Designing A High School Network Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Designing a High school network is not just coming up with the physical infrastructure; it involves highly complex considerations and planning which will impact almost every aspect of campus life. The High school campus comprising of three locations has to be networked keeping in mind the fact that they are separated by not more than one kilometre from each other.

Given the requirements, the aim is to design a network which can accommodate three different classes of users with different privileges entitled to them. The expected outcome is to develop a network which has a large Mean time between failures (MTBF).

The initiative is to select appropriate equipments by maintaining a balance between cost, performance and efficiency. The choice of equipments is made by keeping in mind the future requirements. The planning phase will demand the minds of network architect, network engineers, and the requirements of stakeholders who in this case are high school management, administrators, teachers and students. The design phase will involve technicians who will be implementing the planned network. Next phase is the tuning phase where we analyse the performance of the network and the risks involved. These deadlines are to be met,



Week 1

Identifying needs

Week 3

Laying out network plan

Week 5

Choice of equipments

Week 6

Ordering equipments

Week 8

Design phase

Week 12

Tuning phase & Risk analysis

Week 14

Network operational

3 Configuration Management

3.1 Revision Information

Version Number

Changes from earlier revision


Fix: Moved the firewall to server room

Reason: For safety and management reason


Fix: Replaced the wireless router in plan with wireless access point

Reason: To reduce cost and minimise the number of devices used


Initial version

3.2 Key Referenced Documents

3.3 Acronyms and Abbreviations

ASA - Adaptive Security Appliances

CAT-5E - Category 5 Enhanced

CPU - Central Processing Unit

EIGRP - Enhanced Interior Gateway Routing Protocol

ISP - Internet Service Provider

LAN - Local Area Network

MTBF - Mean time between failures

SDRAM - Synchronous Dynamic Random Access Memory

SFP - Small form-factor pluggable

SPE - Services Performance Engine

UPS - Uninterruptible power supply

VLAN - Virtual Local Area Network

WAN - Wide Area Network

WAP - Wireless Access Point

WEP - Wired Equivalent Privacy

WPA/WPA2 - Wi-Fi Protected Access

4 Introduction, Overview & Scope

The high school campus has three locations with location 1 and 2 comprising of all the three categories of users, while location 3 accommodates only administrators. Before laying out the network plan, few key underlying principles are to be discussed. Each class of user has different needs, students should be able to access internet, teachers in addition to accessing internet should be able to access student database, while the administrators shall have universal access. Going by the requirement, there shall be diversity in way the three different group use the campus network. Administrators shall be provided with highly secured environment to monitor and manage the entire network. Firewall shall be placed in location where the campus network connects to the external world. This will restrict intruders from accessing the campus network. Security shall be provided within the campus between different class of users by formulating security rules and policies.

Fig.1 System level diagram

The next factor to be taken into account is the bandwidth. By the requirement, the school network will use services like web browsing, E-mail, database transactions, files transfer, sharing printer and network management applications. Bandwidth restriction shall be applied to specific groups to regulate the traffic and to prevent network slowdowns. Servers shall be setup to maintain student records, storing files, formulating access policies, assigning temporary IP addresses, sending/receiving emails and for hosting web page.

5 Project Analysis

5.1 Key Stake Holder Analysis

The building of high school network involves the contribution from school management, network administrators, teachers, students, network architect, network technician and the equipment provider. Of these, school management, network administrators, teachers and students are those who are affected by the outcome of the project.

The School management are the stake holders who are affected in large when the project fails to meet its requirements. Being the source of funds, any failure will cost them in large. Any misuse of network will be the responsibilities of management. Management should set proper access policies for each group of users and see to that there are no violations.

Teachers have to be provided with 24x7 internet access and also should be able to access student records from database. They should be able to communicate with students through e-mail regarding projects and assignments. Teachers shall be provided with logins which can be used on any systems to access their lecture notes, and other important files.

