Sie sind auf Seite 1von 27

Riordan Manufacturing

LAN Evaluation and Recommendations


CIT 245 Local Area Networking Fundamentals
November 19, 2012
David Lindsey

Riordan Manufacturing

This document provides suggestions in terms of how to upgrade the network to allow the
company to take advantage of 21st century technology resulting in increased productivity,
profitability, and efficiency via the network infrastructure and the protocols it uses. The Riordan
Manufacturing Company is set up with 4 different office locations. The headquarters is located
in San Jose and has 125 employees assigned to that office. Two other offices are located in
Albany GA with 45 employees and Pontiac Michigan with 130 employees. Their largest office
located out of the country in China, which has 250 employees. The main focus we are taking on
this project is reassessing the network configurations and equipment being used by the company.
Many variables will be taken into consideration in examining the current layout. First to be look
at is the topology of the network and see if this is the best physical topology for the company or
if restructuring it can provide the company with better performance out of the network. Then the
equipment will be examined in the topology and see where outdated pieces of equipment can be
removed or replaced with more advanced pieces of equipment to get the best results. A few of
the results that are being looked at is better redundancy, less collisions of data on the network,
security, higher speeds available, and reliability. This will assist with providing more up to date
network diagrams with any additions added to them so that a comparison can be made.

Riordan Manufacturing

Riordan Manufacturing

Based upon reading the company history the Riordan Manufacturing's last network
upgrade was in 2000 when they expanded its operations in China. The San Jose network model is
a client/server network and the current network consists of a NAS storage server, Windows and
Unix servers, 35 Windows 2K computers and 15 Mac G5 computers. There will be a satellite in
place in case the T1 line goes down giving the ability to maintain network communication with
the other plants. With San Jose being the corporate site the recommended network changes are
upgrading the backbone and network cabling from 1Gbps and 100 base T to fiber optic cable.
According to Butters Law of Photonics, that says the amount of data coming out of an optical
fiber is doubling every nine months. (Moore's Law, 2012) The recommendation of upgrading
to fiber optic cable would provide greater bandwidth with speeds up to 10Gbps to also provide
better VOIP services. Fiber optic cable also provides low attenuation and greater distance,
improved security since fiber optic cabling doesn't radiate signals this decreases the chances of
the cable being tapped. Using fiber optic cable rather than copper cabling would greatly improve
network performance from an end-users perspective since greater bandwidth provides fast and
efficient data transfers between the different plant locations. Not only will fiber optic cables be
used at the San Jose location but across all the locations to ensure connectivity and the ability to
add additional users at each site without bandwidth loss.
Protocols currently being used are DNS, TCP/IP, SNMP and FTP. Replacing the two
gateway switches with two Layer 3 routers still support these protocols and would also be an
advantage since the router is useful for establishing connectivity between different networks.
Routers also provide better security since they use Access Control Lists (ACL) and Network

Riordan Manufacturing
Address Translation (NAT).

Riordan Manufacturing
At the Albany, Georgia site the recommendation is to change the switch configuration.
On the current layout on the Manufacture floor the switch is directly connected to the server. The
other two switches support the workstations on a bad design.
The recommendation is to replace the three current Nortel Baystack switches with Cisco
switches that have VLAN and Trunk connection capabilities. The Network would then be
configured to have all three switches trunked together. This will allow for the ability to enable
the VLAN management across the entire site, including managing the servers that are a part of
each VLAN. Each switch will be connected using switches using 100Base-TX Ethernet.
The router would also need to be replaced with a router capable of VLAN routing with
sub-interfaces on a single trunk port. Using a VLAN environment would make improvements in
several areas. It would break up the current two broadcast domains and decrease the overall
network traffic. Management of the network would become easy. Each workstation would be
assigned a VLAN when connected to any of the three switches, joining it to that virtual network
and its resources.
Security would be improved, user would be assigned on a specific VLAN and the new
configuration will be more scalable to support the future growth, and lends itself to remote
management if needed.

