A structured cabling system is a set of switching elements (cables, connectors, cross-connect panels and cabinets), as well as a technique for using them together, which allows you to create regular, easily expandable connection structures in computer networks.

A structured cabling system is a kind of “constructor” with the help of which the network designer builds the configuration he needs from standard cables connected by standard connectors and switched on standard cross-connect panels. If necessary, the connection configuration can be easily changed - add a computer, segment, switch, remove unnecessary equipment, and also change connections between computers and switches.

When building a structured cabling system, it is understood that every workplace in the enterprise must be equipped with sockets for connecting a telephone and computer, even if this is not necessary at this moment. That is, a good structured cabling system is built redundant. This can save money in the future, since changes in the connection of new devices can be made by reconnecting already laid cables.

According to the assignment, the structural diagram of the location of buildings, each of which has its own subnetwork, is shown in Fig. 2.1.

Figure 2.1 – Structural diagram of the location of buildings

The block diagram of the subnetworks of each building is shown in Fig. 2.2 – 2.3. Since there are two 5-story buildings, and they have the same amount of switching equipment and PCs, their structural diagrams are identical.

Figure 2.2 – Block diagram of the subnetwork of a 5-story building

Figure 2.3 – Block diagram of the subnetwork of a 4-story building

A block diagram of connecting subnets into one network is shown in Fig. 2.4.

Figure 2.4 – General block diagram of the network

The technology in buildings is FastEthernet, between buildings is FDDI, Internet access from each building via a radio channel.

3 Selection of equipment and cable

3.1 Selecting switches

Switch is a device designed to connect several nodes of a computer network within one or more network segments. The switch operates at the data link layer of the OSI model. Unlike a hub, which distributes traffic from one connected device to all others, a switch transmits data only directly to the recipient. This improves network performance and security by freeing other network segments from having to process data that was not intended for them.

In this course project, in each room of the buildings there are room switches - workgroup switches, on each floor - a floor switch that unites the workgroup switches of its floor, and a root switch located in the server room on the first floor, to which switches of all floors are connected.

Switching equipment (switches, routers) was selected from the manufacturer Cisco. According to Dell'Oro Group, Cisco occupies 60% of the global network equipment market, that is, more than all other competitors. This manufacturer has the widest range of all network solutions, a wide range of technologies, protocols, ideologies, both standard and and their own, allowing you to expand the capabilities of the network, the broadest troubleshooting capabilities built into almost all Cisco devices.

Based on the optimal balance between price, performance and functionality, the switch models presented below were selected from the Cisco 300 series, designed specifically for small businesses. The line includes a range of low-cost managed switches that provide a powerful foundation for supporting an enterprise network.

Cisco 300 Series Switch Features

Provide the high availability and performance needed for business-critical applications while reducing potential downtime.

allow you to monitor network traffic using such modern functions as quality of service analysis, static third-level routing, and support for the IPv6 protocol.

have clear tools with a web interface; possibility of mass deployment; similar functions in all models.

allow you to optimize energy consumption without affecting performance.

3.1.1 Workgroup switches

According to the assignment for the course work, in a 4-story building in three rooms on each floor there are 35 computers, and in two 5-story buildings in one room on each floor there are 31 computers, for connecting which the SG300-52 switch is selected, which has 48 ports (Fig. 3.1).

Figure 3.1 – Workgroup switch SG300-52

The SG300-52 switch (price: 7522 UAH), manufactured by Cisco, is equipped with 48 10/100/1000 Mbit/s ports for Ethernet networks with automatic speed negotiation for RJ45 ports, which makes installation of the device easier.

This switch provides good performance and can improve workgroup performance and network and master throughput while ensuring easy and flexible installation and configuration. Thanks to the compact size of the case, the device is ideal for placement in limited desktop space; The device can also be rack mounted. Dynamic LEDs display switch status in real time and allow basic diagnostics of device operation.

The main technical characteristics of the SG300-52 switch are presented in Table 3.1.

Table 3.1 – Technical characteristics of the SG300-52 switch

	Managed Switch
Interface	4 x SFP (mini-GBIC), 48 x Gigabit Ethernet (10/100/1000 Mbps)
	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, SNMP 2c, HTTP, HTTPS, TFTP, SSH,
Routing protocol	Static IPv4 routing, 32 routes
MAC address table	16000 records
	128 MB (RAM), Flash memory – 16 MB
Encryption algorithm
Additional features	Up to 32 static routes and up to 32 IP interfaces Layer 3 DHCP translation User Datagram Protocol (UDP) translation Smartports simplifies configuration and security management Built-in configuration utility, web-based access (HTTP/HTTPS) Dual protocol stack IPv6 and IPv4 Upgrade software
Supported Standards	IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3ad LACP, IEEE 802.3z Gigabit Ethernet, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP, and GVRP), IEEE 802.1Q/p VLAN, IEEE 802.1w RSTP, IEEE 802.1s Multiple STP, IEEE 802.1X Port Access Authentication, IEEE 802.3af, IEEE
	Internal power supply. 120-130 VAC, 50/60 Hz, 53 W.
Ambient conditions environment	Operating temperature: 0°C ~40°C
Dimensions (WxDxH)	440*260*44 mm

For two 5-storey buildings, in which the remaining rooms on each floor have 18 and 25 computers, respectively, 18 computers are selected for connection - a switch with 24 ports - SF300-24P (price: 4042 UAH), and for connection 25 computers - two switches, each with 16 ports - SG300-20 (price: 3023 UAH), which are shown in Fig. 3.2. The remaining ports are for reserve.

