cisco tcs royal palm wan & lan layout and design by team mannimal
TRANSCRIPT
Cisco TCS
Royal Palm WAN & LAN
Layout and Design
By Team MANNIMAL
Overview/Executive SummaryOur Wide Area Network will use the IGRP routing protocol. The WAN will
pass only Novell IPX and TCP/IP traffic. Routers will be programmed to disallow other protocols. Every LAN will have access to the internet and a series of servers will be onlineto automate all of the district's administrative and curricular functions. Since our WAN will be functional for 7-10 years, LAN throughput is allowed to grow 100 times, WAN core throughput 10 times, and District Internet Connection throughput 10 times. Our WAN allows a minimum of 1 Mbps for each host computer and 100 Mbps to the server hosts. Our LAN is Royal Palm and we will be working it into Shaw Butte as much as possible. There will be data connectivity between all schools. The WAN will be based on a 2-layer hierarchical model. Regional hubs will be established for Shaw Butte, the District Office/Data Center, and Service Center to form a very fast WAN core network. High-end routers will be installed in each WAN core location. The District Office/Data Center will provide a Frame Relay link to the Internet, which will be used for the rest of the WAN. No other connections to the outside are permitted because of security risks. Fiberoptic T1 leased lines will connect the WAN core and the core to the Internet. The whole T1 line will be leased. The IP address for the network will be 140.200.0.0 and 7 bits will be borrowed for subnetting to produce 126 subnets. This leaves around 510 hosts per subnet and meets the 100 times growth requirements. The Subnet mask would be 255.255.254.0.
WAN Specs
WAN Protocols
WAN Router Config
Configuring Frame Relay on a Router:
Router# enable
Router# (password)
Router# config t
Router(config)# int s0
Router(config-if)# encapsulation frame-relay cisco
Router(config-if)# frame-relay lmi-type cisco
Router(config-if)# bandwidth 10000
Router(config-if)# frame-relay local-dlci 100
Router(config-if)# keepalive 20
Configuring PPP over T1 lines:
Router(config)# int s1
Router(config-if)# encapsulation ppp
Router(config-if)# ppp authentication chap
Router(config-if)# ppp chap hostname Manimal
Router(config-if)# ppp chap password manna
Implementing IPX:Router(config)# ipx routing Router(config)# ipx maximum-paths 2Router(config)# int Ethernet 0.1Router(config-if)# encapsulation novell-etherRouter(config-if)# ipx network 140.200.0.0
In Service Center:Router(config-router)# network 140.200.16.1Router(config-router)# network 140.200.16.3
In District Center:Router(config-router)# network 140.200.1.1Router(config-router)# network 140.200.1.3
In Shaw Butte:Router(config-router)# network 140.200.8.1Router(config-router)# network 140.200.8.3
Implementing an ACL for Security:Router(config)# access-list 1 deny 140.200.1.2
To Enable IGRP in Royal Palm:Router(config)# router igrp 100Router(config-router)# network 140.200.177.1
File Servers
Location of Domain Name/Email Services- Domain Name Services (DNS) and
email delivery will be implemented in a hierarchical fashion with all services located
on the master server at the district office. Each District Hub location will contain a
DNS server to support the individual school serviced out of that location. Each
school site will also contain a host for DNS and email services (local post office) that
will maintain a complete directory of all staff personnel and student population for
that location. The school host will be the local post office box and will store all email
messages. The update DNS process will flow from the individual school server to
the hub server and to the district server.
File Servers cont.•Administrative Server Location, Purpose and Availability- Each school location
will contain an Administration server which will house the student tracking,
attendance, grading, and other administrative functions.
•Application Server Location, Purpose and Availability- All computer applications
will be housed in a central server at each school location. This Server will be running
TCP/IP as its OSI layer 3&4 protocols and will be made available to anyone at the
school site.
