• Increase font size
  • Default font size
  • Decrease font size
 
Home TELECOMMUNICATIONS IP Networks Switching and Routing A simple ROBO/SOHO LAN network design

A simple ROBO/SOHO LAN network design

The problem

The company's offices are stationed on two floors and house 40 users. The LAN switches were made by various vendors. They are more than 5 years old and thus can't guarantee a reliable network operation. The same goes for the firewall that can control network traffic only up to Layer 4.

The two wiring closets are interconnected by a multimode optical fibre. Cat5e category cabling is spanning the building. Every floor has a shared central colour printer and copier that is also used as a scanner. A file server running core services such as DNS and DHCP, the mail server and two web-based business applications servers are located in the first wiring closet. The first wiring closet is also the Internet connection endpoint.

Every user has a basic Internet access that should be secured by threat management applications. The network equipment being used, does not allow for remote access but the need for telecommuting  is growing. The LAN should be made ready for the following year IP telephony deployment and a future use of IPv6. There isn't any internal IT staff on site and because the business is operating on a low added value model, the costs of implementing and maintaining a LAN should also be as low as possible. The new network is to be designed for five years of continuous use.

Example network :: Example network

 

The Solution

The physical layer topology of the network requires a 24 port 10/100 Base-T PoE Layer 2 access switch that also has two 10/100/100 or 1000 Base-X uplink ports for every wiring closet. Servers are connected to a 24 port 10/100/1000 Base-T central switch that has four 1000 Base-X shared ports. The switch has a base IPv4 routing licence. The access switch in the first wiring closet is locally connected to the central switch using a 10/100/1000 Base-T ports, the access switch in the second wiring closet is connected to the central switch by a 1000 Base-SX optical fibre using the appropriate SFP transceivers.

The logical layer solution proposes a simple network segmentation using VLANs. Separate VLANs for the management, user, server and Internet connection networks should be planned. The central switch will forward DHCP request from the user VLAN to the DHCP server that is connected to a server VLAN.

The Internet connection is secured using a Unified Threat Management (UTM) firewall that enables extensive traffic control and a secure remote access.
Every device is password protected and can only be accessed from the management VLAN.

The switches also support a security mechanism that authenticates the user whenever a device is plugged into the network. PoE and basic IPv6 settings are also supported.


The Advantages

The redesigned network is a reliable communications network that meets all the current communications demands and is ready for future upgrades. The new design brings security and other advanced features to the company's network. The new network has a number of free switch ports for future use and in case a need for a major network expansion occurs new and existing switches can be stacked up. The switches support Power over Ethernet (PoE) which makes them IP Telephony ready. PoE can also be used to remotely power WLAN Access Points. The Unified Threat Management (UTM) firewall ensures a high level of network security in a single box and also enables remote access. An important benefit of the redesigned network is the possibility to go green as the new network hardware has lower energy consumption and lower heat dissipation.

The company's offices are stationed on two floors and house 40 users. The LAN switches were made by various vendors. They are more than 5 years old and thus can't guarantee a reliable network operation. The same goes for the firewall that can control network traffic only up to Layer 4.