Hello everyone, I am senior Xiaohua, a blogger in the computer field. After years of study and practice, I have accumulated rich computer knowledge and experience. Here I would like to share my learning experience and skills with you to help you become a better programmer.
As a computer blogger, I have been focusing on programming, algorithms, software development and other fields, and have accumulated a lot of experience in these areas. I believe that sharing is a win-win situation. Through sharing, I can help others improve their technical level and at the same time get the opportunity to learn and communicate.
In my articles, you will see my analysis and analysis of various programming languages, development tools, and common problems. I will provide you with practical solutions and optimization techniques based on my actual project experience. I believe that these experiences will not only help you solve the problems you are currently encountering, but also improve your programming thinking and problem-solving abilities.
In addition to sharing technical aspects, I will also touch on some topics about career development and learning methods. As a former student, I know how to better improve myself and face challenges in the computer field. I will share some learning methods, interview skills and workplace experiences, hoping to have a positive impact on your career development.
My articles will be published in the CSDN community, which is a very active and professional computer technology community. Here you can communicate, learn and share with other people who love technology. By following my blog, you can get my latest articles as soon as possible and interact with me and other readers.
If you are interested in the computer field and hope to better improve your programming skills and technical level, then please follow my CSDN blog. I believe that what I share will help and inspire you, allowing you to achieve greater success in the computer field!
Let us become better programmers together and explore the wonderful world of computing together! Thank you for your attention and support!
All computer project source codes shared include documents and can be used for graduation projects or course designs. Welcome to leave a message to share questions and exchange experiences!
Topic: Hospital Network Design
Summary
As the power of modern information technology continues to grow, information technology is now widely used in a variety of industries and has promoted the construction of information technology in the medical and health industry to a large extent. For a hospital medical system, it is very important to have a stable network system. The work of the hospital cannot be separated from the construction of the network, so the daily management of the hospital must be in line with the world and with information technology. Once the network or data is lost, it will bring huge disaster and irreparable losses to the hospital and patients. Therefore, the security of the hospital computer network system is very important. Combining the latest network technology, a set of scientific and reasonable network design solutions for hospital network planning and design are of great significance and role for the future development of hospitals. The advanced wireless network not only optimizes the workflow of medical staff, improves work efficiency, and ensures medical safety, but also provides high-quality services to patients and their families, which is of great significance to the informatization construction of hospitals.
Keywords: hospital network; network planning; network technology
Abstract
With the growing power of modern information technology, information technology is widely used in various industries, and to a large extent, it promotes the construction of medical and health information technology. For a hospital medical system, it is very important to have a stable network system. The work of hospital can not be separated from the construction of network, so the daily management of hospital must be in line with the world and information technology. Once the network or data is lost, it will bring huge disaster and irreparable loss to the hospital and patients. Therefore, the security of the hospital computer network system is very important. Combined with the latest network technology, a set of scientific and reasonable network design scheme is designed for the network planning and design of Anshan Central Hospital, which is of great significance and role for the future development of the hospital. Advanced wireless network not only optimizes the working process of medical staff, improves working efficiency, ensures medical safety, but also provides patients and their families with high-quality services, which is of great significance to the hospital information construction.
Keywords:Hospital network, Network planning, Network techniqu
Table of contents
Summary................................................. ................................................................. .................... 2
Abstract.................................................................................................................. 3
1 Introduction................................................ ................................................................. ............. 5
1.1 Research background and significance........................................ .................................................5
1.2 Research status........................................ ................................................. 5
1.3 Research content................................................ ................................................. 6
2 Network requirements analysis................................................ ................................................................. ... 7
2.1 Network Function Requirements Analysis................................................ .............................7
2.2 Feasibility analysis................................................ .................................................7
2.3 Principles of network construction................................................ ................................................................. . 7
2.4 Network construction goals................................................ ................................................................. . 7
3 Network solution design and planning........................................ .............................................. 8
3.1 Scheme design................................................ ................................................................. 8
3.2 Network level design................................................ ........................................... 9
3.3 Network IP address planning and design...................................... .............................10
3.4 Equipment selection................................................ ................................................................. 11
4.4 Goals and principles of network security design................................ .............................15
4.3 Prevention of basic network attacks........................................ .............................15
4 Network configuration................................................ ................................................................. ........ 17
4.1VLAN related configuration...................................... .................................................17
4.1.1Create VLAN and name it...................................... ............................17
4.1.2 Interface classification into VLANs........................................ ............................18
4.2 STP configuration................................................ ................................................. 19
4.3 HSRP configuration................................................ ........................................ 20
4.4 OSPF configuration................................................ ........................................... twenty two
4.5 NAT-Address Translation................................................ ................................................. 25
4.6 ACL configuration................................................ ................................................. 26
4.7 DHCP technology................................................ ............................................ 27
4.8 HTTP service................................................ ................................................. 27
4.9 DNS domain name resolution................................................ ........................................28
Summarize................................................. ................................................................. .............29
references................................................ ................................................................. ........ 30
Acknowledgments........................................................ ................................................................. .................. 31
1Introduction _
1.1 Research background and significance
In today's digital era, information technology is increasingly used in the medical field. As an important medical institution, the design and operation of the hospital's network infrastructure are crucial to providing efficient, safe and reliable medical services. Cisco Packet Tracer is a network simulation and experiment tool that can be used to design, simulate, and test network architecture. Therefore, hospital network design based on Cisco Packet Tracer has become an important research area.
