The school district is in the process of implementing an enterprise-wide network which will include Local Area Networks (LANs) at each site and a Wide Area Network (WAN) to provide data connectivity between all school sites.

Access to the Internet from any site in the school district is also an integral part of this implementation.

Once the network is in place, the school district will implement a series of servers to facilitate online

automation of all of the district's administrative and many of the curricular functions.

Since this network implementation will have to continue to be functional for a minimum of 7-10 years, all design considerations should include a minimum of 100x (times) growth in the LAN throughput, 2x (times) growth in the WAN core throughput, and 10x (times) growth in the District Internet Connection throughput. The minimum requirement for initial implementation design will be 1.0 Mbps to any host computer in the network and 100 Mbps to any server host in the network. Only two OSI layer 3&4 protocols will be allowed to be implemented in this network, they are TCP/IP and Novell IPX.

SECTION 1 - Wide Area Network

SECTION 2 - Local Area Network & Wiring Scheme

SECTION 3 - District Supplied Servers and Functions

SECTION 4 - Address and Network Management

SECTION 5 - Security

SECTION 6 - Internet Connectivity

SECTION 7 - User Counts

The Washington School District Wide Area Network (WAN) will connect all school and administrative offices with the district office for the purpose of delivering data. The WAN will be based on a two-layer hierarchical model. Three (3) regional Hubs will be established at the District Office/Data Center, Service Center and Shaw Butte Elementary School for the purpose of forming a fast WAN core network. School locations will be connected into the WAN core Hub locations based on proximity to the Hub.

TCP/IP and Novell IPX will be the only networking protocols that will be acceptable to traverse the district WAN. All other protocols will be filtered at the individual school sites using access routers. High-end, powerful routers will also be installed at each WAN core location. Access to the Internet or any other outside network connections will be provided through the District Office/Data Center through a Frame Relay WAN link. For security purposes, no other connections will be permitted.

Two Local Area Network (LAN) segments will be implemented in each school and the District Office. The transport speeds will be Ethernet 10Base-T, 100Base-TX, and 100Base-FX. Horizontal cabling shall

be Category 5 Unshielded Twisted Pair (CAT5 UTP) and will have the capacity (be tested) to accommodate 100 Mbps. Vertical (Backbone) cabling shall be CAT5 UTP or fiber optic multi-mode cable. The cabling infrastructure shall comply with TIA/EIA-568-A and TIA/EIA-569 standards.

One LAN will be designated for student / curriculum usage and the other will be designated for administration usage (see: SECURITY SECTION). The LAN infrastructure will be based on Ethernet LAN switching. This will allow for a migration to faster speeds (more bandwidth) to the individual computers and between MDFs and IDFs without revamping the physical wiring scheme to accommodate future applications.

In each location a Main Distribution Facility (MDF) room will be established as the central point to which all LAN cabling will be terminated and will also be the point of presence (POP) for the Wide Area Network connection. All major electronic components for the network, such as the routers and LAN switches, will be housed in this location. In some cases an Intermediate Distribution Facility (IDF) room will be established, where horizontal cabling lengths exceed TIA/EIA-568-A recommended distances or where site conditions dictate. In such cases, the IDF will service its geographical area and the IDF will be connected directly to the MDF in a STAR or EXTENDED STAR topology.

Each room requiring connection to network will be able to support 24 workstations and be supplied with four (4) CAT 5 UTP runs for data, with one run terminated at the teacher's workstation. These cable runs will be terminated in the closest MDF or IDF. All CAT 5 UTP cable run will be tested end-to-end for 100 Mbps bandwidth capacity. A single location in each room will be designated as the wiring point of presence (POP) for that room. It will consist of a lockable cabinet containing all cable terminations and electronic components; i.e. data hubs and switches. From this location data services will be distributed within the room via decorative wire molding. Network 1 will be allocated for general curriculum usage and network 2 will allocated for administrative usage.

SECTION 3 - DISTRICT SUPPLIED SERVERS AND FUNCTIONS

All file servers will be categorized as Enterprise or Workgroup type services, and then placed on the

network topology according to function and anticipated traffic patterns of users.

DOMAIN NAMES SERVICE and EMAIL SERVICES

Domain Name Services (DNS) and e-mail delivery will be implemented in a hierarchical fashion with all services located on the master server at the district office. Each District Hub location will contain a DNS server to support the individual schools serviced out of that location. Each school site will also contain a host for DNS and e-mail services (local post office) that will maintain a complete directory of all staff personnel and student population for that location. The school host will be the local post office box and will store all e-mail messages. The update DNS process will flow from the individual school server to the

Hub server and to the district server. All regional servers will have the capability to communicate between

themselves, thus building redundancy in the system in the event that the District master server is unavailable. Should the District master server require a partial or complete restore of data, the ability to query any or all of the regional servers to acquire the needed information will be provided.

ADMINISTRATIVE SERVER

The school district is moving towards a totally automated server based administration system. Each

school location will contain an Administration server which will house the student tracking, attendance,

grading and other administration functions. This server will be running TCP/IP as its OSI layer 3&4 protocols and will only be made available to teachers and staff.

LIBRARY SERVER

The school district is implementing an automated library information and retrieval system, which will house an online library for curricular research purposes. This server will be running TCP/IP as its OSI layer 3&4 protocols and will made available to anyone at the school site.