Figure 3.2 – Workgroup switch SF300-24P (a) and SG300-20 (b)

The SF300-24P is a 24-port managed network switch. These switches provide everything you need to run business-critical applications, protect sensitive information, and optimize bandwidth for more efficient network transfer. Plug-and-play support and auto-negotiation allow the switch to automatically detect the type of device being connected (such as an Ethernet network adapter) and select the most appropriate speed. LED indicators are used to monitor cable connections and standard diagnostics. The switch can be desktop-mounted or rack-mounted.

The SG300-20 switch is designed for small workgroups and is equipped with 18 10/100/1000BASE-TX Ethernet ports and 2 mini-GBICs. The functionality of these switches is similar to the functionality of the SF300-24P switch, since they both belong to the same Cisco 300 series.

The main technical characteristics of the SF300-24P switch are presented in Table 3.2, and the SG300-20 switch - in Table. 3.3.

Table 3.2 – Technical characteristics of the SF300-24P switch

	Managed Switch
Interfaces	24 Ethernet ports 10Base-T/100Base-TX - RJ-45 connector, PoE support; console control port - 9 pin D-Sub (DB-9); 4 Ethernet ports 10Base-T/100Base-TX/1000Base-T - RJ-45 connector, 2 ports for SFP (mini-GBIC) modules.
Remote Administration Protocol
Routing protocol	Static IPv4 routing
MAC address table	16000 records
	128 MB (RAM), Flash memory – 16 MB
Encryption algorithm
Control	SNMP versions 1, 2c and 3 Built-in RMON software agent for traffic management, monitoring and analysis Dual protocol stack IPv6 and IPv4 Software upgrades DHCP port mirroring (options 66, 67, 82, 129 and 150) Smartports feature simplifies configuration and security management Cloud-based services Other management functions: Traceroute; management via a single IP address; HTTP/HTTPS; SSH; RADIUS; DHCP client; BOOTP; SNTP; Xmodem update; cable diagnostics; ping; system log; Telnet client (SSH support)
Supported Standards	IEEE 802.3 10BASE-T Ethernet IEEE 802.3u 100BASE-TX Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3ad LACP IEEE 802.3z Gigabit Ethernet IEEE 802.3x Flow Control IEEE 802.1D (STP, GARP, and GVRP) IEEE 802.1Q /p VLAN IEEE 802.1w RSTP IEEE 802.1s Multiple STP IEEE 802.1X Port Access Authentication IEEE 802.3af IEEE 802.3at
Performance	Non-blocking switching at speeds up to 9.52 million pps (64 byte packet size) Switch matrix: up to 12.8 Gbps Packet buffer size: 4 MB
Availability	Automatically turns off power to RJ-45 Gigabit Ethernet ports when there is no connection, turns on again when activity resumes

Table 3.3 – Technical characteristics of the SF300-20 switch

	Managed Switch
Interfaces	18 Ethernet ports 10Base-T/100Base-TX - RJ-45 connector, 2 ports for SFP (mini-GBIC) modules.
Remote Administration Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, SNMP 2c, HTTP, HTTPS, TFTP, SSH,
Routing protocol	Static IPv4 routing
MAC address table	16000 records
	128 MB (RAM), Flash memory - 16 MB, buffer volume - 1 MB
Encryption algorithm	802.1x RADIUS, HTTPS, MD5, SSH, SSH-2, SSL/TLS
Control protocols	IGMPv1/2/3, SNMPv1/2c/3
Supported Standards	IEEE 802.1ab, IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q, IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE 802.3, IEEE 802.3ab, IEEE 802.3ad, IEEE 802.3at, IEEE 802.3u, IEEE 802.3x IEEE 802.3z
Supported network protocols	IPv4/IPv6, HTTP, SNTP, TFTP, DNS, BOOTP, Bonjour
Functional	Thread control support Port Mirroring Merging channels Jumbo Frames support Broadcast storm control Speed ​​Limit DHCP client Spanning tree protocol, etc.
	Internal power supply. 120-130 VAC, 50/60 Hz, 53 W.
Ambient conditions environment	Operating temperature: 0°C ~40°C

3.1.2 Floor switches

To connect workgroup switches, floor switches are used, for which the SRW208G-K9 switch (price: 1483 UAH), which has 8 ports, is selected (Fig. 3.3).

Figure 3.3 – Floor switch SRW208G-K9

The SRW208G-K9 switch is equipped with 8 RJ45 ports for Fast Ethernet, 1 Gigabit Ethernet port and two SFP (mini-GBIC) ports, which operate in auto-configuration and speed detection mode.

Cisco Catalyst 2960 is a series of new fixed-configuration smart Ethernet switches. They meet the need for data transmission at speeds of 100 Mbit/s and 1 Gbit/s and allow the use of LAN services, for example, for data transmission networks built in corporate branches. The Catalyst 2960 family provides high data security with built-in NAC, QoS support, and high levels of system resiliency.

Key Features:

High level of security, advanced access control lists (ACLs);

Organization of network control and optimization of channel width using QoS, differentiated rate limiting and ACL.

To ensure network security, switches use a wide range of user authentication methods, data encryption technologies and organization of access control to resources based on user ID, port and MAC addresses.

Switches are easy to manage and configure

Auto-configuration function is available via Smart ports for some specialized applications.

The main technical characteristics of this switch, manufactured by Cisco, coincide with the characteristics presented in table. 3.2. for a switch from the same company.

3.1.3 Root switches

To connect floor switches, root switches are used, for which a switch was selected in each building - SG300-20, which has 16 ports. This switch was also selected as a workgroup switch; its description is presented in paragraph 3.1.1.

3.2 Selecting routers

Router (router) is a device that has at least two network interfaces and forwards data packets between different network segments, making forwarding decisions based on information about the network topology and certain rules set by the administrator.

Routers help reduce network congestion by dividing the network into collision domains or broadcast domains, and by filtering packets. They are mainly used to combine networks of different types, often incompatible in architecture and protocols. Often, a router is used to provide access from a local network to the Internet, performing the functions of address translation and a firewall.

