Need advice on a LAN design project

[tolbyn]

Currently taking a Cisco course to get my CCNA. We've been given a project where we were each assigned a different school and have to come up with a LAN design for it. I have most of my project finished, but would like an experts opinion since I'm still trying to figure out how to configure my Main Distribution Facility and campus backbone. I feel I'm having more difficulty than I should with this project. (I'm beginning to think Networking is not for me). LOL

Anyhow, this project is due later this afternoon, tomorrow afternoon latest. I'll have my AIM open for anyone who wants to get more detail on my LAN layout. Thanks in advance!

 

[Garion]

Just post a summary here - You'll have better luck.

- G

 

[tolbyn]

Ok, this might be a long one (and a bit confusing). In my layout, I have approx 50 classrooms. Each classroom will have a minimum of 24 student workstations and 1 teacher workstation. Each classroom has 4 Cat5e cables running from a fourplex wall outlet to a Intermediate Distribution Facility. 3 of the wall outlet ports will be designated for the students (8 or 12 port hub for each wall port), 1 wall outlet port will be designated for the teacher.

The IDF's will need to service approx 10 classrooms (10 x 4 cable runs per classroom = 40), so I'm thinking of having a 48 port switch or perhaps multiple smaller port switches in the IDF's. I need fiber optic cabling from the IDF's to the MDF. Not sure what type yet, hoping to get some advice on that. I'm currently looking at 10 gigabit ethernet, but curious to know the cost difference compared to 1 gigabit ethernet.

As far as my MDF, 2 routers. One is receiving my outside service. This connects to a second router which is my firewall. This second router has 2 switches connected to it. One switch containing all my enterprise servers (DNS, e-mail, application, library, and administration servers). The second switch is my "main switch" which receives all the IDF's cable runs.

The IP addressing scheme I made up was using Class B address 170.100.0.0 and subnetting it with subnet mask 255.255.255.0. This should give me 254 useable subnets with 254 useable hosts per subnet (if I did my math correctly). I'm assigning 2 subnets per classroom, 1 for students, 1 for the teacher. As I'm told, no classroom will ever exceed more than 40 or 50 computers. If it did, they'd create more classrooms. So the subnets should have more than enough hosts and in the event that more classrooms are added, I should have more than enough subnets free to use. The enterprise servers are assigned to their own subnet. I will write ACL's to restrict access of students accessing the administration server.

This is basically what I have setup right now. Does it work? I hope it does. Is it a good setup? I really have no idea. We are free to do whatever we want on this project and we have no defined budget BUT the final cost must be feasible. I really have no idea what a "feasible" cost range would be for a typical school. A few previous semester projects I looked at ran close to $1 million dollars.

So my questions basically are "Does this overall layout work? Am I even on the right track or is this design totally worthless? What would you recommend I use for backbone cabling? How much would it cost? How would you setup the MDF to more efficiently give outside service and act as a central point for enterprise routers? What securities would you use to make sure students couldn't access certain servers/features while still allowing teachers full access? Any advice on how I might make my broadcast domains smaller? Is VLANing something I should implement with my current setup? What models of routers/switches would fit the needs of this project?"

I realize this is a lot to ask and the information I've given is slightly vague. I'm basically out on a limb just looking for any information I can use to change/improve my current design. I'm not looking for the most ingenious design, just something suitable that will do the job and still be flexible enough for expansion later on. Once again, thanks in advance to any kind soul who can help sort out this madness for this newbie network student.

 

[alrox]

do not use hubs in this network. 10gige is very expensive, and comes in 1 port blade configurations right now. You'd want gige for the switch interconnects. Something like a cisco 3548xl(or 3524xl, depending on port requirements) per classroom, with a gige uplink to your collasped core switches.

The gige link should be a dot1q trunk for a student vlan and teacher vlan, you would be routing between them with your l3 core switch/router. Another vlan/subnet would contain your DNS/mail/admin boxes.

