The purpose of this standard is to define how CIT will implement network devices. This standard targets CIT and its clients to provide secure and reliable network infrastructure.

---

• Basic understanding of the OSI Model

• Potential for single point of failure.

• Not accounting for enough network drops.

• Risk of network outage due to unplanned downtime.

• Degraded network performance.

• Accounts and password standards

• Naming standards

• NOC related standards for alerting and monitoring.

• Lucid Chart

• Cisco

• Meraki

• VMware

• HPE

---

• Identify business & technical requirements. Example requirements include:

• Business Requirements

• Support new office build or expansion

• Support new application

• Improve end-user connection

• Comply with regulation

• Improve business continuity

• Technical Requirements

• Bandwidth

• Security requirements

• RPO

• Uptime

• All network devices must be monitored in N-central

• All network devices must be documented in Halo

• All network diagrams must be updated.

• All admin accounts, passwords, and preshared keys must be documented in 1Password

• All network devices must be patched to the latest firmware

• All network devices must go through a 1 week burn in

• All licensing information must be documented in Halo

• New ISP Circuits must have 5 usable IPs (/29)

• For 10Gbps speed requirements, CAT6 ethernet cables are required

• For 1000Mbps (1Gbps) speed requirements, CAT5e ethernet cables are required

---

• Use unique IP subnets.

• Example subnets 10.0.0.0/24.

• Do not use 192.168.0.0/16 for production VLANs.

• For new network deployments, do not use VLAN1.

• Segment network traffic based on network type.

• Example: VLAN ID Naming Scheme – Small Business

• 1 – Not in use

• 10 – WAN1

• 11 – WAN2

• 50 – DMZ

• 100 – Voice

• 101 – Production Data

• 102 – Guest

• 103 – Lab

• 210 – Network Management

• 220 – Printers

• 230 – Building Management

• Example: VLAN ID Naming Scheme – Enterprise Level

• Private IP ID+networktype

• Private IP Identification:

• 10.0.0.0/8 = 1

• 172.16.0.0/12 = 2

• 192.168.0.0/16 = 3

• Example:

• 10.1.250.0/24 = VLAN 1250

• 172.16.250.0/24 = VLAN 2250

• 192.168.30.0/24 = VLAN 330

• IP Naming Scheme

• 10...

• Example:

• Building 1, Network Type PC (101), /24 = 10.1.101.0/24 = VLAN 1101

• Building 2, Network Type PC (101), /24 = 10.2.101.0/24 = VLAN 1101

• Subnets must be unique across an entire organization (e.g., you cannot use 10.1.101.0/24 at more than one location within an organization.)

• If switches contain multiple VLANs, configure switch uplinks as TRUNK port.

• Configure endpoint uplinks to ACCESS ports on the appropriate VLAN.

• Configure hostnames to cIT naming standard

• CLIENT3LetterAcronym-LOCATION-DEVICE-ID

• Example: CIT-POWAY-SW-1

• Client = centrexIT

• Location = Poway Office

• Device Type = Switch

• ID number = 1

• Device Monitoring

• Configure SNMP v2c

• SNMP String = Designated Client Acronym

• Example: SNMP String for AltheaDx = ADX

• Configure all network devices with static IPs. Network devices should never be on DHCP.

• Recommended Patch Cable Color Scheme:

• Red = WAN Uplinks

• Orange = Switch Uplinks

• Yellow = Access Points

• Green = Production Data, e.g. Desktops

• Black = VOIP

• DHCP Scopes – Configure DHCP Pool Exclusions for Production VLANs

• Exclude .1 thru .50 from DHCP Pool

• Exclude .200 to 254 from DHCP Pool

• Static IP Ranges

• .1 and .2 are reserved for Firewall 1 and Firewall 2.

• .3 thru .10 are reserved for Switches

• .11 thru .30 are reserved for Servers

• .31 thru 40 are reserved for for APs

• .41 thru 50 are reserved for Printers

• .200 thru 254 are reserved for APCs, and any other devices requiring static IPs.

---

• EXTERNAL only – i.e., industry best practices, CIS18, this is not for cIT internal references

---

Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.