To connect buildings into one network, a router is used, which was chosen as Cisco 7507 7500 series (price: 121,360 UAH), which has the ability to connect an FDDI module (Fig. 3.4).

Figure 3.4 – Cisco 7507 Router

This router was chosen based on the ability to connect an FDDI module, the best price from the entire line of this series, and the fact that the Cisco 7500 series modular routers are the most powerful Cisco routers. They meet the highest requirements for modern data networks. The flexible modular architecture of routers in this series allows them to be used in large network nodes, selecting optimal solutions.

The Cisco 7500 series consists of three models. The Cisco 7505 has one routing and switching processor (RSP1= Route/Switch Processor), one power supply and four slots for interface processors (5 slots in total). The Cisco 7507 and Cisco 7513, with seven and thirteen slots respectively, provide greater throughput and can be configured with two RSP2 or PSP4 and a redundant power supply. Combined with the new redundant CyBus, the Cisco 7507/7513 routers offer unmatched performance and reliability. This is achieved thanks to a new, distributed multiprocessor architecture, which includes three elements:

Integrated Routing and Switching Processor (RSP);

New multi-purpose (Versatile) interface processor (VIP);

New high-speed Cisco CyBus.

In a dual-RSP (integrated Routing and Switching Processor) configuration, the Cisco 7500 distributes functions between the primary and secondary RSPs, increasing system performance, and if one processor fails, the other takes over all functions.

The Cisco 7507 Router is a modular router designed for building large network backbones and works with virtually all LAN and WAN technologies and all major network protocols.

The Cisco 7507 series supports a very wide range of connections, including: Ethernet, Token Ring, FDDI, Serial, HSSI, ATM, Channelized T1, Fractionalized E1 (G.703/G.704), ISDN PRI, Channel Interface for IBM mainframes.

Network interfaces are located on modular processors that provide a direct connection between the Cisco Extended Bus (CxBus) high-speed backbone and the external network. Seven slots are available for interface processors on the Cisco 7507. Hot-swappable functionality allows you to add, replace, or remove CxBus processor modules without interrupting network operation. Standard Flash memory is used to store information. All models come with a standard 19" rack mounting kit.

There are the following communication interface modules:

Ethernet Intelligent Link Interface - 2/4 Ethernet ports with high-speed filtering capabilities (29000 p/s), support for Transparent Bridging and Spanning Tree algorithms, configuration using the Optivity system;

Token Ring Intelligent Link Interface - 2/4 Token Ring ports 4/16 Mb/s;

FDDI Intelligent Link Interface - 2 ports supporting two SAS connections or one DAS connection, filtering at speeds up to 500,000 p/s;

ATM Intelligent Link Interface.

3.3 Cable selection

A cable is a structure of one or more conductors (cores) insulated from each other, or optical fibers enclosed in a sheath. In addition to the actual cores and insulation, it may contain a screen, power elements and other structural elements. The main purpose is the transmission of high-frequency signals in various fields of technology: for cable television systems, for communication systems, aviation, space technology, computer networks, household appliances, etc. When using switches, the Fast Ethernet protocol can operate in duplex mode, in which there is no restrictions on the total length of the network, but there remain restrictions on the length of the physical segments connecting neighboring devices (switch-adapter and switch-switch).

According to the instructions, Fast Ethernet technology with the 100Base-TX specification was used inside the buildings; unshielded twisted pair (UTP) category 5 was used as the communication line.

Between buildings - FDDI technology, used as a communication line

optical cable for outdoor installation.

UTP cable for indoor installation, 2 pairs, category 5, used in subscriber wiring to provide access to data network services. For installation, a cable from the manufacturer Neomax was chosen - NM10000 (Fig. 3.4) due to its high strength and long service life; its characteristics are presented in Table 3.4.

Figure 3.4 – UTP, 2 pairs, cat. 5e: 1 - Outer shell; 2 - Twisted pair

Table 3.4 – Main characteristics of UTP cable, cat.5

Conductor	electrolytic copper wire
Core insulation	high density polyethylene
Conductor (core) diameter	0.51 mm (24 AWG)
Diameter of conductor with sheath	0.9 ± 0.02 mm
Outer diameter (size) of cable
Outer shell thickness
Twisted pair color:	blue-white/blue, orange-white/orange
Cable bending radius:	4 external cable diameters
Working temperature:	20°C – +75°C

3.4 Selecting wireless equipment

Each building uses a radio channel to access the Internet. The Maximus Sector 515812-B directional antenna was selected as the antenna on the BPS (Fig. 3.5, a), and on buildings, the TP-Link TL-WA7510N WiFi access point (Fig. 3.5, b) was selected as an external access point. This equipment was selected for the optimal price-functionality ratio.

The 5 GHz frequency range was chosen as the operating range, since the 2.4 GHz range is more saturated (loaded) due to the ubiquity of wireless networks. The old standard 802.11b, the recently retired 802.11g and 802.11n work at this frequency. Regardless of whether you use 802.11b, 802.11g or 802.11n, you transmit data over the same channel. Another disadvantage of 2.4 GHz is the presence of "side noise" in the wireless channel, which degrades the channel's permeability, since it shares the spectrum with many other unlicensed devices - microwave ovens, mini-monitors, cordless phones, etc. Also the number of used radio channels in the range 2.4 GHz is limited. The 5 GHz band is less crowded and has more usable channels at the expense of a slightly shorter range.

Figure 3.5 – Wireless equipment: a) antenna; b) access point

Model TL-WA7510N (price: 529 UAH) is a long-range outdoor wireless device that operates in the 5 GHz frequency range and transmits data via a wireless connection at speeds of up to 150 Mbit/s. The device has a dual polarization antenna with 15 dBi gain, which is a key element for building Wi-Fi connections over long distances. It is designed to transmit a signal with radiation angles of 60 degrees horizontally and 14 degrees vertically, increasing the signal strength by concentrating the radiation in a given direction.

