Network planning scheme for XXX hotel
Assumptions
Based on the specification from the hotel, the network must support more than 300 devices on the same time, by assuming the quantity of devices will certainly get larger in future, so we design a network can support 400 devices on the same time.
The devices can access the network through wireless network or fixed Ethernet interface, we assumes that devices needs less network speed when using wireless network.
The wireless signals can only cross 3 walls in general, when cross more crossing more walls, the signal became too weak to connect. Floor 1-5 can be covered by 3 wireless access points. In open areas, the wireless access point can cover a radius about 100 meters.
The hotel can make an application for adding self-defined routing rules and change other setting of the router given by the carrier to carrier.
Physical structure
Each floor of 1-5 has a 24-ports switcher with 100Mbps bandwidth installed in the communicating room. Each floor has 19 rooms, each room has a RJ45 socket which is connected to the switcher using twisted pair, and so are the 3 wireless access points, which should be evenly placed in the aisle.
The ground floor has 3 switchers, two 12-ports switchers working on the 3rd OSI layer with 1000Mbps bandwidth used as core switcher, another is a 32-ports switcher. The core switchers should cascade to each other by connect up-link port to the others’ normal port using category 6 cable (if the switcher not support the automatic MIDI/MIDX switch, the cooper cross-over should be used) or using optical fiber to connect the sc-ports. Both the core switchers should connect to all other switchers, the wireless controller, the two dns servers and a router which is connected the carrier’s DSL end.
The 32-ports switcher of the ground floor is used for the conference room, the lobby bar’s 5 concurrent users and two wireless access points, three wireless access points and the concierge and reception tables.
Due to the lobby is relatively open, one wireless access point can cover the whole lobby area, however the lobby bar’s load may be much more heavier, so we’d better prepare another access point. The office area has several walls, so the office area need another access point. Due to the office is very crowded, so the solution use wireless network to grantee the Internet access.
The router also works as the firewall. The server machine can run the dns, dhcp services and so on.
In summary, the topology of the network is star structure, and the topology has 2 layers. The 1st layer is simply the 12-ports core switchers, the router and the wireless controller. The 2nd layer consist of all the other switchers and all wireless access points.
Cabling
Due to the communicating room is adjacent to the elevator shaft. Cables that cross floors can be fixed on the wall of elevator shaft. Cables in floor should be placed into the sleeve in the wall, if this is not possible fixed to the wall is the basic requirement. The switchers should be placed in the communication room of each floor. All access points should use products designed for ceiling installation. The cables for access points should be placed into the celling sleeve. It is better to place the RJ45 socket of each room next to the telephone socket.
Two core switchers is used in the active-active hot-standby mode, to redundant the backbone network.
Network structure
By subdividing the network into two virtual LANs, there are two subnet working on the Physical structure above, one for corporate network, one for the customer network. All the fixed Ethernet of floor 1-5 and the conference room, the concierge and reception tables, and the access point of the office are assigned to the corporate virtual LAN. The other access points and the five Ethernet in the lobby bar are assigned to the customer virtual LAN. The two VLANS share the router that support VLAN. The router have two subinterfaces, one for each VLAN. The router translate the customer VLANS’ address. The core switchers have the NAT functionality, so choose the core switchers to act as the router of the customer network is also possible.
Details of the two virtual LANs are show in the next table.
VLAN name | IP Capacity | Actually used | Network IP address | Gateway |
Corporate Network | 254 | 137 | 203.220.72.0/24 | 203.220.72.1 |
Customer Network | 254 | 205 | 192.168.1.0/24 | 192.168.1.1 |
Configurations
Creating VLAN
Setup VTP
Due to all the five 24-ports switchers’ setting is same. We can use VTP to simplify the configure process. We choose the switcher on floor 1 as the VTP server, the switchers on other floors as the VTP client. The VTP client will synchronize the VTP server’s
Setup VTP server on switcher of floor 1, with the flowing commands:
enable
set vtp domain my_hotel mode server
Setup VTP client on switcher of floor 2-5, with the flowing commands:
enable
set vtp domain my_hotel mode client
Setup VTP transparent on switcher of the ground floor, with the flowing commands:
enable
set vtp mode transparent
setup VLAN
Setup static VLAN for floors 1-5,10 is the VLAN number of corporate VLAN, 20 for Customer
set vlan 10 name corporate
set vlan 20 name customer
set vlan 10 1/1-19,1/23-24
set vlan 20 1/20-22,1/23-24
Ports 1-19 is connected to the rooms’ Ethernet socket, and should be in the corporate VLAN. Ports 20-22 connected to access points, and should be in the customer VLAN.
The 23,24 ports connected to the core switchers and should be in both VLANS.
Setup static VLAN for the ground floor:
set vlan 10 name corporate
set vlan 20 name customer
set vlan 10 1/1-21,1/30-31
set vlan 20 1/22-29,1/30-31
The two core switchers and routers should setup the vlans and add all ports to both vlans.