APPLICATION SERVER

All computer applications will be housed in a central server at each school location. As applications such as Word processing, Excel, PowerPoint , etc are requested by users these applications will be retrieved from the application server. This will provide district support staff with a easy and efficient method for upgrading applications without having to reload new software on each computer in the district network. This server will use TCP/IP as its OSI layer 3&4 protocols and will be made available to anyone at the school site.

OTHER SERVERS

Any other servers implemented at the school sites will be considered departmental (workgroup) servers and will be placed according to user group access needs. Prior to implementation of other servers a requirements analysis must be submitted for the purpose of determining placement of the server on the district network.

SECTION 4 - ADDRESSING AND NETWORK MANAGEMENT

A complete TCP/IP addressing and naming convention scheme for all hosts, servers, and network

interconnection devices will be developed and administered by the District Office. The implementation

of unauthorized addresses will be prohibited. The District Addressing Scheme can be implemented in a number of ways. Ideas you should consider are Class A, B, and C Addresses with appropriate subnetting, Network Address Translation (NAT), and Private Network Numbers.

All computers located on the administrative networks will have static addresses, curriculum computers will obtain addresses by utilizing Dynamic Host Configuration Protocol (DHCP). Each site should have a server running DHCP and use only addresses consistent with the overall District Addressing Scheme. A master network management host will be established at the District Office and will have total management rights over all devices in the network. This host will also serve as the router configuration host and maintain the current configurations of all routers in the network. Each region location (Hub) will house a regional network management host to support its area. The management scheme for the data portion of the network will be based on the Simple Network Management Protocol (SNMP) standards. All routers will be pointed to the master Network Management host for the purpose of downloading new or existing configurations. The District Office will maintain the super user passwords for all network devices and configuration changes on these devices will be authorized from the District Office: i.e., Routers and LAN Switches.

External Threats - Internet Connectivity shall utilize a double firewall implementation with all Internet-exposed applications residing on a public backbone network. In this implementation all connections initiated from the Internet into the schools private network will be refused. In the district security model the network will be divided into three (3) logical network classifications, Administrative, curriculum and external with secured interconnections between them.

This model will dictate that two physical LAN infrastructures be installed at all schools and the District

Office, with one designated administrative and the other curriculum. Every computer and file server will be categorized according to its function and placed on the appropriate LAN segment. At the schools, each LAN segment will have a file server. All applications will be categorized and placed on the appropriate server. By utilizing Access Control Lists (ACLs) on the routers, all traffic from the curriculum LANs will be prohibited on the administration LAN. Exceptions to this ACL can be made on an individual basis. Applications such as E-Mail and Directory services will be allowed to pass freely since they pose no risk. A user ID and Password Policy will be published and strictly enforced on all computers in the District. All computers in the District network will have full access to the Internet. All ACLs will be controlled at the district office and exceptions to the ACLs will be reviewed prior to implementation.

SECTION 6 - INTERNET CONNECTIVITY

All Internet connectivity will be supplied through the District Office with the District Office being the single point of contact for all schools and organizations within the district. This connection will be highly controlled and capacity (bandwidth) upgraded as usage dictates. The Internet connection will utilize double firewall implementation with a public network (Ethernet backbone) established for services that will be exposed to the Internet such as master E-mail, Domain Name Services (DNS) and a World Wide Web server. All connectivity that is initiated from the Internet to the internal District network will be protected via Access Control Lists (ACLs) on the routers that make up the double firewall architecture. Any connectivity initiated from the District to the Internet will be permitted to communicate freely. E-mail and DNS services will communicate freely in both directions since these applications poses no security threat. A Web server will be located on the public backbone and partitioned to allow any school to install a Web home page on the Internet. Individual Web servers that need total exposure to the Internet will not be permitted on the internal District network. If schools require an independent web server host, this host will be placed on the public network backbone.

SECTION 7 - USER COUNTS

Elementary School District Addressing You need to assume there will be 250 computers in each school for student/Curriculum (C) usage and 75 computers in each school for teacher/Administration usage (A). This would be the maximum number in any given school. Also keep in mind that at each location (indicated by a 1 on the site drawing) the layer 1 wiring needs to be designed to accommodate up to 25 computers: 1 run for the teachers/Admin computer (A) and 3 runs for up to 24 student/Curriculum computers (C).

Washington Elementary School District

Regional Hub I: One District Office/Data Center [75 (A)] and 11 schools [250(C) & 75(A): per school]

Regional Hub II: One Service Center [75 (A)] and 11 schools [250(C) & 75(A): per school]

Regional Hub III: 11 schools [250(C) & 75(A): per school] and one community school

I.District Office/Data Center (Admin)

Desert Slope

Sunnyslope

Mountain View

Road Runner

Washington

Lake View

John Jacobs

Iron Wood

Desert Foothills

Chaparral

Cholla

II.Service Center (Admin)

Sunset

Acacia

Mountain Sky

Tumbleweed

Sweetwater

Sunburst

Sahuaro

Blue Sky

Moon Mountain

Lookout Mountain

Abraham Lincoln

III.Shaw Butte (School)

Richard E. Miller

Royal Palm

Alta Vista

Cactus Wren

Manzanita

Maryland

Ocotillo

Orangewood

Palo Verde

Arroyo

* Community School

Notes:

4 T1 data lines will provide Point-to-Point connectivity between each of the three Regional Hubs (I. Data Center - II. Service Center - III. Shaw Butte School)

One T1data line will provide Point-to-Point connectivity from each Regional Hub to each connected site.

