Beruflich Dokumente
Kultur Dokumente
Table of Contents
Problem Statement...............................................................................................................3
Client Network Requirements.............................................................................................3
Network Solutions Recommendations...............................................................................4
Mountain Skys Design Strategy.........................................................................................5
Security Policy.................................................................................................................6
Network Strategy- Advantages and Disadvantages.............................................................6
Advantages......................................................................................................................6
Disadvantages..................................................................................................................7
Router Configuration...........................................................................................................7
Address Scheme...................................................................................................................8
Project Schedule................................................................................................................10
Appendix A Mountain Sky Elementary Schools Logical LAN Topology........................11
Appendix B Mountain Sky Elementary Schools Main Distribution Facility Logical
Topology............................................................................................................................12
Appendix C Mountain Sky Elementary Schools Main Distribution Facility Physical
Topology............................................................................................................................13
Appendix D Mountain Sky Elementary Schools IDF 1 Logical Topology......................14
Appendix E Mountain Sky Elementary Schools IDF 1 Physical Topology.....................14
Appendix F Mountain Sky Elementary Schools IDF 2 Logical Topology......................15
Appendix G Mountain Sky Elementary Schools IDF 2 Physical Topology....................16
Appendix H Mountain Sky Elementary Schools IDF 3 Logical Topology......................17
Appendix I Mountain Sky Elementary Schools IDF 3 Physical Topology......................18
Appendix J Mountain Sky Elementary Schools IDF 4 Logical Topology.......................19
Appendix K Mountain Sky Elementary Schools IDF 4 Physical Topology....................20
Appendix L Mountain Sky Elementary Schools IDF 5 Logical Topology......................21
Appendix M Mountain Sky Elementary Schools IDF 5 Physical Topology....................22
Appendix N Mountain Sky Elementary Schools IDF 6 Logical Topology......................23
Appendix O Mountain Sky Elementary Schools IDF 6 Physical Topology....................24
Appendix P Mountain Sky IP Address Scheme.................................................................25
Appendix Q Mountain Sky Elementary Schools Router Access Control Lists................26
Appendix R Pricing Scheme for Network Solutions Proposal.........................................28
Problem Statement
Students, teachers, and administrators need an easy to use, fast and secure access to
information on the Internet, academic services available on the schools intranet, and a
central location in which to store the school systems applications and student data.
The network must be scalable: 1000% growth for LAN implementations and
100% for WAN implementations.
The specified throughput for network segments has been specified and is as
follows: 10 Mbps to the desktop and 100 Mbps to the backbone.
Only two Layer 3 and 4 routing protocols will be supported: Transfer Control
Protocol/ Internet Protocol (TCP/IP) and Novells Internet Packet Exchange
(IPX).
All nodes on each LAN segment need to have access to the Internet.
Each LAN segment must contain two physically separate LAN infrastructures for
security purposes: administrative access and curriculum (student) access.
Wire speeds have been determined: 10Base-T, 100Base-TX, and 100Base-FX.
All horizontal network cabling needs to be category 5-untwisted pair (CAT5
UTP).
o Must be tested to achieve 100 Mbps.
All vertical cabling must be category 5-untwisted pair (CAT5 UTP) or multimode
fiber optic.
All cabling must conform to TIA 568A and TIA 569 standards for length.
WANs and LANs must be both internally and externally secure.
Mountain Sky Elementary Schools WAN connection will be located at the Main
Distribution Facility (MDF) and only supports a Frame Relay connection to the
Washington School Systems district office.
Each classroom must be configured to support 25 workstations.
o 24 for students
o 1 for instructor
Each classroom has 4 cable runs from the Intermediate Distribution Facility (IDF)
o 3 for students
o 1 dedicated for instructor workstation
3
These guidelines will constitute an agreement between Network Solutions and the
Washington School District. The proposal contained within this document is based upon
these criteria.
to WAN users, separate the students network from the administrative network physically,
and restrict WAN users from accessing the administrative servers. This edge router would
be configured with access control lists that will also restrict any curriculum workstations
from accessing any of the administrative LANs resources.
The backbone from the edge router to the IDFs will consist of multi-mode fiber optic
cable, and will utilize full-duplex switching to the hubs that are located in each
classroom. The use of switches on the backbone will meet Washington School Districts
100 Mbps backbone requirement. Using hubs in each classroom will meet the 10 Mbps
requirement for curriculum workstation throughput.
will evenly distribute the network traffic to the required 24 workstations located in each
classroom.
