functional for a minimum of 7-10 years.

  • Provide for 100% growth in LAN.

  • TCP/IP and Novell IPX are the only OSI layer 3 and 4 protocols allowed. In our case we will use TCP/IP.


User requirements

User Requirements

  • Two Local Area Network (LAN) segments will be implemented. One VLAN will be designed for student curriculum usage and the other for administration.

  • The LAN infrastructure will be based on Ethernet LAN switching. The transport speeds will be Ethernet 10BASE-T, 100BASE- TX, and 100BASE-FX.


Cabling

Cabling

  • Horizontal cabling will be Cat5 Unshielded Twisted Pair (CAT5 UTP). It will be able to accommodate speeds of 100Mps. This has a maximum distance of 90m.

  • The vertical backbone will be fiber optic 1000 Base-FX, which will run between the MDF and the IDF.


Wide area network wan

Wide Area Network (WAN)

  • The WAN will connect all of the schools to the three regional hubs and interconnect the regional hubs in a extended star topology. It will also connect the Data Center regional hub to the internet through a proxy server.


Logical addressing scheme

Logical Addressing Scheme

  • One class C address allocated to the school

    • Students – 192.168.1.1 to 192.168.1.254

    • Admin – 192.168.2.1 to 192.168.2.254

    • Servers – 192.168.3.1 to 192.168.3.254

  • The class C address has been sub-netted to allow for more hosts on the same network


Logical design

Logical Design


Wiring layout

Wiring Layout


Zone layout

Zone Layout


Classrooms

Classrooms

  • Each of the classroom must be able to support 24 workstations and be supplied with 4 data termination points. A single location in each room will be designated as the wiring point of presence (POP) for that room. It will consist of a lockable cabinet containing all cable terminations and electronic components; switches etc.

  • It requires that the network in Acacia must be able to support 325 computers, 250 computers for students and 75 computers for administration usage.


Classroom layout

Classroom Layout


Main distribution frame mdf

Main Distribution Frame (MDF)

An MDF is a free-standing or wall-mounted rack for managing and interconnecting the telecommunications cable between the main distribution frame and the intermediate distribution frame (IDF). The MDF is also the connection point for your LAN to the district WAN.


Acacia

MDF


Mdf equipment

MDF Equipment

  • Cisco 2611 Router with serial, Ethernet and dial-in facilities

  • 2 - Catalyst 3542 XL Ethernet Switches

  • Catalyst 3548 XL Enterprise Edition

  • 4  -24-port patch panels

  • 1 - 16-port patch panel

  • Fiber patch panel

  • Administrative server

  • Application server

  • DNS/E-mail server

  • Library server

  • Workgroup server

  • UPS

  • Monitor

  • Monitor shelf with keyboard tray

  • Ventilation Panel


Intermediate distribution frame idf

Intermediate Distribution Frame (IDF)

An IDF is a free-standing or wall-mounted rack for managing and interconnecting the telecommunications cable between end user devices and a MDF. For example, there would be an IDF in each building or every 90 meters.


Acacia

IDF


Idf equipment

IDF Equipment

  • 3 - Catalyst 3542 Ethernet Switches

  • 4 - 24-port patch panels

  • Fibre patch panel

  • UPS

  • Ventilation Panel

  • Monitor

  • Monitor shelf with keyboard tray


Servers

Servers

  • DNS/E-MAIL SERVER : The school host will be the local post office box and will store all e-mail messages. The update DNS process will flow from the individual school server to the Hub server and to the district server. All regional servers will be able to communicate between themselves, building reducdancy in the system.

  • ADMINISTRATIVE SERVER : This will contain the student tracking, attendance, grading and other administration functions. This server will only be available to teachers and staff.


Servers cont

Servers (cont)

  • LIBRARY SERVER : Acacia is implementing an automated library information and retrieval system, which will contain an online library for curricular research purposes. This server will be made available to anyone at the school site.

  • APPLICATION SERVER : All computer applications will be housed in a central server at each school location. As applications such as Word processing, Excel, PowerPoint etc are requested by users these applications will be retrieved from the application server. This server will be made available to anyone at the school site.


