Hello everyone,<\/p>\n
I’m currently studying Computer Science at university, and we have a network design project where we need to design a network for a school. The scenario involves a school with four buildings located near each other. Each building has its own IDF (Intermediate Distribution Frame, and there are approximately 10 classrooms per building. This is more of a conceptual and creative task, so I’m allowed to make reasonable assumptions (e.g., number of users, devices, etc.). There’s no strict right or wrong answer — the goal is to demonstrate understanding and design thinking.<\/p>\n
My current design idea:<\/strong><\/p>\n I’m trying to meet the following requirements from the project:<\/strong><\/p>\n What I’m struggling with:<\/strong><\/p>\n I’d really appreciate any help, diagrams, or advice on how to better understand and implement this in a real-world-inspired design.<\/p>\n Thanks in advance!<\/p>","upvoteCount":7,"answerCount":13,"datePublished":"2025-05-13T14:08:20.996Z","author":{"@type":"Person","name":"spiceuser-s6m1","url":"https://community.spiceworks.com/u/spiceuser-s6m1"},"acceptedAnswer":{"@type":"Answer","text":" Blockquote * ISP → Border Router → Firewall → Layer 3 Core Switch → Access Switches** in each building.<\/p>\n<\/blockquote>\n This is pretty close. I would just add distribution layer between core and access. You could do a collapsed core here where you do Core/Dis layer → Access but there is not a generally recommended architecture with only core and access layer. See below<\/p>\n Blockquote 1. What type of servers do I need specifically?<\/p>\n<\/blockquote>\n No wrong or right answer, but dell servers are what we run. You could suggest 1 beefy server and use a hypervisor to virtualize and then run your file/print/email server like that. You could also buy one dedicated server for each. Depends on budget, etc. These days most tend to virtualize. You could also go full cloud and run a VPN from local network to cloud! The possibilities are endless.<\/p>\n Blockquote Where should these servers be physically and logically placed?<\/p>\n<\/blockquote>\n Physically depends on above. If you go with cloud services, then someone else’s datacenter. Locally, then in your datacenter, server room, closet, wherever.<\/p>\n Blockquote How should the complete topology look?<\/p>\n<\/blockquote>\n Look into a 3 tier architecture. You will have a core, distribution, and access layer. Jeremy’s IT lab has some good videos on this in his CCNA course. It might give you a few ideas for design as well, he has visual examples.<\/p>\n Core - Layer 3 only. Super fast for routing traffic - Aggregates distribution layer Blockquote Where exactly should the firewall be placed? My assumption is right after the Border Router<\/p>\n<\/blockquote>\n This also depends on architecture. For example, if you have redundant ISP connections you might want to have it directly behind the ISP routers so you do not have to have a firewall in front of each ISP router (usually this would force you to have 4 firewall appliances because you want to have HA in each stack) but putting it behind the edge router would only require you to have 2 for HA.<\/p>\n As far as the requirements go,<\/p>\n This is talking about VLAN’s.<\/p>\n Look at trunking (tagging). Architecture could play in here. ACL’s or maybe firewall rules? You can do security in a bazzilion different ways. I would recommend looking up best practices and looking at a multilayer security approach.<\/p>\n Also look at VLAN’s for keeping traffic separate at layer 2, layer 3 look into subnetting and ACL’s.<\/p>\n EDIT: Spelling mistakes lol. Also welcome to the community!!<\/p>","upvoteCount":2,"datePublished":"2025-05-14T15:28:17.390Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/13","author":{"@type":"Person","name":"c-t","url":"https://community.spiceworks.com/u/c-t"}},"suggestedAnswer":[{"@type":"Answer","text":" Hello everyone,<\/p>\n I’m currently studying Computer Science at university, and we have a network design project where we need to design a network for a school. The scenario involves a school with four buildings located near each other. Each building has its own IDF (Intermediate Distribution Frame, and there are approximately 10 classrooms per building. This is more of a conceptual and creative task, so I’m allowed to make reasonable assumptions (e.g., number of users, devices, etc.). There’s no strict right or wrong answer — the goal is to demonstrate understanding and design thinking.<\/p>\n My current design idea:<\/strong><\/p>\n I’m trying to meet the following requirements from the project:<\/strong><\/p>\n What I’m struggling with:<\/strong><\/p>\n I’d really appreciate any help, diagrams, or advice on how to better understand and implement this in a real-world-inspired design.<\/p>\n Thanks in advance!<\/p>","upvoteCount":7,"datePublished":"2025-05-13T14:08:21.066Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/1","author":{"@type":"Person","name":"spiceuser-s6m1","url":"https://community.spiceworks.com/u/spiceuser-s6m1"}},{"@type":"Answer","text":" Your project sounds expensive! Ground up builds can be long drawn-out projects. Do you currently have on hand any of the hardware?<\/p>","upvoteCount":1,"datePublished":"2025-05-13T14:28:57.697Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/2","author":{"@type":"Person","name":"StoneyD","url":"https://community.spiceworks.com/u/StoneyD"}},{"@type":"Answer","text":" Thanks for your reply! Just to clarify — this is a university project<\/strong>, so it’s purely theoretical. I don’t need to worry about the actual hardware, cost, or implementation timeline<\/strong>. The focus is just on designing the network architecture and layout<\/strong> based on given requirements. It’s more about understanding the concepts than building it in real life.