Embed Size (px)
Citation preview
ACACIA Threaded Case Study
Presented By:
Louise Maguire,
Caroline Kearney,
Peter Honeyman,
Michael Mctague
ACACIA Threaded Case StudyOverviewObjectivesLocal Area NetworkWide Area network requirements
ACACIA Threaded Case Study Security Servers Equipment Cabling Layout Wan addressing Vlans Access control lists
Acacia Objectives
Provide Connectivity via a Wide Area Network (WAN) to the entire school district.
Implement LAN at local schools
Provide Internet Access to all nodes
Provide an Administration and Curriculum LAN
Allow up to7-10 year life, with a 100% growth in the Local Area Networks (LANs) at each school
Acacia Overview The Washington School District is implementing an enterprise-
wide network to provide data connectivity between all the schools in the district administrative offices and the District Office
.Three regional hubs are located at the District Office, the Service Center, and the Shaw Butte Elementary School.
individual school site operates as a separate local area network (LAN), the District Office retains total management over the entire school district through a wide area network (WAN).
Acacia Objectives
Provide Connectivity via a Wide Area Network (WAN) to the entire school district.
Implement LAN at local schools Provide Internet Access to all nodes Provide an Administration and Curriculum LAN Allow up to7-10 year life, with a 100% growth in the
Local Area Networks (LANs) at each school Obtain a minimum of 1.0 Mbps to any host computer
in the network and 100Mbps to any server in the network
Acacia Objectives
Implement TCP/IP
Provide a series of servers to facilitate online automation of all the districts administrative functions and curriculum functions including an automated library information and retrieval system for curricular research purposes.
Security measures include a double-firewall implementation for all Internet-exposed applications. For additional security, the network is divided into three logical networks-Administrative, Curriculum and External and there are separate LANs for Administrative and Curriculum at each school site and the District Office.
Lan Network LOCAL AREA NETWORK: Two LAN segments will be implemented in each school and the District
Office. The transport speeds will be Ethernet 10BASE-T, 100BASE-TX, and 100BASE-FX. Horizontal cabling shall be Category 5 Unshielded Twisted Pair (CAT5 UTP) and will have the capacity to accommodate 100 Mbps. Vertical cabling shall be CAT5 UTP or fiber optic multi-mode cable.
One LAN will be designated for student / curriculum usage and the other will be designated for administration usage. The LAN infrastructure will be based on Ethernet LAN switching. This will allow for a migration to faster speeds (more bandwidth) to the individual computers via MDFs and IDFs without revamping the physical wiring scheme to accommodate future applications.
WAN OVERVIEW
The WAN will be based on a 2-layer hierarchical model
Regional hubs
Local school sites
District Office
Service Center
Shaw Butte Elementary School
Security
SECURITY:
For security purposes, the school district will be divided into 3 logical network classifications:
Administrative
Curriculum
External
A user ID and Password Policy will be published and strictly enforced on all computers attached to the administration LAN.
Domain Name Services (DNS)
World Wide Web server
Two separate VLANs: Curriculum and Staff/Administration
Utilization of access control lists and VLAN's for the above
Servers All servers must have 100 megabits per second (Mbps) connections. All
file servers will be categorized as Enterprise or Workgroup type services, and then placed on the network topology according to function and anticipated traffic patterns of users.
Administration server Dns and Email Severs Library server Application server Other Servers
Equipment 9 Cisco Catalyst 2924 24-Port 10/100 Switches WS-
C2924-XL-EN Switches at the cost of €1,399.00 each 101 10 Base T Hubs at the cost of 49.95 each 1 Router at the cost of €3.995.95 Category 5 Twisted Pair Cable at the cost of €224.99
for each 1000 feet. Multi-Mode Fiber Optic Cable (which is available only
in sections of 500 feet). 8 24 Port Patch Panels at the cost of €116.00 each
Wan Addressing Our WAN Network Class C address is
192.1.1.1. This is the way the outside world will see Washington School District.
Inside the district, we will subnet a Class A private address within the Washington School District behind the Class C firewall. This will accommodate all users within the District; approximately 1,100 per school (32 schools). This will allow for expansion.
Cabling All cabling has been threaded above the drop ceilings of the halls and
then brought back down through the drop ceiling at each classroom's and office's data media termination point. The horizontal cabling for the temporary classrooms 36 through 41 are encased in the already existing conduit provided for data media cable runs.
Multimode fiber optic cable connects the MDF with the IDF by a vertical cross connect. Only 2 strands of the fiber optic cable are currently utilized, with additional strands available for future bandwidth growth requirements. The horizontal cabling from the MDF and IDF to the individual classrooms and offices consists of 100BaseTcategory 5 (CAT5) unshielded twisted pair (UTP) cabling to further ensure adequate bandwidth availability for future expansion.
Layout Offices There are two lines of horizontal cabling to each office. Only one of the two
lines to each office is currently utilized; the second is again to allow for future growth and to provide a backup cable line. The cabling threads from the drop ceiling to the individual wall outlets through decorative wall molding.
In offices 6, 7, 12, 17, and 18, there is currently only one personal computer connection required. In offices 8 and 11, there are two connections needed. Office 12 does not have its own data media termination point, so its connection will be supplied by office 11.
For Office 11, one hub will be required to accommodate the two users in Office 11 and the user in Office 12. This hub will be located in a cabinet from which the cabling will run to the three wall outlets.
Layout Class Rooms There are five lines of horizontal cabling to each classroom. Only
four of the five lines are currently utilized; the fifth is to allow for future growth and to provide a backup should one of the other cable lines fail. In each classroom, the wiring from the drop ceiling descends to a locked cabinet in which is located the 3 hubs for each classroom. Three of the four cable lines are connected to these hubs. The other cable line is connected to the teacher's personal computer. Eight cable lines are connected to each of the 3 hubs, and these 24 cable lines will connect to student personal computers. From the locked cabinet, the cabling threads to the individual wall outlets through decorative wall molding.
Vlans The VLANS are implemented for the following reasons
Reduces administration costs related to moves, additions, and changes
Provides better control broadcasts Tightens network security Micro segments with scalability Distributes traffic load Relocates servers into secured locations Saves money by using existing hubs
Access Control listsAlthough the use of passwords,
callback equipment, and physical security devices are helpful, they often lack the level of security needed in larger networks. The best advantage is that access lists allow the administrator to filter the packet flow in and out of the router interfaces. Access lists can offer all of the following:
Access Control lists
Identify packets for priority
Identify packets for custom queuing
Restrict or reduce the contents of routing updates
Provide IP traffic dynamic access control with enhanced user authentication using the lock-and-key feature
Identify packets for encryption
Identify Telnet access to the router virtual terminals
Access Control lists Students are denied access to:
o Any activity on the DNS server at the Service Center
o Any other activity on the web server (including FTP) at the Service Center
o The administrative server at Acacia
o Any activity on the DNS server at Acacia
Access Control lists The students have access to:
o Internet access through the web server at the Service Center
o Applications on the application server at Acacia
o Library services on the library server at Acacia
o Other services available via the student server at Acacia
Access Control lists Teachers have access to:
o District Office web server for Internet access only; if teachers wish to load web pages, they will be given limited access via password to a certain directory on the web server
o Service Center DNS server for e-mail purposes
o The administrative server at Acacia
o All other servers at Acacia: Application, Student, and Library
Conclusion This completes are threaded case study on Acacia
School, we have addressed a number of topics including
Hardware Cables Security Topology Networking