First, research on hospital network design is of great significance for improving the efficiency and quality of medical services. By optimizing the network architecture, efficient collaboration and information sharing can be achieved between various departments within the hospital, thereby improving the efficiency of the medical process. At the same time, reasonable network design can also improve the security and reliability of medical data, prevent information leakage and network attacks, and ensure the privacy of patient data and the stable operation of the medical system.
Secondly, hospital network design research based on Cisco Packet Tracer helps to cultivate medical information technology talents. In the medical field, there is an increasing demand for network engineers and IT professionals. By using Cisco Packet Tracer for hospital network design practice in the education and training process, students and professionals can be provided with exposure and operational experience in real-life situations, cultivating their professional capabilities in the field of medical information technology.
Finally, the research on hospital network design based on Cisco Packet Tracer also helps to promote the process of medical informatization. With the continuous development of medical informatization, the application of new technologies such as electronic medical records, telemedicine, and smart medical equipment has become increasingly popular. By studying and practicing hospital network design, we can provide guidance and support for the construction of medical information systems, promote the improvement of the informatization level of medical institutions, and provide better medical services.
In summary, the research background and significance of hospital network design based on Cisco Packet Tracer is to improve the efficiency and quality of medical services, cultivate medical information technology talents, and promote the process of medical informatization. In-depth exploration of this research field will have a positive impact on the development and progress of the medical field.
1.2 Research status
Hospital networks are designed to provide efficient, secure and reliable information exchange to support critical areas of healthcare delivery. Currently, many hospitals are working hard to improve their network infrastructure to meet the challenges of growing data demands and technological developments.
In network design, one of the key issues is network capacity and speed. As hospitals handle large amounts of electronic medical records, imaging and other medical data, networks need to have sufficient bandwidth and processing power to support high-speed data transfer and real-time interaction. In response to this demand, many hospitals are adopting faster Ethernet technologies, such as Gigabit Ethernet or 10 Gigabit Ethernet, to provide higher data transfer speeds.
Another important aspect is cybersecurity. Hospital networks must protect sensitive patient information and medical records to prevent unauthorized access and data leakage. As cyber threats continue to evolve, hospitals need to implement multiple layers of security measures, such as firewalls, intrusion detection systems and data encryption, to ensure the security and integrity of their networks.
At the same time, hospital networks also need to have high reliability and redundancy. Because any network failure can have serious consequences for patient health and medical procedures, critical systems and equipment should have backup and redundancy to ensure that even if part of the network fails, other parts can still function properly.
In recent years, with the rapid development of Internet of Things (IoT) technology, hospital network design has begun to incorporate smart medical equipment such as sensors, equipment, and monitoring systems. These devices can collect and transmit patient physiological data in real time and integrate with medical record systems to provide more accurate diagnosis and treatment support. Therefore, it is increasingly important to consider the needs and interconnectivity of smart medical devices in network design.
Finally, it’s worth mentioning the impact of cloud computing and virtualization technologies. By moving data storage and processing to the cloud, hospitals can reduce on-premise equipment and maintenance costs and enable greater data sharing and collaboration. Virtualization technology can improve resource utilization and flexibility, allowing hospitals to quickly adjust and expand network infrastructure.
