by

H.B.O. Systems
July 13, 2000

Presenters: Janet Hughes, John Banister,

Karen Oliver

Design Team Goals

Provide the best QoS for cost
Facilitate high quality training
Assist in planning for future growth and
development:

1000% LAN growth

100% WAN growth
Network life span of 7 to 10 years

Local Area Network (LAN)

Infrastructure
3 Servers
1 Enterprise Server
Student & Staff Directory, Application Services
(Microsoft Office, etc.), DNS/E-mail, Library
Services, Novell Netware

2 Workgroup Servers
Student - Curriculum Applications
Administrative - Grades, Attendance, Student
Information

LAN Infrastructure Continued

Main Distribution Facility (MDF) located near Point
Of Presence (POP)
Vertical Cable to Intermediate Distribution Facility
and Portable Classrooms
Fiber
Meet EIA/TIA 568 cable standards
Horizontal Cable
Minimum of Cat. 5 Unshielded Twisted Pair (UTP)
cable
Accommodate 100 Mbps
Meet EIA/TIA 568 cable standards

LAN Infrastructure Continued

Classrooms
4 Cat. 5 UTP drops
24 student stations with at least 1 Mbps
bandwidth
Each student drop will have a 12 port hub
connected
1 teacher station with at least 1 Mbps bandwidth

Lockable Cabinets

Building A East

Main Distribution Facility (MDF)

Building A West

Intermediate Distribution
Facility (IDF)

Point of Presence (POP)

Building A East

Multi-Purpose Building

Double Portable Classrooms

1E

Building A East
-MDF Physical
Topology

2E

3E

Main
Distribution
Facility
(MDF) &
Point of
Presence
(POP)

5E

4E

To IDF-1

7E

6E

8E

100 Base SX - MultiMode Fiber Backbone

9E

10E

11E

To IDF-2

12E

Indicates 100BaseTX To Classrooms

Indicates Fourplex Wall Mounts

Main Distribution Facility

(MDF)

This is an example of a
ladder rack

Building A West - IDF-2 Physical Topology

100BaseSX Fiber Cable From MDF
Indicates 4 -100BaseTX To Each Room
Indicates Fourplex Wall Mounts
IDF

1W

2W

3W

4W

5W

12W

13W

25W

24W

23W

22W

6W

7W

11W

10W

9W

14W

15W

16W

21W

8W

17W

20W

18W

19W

Building A West - IDF-2 Physical Topology - Option 2

100BaseSX Fiber Cable From MDF
Indicates 4 -100BaseTX To Each Room
Indicates Fourplex Wall Mounts
IDF

Multi-Purpose Building - IDF-2 Topology

Indicates Fourplex Wall Mounts
Indicates 4 -100BaseTX Cables To Each
Classroom
Indicates Switch in each portable

(IDF)
100BaseSX -Fiber
Backbone Coming
From MDF Going
To IDF

Indicates 100BaseSX from

IDF to Portable

Portable Classrooms

Example of a distribution rack

which will be placed in the Main
Distribution Facility (MDF) and
the Intermediate Distribution
Facility (IDF)

Items that may be

placed in a
distribution rack are:
Router
Switches
Hubs
File Servers

C r e a t e d w ith V is io

C r e a t e d w it h V is io

Classroom
Hubs

C r e a te d w ith V is io

Fourplex
Wall
Mounts
Decorative Raceway
Containing Wire Runs for
Student Workstations

Instructor Drop
Teacher Station

Classroom Printer

Typical Classroom
Computer Layout

WAN Topology to Mountain Sky

Elementary
Cisco 7576 Router
Serial Link

Cisco 7576
Router

Phoenix N.W. C.O.

Serial Link

Data Center

Greenway C.O.
Service Center

4-T1 Lines - 1.544

Mbps each

1 T1 Line - 1.544
Mbps

Cisco 7576
Router
Serial Link
Sunnyslope CO

Cisco 7576 Router

Shaw Butte
School

Serial Link
Mountain Sky
Elementary

Greenway C.O.
Service Center

Cisco 7576 Router

Indicates 100BaseTX cable

Virtual Local Area Network 1
(VLAN 1)

Enterprise
Server

Virtual Local Area Network 2

(VLAN 2)
Student/Curricul
um Server

Administrative
Server

Indicates 100 Base SX

from switch to IDF

IDF-1

(33 - 12 port
hubs)

