My target is to implement a new network for the School of Computing in the new constructing building. I'm using cisco network technology to accomplish this network design according to their network requirements mentioned in the invitation to tender. With using cisco latest technologies I can implement this network by considering more energy saving point.
As they required in the invitation of tender I have to design the distribution layer and the access layer because the internet facilities will be provided by merging this network with the university backbone or the core layer of the university, So while I'm designing this network I was just assume that the core layer will be like in the diagram I designed in Logical design diagram. I'm planning to user PoE technology and alternative power solutions to reduce the power consumption in the network diagram.
2 LOGICAL DESIGN
2.1 LOGICAL NETWORK DIAGRAM
2.2 IP AND SUBNET DESIGN
2.3 VLAN DESIGN
3 LOGICAL DESIGN REPORT
As I mention above I have been design a network that will ready to merge to the university backbone. In here I will explain that how the above logical design is implemented. In here I'm assuming that there are two ISP providers. I designed the core layer by assuming this is the university backbone. In there I used two routers with firewall for because I used it as a safety data precaution plan. Then those routers are connected to a two proxy servers separately. I used these proxy servers because there are requirements in the tender that students and staff need to browse the website or surf internet, so I used these proxy servers to maintain and control internet surfing.
After that I have been used two Layer two switches because in my design I create VLANs using thee Layer two switches, in order to make connection between the VLANs and Servers we need proper subtests . From the begging of the design up to this point I used fibre cables as the network cables because to keep up the high performance between the servers and the switches. I have used few servers according to fulfil the requirements in the tender. I used Database server, Application Server and a File server in order to full fill their needs. I also used a four port Wi-Fi router to create a Wi-Fi zone in the university and it has been protected with WPA2 password. I used a router to create a different IP range in distribution layer. It will protect the distribution layer and to communicate with VLANs I have put up a router and start to create a sub interface and do all the routings in the network. To protect the DMZ area I have choose another router and I change the network rage of the servers also then no one can discover the servers by using distribution layer IPs.
According to their requirement there are twenty labs that will need internet access and the different type of applications in different OS environments. So to preventing the unnecessary cost for registering genuine windows machines and mac OS machines. So I used file server to install VMware vSphere and created the Mac, Linux and Windows Virtual Operating Systems with installation of the needed application software's. So it's going to reduce the cost on power usage because on according to my design user will need a monitor with keyboard and mouse to operate whatever OS they needed. For do all these arrangements I used three layer two switches to create VLANs. One for Mac labs, One for Linux Labs and final for windows Labs. Overview, the network is cost reduction network that can be used easily to complete the task in the university.
3.2 WHAT I INCLUDED IN SERVER ROOM
In server room where all the servers has been implemented in this network design. Servers are used for many purposes and there different types of servers for each purpose, so used following four type of servers.
' Database Server
Database servers are used to save all the details of any ongoing activity or uses to save any data that's need to re-use in some other purpose or other programs in future works. So as the requirement in the tender. I used a database server to save data of the university and the student's works.
' Mail Server
Mail servers are using to send or receive emails. These servers use SMTP and POP3 or SMTP protocols to send and receive the emails with remotes and locals.
' Application Server
These types of servers are need to save and run applications and load balance the user request with in network. This server connected with database server and keep the applications up to date.
' File server
These servers are mainly use to save data of users. In here there is requirement that every student must have their own home space I used this server to give each student a home space and majorly I used this server to create VMware vSphere cloud base server to fulfil a requirement of the tender. In here there is requirement have different types of OS environments to studies in labs. Installing a windows to ten labs may cost very high, so I used this cloud base to have every types of OS environments with virtual machines. Then the cost will be less than installing OS in separate machines. Because of this labs don't need to have CPUs to work done any user can logged in to their accounts and can select a VM and start working. All the files will be saved in their home space in file server. This is an echo friendly technology that I used in this network.
3.3 WHAT I INCLUDED IN CORE LAYER
' ISP 01 and ISP 02 Lines
I decided add up two Internet service providers because if one goes down then the other ISP will act as back up. Because we need to maintain the 99% network availability
' Routers with firewall
From the router we take the privileges to connect to the ISP by giving the authorization for internet surfing and the firewall will protect the incoming intruders and attacks for the network.
' Fibber Optic Cable
It's a network cable that contains strands of glass fibbers inside an insulated casing. These cable are designed to travel data for a long distance without any damage with very high speed (Gigabit speed). These more expensive than cat 5e or cat 6 cables due following reasons, I also used these cable because of following reasons.
