Shulou(Shulou.com)06/01 Report--

description

A company's network architecture, such an architecture in the current network is common, assuming you receive a such network, how to deploy, the actual series, is a step-by-step explanation, how to plan, design, deploy such an environment, here will give different explanations for different situations, such as topology, there are two ISP, assuming customer needs are, want to achieve the effect of active and standby, or want to load sharing. DHCP is deployed on a firewall or on a separate server and how to configure the deployment.

Note: The headquarters uses Huawei's complete set of equipment, including firewalls, wireless, switches, etc., while the branches use H3C routers and switches, wireless or Huawei's AP. The architecture of headquarters belongs to the architecture of medium-sized enterprises, while the architecture of branches belongs to the architecture of small and medium-sized enterprises, which are often encountered in work. Here, we will explain step by step how to deploy and realize customer needs. Moreover, the headquarters and branches can exchange visits, and the traveling employees can access the resources of headquarters. In this way, you will encounter such a network architecture in your work, and you will not have to worry about not knowing how to start. In addition to explaining how to configure it step by step, it will also explain why it is configured so and what the effect is.

customer needs

1. Use reasonable IP subnet division to ensure rationality, scalability, aggregation and control.

Ensure redundancy, including link redundancy and equipment redundancy

3, security, protection of important departments, in addition to specific personnel can access, other departments are not allowed to access, such as the financial department, effective control of viruses, ARP ***

4. Wireless terminal, considering the increase of mobile phones and mobile computers in the company, adds wireless function, provides connection to the device, and requires verification function, while the visitor area does not authenticate, but cannot connect to the company, and can only access the web service provided by the company and Internet connection.

5, to ensure that under normal circumstances, access to the Internet is to take the telecommunications export, when there is a problem, with Netcom out, to ensure redundancy, need to achieve automatic switching. and implement NAT technology.

6, headquarters and branches, financial department needs to visit each other, must ensure security

7. Employees on business trips can access specific resources within the company through remote access technology.

8. The equipment is managed and accessed by a separate management host.

solutions

1. Use subnet division to plan each department. Each department has a separate 24-bit subnet to ensure continuity. Even if there are newly added employees, 24-bit has 254 addresses, which can be used normally. Continuity can be easily summarized and controlled with some policies.

2. Redundancy can be realized by using MSTP+VRRP technology to realize link redundancy and gateway hot standby function, and link aggregation between cores can improve bandwidth.

3. The implementation of security can be deployed by ACL and port isolation technology. Of course, advanced dot, dot1x, DHCPsnooping+DAI+IPSGD and other technologies can also be used. Under normal circumstances, ACL and port isolation technology can be used unless there are special needs in the use of subsequent.

4, the use of AC+AP three-layer hanging architecture component wireless network, the internal network uses 5G access network, while access uses 2.4G frequency, and to achieve, visitors can only access the WEB page provided by the company and Internet access, and requires wireless visitors to achieve isolation between areas.

5. Use floating route +NQA or ip-link technology to realize automatic handover

6. IPSEC technology is used to realize mutual visits between headquarters and branches, and to ensure data security through encryption verification and other mechanisms.

7. Deploy L2TP Over IPSEC to enable traveling employees to dial into the intranet and access specific resources.

8. Turn on Telnet or SSH function to realize access, and use ACL to restrict access to only characteristic hosts.

deployment thinking

1. Define IP address planning table items for convenient configuration

2. Planning VLAN and corresponding gateway address

3. Implement VLAN configuration, and configure the link between switches as Trunk, the access switch facing the terminal as Access, the wireless part as Hybrid or Trunk, and the firewall device as Access.

4. Configure IP address to ensure direct connection

5. Configure MSTP technology, VRRP and port aggregation technology to ensure that the whole network has no loop, high reliability and redundancy.

6. Configure routing to achieve full network accessibility

7. Configure DHCP service and relay, so that PC can obtain address and DNS parameters normally.

8. Configure the wireless part to enable the AP to go online normally, and the PC to connect to the network and obtain the address to achieve specific requirements.

9. Firewall configuration policy, NAT, ××× and other technologies to achieve access to the Internet, branches, and business employees can normally dial into the company intranet

10. Deployment management, terminal management

11. Final Security Policy Deployment

Divisional deployment thinking

1. Configure the IP address table entries and VLAN and interface divisions defined previously.

2. Configure routing, or adopt single-arm routing

3. The router is configured with ××× to realize mutual visits of the finance department, and the AP can be normally associated with the AC of the headquarters.

Full download

PDF format has been uploaded to the 51cto download center, blog upload update takes some time, if you are interested, you can download PDF format to watch, if you have any questions or errors and omissions in the text, welcome to leave a message pointing out.

http://down.51cto.com/zt/8791

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.