Riordan Manufacturing

Riordan Manufacturing
Pontiac, MI site evaluation changes were to make that office network performance better.
Starting with the manufacturing floor coming into the 24 port hub, adding a 24 port Cisco switch
will assist with there being no network congestion out to the manufacturing floor. From the
switch this will be connected up to the 4 servers and the APC Backups up to that first switch that
has the manufacturing floor on it.
There will also be another connection off of these servers to another switch that will
allow access into the main office area. A connection from all the servers to the switches using
100Base-TX Ethernet cable will also be implemented. From the second switch will be 5 office
computers and one network printer to this switch using 10Base-T. Also off that switch will be
two different 48 port 100 Mb/s switches. These two 48 port switches will have 20 computer hosts
and 2 network printers each.
This way it divides up the network to two various locations in the building (possibly
floors) and can run Cat5 10Mbs cabling between the switch and the devices. Both 48 port
switches will have a direct connection to the Cisco router out to the corporate headquarters. This
configuration uses a star topology same as before, with the new network devices and new layout
this should increase network performance, reliability, and options for expansion at the Pontiac
site. The logical topology as well is a star topology.

Riordan Manufacturing

Riordan Manufacturing
Riordan Manufacturing Chinas plant network is focused more on plant employees. China
has a direct satellite connection to the corporate headquarters, but also has their own email and
network server. The first change that should be implemented would be to add a firewall. This
would be to add security to the incoming connection and will also use a proxy setup to assist in
blocking some of the Internet. By doing this would add encryption to the data being transmitted
to the corporate office and correct any communication problems through the satellite connection.
This is a must to encrypt any emails or other communications across the network. When using
the proxy server there would be an updated blacklist and the firewall would be fully up-to-date
with the newer firmware. Overall the company should expect to completely scratch the system
fresh and start fresh as the network infrastructure is behind on the advances in technology that is
available. To ensure to keep cost down it is advised that the company implements changes over
time but also in a timely manner.

Riordan Manufacturing

The added use of VoIP promises user friendliness, increased productivity and cost
savings, and the potential for new applications Riordan Manufacturing needs to ensure the
following recommendations are in place at all sites to eliminate the risks associated with
implementing a VoIP system. A poorly implemented VoIP system would cause delay, data loss
and greatly impact the quality of Riordan Manufacturings telecommunications system. Benefits
for the company to consider are voicemail, conference calling abilities, call forwarding,
equipment such as interface cards, routers, UPS (uninterrupted power supplies) and video
conferencing. There is an additional benefit to using VoIP which include cost. When using VoIP

Riordan Manufacturing
it can help to reduce the cost of long-distance phone charges. This is a big help to the company
as the company is spread across a large region. The reason for this is that the signals travel
through the Internet or any other web based connection. To make this more relative and easier to
understand one can think of this as an email being sent where there is no charge to send the email
and have it delivered.
The first additional recommendation to avoid costly upgrades in the future would be to
ensure network infrastructure readiness at all locations. By using network assessment tools and
bandwidth simulators the network administrators can test their current bandwidth and discover
the amount of traffic on the network, since a VoIP system will put additional strain on the
companys network. Another recommendation would be to determine the locations current and
future needs based on plans for expansion, and rate of company growth. A growing concern for
many businesses is security, if Riordan Manufacturing handles confidential data they may have
to ensure security standards such as the Internet Protocol Security (IPsec) protocol, Transport
Layer Security (TLS) and Secure Real-Time Transport Protocol (RPTP) are in place to handle
encryption and authentication and cryptographic security. It is also imperative that Riordan
Manufacturing has an IT staff trained to handle the migration to VoIP, since failure to have a
properly trained staff could hinder the install and be not only expensive but time consuming to
repair. Finally to fully utilize the upgrade to VoIP all employees should be trained and prepared
for the new technology otherwise the implementation would not be used to the full potential and
the investment would not be fully realized turning into a significant loss for the company.
Impact of Wi-Fi connection is being used in any types of businesses around the world
today. The Riordan Manufactories four offices around the world are in need of reconstruction.
Therefore adding Wireless Access Points in each location is a must. There will be a total of 10

Riordan Manufacturing
Wireless Access Points, to install throughout each location starting with San Jose, Corporate
Office Corporate Office (3), Albany, Ga. Plastic Beverage Container Plant(2), Pontiac, MI
Custom Plastic Part Plant (2), and (3) in the China Office. Coverage in the larger areas will
require a group of access point with overlapping coverage.
There are several advantages using Wi-Fi, it allows for cheaper inter office deployment,
moving employees from one location to another. Users that have laptops can stay connected to
the company network all over the building. During corporate meeting they will be able to access
share files, folders, Internet resources and network printers. Many company smartphones have
the built-in capability of connecting to the Internet, and receive email directly to those devices.
With the coverage of one or more interconnected access points, call hotspots, can extend
from an area as large as many square miles. To protect our Wi-Fi from hackers adding encryption
(WPA2) will provide a stronger passphrase. The new protocols for Quality of Service will make
it more suitable for latency-sensitive application for voice and video. Each wireless access point
will be setup in locations clear of other devices that uses RF transmission, multipath distortion,
and interference from other WLANs.
With the new IEEE 802.11n published in 2009, we can now implement into our WLAN
to increase the number of subcarriers in each 20-MHz channel from 48 to 52. It provides a
selection of eight data rates for a transmitter. When using 40MHz channels, 802.11n increases
the number to108 subcarriers available.
The IT department will also benefit from VoIP, the use of Wi-Fi, and network monitoring
systems as they can manage the system at one location instead of having to have the department
spread over multiple locations where the possibility of miscommunicating can happen. There is