•Departmental or Workgroup Servers Placement- Any other servers at the school
sites will be considered departmental servers and will be placed according to user
group access needs. Library Server Location, Purpose and Availability- The Library server will contain
an online library for curricular research. The Server will be running TCP/IP as its OSI
layer 3&4 protocols and will be made available to anyone at the school site
WAN Addressing SchemeAddressing Scheme
The IP addressing scheme for our WAN will utilize static addressing for the administrative networks. However, for curriculum computers, we will use Dynamic Host Configuration Protocol (DHCP)to dynamically assign addresses. This reduces the amount of work the network administrator must doand it also allows addresses that are no longer used to be reused by other network devices. The District Office will administer the IP addresses. The WAN will use Network Address Translation (NAT) and Simple Network Management Protocol (SNMP). The District Office will have total management control over the entire WAN and there will be a regional management host on each regional hub to support each area. The District Office will have all of the super-user passwords for network devices for security reasons.
There are 7 Groups of IP addresses that will be used in our network:
WAN CoreData Center Router to Site RoutersService Center Router to Site RoutersShaw Butte Router to Site RoutersSchools Connected to Service Center HubSchools Connected to Shaw Butte HubSchools Connected to District Center Hub
WAN Addressing Scheme
WAN Core:(Subnet Mask is always 255.255.254.0)
Location Connects to Assigned Port IP Assigned Port ID Wire AddressDC S0 SC S0 140.200.1.1 140.200.1.2 140.200.1.0DC S1 SC S1 140.200.2.1 140.200.2.2 140.200.2.0DC S2 SC S2 140.200.3.1 140.200.3.2 140.200.3.0DC S3 SC S3 140.200.4.1 140.200.4.2 140.200.4.0DC S4 SB S0 140.200.8.1 140.200.8.2 140.200.8.0DC S5 SB S1 140.200.9.1 140.200.9.2 140.200.9.0DC S6 SB S2 140.200.10.1 140.200.10.2 140.200.10.0DC S7 SB S3 140.200.11.1 140.200.11.2 140.200.11.0SC S4 SB S4 140.200.16.1 140.200.16.2 140.200.16.0SC S5 SB S5 140.200.17.1 140.200.17.2 140.200.17.0SC S6 SB S6 140.200.18.1 140.200.18.2 140.200.18.0SC S7 SB S7 140.200.19.1 140.200.19.2 140.200.19.0
WAN Addressing SchemeService Center Router to Site Routers: DC = Data Center
SC = Service Center(Subnet Mask is always 255.255.254.0) SB = Shaw Butte
Location Connects to Assigned Port IP Assigned Port ID Wire AddressSC S8 SC2 S0 140.200.51.1 140.200.51.2 140.200.51.0SC S9 Abe Lincoln S0 140.200.40.1 140.200.40.2 140.200.40.0SC S10 Lookout Mtn. S0 140.200.41.1 140.200.41.2 140.200.41.0SC S11 Moon Mtn. S0 140.200.42.1 140.200.42.2 140.200.42.0SC S12 Blue Sky S0 140.200.43.1 140.200.43.2 140.200.43.0SC S13 Sahuaro S0 140.200.44.1 140.200.44.2 140.200.44.0SC S14 Sunburst S0 140.200.45.1 140.200.45.2 140.200.45.0SC S15 Sweetwater S0 140.200.46.1 140.200.46.2 140.200.46.0SC S16 Tumbleweed S0 140.200.47.1 140.200.47.2 140.200.47.0SC S17 Mtn. Sky S0 140.200.48.1 140.200.48.2 140.200.48.0SC S18 Acacia S0 140.200.49.1 140.200.49.2 140.200.49.0SC S19 Sunset S0 140.200.50.1 140.200.50.2 140.200.50.0SC BRI0 Community 140.200.52.1 140.200.52.2 140.200.52.0
School BRI0
WAN Addressing SchemeData Center Router to Site Routers:(Subnet Mask is always 255.255.254.0)
Location Connects to Assigned Port IP Assigned Port ID Wire AddressDC S8 DC S0 140.200.35.1 140.200.35.2 140.200.35.0DC S9 Cholla S0 140.200.24.1 140.200.24.2 140.200.24.0DC S10 Chaparall S0 140.200.25.1 140.200.25.2 140.200.25.0DC S11 Desert Foot S0 140.200.26.1 140.200.26.2 140.200.26.0DC S12 Ironwood S0 140.200.27.1 140.200.27.2 140.200.27.0DC S13 John Jacobs S0 140.200.28.1 140.200.28.2 140.200.28.0DC S14 Lake View S0 140.200.29.1 140.200.29.2 140.200.29.0DC S15 Washington S0 140.200.30.1 140.200.30.2 140.200.30.0DC S16 Road Run S0 140.200.31.1 140.200.31.2 140.200.31.0DC S17 Mtn. View S0 140.200.32.1 140.200.32.2 140.200.32.0DC S18 Sunny Slope S0 140.200.33.1 140.200.33.2 140.200.33.0DC S19 Desert View S0 140.200.34.1 140.200.34.2 140.200.34.0DC S20 Internet (ISP) ISP provided ISP provided ISP provided