Thanks to the all-weather housing and temperature-resistant internal hardware, the access point can operate in a variety of environmental conditions, in sunny or rainy weather, in strong winds or in snowfall. Built-in ESD protection up to 15KV and lightning protection up to 4000V can prevent power surges during thunderstorms, ensuring stable operation of the device. In addition, the device has a grounding terminal for a more professional level of protection for some experienced users.

The device can operate not only in access point mode. The TL-WA7510N also supports router-client access point, router-to-access point, bridge, repeater and client operating modes, which can significantly expand the scope of the device, providing users with the most multifunctional product possible.

Powered by a PoE injector, the outdoor access point can use an Ethernet cable to simultaneously transmit data and electricity wherever the access point is located over a distance of up to 60 meters. The presence of this feature increases the possible placement options for the access point, allowing you to place the access point in the most suitable location to obtain the best signal quality.

The main characteristics of the TL-WA7510N are presented in table. 3.5.

Table 3.5 – Characteristics of TL-WA7510N

Interface	1 x 10/100 Mbps auto-sensing RJ45 port (Auto-MDI/MDIX, PoE) 1 x external Reverse SMA connector 1 x ground terminal
Wireless standards	IEEE 802.11a, IEEE 802.11n
	Dual polarization directional antenna, 15 dBi gain
Dimensions (WxDxH)	250 x 85 x 60.5 mm (9.8 x 3.3 x 2.4 inches)
Antenna beamwidth	Horizontal: 60° Vertical: 14°
	15 kV ESD protection Lightning protection up to 4000 V Built-in grounding terminal
Continuation of the table. 3.5
frequency range	5.180-5.240 GHz 5.745-5.825 GHz Note: Frequency varies by region or country.
Signal transmission speed	11a: up to 54 Mbps (dynamic) 11n: up to 150 Mbps (dynamic)
Sensitivity (reception)	802.11a 54 Mbps: -77 dBm 48 Mbps: -79 dBm 36 Mbps: -83 dBm 24 Mbps: -86 dBm 18 Mbps: -91 dBm 12 Mbps: -92 dBm 9 Mbps: -93 dBm 6 Mbps: -94 dBm	802.11n 150 Mbps: -73 dBm 121.5 Mbps: -76 dBm 108 Mbps: -77 dBm 81 Mbps: -81 dBm 54 Mbps: -84 dBm 40.5 Mbps :-88 dBm 27 Mbit/s:-91 dBm 13.5 Mbit/s:-93 dBm
Operating modes	Access Point Router Access Point Client Router (WISP Client) Access Point/Client/Bridge/Relay
Wireless Security	Enable/disable SSID; MAC address filter 64/128/152-bit WEP encryption WPA/WPA2, WPA-PSK/WPA2-PSK(AES/TKIP)
Additional features	Supports PoE up to 60 meters 4-level LED indicator

Maximus Sector 515812-B sector antenna (price: 991 UAH) of vertical polarization is made in an antenna casing made of UV-resistant plastic with a cast aluminum bracket. High-quality materials allow the antenna to be used in harsh weather conditions. It can be used for small, medium and large sized base stations. The antenna produces a strong and stable signal over medium and long distances. The main characteristics are presented in table. 3.6.

Table 3.6 – Technical characteristics of Maximus Sector 515812-B

The biggest problem I encounter when working with enterprise networks is the lack of clear and understandable logical network diagrams. In most cases, I come across situations where the customer cannot provide no logic diagrams or diagrams. Network diagrams (hereinafter referred to as L3 diagrams) are extremely important when solving problems or planning changes in an enterprise network. Logic diagrams are often more valuable than physical wiring diagrams. Sometimes I come across “logical-physical-hybrid” circuits that are practically useless. If you don't know the logical topology of your network, you are blind. Typically, the ability to draw a logical network diagram is not a general skill. It is for this reason that I am writing this article about creating clear and understandable logical network diagrams.

What information should be presented on L3 diagrams?

In order to create a network diagram, you must have an accurate understanding of which information must be present and on which ones exactly schemes. Otherwise, you will mix information and end up with another useless “hybrid” scheme. Good L3 diagrams contain the following information:

• subnets
  • VLAN ID (all)
  • VLAN names
  • network addresses and masks (prefixes)
• L3 devices
  • routers, firewalls (hereinafter referred to as firewalls) and VPN gateways (at a minimum)
  • the most important servers (for example, DNS, etc.)
  • IP addresses of these servers
  • logical interfaces
• routing protocol information

What information should NOT be on L3 diagrams?

The information listed below should not be on network diagrams, because it belongs to other layers [OSI model, approx. lane] and, accordingly, should be reflected on other diagrams:

• all L2 and L1 information (in general)
• L2 switches (only the management interface can be presented)
• physical connections between devices

Notations used

Typically, logic circuits use logic symbols. Most of them are self-explanatory, but... I have already seen errors in their use, so let me stop and give a few examples:

What information is needed to create an L3 diagram?

In order to create a logical network diagram, you will need the following information:

• L2 (or L1) circuit- representation of physical connections between L3 devices and switches
• L3 device configurations
• L2 device configurations- text files or access to GUI, etc.

