This report discusses the LAN network of the Auckland campus along with the sister campuses which form part of the Wide Area Network. All of the campuses employ Cisco Meraki (Cloud Computing) instead of servers for their WAN connection. The Auckland campus has been using VoIP as their protocol given that the staff use Cisco IP phones for their telecommunication needs.
The building’s network infrastructure has been mapped, with permission from the Department of Computing and its IT staff, by collecting information on the technology and network hardware that is currently being used over both the wired and wireless networks.
This report is divided into categories which are based on the structure of the network: a network overview, protocols, and networking hardware equipment. The team’s feedback and comments on the new technologies, conclusions, weaknesses and suggested improvements for providing more efficient services, are included within the relevant sections of the report.
Fig. Ntec Tertiary Group, Auckland
The Ntec Tertiary Group is a New Zealand based consortium of four education providers. These consist of the National Technology Institute (NTI), the Concordia Institute of Business, the National Institute of Education (NIE), and the National Engineering Institute.
All of these campuses have received approval from the New Zealand Qualification Authority (NZQA) as accredited tertiary providers. The headquarters of the group is located at the main campus in Auckland. They also have campuses in Christchurch, Hastings and Tauranga. Ntec is structured such that all schools within the integrated organization operate with common Directors and are subject to common quality controls.
Students at Ntec can choose to study in a variety of fields including computers, business, accounting, or health services; and receive counselling and training for the workplace. In addition, Ntec also provides English courses which include the advanced level of IELTS. Finally, they have also offered courses in the hospitality industry. Ntec’s Programmers are well equipped to move onto higher qualifications, both in New Zealand and overseas.
The colleges enjoy an academic partnership with other educational institutions such as UNITEC, the University of Northampton, and Massey University. Ntec provides a superior environment for meeting new people and is home to a multi-cultural staff who are of particular value in assisting international students to perform well. Ntec’s reputation as a provider of quality education is reflected in their NZQA external evaluation reports. Two of the schools – Concordia and the National Technology Institute – have been awarded the highest achievable Category One rating. This rating demonstrates that NZQA is “highly confident” in their educational performance.
Introduction- LAN and WAN
This section provides a basic understanding of the local area network within the Ntec Group and the Wide Area Network. As a group, the WAN connection of all campuses is structured following a star topology. The ISP distributes the main router to all campuses, which in turn delivers the Cisco Meraki-Cloud Computing networking service. The Cisco Meraki cloud architecture provides a feature set that is powerful enough for deployment in an enterprise of this size, and easy enough to be used by IT generalists without special training. It offers centralized management and acts as layer-7 device.
In the past, the main Auckland campus had only three servers: Proxy, Active Directory and File Servers for the building. After the introduction of the new technologies and services, they began using Cloud Computing which provides high-performance, application visibility while providing access to control users and devices. More information is provided in the Cisco Meraki section below.
Moving to the LAN Structure, all campuses have manageable switches and three main virtual LAN for staff, students and management (fig.1). There is a trunk line from the router to the manageable switch which connects to three virtual LAN. There is a 10 floor tower on the main campus where all the main switches are located (detailed explanation in the “switches” section below). Each floor of the building has at least two switches.
All campuses have a separate virtual LAN for Cisco IP Phones which are restricted to staff use This is serviced by a PBX phone network (Private Branch Exchange) and also used to make external calls. For Wireless Service, the Ntec Group is using the Cisco Meraki MR18 device. It is a cloud-managed wireless device.
Introduction- LAN and WAN
LAN: The main campus is using CAT6 cables throughout their local area network for both wired and wireless connections. These are also being used for the connection of switches rather than CAT5e cables because the latter provide lower performance and are not noticeably less expensive. They are also using fibre optic cables for their internet connection. Currently students are provided with 5Mb/s speed when accessing the internet. Unlimited internet service is provided for academic purposes such as Moodle or the Ntec Vital English online course. Clients are connected to the access switch through the wireless access that is closest to their location in the office, and it automatically connects to student and staff devices when they come onto the campus.
