Desert View TCS

By Charlene Cooley

and

Dan Austin

User Requirements

7- to 10-year projected life– 100% WAN growth– 1,000% LAN growth

Speed– 1 Mbps for workstations– 100 Mbps for servers

Exclusively TCP/IP

User Requirements (cont.)

Frame Relay for WAN transport 2 LANs per building

– student/curriculum– administrative

Switched LAN infrastructure

User Requirements (cont.)

Classrooms– 24 workstations per classroom– 4 cable runs per classroom– switches located in lockable cabinets

File designation is enterprise or workgroup

User Requirements (cont.)

DNS & E-mail– master servers at district office– distributed DNS servers in each building– each building has a host for DNS & E-mail,

and a directory of staff & students

Topology Requirements Redundant paths between regional

servers Administrative server must be accessible

to teachers and staff in each building Library server must be available to entire

network Static IP for administrative hosts DHCP for student/curriculum hosts

Security Requirements

General– no access from Internet to intranet– 2 physical LAN structures– double firewall

Access Control Lists– prevent access from student/curriculum

network to administrative network (with certain exceptions)

LAN Cabling

NETWORK DESIGN EXAMPLES

DESERT VIEW

Catalyst 1900Classroom 1

Catalyst 1900Classroom 2

Catalyst 1900Classroom 3

Catalyst 1900Classroom 4

Catalyst 1900Library

100 Base-T 100 Base-T

100 Base-T

100 Base-T 100 Base-T

100 Base-T

Administrative

Netw ork

100 Base-T

Backbone

CSU/DSU

Frame Relay(1.54 Mbps)

100 Base-T 100 Base-T

100 Base-T

Cisco 2514

Library Server

Cisco Catalyst 1900(Teachers)

DHCP ServerApplication Server

Desert ViewClassroom Network Example

100 Base-T

ClassroomNetw ork

100 Base-T

Backbone

CSU/DSU

Frame Relay(1.54 Mbps)

Admin 1 Admin 2 Admin 3 Admin 4 Admin 5 Admin 6

100 Base-T

100 Base-T

100 Base-T 100 Base-T100 Base-T

100 Base-T

100 Base-T 100 Base-T

100 Base-T

Catalyst 5000

100 Base-T

100 Base-T

DNS Server

Netw ork Management Server

E-mail Server

Cisco 2514

Administrative Server

Desert ViewAdministrative Network Example

Cisco Catalyst 1900

100 Base-T

Backbone

CSU/DSU

Frame Relay(1.54 Mbps)

Admin1

Admin2

Admin3

Admin4

Admin5

Admin6

100 Base-T100 Base-T

100 Base-T 100 Base-T

100 Base-T 100 Base-T100 Base-T

100 Base-T

100 Base-T 100 Base-T

Catalyst 5000

CSU/DSU

Internet(POP)

Frame Relay(1.54 Mbps)

100 Base-T

Master NetworkManagement Server

Application Server

Administrative Server

Cisco 2514

E-mail Server

DNS Server

Desert ViewDistrict Network Example

WAN OVERVIEW

DESERT VIEW

Cisco 2514Serial Links

Regional Hub One

Cisco 2514Serial Links

Regional Hub Two

Cisco 2514Serial LinksDistrict Office

S0-DLCI100

S0-DLCI200

S0-DLCI300

S1-DLCI400

S1-DLCI500

S1-DLCI600

T1-1.544Mbps

T1-1.544Mbps

T1-1.544Mbps

FRAME RELAY WAN CONNECTIONS

IP ADDRESSING SCHEME AND NAMING CONVENTION

DESERT VIEW

IP Addressing Scheme for Desert View

Class B Address of 128.0.0.0/22 62 subnets

– Administrative subnets– Curriculum subnets– WAN subnets – Internet subnet

DHCP Servers will hold curriculum addresses

Naming Convention

Administrators– building name/{office|classroom} number

Curriculum– building name/classroom number

Network Management SNMP traps on network nodes CSWI Resource Manager & Campus

Network Management Software District Office

– master server collects information from regional hubs

Regional Hubs– will collect information from schools that are

attached

DESERT VIEW SECURITY

DESERT VIEW

ACLs

Standard ACL Applied to District Office Network (Incoming)

Standard ACL Applied to Administrative Networks (Incoming)

Extended ACL Applied to Classroom Network (Outgoing)

Building 2Backbone - 128.0.28.0/22Classroom - 128.0.32.0/22

Administrative - 128.0.36.0/22

Frame Relay

Internet

District OfficeInternet - 128.0.4.0/22

Backbone - 128.0.8.0/22Administrative - 128.012.0/22

Desert ViewIP Addressing Scheme

Building 1Backbone - 128.0.16.0/22Classroom - 128.0.20.0/22

Administrative - 128.0.24.0/22

ACLsDistrict Office Access-list 1 permit 128.0.24.0

0.0.3.255 Access-list 1 permit 128.0.36.0

0.0.3.255 Access-list 1 deny any any

Apply to E0 ip access-group 1 in

ACLsBuilding 1 Access-list 2 permit

128.0.12.0 .0.0.3.255 Access-list 2 permit 128.0.36.0

0.0.3.255 Access-list 2 deny any any

Apply to E1 ip access-group 2 in

ACLsBuilding 1 (Con’t) Access-list 101 permit tcp 128.0.20.0

0.0.3.255 eq smtp Access-list 101 permit udp 128.0.20.0

0.0.3.255 eq DNS Access-list 101 deny any any

Apply to E0 ip Access-group 101 out

ACLsBuilding 2 Access-list 3 permit

128.0.12.0 .0.0.3.255 Access-list 3 permit 128.0.24.0

0.0.3.255 Access-list 3 deny any any

Apply to E1 ip access-group 3 in

ACLsBuilding 2 (Con’t) Access-list 102 permit tcp 128.0.32.0

0.0.3.255 eq smtp Access-list 102 permit udp 128.0.32.0

0.0.3.255 eq DNS Access-list 102 deny any any

Apply to E0 ip Access-group 102 out

QUESTIONS?

DESERT VIEW