TOPOLOGY For the LAN infrastructure, we recommend using an extended star topology system based upon a Gigabit fibreoptic backbone via multimodal fibre 1000Base-FX cabling Two Virtual Area Network (VLAN) segments will be implemented at MountainSky, One VLAN will be designated for student / curriculum usage and the other will be designated for administration usage The VLAN infrastructure will be based on Ethernet LAN switching. This will allow for a migration to faster speeds (more bandwidth) to the individual computers and between MDFs and IDFs without revamping the physical wiring scheme to accommodate future applications. Two Virtual Area Network (VLAN) segments will be implemented at MountainSky, One VLAN will be designated for student / curriculum usage and the other will be designated for administration usage . JUSTIFICATION FOR VLANs There are many benefits to designing a network with VLAN switching in this school, including the following: • Reduces administration costs related to moves, additions, and changes • Provides better control broadcasts • Tightens network security • Microsegments with scalability • Distributes traffic load • Relocates servers into secured locations Companies are continuously reorganizing. On average, 20% to 40% of the workforce physically moves every year. These moves, additions, and changes are one of a network manager's biggest headaches and one of the largest expenses related to managing the network. Many moves require recabling, and almost all moves require new station addressing and hub and router reconfigurations. VLANs provide an effective mechanism for controlling these changes and reducing much of the cost associated with hub and router reconfigurations . Users in a VLAN can share the same network address space (that is, the IP subnet), regardless of their location. When users in a VLAN are moved from one location to another, as long as they remain within the same VLAN and are connected to a switch port, their network addresses do not change . A location change can be as simple as plugging a user into a port on a VLAN-capable switch and configuring the port on the switch to that VLAN. VLANs are a significant improvement over the typical LAN-based techniques used in wiring closets because they require less rewiring, configuration, and debugging. Router configuration is left intact; a simple move for a user from one location to another does not create any configuration modifications in the router if the user stays in the same VLAN. IEEE 802.3 specifies the Ethernet as a LAN used to transport data between devices on a shared medium, using a data frame broadcast method of moving data to all nodes on the LAN. This standard uses Carrier Sense Multiple Access / Collision Detect (CSMA/CD) as an access method allowing only one station to transmit at a time. Although the goal is to provide a besteffort service, the biggest problem is traffic collision. Several factors can further effect this performance, including network congestion due to increased demands from multimedia such as the Internet and video applications. The combination of powerful computers, network applications, Internet access, sharing of files, etc. causes network congestion and a need for more bandwidth, especially in areas like the Library and computer labs. As the school grows, bandwidth issues increase and need to be addressed. Switches can help solve these problems. Switches microsegment a LAN, creating collision-free domains, increasing bandwidth available by creating point-to-point connection. When working with a router, a virtual circuit can be created and allow grouping of network devices that are not restricted to a physical switch segment. Network management software, switches, frame tagging, and routers work together to make VLAN's work. Since 20 to 40 percent of the workforce is physically moved each year, it is imperative that VLANs be designed in the internal LAN. Static VLANs (port-centric) will be created in this school because they are secure, easy to configure, and straightforward to monitor. Three VLANs will be used on the LAN; VLAN 1 will for the administration segment, VLAN 2 will be for general curriculum and VLAN3 for servers. All changes and moves will be controlled and managed accordingly CABLING The transport speeds will