Introduction to the article: This article uses Huawei ensp to plan and simulate the campus network, which is also applicable to campus, enterprise and other scenarios. The article attaches complete device configuration commands. The attachment is the ensp project. If necessary, you can download it and contact the author to provide after-sales service. You can modify it according to customized requirements
About the author: Senior network engineer, I hope to meet more friends to communicate with, you can private message or Penguin number: 3121200538
Salted fish search: Internet siege lion vx: wlgongchengshi
Table of contents
Taking a certain campus network as the demand background, realize the communication and access to the Internet within the campus and the networking between the two campuses. Divide VLANs so that the administrative department can visit any department, and other departments can visit each other except the administrative department and the financial department. The core layer adopts a dual-core structure, provides redundant backup, prevents single-point failures in the network, and uses spanning trees to achieve load balancing. The egress routers are respectively connected to the special lines of China Telecom and the education network to provide Internet access for teachers and students of the school. The content requirements are as follows:
(1) Office area: administrative office belongs to VLAN10, departmental office and teaching area office belong to VLAN20, two access switches and one aggregation switch (layer 3) are simulated and configured; teaching area: laboratory belongs to VLAN30, classroom belongs to VLAN40, Simulate the configuration of two access switches and one aggregation switch (layer 3); student area: the student area belongs to VLAN 60, and simulate the configuration of three access switches and one aggregation switch (layer 3).
The administrative department can visit any department, and other departments can visit each other except the administrative department.
(2) The internal central network is equipped with two core switches (three layers). The network adopts a dual-core structure, which integrates three-layer switching technology with GVRP (Cisco is VTP), MSTP, and Ethernet channels to achieve high-speed and high-performance networks. , reliability, and redundant backup functions.
(3) The core switch is connected to an egress router, and the egress router of the intranet is connected to the education network router and the telecommunication network router respectively, and the static routing and default routing technologies are used to connect the network to ensure that the data of the intranet has a path to the external network.
(4) The RIPV2 dynamic routing protocol is run on the extranet of the education network, and the school mainly obtains scientific research literature through the education net; the OSPF dynamic routing protocol is run on the extranet of the telecommunication network, and it is connected to another campus through the telecommunication network, and all intranet networks can Access the extranet.
(5) Use NAT technology to convert the IP of the internal network and the external network; when assigning IP addresses, it is required to at least reflect the division of subnets and VLANs.
(6) Use the access control list ACL to control, so that the hosts in the student area cannot access the external network from 23:30 at night to 06:00 the next morning, and the rest of the time and other hosts are not restricted from accessing the external network; realize the student area Computers cannot access the office network.
2.1 VLAN planning
According to the business content and related security requirements of the enterprise, each area is divided into one VLAN, the office area is divided into two VLANs, the teaching area is divided into two VLANs, and the living area is divided into one VLAN. The basic situation of VLAN division is shown in Table 2- 2.
Table 2-2 VLAN division table
| area |
floor |
VLAN shown |
| Workspace |
administrative office |
VLAN 10 |
| Department offices and teaching area offices |
VLAN 20 |
|
| school district |
laboratory |
VLAN 30 |
| classroom |
VLAN 40 |
|
| Living Area |
Living Area |
VLAN 60 |
2.3 IP address planning
Count the number of hosts based on the basic situation of the campus and the division of VLANs. There are 500 hosts in the office area, 500 hosts in the teaching area, and 500 hosts in the living area. Different VLANs are configured as different network segments. Each VLAN also needs to set a gateway address, so the address segment 10.10.0.0/16 is used to divide Table 2-3 lists the IP addresses of each network segment. The remaining number of IP addresses in each network segment is used for future expansion.
Table 2-3 IP address division table
| area |
VLAN shown |
IP address |
subnet mask |
gateway address |
| Workspace |
VLAN 10 |
10.10.10.0 |
255.255.255.0 |
10.10.10.254 |
| VLAN 20 |
10.10.20.0 |
255.255.255.0 |
10.10.20.254 |
|
| school district |
VLAN 30 |
10.10.30.0 |
255.255.255.0 |
10.10.30.254 |
| VLAN 40 |
10.10.40.0 |
255.255.255.0 |
10.10.40.254 |
|
| Living Area |
VLAN 60 |
10.10.60.0 |
255.255.255.0 |
10.10.60.254 |
2.4 Reliability Analysis
Daily office work on campus requires frequent access to the Internet, and students in the living area need to provide a stable network to access the Internet. In order to provide network reliability and avoid network interruption caused by network single point failure, redundant links and related backup devices should be provided in the network, and link aggregation and MSTP+VRRP should be performed on two core switches. Redundant backup solution for reliable configuration.
2.5 Security Analysis
The living area is the area network with the greatest demand and the most complex personnel in the entire network. In order to ensure the security of the intranet in the living area and control Internet behavior. Use the access control list ACL to control, so that the hosts in the student area cannot access the external network from 23:30 at night to 06:00 in the morning of the next day, and the rest of the time and other hosts are not restricted from accessing the external network; the computers in the student area are not allowed Access to the office area network.
2.6 Scalability Analysis
In addition to meeting the current needs, the network structure design should also be able to easily expand capacity to support more users and applications as the scale of user applications continues to expand; with the continuous development of network technology, the network must be able to stably Transition to new technology and equipment. In order to protect the user's investment, in the case of network upgrade or reinvestment in the future, the existing equipment can be upgraded and expanded by adding network equipment or modules at any time, and the replaced equipment can be applied to the branch or edge network. The smooth convergence of future network upgrades should be fully considered to ensure the backward compatibility of network communication media and network design cores.
2.7 Network topology design
Figure 2-1 shows the network topology structure.
Figure 2-1 Network structure design diagram
4 Network simulation and testing
According to the network structure design diagram, a network simulation environment is built in the eNSP simulator, and configuration and testing are performed.
4.1 Network device configuration and related commands
(1) Divide VLANs
4.2 Network communication test
Office area, teaching area, living area visit the education network
Workspace
school district
Living Area
Access to telecom network in office area, teaching area and living area
Workspace
school district
Living Area
living area access office area
living area visit teaching area
Sub-campus access to the telecommunications network
5 Summary
In this course design , the design of VLAN division, the reasonable application of link types, the configuration and commissioning of MSTP+VRRP redundancy backup solution, and the redundancy solution of link aggregation are completed . Reasonable application of ACL , collocation and use of OSPF routing protocol, configuration of automatic address acquisition of DHCP , and redundancy of egress load sharing. Reasonable introduction of default routing and dynamic routing. Time-based ACL configuration. Configuration of NAT network address translation. Reasonable use of routing protocols. Branch campus configuration and planning.