Security Policy
Any network security measures that are implemented cannot just be arbitrary rules that
are started or finished to respond to problems. Security must exist beyond technology,
and must be based upon solid reasoning and decisions that seek to find a balance between
open access and total restriction in which all parties can exist.
Network Solutions Inc. has developed a security policy. This policy does more than just
throw technology at a problem. The policy seeks to provide the Washington School
District with documentation that lays out the following factors that involve all networks:
Our security policy is simple, yet is able to provide a clear definition of what we
recommend to the Washington School System based upon the requirements for security
they have set forth.
No one from the external (Internet) can access any machine on the internal
network.
Everyone must have access to the Internet and anonymous FTP
Everyone must have the ability to send and receive email.
The student and administrative networks are to be kept separate.
All traffic will be logged and audited and someone will be held accountable for
this audit on a regular basis.
All usernames and passwords will be maintained at the district level.
All router and switch configuration files are to be kept and maintained at the
district level.
A training program to educate faculty on the best practices to ensure network
security will be implemented. This is to minimize the greatest cause of security
breeches in a network, internal users.
met and the network will be highly scalable, which will allow for future growth as the
school districts enrollment continues to rise.
Disadvantages
The primary disadvantages to Network Solutions proposal relate to the shear cost of
purchasing, designing, installing, and testing the network. In addition those serving as
network administrators will need to be trained on the network, which will create
additional costs.
Router Configuration
Router>en
Router#config t
Router(config)#hostname mountsky
mountsky(config)#en secret cics
mountsky(config)#en password cisco
mountsky(config)#line vty 0 4
mountsky(config)#password alpha
mountsky(config)#login
mountsky(config)# ipx routing
mountsky(config)#int s0
mountsky(config-if)#ip address 10.166.0.0 255.255.255.0
mountsky(config-if)#no shutdown
mountsky(config-if)#ipx network 10
mountsky(config-if)#int e0
mountsky(config-if)#ip address 10.37.0.1 255.255.225.0
mountsky(config-if)#no shutdown
mountsky(config-if)#ipx network 20
mountsky(config-if)#int e1
mountsky(config-if)#ip address 10.38.0.1 255.255.255.0
mountsky(config-if)#no shutdown
mountsky(config-if)#ipx network 30
mountsky(config-if)#int e2
mountsky(config-if)#ip address 192.168.1.1 255.255.255.0
mountsky(config-if)#no shutdown
mountsky(config-if)#ipx network 40
mountsky(config-if)#exit
mountsky(config)#ip routing
mountsky(config-router)#router rip
mountsky(config-router)#network 10.166.0.0
mountsky(config-router)#network 10.37.0.0
mountsky(config-router)#network 10.38.0.0
mountsky(config-router)#network 192.168.1.0
mountsky(config-router)#exit
mountsky(config)# access-list 1 deny 10.37.0.0 0.0.0.0
mountsky(config)# access-list 1 permit 10.166.0.0 0.0.0.0
7
mountsky(config)#int s0
mountsky(config-if)#ip access-group 1 in
mountsky(config)# access-list 2 permit 10.38.0.0 0.0.0.0
mountsky(config)# access-list 2 permit 10.166.0.0 0.0.0
mountsky(config)#int s1
mountsky(config-if)#ip access-group 2 in
mountsky(config-if)#exit
mountsky(config)#exit
mountsky#copy run start
Address Scheme
The Washington School District will receive a class C IP address that will be changed to
the class A private network address of 10.0.0.0 using Network Address Translation (NAT)
in the border router. Using a subnet mask of 255.255.0.0, two hundred and fifty-six
subnets will be created and dispersed to each school within the district, which will allow
over 65,000 hosts to be assigned on each subnet. The details of the districts addressing
scheme are summarized below. The complete district IP addressing scheme is located in
Appendix A.
IP Address: 10.0.0.0
Address Class: A
Network Address: 10.0.0.0
Subnet Address: 10.0.0.0
Subnet Mask: 255.255.0.0
Subnet bit mask: 0nnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
Subnet Bits: 16
Host Bits: 16
Possible Number of Subnets: 256
Hosts per Subnet: 65534
Selected Subnet: 10.0.0.0/255.255.0.0
Usable Addresses: 65534
Host range: 10.0.0.1 to 10.0.255.254
Broadcast: 10.0.255.255
Based upon the previously mentioned addressing scheme, Mountain Sky will receive two
IP addresses. One address will be for the student network, and the other for the
administrative network. Mountain Skys assigned addresses are 10.37.0.0 and 10.38.0.0.