WAN Addressing SchemeShaw Butte Router to Site Routers:(Subnet Mask is always 255.255.254.0)
Location Connects to Assigned Port IP Assigned Port ID Wire AddressSB S8 SB2 S0 140.200.56.1 140.200.56.2 140.200.56.0SB S9 Arroyo S0 140.200.57.1 140.200.57.2 140.200.57.0SB S10 Palo Verde S0 140.200.58.1 140.200.58.2 140.200.58.0SB S11 Orangewood S0 140.200.59.1 140.200.59.2 140.200.59.0SB S12 Ocotillo S0 140.200.60.1 140.200.60.2 140.200.60.0SB S13 Maryland S0 140.200.61.1 140.200.61.2 140.200.61.0SB S14 Manzanita S0 140.200.62.1 140.200.62.2 140.200.62.0SB S15 Cactus Wren S0 140.200.63.1 140.200.63.2 140.200.63.0SB S16 AltaVista S0 140.200.64.1 140.200.64.2 140.200.64.0SB S17 Royal Palm S0 140.200.65.1 140.200.65.2 140.200.65.0SB S18 R.E. Miller S0 140.200.66.1 140.200.66.2 140.200.66.0
WAN Addressing SchemeSchools Connected to Service Center Hub:(Subnet Mask is always 255.255.254.0)
Location Connects to Administration IP (E1) Curriculum IP (E0)SC S8 SC2 140.200.77.1-254 N/ASC S9 Sunset 140.200.81.1-254 140.200.78/80.1-254SC S10 Acacia 140.200.85.1-254 140.200.82/84.1-254SC S11 Mountain Sky 140.200.89.1-254 140.200.86/88.1-254SC S12 Tumbleweed 140.200.93.1-254 140.200.90/92.1-254SC S13 Sweetwater 140.200.97.1-254 140.200.94/96.1-254SC S14 Sunburst 140.200.101.1-254 140.200.98/100.1-254SC S15 Sahuaro 140.200.105.1-254 140.200.102/104.1-254SC S16 Blue Sky 140.200.109.1-254 140.200.106/108.1-254SC S17 Moon Mountain 140.200.113.1-254 140.200.110/112.1-254SC S18 Lookout Mtn. 140.200.117.1-254 140.200.114/116.1-254SC S19 Abraham Lincoln 140.200.121.1-254 140.200.118/120.1-254SC BRI0 Comm. School 140.200.125.1-254 140.200.122.1-254
WAN Addressing Scheme
Schools Connected to Shaw Butte Hub:(Subnet Mask is always 255.255.254.0)
Location Connects to Administration IP (E1) Curriculum IP (E0)SC S8 SB2 140.200.137.1-254 140.200.134/136.1-254SC S9 Arroyo 140.200.141.1-254 140.200.138/140.1-254SC S10 Palo Verde 140.200.145.1-254 140.200.142/144.1-254SC S11 Orangewood 140.200.149.1-254 140.200.146/148.1-254SC S12 Ocotillo 140.200.153.1-254 140.200.150/152.1-254SC S13 Maryland 140.200.157.1-254 140.200.154/156.1-254SC S14 Manzanita 140.200.161.1-254 140.200.158/160.1-254SC S15 Cactus Wren 140.200.165.1-254 140.200.162/164.1-254SC S16 Alta Vista 140.200.169.1-254 140.200.166/168.1-254SC S17 Royal Palm 140.200.177.1-254 140.200.170/176.1-254SC S18 R. E. Miller 140.200.181.1-254 140.200.178/180.1-254
WAN Addressing Scheme
Schools Connected to District Center Hub:(Subnet Mask is always 255.255.254.0)
Location Connects to Administration IP (E1) Curriculum IP (E0)SC S8 DC2 140.200.191.1-254 N/ASC S9 Cholla 140.200.195.1-254 140.200.192/194.1-254SC S10 Chaparral 140.200.199.1-254 140.200.196/198.1-254SC S11 Desert Foothill 140.200.203.1-254 140.200.200/202.1-254SC S12 Ironwood 140.200.207.1-254 140.200.204/206.1-254SC S13 John Jacobs 140.200.211.1-254 140.200.208/210.1-254SC S14 Lake View 140.200.215.1-254 140.200.212/214.1-254SC S15 Washington 140.200.219.1-254 140.200.216/218.1-254SC S16 Road Runner 140.200.223.1-254 140.200.220/222.1-254SC S17 Mountain View 140.200.227.1-254 140.200.224/226.1-254SC S18 Sunnyslope 140.200.231.1-254 140.200.228/230.1-254SC S19 Desert View 140.200.235.1-254 140.200.232/234.1-254
Security Issues and ConcernsNumber of Logical Network Classifications-The network will be divided into three
logical network classifications, Administrative, curriculum and external with
secured interconnections between them.