Servers cont1

Servers (cont)

  • OTHER SERVERS: Any other servers implemented at the school sites will be departmental servers and will be placed according to user group access needs.


Vlan s

VLAN’s

A VLAN is a logical grouping of devices or users that can be grouped by function, department, or application, regardless of their physical segment location. VLAN configuration is done at the switch via software .

Two VLANs will be used on the LAN:

  • VLAN 1 will be used for the administration segment.

  • VLAN 2 will be used for curriculum.

  • All changes and moves will be controlled and managed accordingly.


Vlan s1

VLAN’s

Vlans are implemented for the following reasons:

  • Reduces administration costs related to moves, additions and changes

  • Provides better control broadcasts

  • Tightens network security

  • Distributes traffic load

  • Relocates servers into secured locations

  • Saves money by using existing hubs


Access control lists acl s

Access Control Lists (ACL’s)

  • ACL’s permit or deny certain users (or an entire network segment) access to network resources. These are set up by the network administrator and add security to the network, as well as limit network traffic and increase network performance. ACLs are either standard numbers 1-99) or extended (numbers 100-199)


Acl s

ACL’s

  • Students have access to:

    • Application server

    • Internet

    • Library server

  • Students are denied access to:

    • Any activity on the DNS server

    • Administrative server

  • Teachers have access to:

    • Internet

    • DNS server for e-mail

    • Administrative server at Acacia

    • Application server at Acacia

    • Library server at Acacia


Example acl

Example ACL

  • Enter global configuration mode

    • Config t

  • Permits all users access to email/DNS server

    • Acacia(config)# access-list 101 permit tcp 192.168.1.0 0.0.0.255 192.168.3.1 0.0.0.0

  • Permits all users access to the library server

    • Acacia(config)# access-list 101 permit tcp 192.168.1.0 0.0.0.255 192.168.3.2 0.0.0.0

  • Blocks all student/curriculum traffic from access the admin network

    • Acacia(config)# access-list 101 deny 192.168.1.0 0.0.0.255 192.168.2.0 0.0.255.255

  • Permits all other traffic

    • Acacia(config)# access-list 101 permit any any


Acacia

IGRP

  • IGRP is a distance vector Interior Gateway Protocol. Distance vector routing protocols mathematically compare routes using some measurement of distance. This measurement is known as the distance vector.

  • Routers using a distance vector protocol must send all or a portion of their routing table in a routing-update message at regular intervals to each of their neighboring routers.

  • As routing information is reproduced through the network, routers can identify new destinations as they are added to the network, learn of failures in the network, and, most importantly, calculate distances to all known destinations.


Igrp implementation

IGRP Implementation

  • Acacia# config tAcacia(config)# router igrp 100

  • Acacia(config-router)# network 192.168.1.0Acacia(config-router)# network 192.168.2.0Acacia(config-router)# network 192.168.3.0

  • Acacia(config-router)#exit


Firewalls

Firewalls

  • A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.

  • Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

  • All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.


Security

Security

  • Double firewall implementation

    • ACL’s act as second layer of firewall

  • Network will be divided into 3 logical network classifications: staff/administrative, curriculum and servers

  • Two separate VLANs: Curriculum and Staff/Administration

  • Utilization of access control lists

  • User ID and Password Policy published and strictly enforced on all computers in the District

  • All traffic from Curriculum LAN prohibited on Administrative LAN.


Acacia

Pros

  • The network speed can be upgraded without much change in the physical cabling

  • With 4 CAT5 cables in every data termination point in the rooms, extra computers or other devices can be used in the classrooms as needed

  • ACLs provide very strong security : students in the curriculum network cannot get into administrator network

  • Use of VLAN’s provide internal security

  • Troubleshooting made simpler using switches


Acacia

Cons

  • There is no redundancy of router link at POP. If the WAN link fails there will be no access to other resources in the district or access to the Internet

  • The use of switches increase the network latency as well as initial cost of the network

  • Expensive to implement

  • Password security is based on user cooperation

  • Non – Centralized – With IDFs in each building, it is difficult to locate problems


  • Login