be 100BASE-TX, and 100 base FX/ 1000BASE-FX. Vertical (Backbone) cabling shall be fiber optic 100base FX or 1000 base FX. Fibreoptic is chosen as it is not prone to electrical interference and also provides high speeds of transmission. Horizontal cabling shall be Category 5 Unshielded Twisted Pair (CAT5 UTP) and will have the capacity (be tested) to accommodate 100 Mbps.CAT5UTP is chosen due to its cost effectiveness. The cabling infrastructure shall comply with TIA/EIA-568-A and TIA/EIA-569 standards. LOCATION OF MDF & TOPOLOGY We recommend placing the Main Distribution Facility (MDF) in the room (located in Building A East) where the WAN Point of Presence (POP) resides. This is a typical occurrence in network design, allowing for simpler cabling and WAN access. The POP will terminate at a Cisco 2600 Router. We recommend this router because of its scalability and reliability features. Stemming from the Cisco 2600, we recommend using one Cisco Catalyst 2950 (24 ports) as an external switch for testing purposes. This switch is outside of the standalone hardware based firewall. The Sonic firewall has a demilitarized zone DMZ, in which Internet, email and web servers will be located. A Cisco Catalyst 2950 (12 port) switch will be used in the DMZ for connections for the DNS,web and email servers. The firewall then terminates at a Cisco 3700 router via an E0 ethernet port. The Cisco 3700 is the main LAN router(again chosen for its scalability and reliability features). The Cisco 3700 router's E1 port feeds into a single Cisco Catalyst switch which connects to two Cisco Catalyst 2950G(48 ports) switches in the MDF The two Cisco switches will be used for VLAN segmentation and will provide, via hubs, distribution of drops to classrooms and offices within the recommended 100 meter distance of the MDF. VLAN 3 is designated for servers and will have the following servers: • the DHCP server and domain controller for VLAN2 (curriculum) • Curriculum server which has file server and application server functions for VLAN2 • Library server • Administration server which has file server and application server functions for VLAN1 • Domain controller for VLAN1 • Local DNS server The Cisco catalyst 2950 switch connected to the Cisco 3700 router via E1 is also connected by vertical cabling to IDF1 and IDF2 respectively. LOCATION OF IDFS AND TOPOLOGY Two Intermediate Distribution Facility (IDF) rooms will be established, where horizontal cabling lengths exceed TIA/EIA-568-A recommended distances or where site conditions dictate. IDF 1 will be located in Building A West and IDF2 will be located in the Multipurpose building. In such cases, the IDF will service its geographical area and the IDF will be connected directly to the MDF in an EXTENDED STAR topology. IDF-1 located in Building A East will house three Catalyst 2950G switches .The ports 1 – 16 will be allocated for VLAN1 and 17 to 48 for VLAN2. Due to the high number of rooms in this building and the fact that three Curriculum drops are needed per termination point, the use of 3 switches is recommended. Refer to IDF topology diagram. IDF-2 will be located in the Multi-purpose building. It will house two Cisco Catalyst 2950 Switches. Again ports 1 – 16 will be allocated for VLAN1 and 17 to 48 for VLAN2. Refer to attached diagrams for the cabling and logical topologies for this building and its IDF. DISTRIBUTION TO ROOMS As mentioned above, for distribution to rooms, we recommend using the 7 Cisco Catalyst 2950 switches located in MDFs and IDFs. The Catalyst 2950 will take the backbone lines and distribute their bandwidth through up to 48 lines of 100 Mbps over 100Base-TX thus allowing for up to 48 drops of 100 Mbps per switch. There are currently 44 rooms requiring 4 drops per room and 11 single drops required for the principals, assistants, secretaries. Hence current requirements stipulate 187 drops or cable runs. Hence the 7 distribution switches(Catalyst 2950 (48port)) in the MDF and the two IDFs can provide up to 336 drops thereby giving an extra 149 cable runs for expansion. Each room requiring connection to network will be able to support 24 workstations and be supplied with four (4) CAT 5 UTP runs for data, with one run terminated at the teacher's workstation. These cable runs will be terminated in the