the washington school district mike, mark, joy, armando, & mona
TRANSCRIPT
The Washington School The Washington School DistrictDistrict
Mike, Mark, Joy, Armando, & Mike, Mark, Joy, Armando, & MonaMona
OverviewOverview R E Miller, Acacia, Desert View, R E Miller, Acacia, Desert View,
& Mountain Sky& Mountain Sky Class B AddressClass B Address WAN - PPP, Frame Relay, ISDN, WAN - PPP, Frame Relay, ISDN,
OSPFOSPF LAN - Extended Star, TCP/IP, IGRPLAN - Extended Star, TCP/IP, IGRP SecuritySecurity CostCost
AddressingAddressing Class B - 145.29.0.0Class B - 145.29.0.0 VLANS for Administrative and VLANS for Administrative and
StudentsStudents Administrative and network Administrative and network
printers will be staticprinters will be static Students will use DHCPStudents will use DHCP
Class B 145.29.0.0 Subnet mask - 255.255.255.0 Used 8 bits for subnets (total usable 254) 8 Bits left for hosts/subnet (total usable 254)
145.29.1.0 - 145.29.10.0 Wan routers
Desert View145.29.20.0 - 145.29.24.0 E0=145.29.20.1 Admin Addresses 145.29.20.100 - 145.29.20.254 Students 145.29.21.0 Printers 145.29.22.0
Mountain Sky145.29.30.0 - 145.29.34.0 E0=145.29.30.1 Admin Addresses 145.29.30.100 - 145.29.30.254 Students 145.29.31.0 Printers 145.29.32.0
RE Miller145.29.35.0 - 145.29.39.0 E0=145.29.35.1 Admin Addresses 145.29.35.100 - 145.29.35.254 Students 145.29.36.0 Printers 145.29.37.0
Acacia145.29.25.0 - 145.29.29.0 E0=145.29.25.1 Admin Addresses 145.29.25.100 - 145.29.25.254 Students 145.29.26.0 Printers 145.29.27.0
WANWAN T1 using Frame Relay to the InternetT1 using Frame Relay to the Internet
4 T1’s between District Office, Shaw Butte, Service Center4 T1’s between District Office, Shaw Butte, Service Center– upgrade to DS3 for growthupgrade to DS3 for growth– PPPPPP
T1 from each school to its District hubT1 from each school to its District hub– Backup TSU ESPBackup TSU ESP
Each District hub will be an Area Border Router; this Each District hub will be an Area Border Router; this provides for the requirement of one AS numberprovides for the requirement of one AS number
Additional router at Data Center going to the Internet, Additional router at Data Center going to the Internet, along with access lists fulfills requirement for double along with access lists fulfills requirement for double firewall.firewall.
Area Border RoutersArea Border Routers
Frame Relay
INPUTOK
FANOK
OUTPUTOK
INPUTOK
FANOK
OUTPUTOK
IN PU TOK
FA NOK
OU T PU TOK
IN PU TOK
FA NOK
OU T PU TOK
IN PU TOK
FA NOK
OU T PU TOK
IN PU TOK
FA NOK
OU T PU TOK
PPPPPP
PPP
E1E0
WEBSMTPFTPDNS
WAN OVERVIEW
Firewall
DistrictOffice
ServiceCenter
ShawButte
4 T1's4 T1's
4 T1's
LAN LAN
– Gigabit BackboneGigabit Backbone– Fiber from MDF to each BLDGFiber from MDF to each BLDG– Fiber from IDF to IDF and from MDF to Fiber from IDF to IDF and from MDF to
IDF within buildingIDF within building– Router connects WAN link (T1) and Router connects WAN link (T1) and
provides security and routing for provides security and routing for VLANSVLANS
LAN (cont’d)LAN (cont’d)
MDF - switch with router MDF - switch with router capabilitiescapabilities– Server CentralServer Central
DNS/DHCPDNS/DHCP EmailEmail AdministrativeAdministrative StudentStudent PrintPrint Application and CD Stack Application and CD Stack Misc. - DLT Tape Drives, UPS, RacksMisc. - DLT Tape Drives, UPS, Racks