Fig 1:LAN Network Diagram of Auckland Campus
Tower A of Ntec, a building with 10 floors, currently has more than 100 switches. Levels 6, 8, 9 and 10 have 8 to 9 switches because most of the staff work on these floors. This is where department offices are located and they have printing, telecommunication and other service needs. There are six switches on level 3 and all serve a specific purpose. One is for the main switch (access point), the second is a backup switch (Tower B&C), and another is a phone switch. The other switches will be discussed in the switch section. For routers, they have one ISP Router (ORCON) Cisco and it is also located on level 3. They do not have an active directory.
WAN: As shown in Fig 2, the Wide Areaenvironment is connected in a star topology network which is managed by ISP. Each campus has single link to the ISP cloud. The only campus which has no access is the Hastings Campus of the Ntec group. All campuses are connected by the Cisco Meraki Cloud service rather than servers. They do not have active directories on campus.
VPN connection from the main campus is connected to other campuses throughout, linked with Virtual LAN 100 as shown in fig 3.2. All campuses have three Virtual LANs; one is for management, the second for staff and the third for students.
Fig 2: Wide Area Network Diagram of Ntec Campuses.
ISP Cloud Computing
In simple terms, cloud computing can be explained as the storing and accessing of data over the internet rather than through a computer’s hard drive. The “cloud” is a graphic depiction of the internet. It dates back to the past, to the flowcharts and presentations that would represent gigantic servers. Cloud computing basically means the delivery of on demand computer resources. The Ntec group’s network management is cloud based.
Fig 3:Diagram of Cloud Computing
Cloud computing has nothing to do with a hard drive. Data can be stored and retrieved within the hard drive but this is referred to as local storage computing.
Anything that allows for easy and faster access to data is a benefit not only to the individual user, but to others on the local network. Working off a hard drive was the norm in the computer industry years ago, but it would be difficult to argue that it is a superior system to cloud based computing.
The cloud is about not having a dedicated network-attached storage (NAS) and having to have both the hardware and the sever on site. Storing data on home and office networks doesn’t count when you are using the cloud.
Cloud computing requires your data to be synchronized with other information over the web.
Bringing new applications to the market more quickly, uploading new applications to the cloud in minutes, and reducing the complexity of dealing with middleware are but a few of the benefits of PaaS. And don’t forget Infrastructure as a Service (LAAS), where players like Amazon, Microsoft, Google, and Rack provide a data cache which can the rented out by other companies like Netflix. They provide services to you because you’re a customer within the cloud services provided by amazon.
In the past, Meraki was a company that provided products for large scale, wired and wireless networks. It was built from the ground up for cloud networking. Meraki is a Greek word that means ‘doing something with passion and soul’. Meraki is now part of Cisco. In 2012, Cisco acquired Meraki, forming Cisco’s new Cloud Networking group. Cisco acquired Meraki to provide scalable, easy-to-use networking solutions for customers looking to simplify their network infrastructure.
The Ntec Tertiary Group is using Cisco Meraki Cloud services in all of their branches. Meraki offers a complete cloud managed “product family” which includes wireless LAN, Ethernet switches, security appliances, and mobile device management. These eliminate a lot of the complexity found in the newer networks which depend so heavily on devices and applications. It brings the benefits of the Cloud to branch networks like Ntec, delivering easy to manage wireless, switching and security solutions.
Fig 4: Different Appliances of Meraki
The “Cloud Networking Architecture” of Merakiprovides centralized management and control without the heavy price-tag and complications that come with controller appliances or overlay management software. Cisco Meraki comes equipped with centralization, layer-7 device and real time web-based diagnostics, monitoring and reporting.
Cisco Meraki is relatively easy to set up. The following shows some of the benefits of the system in terms of start-up:
- Cisco Meraki wireless APs, switches and security appliances are deployed onto the campus and remote branches.
- Meraki devices automatically connect to the CISCO Meraki cloud over SSL, register with the Ntec network, and download their configuration.
- It has complete visibility and control over the entire network through the web. It can configure thousands of devices and run diagnostics with a few simple clicks.
- VPN configuration is automated by the cloud. Firmware updates and application signatures are deployed over the web.