closest MDF or IDF. By running a fibreoptic backbone, we can supply four drops to each classroom or office, each with 100 Megabits of bandwidth. Two drops for student workstations and one drop for administrators will be hubbed and active. The additional drops from the Curriculum (Student) VLAN network will be installed, but however will only be hubbed and put into use upon demand. As the number of users increase, there will be a need to reduce collision domains and hence the need to use the spare drops. A single location in each room will be designated as the wiring point of presence (POP) for that room. It will consist of a lockable cabinet containing all cable terminations and electronic components; i.e. data hubs. From this location data services will be distributed within the room via decorative raceways. ROUTER CONFIGURATIONS ROUTER CONFIGURATION CISCO 2600 ROUTER Note: Configuration for WAN is in the WAN section above router# config t router(config)# router igrp 10 • Defines IGRP as an IP routing process router(config-router)# network 171.18.76.0 router(config-router)# network 1717.18.77.0 router(config-router)# network 171.18.78.0 router(config-router)# network 171.18.79.0 router(config-router)# network 172.18.80.0 router(config-router)# network 172.18.81.0 router(config-router)# network 171.18.82.0 ROUTER CONFIGURATION CISCO 3700 ROUTER router# config t router(config)# router igrp 10 • Defines IGRP as an IP routing process router(config-router)# network 171.18.76.0 router(config-router)# network 1717.18.77.0 router(config-router)# network 171.18.78.0 router(config-router)# network 171.18.79.0 router(config-router)# network 172.18.80.0 router(config-router)# network 172.18.81.0 router(config-router)# network 171.18.82.0 • Selects attached networks router# config t router(config)# int E0 router (config-if)# ip address 171.18.76.8 255.255.255.0 router(config-if)# no shutdown CTRL-Z • Configures E0 interface router# config t router(config)# int E1 router (config-if)# ip address 171.18.78.1 255.255.255.0 router(config-if)# no shutdown CTRL-Z • Configures E1 interface . WIRING DIAGRAM Media Vertical Cabling Multimode Optical Fiber Horizontal Cat 5 UTP 100Base Cabling TX Patch Panel Cat 5 UTP 100Base Cable(6m cable TX length) Work Area Cat 5 UTP 100Base Cabling(can be TX 10m cable) Bandwidth 1000 Mbps Max Physical Distance 2000m 100 Mbps 100m 100 Mbps 100m 100 Mbps 100m Wiring Scheme TIA/EIA-568-A specifies that, in a horizontal cabling scheme, you must use an RJ-45 jack for making the connection to a CAT 5 UTP cable, at the telecommunications outlet. One side of the RJ-45 jack contains eight color-coded slots. The individual Cat5 wires are punched down into the slots according to color. A firm punch down is required in order to make a good electrical connection. The other side of the jack is a female plug, which looks like a standard phone jack, except that the RJ-45 jack is larger and has eight pi MDF and IDF Details The interior walls are painted with fire retardant paint and has 3/4" plywood which is raised 1 1/4" from the walls where equipment is mounted. 15 feet of wall space is provided for the POP terminations. Drop ceiling should have fixed ceilings installed to prevent unauthorized access. 12" ladder rack and 4" conduits installed for horizontal and vertical cabling. Water and steam pipes should not run through or above the wiring closets and the humidity should be maintained between 30% and 50%. HVAC should maintain the room temperature at 70 degrees. Incandescent lights have been installed. ll file servers will be categorized as Enterprise or Workgroup type services, and then placed on the network topology according to function and anticipated traffic patterns of users. As mentioned in the Requirements section, the enterprise servers (including DNS, Email, and applications) will be located at the District Office, allowing for easy upgrade and download of applications and services between campuses. However, each campus will house its own DNS, web-server and Email servers as well, supporting that campus' needs. In addition, there will be a need for three servers per VLAN . For the Curriculum VLAN there will be a curriculum server (with file server and application server functions), a DHCP server . The administrative server(with file