The 10.37.0.0 will be the student LAN and 10.38.0.0 will be the Administrative LAN.
The classroom printer will reside on the student network.
A DHCP server will be used at the school to disperse all of the addresses for both the
administrators and students. Keeping the schools request that the Administrative
network should be statically defined, the DHCP server is capable of assigning the same
8
IP address to a specific machine every time. Therefore, the administrators hosts will
always receive the same IP address, as will all classroom printers. The servers will have
a statically defined address. The address range for IP addresses to be assigned to students
will be from 10.37.1.1 to 10.37.2.254. This will provide roughly double the IP addresses
currently needed for students. The classroom printers will be set ranging between
10.37.255.1 to 10.37.255.254. The following is a summary of the student LAN IP
addresses:
Router Student Ethernet Interface (E0)10.37.0.1
MDF Student Switch10.37.0.2
IDF 1 Trunked Switches10.37.0.3
IDF 2 Trunked Switches10.37.0.4
IDF 3 Trunked Switches10.37.0.5
IDF 4 Trunked Switches10.37.0.6
IDF 5 Trunked Switches10.37.0.7
IDF 6 Trunked Switches10.37.0.8
Student Host Range10.37.1.1 to 10.37.2.254
Classroom Printers10.37.255.1 to 10.37.255.254
The Administrative network will use the 10.38.0.0 address, and, as previously mentioned,
will use the DHCP server to automatically define specific addresses, which are reserved
solely for specific machines. The addressing scheme for the administrative LAN is
outlined below.
Router Administrative Ethernet Interface (E1)10.38.0.1
MDF Administrative Switch10.38.0.2
IDF 1 Switch10.38.0.3
IDF 2 Switch10.38.0.4
IDF 3 Switch10.38.0.5
IDF 4 Switch10.38.0.6
IDF 5 Switch10.38.0.7
IDF 6 Switch10.38.0.8
The servers, except for the administration server will be located on a LAN off of the
border router. This network will use the class C private address of 192.168.1.0 and will
be accessible by all hosts on the network. The administration server will be located
behind a router off the administrative LAN switch located in the MDF.
The IPX addressing scheme will use the subnet number of the IP address as the network
address and the MAC address of the node as the host portion. The network portion of the
IPX address for the student network will be 37 and the administrative network will be 38;
the host portion will be the MAC address of the machine to which the address is
assigned.
Project Schedule
The time needed to complete this project will be approximately seven and a half months.
The project began on January 7, 2002 when Network Solutions was presented with the
documentation that laid forth the requirements and guidelines, as well as the needs of the
Washington School District as they pertained to the Mountain Sky School.
Much of the project time will be spent in the planning stage at the beginning of the
project, and the testing phase towards the completion of the project. The implementation
of the project will conclude on July 14, 2002. At this time, the client (Washington School
District and Mountain Sky School) will spend a period of one week performing the
acceptance test. If the client accepts the network, the project will conclude on July 21,
2002, which will allow classes to begin without interruption.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Student
LAN
LAN
Connection
to District
Chaparral
Cholla
Desert Foothills
Desert Slope
Iron Wood
John Jacobs
Lake View
Mountain View
Road Runner
Sunnyslope
Washington
Abraham Lincoln
Acacia
Blue Sky
Lookout Mountain
Moon Mountain
Mountain Sky
Sahuaro
Sunburst
Sunset
Sweetwater
