Shulou(Shulou.com)06/01 Report--

Many Lans adopt the topology of "firewall / routing-layer 3 switch-layer 2 switch". Because the configuration of layer 3 switch is relatively complex, Internet behavior management is deployed in such a local area network. users often face the following problems:

The administrator username and password for the switch could not be found.

No technician can modify the configuration of the switch.

There is no switch vendor technical support.

In fact, it is not difficult to deploy Internet behavior management in a network environment with three-layer switches. In this article, I will introduce two scenarios of "bridge deployment" and "gateway deployment" respectively. Our scheme avoids modifying the configuration of the switch as far as possible.

1. Gateway deployment model

The gateway deployment model, to put it simply, is to replace the existing router gateway with Internet behavior management equipment. The network topology diagram is as follows:

The following steps are recommended:

Record the previous configuration information of the router, mainly: IP, mask, DNS configuration, firewall configuration (port mapping, one-to-one NAT, etc.), static routing.

Connect the WSG online behavior management gateway separately, and set the configuration items of the router on the WSG gateway item by item.

Check the configuration information to ensure the correctness of IP, subnet mask, and static routes.

Wait for the personnel to put the new equipment online for testing after work.

This scheme can be deployed without modifying the configuration of the switch. If the previous gateway device has made a lot of policies, then the configuration will be more troublesome. The WFilter routing table is configured as shown in the figure:

two。 Bridge deployment model

The "gateway deployment model" described above needs to replace the existing gateway equipment and migrate the previous gateway configuration. In the "bridge deployment mode", there is no need to replace any equipment, and it can be deployed transparently. The network topology diagram is as follows:

Please note: in bridge mode, the functions of "× ×", "PPPoE authentication" and "multi-line equalization" cannot be realized; other functions are exactly the same as gateway mode. The deployment steps for bridge mode are as follows:

Connect the "WSG Internet behavior Management Gateway" separately, and configure the IP, mask and other information of the bridge.

Configure the bridge to the routing table of each VLAN (the next-hop address points to switch IP).

You can go online for testing.

If the bridge address is unreachable, you can also set other ports as management ports for configuration management and Internet access of WSG gateway devices. As shown in the figure:

To sum up, these two deployment modes do not need to modify the configuration of the switch, but can directly deploy Internet behavior management. As a professional provider of Internet behavior management solutions, our WFilter NGF can support "gateway mode" and "bridge mode"; in addition, there is a bypass mode through the mirror port to achieve Internet behavior management "WFilter ICF Internet behavior management software", does not need to connect network devices, is also an important way of deployment.

Related references:

How to connect multi-VLAN layer 3 switch to WFilter Internet behavior management system?

Analysis of the advantages and disadvantages of the deployment Scheme of Internet behavior Management

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.