server and application server functions) is for administration purposes. For Mountain Sky we recommend the use of three Dell Power Edge 1600 Enterprise servers. One, housed in the MDF, will support the DNS, Email, Library, and Application services. We recommend the Dell Power Edge servers due to their high ratings in reliability and performance, as well as their competitive pricing points For backup, data redundancy and security we recommend RAID 5 for each server. ENTERPRISE SERVERS IN DMZ >> >> >> DNS (DISTRICT) WEB SERVER EMAIL SERVER IN VLAN3 >> >> >> >> >> DOMAIN CONTROLLER for student VLAN ADMIN SERVER(Application + file server) LIBRARY SERVER DHCP SERVER CURRICULUM SERVER (Application + file server) SECONDARY(LOCAL)DNS SERVER >> DNS , EMAIL & WEB SERVERS Domain Name Services (DNS) and e-mail delivery will be implemented in a hierarchical fashion with all services located on the master server at the district office. Each District Hub location will contain a DNS server to support the individual schools serviced out of that location. Each school site will also contain a host for DNS and e-mail services (local post office) that will maintain a complete directory of all staff personnel and student population for that location. The school host will be the local post office box and will store all e-mail messages. The update DNS process will flow from the individual school server to the Hub server and to the district server. All regional servers will have the capability to communicate between themselves, thus building redundancy in the system in the event that the District master server is unavailable. Should the District master server require a partial or complete restore of data, the ability to query any or all of the regional servers to acquire the needed information will be provided. DOMAIN CONTROLLER There will be a domain controller for purposes of user login security for both staff and students ADMINISTRATIVE SERVER The school district is moving towards a totally automated server based administration system. MountainSky will contain an Administration server which will house the student tracking, attendance, grading and other administration functions. It will also function as an application server and fileserver. This server will be running TCP/IP as its OSI layer 3&4 protocols and will only be made available to teachers and staff. LIBRARY SERVER The school district is implementing an automated library information and retrieval system which will house an online library for curricular research purposes. There will be one library server and will be running TCP/IP as its OSI layer 3&4 protocols. CURRICULUM SERVER The curriculum server is part of VLAN3 and is housed in the MDF and will function as an application server and file server for students. DHCP SERVER A DHCP server will be housed in the MDF and will be part of VLAN3 (Server Vlan) and used to dynamically allocate IP addresses for the students.This server will also function as a domain controller for user login security. All computer applications will be housed in the Curriculum and Administration servers located in the MDF. ( applications such as Word processing, Excel, PowerPoint , etc) LOCAL DNS SERVER This will be for resolving local dns requests and is part of VLAN3 APPLICATION SERVER Both Admin and Curriculum Vlans have Applications Server for their purposes. IP ADDRESSING A complete TCP/IP addressing and naming convention scheme for all hosts, servers, and network interconnection devices will be developed and administered by the District Office. As mentioned in the District addressing scheme, The implementation of unauthorized addresses will be prohibited. All computers located on the administrative networks will have static addresses, allocated by the system administrator. Curriculum computers will obtain addresses by utilizing Dynamic Host Configuration Protocol (DHCP). MountainSky, like other sites will have a server running DHCP and use only addresses consistent with the overall District Addressing Scheme. For the Ip addressing, Class B addressing will be used for both the curriculum network, administrative network and also for servers. IP addresses for servers and the administrative network will be statically assigned by the network administrator. The IP addresses for students