- Cloud based centralized management does not require on-site controller hardware (see fig 5).
Fig 5: Network Diagram shows Centralized management of Cisco Meraki
Cisco Merakicloud-managed architecture enables plug and play branch deployments and provides centralized visibility and controls across all of the distributed locations. Each device downloads its configuration via the Cisco Meraki cloud, applying the Ntec network and security policies automatically. There is no need to provision on-site. Meraki also provides a web based dashboard (as shown in fig 6) which gives visibility and control over any number of Meraki devices, anywhere is the world.
The Meraki tools make policy changes, firmware updates, and deploys the entire system to new branches. The Meraki device is built especially for cloud management, and comes with memory and CPU resources to perform packet processing, QoS, layer 3-7 security, and encryption at the network point. Meraki’s cloud platform is designed to spread storage across independent server clusters in different geographic data centres.This is very important in a workplace like Ntec because it means that any server or data centre can fail without affecting customers or the rest of system.
Live tools are integrated directly into the dashboard, which gives an instant analysis of performance and connectivity. Network administrators don’t need to go on site to perform routine troubleshooting tests.
Fig 6: Cisco Meraki Dashboard showing Layer-7 Application visibility
Troubleshooting tools such as traceroute and throughput, in addition to packet captures, are integrated directly into dashboard. This enables troubleshooting at remote locations without on-site IT staff.
Merakiwas built for distributed networks like the one in place at Ntec, providing control over users, content and application at any location. It blocks unwanted traffic with CIPA compliment filtering. Cisco Meraki also provides insight into the users on the network, identifying clients by device type and even by username. You can even block clients from accessing clients the network with in single click.
Cloud management is cost effective for Ntec because there is no need to visit each location, log into switch consoles and manually perform switch maintenance. The system helps in reassigning VLANs, enabling PoE (Power over Ethernet) and can enable or disable group of ports.
Meraki continually tests for WAN connectivity and the dashboard provides notification about problems via emails. It also provides diagnostics for troubleshooting from any browser.
There isalso an administration feature that appoints personnel for specific subnets of an organization and provides “read-only” access to reports and troubleshooting tools. The Dashboard also keeps track of the time, IP and approximate location of whoever is logged in as administrator.
Firmwareupdates are delivered from the cloud to Cisco Meraki devices when they become available and the administrator can schedule a time for the devices to download and install the new version.
Fig7: Screenshot of Switch fabric across branches in Cisco Meraki dashboard
Network topology is the way various elements (links/nodes etc.) are distributed within a computer network.
Fig 8: Star Topology
As discussed in the ‘introduction WAN/LAN’ (above), The Ntec Group has a star topology network for LAN as well as for their Wide Area Network.
The ISP cloud act as a centralize management system/device and through this, three ISP routers are connected with each campus in Ntec group. The other switches and workstations act like nodes. If a single router stops working, the other campuses are not affected. This is the main advantage of a star topology network. If a centralized device, such as an internet provider, stops working however, all campuses will be affected. Another benefit of this topography is that it is easy to connect more nodes to the network without affecting the others.
The VOIP provides important benefits when compared to traditional telephone services. There is only one cable for both voice and data. This makes installation easy as there is no need for new wiring upon installation. Also, the phone number moves with the individual as it is “attached” to the phone, much like an IP address. Once programmed into the phone, the number will follow it anywhere around the world.
The Virtual Private Network adds security and privacy. When the Virtual Private Network is connected, there is no need to use encryption as there was on the dial-up networking connection between Client and ISP.
Ethernet is the most popular Local Area Network (LAN) technology. It is a link layer protocol in the TCP and the IP stack and is used to describe the way in which network devices format the data that they send to other devices in the same network.
Wireless Device and Services
Wireless networking is a way for homes and businesses to lower the costs of installation and maintenance that come with using cables to connect their various devices. A wireless Local Area Network (LAN) uses radio waves instead of cables to connect devices the Internet and to other users within a network. When you connect any device with a Wi-Fi hotspot at a cafe or other public place, you are actually connecting with that business’ wireless network.
