Вы находитесь на странице: 1из 10

Running head: PHYSICAL DESIGN

PHYSICAL DESIGN
Hal Hagood
U02a1

PHYSICAL DESIGN

Analyzing the network and LAN infrastructure is an essential part of designing the correct
topology. Network infrastructure refers to the hardware and software resources of an entire network that
enable network connectivity, communication, operations and management of an enterprise network.
Network infrastructure provides the communication path and services between users, processes,
applications, services and external networks and the Internet.
In this particular instance the design is for EverGreen Financial. EverGreen is a smaller company
with approximately 20-30 employees specializing in financial products and services and needs a basic
Cisco network built for the local office. EverGreen has purchased Cisco devices such as Cisco 2960
switches, a 2811 router, and a wireless LAN controller. These need to be set up, along with a TFTP
server. The companys internet connectivity has been lacking with email transaction delays and download
problems with various media on the internet.
In order to implement this network a design of the physical topology and infrastructure will be
presented. Also discussed is router frame transmission and flow of an infrastructure along with an
appropriate network segmentation and switching strategy to support a secure infrastructure. A discussion
of the Cisco Three-Layer Hierarchical Model and appropriate device and infrastructure configuration
activities. Finally device configuration troubleshooting activities and the role that these activities played in
developing a physical design are discussed.
Router frame transmission in today's LANs and computing equipment have the potential to run at
much higher speeds and transfer very large quantities of data. With the diversity and complexity of
today's networks, management can be a mammoth task if you don't have the proper tools. Each
environment is a unique combination of equipment from different vendors. Frame Relay, which is a
relatively new wide area networking method, is gaining popularity. Like X.25, it uses a packet-switching
technology, but it's more efficient than X.25. As a result, it can make your networking quicker, simpler, and
less costly.
Because Frame Relay has a low overhead, it's a perfect fit for today's complex networks. You get
several clear benefits: First, multiple logical connections can be sent over a single physical connection,
reducing your internetworking costs. By reducing the amount of processing required, you get improved

PHYSICAL DESIGN

performance and response time. Because Frame Relay uses a simple link layer protocol, your equipment
usually requires only software changes or simple hardware modifications, so you don't have to invest a lot
of money to upgrade your system.
Frame Relay is protocol independent, it can process traffic from different networking protocols like
IP, IPX, and SNA. Frame Relay is an ideal choice for connecting Wide Area Networks (WANs) that have
unpredictable, high-volume, and bursty traffic. Typically, these applications include data transfer,
CAD/CAM, and client-server applications.
Frame Relay also offers advantages for interconnecting WANs. In the past, setting up WANs
required the use of private lines or circuit switching over a leased line. Single, dedicated lines are not
needed to make each WAN-to-WAN connection with Frame Relay, reducing costs (cprtech, 2014).
Network segmentation in network security and performance and security must also be addressed.
Network segmentation is a critical part of an effective security strategy to reduce the risks and impact of
attacks within a network, and to reduce the scope of compliance.
Networks have become more vulnerable because of fundamental shifts in the complexity and
proliferation of personal and business applications, user access and behavior, and the new threat
landscape, leading organizations to rethink their security strategy. Network segmentation is a critical part
of an effective security strategy to reduce the risks and impact of attacks to the network. However,
traditional methods like virtual LANs (VLANs), switch access control lists (ACLs) and port and protocolbased firewalls do not provide the application visibility and user access controls to effectively secure a
network segment. Organizations require a network security platform capable of creating relevant security
policies by application, user and content for every network segment (paloaltonetworks, 2014).
The solution to this are firewalls for designated security zones, along with flexible deployment
modes at Layer 1, Layer 2, or Layer 3 to segment the network. Security policies will take advantage of
tightly integrated technologies and user IDs. Network segmentation helps organizations reduce their
scope for compliance and reduce exposure to attack. Networked systems need to be protected from
vulnerabilities and exploits, and reduce the risks and compromise from security breaches.