One T1-speed data (Frame Relay) line will connect all sites to the Internet. This connection will occur at the District Office/Data Center, from the firewall routers to the Frame Relay "cloud."

One site (Community school) will access the district WAN via ISDN.

All site routers will have modem connectivity to the Data Center and Service Center for ease of router maintenance and enforcement of district-wide network administration policies.

Washington School District Project Task: Getting Started

Throughout this curriculum, you will be applying what you learn to the Washington School District Project. The fictional Washington School District is located in Phoenix, Arizona. Because you will revisit this project within every chapter (it is threaded through the chapters) for the rest of semesters three and four, it is called the "Threaded Case Study" or TCS. The school district is in the process of designing and implementing an enterprise-wide network, which will include LANs at each site and a wide-area network (WAN) to provide data connectivity between all school sites.

Goal: To Create A Dynamic And Relevant Web-based Threaded Case Study.

Objective: To apply your networking knowledge to a real-life example and to help you review

concepts integral to the CCNA Certification Exam.

Target: A fictional Elementary School District in Phoenix, Arizona.

Outcomes: Individual work, as well as a Team project. You will document the TCS elementary school district LAN and WAN designs by creating a Web-Based Portfolio. In order to do this, you will need to learn some basic HTML skills.

Tools and Resources:

Semester 3, v2.1 curriculum

Semester 4, v2.1 Curriculum

TCS Overview Document

School Site Drawings

Cisco Networking Academy Program: Second Year Companion Guide

http://students.netacad.net web site

Browser such as Internet Explorer or Netscape Communicator

Word or other word processor

Excel or other spreadsheet

Notepad or Simple Text or any HTML-editing capable software

Netscape Composer (or other WYSIWYG editors such as Frontpage or Dreamweaver)

Bit-mapped graphics editors such as Paint or ClarisPaint

Cisco Network Designer (CND) Software Experts in Networking, including your Instructor

Industry URLs, such as:

http://www.cisco.com,

http://www.siemon.com,

http://www.fluke.com

After this chapter, you will start the process of completing your Threaded Case Study (TCS) Web-based Portfolio. You need to complete the following tasks:

1.Familiarize yourself with the tools and resources listed above. They will be crucial

to your completing the TCS.

2.Master the ability to create simple web sites using the tools indicated by your Instructor.

3.Apply the CCNA Certification Exam Learning Objectives to your specific

design. This will require a paragraph on how the learning objectives relate to your

design. Learning objectives can be grouped together for the purpose of explanation. In

this way, you will be studying for their CCNA Certification Exam as you work

through the case study.

CCNA Certification Exam Learning Objectives (***are explicit CCNA Exam objectives; unmarked are

knowledge assumed by the exam):

OSI model

Identify and describe the functions of each of the seven layers of the OSI reference model.***

Define and explain the 5 conversion steps of data encapsulation.***

Identify at least 3 reasons why the industry uses a layered model.***

Addressing

Define and describe the function of a MAC address.***

Describe data link addresses and network addresses, and identify the key differences between them.***

Describe and create the different classes of IP addresses [and subnetting].***

Identify the functions of the TCP/IP Transport Layer Protocols.***

Identify the functions of the TCP/IP networklayer protocols.***

Log into a router using both user and priviledged modes.***

Use the context-sensitive help facility.***

Use the command history and editing features.***

Examine router elements (RAM, ROM, CDP, show).***

Manage configuration files from the priviledged exec mode.***

Control router passwords, identification, and banner.***

Identify the main Cisco IOS commands for router startup.***

Enter an initial configuration using the setup command.***

Copy and manipulate configuration files.***

List the commands to load Cisco IOS software from: flash memory, a TFTP server, or ROM.***

Prepare to backup, upgrade, and load a backup Cisco IOS software image.***

Prepare the initial configuration of your router and enable IP.***

Add the RIP routing protocol to your configuration.***

Configure IP Addresses.***

Verify IP Addresses.***

Explain the services of separate and integrated multiprotocol routing.***

List problems that each routing type encounters when dealing with topology

changes and describe techniques to reduce the number of these problems.***

Washington School District Project Task: User Requirements and Project Teams

After this chapter, you will begin studying the TCS Overview for the Washington School District Network Design Project. You will also be grouped in project teams, with each team assigned one school site. You need to complete the following tasks:

1. Familiarize yourself TCS Overview, including any activities your Instructor assigns.

2. Following the process decided upon by your instructor, you will be grouped into teams and

assigned one of the following schools (for which there are detailed drawings)

Royal Palm

3.Have your team download and organize all relevant files and tools necessary to begin your project.

4. Apply the CCNA Certification Exam Learning Objectives to your specific design. This will

require a paragraph on how the learning objectives relate to your design. Learning

objectives can be grouped together for the purpose of explanation. In this way, you will be

studying for their CCNA Certification Exam as you work through the case study.

CCNA Certification Exam Learning Objectives (*** are explicit CCNA Exam objectives; unmarked are

knowledge assumed by the exam):

LAN Switching

Describe the advantages of LAN segmentation.