LAN (cont’d)LAN (cont’d)
IDFIDF– 7 drops to each class 7 drops to each class – 28 ports - students (24), teacher (3), 28 ports - students (24), teacher (3),
network printer (1)network printer (1)– 100Mbps to each node100Mbps to each node– full duplexfull duplex
INPUTOK
FANOK
OUTPUTOK
INPUTOK
FANOK
OUTPUTOK
a b e f a b e fc d g h c d g h
i j m n k l o p i j k l m
IDF#1 IDF#2 IDF#3 IDF#4
MDF / IDF
SouthBuilding
NorthBuilding
Multi-PurposeBuilding
RE Miller
RE MillerRE Miller
RE Miller RE Miller (cont’d)(cont’d)
RE Miller RE Miller (cont’d)(cont’d)
SecuritySecurity
Administrative user ID and Administrative user ID and PasswordPassword
VLANSVLANS Access ListsAccess Lists
VLANSVLANS VLAN 1 - AdministrationVLAN 1 - Administration VLAN 2 - StudentsVLAN 2 - Students Configure ports on switch for each Configure ports on switch for each
VLANVLAN– use ethernet sub interfaces - E0/1use ethernet sub interfaces - E0/1
Configure uplinks to trunk each VLANConfigure uplinks to trunk each VLAN Full duplexFull duplex Use Spanning Tree Protocol (STP)Use Spanning Tree Protocol (STP)
– creates a transparent switchcreates a transparent switch
VLANS (cont’d)VLANS (cont’d)
IGRP - AS#IGRP - AS#(Internet Assigned Numbers Authority)(Internet Assigned Numbers Authority)
Configure router with virtual Configure router with virtual interfacesinterfaces– virtual ethernet sub interfaces must virtual ethernet sub interfaces must
be configured to match switch be configured to match switch ethernet sub interfacesethernet sub interfaces
– this is needed because of the 5500 this is needed because of the 5500 series router/switch we are usingseries router/switch we are using
Access ListsAccess Lists Used for double firewallUsed for double firewall WANWAN
– use access lists to allow traffic from Internet and Intranet use access lists to allow traffic from Internet and Intranet to access servers located in DMZto access servers located in DMZ
– examples:examples: access-list 101 permit tcp any any eq 80 in S1access-list 101 permit tcp any any eq 80 in S1 access-list 101 permit tcp any any eq 25 in S1access-list 101 permit tcp any any eq 25 in S1 access-list 101 permit tcp any any eq 53 in S1access-list 101 permit tcp any any eq 53 in S1 access-list 101 permit tcp any any eq 21 in S1access-list 101 permit tcp any any eq 21 in S1 access-list 101 deny tcp any anyaccess-list 101 deny tcp any any access-list 101 deny udp any anyaccess-list 101 deny udp any any
access-list 102 permit tcp any any eq 80 in E1access-list 102 permit tcp any any eq 80 in E1 access-list 102 permit tcp any any eq 25 in E1access-list 102 permit tcp any any eq 25 in E1 access-list 102 permit tcp any any eq 53 in E1access-list 102 permit tcp any any eq 53 in E1 access-list 102 permit tcp any any eq 21 in E1access-list 102 permit tcp any any eq 21 in E1
Access List - LANAccess List - LAN
Access-list 105 deny tcp student subnet Access-list 105 deny tcp student subnet to administrative server and deny to administrative server and deny student access to administrative subnetstudent access to administrative subnet
example:example:– access-list 105 deny tcp 145.29.21.0 access-list 105 deny tcp 145.29.21.0
255.255.0.255 145.29.20.22 255.255.0.0255.255.0.255 145.29.20.22 255.255.0.0– Access list 105 deny tcp 145.29.21.0 Access list 105 deny tcp 145.29.21.0