In summary, hospital network design is facing growing data demands, evolving security threats, and the continued development of emerging technologies. In the future, with the further application of technologies such as 5G networks and artificial intelligence, hospital network design will continue to evolve to meet the needs of more efficient, intelligent and connected medical services.
1.3 Research content
First, the study will focus on the topology design of the hospital network. By analyzing the network requirements of various departments and functional modules within the hospital, researchers can design a network topology suitable for the hospital environment, including the layout of network equipment, planning and configuration of network connections, etc., to achieve efficient data transmission and information sharing. .
Second, the research will focus on the security design of hospital networks. Networks in the medical field need to have a high degree of security to protect the privacy of patient data and the stable operation of the medical system. Researchers will study the security vulnerabilities and risks of hospital networks and propose corresponding security strategies and measures, such as firewall configuration, access control, intrusion detection, etc., to ensure the security of hospital networks.
In addition, the research will also focus on performance optimization of hospital networks. Hospital networks need to be able to handle large amounts of data transmission and high-frequency communication needs. Researchers will improve the bandwidth, throughput and response speed of the network by optimizing the configuration and performance adjustment of network equipment to meet the high-performance needs of the hospital.
Finally, the research can also explore the application of experimental and simulation technology based on Cisco Packet Tracer in hospital network design. By simulating and testing different network design options, researchers can evaluate their performance and feasibility, and optimize and improve the design.
In short, the research content of the paper will revolve around the use of Cisco Packet Tracer for hospital network design, including network topology design, security design, performance optimization, and the application of experimental and simulation technology. Through the exploration of these research contents, useful guidance and support can be provided for the design and operation of hospital networks.
2Network requirements analysis
2.1 Analysis of network functional requirements
Before designing a hospital network, it is first necessary to conduct network functional requirements analysis. This step aims to determine the functions and services required by the hospital network to meet the hospital's various business needs. For example, hospital networks need to support patient information management systems, electronic medical record systems, medical image transmission, telemedicine and other applications. By analyzing the hospital's business processes and information interaction needs in detail, we can ensure that the network design matches the actual needs and provide the hospital with efficient, safe and reliable network services.
2.2 Feasibility analysis
Before designing a hospital network, it is necessary to conduct a feasibility analysis to evaluate the feasibility and operability of the network design. This analysis considers factors such as budget constraints, resource availability, technical feasibility, etc. By analyzing and evaluating the feasibility of different network design options, you can choose the solution that best suits the actual situation of the hospital and ensure that the implementation process of network design can proceed smoothly.
2.3 Principles of network construction
When designing a hospital network, you need to follow some basic network construction principles. These principles include aspects such as network reliability, security, scalability and performance. Network reliability requires that the network can continue to operate stably and avoid single points of failure. Security requires networks to protect the privacy of patient data and the security of the medical system. Scalability requires the network to support future business expansion and growth. Performance requires that the network be able to provide high bandwidth, low latency and fast response services. By following these network construction principles, you can ensure that the network design is stable, secure, and scalable to meet the needs of the hospital.
2.4 Network construction goals
During the hospital network design process, the goals of network construction need to be clearly defined. Network construction goals can be set based on the hospital's needs and priorities. For example, network construction goals may include providing efficient data transmission and information sharing, ensuring the security and privacy of patient data, and improving the reliability and stability of the medical system. By setting clear network construction goals, you can guide the direction and focus of network design and ensure that the designed network can achieve the expected goals.
To sum up, network demand analysis is an important step in the hospital network design process, including network functional demand analysis, feasibility analysis, network construction principles and network construction goals, etc. By analyzing the hospital's needs and conditions in detail and determining appropriate network design solutions, efficient, safe and reliable network services can be provided for the hospital.
3Network solution design and planning
3.1 Scheme design
(1) LAN network technology selection
The hospital network center decided to use Gigabit Ethernet technology as the construction method of the backbone network to realize the QoS function. At the same time, Gigabit Ethernet switches support Layer 3 switching technology, also known as multi-layer switching technology or IP switching technology. Virtual LAN (VLAN) is a technology that implements virtual workgroups by dividing devices within a LAN logically rather than physically. It is not limited by the user's physical location, but instead segments the network based on user needs. Data transmission between different VLANs is implemented through Layer 3 (network layer) routing. To sum up, the core layer of the hospital network uses Gigabit Ethernet Layer 3 switches to achieve high-bandwidth and large-capacity network layer routing and switching functions. This allows network managers to continue to oversee and manage the network while increasing backbone bandwidth to gigabit speeds. As the central switch of the hospital network, Gigabit Ethernet switches can provide high-speed connections to access layer switches, firewalls, server groups (including domain name servers, file servers, database servers, WWW servers, etc.) and network management terminals, especially important servers and backbone links are connected using Gigabit modules. It can be said that the use of Gigabit Ethernet three-layer switching network can fully meet the hospital's needs for network systems and can last for a long time.
