Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Case Study

I am currently in class and we have been assigned a case study with an unlimited budget, and having to stick to Cisco devices only, now this is a tactical case study (which basically means I know the tactical implementation of setting up this LAN) what the instructors want is to tie in a civilian case study into this military portion. I need to know what I would need to set up a LAN with approx. 35,000-60,000 users including VTC, access to the internet, classified network, satellite integration, secure and unclassified e-mail, firewall, BGP, etc. There is one company headquarters, three regional headquarters, four departmental headquarters (each with three sections); any and all help I could get on this project would be sincerely appreciated, thanks in advance.

Cisco Employee

Re: Case Study


I would start with

1. putting a topology in place,

2.deciding the IP addressing scheme, private addresses + public addresses as the case maybe.

3. List the applications tobe used. Plan and estimate the bandwidth requirement within a location and accross the various locations.

4. Making a resource allocation sheet that reflects the number of hosts in each location. Based on this, allocate the required hardware resources, the like of;

a) Switches -- types depending on the item 4

b) Routers -- types depending on the item 4

c) PIX Firewalls -- types depending on the item 4

d) Intruder detection systems

e) Remote Access and VPN devices.

The list goes on ... It might be a good idea to go through the Cisco SAFE Blueprint architecture on the below url;



New Member

Re: Case Study

Looking at your email I guess you are in the Army. Therefore, before talking equipment you definitely need to assess what you can connect and what is not allowed. I.e. a RESTRICTED network can be connected to the Internet IF you use an EAL4 certified device a DMZ and another EAL4 certified device from a different vendor.

A CONFIDENTIAL has more stringent requirement (cannot be discussed here) and SECRET and above CANNOT be connected.

Pixes are EAL (Common Criteria) accredited in Europe and I believe they have been approved by NSA for use up to restricted (not including the 3des VPN).

Therefore I strongly encourage you to assess your security constraints BEFORE starting working on the equipment list.

Then assess the data flow. Problem are when data goes from higher security to lower. The other way is easy.

Infact if you just require to feed data from the Internet to a higher security zone, you can solve the problem with a client in the low security zone (protected by firewall) pushing data to a server in the higher security zone. You can remove the trasmit wires of the server interface (you will need an additional interface toward the high security network) and use a protocol with no acknowledgement.

Remember in the world of classified, security is well above functionality and cost. You might need custom hardware and software.


Maj. Fabio (ItAF)

CreatePlease login to create content