The Washington School District has recently decided to take a leap into
the 21st century by connecting its schools to the Internet. Therefore,
each school
requires that a fully functioning local area network (LAN) be implemented to serve a variety of purposes. The school district has hired several teams of network
professionals to design and install the network in each school. My team has been assigned to the Acacia school. To keep the design process organized and to
keep the required tasks straight in the team's head, the district's
requirements have been summarized in this document.
The district has requested good, reasonably fast connections. Therefore, to be practical, the throughput to any host must be no less than 1 Mbps. The file
servers, providing much more service and being much more important,
require throughput of a minimum of 100 Mbps.
Acacia school is a two story building. The LAN will therefore consist of two wiring closets, an MDF on the first floor and an IDF on the second floor. For
cabling, Category 5 UTP and multi-mode fiber optic cable will be used. Horizontal cabling will run from wiring closets to the individual connected rooms, and will
be CAT 5 UTP, running at a speed of 10 Mbps. Connections from switches to enterprise servers will also use CAT 5 UTP, but will run at 100 Mbps for the faster
speed these servers require. Additionally, multi-mode fiber optic
cable will be used as backbone cabling to interconnect the IDF and the
MDF.
The main LAN for the Acacia school will actually be two subnetworks; one designated for student usage and the other for faculty and administration. The
administrative LAN will be designed to accommodate 75 computers, while the student LAN will accommodate 250 computers. Towards this end, security
measures will be taken to separate the two networks from each other so that users on the student network will not be able to access the administrative network,
although administrative network users will have free access to both networks. Additionally, firewalls will be implemented to prevent users on the global Internet
from accessing the district's WAN. The district will have absolute
administrative control over the network.
The curriculum LAN will serve the students within 10 separate connected rooms, as well as the library. Four lengths of cable will run from the wiring closet
to each of these computer rooms, and terminate at wall jacks. Three hubs and one switch will be located inside a locked cabinet within each of the classrooms.
These hubs will each connect to the switch, which will then plug into the wall jack. Each room will have 24 computers for the students and one computer for the
teacher. Every ten computers will attach to one of the hubs, and the teacher's computer will attach to one of the four wall jacks. By connecting ten computers to a
hub and then giving each hub a switch port, each computer will receive the 1 Mbps bandwidth requested by the district. This installation is represented graphically
on the logical
topology diagram.
For a variety of network services which Acacia wants, a few file servers will have to be installed. First off, there will be computers dedicated to E-Mail and
DNS; E-Mail so that students and faculty can send and receive E-Mail, DNS so that users browsing the web can enter names to access web sites rather than
entering long, numeric addresses. Second, there will be a server for administrative functions, which will be used for student tracking, attendance records, grade
records, and various other administration tasks. This server will be located on the administration's network, and be available only to faculty. Also, there will be a
library server, located on the student network, which will hold a database for research. Lastly, an application server will be installed on the student network. Its
purpose will be to hold various schoolwork related programs such as Microsoft Word, Excel, PowerPoint etc., Other servers may be later installed as per the
district's request in the future.
An overall IP addressing scheme has been designed for the entire school district. For the student network, each computer's IP address will be dynamically
assigned by a computer specially designed to hand out addresses. This computer will be constantly giving out addresses from within a predetermined range. On the
administration's network, addresses will be personally assigned from
a range of addresses separate from the one used for the student network.
Acacia's networks, along with networks from the other schools, will be managed remotely from the District Office Data Center. At that location, one of the
regional hubs, a single computer will have total management rights over all devices in the entire district WAN. This computer, the master server for the district, will
also hold copies of configurations for all routers in the entire district. Should any router lose its configuration, it can simply download a copy from this master server
at the district office. This master server will also hold a database of all usernames and passwords throughout the district WAN. In addition to this master server,
each of the three regional hubs will hold their own management servers. These three servers will have management rights only over the 11 schools serviced out of
their location. Acacia, for example, will be managed by the Greenway C.O. Service center (its regional hub) and the master server at the District Office Data
Center.
Security on the network will be fairly simple. The District Office Data Center will provide a Frame Relay connection out into the Internet. Since the district
doesn't want users from the global Internet to access their WAN, it is here that the firewall will be implemented to keep them out. Through the use of an access
control list, all data packets, except for those involving E-Mail and DNS, will be refused. Additionally, within each school, there will be an access control list used
to keep users on the student network from accessing the administration network, with an exception being made on DNS and E-Mail.