You are here

Chapter 4 - Critical Evaluation

Uditha Atukorala's picture

All the guest access is provided by a single switch (SW_OPEN_48) giving a separate logical LAN segment for the guests. Thus the network design isolates guests and other company users. This makes it much easier to implement security and control access to the guests.

Wireless access is provided by 14 access points operating in 802.11a and 802.11b radios located in fourth and fifth floors. This provides adequate wireless coverage and maintains wireless network performance by not overloading any access point with many users.

Lower data rates are disabled on both 802.11a and 802.11b radios, thus prevents from a low data rate client from associating and introducing a communication bottleneck.

Two server segments of the two building are bridged using wireless media, thus making it possible to take advantage of distributed computing by locating servers on both buildings.

To provide wireless security using static WEP encryption is not acceptable since it can be easily hacked. To provide advanced authentication a RADIUS server has to be in operation. But due to limited resources, the network configuration is limited to WEP encryption only.

A Cisco 3745 router performs all the packet forwarding at the distribution layer of the LAN with four Gigabit Ethernet interfaces and route packets for internet connectivity.

Instead of the router a Gigabit Ethernet switch such as Cisco Catalyst 4912G could have been used for the distribution layer. Using a switch will increase network performance for highly congested networks but for internet usage a router has to be used, thus having to make an extra investment. Since this network is for typical usage, using a single router for the distribution layer and internet connectivity is acceptable. Another advantage of using a router is being able to use advance network traffic management features such as Access Control Lists.

The network design includes dedicated access points for guest access and employee access making a total of 14 access points in operation. Instead of 14 access points it is possible to use 7 access points and provide both guest and employee access in the same access point. This will save costs for 7 access points.

If common access points are used, to provide limited access to guests and implement security VLANs should be used and instead of static WEP encryption with open authentication, advanced authentication and encryption (e.g.: EAP/WPA) is desired. A disadvantage of overloading access points arise when using 7 access points instead of 14.

The network design does not concern about limiting access to the company users as it is not in the specification but if need access-lists can be used which can be configured in the router.

The internet link is not configured because of lack of information about the internet connectivity, but it can be simply configured in the router RT_DIST.

The network design provides adequate bandwidth for Video-on-demand services but if the traffic volume is high QoS can be configured to give priority.

Wireless bridging is provided with Cisco Aironet 1200 access points using 13.5 dBi Yagi antennas. Using access points instead of outdoor bridges saves costs and since the distance between the two building are only 500m access points provides acceptable performance. The bridging access points are configured to use 802.11g radio and since a 13.5 dBi Yagi antenna is used it is possible to acquire 54Mbps data rates making it an acceptable wireless connectivity. 

All networking devices are mounted on racks and cabinets and cabled with assistance of patch panels making a neat, manageable and upgradeable network design.