Strong content filtering policies should be formulated for students. Access to sites portraying violence, depiction of drug use, gambling, nudity, and sexual material should be restricted by employing content filters. Access to file storage and sharing websites should be blocked in order to conserve the bandwidth. Students should be able to upload their project work and reports into the database for teachers to evaluate.

Administrators on the other hand should be able to monitor the entire network, formulate security policies, check for intruders, and examine internet traffic. The entire above group can contribute to the success of the project by providing survey result on what they would need and what and how much on an average they might use the network.

5.2 Roles & Responsibilities

To achieve desired results, the stake holders are intended to participate and provide their feedbacks on the right time. These are few key roles and responsibilities of each stake holder,

Stake holders should be precise with their requirements and should inform the network technician about their highest priority.

Should actively communicate with the design team and provide continuous feedback.

Should be able to provide funds at the right time.

Should be easily communicable in order to get things clarified.

Should understand and approve plans as soon as possible.

Should offer assistance of all type to the project team.

Should be ready to hear alternative solutions.

Should communicate to the project team in a timely manner regarding change of requirements.

Should have good faith on the network designers cost estimates.

5.3 Other Constraints & Assumptions

The Internet censorship regime in Australia proposes laws and regulation for internet usage within Australia. According to Broadcasting Services Amendment (Online Services) Act 1999, requires content hosts (i.e.) ISP to delete any content hosted by Australian website from their server (Web, Usenet, FTP, etc) that is declared as "objectionable" or "unsuitable for minors" on receipt of a take-down notice from the government regulator, the Australian Broadcasting Authority ("ABA"). Further State and Territory criminal laws apply to content providers. These laws can enforce prosecution of users who make content available on internet which are declared as "objectionable" or "unsuitable for minors". It is the responsibility of the network administrators to avert such activities within the school network. The school management will be held legally responsible and answerable to the government for any violation of laws.

5.4 Guiding Principles

5.5 Literature Search


The High school network will be built using Routers, Switches, Firewalls, Servers and wireless access points. Routers will be setup at each location to breakdown the broadcast domain. Routers will be used to configure security and access policies. It acts as a default gateway and learns/advertises loop free paths between sub-networks. Data sent by the computer is forwarded to the Router which is the default gateway. The router makes decision of routing the data to different networks. Routers have limited number of ports so cannot be directly used for connecting PCs.


For this purpose switches are employed. A switch is a multiport device which maintains a database of the devices connected to its interface. So it performs the operation of receiving data and forwarding them to the intended user. The High school network will use 48-port switch and 24-port switch depending on the number of devices present. VLAN's will be configured on switch ports to group the three different classes of users. Configuring VLAN for different groups makes it easier for managing devices, enhancing security and segmenting the network at low cost.


Security being the top priority, firewall will be installed between the central router and the ISP to protect the internal network from outside world. Firewall will prevent intruders and unauthorised users from accessing valuable resources. They also provide means of controlling network and application activities.


Web server will be setup for hosting high school website. More powerful the server, the faster it can serve web pages.

Proxy server will filter unwanted contents, block requests made to certain sites and speed up network traffic by caching pages that are frequently visited.

Mail server looks after transporting emails between the users in the campus network.

Application server is dedicated to run specific application.

Database server acts as a centralised storage for maintaining student records and other important files.

FTP server will be setup to enable rapid storage and retrieval of data from the workstations

Wireless Access Point

WAP connects to the existing wired network to provide internet access to wireless device.

6 Specific Requirements

Bandwidth requirements

Students are allowed a bandwidth of 1GB per day for web browsing

P2P traffic will have restrictions compared to other traffic types

Teachers will have a bandwidth of 5GB per day for FTP downloads and web browsing

Administrators will have unlimited access

Minimum System requirements

PC with good configuration preferably with Intel processor, 1GB of RAM, Hard disk storage of 80GB, CD/DVD drive, Speakers/headphones.