- Complete input and output electrical isolation
- No electromagnetic interference (EMI) radiation along the transmission media
- Broad bandwidth over a long distance
- Light-weight, small-diameter cables
- Equal to the cost of copper wire and connectors
' IDS (Intruder Detection System)
I fixed two intruder detection systems with main routers that connects to the internet. It detect and report on traffic glitches, based on signatures and rules using deep packet inspection. Because this detection system we can manage the unnecessary data traffic in the network that comes from attackers or programs.
3.4 WHAT I INCLUDED IN DISTRIBUTION LAYER
The distribution layer is like the broker who makes the connections between the access layer and the core layer, it normally done by handling all the routings between these two layers. We also can use Access list to implement policies to the network communications. This distribution layer includes the intermediate switches and routers such as those use to communicate between subnets or VLANs. So I used following devises in the distribution layer in order to make the access layer and core layer communication success.
' Cisco Wireless Access Point
I used a Wi-Fi router to create a Wi-Fi zone with in a university premises for the laptop and smart phone users.
' Cisco 24-Port Layer Two Switch
I used these switches to connect the VLANs to make communication in each network range. The multilayer switches acts as a router and a switch. We use this kind of switches when there are few VLANs within the network. I used this rather than using a router it can be used to connect new latest devices as a future purpose.
' Cisco 8-Port Layer 2 Switch
I used this layer two switch to make the connection between the serves and the multilayer switches. I used 8 port switch because I have currently four servers in the server room. The other extra 4 port will be remained to be used in future manner.
' .Content Filtering Web Proxy Server
Content Filtering Web Proxy Servers are used to provide administrative controls with in a network to maintain the internet usage, filtering or to maintain the policies related to internet access with in the network. Normally these servers includes DNS blacklists, URLs, content keyword filtering, user filtering and many other filtering process. I include these severs here to maintain the internet usage within the campus and its saves the cost that goes with unnecessary internet usages and unnecessary network traffic.
3.5 WHAT I INCLUDED IN ACCESS LAYER
In access layer I have I used layer two 48 ' Port switches to create VLANs for each lab as follows
' Mac (5 Labs)
' Linux (5 Labs)
' Windows (10 Labs)
In each Labs there are 20 students and 1 staff machine in the each lab I also use a 48-Port switches for machines and rest of remained ports can be used in future and these switch connect printers and other devices like projector etc.
3.6 INTERNET PROTOCOL & LINK STATE ROUTING PROTOCOL
For my whole network project I used IPV4 addresses. I used 192.168.1.0/27 rage in after VLANs are divided and that can be in the getting a IPV4 Class C it's more than enough to assign all the devices and can be sign more IP address for future usage. I used OSPF (Open Short Path First) routing protocol for the networks because the university backbone is already using routing protocol, so I used it in here also it will easier to merger the new network in to university backbone.
For the security of this network I have been using
I have used the firewall with routers in the edge of the internet. It will keep the attacks and file injecting and some other threats away from the routers and the designed network
' Intrusion Detection System
Rather than using firewalls I have used IDS near routers to monitor the unwanted traffic and activities in the network. By placing the IDS near at the router it will raise down the risk that can firewall can have.
' Access Control
In all cisco routers I will use the ACL commands to make the network more secure
' Physical Security
As a physical security I have implement the server room with high security access control system and every routers and switches have been in sealed box that can lock by the network administrator. I have maintain the server room as cool as possible and fixed fire alarms and other natural disaster alarms in the server room.
' Wireless Security
Wi-Fi has been protected with WPA2 passwords that can only have from the authority by giving the details of user who use it.
The above network has been simply designed using IPV4 It has been successfully designed that the design can survive up to minimum 5 years without having any IPV4 address problems and the network covers all the requirements that need to be covered. I would like thanks to the Cisco Network Technology for creating these device with high class and grantee device that anyone would use in any networks. These kinds of problems can not only slow down development efforts, they also give misleading results. But with our end-to-end Cisco network system, we no longer have to worry about that. Cisco has provided them a cost-competitive solution with more ports, better security, higher scalability, and nanosecond-speed performance. I expect tremendous growth in the future, and I am confident that Cisco is here to stay with them as they grow.
' CCENT Study Guide
' CCNA Study Guide
' Computer Networks Study Guide