Services Exposed to the Internet-Internet Connectivity will utilize a double firewall
implementation with all Internet-exposed applications residing on a public
backbone network. For security reasons, the only services exposed to the internet
will be DNS and email.
WAN Security via Router- By utilizing Access Control Lists (ACLs) on the routers,
all traffic from the curriculum LANs will be prohibited on the administration LAN.
Exceptions to this ACL can be made on an individual basis. Applications such as email
and directory services will be allowed to pass freely since they pose no risk.
User ID and Password-A user ID and Password Policy will be published and strictly enforced on all
computers in the district.
SummaryLAN Network Specifications:• Materials used-
– Cat 5 UTP horizontal cabling– Fiber backbone cabling
• Type of Ethernet– 100 Base-TX from MDF to each IDF– 10 Base-T from IDF to hosts
• One MDF located within the POP; Nine IDFs located throughout the campus• The use of the Dell “Wireless Classroom” has been proposed but has not been
monetarily accounted for• IGRP and IP have both been implemented• Two V-LANs have been set up; one for Students another for Faculty/Administration• There are two ACLs and a Firewall to provide added network security
LAN Budget
Royal Palm School Budget:
• Number Item Name Each Total
• 1 Cisco 2500 Router $2265.95 $2265.95
• 2 Cisco Catalyst 2912 Switch $5112.95 $10,225.90
• 9 Cisco Catalyst 2924 10/100 Switch $1090.00$9810.00
• 1 Cisco PIX 515 Firewall $2267.95 $2267.95
• 173 TAA Compliant 12 Port 10/100 Hub $218.39 $38,873.42
• 16 Ellipse 800 USB Free Standing UPS 800VA $186.06 $2976.96
• 1 72x36x19 Startech Computer Rack $1402.95 $1402.95
• 9 72x30x19 Startech Computer Rack $893.95 $8045.55
• Total: $75,868.68
WAN Budget
Washington School District WAN Budget:
Number Item Name Each Total
1 Cisco 7507 Router $19,395.00 $19,395.002 Cisco 3600 Router $4,599.00 $9,198.0036 Cisco 2500 Router $2265.95 $81,574.201 T1 Setup Charge $500.00 $500.001 T1 Leased Line Cost (annually) $9,120.00 $9,120.00
Total: $119,787.20
LAN Logical Diagram
LAN Wire Diagram
LAN IP Addressing Scheme
IP Addressing Scheme for the Royal Palm School
• Network IP Address: 69.0.0.0
• Subnet Mask: 255.224.0.0
• 6 Subnets allowed: 2 used (69.32.0.0, 69.64.0.0) and 4 for future expansion (69.96.0.0, 69.128.0.0, 69.160.0.0,
69.192.0.0)
LAN Subnet 1: Administration
• Network IP Address:69.32.0.0
• Reserved Server IP Addresses:69.32.1.1/23
• Reserved Switch IP Addresses:69.32.1.24/47
• Reserved Router IP Addresses:69.32.1.48/71
• Reserved for Network Admin.:69.32.1.72/254
• Building 1: 69.32.2.1 to 69.32.4.254
• Building 2: 69.32.5.1 to 69.32.7.254
• Building 3: 69.32.8.1 to 69.32.10.254
• Building 4: 69.32.11.1 to 69.32.13.254
• Building 5: 69.32.14.1 to 69.32.16.254
• Cafeteria: 69.32.17.1 to 69.32.19.254
• Science Building: 69.32.20.1 to 69.32.22.254
• Computer Building: 69.32.23.1 to 69.32.25.254
LAN Subnet 2: Students
• Network IP Address:69.64.0.0
• Reserved Server IP Addresses:69.64.1.1/23
• Reserved Switch IP Addresses:69.64.1.24/47
• Reserved Router IP Addresses:69.64.1.48/71
• Reserved for Network Admin.:69.64.1.72/254
• Building 1: 69.64.2.1 to 69.32.4.254
• Building 2: 69.64.5.1 to 69.32.7.254
• Building 3: 69.64.8.1 to 69.32.10.254
• Building 4: 69.64.11.1 to 69.32.13.254