172.100.0.0/24 is not rfc1918 and you calculated the # of hosts wrong. 255.255.255.0 subnet=254 hosts only. You could assign say, 172.16.0.0/23 to students, 172.16.2.0/24 to teachers, 172.16.3.0/24 to admin boxes.

A good IDF switch for you would be the cisco 3500 series. For your MDF/core(you do not need the traditional 3 layer switched network here, a collasped mdf/core is fine) routing switch, the 4506 or possibly A 6506/9 switch, both with a l3 supervisor card. You didn't mention wan requirements at all so I don't have a suggestion there.

Another approach and equally good is to use l3 routing switches for your IDF layer(3550 series).

 

[Garion]

Some questions..

How far from the IDF's to the MDF? This defines what flavor of fiber you need.
What protocols do you need to run? This depends on how fancy you need your routing or L3 switching needs to be.

There's a lot of way to build this kind of network, and it really depends on your budget and uptime requirements. For example, is this driven by budget or is it driven by high availability? Given that it's a school, I would assume that it's budget-driven. Most of my school project have been. *grin*

Is cabling included? If not, you should probably include an assumptions page that states that it is assumed that cabling is all Cat5 or greater.

I think you're on the right track, but I've got some adds..

One very, very important design constraint: Keep it simple. Don't try to get fancy or go overboard with enhanced features like FastEtherChannel, trunking, etc. Make it easy to install, easy to troubleshoot and stable.

In each IDF, use a single layer 3 switch. Something like a Cisco 3550 would probably be OK, a 4503 would be better (depends on cost, of course). Create one VLAN for all the teachers and one VLAN per classroom. In each classroom, use a single L2 switch - A 2900-class box would be fine. I don't see any need for gigabit uplinks between the classroom and IDF - You probably won't have enough server hardware or Internet connectity bandwidth to merit it. If you want to future-proof it, use a 3550 in each classroom instead of a 2900. So, you'd have from each room, the teacher PC plugged into the IDF switch, on the teacher VLAN (just one teacher VLAN for the whole IDF - No need for one per classroom). The 2900 would be plugged into the IDF switch on it's own VLAN. Repeat, make cookie-cutter, and you're done.

In your MDF, put in a 4503 or 4506 layer 3 switch with enough fiber ports to connect to the 3550's in the IDF and some 10/100/1000 LAN blades to hang your servers off of in their own VLAN. Skip using real "routers" - They don't have the capabilities of a L3 switch and will probably cost more, too. Be sure to include GBICS for the MDF and IDF switches, too.

You mention that you have a firewall/router for outside services. Is that the Internet? If so, I'd use a separate small router (Like a 1700 or 2600 for a T1 or a 3700 for a T3), and a separate PIX firewall. For a T1, probably a 506 and for anything faster, a 515e.

For IP addressing, yeah, definitely use a class C (255.255.255.0) for all your subnets. Makes troubleshooting easier. Be sure to consider assigning a "block" class C addresses to each IDF - Make sure you leave some overhead. Break the class C's blocks on a normal boundry - Blocks of 16 would be fine. Do something like..

.0 - .15 - MDF
.16 - .31 - IDF #2
.32 - .47 - IDF #3
etc.

Other details:

Be sure to include a routing protocol, to be able to distribute your routes across the network. EIGRP would probably be fine for this network, it's not that big.

Be sure to specify that the classroom switches should be cofigured to be end-user connections and disable trunking, channeling, spanning tree, etc. and enable BPDU guard on the switches to prevent spanning tree loops.

I think you're right on with the security - Make sure each IDF has a teacher VLAN and write ACLs on the MDF L3 switches to prevent students from accessing admin servers.

VLANS are a must, with the various switches and security requirements. Do not, however, implement any trunking unless you really need to. Schools don't usually have high-talent network engineers on staff to handle troubleshooting trunking issues. (See earlier comment on "keep it simple").

