Download
1 / 22
220 likes | 300 Views
Explore the comprehensive network setup of Mike, Mark, Joy, Armando, and Mona at R.E. Miller, Acacia, Desert View, and Mountain Sky. Learn about WAN, LAN, security, cost, VLANs, and addressing details.
E N D
The Washington School District Mike, Mark, Joy, Armando, & Mona
Overview • R E Miller, Acacia, Desert View, & Mountain Sky • Class B Address • WAN - PPP, Frame Relay, ISDN, OSPF • LAN - Extended Star, TCP/IP, IGRP • Security • Cost
Addressing • Class B - 145.29.0.0 • VLANS for Administrative and Students • Administrative and network printers will be static • Students will use DHCP
Class B 145.29.0.0 Subnet mask - 255.255.255.0 Used 8 bits for subnets (total usable 254) 8 Bits left for hosts/subnet (total usable 254) 145.29.1.0 - 145.29.10.0 Wan routers Desert View 145.29.20.0 - 145.29.24.0 E0=145.29.20.1 Admin Addresses 145.29.20.100 - 145.29.20.254 Students 145.29.21.0 Printers 145.29.22.0
Acacia 145.29.25.0 - 145.29.29.0 E0=145.29.25.1 Admin Addresses 145.29.25.100 - 145.29.25.254 Students 145.29.26.0 Printers 145.29.27.0 Mountain Sky 145.29.30.0 - 145.29.34.0 E0=145.29.30.1 Admin Addresses 145.29.30.100 - 145.29.30.254 Students 145.29.31.0 Printers 145.29.32.0 RE Miller 145.29.35.0 - 145.29.39.0 E0=145.29.35.1 Admin Addresses 145.29.35.100 - 145.29.35.254 Students 145.29.36.0 Printers 145.29.37.0
WAN • T1 using Frame Relay to the Internet • 4 T1’s between District Office, Shaw Butte, Service Center • upgrade to DS3 for growth • PPP • T1 from each school to its District hub • Backup TSU ESP • Each District hub will be an Area Border Router; this provides for the requirement of one AS number • Additional router at Data Center going to the Internet, along with access lists fulfills requirement for double firewall.
LAN • Gigabit Backbone • Fiber from MDF to each BLDG • Fiber from IDF to IDF and from MDF to IDF within building • Router connects WAN link (T1) and provides security and routing for VLANS
LAN (cont’d) • MDF - switch with router capabilities • Server Central • DNS/DHCP • Email • Administrative • Student • Print • Application and CD Stack • Misc. - DLT Tape Drives, UPS, Racks
LAN (cont’d) • IDF • 7 drops to each class • 28 ports - students (24), teacher (3), network printer (1) • 100Mbps to each node • full duplex
Security • Administrative user ID and Password • VLANS • Access Lists
VLANS • VLAN 1 - Administration • VLAN 2 - Students • Configure ports on switch for each VLAN • use ethernet sub interfaces - E0/1 • Configure uplinks to trunk each VLAN • Full duplex • Use Spanning Tree Protocol (STP) • creates a transparent switch
VLANS (cont’d) • IGRP - AS#(Internet Assigned Numbers Authority) • Configure router with virtual interfaces • virtual ethernet sub interfaces must be configured to match switch ethernet sub interfaces • this is needed because of the 5500 series router/switch we are using
Access Lists • Used for double firewall • WAN • use access lists to allow traffic from Internet and Intranet to access servers located in DMZ • examples: • access-list 101 permit tcp any any eq 80 in S1 • access-list 101 permit tcp any any eq 25 in S1 • access-list 101 permit tcp any any eq 53 in S1 • access-list 101 permit tcp any any eq 21 in S1 • access-list 101 deny tcp any any • access-list 101 deny udp any any • access-list 102 permit tcp any any eq 80 in E1 • access-list 102 permit tcp any any eq 25 in E1 • access-list 102 permit tcp any any eq 53 in E1 • access-list 102 permit tcp any any eq 21 in E1
Access List - LAN • Access-list 105 deny tcp student subnet to administrative server and deny student access to administrative subnet • example: • access-list 105 deny tcp 145.29.21.0 255.255.0.255 145.29.20.22 255.255.0.0 • Access list 105 deny tcp 145.29.21.0 255.255.0.255 145.29.20.0.0 255.255.0.255 • access-list 105 permit any any • applied on E0 interface inbound