A high speed broadband internet connection such as DSL or cable


Software solutions like Operating system, Office automation software, Web browser, E-Mail application

Interconnected systems, Interfaces and Protocols:

Routers and Switches must be setup at secure locations and must be inaccessible to students

Printer/Scanner/Photocopier to be setup in each room

Plans & Policies

Create a category of approved users and restrict all other users from accessing school network

Each class of users must be given logins with different usage policies set to them

Student login must restrict them from accessing FTP downloads

Content filtering must be configured to block objectionable/unsuitable sites

Stop inappropriate file sharing and maintain fair network usage policies

Stakeholder's mandates

Cisco series of network devices shall be used

Servers to be deployed in location 3

Dell desktops preferred

7 Preferred Solutions

7.1 System structure

Fig.2.Overall deployment diagram

System wide specification

Operational Environments

Network address allocation

The high school network consists of 3 locations with each location separated by not more than 1000 meters. Each location had different number of users and diverse class of users. Each location is planned to have different network address. Instead of assigning static IP address, the network will use dynamic IP address which will make use of the address space efficiently. For this purpose DHCP pooling is configured on each router located in location 1, 2 and 3. DHCP pooling enables the router to assign IP address only when the PC is powered on.

Routers specification

Cisco 3945E Integrated Services Routers will be used for constructing the high school network. It uses the latest ISR generation 2 technology enabling multicore network processing and supports up to 350Mbps WAN performance. It is designed to offer great energy efficiency with slot-based controls to decrease costs and support sustainability. In addition to this, Cisco 3945 ISR offers enterprise class security features like stateful firewall, Intrusion prevention and content filtering. As we are going to use only Cisco routers, we will be implementing EIGRP as it is scalable, bandwidth efficient and can converge faster than its Cisco companion protocols.

Switch specification

Cisco Catalyst 4948E Switch and Cisco Catalyst 3750 v2 -24TS-S Switch will be deployed for interconnecting systems. Cisco Catalyst 4948E Switch is a 48 port layer 3 Ethernet switch capable of switching at 176Gbps and has a throughput of 131mpps for IPv4 and 110mpps for IPv6. It is IPv6 ready and is compatible with fibre optic technology which will be the future of transmission medium. Cisco Catalyst 3750 v2 -24TS-S Switch is a 24 port layer 3 switch which will be setup in areas where deploying Cisco 4948E switch will be a waste of resource. Three different VLANs for students, staffs and administrators will be configured on switch ports.

Security and Privacy

Security being the foremost requirement, Cisco ASA 5550 Firewall will be setup at the border of the network. Cisco ASA 5550 integrates network firewall, application security and attack protection using intrusion prevention system. In addition to Cisco ASA 5550 Firewall, routers within the network will act as a stateful firewall offering security against unauthorized access within the network. To offer privacy, each class of user will be offered with logins having different level of usage policy.





Non-teaching staff

Internet browsing

Restricted access

Complete access

Complete access

Complete access

FTP downloads

No access

5GB limit

Unlimited access

No access

File sharing

Allowed but monitored

Unlimited access

Unlimited access

Unlimited access

Email & chat

Allowed but monitored

Unlimited access

Unlimited access

Unlimited access

Software installation


On permission


On permission



Complete access

Complete access

Complete access

Modifying system settings





Access to server

No access

No access

Unlimited access

No access

To secure the network from physical threat, Surveillance cameras will be operated in locations like operator room, administrator room and server room.


All the devices used in the network come with warranty and will maintain a MTTF. In order to offer uninterrupted operation, all devices will be given uninterrupted power supply. Server racks will be fitted with temperature and humidity sensor to check temperature and control the In-row cooling system. Servers will be fitted with backup drives for disaster recovery and migration solution.