The Ntec Educational Group provides state of the art, high performance wireless internet service at its main Auckland campus for both students and staff. They use the “Oakla” speed test service to check download speed in Mbps. These tests have shown that a consistent 95.84 Mbps speed is being achieved. Currently, the main campus is using fibre optic cable for internet service. Students are being provided with a 5 Mb/s speed service. Students access wireless service through the use of a Username and Password provided by the campus.
Clients have unlimited service for academic purposes, accessing Moodle, the online Vital English course, and so forth. Wi-Fi service automatically connects to the client’s device when they enter on campus.
The Auckland campus is using the Cisco Meraki MR34as their Wireless Access Point (WAP). It is an indoor access point with the reliable performance of the cloud.
The Cisco MR34 is a dual concurrent 3×3 MIMO 802.11ac access point with a 3rd radio dedicated to security and RF management. It is designed for deployment in large offices, schools, hospitals and hotels.
The MR34 provides high performance and security. It provides 1.75 Gbps throughput with the concurrent 802.11ac and 802.11n 3×3 MIMO radios.
Fig 9:Cisco Meraki MR34 located on the ceiling at the Auckland campus
Highlights of the MR34:
- Enhanced sensitivity in power transmission.
- The Self-adjusting and zero configuration mesh.
- The application is sensitive to traffic shaping.
- The self-configuring mechanism can be “plugged and played” as patterns emerge.
The MR34 includes an integrated layer 7 packet with an inspection, classification and control engine. This means you can set the QOS policies based on traffic type.
The Meraki cloud automatically tunes the MR34’s channel function for optimal performance when radio frequencies are experiencing interference.
The Cisco Meraki provides a built-in Wi-Fi Protection system which scans continuously for threats without disrupting the client’s work.
Other WAP (test phase)
Ntec’s IT staff are testing another indoor WAP device for use on campus. It is also a Cisco product; The Cisco Meraki-MR18.
Fig 10: Cisco MR18 Wireless access point
This is also a cloud managed 2×2 MIMO 802.11n internal access point designed for use in offices, campuses, schools, hotels, hospitals and large retail stores.
- Self-adjusting, zero configuration mesh technology
- Dual concurrent 802.11n radio
- Up to 600 Mbps combine data rate4
- Self-configuring, plug and play deployment
- Optimized for voice and video
High Performance Mesh – The MR18’s advanced mesh technologies provide multi-channel routing, protocols, and a multiple gateway. The mesh improves network reliability because when there is a switch or cable failure, the MR18 automatically reverts to mesh mode, providing users with continuous service.
Self-adjusting, Self-Optimizing, Self- Configuring and Application Aware Traffic controlling –
The MR18 automatically connects with the Meraki Cloud. It is also “self-heals” by responding automatically to switch failures and is able to identify any errors.
MR18 and Meraki Cloud Management
The MR18 is managed by the Meraki cloud, with a browser-based interface that gets the user up and running quickly. Since the MR18 is self-configuring, it can be managed over the web and deployed without the need for onsite IT staff.
Fibre Media Converter
Fig 11: Model of Telecom Device located at Level-3 of Auckland Campus
A Fiber media converter is a type of device that can be used for all sorts of different applications. Its purpose is to get information out as efficiently as possible. This is the type of device which is ideal for telecom networking. It can get two different devices connected to each other through use of Fiber optic cable.
The fibre media converter is in use at Auckland campus (Fig 11). They are using this device because it connects Ntec backbone cable with chorus fiber-optic cable. This media converter is very useful when it comes to getting different connections ready for use. In addition, it helps to keep businesses from having to spend too much money on upgrades.
Hardware LAN Components
Networking cables are used to connect one device to another or connect one or two computer systems or printers. The Auckland Campus is using two cables: CAT 6 cable and Fiber optical cable. CAT6 is being used to connect switches and routers to other switches located on different levels of the same building. They are using fiber optic cable for internet service on campus, which is provided by the Chorus Telecommunication Company. Chorus has set up fibre optical cables on campus which provide fast internet speeds to clients.
Fiber Optic Cable
A fiber optic cable consists of glass threads, each of which is capable of transmitting messages using light waves.