Setup router
Normally, the router connect to two core switcher, and each switcher have two VLANS, the router will get 2 IP addresses from each switcher, totally get 4 IP addresses. Dynamic routing rule if recommended for this situation. If have to use static routing rules, we can write two routing rules for each VLAN but with different priorities, the two 3rd switcher also need to setup the routing functionality and setup the static routing rules, the advanced configurations are link aggreation, Ether Channel and so on.
Assumes that the 4 IP addresses are: 203.220.72.1, 203.220.72.2; 192.168.1.1, 192.168.1.2.
Static ruling tables for corporate VLAN:
Devices | Destination | Gateway | priorities |
Router | 203.220.72.0/24 | 203.220.72.1 | 1 |
203.220.72.0/24 | 203.220.72.2 | 2 | |
Switcher A | 0.0.0.0/0 | 203.220.72.1 | 1 |
0.0.0.0/0 | 203.220.72.2 | 2 | |
Switcher B | 0.0.0.0/0 | 203.220.72.2 | 1 |
0.0.0.0/0 | 203.220.72.1 | 2 |
Static ruling tables for customer VLAN:
Devices | Destination | Gateway | priorities |
Router | 192.168.1.0/24 | 192.168.1.1 | 1 |
192.168.1.0/24 | 192.168.1..2 | 2 | |
Switcher A | 0.0.0.0/0 | 192.168.1.1 | 1 |
0.0.0.0/0 | 192.168.1.2 | 2 | |
Switcher B | 0.0.0.0/0 | 192.168.1.2 | 1 |
0.0.0.0/0 | 192.168.1.1 | 2 |
DHCP server
The dhcp server has two address pool, and at least 8 static item.
Interface | Static ip | Interface | Static ip |
Router port to switcher A, customer VLAN | 192.168.1.1 | Router port to switcher B, customer VLAN | 192.168.1.2 |
Router port to switcher A, corporate VLAN | 203.220.72.1 | Router port to switcher B, corporate VLAN | 203.220.72.2 |
DHCP on corporate VLAN | 203.220.72.3 | DHCP on customer VLAN | 192.168.1.3 |
DNS for corporate VLAN | 203.220.72.4 | Replica DNS | 203.220.72.5 |
The dhcp configurations should contains the static ip address table, the dns server,the default gateway and the second gateway.
Adding dns server into the dhcp configuration:
ip domain name myhotel.net
ip name-server 203.220.72.3
In order to let the dhcp server works on both Ethernet and wireless network, we need to enable the Dhcp Relay Information Option.
Service Dhcp
Ip Dhcp Relay Information Option
DNS :
Global configrations:
key “rndc-key” { //generate by rndc-key
algorithm hmac-md5;
secret “abcdedff==”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { “rndc-key”; };
};
options {
// file sores domain infomation
directory “/usr/local/named/var”;
//bind’s pid file
pid-file “named.pid”;
};
zone “.” IN {
//root domain server
type hint;
//locating in /usr/local/named/var
file “named.root”;
};
// zone file for domain myhotel.net
zone “myhotel.net” IN {
type master;
file “myhotel.net.zone”;
allow-update { none; }; //who are allowed to update the zone file
};
//reverse
zone “203.220.72.4” in {
type master;
file “myhotel.net.rev”;
allow-update { none; };
};
Zone file:
$TTL 86400
$ORIGIN myhotel.net.
NS ns1.myhotel.net.
NS ns2.cobb.net.
ns1 IN A 203.220.72.4
ns2 IN A 203.220.72.5
ACL configurations
On the router, enable Qos services, with the following commands:
Enable
mls qos
First is to allow all traffic.
Access-list 100 permit any any
Users on wireless or the open nodes adjacent to the concierges desk is connected to customer VLAN.
access-list 101 deny ip 192.168.1.0/24 203.220.72.0/24
- Users on the hotels corporate network should only be able to talk to the machine room using protocols DNS, DHCP, HTTP, HTTPS and SSH.
access-list 102 deny ip 203.220.72.0/24 203.220.72.1/32
access-list 102 deny ip 203.220.72.0/24 203.220.72.2/32
access-list 102 deny ip 203.220.72.0/24 203.220.72.3/32
access-list 102 deny ip 203.220.72.0/24 203.220.72.4/32
access-list 102 deny ip 203.220.72.0/24 203.220.72.5/32
access-list 103 permit udp 203.220.72.0/24 203.220.72.1/32 eq dns dhcp
access-list 103 permit udp 203.220.72.0/24 203.220.72.2/32 eq dns dhcp
access-list 103 permit udp 203.220.72.0/24 203.220.72.3/32 eq dns dhcp
access-list 103 permit udp 203.220.72.0/24 203.220.72.4/32 eq dns dhcp
access-list 103 permit udp 203.220.72.0/24 203.220.72.5/32 eq dns dhcp
access-list 103 permit tcp 203.220.72.0/24 203.220.72.1/32 eq http https ssh
access-list 103 permit tcp 203.220.72.0/24 203.220.72.2/32 eq http https ssh
access-list 103 permit tcp 203.220.72.0/24 203.220.72.3/32 eq http https ssh
access-list 103 permit tcp 203.220.72.0/24 203.220.72.4/32 eq http https ssh
access-list 103 permit tcp 203.220.72.0/24 203.220.72.5/32 eq http https ssh