Tumbleweed
Alta Vista
Arroyo
Cactus Wren
Manzanita
Maryland
Ocotillo
Orangewood
Palo Verde
Richard E. Miller
Royal Plam
10.5.0.0
10.7.0.0
10.9.0.0
10.11.0.0
10.13.0.0
10.15.0.0
10.17.0.0
10.19.0.0
10.21.0.0
10.23.0.0
10.25.0.0
10.27.0.0
10.29.0.0
10.31.0.0
10.33.0.0
10.35.0.0
10.37.0.0
10.39.0.0
10.41.0.0
10.43.0.0
10.45.0.0
10.47.0.0
10.49.0.0
10.51.0.0
10.53.0.0
10.55.0.0
10.57.0.0
10.59.0.0
10.61.0.0
10.63.0.0
10.65.0.0
10.67.0.0
10.6.0.0
10.8.0.0
10.10.0.0
10.12.0.0
10.14.0.0
10.16.0.0
10.18.0.0
10.20.0.0
10.22.0.0
10.24.0.0
10.26.0.0
10.28.0.0
10.30.0.0
10.32.0.0
10.34.0.0
10.36.0.0
10.38.0.0
10.40.0.0
10.42.0.0
10.44.0.0
10.46.0.0
10.48.0.0
10.50.0.0
10.52.0.0
10.54.0.0
10.56.0.0
10.58.0.0
10.60.0.0
10.62.0.0
10.64.0.0
10.66.0.0
10.68.0.0
10.150.0.0
10.151.0.0
10.152.0.0
10.153.0.0
10.154.0.0
10.155.0.0
10.156.0.0
10.157.0.0
10.158.0.0
10.159.0.0
10.160.0.0
10.161.0.0
10.162.0.0
10.163.0.0
10.164.0.0
10.165.0.0
10.166.0.0
10.167.0.0
10.168.0.0
10.169.0.0
10.170.0.0
10.171.0.0
10.172.0.0
10.173.0.0
10.174.0.0
10.175.0.0
10.176.0.0
10.177.0.0
10.178.0.0
10.179.0.0
10.180.0.0
10.181.0.0
25
D N S / E m a il
1 9 2 .1 6 8 .1 .2
F r o m S c h o o l D is t r i c t N e t w o r k
1 0 .1 6 6 .0 .0
S erv er L A N
1 9 2 .1 6 8 .1 .0
S tu d e n t L A N
1 0 .3 7 .0 .0
A c c e s s D e n ie d
S tu d e n t
A tte m p t
to a c c e s s
A d m i n is t r a t i v e
N e tw o r k
A d m in i s t r a t iv e L A N
1 0 .3 8 .0 .0
A C L s f u n c t io n a s a f ir e w a ll t o
p r e v e n t u n a u t h o r iz e d u s e r s f r o m
a c c e s s i n g t h e A d m i n i s t r a t iv e
n e tw o rk
A d m in i s t r a t iv e
S erv er
1 0 .3 8 .2 5 0 .1
In addition to the ACL placed on the routers administrative port, one will also be placed
on the student network to keep external users from accessing that network. The
administrative server will be placed behind the firewall off of a switch on the
administrative LAN allowing only the administrators to access the server. The following
is a description of the ACLs on each router port of the schools border router.
Administrative LAN Port
mountsky(config)# access-list 1 deny 10.37.0.0 0.0.0.0
mountsky(config)# access-list 1 permit 10.166.0.0 0.0.0.0
mountsky(config)# access-list 1 permit host 192.168.1.1
26
27
Hub
Linksys
Hub
Hawking
Technology
Network Everywhere
10BT 8 Port Hub
Network Everywhere
10BT 8 Port
Hub
Asante
SMC
Networks
24
12
(IDF)
$3,650.95 $43,811.40
24
12
(IDF)
$9,671.95 $116,063.40
12
(x2)
12
(IDF)
$5495.00
2
(MDF)
4
(x2)
2
(MDF)
$509.95
$2,039.80
4
(x2)
2
(MDF)
$679.88
$2719.52
$869.95
$869.95
HP
$135.95
$135.95
Hawking
Technology
$36.95
$36.95
Fiber
Sw
itc
h
Fiber
Switch
HP
Fiber
Switch
Nortel
Fiber
Switch
Ram
Electronics
Fiber
Switch
SIIG
Fiber
Switch
Netgear
Ethernet
Switch
Ethernet
Switch
Ethernet
Switch
Cisco
Standard
Switch
Cisco
Standard
Switch
D-Link
Model
Number
of Ports
Device
HP ProCurve Switch
100BASE-FX 24-Port
Fiber Module
Baystack 450-12F 12 MTRJ Ports 100BFX Switch,
Stackable
Fast Ethernet 100Mbps 8
port switch with Fiber,
ST connectors.
8
8
Quantity
Cost per
126
$35.95
(Classrooms)
126
$35.95
(Classrooms)
126
$36.95
(Classrooms)
1
(MDF)
1
(MDF)
1
(MDF)
24
12
(IDF)
24
12
(MDF)
Total
$4529.70
$4529.70
$4655.70
$131,880.00
$1991.90
$823.00
$216.95
$9876.00
$2,603.40
28
Standard
Switch
Netgear
Router
Cisco
Router
Bay Networks
Cabinets
Cabinets
UPS
APC
1400RM2U
APC
700RM2U
APC
3000RM3
Server
Dell
Poweredge
1650
Dell
Poweredge
1650
Dell
Poweredge
1650
Refurb Baystack AN
Router ENET
2 WAN
8 Enet
2 WAN
3 AUI
12
(MDF)
1
(MDF)
1
(MDF)
Wall-mounted
N/A
44
$300
$13,200.00
Floor standing
N/A
$1200
$8400
1/2 load
Plugs
Quantity
Cost
Total
28min.