Describe LAN segmentation using bridges.***

Describe LAN segmentation using routers.***

Describe LAN segmentation using switches.***

Describe the benefits of network segmentation with bridges.***

Describe the benefits of network segmentation with routers.***

Describe the benefits of network segmentation with switches.***

Name and describe two switching methods.***

Distinguish between cut-through and store-and-forward switching.***

Define and describe the function of a MAC Address.***

Ethernet

Describe network congestion problem in Ethernet networks.***

Describe full- and half-duplex Ethernet operation.***

Describe the features and benefits of Fast Ethernet.***

Describe the guidelines and distance limitations of Fast Ethernet.***

Chapter 3

Washington Project: VLANs

As you begin the chapter on VLANs, think about why VLANs are being introduced. Also think

about how, where, and when you might want to use VLANs at an elementary school site.

Washington School District Project Task: User Requirements, Site Maps, Handling Graphics

After this chapter, you will continue studying the TCS Overview for the Washington School District

Network Design Project, focusing on the LAN requirements. You should begin work on your

school site wiring diagrams (physical topologies). And you will need to learn some basics about

graphics file formats and graphics manipulation. You need to complete the following tasks:

1.Familiarize yourself with the LAN sections (and User Counts) of the TCS Overview ,

including any activities your Instructor assigns.

2.Individually, begin your working on your site wiring diagrams. Then discuss them as a group.

3.Understand the different graphics file formats involved in how your Instructor wants you to submit your Web-based TCS Solutions.

4.Apply the CCNA Certification Exam Learning Objectives to your specific design. This will require a paragraph on how the learning objectives relate to your design. Learning objectives can be grouped together for the purpose of explanation. In this way, you will be studying for their CCNA Certification Exam as you work through the case study.

CCNA Certification Exam Learning Objectives (*** are explicit CCNA Exam objectives; unmarked are

knowledge assumed by the exam):

VLANs

Describe the operation of the Spanning Tree Protocol and its benefits.***

Describe the operation of virtual LANs.***

Chapter 4

Washington Project: Designing the Network

In this chapter, you will begin the process of designing the LAN at your specific site within Washington School District WAN. As concepts and requirements are introduced, you will be able to apply them in your network design. You will need to make sure to address the following requirements:

The LAN is meant to serve different "workgroups" of staff members and students. This logical division will require the use of VLANs and will be a major design decision. For example, VLANs should be used to secure the administrators' machines from the students' machines. Access to the Internet from any site in the school district, via the District WAN, is also an integral part of this implementation.

A series of servers is needed to facilitate online automations of all the district's administrative functions and many of the curricular functions.

Because this network implementation must be functional for a minimum of 7-10 years, all design considerations should include at least 100x (times) growth in the LAN throughput, 2x (times) growth in WAN throughput, and 10x (times) growth in the Internet connection throughput. A minimum of 1.0 Mbps to any host computer in the network and 100 Mbps to any server host in the network is required. Only two routed protocols may be implemented in the network: TCP/IP and Novell IPX.

Washington Project: Server Placement and Function

You should categorize all file servers for the Washington School District as enterprise or workgroup types, and then place servers in the network topology according to the anticipated traffic patterns of users and according to the following functions:

DNS and E-Mail Services - Each district hub location should contain a DNS server to support the individual schools serviced out of that location. Each school should also contain a host for DNS and e-mail services (that is, a local post office) that will maintain a complete directory of the staff members and students for that location.

The Administrative Server - Each school location should have an administration server for the student tracking, attendance, grading, and other administrative functions. This server should run TCP/IP as its protocol suite and should be made available only to teachers and staff members.

The Library Server - The school district is implementing an automated library information and retrieval system for an online curricular research library. This server should run TCP/IP as its OSI Layer 3 and Layer 4 protocol and should be made available to anyone at the school site.

Application Server - All computer applications, such as word processing and spreadsheet software, should be housed in a central server at each school location.

Other Servers - Any other servers implemented at the school sites should be considered departmental (workgroup) servers, and should be placed according to user group access needs. An example would be a server running an instructional application for a specific school site.

Washington Project: Understanding the Customer

First and foremost, you must understand the customer. In the case of the Washington School District, you need to talk to major users of the network; find out their geographic location, their current applications; their plans for the future; and determine who the major players will be in helping you design the network. After you have gathered data on the district's organizational structure, you need to:

Determine where information flows in the district

Find out where shared data resides and who uses it

Determine whether data outside the district-for example, data on the Internet-is accessed

Define the issues or problems that need to be addressed

Washington Project: Availability

Find out what availability means to your customer. In the case of the Washington School District, you need to conduct a detailed analysis of current and projected needs in order to help meet this need. Analysis of network requirements includes analyzing the district's business and technical goals. You need to answer the following questions:

What applications will be implemented?

What new networks will be accessed?

What are the success criteria?

What level of reliability must the WAN and LANs have?

How can you tell if the new design is successful?

Washington Project: Determining Network Traffic Load

You need to determine the network traffic load for the Washington School District before developing a network structure and acquiring hardware. Additionally, when analyzing the district's technical requirements, you should estimate the traffic load caused by applications in packet size (for example, you need to estimate the size of files in bytes per second needed to be transmitted over the network).

Certain types of network use can generate large volumes of traffic and, therefore, can cause congestion, including congestion of the following:

Internet access

Computers loading software from a remote site

Anything that transmits images or video

Central database access

Department file servers

You should estimate worst-case traffic load on the network during the busiest times for users and

during regularly scheduled network services, such as file server backups.