Riordan Manufacturing
also the ease of adding a new employee or an employee that has transferred locations should this
arise as the individual will not be tied down to one particular network. This will also have an
impact on cost as the need for an individual at each location will be minimized

Network Map

Riordan Manufacturing
A virtual LAN, which is often referred to by being known as a VLAN, is simply a group
of hosts. These hosts are split up by the way in which they are required to communicate with
each other. There are several important advantages that can be seen by implementing a VLAN
into a network.
By choosing to use VLANs so a network administrator can limit the size of broadcast
domains. This will ensure significantly less traffic; only machines that need to be communicating
with each other regularly, so a specific purpose, will be doing so. Furthermore, but segmenting
users like this we can help prioritize traffic, in conjunction with QoS. The QoS will assist with
sorting and prioritizing the data within the network to allow the high priority data through first or
in a sense faster. This ensures traffic that is used for such things as telephones to functions will
be giving the highest priority and will work as intended. Lastly, by blockading traffic in such a
manner, we can much more easily implement security measures; those machines that should not
be in contact with each other will not be allowed to do so.
For Riordan Manufacturing the VLANs per site will vary, depending on the needs of the
site. All sites however, will require the use of at least two VLANS. These virtual networks
include both voice and data networks. This will ensure that the voice traffic is always given
priority. Employees using voice over IP phones will experience constant and consistent call
quality, independent of network traffic.
The most complicated sites, such as the China location will have significantly more
VLANs. This site for example has a total of six VLANs. This helps split up the general
corporate traffic, finance traffic, manufacturing traffic, MTLS traffic, and quality assurance

Riordan Manufacturing
traffic. In addition to all these data VLANs there is a single voice VLAN. Traffic overall will
allow for scalability, expandability, and QOS ensuring priority given to voice traffic.
To be successful in using the Variable Length Subnet Mask (VLSM) it will be important
that the routers are configured properly. The first thing that will need to be done is to assign a
name to the router that will be recognizable with the corresponding location and connection that
it will have. The second thing to be done will be assigning an IP address to each of the routers on
the network. The reason for this is so that each subnet can communicate with each other and the
network by directing traffic to the correction locations.
The router configuration will have a roll in designating bandwidth to each subnet. This is
important as each department or subnet will require a certain amount of bandwidth to perform
the daily job tasks. After completing the configuration it can then be verified for the correct
settings by using the Command Line Interface of CLI and running the show command. The same
holds true for switches on the network. Switches that will be added need to be configured to
allow the network to function as it is designed. Any trouble that arises will tend to be known at
the time that it is added to the network. This can be corrected during the installation by using the
CLI show interfaces command. All configurations will be copied and kept in a secure location
for future expansion of the network.
The network design and implementation of routers and switches is to effectively allow
subnetworks to be created and communicate with the network. This will be resolved and used
effectively through this plan as it is applied to the network. Having this ability will ensure that
each subnetwork and department is able to perform the daily tasks that allow for higher

Riordan Manufacturing
productivity and effectiveness of the company. Diagrams have been provided for clarification
and understanding of how the network will be applied at each location.

Riordan Manufacturing

Riordan Manufacturing

The following portion of this document is how the network equipment and infrastructure
will be protected. In addition, an outlined plan will be implemented to be used by the network
administration group that will assist in providing quality production support. This has been
designed and implemented for a scalable and reliable network that includes a redundant and
reliable design with a standard set of administrative practices and tools that will allow
administrators to proactively monitor the network to prevent issues, and also allow our
administrators to quickly identify issues when they do occur. The goal of the production support