$669
$4,014
14min.
$400
$2,400
12.4min.
$1,369
$1,369
Memory/Hard Drive
OS
Quantity
Cost
Total
1.13GHz
512MB/36GB/36GB
Windows
2000
$3058
$18,348
1.13GHz
512MB/36GB/36GB/36GB
Windows
2000
$3557
$21,342
1.13GHz
1.13GHz
1GB//36GB/36GB/36GB
Windows
3
2000
$4804
$14,412
Data-Link
Associates,
Inc.
Data-Link
Associates,
Inc.
Power
1400VA
(950W)
700VA
(450W)
3000VA
(2250W)
Processor
24
$224.95
$2,939.40
$1,484.99 $1,484.99
$656.95
$656.95
In addition, Microsoft licenses for 325 offices, including offices, customer access
licenses, and updates will total $15,600.
Device
Vendor
Model
Description
Quantity
Cost
Total
Fiber
Cabling
PVC
Spool 150
meters at
$324.95
Spool 150
meters at
$314.95
$324.95
PVC
Fiber from
MDF to
IDFs
Fiber from
MDF to
IDFs
48 meters
Fiber
Cabling
Fiber Optic
Cables, designed
for backbones
General-purpose
multimode duplex
cable
48 meters
$314.95
29
Fiber
Cabling
Simplex
General-purpose
duplex cable,
FDDI grade
Fiber from
MDF to
IDFs
48 meters
Spool 300
meters at
$346.95
(150 m
not
available)
$346.95
Cat 5e STP
GigaBase
CAT 5e
STP from
IDFs to
Classrooms
352
meters
$749.90
Cat 5e STP
Berk-Tek
CAT 5e
STP from
IDFs to
Classrooms
352
meters
Cat 5 STP
Plenum
Cat 5 STP
from IDF to
Classrooms
352
meters
Cat 5 UTP
Plenum
Cat 5 UTP
from Drop
Points to
nodes
1109
meters
Cat 3 UTP
PVC
1109
meters
Fiber Snaplock
Connectors
SC
CrimpLock Fiber
Optic Connectors
CAT 3 UTP
from Drop
Points to
nodes
End
Connectors
for Fiber
Optic
Cabling
1 Spool
300 meter
at
$499.95
and 1
Spool 150
meters at
$249.95
1 Spool
300
meter at
$449.95
and 1
Spool 150
meters at
$229.95
1 Spool
300 meter
at
$349.95
and 1
Spool 150
meters at
249.95
4 Spools
300
meter
each at
$120.95
4 Spools
300 meter
each at
$103.95
$21.95
each
24 ends
needed
$679.90
$599.90
$483.80
$415.80
$526.80
30
Fiber
Connectors
Plenum
GlueLock Fiber
Optic Connectors
End
Connectors
for Fiber
Optic
Cabling
24 ends
needed
10 pack
at $98.95
$296.85
Fiber
Connectors
ST
Fiber Econo
Connectors
24 ends
needed
10 pack at
$78.95
$236.85
RJ45 Jacks
GigaBase
CAT 5e
Connectors
370 ends
needed
100 pack
at
$103.95
$415.80
RJ45 Jacks
Snagless
RJ45, 8 wire
370 ends
needed
100-Pack
$94.95
$379.80
RJ45 Jacks
Riser
RJ45, 8 wire
End
Connectors
for Fiber
Optic
Cabling
High End
RJ45
modular
plugs
RJ 45
Modular
plugs
RJ 45
Modular
plugs
370 ends
needed
100-Pack
$82.95
$331.80
What we Recommend:
A Higher end version, more
Good price, good scalability scalable, but much more
expensive
Total Cost: Recommended
Total Cost, High End
$100,132.24
$283,625.92
The above pricing scheme represents a three-tier approach in which low-, medium-, and
high-end options are given. The bolded items are the devices to be used in the
implementation of Network Solutions recommendations. Although less expensive
options are available, it is the opinion of Network Solutions that the selected products
will offer the desired scalability and the needed security and quality of service.
Additional Costs
Installation: $350,000
Training: $100,000
Consulting: $596,000 (1 senior consultant, 2 junior consultant, 1 project manager, 1 site
manager)
31
32