Proposition of the final LAN infrastructure
advertisement
Proposition of the final LAN infrastructure Proposition of the final LAN infrastructure The organization that you choose to use for this project is the Marine Corps. Because of the large volume that is carried out differently among all the different units, there are many different moving parts so I will focus on a section S-6 Inside a smaller unit. This unit will contain approximately 500 people, and 15 of these persons will be responsible for establishing the network. This will be to include satellites, routers, switches, and all peripherals. This unit is responsible for the ability to quickly deploy the communications department to any part of the world and begin to pull data over a 5-hour period. Will be This Is the key when the unit's main unit arrives, and there are already data connections ready to pull. The three-tier hierarchical design model is made up of cisco From basic distribution and access. When we quickly look at the chart, we see that the basic layer of this grid begins at SCR RTR And ends when a link POP RTR . The next layer is our distribution layer, which is one key POP RTR And switches that contain all road summaries and address addresses including VLAN On our keys that are running Layer 3 Traffic VAN Router On their own without the need for a router. Finally, the access layer is all end-users and network resources such as server farm. After careful considerations and adding IPsec To our network, we can successfully implement and upgrade your wireless network infrastructure. The back side of the networks will receive from SCR RTR to me POP RTR 192.168.0.33 / 26 As devices IP Their instant traffic from ISPs will be placed on firewalls, routers and switches. After the traffic has been left a protocol POP RTR And make its way around our network, it will move through point-to-point links within the network 192.168.1.128 / 25. All servers will be placed on a network VLAN From 192.168.3.33 / 27 to separate server traffic on the adapter to be grantedQoS Higher than traffic VLAN Of the user who will be on a separate VLAN using 192.168.3.65 / 28 which will give IP Up to 62 users to connect to either via Wi-Fi Or using solid wire in the grid. As we move more towards the network, we will see that our first wireless access point is present in the primary and supplied key and setup on VLAN the user. The virtual gateway will be 192.168.3.65 / 28 users IP VLAN For the user. In this case, we have implemented and updated our network to an extensive network ( WAN ). In this scenario, we created a separate site located across the world and talking to the main satellite site. This other network is still part of the main network, it's simply on the other side of the world and that's why our network is now a network WAN . We have kept everything as it was before where the router is used SCR BGP To talk to your Internet service provider ( ISP ) And data flow from our provider. From there, each router includes a router SCR On networks EIGRP With all directly related subnets that are configured inEIGRP So that routers quickly pass routing table information between each other. From our basic 3 layer adapter, we have a cable Ethernet Which connects to a satellite communication device center that simply transfers data to the other location. Each router is configured to end with OSPF And EIGRP From LANTheir own. This will allow the main site to send the secondary site the routing tables learned from EIGRPTo the secondary site across a path OSPF . This means that the main site and the secondary site will have them EIGRP ASN Different. Give us OSPF The concept of an area allows us to segment different sites. This works because the router has an independent system that connects one or more of the following ASAnd exchange paths between them. For our security deployment plan, we have implemented networks VLAN Within our network to divide the traffic in our network. We can see that it will be configured VLAN2 On all ports that have connected user computers. In addition to composition VLAN2 On all user computers if that user has a phone IP , The port will also be configured with VLAN Voice dialing so that the phone IP Its dragging IP From Etisalat Manager Cisco . Servers will also have their own VLAN to rid them of all Unnecessary visits also, and we will also have VLANs for management our servers will use for things like ESXi And vMotions And iSCSIAnd other traffic management protocols. In our network we have a router running multiple access control lists and will block all visits that our ISP has requested us to block. From our scan prompt, our traffic begins to go to the firewall and IPS Which will monitor traffic and identify attempts DDOS It is immediately prohibited. From here our traffic is moved towards POP RTR Usually traffic is to our servers where many of our services are running. Things like DNS On our Domain Controller that all computers use to resolve IPOriented Web page names. Also we will run the server McAfee Which will deploy proxies to all user computers that will be configured to shut down certain ports and protocols. In general, the computer is locked before anything bad happens, either accidentally or accidentally. I have always found it extremely important to keep our keys and routers up to date with the latest firmware to prevent them from being compromised. The easiest way to help protect our system is to keep our employees and users informed about how hackers try to control our system and tell them to alert the IT team if try to One access to their computer. From here, we must create a risk analysis of our network. This means that we will consider where to put our devices and easy access to these devices in addition to the survey of our network to determine what and what risks. Our last step could be to appoint one or two people to support and implement a security policy that is often our information security officers and probably only one network administrator to make sure that all other managers will stay within their ethical limits and do the right thing After careful considerations and adding IPsec To our network, we have successfully implemented and upgraded the wireless infrastructure. Our background network remained as it is with router sifting, firewall, and pop router, in addition to the primary conversion key. Keeping our servers and storage in our network is also the best idea, so all server-side services such as DNS searches are done faster via Link 1 gig Or 10gig Without any possible interruption in frequencies Wi-Fi we've got. Through our basic adapter, we have a wired wireless access point in the adapter Core Our own. Our main access point has a 2.4 GHz channel set to 1. We then have two access points connected to a main access point via the 5 GHz back channel for connections AP to me AP . These two access bands have a 2.4 GHz channel set to 11 that will not interfere with each other because of their position. This will allow anyone to be able to cross these areas without losing the signal to the network. The back side of the networks will receive from SCR RTR to me POP RTR 192.168.0.33 / 26 As devices IP Their instant traffic from ISPs will be placed on firewalls, routers and switches. After the traffic has been left a protocol POP RTR And make its way around our network, it will move through point-to-point links within the network 192.168.1.128 / 25. All servers will be placed on a network VLAN From 192.168.3.33 / 27 to separate server traffic on the adapter to be granted QoS Higher than traffic VLAN Of the user who will be on a separate VLAN using 192.168.3.65 / 28 which will give IP Up to 62 users to connect to either via Wi-Fi Or using solid wire in the grid. As we move more towards the network, we will see that our first wireless access point is present in the primary and supplied key and setup on VLAN the user. The virtual gateway will be 192.168.3.65 / 28 users IP VLAN For the user. Some will be The wireless standards that will be in my network are 802.11 n / ac Speeds of 2.4 GHz and 5 GHz. The access points will use a channel 5 GHz As a back channel for each access point you will provide fast transfer rates between access points. A 2.4 GHz channel will be set up to be separated so that there is no channel interference for users. This will all happen by using Wi-Fi internet access Dual-band . We also have to make sure there is no chance for a man in the middle attack, so we'll encrypt all packets on the network. We also need to make sure that Our users They do not connect unauthorized devices to our network which means we will use 802.1 X Which will provide support for central user identification, authentication, dynamic key management and accounting