Washington Project: Availability

Find out what availability means to your customer. In the case of the Washington School District, you need to conduct a detailed analysis of current and projected needs in order to help meet this need. Analysis of network requirements includes analyzing the district's business and technical goals. You need to answer the following questions:

What applications will be implemented?

What new networks will be accessed?

What are the success criteria?

What level of reliability must the WAN and LANs have?

How can you tell if the new design is successful?

Washington Project: Determining Network Traffic Load

You need to determine the network traffic load for the Washington School District before developing a network structure and acquiring hardware. Additionally, when analyzing the district's technical requirements, you should estimate the traffic load caused by applications in packet size (for example, you need to estimate the size of files in bytes per second needed to be transmitted over the network).

Certain types of network use can generate large volumes of traffic and, therefore, can cause congestion, including congestion of the following:

Internet access

Computers loading software from a remote site

Anything that transmits images or video

Central database access

Department file servers

You should estimate worst-case traffic load on the network during the busiest times for users and during regularly scheduled network services, such as file server backups.

Washington Project: Speed and Expansion

For the Washington School District network, you need to build the Layer 1 components of the district network with speed and expansion capabilities. As you know, the physical layer controls the way data is transmitted between the source and a destination node. Therefore, the type of media and topology you select helps you determine how much data can travel across the network and how quickly.

Washington Project: Catchment Areas

You should review the TCS Overview to determine what the user expects for the number of horizontal

cable runs to each room that the MDF or IDF will be servicing in its catchment area.

Washington Project: Connection Speeds

In the Washington School District network, the vertical cabling should carry all data traffic between the IDFs and MDFs. Therefore, the speed of this connection should be designed to be the fast link in the network. All traffic across the district network backbone will traverse this link, so this link should be at least 100 Mbps.

Washington Project: LAN Wiring Scheme Requirements

As you're planning the wiring for the sites of the Washington School District network, you need to take into account certain LAN requirements related to user access, segmentation, infrastructure, cabling, MDFs, and IDFs. Therefore, you should address the requirements described here when designing the network.

Requirement 1

Two LAN segments need to be implemented in each school and the district office. One LAN

needs to be designated for student/curriculum usage and the other needs to be designated for

administration usage.

Requirement 2

The LAN infrastructure needs to be based on Ethernet LAN switching, which will allow for a

migration to faster speeds (that is, more bandwidth) to the individual computers and

between MDFs and IDFs without revamping the physical wiring scheme to accommodate future

applications. The transport speeds need to be Ethernet 10Base-T, 100Base-TX, and 100Base-FX.

Requirement 3

Horizontal cabling needs to be Category 5 UTP and needs to have the capacity to accommodate

100 Mbps. Vertical (backbone) cabling needs to be Category 5 UTP or fiber-optic multi-mode

cable. The cabling infrastructure needs to comply with TIA/EIA-568-A and TIA/EIA-569 standards.

Requirement 4

In each location, an MDF room needs to be established as the central point to which all LAN

cabling will be terminated. This will also be the point of presence (POP) for the WAN connection.

The IDF should service its geographical area, and the IDF should be connected directly to the MDF

in a star or extended star topology.

Washington Project: Layer 2 Design Goals

The following are Layer 2 LAN topology design goals for the sites of the Washington School

District network:

• You should install LAN switching devices that use micro-segmentation in order to reduce the collision domain size.
• You should create VLANs and unique broadcast domains based on user workgroups.

Washington Project: LAN Topology Requirements

As you're planning the LAN topology for your school site, you need to keep in mind certain requirements for rooms that need access to the network and the room's wiring POP.

Requirement 1

Each room requiring connection to the network needs to be able to support 24 workstations and

be supplied with four Category 5 UTP runs for data, with one run terminated at the teacher's

workstation. These cable runs should be terminated in the closest MDF or IDF. All

Category 5 UTP cable runs need be tested end-to-end for 100 Mbps bandwidth capacity.

Requirement 2

A single location in each room needs be designated as the wiring POP for that room. It

needs to consist of a lockable cabinet containing all cable terminations and electronic components

that is, data hubs or switches). From this location, data services need to be distributed

within the room via decorative wire molding. Network 1 needs to be allocated for general

curriculum use, and Network 2 needs to be allocated for administrative use.

Washington Project: Layer 3 Design Goals

The following are Layer 3 LAN topology design goals for the your site:

• Build a path between LAN segments that will filter the flow of data packets.
• Isolate ARP broadcasts.
• Isolate collisions between segments.
• Filter Layer 4 services between segments.

Washington Project: Addressing

The district office should develop a complete TCP/IP addressing and naming convention

scheme for all hosts, servers, and network interconnection devices. The implementation of

unauthorized addresses should be prohibited. All computers located on the administrative networks

should have static addresses. Curriculum computers should obtain addresses by utilizing

Dynamic Host Configuration Protocol (DHCP). DHCP provides a mechanism for allocating IP

addresses dynamically so that addresses can be reused when hosts no longer need them. While

the district office should design, implement, and enforce the overall addressing scheme for the

network, DHCP should be administered by the local sites within the confines of the address

blocks they were assigned.