IDF-2

Located in MDF
Cisco 5500 stackable - 312 Port
Switch
100BaseSX Fiber from MDF to IDF

Indicates four 100BaseTX cables

Each classroom with have 3 - 12 port hubs

Located in
MDF
100 Base SX Fiber from MDF
to IDF
IDF-1

Indicates four 100BaseTX cables

Each classroom will have 3 - 12 port
hubs

Cisco 1900 - 24 port switch - 1

in each portable classroom

 Users will be restricted through the use of

VLANs
Every administrative node gains server rights
through a user password
Access outside the LAN is through the District
Office
Outside access to LAN is prohibited through
the use of access lists
Firewalls are utilized through access lists
locally and globally

IP ADDRESS ASSIGNMENTS
S0
District Office

190.191.10.3

S1

S2

190.191.10.2

190.191.10.1

Greenway Center 192.191.128.3

192.191.128.1

192.191.128.2

SunnySlope

191.191.0.2

191.191.0.3

191.191.0.1
S0

Mountain Sky

220.100.10.1

E0
220.100.10.3

Curriculum Subnet Address 220.100.10.2

Administrative Subnet Address 220.100.10.3

E1
220.100.10.2

Network Address Translation

Network Address Translation (NAT) is designed for IP
address simplification and conservation, as it
enables private
IP internetworks that use nonregistered IP
addresses to connect to the Internet. NAT operates
on a router, usually
connecting two networks together, and translates
the private (not globally unique) addresses in the
internal network into
legal addresses before packets are forwarded
onto another network. As part of this functionality,
NAT can be
configured to advertise only one address for the
entire network to the outside world. This provides
additional security,
effectively hiding the entire internal network from
the world behind that address. NAT has the dual

Access List Policy

External Threats:
Internet connectivity will utilize a double firewall with all
internet-exposed applications residing on a public backbone
network.
All inbound traffic from the internet into the schools
private network will not be blocked by the double firewall.
No traffic from the curriculum LAN will be permitted into
the Administrative LAN.

Access List Code

RouterA(Config)# Access-list 100 permit ip 192.191.128.0
0.0.0.255
RouterA(Config)# Access-List 100 permit ip 191.191.0.0
0.0.255.255
RouterA(Config)# Access-List 100 deny ip 190.191.10.1 0.0.0.0
RouterA(Config)# Access-List 100 permit ip 0.0.0.0
255.255.255.255
RouterA(Config)# Int s0
RouterA(Config-if)# Access-group 100 in

Access List Code (cont)

RouterA(Config)#Access-List 101 deny ip 200.100.10.3 0.0.0.0
RouterA(Config)#Access-List 101 permit ip 0.0.0.0 255.255.255.255
RouterA(Config)#Int e0
RouterA(Config-if)#Access-group 101 in

 1 Router
Cisco 7576
3 File Servers
Super Micro
Intel Pentium III Xeon - 400 Mhz.
3 - 13 Slot Switches
Cisco 5500
3 - 24 Port Switches
Cisco 1900 with Enterprise software
44 Hubs
Cisco 400 Fast Hubs - 12 port

25,928.12
12,797.85

83,376.00
4,500.00
895.00

 3 Uninterupted Power Service UPS

1,379.97

Back Ups Pro 1400

3 Patch Panels
650 ft. 100BaseSX Cable
17,360 ft. Cat. 5 UTP 100BaseTX
6 Equipment Racks
44 Lockable Cabinets (250.00ea)

375.00
2,800.00
2,664.00
660.00
11,000.00

 Decorative Molding Wire Outlets

Raceway System

4,667.00
3,080.00

 Staff Training
60,000.00
Installation ( 200 drops x 250.00 ) 50,000.00
Equipment
40,000.00

T-1 Line Installation

T-1 Line Service - per year
Construction
Installation

1,500.00
6,695.00
25,600.00
45,000.00

 Equipment
Construction
Supplemental

146,375.94
78,796.00
150,000.00

Total
$375,171.94

Disadvantages
Intensive initial setup
VLANS/Trunking
Training
Costs/Logistics
Portable Classrooms

Advantages

Hierachical design
Supports multiple platforms
IP
Ease of security through VLANs & Access Lists
Increase bandwidth distribution
1 Gb multi-mode fiber to increase bandwith and
speed
No extra fiber run
100 Mbps copper cable which in creases
bandwidth over 10 Mbps