1 Semester 3 Threaded Case Study Royal Palm 41306-3A/3B Ip Siu Tik Tsang Man Wu Wai Hung Wong Lai Ting.

1

Semester 3Threaded Case Study

Royal Palm

41306-3A/3BIp Siu Tik

Tsang ManWu Wai Hung Wong Lai Ting

2

Wide Area Network

3

LAN Area Network

4

LAN Wiring Scheme

5

LAN Wiring Scheme

6

Addressing and Network Management Class A private address 10.3.48.0/20 is assigned 7 subnets for two administrative network and five

student network 10.3.48.0/23 - Administrative Network 10.3.50.0/23 - Administrative Network 10.3.52.0/23 - Student Network 10.3.54.0/23 - Student Network 10.3.56.0/23 - Student Network 10.3.58.0/23 - Student Network 10.3.60.0/23 - Student Network

7

Addressing and Network Management

Administrative Network 10.3.48.1/23 Router Interface E0 (Admin LAN)

10.3.48.2->10.3.49.254 Switches

10.3.49.10 Domain Name Server

10.3.49.11 Email Server

10.3.49.12 Web Server

10.3.49.13 Administration File Server

10.3.49.14 Administration Server

10.3.49.20->10.3.49.254 Staff PC's Static Addresses

10.3.50.1/23 Router Sub-Interface E0 (Admin LAN)

10.3.50.20->10.3.51.254 Staff PC's Static Addresses

8

Addressing and Network Management

Student Network 83 classrooms and each classroom support maximum 24

computers. 1992(83X24) IP addresses are needed

9

Addressing and Network Management10.3.52.1/23 Router Interface E1 (Student LAN)

10.3.52.10 Library Server

10.3.52.11 Application Server

10.3.52.12 Student File Server

10.3.52.13 DHCP Server

10.3.54.1 Router Sub-Interface E1 (Student LAN)




10.3.52.20->10.3.53.254 DHCP addresses for IDF 1





10

Security

Access Lists 101: Student VLAN has no access to admin server or admin file

server

-- E0 in –router(config) # access-list 101 permit ip 10.3.48.0 0.0.3.255 anyrouter(config )# acces-list 101 deny ip any anyrouter(config )# interface e0router(config-if) # ip access-group 101 in

11

Security

Access Lists 102: Any traffic leaving administration VLAN not from a valid address

on that VLAN is denied Permit Web Server (port 80), DNS(port53) and SMTP(port 25) to

be accessible from the student VLAN

--E0 out –router(config) # access-list 102 permit tcp any any eq 80router(config) # access-list 102 permit tcp any any eq 25router(config) # access-list 102 permit tcp any any eq 53router(config) # access-list 102 permit udp any any eq 53router(config) # access-list 102 deny ip 10.3.0.0 0.0.255.255router(config) # access-list 102 permit ip any anyrouter(config) # interface e0router(config-if) # ip access-group 102 out

12

Security

Access Lists 103: Any traffic leaving student VLAN not from a valid address

on that VLAN is denied

--E1 in—router(config) # access-list 103 permit ip 10.3.52.0 0.0.3.255 anyrouter(config) # access-list 103 permit ip 10.3.56.0 0.0.3.255 anyrouter(config) # access-list 103 permit ip 10.3.60.0 0.0.3.2555 anyrouter(config) # interface e1router(config-if) # ip access-group 103 in

13

Internet Connectivity

Double firewalls for protection Access Control Lists (ACLs) is utilized in rout

ers tcp port 53(DNS service), 80 (web server) an

d 110(e-mail service) available only Admin server cannot be accessed by student

VLAN

14

Internet Connectivity

Side effect of using ACLs: increase the latency of traffic increase the CPU utilization of the routers

ACL latency effect slow down accessing to e-mail, internet & intranet

browsing, log on process

15

User Counts

Location Student/Curriculum Runs

Administrative/Teacher Runs

Total Runs

Building 1 60 20 80

Building 2 36 12 48

Building 3 33 11 44

Building 4 15 5 20

Building 5 24 8 32

Science building, 6 2 8

Computer building 6 2 8

7 double portable classroom 42 14 56

Multipurpose building 18 6 24

Cafeteria 9 3 12

Total 332

16

~The End~

1 Semester 3 Threaded Case Study Royal Palm 41306-3A/3B Ip Siu Tik Tsang Man Wu Wai Hung Wong Lai Ting.

Documents

student network10

network management class

administration vlan

valid address

deniedpermit web server

private address

routerstcp port

dns service