• Building 5: 69.64.14.1 to 69.32.16.254
• Cafeteria: 69.64.17.1 to 69.32.19.254
• Science Building: 69.64.20.1 to 69.32.22.254
• Computer Building:69.64.23.1 to 69.32.25.254
This leaves more than ample room for growth for each building and reserved address.
LAN ACL Implementation• Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=25
• Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=53
• Router(config)# access-list 169 permit tcp 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255 eq=80
• Router(config)# access-list 169 deny ip 69.64.0.0 0.0.255.255 69.32.0.0 0.0.255.255
• Router(config)# access-list 169 permit any any
• Router(config)# int e1
• Router(config-if)# ip access-group 169 in
• Router(config-if)# exit
• This ACL allows the students only DNS, e-mail, and HTTP access and increases the network’s security.
LAN Router Config
• Routed Protocol: IP
• Routing Protocol: IGRP
• Internal network address: 69.0.0.0
• External network address:201.192.105.0
• Autonomous system number: 69
• IGRP:
• (in config t mode at router)
• Router(config)# hostname Mannimal
• Mannimal(config)# router igrp 69
• Mannimal(config)# network 201.192.105.0
• Mannimal(config)# network 69.0.0.0
• This sets up IGRP as the router’s routing protocol and names the router Mannimal.
• IP:
• Mannimal(config)# int s0• Mannimal(config-if)# ip address 201.192.105.1
255.255.255.0• Mannimal(config-if)# clockrate 56000• Mannimal(config-if)# exit• Mannimal(config)# int e0 • Mannimal(config-if)# ip address 69.32.1.48
255.224.0.0• Mannimal(config-if)# exit• Mannimal(config)# int e1• Mannimal(config-if)# ip address 69.64.1.48
255.224.0.0 • Mannimal(config-if)# exit
• This sets up IP addressing for the router and router interfaces.
LAN to LAN Concerns
Internet Connectivity
Internet Connectivity:
All of the Internet connectivity supplied will be through the District Office and will be highly controlled and bandwidth will be upgraded as usage dictates. Our connection will have two firewalls to protect theinner public network. ACLs will keep curriculum from administration and will help with the firewalls. Inside the network, DNS, Email, and other servers will be allowed to transmit freely. Each school will havea partition of the public network to put on the World Wide Web as well.
User Policies
•User ID and Password-A user ID and Password Policy will be
published and strictly enforced on all computers in the district.
LAN security via Router: All LANs will have an Access Control List
(ACL), this creates a firewall from the teacher LAN to the
student LAN. The teachers can see onto the students curriculum
but the students do not have access to the teacher's.
Recommendation/Final Assessment
The preceding proposal provides internetwork connectivity throughout the Royal Palm Middle School, as well as access to the Internet for all classrooms and hosts. While ensuring reliability and manageability, our network is both scalable and adaptable. The network also provides security preventing unauthorized access throughout the entire network. Finally, the network we designed is cost effective and provides for further growth and development.
Credits
• Special Thanks go out to Tony because without him this project could not have been possible
• Thanks to Big Manna Dawg
• Theman is STILL Cisco god
• Jarret, Get Your Own Sock
• Alex still rules the 100’s club