Figure 12: Fibre Optic Cables
A fibre optic cable network operates at higher speed when compared to normal cables and carries a larger bandwidth.
List of Advantages of Fibre optical cables:
- Fibre optic cable has nearly 4.5 times as much capacity as wire cable and crosses a sectional area that is 30 times smaller.
- It is thinner and lighter than other materials. This makes it easier to install.
Category 6 cable is commonly referred as CAT6. It is comprised of four twisted pairs of cable wires for gigabit Ethernet and for the network physical layers which are compatible with Category 5/5e or Category 3 cable standards. The switches and routers are connected with cat6 cable on campus because of it gives more speed and better performance.
Fig 12: Model of CAT6 Cable
CAT6 is provided by the Association and Telecommunications Industry Association. A Cat 6 cable is used mainly for computer networks reaching at least 1 Gb, 1000 Mbps, or one Gbps of data transfer speed (DTR). The list below shows its characteristics.
- Consists of four pairs of copper wires, which are all utilized for data transfer
- Provides bandwidth of 250 MHz, speed up to 10 Gbps and may be stretched to 100 meters in length
- Provides more cross – talk voice and attenuation protection compared to previous versions of twisted pair cable.
The Cat 6 cable is supported by Ethernet networks, including 10BaseT, 100Base-TX, 1000 Base-T and 10 Gbase-t.
The Router is a device that sends data packages along a network. The router connects the two networks, LAN’s or WAN’s, with the network’s Internet Service Provider (ISP). Routers are located at a “gateway”, the place where two or more networks connect.
Currently, Ntec is using one main router provided by the Cloud ISP service. They are using the Juniper Full Flavor SRX240 model. The ISP charges companies/organizations an internet service fee. One end of the router is connected to a Cisco PBX UC560 switch, which is the setup for the Cisco IP phones (discussed above) and the other end is connected to a manageable switch (main switch) from which three VLANs are set up through a trunk line.
Fig13: Juniper SRX240 Router model placed at Ntec
The SRX240 is a secure router that supports a maximum 1.5Gbps firewall, 250Mbps IPSEC VPN, and 250Mbps IPS. The SRX240 service gateway is suited for branch distribution across multiple locations. That’s why it is being used by the Ntec Auckland campus. The network can be distributed to the other branches with secure connectivity.
- It has 16 10/100/1000 Ethernet LAN ports and 4 Mini-PIM slots.
- Support for T1,E1, serial, ADSL2, ADSL2+, VDSL, DOCSIS3, and Ethernet SFP
- Security Accelerator hardware for faster performance of IPS.
- Full UTMantivirus, antispam, Web filtering, intrusion prevention system.
- Unified Access Control and content filtering.
- Default 512 MB RAM, optional factory 1 GB DRAM and 1 GB flash default.
Comprehensive Threat Protection includes multi-gigabit firewall, intrusion detection and prevention, Network Address Translation (NAT), and quality of service (QoS).
Cloud ISP Service: Cloud internet service providers are able to sell the complete broadband packages wholesale to their customers.
These include ADSL, ADSL 2+, VDSL, VDSL2+, Premium Fibre, the ultra-fast broadband fibre, Rural Broadband Initiative, and Satellite Broadband. They are simply distributing connectivity at market rates. How they sell it to their customers, the margins they make, and the contract lengths they apply, are completely up to them.
Wireless ISP (WISP)
Fig 14: Provision of Wireless Internet Service
Wireless Internet service provides connectivity over a mesh network, or other devices built to operate over open bands between 900 MHz and 5.8 GHz. These devices also include the licensed frequencies in ultra-high frequency (UHF) bands and multichannel multipoint distribution service (MMDS) bands.
A switch is a computer networking device that connect devices together on a computer network, using “packet switching” to receive and forward the data to the destination device. Most business networks using switches to connect them with computers, servers and printers within their building, campus, or across the country.
A switch allows network devices to talk to each other more efficiently. The network switch is a multiport network bridge which uses hardware addresses to process and forward data to the data link layer (layer-2) of the OSI model.
Usually, switches use IP addresses to forward packages and these switches are known as “layer-3 switches” or “multi-layer switches”.