7.2 Block Characteristics

7.2.1 Location 1

Fig.3.Deployment diagram for location 1

Location 1 must accommodate 65 PC's which comprises of 20 teachers, 5 administrators and 200 students. We must also layout printers and wireless access points wherever necessary. Keeping the future needs in mind, two 48 port switches will be needed to satisfy the needs. Further the location 1 has two labs and two staff rooms. Both lab 1 and lab 2 will accommodate 20 PC's each. Cisco Catalyst 4948E Switch will serve the purpose of interconnecting these 2 labs. Staff room 1 will have 10 PC's exclusively for teachers while Staff room 2 will have 10 PC's for teachers and 5 PC's for Administrators. Another Cisco Catalyst 4948E Switch will be setup for interconnecting the staff rooms. Router_location1 will be configured for DHCP pooling for an address space to Wireless Access points are placed at the junction of two rooms to provide uninterrupted wireless internet access.

7.2.2 Location 2

Fig.4.Deployment diagram for location 2

Location 2 must accommodate a total of 100 PC's which comprises of 30 teachers, 10 administrators and 300 students. We must also layout printers and wireless access points wherever necessary. Keeping the future needs in mind, two 48 port switches and one 24 port switch will be needed to satisfy the needs. Location 2 has three labs and two staff rooms. Lab 1, 2 and 3 will accommodate 20 PC's each while Staff room 1and Staffroom 2will have 15 PC's exclusively for teachers and 5 PC's for administrators each. Devices in lab 1 and 2 will be interconnected using Cisco Catalyst 4948E Switch. Similarly devices in lab3 and staff room1 will be interconnected using another Cisco Catalyst 4948E Switch. Staff room2 will connect to the network by using Cisco Catalyst 3750 v2 -24TS-S Switch. Wireless Access points are placed at the junction of two rooms to provide uninterrupted wireless internet access.

7.2.3 Location 3

Fig.5.Deployment diagram for location 3

Location 3 is a dedicated facility for administration. It must accommodate 15 administrators and 6 servers. Keeping the future needs in mind, two 24 port switches will be needed to satisfy the needs. Location 3 has admin room and a server room. The Edge Router, Firewall and Servers are installed in server room. This facility is secured and none of them except for administrators have access.

8 Risks, Opportunities, and the Test Plan

8.1 Risk Analysis & Elimination




Power Outage

Will result in loss of data and may even lead to hardware failure

Installing UPS, surge protection and power conditioning

Server overheating

Will cause the server to crash and become unresponsive

Deploying InRow Direct Expansion cooling system

Disk failure

Will result in loss of valuable enterprise data

Using backup drives and taking backups regularly

Router/Switch failure

Will require re-configuration of device

Taking backup of the router/switch configuration file

Network Security threats

Will lead to compromise of confidential data

Configuring stateful firewall in routers and deploying a dedicated firewall at the edge of the network

Physical threats

Will lead to compromise of confidential data and loss of resource

Installing surveillance cameras in important areas


Affects system files and causes it to malfunction

Installing latest antivirus/internet security solution and updating it on regular basis

Insufficient user knowledge

Loss of time and high school resources

Educating the user

Use of network for illegal activities

Raises question about management, worst case banning of the high school

Using network monitoring tools

Activities beyond academic curriculum

Will have negative impact on students and may spoil the school's reputation

Setting up strict usage policies and content filters

8.2 Opportunities

Technological equipment installed in school campus may generate job opportunity for job aspirers specialized in that field. This will in turn contribute to the development of high school. Routers and switches installed in school campus can be used for educational purpose in the future. A good network design may add to healthy contest among various competitors.

8.3 Testing Considerations

Developing a good product not only involves innovative design and use of best technologies available in market. A good product is a result of testing under various circumstances. Before actually implementing the network physically, initial ideas can be tested using network visualization software solutions to create virtual network topology. One such solution is OPNET IT Guru which allows testing of network by providing tools for constructing the network virtually and testing the virtual network to study various useful statistics like throughput, queuing delay, packet loss, utilization of each link in the network. Once the pre design test is concluded, the physical network can be built. Most of the tests are automated and only few require human intervention. Regardless of the type of testing, the conducting staff must have sufficient knowledge about networking and may require expertise in areas like router, firewall, networking protocols depending on the nature of test.