Example

In this example we will use a simple network. It will contain Cisco switches and Juniper Netscreen firewall. We are provided with an L2 schematic, as well as configuration files for most of the devices presented. ISP border router configuration files are not provided because... in real life, the ISP does not transmit such information. Below is the L2 network topology:

And here are the device configuration files. Only the necessary information is left:

asw1

!
vlan 210
name Servers1
!
vlan 220
name Servers2
!
vlan 230
name Servers3
!
vlan 240
name Servers4
!
vlan 250
name In-mgmt
!
switchport mode trunk
!
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 250
ip address 192.168.10.11 255.255.255.128
!

asw2

!
vlan 210
name Servers1
!
vlan 220
name Servers2
!
vlan 230
name Servers3
!
vlan 240
name Servers4
!
vlan 250
name In-mgmt
!
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 250
ip address 192.168.10.12 255.255.255.128
!
ip default-gateway 192.168.10.1

asw3

!
vlan 210
name Servers1
!
vlan 220
name Servers2
!
vlan 230
name Servers3
!
vlan 240
name Servers4
!
vlan 250
name In-mgmt
!
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 250
ip address 192.168.10.13 255.255.255.128
!
ip default-gateway 192.168.10.1

csw1

!
vlan 200
name in transit
!
vlan 210
name Servers1
!
vlan 220
name Servers2
!
vlan 230
name Servers3
!
vlan 240
name Servers4
!
vlan 250
name In-mgmt
!
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk encapsulation dot1q
!
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
switchport mode trunk
switchport trunk encapsulation dot1q
!
switchport mode trunk
switchport trunk encapsulation dot1q
!
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface Port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 200
ip address 10.0.0.29 255.255.255.240
standby 1 ip 10.0.0.28
!
interface vlan 210
ip address 192.168.0.2 255.255.255.128
standby 2 ip 192.168.0.1
!
interface vlan 220
ip address 192.168.0.130 255.255.255.128
standby 3 ip 192.168.0.129
!
interface vlan 230
ip address 192.168.1.2 255.255.255.128
standby 4 ip 192.168.1.1
!
interface vlan 240
ip address 192.168.1.130 255.255.255.128
standby 5 ip 192.168.1.129
!
interface vlan 250
ip address 192.168.10.2 255.255.255.128
standby 6 ip 192.168.10.1
!

csw2

!
vlan 200
name in transit
!
vlan 210
name Servers1
!
vlan 220
name Servers2
!
vlan 230
name Servers3
!
vlan 240
name Servers4
!
vlan 250
name In-mgmt
!
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/2
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
interface GigabitEthernet0/3
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
interface GigabitEthernet0/4
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/5
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/6
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface Port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 200
ip address 10.0.0.30 255.255.255.240
standby 1 ip 10.0.0.28
!
interface vlan 210
ip address 192.168.0.3 255.255.255.128
standby 2 ip 192.168.0.1
!
interface vlan 220
ip address 192.168.0.131 255.255.255.128
standby 3 ip 192.168.0.129
!
interface vlan 230
ip address 192.168.1.3 255.255.255.128
standby 4 ip 192.168.1.1
!
interface vlan 240
ip address 192.168.1.131 255.255.255.128
standby 5 ip 192.168.1.129
!
interface vlan 250
ip address 192.168.10.3 255.255.255.128
standby 6 ip 192.168.10.1
!
ip route 0.0.0.0 0.0.0.0 10.0.0.17

fw1

set interface ethernet0/1 manage-ip 10.0.0.2

set interface ethernet0/2 manage-ip 10.0.0.18

fw2

set interface ethernet0/1 zone untrust
set interface ethernet0/1.101 tag 101 zone dmz
set interface ethernet0/1.102 tag 102 zone mgmt
set interface ethernet0/2 zone trust
set interface ethernet0/1 ip 10.0.0.1/28
set interface ethernet0/1 manage-ip 10.0.0.3
set interface ethernet0/1.101 ip 10.0.0.33/28
set interface ethernet0/1.102 ip 10.0.0.49/28
set interface ethernet0/2 ip 10.0.0.17/28
set interface ethernet0/2 manage-ip 10.0.0.19
set vrouter trust-vr route 0.0.0.0/0 interface ethernet0/1 gateway 10.0.0.12

outsw1

!
vlan 100
name Outside
!
vlan 101
name DMZ
!
vlan 102
name Mgmt
!
description To-Inet-rtr1
switchport mode access
switchport access vlan 100
!
switchport mode trunk
switchport trunk encapsulation dot1q
!
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
interface Port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 102
ip address 10.0.0.50 255.255.255.240
!

outsw2

!
vlan 100
name Outside
!
vlan 101
name DMZ
!
vlan 102
name Mgmt
!
interface GigabitEthernet1/0
description To-Inet-rtr2
switchport mode access
switchport access vlan 100
!
interface GigabitEthernet1/1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/3
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
interface GigabitEthernet1/4
switchport mode trunk
switchport trunk encapsulation dot1q
channel-group 1 mode active
!
interface Port-channel 1
switchport mode trunk
switchport trunk encapsulation dot1q
!
interface vlan 102
ip address 10.0.0.51 255.255.255.240
!
ip default-gateway 10.0.0.49

Collection of information and its visualization

Fine. Now that we have all the necessary information, we can begin visualization.

Display process step by step

1. Collection of information:
   1. First, let's open the configuration file (in this case ASW1).
   2. Let's take from there each IP address from the interface sections. In this case there is only one address ( 192.168.10.11 ) with mask 255.255.255.128 . Interface name - vlan250, and the name vlan 250 - In-mgmt.
   3. Let's take all the static routes from the configuration. In this case there is only one (ip default-gateway), and it points to 192.168.10.1 .
2. Display:
   1. Now let's display the information we have collected. First, let's draw the device ASW1. ASW1 is a switch, so we use the switch symbol.
   2. Let's draw a subnet (pipe). Let's give her a name In-mgmt, VLAN-ID 250 and address 192.168.10.0/25 .
   3. Let's connect ASW1 and the subnet.
   4. Insert a text field between the ASW1 and subnet symbols. We will display the logical interface name and IP address in it. In this case, the interface name will be vlan250, and the last octet of the IP address is .11 (it is common practice to display only the last octet of the IP address, since the network's IP address is already present in the diagram).
   5. There is also another device on the In-mgmt network. Or at least it should be. We don't yet know the name of this device, but its IP address is 192.168.10.1 . We know this because ASW1 points to this address as the default gateway. So let's display this device on the diagram and give it a temporary name "??". We will also add his address to the diagram - .1 (by the way, I always highlight inaccurate/unknown information in red so that by looking at the diagram you can immediately understand what needs clarification on it).

