Download
1 / 27
270 likes | 352 Views
Desert View TCS. By Charlene Cooley and Dan Austin. User Requirements. 7- to 10-year projected life 100% WAN growth 1,000% LAN growth Speed 1 Mbps for workstations 100 Mbps for servers Exclusively TCP/IP. User Requirements (cont.). Frame Relay for WAN transport 2 LANs per building
E N D
Desert View TCS By Charlene Cooley and Dan Austin
User Requirements • 7- to 10-year projected life • 100% WAN growth • 1,000% LAN growth • Speed • 1 Mbps for workstations • 100 Mbps for servers • Exclusively TCP/IP
User Requirements (cont.) • Frame Relay for WAN transport • 2 LANs per building • student/curriculum • administrative • Switched LAN infrastructure
User Requirements (cont.) • Classrooms • 24 workstations per classroom • 4 cable runs per classroom • switches located in lockable cabinets • File designation is enterprise or workgroup
User Requirements (cont.) • DNS & E-mail • master servers at district office • distributed DNS servers in each building • each building has a host for DNS & E-mail, and a directory of staff & students
Topology Requirements • Redundant paths between regional servers • Administrative server must be accessible to teachers and staff in each building • Library server must be available to entire network • Static IP for administrative hosts • DHCP for student/curriculum hosts
Security Requirements • General • no access from Internet to intranet • 2 physical LAN structures • double firewall • Access Control Lists • prevent access from student/curriculum network to administrative network (with certain exceptions)
NETWORKDESIGN EXAMPLES DESERT VIEW
WAN OVERVIEW DESERT VIEW
IP ADDRESSING SCHEME AND NAMING CONVENTION DESERT VIEW
IP Addressing Scheme for Desert View • Class B Address of 128.0.0.0/22 • 62 subnets • Administrative subnets • Curriculum subnets • WAN subnets • Internet subnet • DHCP Servers will hold curriculum addresses
Naming Convention • Administrators • building name/{office|classroom} number • Curriculum • building name/classroom number
Network Management • SNMP traps on network nodes • CSWI Resource Manager & Campus Network Management Software • District Office • master server collects information from regional hubs • Regional Hubs • will collect information from schools that are attached
DESERT VIEW SECURITY DESERT VIEW
ACLs • Standard ACL Applied to District Office Network (Incoming) • Standard ACL Applied to Administrative Networks (Incoming) • Extended ACL Applied to Classroom Network (Outgoing)
ACLsDistrict Office • Access-list 1 permit 128.0.24.0 0.0.3.255 • Access-list 1 permit 128.0.36.0 0.0.3.255 • Access-list 1 deny any any Apply to E0 • ip access-group 1 in
ACLsBuilding 1 • Access-list 2 permit 128.0.12.0 .0.0.3.255 • Access-list 2 permit 128.0.36.0 0.0.3.255 • Access-list 2 deny any any Apply to E1 • ip access-group 2 in
ACLsBuilding 1 (Con’t) • Access-list 101 permit tcp 128.0.20.0 0.0.3.255 eq smtp • Access-list 101 permit udp 128.0.20.0 0.0.3.255 eq DNS • Access-list 101 deny any any Apply to E0 • ip Access-group 101 out
ACLsBuilding 2 • Access-list 3 permit 128.0.12.0 .0.0.3.255 • Access-list 3 permit 128.0.24.0 0.0.3.255 • Access-list 3 deny any any Apply to E1 • ip access-group 3 in
ACLsBuilding 2 (Con’t) • Access-list 102 permit tcp 128.0.32.0 0.0.3.255 eq smtp • Access-list 102 permit udp 128.0.32.0 0.0.3.255 eq DNS • Access-list 102 deny any any Apply to E0 • ip Access-group 102 out
QUESTIONS? DESERT VIEW