Riordan Manufacturing
model is to achieve high availability through proactive monitoring and to achieve a low Mean
Time to Repair (MTR) when issues do occur. In the analysis, recommendations for several tools
that can be used to troubleshoot and diagnose common issues that the network administrators
may face. By implementing these recommendations, Riordan will have a network infrastructure
that is both secure and reliable.
Ensuring the complete security of data for any corporation requires active participation
across the entire organization and at all levels. It is the responsibility of the Executive IT
management and Executive management of the company to ensure that corporate information
security policies are published. The corporate security policy is the foundation for the overall
information security policy. Management must ensure that all employees are properly trained
annually on the information security policies of the organization and hold employees accountable
for understanding and following corporate security standards. Audits should be conducted
annually to ensure the adherence to the corporate information security standards. The corporate
information security policy should address topics such as; access controls, authentication
controls, password controls, software controls, etc. Using the corporate information security
policies as a foundation, the IT staff can begin to develop departmental information security
strategies to govern how administrators implement security within the unique pillars of the IT
department. As the network administrator, there are documented security measures that will
need to be implemented to secure the network devices. The server team will implement security
policies to govern server access, setup, and configuration; the information assurance team will
implement security policies to govern data access and so on. It will be all of these departmental
security policies working in combination with the corporate policy that will ensure the end-toend security and integrity of our data.

Riordan Manufacturing
The current network security has been fully analyzed and the following
recommendations have been provided to increase the security posture of the network. These
recommendations include both physical security as well as multiple technology
recommendations that should be implemented.
From a physical security perspective, it has been planned appropriately to mitigate the
following two categories of risk; physical access to the equipment and environmental conditions
such as power, heating and cooling. It is recommended that all centrally located devices in the
corporate headquarters be installed into a dedicated data center. The data center should be
secured by biometric access controls and security to the data center should be restricted to only
administrators. All other network equipment throughout the office should be located in network
closets that are secured by lock and key. All devices in remote location should also be stored in
rooms with lock and key and access to these rooms should be granted to network administrators
only. The data center and all network closets must be protected from unexpected power outages,
power spikes, and brownouts. The data center must be fed by redundant power supplies. All
equipment racks will be fed from two sources of power as a measure of redundancy. All
equipment installed into the racks will have redundant power supplies which will be plugged into
multiple power sources. The data center should install a gas powered generator to protect against
unexpected power outages. Additionally, the power to the datacenter must be filtered through a
voltage regulator to ensure a consistent and clean feed of power to our equipment. All
equipment closets outside of the data center must use commercial grade voltage regulators and
battery backup to mitigate the risk of power issues.
Now that we have secured our equipment from a physical and environmental perspective, let
us move on to the next layer of security assurance and that is the technical implementation of the

Riordan Manufacturing
software that runs on the network equipment. From a technology perspective we recommend
that the following technologies be implemented:

Password protection: All network devices must be configured with password protection
and all passwords stored in the IOS configuration must be encrypted to ensure the
integrity of those passwords. Passwords are a first line of defense in securing remote
access to our network equipment. Passwords must be set on the console, vty ports, and

privileged mode.
Assignment of Privileged levels: All network devices must be configured with a least
access required methodology. Network administrators will only be granted a privileged

level to the network equipment that is required to perform their job roles.
Login Banners: Recommended that all network equipment be configured with a message
of the day communicating that access to the network devices is intended for

administrative personal only and all violators will be prosecuted.


Encryption of remote connections: Recommended that Telnet be disabled on all network
devices. Telnet sends all traffic in clear text making our network traffic, including user
name and password, susceptible to attack. SSH will be the standard for remote access to

our network devices.


Intrusion detection systems (IDS): Recommended that IDS be enabled through the
Security Device Manager on all routers in the network. Our network staff will review the
IDS logs as a standard administrative task to identify any potential threats on the

network.
Cisco Auto-Secure: Recommended that Auto-Secure be run on all network routers to
ensure that the services most commonly used by hackers are disabled. The network
administration staff will ensure that Auto-Secure only disable services that are not being
actively used on the network.

Riordan Manufacturing

Now that the Riordan network is secure, there is a need for some recommendations for
monitoring the network and troubleshooting. There is a wide variety of tools available to assist a
network engineer in troubleshooting a network. For a network professional the most effective
way to troubleshoot is to use a systematic approach using a layered method like the OSI model.
Most problems within a network happen at layer 1 and layer 2. There are a couple of methods
you can use to resolve common port access issues. Port access issues are considered to be media
related problems. A good example of this is when users are having problems accessing the
network. Media issues are the most common and can come from several sources. Wiring could
be damaged due to poor installation. Other equipment could be installed into the office that could
introduce new EMI into the environment. Also traffic patterns can change due to new
applications being installed. Damaged wiring and EMI show up as collisions. Changes in traffic
patterns and the installations of a hub will show up as collisions. A good tool to use is the show
interface command to display information about the fast Ethernet interface. Duplex mismatch is
when a switch operates at full duplex and the connected device operates at half duplex, or the
other way around. The result of this duplex mismatch is slow performance, intermittent
connectivity, and loss of connection. If this kind of mismatch occurs between two Cisco devices
with the Cisco Discovery Protocol enabled, you will see the error messages on the console or in
the logging buffer of both devices. This protocol is very useful in detecting errors and gathering
port and system statistics on Cisco devices. Another problem within a network is excessive
noise. There are four types of noise and they are impulse noise which is caused by voltage
fluctuations or current spikes. Random noise which is generated by several things an example
could be FM radio station or a police radio, Alien-crosstalk, which is noise that is induced by