Switches normally come in two different types: managed or unmanaged. Managed switches have more capability than unmanaged switches but also require a skilled administrator or engineer to make the most of them.
A managed switch allows for better control of the network and of the other traffics which is moving through it. An unmanaged switch allows Ethernet devices to communicate with each other automatically by using auto-negotiation to determine parameters, and whether to use the half duplex or full duplex mode.
Fig 15: Series of Switches in Auckland Campus (Level-3, Tower-A Switches)
Ntec Group is using manageable switches in their Auckland Campus building and they have only one unmanageable switch at this time. They have a series of switches located in Tower A on level 3, as shown in above fig 15.
They have one Dell Power Connect-2748 main switch. They have another main switch which is a backup switch and set up only for Towers B & C. This one is also from DELL, A Power connect-5424.
Ntec is using VoIP protocol for voice and telecommunication services for staff on campus.
For this, they have exactly the same DELL’s 5424 for their Phone Switch. They also have another complete voice control switch from Cisco, the PBX Cisco UC560. They have one empty Patch Panel which is not in use as shown in above in fig 15. The Auckland Campus has only one unmanaged switch, a Corpo Switch- 3Com.
To summarize, Ntec has one router supplied by their Internet Service Provider which is an (ORCON) Cisco from Juniper Networks. All Switches are interconnected by CAT 6 cables and have been given specific names by IT staff for easy identification and troubleshooting. All switches we have mentioned are assigned specific IP addresses, as discussed in the protocol section.
Categories of Switches
- Main Switch DELL Power Connect-2748
The Auckland Campus has a main switch, from DELL power connect, located at level 3 of Tower A. It is a Web-Managed Gigabit Ethernet switch. It has been assigned the “192.168.89.200” IP address by the IT staff at Ntec.
Fig 16: DELL’S Power connect-2748 Switch Model.
Functions of Dell Power Connect:
- It has 48 10/100/1000 Base-T auto sensing Gigabit Ethernet switching ports.
- Supports up to 64 post based VLANs.
- 4 SFP fibre combo ports with support for 1000BASE-SX and 1000BASE-LX transceivers.
- It has Switch Fabric capacity up to 144 Gbps.
- It has both Full and Half Duplex modes.
- Main Switch No.2/Backup Switch- DELL Power Connect 5424 and Phone Switch
The backup switch is set up for Towers B & C on campus. It is labelled Main Switch no.2. Alongside it is a phone switch. Ntec is using the same type of switch for backup and phone services, a Power Connect 5424. This type of switch also supports VoIP communication which is the reason they are using it as a Phone switch.
Fig 17: DELL’s Power Connect 5424 switch models
The switch delivers 24 ports of wire-speed, Gigabit Ethernet with advanced security, and enterprise management features which help to meet all the requirements of organisations of all sizes. It provides a 48 Gbps switching capacity and 35.6 Mbps forwarding rate. DELL 5424 offers multiple options and levels of security including IP and MAC based ACLs access password protection. In terms of QoS, it supports industry standards including L-3 aware, multi-cast support and dynamic VLAN configuration.
Fig 18: Open switch model of Power Connect 5424
Support for VoIP Communication
The Power Connect 5424 brings IP telephones onto the network with switches optimized for voice over IP (VoIP) data.
- Simple deployment of VoIP devices with automatic device identification.
- Ensures that VoIP traffic is prioritized through voice virtual LAN functionality.
- Easy control of VoIP devices by using link layer discovery protocol for Media Endpoint devices.
- PBX Cisco UC560
Cisco Unified Communications US560 provides voice phone service on campus. It is a comprehensive voice and data system for businesses or small organisations like the Ntec Group and supports all of Ntec’s voice control requirements. It has been assigned the “192.168.10.253” IP address by Ntec IT staff.
The Cisco US560 is a central part of the Cisco Small Business Communications System(SBCS). It is an affordable appliance for voicemail, data communication, security, video and wireless. It supports up to 138 users and provides flexible deployment options for a wide array of IP phones.
Fig 19: PBX Cisco UC560 located at level 3 of Tower-A
Key features with Benefits:
- IP-based solution designed for small organisations/businesses with up to five sites networked with inter-office dialing.