8.4 Test plans


Purpose & Implementation

Network Connectivity test

This test examines IP-level connectivity. Ping command is executed on host device to test the connectivity. It sends ICMP data packet to the network address specified and lets us evaluate response time.

Packet loss test

This tests network latency and network loss between two nodes. Pathping command can be used for this test. It can identify the degree of packet loss at any router/link and can also determine which router/subnet has network problems.

Throughput test

This test calculates the amount of data that can be transmitted on a test link for a given time. Many throughput testing softwares are available in market one of which is TTCP. It transmits several TCP packets continuously and measuring the time elapsed for the packets to travel from one end to the other.

Network/ Vulnerability scanning

This test scans for vulnerable services running on host devices and identifies any deviations in organizational security policy. Port scanning softwares like nmap may be employed for this testing.

Penetration testing

This test attempts to break through the security of the network based on the understanding of network design and techniques used by attackers. It identifies weak spots in the network and brings it to the knowledge of network analyser. As this test simulates an attack and makes use of tools and techniques prohibited by federal laws and regulation, permission for conducting this test must be obtained.

9 Project Management

9.1 Resource and Skill Acquisition


Key resource

Equipment needed

Days to learn

Networking fundamentals

Conducting training and seminars



Configuring network devices

Class room with training sessions

Routers, switches, WAP etc


Setting security & access policies

Class room and training sessions

PC with operating system installed


Installing hardware & software

Lab sessions

PC with operating system installed


Network monitoring & management

Lab sessions

PC with packet sniffing/analysing software installed



Class room with training session

PC with operating system installed, Network devices


9.2 Configuration Management Plans

Configuration management involves studying the current configuration of the network, making changes to the configuration whenever required, and maintaining the reliability and be able to trace the changes in configuration throughout the lifecycle of the network. It requires backup of network devices configuration files on a regular basis. As this is a new network, it is the duty of us to backup the configuration and make it available for future use. These configuration files can be used restore the devices back to operating condition in case of failure.

Steps in configuration management:

Configuration identification: It involves identifying network components whose configuration has to be managed followed by creating identification scheme to uniquely identify each component

Configuration change control: It involves identifying which component requires changes documenting the changes in network. It also identifies who controls the changes to the network

Configuration status accounting: It basically maintains record of all configuration changes and components affected by the configuration change

Configuration reviews: Reviews will be done on regular basis to check the integrity for the configuration status accounting information

9.3 Cost Estimates



Single unit



Cisco 3945E Integrated Services Router





Cisco Catalyst 4948E Switch





Cisco Catalyst 3750 v2 -24TS-S Switch





Netgear Prosafe Wireless-N Access Point





Dell Inspiron One 19 Desktops





Dell PowerEdge T410 Server





HP LaserJet Enterprise P3015x Printer (CE529A)





Belkin 24-Port CAT5e patch panel





RJ45 CAT5E Straight Ethernet LAN Network Cable



Cisco ASA 5550 Firewall Edition Bundle - Security appliance





Open Frame Racks





InRow Direct Expansion Cooling System (for servers)






NetBotz Rack Monitor 450 (with 120/240V Power Supply)




APC Temperature & Humidity Sensor




NetBotz Camera Pod 160





APC Smart-UPS 5000VA 230V Rackmount/Tower





Network planning and design cost


9.4 Time Plan

























Site viewing

Learning needs of stakeholders

Identifying requirements & collecting data

Designing virtual network and simulating

Network topology ready

Choice of equipment & Cost analysis

Ordering and receiving equipments

Laying out physical network

Testing physical network

Fine tuning performance

Network ready for use

10 Conclusion & Recommendations

The campus network has been designed with requirements specified by stakeholders and extensive market research. The network has been built with latest devices and technologies to extend the usable period. Options for extending the existing network are made keeping in mind the future needs. Staffs have been instructed about using equipments and provided with necessary documentation. It is recommended to follow the guidelines given in documentation for making in configuration changes.