At this point we end up with a diagram like this:

Repeat this process step by step for each network device. Collect all information related to IP and display on the same diagram: each IP address, each interface and each static route. In the process, your diagram will become very accurate. Make sure that devices that are mentioned but not yet known are shown on the diagram. Just like we did earlier with the address 192.168.10.1 . Once you have completed all of the above for all known network devices, you can begin to figure out the unknown information. You can use MAC and ARP tables for this (I wonder if I should write a follow-up post detailing this step?).

Ultimately we will have a diagram like this:

Conclusion

Drawing a logical network diagram can be very simple if you have the appropriate knowledge. It's a time-consuming, manual process, but it's not magic. Once you have an L3 network diagram, it is fairly easy to keep it up to date. The benefits are worth the effort:

• you can plan changes quickly and accurately;
• solving problems takes much less time than before. Let's imagine that someone needs to solve the problem of service unavailability for 192.168.0.200 to 192.168.1.200. After viewing the L3 diagram, we can confidently say that the firewall is not the cause of this problem.
• You can easily comply with ITU rules. I have seen situations where the firewall contained rules for traffic that would never go through that firewall. This example perfectly shows that the logical topology of the network is unknown.
• Typically, once the L3 network diagram is created, you will immediately notice which parts of the network do not have redundancy, etc. In other words, the L3 topology (as well as redundancy) is as important as physical layer redundancy.

The CADE 2D vector editor for Windows was developed by a company specializing in working with CAD. The program allows you to easily create a detailed network diagram. One of the most useful features, in my opinion, is the ability to sign the IP address, serial number and manufacturer name for each device on the network. CADE includes all the templates necessary for drawing up a diagram and is distributed absolutely free of charge.

Concept Draw Pro is one of the most powerful business tools for drawing diagrams, and not just for network diagrams. It takes a minimum of time to master the program - all operations are carried out by simple drag and drop. Concept Draw Pro comes with a complete set of network symbols, and every aspect of the diagram can be customized. The application costs $249.

Dia is open source diagramming software, the main disadvantage of which is its outdated interface and primitive character set. But the program is very easy to use without being distracted by any extraneous tasks. Dia is free and runs on almost all desktop Linux distributions.

Diagram Designer is another free utility with an outdated interface, but very easy to use, which will surely appeal to many users. Unlike Dia, the program offers a much wider selection of symbols and icons. The only thing I didn't like about Diagram Designer was the need to draw connections between computers manually, because the program uses a free-form shape to do this. Apart from this small drawback, DD is a completely decent solution.

eDraw Max is one of the best tools on this list, with the exception of Visio, of course. The program is easy to learn, has a convenient, and, moreover, the most modern user interface of all the listed options. eDraw Max is a fully functional business diagramming tool for any purpose, not just network diagrams. The cost of the solution is $99.95 per license, and the more licenses, the cheaper each of them.

There are some incredibly bad programs, and GoVisual Diagram Editor is one of them. It is a difficult tool to use and produces less than satisfactory results. While it can still be used to create a network diagram, it won't be particularly easy to read because the GoVisual Diagram Editor lacks some useful features—particularly network device icons. But if someone needs a free diagramming program for any purpose, GoVisual is just the right option because it comes for free.

I would include LanFlow among the best. The program has an excellent interface, offers a rich selection of network objects and allows you to easily create local, telecommunications, external network diagrams, as well as computer diagrams. LanFlow even provides two different network diagram templates: 3D and black and white. To create a diagram, just select a template and drag suitable objects onto it, which can be grouped, deleted, and so on. A single-user license for the program costs $89, so LanFlow can rightfully be called one of the best budget alternatives to Visio.

Although NetProbe can be used for mapping, its primary purpose is to monitor network devices in real time. But the main advantage of NetProbe as a diagramming tool is that network devices can be added to the diagram as needed, even in advance. There is no need to do this manually - the built-in NetProbe component automatically scans the network and compiles a list of all devices available on the network. The Standard version is free, but can only track eight hosts. The Pro version costs just $40 for up to 20 hosts, while the Enterprise version, which can monitor up to 400 hosts, is priced at $295.

Network Notepad (literally "network notepad") is exactly what its name suggests - a notepad for drawing up network diagrams. But despite its apparent simplicity, the program has rich capabilities, including interactive functions (Telnet, network browsing, pinging, etc.). Network Notepad has a simple drag-and-drop interface and can automatically discover Cisco devices. The program is distributed free of charge.

Visio is, of course, the de facto standard in the Windows diagramming application market. The program makes it easy to create beautiful network diagrams and share them via a web browser. Visio includes a rich set of templates, including for data centers, help desks, network racks; for office consolidation, enterprise-wide network planning, data center or home office; for drawing up a fault tree, heating, ventilation, air conditioning plan, etc. Visio is the best solution for drawing up network diagrams, and therefore it is not cheap: $ 249.99 for the Standard version, 559.99 for Professional and 999.99 for Premium 2010. More information about version capabilities can be found on the official Visio page.

Materials

Local network in the office

An example of a local network in an office in schematic form

Location of equipment in the office, possible cable networks for the office. Communication services: telephony, internet, television.

Organization of telephone communication in the office with the organization of IP telephony for remote employees.

Organization of the company's telephone network using the Internet. Creation of a telephone network with high-quality telephone communications. Organizing free phone calls for clients.