PHYSICAL DESIGN

Analyzing the LAN infrastructure or in this case the Cisco Three-Layer Hierarchical model as
used in this illustration is essential. Unlike the OSI model and the TCP/IP model, the Cisco Three-Layer
Hierarchical model does not describe how communications take place. Rather, it focuses on how best to
design a network, especially a relatively large network or one that is expected to grow.
In the past, networks have been flat for the most part that is, as the network grew, administrators
would simply add devices such as routers and switches in a lateral and ad hoc fashion. The process
provided for no structure or compartmentalization of functions. As a result, as networks became more
complex and applications such as Voice-Over-IP, Video-Over-IP, and web applications demanded more
bandwidth, the limitations of this flat design became more obvious.
Ciscos Three-Layer Hierarchical model was the response to this need for better functionality
through design. Each layer of the model is involved in specific functions and is typically defined by a
particular type of device. The three layers of the model from bottom up are Access, Distribution, and Core.
These layers are explained in the following sections and illustrated
The Access layer is the layer closest to the users, where they attach to the network. The Access
layer device could be a router if the network is very small, but it is typically a hub or layer 2 switch. The
Access layer is sometimes called the desktop layer because it deals with connecting workstations to the
network. Frames are delivered to the users at this layer.
The Distribution layer separates the Access layer from the Core layer, implements network
policies, and provides many networking services such as Network Address Translation (NAT), firewall
protection, and quality of service (QoS). IP addressing hierarchy is managed at this layer through routing
policies, broadcast and multicast domains, and VLANs. (IP addressing is the process of assigning unique
IP addresses to devices on the network.) This layer typically involves routers and includes all of the router
functions. It provides almost all of the connectivity tasks required by the users, including Internet access.
The Core layer is at the top of the model and is responsible for switching large amounts of data
quickly and efficiently. To prevent slowing down the switching process, this layer should not be burdened
with security or traffic control measures or any unnecessary additional equipment. The primary device at

PHYSICAL DESIGN

this layer is a high-end layer 3 switch. This device is essentially the backbone of the network and typically
connects the users to corporate resources, servers, gateways, and the Internet (CCNA, 2014)
Device configuration and the physical LAN infrastructure should also be addressed. Cisco Prime
Infrastructure archives device configurations and provides information such as the date of last
configuration change, status of the configuration jobs, and allows you to compare current and previous
configurations. Prime Infrastructure also allows you to roll back to a previously saved configuration in the
archive if a configuration deployment fails (Cisco, 2014).

(Cisco, 2014)

PHYSICAL DESIGN

Finally device troubleshooting activities are addressed, there are a wide variety of tools available
to assist you in troubleshooting your internetwork. This includes information on using router diagnostic
commands.
Using Router Diagnostic Commands
Cisco routers provide numerous integrated commands to assist you in monitoring and
troubleshooting your internetwork. The following sections describe the basic use of these commands:
The show commands help monitor installation behavior and normal network behavior, as well as isolate
problem areas.
The debug commands assist in the isolation of protocol and configuration problems.
The ping commands help determine connectivity between devices on your network.
The trace commands provide a method of determining the route by which packets reach their destination
from one device to another.
Using show Commands
The show commands are powerful monitoring and troubleshooting tools. You can use the show
commands to perform a variety of functions:
Monitor router behavior during initial installation
Monitor normal network operation
Isolate problem interfaces, nodes, media, or applications
Determine when a network is congested
Determine the status of servers, clients, or other neighbors
The following are some of the most commonly used show commands:
show versionDisplays the configuration of the system hardware, the software version, the names and
sources of configuration files, and the boot images.

PHYSICAL DESIGN

show running-configDisplays the router configuration currently running.


show startup-configDisplays the router configuration stored in nonvolatile RAM (NVRAM).
show interfacesDisplays statistics for all interfaces configured on the router or access server. The
resulting output varies, depending on the network for which an interface has been configured.
show controllersDisplays statistics for interface card controllers.
show flashDisplays the layout and contents of Flash memory.
show buffersDisplays statistics for the buffer pools on the router.
show memory summaryDisplays memory pool statistics and summary information about the activities
of the system memory allocator, and gives a block-by-block listing of memory use.
show process cpuDisplays information about the active processes on the router.
show stacksDisplays information about the stack utilization of processes and interrupt routines, as well
as the reason for the last system reboot.
show cdp neighborsProvides a degree of reachability information of directly connected Cisco devices.
This is an extremely useful tool to determine the operational status of the physical and data link layer.
Cisco Discovery Protocol (CDP) is a proprietary data link layer protocol.
show debuggingDisplays information about the type of debugging that is enabled for your router.
You can always use the ? at command line for a list of subcommands.
(Cisco, 2014)
Like the debug commands, some of the show commands listed previously are accessible only at
the router's privileged exec mode (enable mode). This will be explained further in the "Using debug
commands" section. Hundreds of other show commands are available. For details on using and
interpreting the output of specific show commands, refer to the Cisco Internetwork Operating System
(IOS) command references.

PHYSICAL DESIGN

Proposed Cisco Three-Layer Hierarchical Model for Evergreen Financial

PHYSICAL DESIGN

References
CCNA, (2014) Retrieved April 16, 2014 from
http://www.net130.com/ccna/ccna/Sybex%20%20CCNA%204.0%20Study%20Guide.pdfReferences
Cisco, (2014). Retrieved April 16, 2014 from
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/20/user/guide/prime_infra_ug/chgdevconfig.html
Cisco, (201). Retrieved April 16, 2014 from
http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1902.html
http://www.cpcstech.com/frame-relay-information.htm
Paloalonetworks, (2014). Retrieved April 16, 2014 from

PHYSICAL DESIGN
https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/techbriefs/network-segmentation-solution-brief.pdf

10