Washington School District Project Task: LAN Design

In this chapter, you have learned concepts that will help you begin the design process for the Washington School District network. As part of the LAN design process, you need to complete the following tasks:

1. Gather all information required to design a LAN for your group's assigned site in the Washington School District, starting with the TCS Overview but doing additional research as needed.

2. Design the LAN for your school based on the requirements gathered in step 1, in thecontext of developing an overall IP addressing scheme for the school district.First, each group will separately develop an IP addressing scheme for the entire schooldistrict. This can be done a variety of ways, and diversity is encouraged so theclass thinks through the pros and cons of DIFFERENT IP Addressing Schemes.

Some ideas to consider are Class A, B, and C networks with proper subnetting; Network Address Translation (NAT), and Private Network numbers. Each group will present their IP addressing scheme and the class will agree on the one best implementation. The class will elect this one group as the Network Operations Center (NOC) contact who will control the distribution of all IP addresses. Once the

NOC distributes IP address blocks to school sites, the individual school site groups can assign static and dynamic IP addresses within their individual LANs.

3. Develop and document an overall LAN design based on the user and district

requirements. To properly design your site's LAN, complete these tasks:

• A user requirements document (your interpretation and proposal of what is meant by the TCS Overview, the District and site needs, and your instructor's assignments)
• An overall design document, which includes a logical LAN design (logical topology) of the school and a complete physical design (physical topology) that includes:
• Details of all MDFs/IDFs in the rooms, including a to-scale diagram
• The number of HCCs, VCCs, and LAN switch ports required to meet the existing and projected growth needs
• LAN Electronics List: what devices (hubs, switches, routers, servers, others) are needed
• Specifications on the type and quantity of cable media for all horizontal and vertical runs
• Specifications on security, VLANs, and the separation of staff and student networks
• The overall district IP addressing scheme and how it is applied at the local school site
• An analysis of the pros and cons of the proposed LAN design

4. Apply the CCNA Certification Exam Learning Objectives to your specific design. This will require a paragraph on how the learning objectives relate to your design. Learning objectives can be grouped together for the purpose of explanation. In this way, you will be studying for their CCNA Certification Exam as you work through the case study.

CCNA Certification Exam Learning Objectives (*** are explicit CCNA Exam objectives; unmarked are

knowledge assumed by the exam):

Identify and describe the functions of each of the seven layers of the OSI reference model.***

Describe the different classes of IP addresses [and subnetting].***

Define and explain the 5 conversion steps of data encapsulation.***

Define and describe the function of a MAC address.

Identify the functions of the TCP/IP transport-layer protocols.***

Identify the functions of the TCP/IP network-layer protocols.***

Describe the different classes of IP addresses [and subnetting].***

Describe network congestion problem in Ethernet networks.***

Describe full- and half-duplex Ethernet operation.***

Describe the features and benefits of Fast Ethernet.***

Describe the guidelines and distance limitations of Fast Ethernet.***

Describe LAN segmentation using bridges.***

Describe LAN segmentation using routers.***

Describe LAN segmentation using switches.***

Describe the benefits of network segmentation with bridges.***

Describe the benefits of network segmentation with routers.***

Describe the benefits of network segmentation with switches.***

Name and describe two switching methods.***

Distinguish between cut-through and store-and-forward LAN switching.***

Describe the benefits of virtual LANs.***

Define flow control and describe the three basic methods used in networking.***

Washington Project: Routing Protocols and Implementing IGRP

The concepts covered in this chapter will help you understand routing protocols. Routing protocols (such as IGRP) route routed (routable) protocols (such as IP and IPX) through a network. This chapter will help you apply IGRP to the network design you have been creating for the Washington School District project. In addition, you will learn how to implement IGRP and all the IGRP-required configurations needed for the network implementations.

Washington Project: Multiprotocol Routing

Based on user requirements, the Washington School District network needs to handle

multiprotocol routing. The district requires that both TCP/IP and IPX routing protocols be handled

over the network.

Washington Project: IGRP Design Goals

Throughout the rest of the chapter, you will learn the concepts and configuration techniques to help address the following design goals for IGRP implementation in the Washington School District network:

• The network should use stable routing, and no routing loops should occur
• The network should quickly respond to changes in the network topology.
• The network should have low overhead, and IGRP itself should not use more bandwidth than is actually needed for its task.
• The network design should take into account error rates and level of traffic on different paths.

Washington Project: AS Numbers

AS number consistency is a design issue. You need to have the same number throughout the Washington School District network. The AS is assigned a 16-bit number by the Internet Assigned Numbers Authority.

Washington School District Project Task: Routing Protocols and Configuring IGRP

In this chapter, you have learned concepts and configuration processes that will help you implement IGRP as the routing protocol in the Washington School District network. As part of the IGRP configuration and implementation, you need to complete the following tasks:

1. Identify and gather the information required to implement IGRP at the schools' networks and across the district network. Add the information you gather to the existing user requirements and LAN design.

2. Identify and document the networks that will be advertised by the routers in the school district and add that information to the requirements and LAN design. Study and report on the effects of a dynamic routing protocol such as IGRP on the overall performance and maintenance of the entire school district network.

3. Identify and document the IGRP AS number for the school district.

4. Document the router command sequence needed to implement IGRP on the school's router and document the changes in the router configuration.

5. Describe the process that the routers go through to ensure that the neighbor routers are aware of the status of all networks in the AS. This will include the frequency with which routing table updates are sent and the effects of the updates on bandwidth utilization.