Local network diagram

Features of the local network

An example of a local network is given for a more understandable and informative presentation of the network’s operation with prioritization of the transmission of various types of traffic: Internet, telephone traffic, television.

Local network diagram

In today's conditions of fierce competition, it is important to quickly respond to any changes. The stability of any company, cafe, store or large corporation directly depends on the reliability and well-thought-out typology of the local network.

Key advantages of local networks for business:

Continuous access of employees to documents and databases directly from the workplace;

Instant exchange of reports between departments;

Organization of shared access to office equipment (printers, chamfers, copiers, scanners);

Organization of Internet access from all workstations;

Ability to automate routine processes;

Organization of free and secure corporate communications between individual offices and buildings.

A well-designed local area network significantly increases the efficiency of an enterprise, frees up human resources, and provides a lot of additional opportunities.

Why should you entrust the development of a corporate local network to Canmos?

In small offices where two or three computers need to be connected, a local network can be organized in-house. But in most enterprises it is better to trust a specialized company.

Without experience, practical skills and knowledge of the network equipment market, serious budget overruns are possible without achieving the desired result. Sometimes, an incorrect connection or saving on cables and connectors leads to the fact that expensive equipment only works at 10-20% of its capabilities. The result is constant delays, failures, burning ports, or even system failure.

Without developing a detailed plan after completing the work, it may turn out that you forgot to lay a line for the network printer, and all the ports in the router are occupied and there is no way to connect another device. Since scaling was not provided for in advance, when expanding the office, there was simply nowhere to “stick in new” computers.

With Canmos, all network problems will be a thing of the past. We have been providing communication services and designing data transmission systems for many years. When developing the network we:

We will think through the topology in detail to satisfy all the functionality needs of your enterprise;

We will provide scaling and convenient addition of new workstations with minimal investment;

We will provide protection from external and internal threats;

We guarantee ease of management.

Typical LAN diagram from Canmos

When designing a LAN, preference is given to the “Star” typology - each node (computers, network printers) is connected to the switch with a separate cable. This solution provides:

Independent operation of each workstation, which increases network reliability;

Minimum cost and ease of adding new devices to the network as the enterprise expands.

To increase reliability and fault tolerance, simplify administration, and optimize loads between network equipment, the local computer network is divided into several segments - subnets are connected to each other by a high-speed optical channel. Mail, file and 1C servers, and PBX operate in a separate segment.

To simplify administration, computers in different departments, such as accounting, commercial or legal, are combined into working groups.

Wireless network access is provided by wi-fi access points.

Technically, when laying LAN networks, it is optimal to place server and network equipment in a separate room to provide quick access from one place for the network administrator. Sockets for RJ-45 and RJ-12 (for IP telephony) are installed near employee workstations.

In the future, depending on the needs of the enterprise, office IP telephony can be deployed on the basis of a ready-made local network (for a stable connection, priority is provided with a speed of 64 kb/s per device), and a 1C network. A secure (encrypted) connection to the local network of remote employees via a VPN channel can be provided.

Practical work No. 23-24

Subject: The local network. Local network topologies.

Goal of the work: apply in practice knowledge about the purpose, principles of construction and operation of local computer networks.

Theoretical information

Local computer network This is a complex of software and devices that unite subscribers located at a short distance from each other. As a rule, such systems are used within the boundaries of one enterprise or building.

Types of local networks

These lines are usually divided into 2 types:

Networks characterized by centralized management, characterized by a common security policy applicable to all users

Peer-to-peer networks. In such a system, all users independently determine what information and resources they will present for public use. And computers are completely equal and can be both a client and a server at the same time.

Main tasks of local computer networks

the main tasklocal computer network is the implementation of shared access of all users to data, devices and programs. Thus, clients of the system can perform operations simultaneously, rather than one by one.

In addition, local lines solve the following issues:

Data processing and storage;

Transferring the results of information to users;

Monitoring the implementation of projects.

The main components of a local network

A local computer network cannot fully function without special equipment. Its main components are:

Passive equipment: patch panels, mounting cabinets, information sockets, cables, cable channels;

Peripheral devices and computers: printers, servers, workstations, scanners;

Active equipment: routers, switches, special media convectors.

Depending on how the network is built, how long it is and according to what requirements, the set of devices during installation can vary significantly.

Benefits of using a local network

This type of system solves many computing and information problems within one enterprise. Therefore, for an organization, a local-type computer network is necessary due to several of its advantages:

The system ensures that all personal data is stored on the file server disk. This makes it possible for all clients to work simultaneously, update data in network software products, and at the same time use information protected at the file and directory level.

A local network facilitates the exchange of information between all computers in the system.

Each client has access to the global network, subject to the presence of a special switching node.

Such a computer network ensures full printing of information by all users on public printers.

The local system allows you to store software products (graphical editors, tables, database management systems) on the disks of a file server in a single copy.

Requirements for local area networks

CurrentlyIT companiesA large number of local computer networks have been created, which differ in operating algorithms, organizational structure, topologies, and sizes. They are used in different countries of the world, but the requirements for them are generally accepted.

Reliability. One of the main properties, aimed at maintaining full and partial functioning in the event of failure of several components.

Speed. The most important property characterized by the presence of high-speed data transmission channels.

Adaptation. A property of a local area network aimed at expansion: workstations are installed in the location where it is needed.

A local network is an important element of any modern enterprise, without which it is impossible to achieve maximum labor productivity. However, in order to use the network's full potential, it is necessary to configure it correctly, also taking into account that the location of the connected computers will affect the performance of the LAN.

The concept of topology The topology of local computer networks is the location of workstations and nodes relative to each other and options for their connection. In fact, this is a LAN architecture. The placement of computers determines the technical characteristics of the network, and the choice of any type of topology will affect:

Types and characteristics of network equipment.

Reliability and scalability of LAN.

Local network management method.