Riordan Manufacturing
other cables in the same pathway. Near-end crosstalk which is noise that originated from
crosstalk from other adjacent cables or noise from a nearby electric cable. When troubleshooting
excessive noise issues, there will be a need to use the show interface EXEC command to
determine the status of the Fast Ethernet interfaces of the devices. If there are a lot of CRC
errors but not a lot of collisions this is an indication of excessive noise and should inspect the
cables and also make sure category 5 cabling is used. To troubleshoot problems related to
excessive collisions again you want to follow three steps. Use the show interface Ethernet to
check the rate of collisions. If the total number of collisions is compared to the total number of
output packets they should be 0.1 percent or less. Use a TDR to find any un-terminated Ethernet
cables and look for a jabbering transceiver that is attached to a host. A good way to ensure that
no problems are in the network is to properly install the network from the beginning. A good
practice is to always know what has already been done from the start in terms of device
configuration, hardware and topology. Also always keep a copy of what has been decided to go
with in terms of configuration. Keep a hard copy as well as an electronic copy on file on a PC.
By taking the extra precautions in using company approved security applications, it will
help prevent hackers and intruders from gaining access to the companys network. In return this
would also need to address that the logical security in place will detect any vulnerabilities on the
network before the system were to go live and to run tests to make sure the vulnerabilities have
been fully addressed and taken care of. There will be plenty of access controls on the network to
help prevent anyone from trying to modify any part of the network that is in place on the system.
Identification will be a major part of the network to authenticate a person to gain the access
needed to perform daily tasks. There will also be critical decisions that will take place to be sure

Riordan Manufacturing
that the correct applications and equipment, falls within the budget of the propose project for the
company.
Internal security will be just as important as any external security that is in place. This
will be because once an intruder has gained access to the network they will then be free to roam
about and gain any information and data that they want. Typically the only applications that will
be used will be applications and programs in which a form of authentication is required. This will
help from any unwanted attacks from applications that only require a login in which in the same
case will help to keep internal attacks down as well.
Using troubleshooting tools such as ISO 27001 standards can help to protect the network
from any data leaks. This is because the ISO 27001 can be fully customized to work with the
company for the best performance. It will track any vulnerability that may have been overlooked
during the implementation of the network. Other tools that can be used are the built in functions
of Cisco devices through the Command Line Interface (CLI). These tools will consist of show
commands which will help to monitor installation and network behavior which will help to
isolate any problem areas quickly. The debug commands will also be accessible through the CLI
which will allow locating configuration and protocol problems while ping commands will assist
with connectivity between devices located to the network. This can be all be combined with the
use of a network monitor which can be used to assist with tracking packets and the current
activity on the network in real time.
To Summarize, the security and troubleshooting recommendations provided in this
document will ensure the integrity of data and reliability of service that Riordan expects from a
21st century network. There will be a developed security policy that will help to protect the

Riordan Manufacturing
companys information through the companys Internet. Access controls will be used to
determine the access levels for the employees, which will be dependent on company position and
department. Also the company will be using certain security applications that will fit the budget
and needs as well as the use of a Virtual Private Network (VPN). The security applications will
be compatible between all three of the companys locations from China, Albany, GA, and San
Jose.

References

Riordan Manufacturing
CCNA Cisco Certified Network Associate. Study Guide, Seventh Edition
Author: Todd Lammle
Publisher: John Wiley & Sons Inc.
ISBN: 9780470901076

Moore's law. (2012). Retrieved from http://en.wikipedia.org/wiki/Moore%27s_law

Retrieved from http://en.wikipedia.org


Retrieved from http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
http://www.britannica.com/EBchecked/topic/1473553/Wi-Fi|accessdate=2010-02-03}} 1991,
[[NCR Corporation]] with [[AT&T Corporation]]