6. Identify the best settings for maximum hops, hold-down timer, update timer, and so on. Also, document appropriate bandwidth settings for serial interfaces.

7. Continue LAN Design Tasks: Site Wiring Designs, LAN Logical Designs, Typical MDF and IDF Designs and Electronics Tables, and a Site-specific LAN Electronics List

8. Apply the CCNA Certification Exam Learning Objectives to your specific design. This will require a paragraph on how the learning objectives relate to your design. Learning objectives can be grouped together for the purpose of explanation. In this way, you will be studying for their CCNA Certification Exam as you work through the case study.

CCNA Certification Exam Learning Objectives (*** are explicit CCNA Exam objectives; unmarked are knowledge assumed by the exam):

OSI model

• Describe the three major portions of an IP address.
• Describe the functions of the TCP/IP network-layer protocols and how they are used for path determination.

Routing Protocols:

• Add the IGRP routing protocol to your configuration.***
• Describe the function of a router in delivering data packets between different networks
• Describe the function and limitations of static route entries in a Router.
• Describe the functions and advantages of dynamic routing protocols.
• Describe the difference between routed and routing protocols.
• Describe the function of a routing table in the router.
• Describe what a routing metrics is and what the various components mean.
• Describe the difference between distance vector and link state routing protocols.
• Describe what convergence is in a network.
• Describe what an autonomous network is and what general type of protocol is used to communicate between autonomous networks

Washington School District Project: ACLs

In this chapter, you will learn the concepts and configuration commands that will help you use and implement ACLs in the Washington School District network. In addition, as ACL concepts and commands are introduced, you will be able to apply ACLs to your school site design and implementation.

Washington Project: Security Requirements

The LAN design for all schools in the Washington School District requires that each school have two networks: one for curriculum and the other for administration. Each unique LAN segment should be connected to a separate Ethernet port on the router to service that LAN. Such routers exist; search http://www.cisco.com for more information. As part of the security solution, you need to devise an ACL for the local site access router that will deny users access from the curriculum LAN segment into the administrative LAN segment, yet continue to give the administrative LAN complete access to the curriculum LAN segment.

One exception to this ACL is that the router is to pass any Domain Name System (DNS) or e-mail traffic to the DNS/e-mail server, which is located on the administration LAN segment. This is traffic originating on the LAN that is accessed by the students. Therefore, if a student is surfing the Web and needs the DNS server to resolve host names, this ACL will allow for host name resolution. In addition, this ACL will allow students to send and receive e-mail.

Washington Project: Using ACLs

When you use ACLs on the local site access routers, all traffic from the curriculum LANs should be prohibited on the administration LAN. You can make exceptions to this requirement by allowing applications, such as e-mail and directory services, to pass freely because they pose minimal risk.

E-mail and DNS need to be available throughout the district, and these types of services should not allow any unauthorized access to the administration network. All the ACLs you create need to be controlled at the district office, and you need to review exceptions to the ACLs prior to implementation.

Washington Project: User Permission

You need to develop a user ID and password policy for all computers in the District. This policy should be published and strictly enforced. Finally, you need make sure that all computers in the district network will have full access to the Internet.

Washington Project: Firewall Implementation

The Internet connectivity you will need to implement in the Washington School District requires a double firewall implementation, with all the applications that are exposed to the Internet residing on a public backbone network. You need to ensure that all connections initiated from the Internet into each school's private network will be refused.

Washington School District Project Task: Using ACLs

In this chapter, you have learned concepts and configuration processes that will help you implement ACLs. In the previous chapters we learned the concepts of how data traffic flows across a LAN; in this chapter we will study the methods for controlling the flow of these data packets based on layer 2&3 addressing and layer 4 services. The TCS Overview dictates that each school will have two networks, one for curriculum and the other for administration. Each unique LAN segment is connected to a separate Ethernet port on the router. You should devise an ACL for the router that will deny anyone from the curriculum LAN access into the Administrative LAN segment, yet continue to give the Administrative LAN complete access into the Curriculum LAN segment. One exception to this ACL is the router is to pass any DNS or e-mail packets to the DNS/Email server which is located on the Administration LAN segment. In response to the network design and security requirements, you need to complete the following tasks:

1.Document why you would need ACLs and create a logical diagram describing the

overall effect of these ACLs on the entire district network.

2.Document what type of ACL will be placed on the high-end, powerful, district core

router(s), and where they will be placed and why.

3.Document the router command sequence required to implement each ACL on each

of the local school site access router's interfaces and document the resulting

changes to the router configuration.

4.Document the effect of each ACL as it relates to traffic flow across individual

school LANs and the overall district network.

5.Continue LAN Design Tasks: Site Wiring Designs, LAN Logical Designs, Typical

MDF and IDF Designs and Electronics Tables, and a Site-specific LAN Electronics List

6.Apply the CCNA Certification Exam Learning Objectives to your specific

design. This will require a paragraph on how the learning objectives relate to your

design. Learning objectives can be grouped together for the purpose of explanation. In

this way, you will be studying for their CCNA Certification Exam as you work

through the case study.