will be dynamically allocated via a DHCP server. Range of Subnets allocated by District for MtSky 7 subnets from 171.18.76.1 – 171.18.82.254 Subnet: Device: Service Centre Cisco Router 2600 -S0(DCE) Backbone Cisco Router 2600 -S1(DTE) Backbone Cisco Router 2600- E0 Backbone Cisco catalyst 2950 (24) Backbone Cisco catalyst 2950 (12) Firewall Firewall Firewall DMZ port Firewall Email server Firewall Webserver Firewall Primary DNS server IP Address: 171.18.17.2 171.18.17.1 171.18.76.1 171.18.76.2 171.18.77.3 171.18.77.1 171.18.77.2 171.18.77.4 171.18.77.5 171.18.77.6 Backbone Backbone Backbone Backbone Cisco 3700 Router E0(fiber) 171.18.76.8 Cisco 3700 Router E1(fiber) 171.18.78.1 Cisco catalyst 2950(48)MDF-A 171.18.78.2 Cisco catalyst 2950(48)MDF-B 171.18.78.3 Cisco catalyst 2950(48)MDF-C 171.18.78.4 Backbone Cisco catalyst 2950(48)IDF1-A 171.18.78.5 Backbone Cisco catalyst 2950(48)IDF1-B 171.18.78.6 Backbone Cisco catalyst 2950(48)IDF1-C 171.18.78.7 Backbone Cisco catalyst 2950(48)IDF2-A 171.18.78.8 Backbone Cisco catalyst 2950(48)IDF2-B 171.18.78.9 VLAN2 Student Computers 171.18.79.1-171.18.80.254 ServerVLAN3 DHCP Server 171.18.82.1 Server Library Server 171.18.82.2 Server Secondary DNS Server 171.18.82.3 Server Administrative Server 171.18.82.4 Server Curriculum server 171.18.82.5 Server Domain controller 171.18.82.6 Staff/Admin Router E1(fiber) 171.18.81.1 Staff/Admin Principal 171.18.81.2 Staff/Admin Asst. Principal 171.18.81.3 Staff/Admin Secretary to Principal 171.18.81.4 Staff/Admin Secretary to Asst. Principal 171.18.81.5 Staff/Admin Nurse 171.18.81.6 Staff/Admin Office Secretary 1 171.18.81.7 Staff/Admin Office Secretary 2 171.18.81.8 Staff/Admin Office Secretary 3 171.18.81.9 Staff/Admin Network Printer 1 171.18.81.10 Staff/Admin Network Printer 2 171.18.81.11 Staff/Admin Librarian1 171.18.81.12 Staff/Admin Librarian 2 171.18.81.13 Staff/Admin Teacher Room 100 171.18.81.14 Staff/Admin Teacher Room 101 171.18.81.15 Staff/Admin Teacher Room 103 171.18.81.16 Staff/Admin Teacher Room 104 171.18.81.17 Staff/Admin Teacher Room 106 171.18.81.18 Staff/Admin Teacher Room 107 171.18.81.19 Staff/Admin Teacher Room 108 171.18.81.20 Staff/Admin Teacher Room 110 171.18.81.21 Staff/Admin Teacher Room 111 171.18.81.22 Staff/Admin Teacher Room 200 171.18.81.23 Staff/Admin Teacher Room 201 171.18.81.24 Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Staff/Admin Teacher Room 202 Teacher Room 203 Teacher Room 204 Teacher Room 205 Teacher Room 206 Teacher Room 209 Teacher Room 210 Teacher Room 211 Teacher Room 212 Teacher Room 213 Teacher Room 214 Teacher Room 215 Teacher Room 217 Teacher Room 218 Teacher Room 219 Teacher Room 220 Teacher Room 221 Teacher Room 222 Teacher Room 225 Teacher Room 226 Teacher Room 227 Teacher Room 228 Teacher Room 300 Teacher Room 302 Teacher Room 303 Teacher Room 309 Teacher Room 312 Teacher Room 314 Teacher Room 315 Teacher Room 316 Teacher Room 317 Teacher Room 319 Teacher Room 320 171.18.81.25 171.18.81.26 171.18.81.27 171.18.81.28 171.18.81.29 171.18.81.30 171.18.81.31 171.18.81.32 171.18.81.33 171.18.81.34 171.18.81.35 171.18.81.36 171.18.81.37 171.18.81.38 171.18.81.39 171.18.81.40 171.18.81.41 171.18.81.42 171.18.81.43 171.18.81.44 171.18.81.45 171.18.81.46 171.18.81.47 171.18.81.48 171.18.81.49 171.18.81.50 171.18.81.51 171.18.81.52 171.18.81.53 171.18.81.54 171.18.81.55 171.18.81.56 171.18.81.57 NETWORK MANAGEMENT A master network management host will be established at the District Office and will have total management rights over all devices in the network. This host will also serve as the router configuration host and maintain the current configurations of all routers in the network. Each region location (Hub) will house a regional network management host to support its area. In the case of Mountainsky school this will be housed at the Service Centre.The management scheme for the data portion of the network will be based on the Simple Network Management Protocol (SNMP) standards. All routers will be pointed to the master Network Management host for the purpose of downloading new or existing configurations. The District Office will maintain the super user passwords for all network devices and configuration changes on these devices will be authorized from the District Office: i.e., Routers and LAN Switches.