(2) Topology selection
Star maintenance and management are easy. Since all information communications in the star topology are controlled by the central node, maintenance is relatively easy. Flexible reconfiguration, the terminal equipment connected to an information socket can be moved on the distribution frame in the floor wiring room, and only the connected terminal equipment is involved, so the operation is relatively easy and adaptable powerful. Fault isolation and detection are easy. Since each information point is directly connected to the floor distribution frame , faults are easy to detect and isolate. Faulty information points can be easily deleted from the channel. Therefore, the hospital’s network design choice Star network topology.
Figure 3-1 Topology diagram
3.2 Network level design
The main network switches adopt a physical three-layer architecture of core, aggregation and access. The core switch is connected to the aggregation switch; the aggregation switch is connected to the access switch.
(1) Access layer design
In order to meet end users' network needs and business bandwidth requirements, and ensure the security and manageability performance of the access layer, the following factors need to be considered: (1) Access layer bandwidth: According to different business needs, high bandwidth is provided to meet various needs. Department network needs. (2) Stability: Configure Spanning Tree Protocol to prevent loops and avoid network storms causing paralysis. (3) Remote control: Provide good remote control to facilitate management of equipment distributed on various floors and rooms. (4) Security: Adopt effective security measures to prevent threats such as fraud and viruses, and implement network isolation. (5) Scalability: Reserve enough ports to accommodate the increasing number of users.
(2) Aggregation layer design
The main function of the aggregation layer is to aggregate access layer data and forward it to the core layer to avoid affecting the core layer. In the design of the aggregation layer, technical means such as route summary and link aggregation can be used. When setting up aggregation nodes, they should be reasonably divided according to the scale of the hospital network and the needs of different colleges and departments in the building. Considering traffic aggregation and routing information aggregation, load balancing and link aggregation technologies should be used. Aggregation layer switches have high performance requirements, can match the number and speed of upstream and downstream connection ports, and support remote control.
(3) Core layer design
The core layer is the backbone of the network and mainly completes routing and high-speed switching of aggregation layer data. In the core layer design, avoid overly complex routing configuration, try to simplify the setting as the main area, and place packet filtering and processing outside the core layer to improve switching capabilities. For large-scale hospital networks, it is recommended to adopt a dual-core design and use a mesh topology to achieve high reliability. Two core switches are selected to achieve load balancing and redundancy backup to ensure the normal operation of the entire network.
3.3 Network IP address planning and design
(1) Network IP address planning
This step is an indispensable part of the entire hospital network design. The rationality of IP address planning will directly reflect the design ideas of the network topology and can also play a very important role in the reliability of the network. Good IP address planning and reasonable hierarchical network topology design complement each other and together constitute a network design solution. Moreover, reasonable network segment planning combined with scientific VLAN division can significantly reduce the occurrence of network storms and ensure the security and stability of the entire network.
(2) Goals and principles of network IP address planning
The goals of IP address planning are: to make full use of redundant IP address resources; to establish network routing with excellent efficiency; to promote network development.
The principles of IP address planning are: IP address planning mainly follows four principles: uniqueness, scalability, continuity, and substantiality. Uniqueness: IP address is the identification of hosts and devices in the network. No two hosts in an IP network can use the same IP address, otherwise they will not be addressable. Scalability: When allocating IP addresses, there must be a certain margin to meet the needs of network expansion. Continuity: The allocated continuous IP addresses should be conducive to management and address summary. Continuous IP addresses are easy to conduct route summary, reduce the routing table, and improve routing efficiency. Practicality: When allocating IP addresses, try to make the assigned IP addresses have a certain practical significance, so that people can know which department or region this IP address is assigned to as soon as they see the IP address.