255.255.0.255 145.29.20.0.0 255.255.0.255255.255.0.255 145.29.20.0.0 255.255.0.255– access-list 105 permit any anyaccess-list 105 permit any any– applied on E0 interface inboundapplied on E0 interface inbound
CostCostVENDOR ITEM NAME DESCRIPTION ORIGINAL PRICE DISCOUNTED COST QUANTITY TOTAL COST
CISCO SYSTEMS INC. WS-C2948G Catalyst 2948G Switch 48 10/100TX $4,369.99 $1,748.00 22 $38,455.91CISCO SYSTEMS INC. WS-C5500-WCFX CAT5500 Wiring Closet Bundle (5500 Chassis, 1ac, 1FX SUP II) $15,995.00 $6,398.00 7 $44,786.00CISCO SYSTEMS INC. WS-C5508 Catalyst 5500AC Power Supply $3,995.00 $1,598.00 16 $25,568.00CISCO SYSTEMS INC. C8515-MSRP C8510 MSR Switch Route Processor $18,000.00 $7,200.00 7 $50,400.00CISCO SYSTEMS INC. C85GE-1X-16K C8510 1-Port GE 16K $3,000.00 $1,200.00 7 $8,400.00CISCO SYSTEMS INC. C85MS-8T1-IMA C8500MSR/LS1010 8-port TI IMA PAM $5,095.00 $2,038.00 7 $14,266.00CISCO SYSTEMS INC. S851R2-12.0.4W C8510 ATM Software $2,500.00 $1,000.00 7 $7,000.00CISCO SYSTEMS INC. WATM-CAM-2P LightStream 1010/C5500 Carrier Module (installed) $600.00 $240.00 7 $1,680.00CISCO SYSTEMS INC. WS-G5486 1000BASE-LX/LH 'long haul' GBIC (singlemode or multimode) $1,500.00 $600.00 7 $4,200.00CISCO SYSTEMS INC. WS-X5403 C5000 Gigabit Ethernet Switching Module w/o GBICs (3 port) $4,495.00 $1,798.00 7 $12,586.00CISCO SYSTEMS INC. C5000 100BASE FX Switching Module (6 MMF/6 SMF, 12 Port) $29,995.00 $11,998.00 7 $83,986.00CISCO SYSTEMS INC. WS-X5114 C5000 24 Port Desktop 10/100 Switching Module (RJ-45) $7,495.00 $2,998.00 7 $20,986.00CISCO SYSTEMS INC. WS-X5224 Catalyst 25002/5000/5505/5500 SUPERVISOR II (100BASEFX, MMF) $10,995.00 $4,398.00 7 $30,786.00CISCO SYSTEMS INC. WS-X5506 Catalyst 4000GB ENET Module Router $2,325.47 $930.19 1 $930.19
ADTRAN VW18595 TSU ESP T1/FT1 DSU/CSU with SNMP $699.99 $280.00 21 $5,879.92CISCO SYSTEMS INC. Catalyst 2980G - Layer 2 Ethernet Switching $7,269.99 $2,908.00 7 $20,355.97
GATEWAY Gateway 7400 W2KS (Addt'l Servers) $3,285.00 $1,314.00 35 $45,990.00GATEWAY Gateway 845OR W2KS (File Server) $21,684.00 $8,673.60 4 $34,694.40GATEWAY E-3400 XL (Workstations) $1,349.00 $539.60 1050 $566,580.00
MicroWarehouse Smart UPS 1000 w/ PowerChute Plus Software $479.00 $191.60 24 $4,598.40MicroWarehouse Su1000NET PRN LaserJet 4100N 25PPM 1200DPI Network $1,549.95 $619.98 120 $74,397.60
CISCO SYSTEMS INC. C8050A#ABA Catalyst 3512 XL Standard Edition $5,495.00 $2,198.00 5 $10,990.00CISCO SYSTEMS INC. 3512-XL-A Catalyst 3548 XL Standard Edition $10,995.00 $4,398.00 2 $8,796.00
Cable & Miscellaneous Items $13,199.25 $5,279.70 4 $21,118.80
TOTAL$1,137,431.19
MM FO CABLE 62.5 / 125 MICRON 2-FIBER DISTRIBUTION 1500’
@ $399.00 PER 1000’ $598.50
MM FO CABLE 62.5 / 125 MICRON 4-FIBER DISTRIBUTION 1500’
@ $699.00 PER 1000’ $1048.50
CATEGORY 5 BULK CABLE 17500’
@ $129.00 PER 1000’ $2257.50
RJ 45’S 1300
3 BOXES @ $345.00 PER 500 $1035.00
SURFACE MOUNT BOXES 6 PORTS ON EACH 60 @ $1.79 ea. $107.40
SURFACE MOUNT BOXES 4 PORTS ON EACH 15 @ $1.59 ea. $23.85
RACEWAY 1000’ 3/4" @ $1.10 PER FT. $1100.00
RACEWAY 200’ 1 3/4" @ $1.70 PER FT. $340.00
RACEWAY FITTINGS 90’S / 45’S 150 VARIOUS @ $.89 ea. $135.50
MDF / IDF FULL SIZE 76” CABINET 1 @ $1399.00 EA. $1399.00
IDF 48” WALL MOUNT CABINETS 4 @ $699.00 EA. $2796.00
48 PORT PATCH PANEL 6 @ $179.00 EA. $1074.00
12 PORT PATCH PANEL 4 @ $69.00 EA. $276.00
3 FT CAT5 PATCH CABLES 336 @ $3.00 EA. $1008.00