CCNA Certification Exam Learning Objectives (*** are explicit CCNA Exam objectives; unmarked are

knowledge assumed by the exam):

General

• Describe what an access control list is.
• Describe the function of Access control lists on routers.
• Describe the reasons access control list are used.
• Describe how segmentation with routers and access control lists are related.
• Configure Standard and extended access lists to filter IP traffic.***
• Monitor and verify selected access list operations on the router.***

OSI model

• Define what layers of the OSI model standard access control lists function at
• and what fields in the data packet header it is concerned with.
• Define what layers of the OSI model extended access control lists function at
• and what fields in the data packet header it is concerned with.

Washington Project: IPX Implementation

In this chapter, you will learn how to implement Novell IPX in the Washington School District network. The school district needs a workgroup server in each computer lab at the school sites. The computer labs are located on the curriculum LAN segments of their respective sites. Both IP and IPX services need to be advertised across the school district network to other curriculum LAN segments.

Washington Project: IPX Addressing Issues

When planning IPX addressing, you do not need to worry about numbering hosts as you would for TCP/IP. This is because the host address for a workstation is usually the MAC address of that station's network interface card. However, you need to develop a scheme for the IPX network numbers in the Washington School District WAN. Remember that a router can't have two interfaces that belong to the same logical (IP, IPX, and so on) network, or subnet; therefore, you cannot use the same network number throughout the district WAN.

When you develop your IPX network numbering scheme, keep in mind that IPX network numbers can be up to 32 bits (or 8 hexadecimal digits), but they usually contain leading zeros to "pad out" the address. For example, the number 21 can be used as a valid IPX network number because leading zeros can be added to expand 21 into 32 bits (written as 8 hexadecimal digits): 00000021.

Some network administrators convert the IP network address to hexadecimal and use the result as the IPX network number. For example, the subnet 169.199.69.128 /27 would become A9C74580. But, there's no rule that says you have do this. You can use the leading zeros feature to create very simple IPX network numbers (such as 10, 20, 30, and so on).

You will see later in this chapter that, because of Layer 2 issues, a router interface may need to exist on two logical networks-that is, have two network numbers simultaneously. After you have read about Novell frame encapsulation types, you should check the TCS Overview carefully to see if your addressing scheme needs to account for this.

Washington Project: IPX Addressing and Encapsulation Types

When configuring routers for the Washington School District, you should note what Novell servers are connected to a router's interface. If those servers are running NetWare 3.12 or 4.x, then you must configure that interface to use ethernet sap as a frame type. If two NetWare servers connect to the same router port and use different frame types, then you have to configure the router interface for multiple framing types. Thus, you must create multiple logical networks (that is, the interface will have two IPX addresses that have the same host number but different network numbers).

Washington School District Project Task: Configuring Novell IPX

In this chapter, you have learned concepts and configuration processes that will help you implement IPX in the Washington School District network. You will investigate how Novell IPX protocol behaves on your assigned school's network. The school district has approved the implementation of a workgroup server in each the computer labs at the school sites. The computer labs are located on the curriculum LAN segments of their respective sites. The condition for implementation is that only Netware file server services will be advertised across the school district network to other curriculum LAN segments. As part of the IPX configuration and implementation, you need to complete the following tasks:

1. Document the effects of Novell IPX traffic on your school's LAN and the district WAN

including projected increase in traffic loads and traffic patterns.

2. Submit a proposal for the overall district IPX network number addressing scheme and be prepared to present this to the class. An addressing scheme will be selected by the class based on the proposals.

3. Document the changes in the router configuration to conform with the users requirements, including changes in the ACLs, list the appropriate commands needed to implement these changes, and document the resulting changes in the router configuration.

4. Continue LAN Design Tasks: Site Wiring Designs, LAN Logical Designs, Typical MDF and IDF Designs and Electronics Tables, and a Site-specific LAN Electronics List

5. Apply the CCNA Certification Exam Learning Objectives to your specific design. This will require a paragraph on how the learning objectives relate to your design. Learning objectives can be grouped together for the purpose of explanation. In this way, you will be studying for your CCNA Certification Exam as you work through the case study.

CCNA Certification Exam Learning Objectives (*** are explicit CCNA Exam objectives; unmarked are knowledge assumed by the exam):

General

• Describe connectionless data packet delivery over a network.

Novell IPX Protocol

• Describe the format for IPX addressing and how unique networks are identified.
• Describe the function of the Service Advertisement Protocol (SAP) within IPX.
• Describe the three major types of SAP advertisements.
• Describe the concept of client /server in a Novell network.
• Describe the function and process of Get Nearest Server (GNS) in a Novell network.
• Monitor Novell IPX operation on the router.***
• List the required IPX address and encapsulation type.***
• Enable the Novell IPX protocol and configure interfaces.***
• Configure IPX access lists and SAP filters to control basic Novell traffic.***

Routing

• Describe the concept of multi-protocol routing.
• Describe what function of the router will control the flow of SAP advertisements
• across the network.

In this chapter, you have learned some basic principles of network management that would help you administer the LAN you have designed. As the semester ends, you need to complete the following tasks to make sure the LAN part of your Web-based TCS solution is finished:

• LAN User Requirements Document
• Site LAN Wiring Plan (physical topology)
• Site LAN Logical Topology (including IP Addressing Scheme)
• Wiring Closet Diagrams
• LAN Electronics Spreadsheet
• LAN Media Spreadsheet
• IGRP Implementation
• ACL Implementation
• IPX Implementation
• LAN Pros and Cons