(3) Network IP address design
For wired networks in hospital networks, network administrators often use VLANs to divide broadcast domains and differentiate user groups. The following is the IP address allocation and VLAN division of the central hospital, as shown in Table 3-1:
Table 3.1 Hospital IP address allocation and VLAN division
| VLAN number |
network address range |
subnet mask |
Department |
| VLAN10 |
10.1.1.0/24 |
255.255.255.0 |
outpatient department |
| VLAN20 |
20.1.1.0/24 |
255.255.255.0 |
Inpatient department |
| VLAN30 |
30.1.1.0/24 |
255.255.255.0 |
Finance Department |
| VLAN40 |
40.1.1.0/24 |
255.255.255.0 |
Personnel Department |
| VLAN50 |
50.1.1.0/24 |
255.255.255.0 |
Administration Department |
| VLAN100 |
100.1.100.1/24 |
255.255.255.0 |
web server |
| VLAN101 |
100.1.200.1/24 |
255.255.255.0 |
DNS server |
| VLAN80 |
192.168.1.1/24 |
255.255.255.0 |
DHCP server |
3.4 Equipment selection
(1) Core layer switch selection
Core layer switches should mainly consider switching capabilities and reliability, so products with no single point of failure should be selected. After comprehensive consideration, Cisco N7K was selected as the core switch of the hospital network. N7K adopts a modular design and supports 6 service slots, a backplane bandwidth of 6Tbps, a packet forwarding rate of 1152Mpps, and a single device supports 240 10G ports, making it possible for the hospital network core layer to be upgraded to 10G switching capabilities in the future. sex. The N7K switch provides carrier-level high reliability. Key components such as the main controller and power supply adopt redundant designs, and all components support hot swapping. Therefore, service interruptions can be reduced, lossless service upgrades can be carried out, and complete operation and maintenance detection and performance management can be supported. When network congestion occurs, real-time statistics of parameters such as data transmission delay and system jitter can be performed, and network traffic can be monitored and faulted in real time. Rapid positioning. In addition, it supports wireless controller (AC) plug-in cards, supports automatic selection of transmission channels and power when wireless access points (APs) go online, and automatically adjusts channels or power when information conflicts. Wireless devices quickly switch when roaming across access points, wireless AC 1-to-1, 1-to-many cold backup and load balancing to improve reliability.
Figure 4-1 N7K switch
Table 4-1 Specific parameters of equipment
| The main parameters |
|
| product type |
Routing switch, POE switch |
| application level |
third floor |
| exchange method |
store-and-forward |
| Backplane bandwidth |
6Tbps |
| Packet forwarding rate |
1152Mpps |
