LAN Design of a LAN Design of a Local High SchoolLocal High School

Martin Kucek Chris C. Yu

Sandy Ramirez

Cisco TCS Project – Semester 3

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

2

General RequirementsGeneral Requirements

Design the LAN at a minimum of cost to the school serving 306 nodes (288 workstations for students, 12 workstations for teachers, 3 servers, 3 printers)

A minimum of 1.0 Mbps to any host computer in the LAN and 100Mbps to any server host in the LAN

Access to the Internet from any host computer in the LAN Implementing an enterprise server (DNS/E-mail) and

workgroup servers (Staff, Students) Implementing TCP/IP routed protocol Functionality of the LAN for a minimum 7-10 years:

– 100% growth in LAN throughput– 1000% growth in the Internet connection throughput

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

3

General LAN Design GoalsGeneral LAN Design Goals Functionality:

The network must work. The network must provide user-to-userand user-to-application connectivity with reasonable speed andreliability.

Scalability: The network must be able to grow. The initial design should grow without any major changes to the overall design.

Adaptability:The network must be designed to accommodate future technologies, and it should include no element that would limit implementation of new technologies as they become available.

Manageability: The network must be monitored and managed to ensure ongoing stability of operation.

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

4

Security RequirementsSecurity Requirements

2 LAN segments in the school 2 VLANs for secure separation between:

– Student/curriculum VLAN#2– Staff/administrative VLAN#3

Access from the Internet to LAN not allowed Administrative Server must be accessible only to staff Student Server must be available to the entire school network

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

5

School LayoutSchool Layout One 3-floor building Each floor has 4 identical classrooms MDF – 2nd floor IDF – 1st and 3rd floorClassrooms: 24 workstations for students 1 workstation for teacher (staff) 24-port hub located in a lockable cabinet 4 cable runs to each classroom (two cable runs reserved) Printers location:

1st floor : classroom 108 2nd floor : classroom 2083rd floor : classroom 308

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

6

Main Distribution Facility (MDF)Main Distribution Facility (MDF)

Central Point of wires termination Router Cisco 2621 (Dual 10/100 Fast Ethernet Ports,

2 Serial Ports) Switch Catalyst 2912 (12 autosensing ports 10/100 Mbps) Hub 3Com Dual Speed (8 autosensing ports 10/100

BASE-TX, RJ-45) VCC (Vertical Cross Connect) HCC (Horizontal Cross Connect) POP (Point of Presence) DNS Server/E-mail Server Student Server - Curriculum Staff Server – Administration UPS Backup Tapes

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

7

Intermediate Distribution Facility (IDF)Intermediate Distribution Facility (IDF)

Switch Catalyst 2912 (12 autosensing ports 10/100 Mbps)

Hub 3Com Dual Speed (8 autosensing ports 10/100 BASE-TX, RJ-45)

VCC (Vertical Cross Connect)

HCC (Horizontal Cross Connect)

UPS

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

Cut Sheet of a floorCut Sheet of a floor

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

LAN Physical TopologyLAN Physical Topology

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

10

LAN CablingLAN CablingVertical Cabling (Backbone): Cabling between MDF & IDFs• 100BASE-T ports:

RJ-45 connectors; two-pair Category 5 UTP cabling

Horizontal Cabling: Cabling between hosts and MDF (IDFs)• conducted in drop ceilings• 100BASE-T ports:

RJ-45 connectors; two-pair Category 5 UTP cabling

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

LAN SchemeLAN Scheme

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

12

Cut Sheet for IDF 1Cut Sheet for IDF 1(1(1stst floor) floor)

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

13

Cut Sheet for MDFCut Sheet for MDF(2(2ndnd floor) floor)

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

14

Cut Sheet for IDF 2Cut Sheet for IDF 2(3(3rdrd floor) floor)

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

15

IP Addressing SchemeIP Addressing Scheme

2 class C addresses:

Network 1: 192.168.100.0

Network 2: 192.168.110.0

Network 1 - (floor 1 & 2, router interface - E0):

Host range of 192.168.100.1 – 192.168.100.254 (254 nodes)

Network 2 - (floor 3, router interface - E1):

Host range of 192.168.110.1 – 192.168.110.254 (254 nodes)

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

16

IP Addressing Scheme (cont.)IP Addressing Scheme (cont.)Network 1 (floor 1 & 2):

Router E0: 192.168.100.1Router S0: 192.168.100.2Router S1: not assignedSwitch 1: 192.168.100.6Switch 2: 192.168.100.7

DNS/E-mail Server: 192.168.100.3 (Shared)Students/Curriculum Server: 192.168.100.4 (Shared)

Staff/Administrative Server: 192.168.100.5 (VLAN#2)Printer 1: 192.168.100.8 (Shared)Printer 2: 192.168.100.9 (Shared)

(VLAN#2 Staff/Administrative) assigned IP in range of:192.168.100.10 – 192.168.100.17 (8 nodes)

(VLAN#3 Students/Curriculum) assigned IP in range of:192.168.100.18 – 192.168.100.254 (236 nodes)

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

17

IP Addressing Scheme (cont.)IP Addressing Scheme (cont.)

Network 2 (floor 3):

Router E1: 192.168.110.1

Switch 3: 192.168.110.2

Printer 3: 192.168.110.3 (Shared)

(VLAN#2 Staff/Administrative) assigned IP in range of:

192.168.110.4 - 192.168.110.7 (4 nodes)

(VLAN#3 Students/Curriculum) assigned IP in range of:

192.168.110.8 - 192.168.110.254 (246 nodes)

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

18

Security SolutionSecurity Solution

Secure separation between students and staff/administrative:

- done by VLANS

Firewall:

Create Access Control List to deny external access to local LAN:access-list 1 permit 192.168.100.0 0.0.0.255

access-list 1 permit 192.168.110.0 0.0.0.255

int E0

ip access-group 1 in

int E1

ip access-group 1 in

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

19

LAN Equipment CostsLAN Equipment Costs

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

20

Network AnalysisNetwork Analysis

Advantages: The bandwidth is well surpassing the requirement for each host from the

outset. Security and efficiency are enhanced through switching and VLANs. Reserved cables are already in place for effortless expansion. The entire design is highly economical and cost effective for any budget

strapped school. It is a simple, inexpensive and high performance small network.

Disadvantages: No redundancy to the Internet - if the WAN link fails, access to the

resources outside the LAN is lost. Student Workstations - Classroom Collision Domain

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved

21

The EndThe End

Questions???Questions???

Shoot!!!

© 2001 Martin Kucek / Chris C. Yu / Sandy Ramirez. All Rights Reserved