The University Has Recently Leased A Building In Adelphi Mar

The University Has Recently Leased A Building In Adelphi Maryland T

The University has recently leased a building in Adelphi, Maryland. The building will house offices, classrooms, a library, and computer labs. It measures 240 feet in length, 95 feet in width, and has a height of 30 feet. The structure is a two-story building, approximately 50 years old, with specific layouts for its intended use. The building is to be equipped with multiple computer labs, offices, a library, and classrooms, requiring a comprehensive network design that ensures security, efficiency, and scalability. The assignment involves designing a network that separates student and staff networks, utilizes the provided IP address space (10.11.0.0/16), and accommodates security and connectivity needs with appropriate hardware and topology choices.

Paper For Above instruction

Introduction

Designing a robust and secure network for a university building necessitates strategic planning across multiple dimensions, including IP addressing, physical layout, device selection, and security protocols. Given the building’s diverse requirements—ranging from computer labs to administrative offices—and the need to segment networks for students and staff, the proposed network architecture must be both flexible and resilient. This paper presents a detailed approach to designing such a network, emphasizing subnetting, topology selection, hardware choices, and security measures aligned with the assignments' criteria.

Network Addressing

The foundational step in network design involves subnetting the provided IP space 10.11.0.0/16. This larger network must be partitioned into smaller subnets based on room types, floors, or user groups for effective management and security. The goal is to allocate sufficient address space to each subnet while maintaining centralized control.

Subnet Allocation

- Floor 1 Computer Labs: Six instructional labs, each with 22 computers, totaling 132 student/faculty devices. Assign a dedicated subnet for each lab to isolate traffic.

- Student Computer Lab: One dedicated subnet for 30 student computers.

- Library: Subnets for student access (10 computers) and staff use (5 computers).

- Offices: Separate subnets for general staff offices, with each office having one computer; the Admissions Office needs a larger subnet for five computers.

- Classrooms: Each classroom with a dedicated device for instructors, potentially combined into a single subnet or individual ones depending on security needs.

- Server Rooms: Two server room subnets, one on each floor, supporting servers and network devices.

- Network Management: A management subnet for network devices and administrative access, possibly in an isolated segment for security.

| Subnet Name | Devices/Users | IP Range (Example) | Description |

|------------------------|------------------------------------------------|------------------------------|----------------------------------------------|

| Floor 1 Labs 1-6 | 6 labs x 22 computers each | 10.11.1.0/27–10.11.6.0/27 | Segregated labs for instruction |

| Student Lab | 30 computers | 10.11.7.0/27 | Student access for homework |

| Library Student | 10 computers | 10.11.8.0/28 | Student use in the library |

| Library Staff | 5 computers | 10.11.8.16/29 | Library staff computers |

| Offices (general) | Varies (assumed 10) | 10.11.9.0/28 | Staff offices |

| Admission Office | 5 computers | 10.11.9.16/29 | Special office with several staff computers|

| Classrooms | 5 instructor computers | 10.11.10.0/29 | Faculty instruction devices |

| Server Rooms | Servers and networking devices | 10.11.11.0/28 | Essential server infrastructure |

| Network Management | Network administrators and network devices | 10.11.12.0/29 | Management and security |

Subnet Mask:

Each subnet uses a /27 (255.255.255.224) mask for groups up to 30-32 devices, /28 (255.255.255.240) for smaller groups, and /29 (255.255.255.248) for critical or small device groups.

Physical Network Design

Topology Selection

A star topology is most suitable, centralizing network management and simplifying troubleshooting. It involves connecting all devices to a central switch or grouping switches in a hierarchical manner to ensure fault isolation and scalability. The core switch connects directly to network infrastructure, with intermediate switches distributed across floors to connect local devices.

Media Selection

Given the requirement for physical cabling, high-quality category 6 Ethernet cables are optimal for supporting gigabit speeds up to 100 meters. For the greater distances (e.g., from core switches to access switches), fiber optic cables (such as OM3 or OM4) are recommended to maintain high bandwidth and reduce electromagnetic interference, especially over longer runs within a 50-year-old building.

Network Connecting Devices

- Core Switch: A high-capacity switch in the server room, supporting the aggregation of all floor switches.

- Distribution Switches: Managed switches on each floor, connecting departmental subnets.

- Access Switches: Smaller switches in various rooms, connecting individual computers.

- Routers: One main router in the server room for connecting the internal network to the Internet, with ACLs to enforce security zones.

- Firewalls: To enforce security policies separating the internal network from external access and between student and staff networks.

- Wireless Access Points: Placed in the Student Lobby for WLAN access, connected via PoE-enabled switches.

Physical Layout of Computers

The layout will plan cable runs from computer locations to the respective switches, preferably routed through ceilings or cable trays for safety and organization, with outlets situated in each room matching the subnet allocations.

Additional Servers and Network Devices

- Dedicated DNS and DHCP servers for dynamic IP management.

- Network security appliances, including intrusion detection/prevention systems (IDS/IPS).

- Backup servers in the server room.

- Load balancers for VPN and secure remote access.

Justifications

- Subnetting allows isolated traffic, improving security and performance.

- Star topology offers easy management and fault isolation.

- Category 6 cabling supports high-speed connections and future-proofing.

- Managed switches enable VLANs, QoS, and security policies.

- Segregated student and staff networks protect sensitive data and comply with data protection standards.

- Firewalls ensure centralized security policies, while VLANs limit broadcast domains.

- Wireless access in common areas provides flexibility without sacrificing bandwidth.

Security Strategies

Implementing VLAN segmentation to isolate student and staff networks prevents unauthorized access and limits the spread of threats. Deploying robust firewalls between subnets and at ingress points ensures controlled access and monitoring. Employing network access control (NAC) and secure authentication methods (RADIUS, WPA2/WPA3 for wireless) enhances overall security. Regular updates, intrusion detection, and network monitoring systems further safeguard the network assets.

Conclusion

The proposed network design for the university building leverages structured subnetting, appropriate hardware, and topology choices tailored toward accommodating a high number of devices securely and efficiently. By focusing on network segmentation, secure hardware infrastructure, strategic cabling, and security policies, the design ensures reliable operation, scalability, and protection of sensitive data, aligning with university requirements and best practices in network architecture.

References

  • Feinstein, S. (2010). Network Security Essentials. Wiley.
  • Stephens, M., & Elliott, R. (2017). Cisco Networking Academy. Cisco Press.
  • Kurose, J., & Ross, K. (2017). Computer Networking: A Top-Down Approach. Pearson.
  • Odom, W. (2014). CCNA Routing and Switching 200-120 Official Cert Guide. Cisco Press.
  • Preston, P. (2018). Ethernet Networking. Network World.
  • Stallings, W. (2016). Data and Computer Communications. Pearson.
  • Ahmed, M., & Mahmood, A. (2018). Network Design Principles. IEEE Communications Surveys & Tutorials.
  • Verizon. (2020). Guide to Modern Network Security. Verizon.
  • Juniper Networks. (2017). Network Security Best Practices. Juniper.
  • Federal Communications Commission. (2019). Securing Local Area Networks. FCC.gov.

Related Assignments