| Port parameters |
|
| Port structure |
Modular |
| Extension modules |
6 business slots |
| Features |
|
| VLAN |
Supports Access , Trunk , and Hybrid modes |
| QOS |
Supports combined traffic classification based on Layer2 protocol header, Layer3 protocol, Layer4 protocol, 802.1p priority, etc. |
| Multicast management |
Support IGMPv1/v2/v3 , IGMP v1/v2/v3 Snooping |
| network management |
Supports terminal services such as Console , Telnet , SSH , etc. Supports network management protocols such as SNMPv1/v2/v3. Supports uploading and downloading files through FTP and TFTP . Supports BootROM upgrade and remote online upgrade. Supports hot patches. Supports user operation logs. |
| Security management |
802.1x认证,Portal认证 |
(2)汇聚层交换机选型
汇聚交换机对接入交换机的流量进行汇聚和转发,除了背板带宽,还应考虑接口类型应与接入交换机的上行接口匹配,应支持链路汇聚、VLAN间路由及相应的安全策略。医院的汇聚交换机选择了思科 3750。此交换机属于三层交换机,接口方面,此机型提供了24个100/1000Base-X端口,4个10/100/1000Base-T千兆Combo口,满足了汇聚交换机多路光纤链路上行的接入需求;VLAN支持方面,支持缺省VLAN、语音流VLAN,支持基于MAC地址、子网、策略、端口的VLAN划分,支持一对一和一对多的VLAN交换。可以满足接入交换机的VLAN聚合、路由及其它管理需求;网络管理方面,支持堆叠,支持远程登录配置,支持简单网络管理协议,支持集群管理,支持对端口接收、发送报文的速率进行控制。安全管理方面,支持用户分角色管理和口令防护,支持拒绝服务、地址解析、ICMP攻击防范,支持IP地址、MAC地址、端口号、VLAN的组合绑定,支持端口隔离、支持802.化身份认证,支持单端口的用户数限制,全面满足医院汇聚层的连接需求和管理需求。
图4-2 3750交换机
表4-2设备具体参数
| 包转发率 |
108Mpps/126Mpps |
| 固定端口 |
24个千兆 SFP,8个复用的千兆10/100/1000Base-T以太网端口Combo,4个万兆SFP+ |
| MAC特性 |
遵循IEEE 802.1d标准 |
| VLAN特性 |
支持4K个VLAN |
| IP路由 |
静态路由、RIPv1/2、RIPng、OSPF、OSPFv3、ECMP、ISIS、ISISv6、BGP、BGP4+ |
| 超级虚拟交换网(SVF) |
支持作为SVF client零配置即插即用 |
| 互通性 |
VBST基于VLAN生成树协议(和PVST/PVST+/RPVST 互通) |
4.4网络安全设计的目标和原则
网络安全涉及防御来自内部和外部的各种威胁,旨在保障网络的安全。网络安全设计的目标包括以下方面:确定设备和数据资源,确保其完整性;对整个网络进行威胁评估,以保护数据的保密性、完整性和可用性;使用数据的保密性、完整性和可用性评估网络风险。
4.3网络基本攻击的预防
网络中存在各种网络病毒和攻击,它们可能对网络造成不可预测的损失,因此我们必须采取措施来防范这些潜在危险。
(1)常见网络病毒的预防
对于严重危害网络的常见网络病毒,可以通过部署扩展的访问控制列表(ACL),防范其所使用的TCP和UDP端口。即使某个用户被感染,也不会影响其他用户,保障医院网络带宽的合理使用。
(2)未知网络病毒的预防
对于未知的网络病毒,可在网络中部署基于数据流类型的带宽控制功能,为不同的网络应用分配不同的带宽。这确保关键应用有足够的带宽,新病毒出现时也不会影响主要网络应用的运行,提高网络的可用性。
(3)IP地址盗用和ARP攻击的预防
深度检测每个ARP报文中源IP和MAC地址是否与端口安全规则匹配,若不匹配,则说明IP地址被篡改,禁止相关数据包进入网络。这有效防止了安全端口上的ARP欺骗,防止非法信息点冒充网络关键设备的IP,避免网络通信混乱。
(4)预防假冒IP、MAC的攻击
实施IP、MAC、端口绑定和IP+MAC绑定,并实现端口反查功能,追踪源IP、MAC访问,追查恶意用户。有效预防通过伪造源IP/MAC地址进行的网络攻击,增强网络安全性。
(5)屏蔽DOS和扫描攻击
在医院网络中部署防御DOS和扫描攻击的机制,能够有效避免此类攻击,节省带宽,并防止网络设备和服务器遭受攻击导致的网络中断。
4 网络配置
4.1VLAN相关配置
在汇聚交换机上创建VLAN,为不同部门之间划分不同的VLAN并命名;在核心层交换机上配置VLAN的网关。
图5-1 核心和汇聚交换机
4.1.1创建VLAN并命名
Switch>enable //进入交换机特权模式
Switch#configure terminal //进入交换机全局模式
Switch(config)#hostname HJ-1 //将交换机更名为HJ-1
HJ-1(config)#vlan 10 //创建并进入vlan 10
HJ-1(config-vlan)#na MZB //将vlan 10命名为MZB(门诊部)
HJ-1(config-vlan)#ex
HJ-1(config)#vlan 20 //创建并命名vlan 20为ZYB(住院部)
HJ-1(config-vlan)#na ZYB
HJ-1(config-vlan)#ex
HJ-1(config)#vlan 30 //创建并命名vlan 30为CWB(财务部)
HJ-1(config-vlan)#na CWB
HJ-1(config-vlan)#ex