- The Full-featured voice messaging and the automated attendant improve communications.
- The Network security is included at no extra cost, along with the Cisco IOS Firewall to protect the entry point into the network.
- The Virtual Private network is covered by IP Security (IPsec) and enables site-to-site networking.
- Unmanaged Switch- Corpo Switch (3Com-3C 16987A)
The Auckland campus has only one unmanaged switch which is a 3Com (Model no.-16987A). It has 24 ports of 10/100 M and one port of 1000 Base-SX Gigabit.
Fig 20: Unmanaged switch Model of 3Com 16987A
- Gigabit Ethernet uplink delivers affordable high-speed technology.
- Dual queues help prioritize multimedia traffic.
- Stack any two switches together through an integrated matrix port.
Fig 21:Connected switches on Different levels in Tower-A
There are another switches located on each level in Tower A, interconnected with the main switches on level 3. Each level is set up with 2 or 3 switches as shown above in figure 21. They have more than 3 switches on level 6 and level 10 as this is where most of the staff works. Levels 6 and 10 have staff rooms, printing services, and are connected with other towers on campus including the Library, Reception and IT service office.
Virtual LAN (VLAN) is the broadcast domain that divides and isolates the computer network at the data-link layer (layer-2 of OSI model). The Local Area Network (LAN) sub-divides the network into Virtual LANs after configuring a router or switch. VLANs allow the network administrator to partition their network to match the security and functionality requirements of their systems without any need to set new cables or make major changes in their current network infrastructure. IEEE 802.1Q is the standard which defines the VLANs identifier or tag, and consists of 12 bits in the Ethernet frame, creating a limit of 4,096 VLANs on a LAN.
Fig 22:LAN Diagram showing Interconnectivity of VLANs
Four VLANs have been setup on all campuses in the Ntec Group. Figure 22 shows only the VLAN setup of the Auckland campus but the diagram applies to all campuses. The VLANs are labeled VLAN01, VLAN02, VLAN10 and VLAN 100. VLAN1 is designed only for management, VLAN2 is for staff use, VLAN10 is set up for students and VLAN100 is for the VoIP. As you can see in figure 22, VLAN100s have been connected with a PBX model which is the PBX Cisco Switch (phone switch) for the Cisco IP phones.
Other VLANs are connected through a trunk line from the ISP router and managed by switch. All VLANs has been assigned IP addresses as shown in figure 22.
The management VLAN has been set up so that it is connected with both VLAN02 and VLAN10, but these VLANs (VLAN02 & VLAN10) are not connected with each other. The Management VLAN is connected with VLAN02 and VLAN10 so that users can privately manage everything related to staff and student resources. VLAN100 is a separate Virtual LAN in Ntec and not connected with any other VLAN. The same thing applies at all other branches. A Virtual Private Network (VPN) is set up on the main campus and connected by the router only to the PBX Cisco switch for added security and privacy on public and private networks. This allows all campuses to access the secure Voice calling features.
- Hardware Firewall
The security policy should clearly define the importance of maintaining a secure network. It should contain a clear plan for training employees on a regular basis, particularly the end user who has minimal computer expertise. An excellent example of this can be found at www.sans.org/resoureces/policies.
In the case of Ntec, the college security policy is a bit different as the security system is controlled by Cisco. Cisco provides a very secure network and is a world leader in the field.
A “firewall” is the term commonly used for the system that provides security for the network when making internet connections. It is the device that examines packets flowing out of the network and restricts access to the network itself. The network places a firewall between the organization and every internet connection made therein.
There is no access to the network except through the firewall. The firewall has the ability to detect and prevent attacks and can block unauthorized access attempts. A few of the commonly used types of firewall include a pack level firewall, an application level firewall, and a NAT firewall.
- Antivirus Firewall
Thebest way to provide the spread of computer viruses is to install antivirus software such as that provided by Symantec. Most organizations install antivirus software on their computers, but at the same time many people out there fail to install it on their home computers.
