Designing a LAN (Local Area Network) requires a structured approach: first, gather fundamental requirements (data) and then proceed with physical and logical design.
Here is a step-by-step guide on necessary data and design phases.
1. What data is needed to start? (Requirement Gathering)
Before drawing the network or purchasing hardware, you must gather this crucial information:
Logistical and Environmental Data
- Building planimetry: Surface, number of floors, thickness and material of walls (drywall allows Wi-Fi to pass through, reinforced concrete shields it).
- Technical room position (MDF/IDF): Where the external fiber optic will arrive and where the main racks will be positioned.
Load and Scalability Data
- Total number of users and devices: How many PCs, laptops, smartphones, printers, and company servers will be connected simultaneously?
- IoT and security devices: IP cameras, access badges, smart TVs for meeting rooms.
- Growth forecast: Always calculate a 20-30% margin for network ports and IP addresses for future growth.
Traffic and Performance Data
- Type of usage: Is it only for web browsing and email, or will there be massive use of VoIP, videoconferences, large file transfers (e.g., video editing), or continuous backups?
- Available internet bandwidth: What is the speed of the external connection (FTTH, FTTC)?
2. How to design the LAN (The Phases)
Once the data is obtained, the design is divided into three macro-phases following the standard hierarchical model.
Phase A: Physical Design (Hardware and Cabling)
- Choose the cabling: For horizontal runs (from wall outlets to the rack), use Cat 6 or Cat 6A cables (up to 10 Gbps). For vertical connections (between different floors), it is preferable to use fiber optic cables.
- Positioning of Switches: Access switches connect final devices. They must support PoE (Power over Ethernet) if you need to power IP cameras or VoIP phones directly from the network cable.
- Wi-Fi planning (Site Survey): Position Access Points (AP) to uniformly cover the area, avoiding interference. For corporate environments, use a Wi-Fi Controller (physical or cloud-based) to manage seamless roaming of users from one AP to another.
Phase B: Logical Design (Software and Security)
- Segmentation with VLANs (Virtual LAN): Do not put all devices in the same network. Divide traffic for security and performance:
- VLAN 10: Personnel/Offices
- VLAN 20: VoIP phones
- VLAN 30: Guests (isolated from the corporate network)
- VLAN 40: IP cameras and IoT
- IP Addressing Plan: Use private subnets (e.g., class
192.168.X.Xor10.X.X.X). Configure a DHCP server for automatic IP assignment to client devices and set static IPs only for servers, printers, and switches. - Security (Firewall and Router): Configure a Firewall to protect the network perimeter from external attacks and to manage VPNs if employees need to work from home.
Phase C: Service Continuity (Redundancy)
- UPS groups: Connect main racks to a UPS to avoid sudden shutdowns in case of a blackout.
- Dual uplink: If the network is critical, design backup connections (e.g., two cables between main switches or two different internet providers).
Summary Table of Key Components
Component - Main Role - What to verify during the project phase
Router / Firewall: Manages traffic to the internet and security: Verify throughput performance with the firewall active
Switch Core: The "heart" of the network, connects various sectors: High speed (backplane) and reliability
Switch Access: Connects PCs and final devices: Number of ports and presence of PoE/PoE+
Access Point: Provides wireless connectivity: Wi-Fi standard (Wi-Fi 6 or 6E) and user density
Cabling: The physical infrastructure: Certification of cables (Cat 6/6A) after installation
Are you designing this network for a small reality (an office with few PCs) or for a more complex structure spread over multiple floors?
How to perform segmentation in the system task:
Segmentation through VLAN (Virtual LAN) consists of dividing a single physical infrastructure into separate virtual networks for better management, security, and performance.