HJ-1(config)#vlan 40 //创建并命名vlan 40为RSB(人事部)
HJ-1(config-vlan)#na RSB
HJ-1(config-vlan)#ex
HJ-1(config)#vlan 50 //创建并命名vlan 50为XZB(行政部)
HJ-1(config-vlan)#na XZB
4.1.2接口划分VLAN
HJ-1(config)#int e0/0 //进入e0/0接口
HJ-1(config-if)#sw mo ac //将端口模式设置为Access
HJ-1(config-if)#sw ac vlan 10 //把端口划入vlan 10
HJ-1(config)#int e0/1 //进入e0/1接口,并将端口划入vlan20
HJ-1(config-if)#sw mo ac
HJ-1(config-if)#sw ac vlan 20
HJ-1(config)#int e0/2 //进入e0/2接口,并将端口划入vlan30
HJ-1(config-if)#sw mo ac
HJ-1(config-if)#sw ac vlan 30
HJ-1(config)#int e0/3 //进入e0/3接口,并将端口划入vlan40
HJ-1(config-if)#sw mo ac
HJ-1(config-if)#sw ac vlan 40
HJ-1(config)#int e1/1 //进入e1/1接口,并将端口划入vlan50
HJ-1(config-if)#sw mo ac
HJ-1(config-if)#sw ac vlan 50
4.2 STP的配置
交换机HX-1为VLAN10,30,50的根,HX-2为VLAN20,40的根。
HX-1(config)#spanning-tree mode pvst //将生成树模式设置为pvst
HX-1(config)#spanning-tree vlan 10 root primary //设置交换机为vlan10的根
HX-1(config)#spanning-tree vlan 30 root primary
HX-1(config)#spanning-tree vlan 50 root primary
HX-1(config)#spanning-tree vlan 20 root secondary //设置交换机为vlan20的备根
HX-1(config)#spanning-tree vlan 4 0 root secondary
HX-2(config)#spanning-tree vlan 20 root primary //设置交换机为vlan20的根
HX-2(config)#spanning-tree vlan 40 root primary
HX-2(config)#spanning-tree vlan 10 root secondary //设置交换机为vlan10的备根
HX-2(config)#spanning-tree vlan 30 root secondary
HX-2(config)#spanning-tree vlan 50 root secondary
4.3 HSRP的配置
HSRP就是让两台设备共同维护一个虚拟网关,这个网关是虚构的、不存在的地址。当主设备宕机后备用设备能继续维护网关,从而实现冗余。
在HX-1设置Vlan10,30,50,为Active状态,Vlan20,40为Standby状态,配置如下:
HX-1(config)#int vlan 10 //进入VLAN10接口
HX-1(config-if)#ip add 10.1.1.250 255.255.255.0 //配置物理IP
HX-1(config-if)#standby 10 ip 10.1.1.254 //组号为10,并配置虚拟网关地址
HX-1(config-if)#standb 10 priority 110 //HSRP优先级为110
HX-1(config-if)#stan 10 preempt //设置为抢占模式
HX-1(config)#int vlan 20 //配置VLAN20
HX-1(config-if)#ip add 20.1.1.250 255.255.255.0
HX-1(config-if)#standby 20 ip 20.1.1.254
HX-1(config-if)#stan 20 preempt
HX-1(config)#int vlan 30 //配置VLAN30
HX-1(config-if)#ip add 30.1.1.250 255.255.255.0
HX-1(config-if)#standby 30 ip 30.1.1.254
HX-1(config-if)#stan 30 preempt
HX-1(config-if)#standb 30 priority 110
HX-1(config)#int vlan 40 //配置VLAN40
HX-1(config-if)#ip add 40.1.1.250 255.255.255.0
HX-1(config-if)#standby 40 ip 40.1.1.254
HX-1(config-if)#stan 40 preempt
HX-1(config)#int vlan 50 //配置VLAN50
HX-1(config-if)#ip add 50.1.1.250 255.255.255.0
HX-1(config-if)#standby 50 ip 50.1.1.254
HX-1(config-if)#stan 50 preempt
HX-1(config-if)#stand 50 priority 110
在HX-2设置Vlan10,30,50为Standby状态,Vlan20,40为Active状态,配置如下:
HX-2(config)#int vlan 10 //进入VLAN10接口
HX-2(config-if)#ip add 10.1.1.251 255.255.255.0 //配置物理IP
HX-2(config-if)#standby 10 ip 10.1.1.254 //组号为10,并配置虚拟网关地址
HX-2(config-if)#stan 10 preempt //设置为抢占模式
HX-2(config)#int vlan 20 //配置VLAN20
HX-2(config-if)#ip add 20.1.1.251 255.255.255.0