- G

 

[tolbyn]

Thanks alrox and Garion. Your information is extremely helpful. I think you hit the nail right on the head with the "keep it simple and stable" theory. This is really what I'm trying to shoot for. I really am not trying to impress them with a bunch of fancy hi-tech gizmo's. I'm still fairly early in the semester so I'm hoping they're not looking for anything extravagant. Most of the previous projects I viewed from past students were actually more vague and confusing than mine is (if you can believe it).

I just want to make sure I got everything set and I understand how it works since my instructor decided to invite professional from local IT companies to sit in our class and watch us give our presentations. I'd really hate to have them throw a question and me not have an answer.

As far as distance from MDF to IDF, it looks to be no more that 300 meters from the farthest IDF, most IDF's are within a 100-200 meter range. They are technically closer to the MDF, but since I'm running the cable through existing conduit, I have to calculate in the extra length since the cable runs are not straight lines towards the IDF's.

This design should probably considered budget driven. Although I'm not given a cap or budget range, it has to be realistic and I would assume this type of project in real-life would be budget driven. This is mainly why I've chosen to use hubs in the classrooms. I need to maintain a minimum of 1Mb service for each workstation. I can, however, add a 5-7 year plan to swap out the hubs for switches, as the need arises.

Protocols I must use are IP and IPX. Honestly, I have not even begun my study in IPX so I'm only using IP. I'm sorry I did not state this earlier but the router in my MDF that gets my outside service is really not connected to the internet, but rather connected to the "District Hub" as they call it. That Hub has direct connection to the internet. But I'm only concerned with connectivity within my own school so I only go as far as my MDF's router.

Thank you both for the recommendations on exact models I should use. You have no idea how much that helps since there's a plethora of equipment out there. I will look at the pricing on them. This design has to be "future-proof" and I would assume its more cost-efficient to spend the extra money now for the better equipment than to go cheaper and end up having to buy the better equipment later on anyway.

Here are some of the requirements:

Network design will have to continue to be functional for at least 7-10 years.
Design should allow for 100x growth in LAN throughput, 2x growth in WAN core throughput, 10x growth in District Internet Connection throughput.

What would you say is a reasonable budget range for this type of project? Someone told me that around $40,000-$50,000 is a usually budget for schools, but seems like most projects are going into the HIGH six figures. Can anyone confirm that? Thanks again for all your help and for not totally bashing me for my lack of knowledge. Much appreciated.

 

[Garion]

I think that the 100X upgrade is based on a move from 10BaseT to gigabit. Since you don't ever really buy 10BaseT anymore, it's not a realistic goal, unless your prof wants you to install an outdated network simply to fulfill a paper requirement.

Running from 7-10 years is a bit of a stretch. Sure, it could do it, and the 2900's in the classrooms could be upgraded to a gigabit backbone to the IDF, but you'd have to replace the IDF switch. No biggie, it's just ten switches and they could be re-used in more classrooms

With 300 meters, you can use multi-mode fiber. This is good - Cheaper than single mode.

Costs: You'll need 50 classroom 2950-48's at about $3,200, or $160,000. Ten IDF 3550-24 w/ L3's at about $4,000 is $40,000. One 4503 is about $30,000, probably about $10,000 worth of cables and misc., totals to about $240,000. This doesn't include any kind of router for your external connection - Without more details, it's hard to spec it. I'd guess a 3600 would probably do the trick, call it $10,000 if you had to guess. That's a high guess. Add cabling costs and you're done.

One other note that I missed before. Don't ever, ever just pick a random IP subnet. Using something like 170.100.0.0 that's a real address makes beer companies very mad at you (Pop quiz - Why?). Always use RFC 1918 address space - Addresses reserved for use off the Internet. I'd use 192.168.0.0, the RFC1918 class B. Although, in reality, your school district would likely assign you addresses to use that are compatible with their WAN.

Oh the IDF->MDF, forget 10Gigabit. You need massive hardware to run it. I'd just stick with a single gig link over multimode fiber.

- G

 

[Buddha Bart]

Pop quiz - Why?

I bet their WAN is a crazy beast.. Unless maybe all their distributers VPN in over the net.

bart