<\/p>","upvoteCount":1,"datePublished":"2025-05-13T14:53:33.055Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/4","author":{"@type":"Person","name":"spiceuser-s6m1","url":"https://community.spiceworks.com/u/spiceuser-s6m1"}},{"@type":"Answer","text":" I want to leave you some room to figure it all out yourself, so here’s some bread crumbs:<\/p>\n What type of servers do I need specifically?<\/strong> Where should these servers be physically and logically placed?<\/strong> How should the complete topology look?<\/strong> Where exactly should the firewall be placed? My assumption is right after the Border Router.<\/strong> Some more questions you’d want to answer, may be out of the scope: Hope this helps<\/p>","upvoteCount":5,"datePublished":"2025-05-13T15:26:20.392Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/5","author":{"@type":"Person","name":"JCG9","url":"https://community.spiceworks.com/u/JCG9"}},{"@type":"Answer","text":" This is a great mental exercise and sounds like it would be a fun project if it were real. I feel like much of the requirements can be met at the firewall end or even the layer 3 switch for routing policies & vlans. Web server would need to be placed in a DMZ. For this thought experiment the servers could be physical or virtual. If it were me and I needed redundancy in case a site went down I’d place servers at a minimum of 2 sites, but for this case you could absolutely place them at all 4 sites. What constitutes a border router? Generally, your firewall will also handle routing in most networks.<\/p>","upvoteCount":1,"datePublished":"2025-05-13T15:57:00.130Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/6","author":{"@type":"Person","name":"tb33t","url":"https://community.spiceworks.com/u/tb33t"}},{"@type":"Answer","text":" (post deleted by author)<\/p>","upvoteCount":0,"datePublished":"2025-05-13T17:18:39.456Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/7","author":{"@type":"Person","name":"spiceuser-s6m1","url":"https://community.spiceworks.com/u/spiceuser-s6m1"}},{"@type":"Answer","text":" Thank you for your response! ISP → Firewall → DMZ (Web Server) → Layer 3 Switch → Internal Servers and Access Switches.<\/p>\n It makes a lot more sense now.<\/p>\n However, I still have one question: Also, the school has a connection to the ISP with 5 public IP addresses, and I’m not completely sure how or where to use them. My assumption is that the firewall or border router would use NAT to translate from public to private addresses – is that correct? Would I assign public IPs directly to the web server in the DMZ, or are they always handled by NAT on the firewall?<\/p>\n If you know any good resources (videos, books, tutorials) to learn networking topology, server roles, and design practices, I’d be really grateful. I want to understand this properly, not just complete the assignment. Any clarification would be greatly appreciated!<\/p>","upvoteCount":1,"datePublished":"2025-05-13T17:21:22.080Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/8","author":{"@type":"Person","name":"spiceuser-s6m1","url":"https://community.spiceworks.com/u/spiceuser-s6m1"}},{"@type":"Answer","text":" Generally, I’ve seen servers either connected directly to the core switch or their own access switch. For the public IP addresses, one is most likely the going to be for the WAN of your network for configuring site to site VPN access, and one for the web server. I haven’t dealt too much with web servers, but my understanding is that NAT will be handled by the firewall.<\/p>","upvoteCount":3,"datePublished":"2025-05-13T17:42:32.707Z","url":"https://community.spiceworks.com/t/university-project-network/1205228/9","author":{"@type":"Person","name":"tb33t","url":"https://community.spiceworks.com/u/tb33t"}},{"@type":"Answer","text":" Your design and ideas are in line with standard practice.\n
\n
\n
\n
\n
\n
\n
\n
\n
\nDistribution - Aggregates layer 2, boundaries between layer 2 and 3 (OSPF, EIGRP etc)
\nAccess - Layer 2, VLANS, STP, etc are typically here<\/p>\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\nMost likely several servers virtualized on physical host server(s)<\/p>\n
\nProbably physically with MDF.
\nLogically on the network
\nThink of the servers as closer to end-user devices rather than in the network chain<\/p>\n
\nThink of it as roots of a tree, with your public address(es) starting at the top<\/p>\n
\nA question that will help you answer this is what’s the difference between a firewall and a router at this size of infrastructure? Are both required? Where would your routers ‘route’ you to?<\/p>\n
\nAre you using wifi or LAN for staff and student connections?<\/strong>
\nHow much traffic are you expecting? (Is load balancing a worry)<\/strong>
\nAre data backups important to this project? In reality this is a huge yes<\/strong>
\nWhat about battery backups?<\/strong><\/p>\n
\nI’ve updated my topology according to your suggestions. Now it looks like this:<\/p>\n
\nIs there a rule or best practice for where exactly to place internal servers?
\nFor example, can I connect servers directly to the core switch, or even to some access switches if it’s more convenient? I’ve seen both approaches and I’m unsure when one is preferred over the other.<\/p>\n
\nhere’s some thoughts/comments to assist.
\n