The antivirus software is only as good as its update, so it is critical that the software be updated regularly. It is equally important that updates be set to download automatically, or are checked on a regular basis.
Viruses are often spread by downloading files and opening those of unknown origin. the You should always check the source before downloading files from the internet (videos, music, movies etc.).
Researchers estimate that ten new viruses are developed every day making it all the more important to update the virus information file that is provided by the antivirus software.
In the case of Ntec, protection against viruses and malware is provided by Cisco.
Figure 23 Cisco ASA 5500 Series CSC-SSM
The Cisco ASA 5500 Series CSC-SSM router can scan multiple layers of compressed files, decompress the contents, scan, and then recompress before release.
The Ntec Group is currently using CAT 6 cable. I highly recommend an upgrade to CAT 7 cable because it provides more features and benefits. CAT 7 cable has more MHz and can deliver up to 600 MH. The current CAT 6 cable only goes as high as 500MHz.
Additionally, the CAT 7 cable differs from earlier Ethernet cable standards, including CAT 5 and CAT 6, by shielding its twisted wire pairings. This results in a significant improvement to noise resistance.
A change from CAT 6 to CAT 7 cables would be very welcome by the students who would then have faster access through their devices. This CAT 7 cable is expensive, but the benefits are high.
The cable cost $976 NZ dollars per meter, but the expense is minimal given to the significant boost in speed.
The Auckland campus of Ntec has some specific future plans to improve their network. They are looking forward to RTLS Services.
A Real-Time Locating System (RTLS) is used to identify and track the location of objects or people in real time. This can occur when they are in a contained geographical area. Ntec wants their system to be able to detect when a person comes on campus as a method of tracking student attendance.
RTLS forms part of the local site system and does not employ GPS or any other similar tracking service. The purpose of RTLS is to be able to constantly know the location of an identified individual or object.
This system also takes advantage of Wi-Fi networks to read and calculate the location of objects within a building. For example, this system has been used effectively in hospitals to track or detect the location of a patient or piece of medical equipment.
This Report focused on the network infrastructure of the Wide Area Network on campuses in the Ntec Educational Group – and the local area connection within the Auckland Campus. We have talked about network diagrams, hardware components and other network operating functions on campus.
The Ntec Group employs various security devices which provide encrypted data transfers across the campuses. They are using various network devices like WAP, switches and so forth to monitor their network traffic.
The Auckland campus delivers a good information system for staff and students through the setup of VLANs for various purposes, assigning a specific internet speed to students. It also employs Cisco IP Phone switches for Telecommunication services among other uses.
The main focus is on the Cisco Meraki cloud computing service, which Ntec has chosen over the use of servers. This system gives great cloud centralized service to all campuses and makes it easy for the Ntec IT Technicians to troubleshoot and maintain services for clients. All in all, the Ntec Tertiary Group has built an excellent and efficient network structure.
- Security issues from the book data communication 10 edition
- Cables from the http://www.howtogeek.com/210326/not-all-ethernet-cables-are-equal-you-can-get-faster-lan-speeds-by-upgrading
- Hardware and Firewall: From the of book Data Communication 10
Wireless Device and Services: https://meraki.cisco.com/products/wireless#models
|1 hour||Discussion of Searching companies, getting permission from them and dividing the work load between team members.|
|2 hours||Organize the work and Fixing first Appointment, Making Question to be asked from company|
|3.5 hours||Visiting Ntec and meeting IT staff, discuss regarding Ntec Infrastructure including LAN & WAN diagrams along with Protocols and ISP, Information gathering.|
|05/04/2016||Thevaindran Shathir Abdul
|4-5 hours||Exchange Ideas obtained from Meeting, Making drafts and Feasibility study, Search on Company’s networking Products and media.|
|3-4 days||Split tasks and responsibilities between group members:
Nikita- Introduction part, topology, server part and Summary
Shathir- Contents, Router, Virtual LAN and Security Issues
Thevaindran- Protocols, cables, wireless devices and Switches
|2 days||Checking tasks of each team member, exchanging individual works through Email, Discussing about more materials and keep updating report tasks.|
|2 hours||Checked and Made Final edition of report.|
Appendix- Group Meetings