There are many such options for the location of working nodes and methods for connecting them, and their number increases in direct proportion to the increase in the number of connected computers. The main topologies of local networks are "star", "bus" and "ring".

Factors to consider when choosing a topology

D
In order to finally decide on the choice of topology, it is necessary to take into account several features that affect the performance of the network. Based on them, you can select the most suitable topology, analyzing the advantages and disadvantages of each of them and correlating this data with the conditions available for installation.

The functionality and serviceability of each of the workstations connected to the LAN. Some types of local network topologies depend entirely on this.

Serviceability of equipment (routers, adapters, etc.). A breakdown of network equipment can either completely disrupt the operation of the LAN or stop the exchange of information with one computer.

Reliability of the cable used. Damage to it disrupts the transmission and reception of data across the entire LAN or one segment of it.

Cable length limitation. This factor is also important when choosing a topology. If there is not much cable available, you can choose an arrangement that will require less of it.

About the star topology

This type of workstation arrangement has a dedicated center - a server, to which all other computers are connected. It is through the server that data exchange processes take place. Therefore, its equipment must be more complex.

D
advantages:

The topology of local "star" networks compares favorably with others in the complete absence of conflicts in the LAN - this is achieved through centralized management.

Failure of one of the nodes or damage to the cable will not have any effect on the network as a whole.

Having only two subscribers, main and peripheral, allows you to simplify network equipment.

A cluster of connection points within a small radius simplifies the process of network control and also improves its security by limiting access to unauthorized persons.

Flaws:

Such a local network becomes completely inoperable in the event of a central server failure.

The cost of a star is higher than other topologies, since much more cable is required.

Bus topology: simple and cheap

IN
In this connection method, all workstations are connected to a single line - a coaxial cable, and data from one subscriber is sent to the others in half-duplex exchange mode. Local network topologies of this type require the presence of a special terminator at each end of the bus, without which the signal is distorted.

Advantages :

All computers are equal.

The ability to easily scale the network even while it is running.

The failure of one node does not affect the others.

Cable consumption is significantly reduced.

Flaws:

Insufficient network reliability due to problems with cable connectors.

Low performance due to the division of the channel between all subscribers.

Difficulty in managing and detecting faults due to parallel connected adapters.

The length of the communication line is limited, therefore these types of local network topologies are used only for a small number of computers.

Characteristics of the ring topology

T This type of communication involves connecting a working node with two others, data is received from one of them, and data is transmitted to the second. The main feature of this topology is that each terminal acts as a repeater, eliminating the possibility of signal attenuation on the LAN.Advantages:

Quickly create and configure this local network topology.

Easy scaling, which, however, requires shutting down the network while installing a new node.

A large number of possible subscribers.

Resistance to overloads and absence of network conflicts.

The ability to increase the network to enormous sizes by relaying the signal between computers.

Flaws:

Unreliability of the network as a whole.

Lack of resistance to cable damage, so a parallel backup line is usually provided.

High cable consumption.

Types of local networks

The choice of local network topology should also be made based on the type of LAN available. The network can be represented by two models: peer-to-peer and hierarchical.

They are not very different functionally, which allows you to switch from one to another if necessary. However, there are still a few differences between them. As for the peer-to-peer model, its use is recommended in situations where there is no possibility of organizing a large network, but the creation of some kind of communication system is still necessary. It is recommended to create it only for a small number of computers. Centralized control communications are commonly used in various enterprises to monitor workstations.

Peer-to-peer network

E
This type of LAN implies equality of rights for each workstation, distributing data between them. Access to information stored on a node can be allowed or denied by its user. As a rule, in such cases, the bus topology of local computer networks will be most suitable.

A peer-to-peer network implies the availability of workstation resources to other users. This means the ability to edit a document on one computer while working on another, remotely print and launch applications.

Advantages of a peer-to-peer LAN type:

Ease of implementation, installation and maintenance.

Small financial costs.

This model eliminates the need to purchase an expensive server.

Flaws:

Network performance decreases in proportion to the increase in the number of connected worker nodes.

There is no unified security system.

Availability of information: when you turn off your computer, the data on it will become inaccessible to others.

There is no single information base.

Hierarchical model

The most commonly used local network topologies are based on this type of LAN. It is also called “client-server”. The essence of this model is that if there is a certain number of subscribers, there is one main element - the server. This control computer stores all data and processes it.

Advantages:

Excellent network performance.

Unified reliable security system.

One information base common to everyone.

Simplified management of the entire network and its elements.

Flaws:

The need to have a special personnel unit - an administrator who monitors and maintains the server.

Large financial costs for the purchase of a main computer.

The most commonly used configuration (topology) of a local computer network in a hierarchical model is a “star”.

The choice of topology (layout of network equipment and workstations) is an extremely important point when organizing a local network. The selected type of communication should ensure the most efficient and safe operation of the LAN. It is also important to pay attention to financial costs and the possibility of further expansion of the network. Finding a rational solution is not an easy task, which is achieved through careful analysis and a responsible approach. It is in this case that correctly selected local network topologies will ensure maximum performance of the entire LAN as a whole.

Exercise 1

Describe a peer-to-peer local network with a linear bus topology.

Fill the table.

Local network diagram

Flaws

Advantages

equipment

price

Conclusions:

Task 2

Describe a peer-to-peer local network with a star topology.

Analyze the description of the local network and draw conclusions.

Fill the table.

Local network diagram

Flaws

Advantages

Number of computers on the network

Equipment required to create a network and its cost

equipment

price

Total cost of creating a local network

Conclusions:

Task 3

Describe a server-based local network.

Analyze the description of the local network and draw conclusions.

Fill the table

Local network diagram

Flaws

Advantages

Number of computers on the network

Equipment required to create a network and its cost

equipment

price

Total cost of creating a local network

Conclusions: