Slide 1
Assignment 2: Enterprise Network and System Design
10 Local Workgroups
VLANs
Internet
Switch
Stack1
Server block
for Internet
HQ-GW
Server block
for Partne
Firewall
BR2
HQ-PR
Partner1
BR1
Mobile users
Switch
Stack2
Server block
for Intranet
Switch
Stack3
Switch
Stack4
XXXXXXXXXX/24)
XXXXXXXXXX/30
Draft Design
Task A (Task A _Answer Table)
Task B HQ (Campus network three tier model design) redesign not the above diagram but the separate picture file provided into a three-tier model design
Task C and D (Layered defenses, Server Farm and Services high availability) Answer Table
Task E (Internet Edge Block policy) Answer Table
1
Assignment 2 major tasks:
IP Address Scheme design. Major network number: 172.2X.0.0/16 for private domain XXXXXXXXXX/22 for public domain. (X=Last digit of your student ID)
XXXXXXXXXXLocal User VLANs: each VLAN has MAX. 200 hosts
Intranet Servers: 100 servers XXXXXXXXXXInternet Servers: 85 servers
extranet Servers: 10 servers
HQ Internet access: 20 public IP addresses
BR1 Internet access: 10 public IP addresses, LAN: 20 users
XXXXXXXXXXBR2 Internet access: dynamic, 1 public IP address, LAN 10 users)
Enterprise blocks (Server block, User block, Internet Edge block, Remote Access Block, Management Block, etc.). HQ Campus network three tier model design.
Security Protect options (layered defenses).
Server Farm and Services high availability.
Internet Edge Block policies.
My student id ends with 0 so in this case X = 0
2
Ru
ic:
Each Task counts 4 points as the following.
Participation/Submission: 1 point
Explanation of your design: 1 point
Accuracy of Design Specification: 2 points
Sheet1
Assignment 2 IP address Scheme Design
XXXXXXXXXX/16 for private domain
XXXXXXXXXX/22 for public domain
Network Network ID Subnet Mask Gateway IP address Notes
Private Address:
Public Address:
Server block
for Intranet
Server block
for Internet
VLANs Server block
for Partne
Task C
Assignment 2 Task C
Security Protect options (layered defenses).
Name Tech. Specifications Description of Security Protection Notes
STP Protection 1. BPDU Guard XXXXXXXXXXRoot Guard (put interfaces into untrust mode) 1. Prevent one Swicth port from receiving and trusting BPDU messages. 2. Prevent one Switch port from trusting new Root Bridge's superior BPDUs. In case of either case, the port is set in E
Disable state Enable it on the switch ports that are facing to open environment.
Task D
Assignment 2 Task D
Service High Availability
Name Tech. Specifications Description of HA Notes
Internet Multihoming 1. Failover (in case one ISP connection is down) XXXXXXXXXX2. Load Balancing (Utilize multiple routes to forward packets from and to Internet) Connecting to Two ISPs to avoide the single point failure There are four Internet Multihoming options for design consideration.
Task E
Assignment 2 Task E
Edge System Policies
Name Tech. Specifications Description of the polocy Notes
NAT for Internet Access 1. Static NAT or PAT for Internet Servers Access XXXXXXXXXX2. Dynamic PAT for clients 1. Static NAT or PAT for Internet Servers Access (helping Internet users to address the services) XXXXXXXXXX2. Dynamic PAT (helping HQ local users to access Internet) NAT polices makes Internet accessible for local clients, also helps to prevent servers IP Traceability from Internet hackers and attackers.