HX-2(config-if)# standby 20 ip 20.1.1.254
HX-2(config-if)#stan 20 priority 110
HX-2(config-if)#stand 20 preempt
HX-2(config)#int vlan 30 //配置VLAN30
HX-2(config-if)#ip add 30.1.1.251 255.255.255.0
HX-2(config-if)#stand 30 ip 30.1.1.254
HX-2(config-if)#stan 30 preempt
HX-2(config)#int vlan 40 //配置VLAN40
HX-2(config-if)#ip add 40.1.1.251 255.255.255.0
HX-2(config-if)#stand 40 ip 40.1.1.254
HX-2(config-if)#sta 40 priority 110
HX-2(config-if)#stan 40 preempt
HX-2(config)#int vlan 50 //配置VLAN50
HX-2(config-if)#ip add 50.1.1.251 255.255.255.0
HX-2(config-if)#standb 50 ip 50.1.1.254
HX-2(config-if)#sta 50 preempt
4.4 OSPF的配置
在核心层两台交换机上跟上联出口路由器之间跑OSPF路由协议,OSPF利用LSA来传递消息,具有收敛速度快,通用性强等优点。
核心交换机1:
HX-1(config)#router ospf 1 //创建OSPF进程号为1
HX-1(config-router)#router-id 1.1.1.1 //设置OSPF的router-id
HX-1(config-router)#network 10.1.1.0 0.0.0.255 a 0 //宣告加入OSPF的接口地址
HX-1(config-router)#network 20.1.1.0 0.0.0.255 a 0
HX-1(config-router)#network 30.1.1.0 0.0.0.255 a 0
HX-1(config-router)#network 40.1.1.0 0.0.0.255 a 0
HX-1(config-router)#network 50.1.1.0 0.0.0.255 a 0
HX-1(config-router)#network 100.1.100.0 0.0.0.255 a 0
HX-1(config-router)#network 100.1.200.0 0.0.0.255 a 0
HX-1(config-router)#network 192.168.1.0 0.0.0.255 a 0
HX-1(config-router)#network 172.16.31.0 0.0.0.255 a 0
核心交换机2:
HX-2(config)#router ospf 2
HX-2(config-router)router-id 2.2.2.2
HX-2(config-router)log-adjacency-changes
HX-2(config-router)network 10.1.1.0 0.0.0.255 area 0
HX-2(config-router)network 20.1.1.0 0.0.0.255 area 0
HX-2(config-router)network 30.1.1.0 0.0.0.255 area 0
HX-2(config-router)network 40.1.1.0 0.0.0.255 area 0
HX-2(config-router)network 50.1.1.0 0.0.0.255 area 0
HX-2(config-router)network 100.1.100.0 0.0.0.255 area 0
HX-2(config-router)network 100.1.200.0 0.0.0.255 area 0
HX-2(config-router)network 192.168.1.0 0.0.0.255 area 0
HX-2(config-router)network 172.16.32.0 0.0.0.255 area 0
出口路由器:
INTERNET-R1(config)#router ospf 3
INTERNET-R1(config-router)#router-id 3.3.3.3
INTERNET-R1(config-router)#network 172.16.31.0 0.0.0.255 a 0
INTERNET-R1(config-router)#network 172.16.32.0 0.0.0.255 a 0
INTERNET-R1(config-router)#network 202.145.1.0 0.0.0.255 a 0
OSPF的负载均衡:
在HX-1上把vlan30,40,50的cost值变大,在HX-2上把vlan10,20的cost值变大,从而实现链路走向的负载分担。
HX-1(config)#int vlan 30 //进入vlan 30的端口
HX-1(config-if)#ip ospf cost 200 //修改cost值为200
HX-1(config-if)#ex
HX-1(config)#int vlan 40
HX-1(config-if)#ip ospf cost 200
HX-1(config-if)#ex
HX-1(config)#int vlan 50
HX-1(config-if)#ip ospf cost 200
HX-2(config)#int vlan 10
HX-2(config-if)#ip ospf cost 200
HX-2(config-if)#ex
HX-2(config)#int vlan 20
HX-2(config-if)#ip ospf cost 200
4.5 NAT-地址转换
私网的地址是不能在公网上进行流量传递的,因此我们通常在边界网关上布置NAT策略,从而使私网地址转换成公网地址在internet上进行相应的动作。
图5-2 NAT地址转换
INTERNET-R1(config-if)#ip nat inside source list 1 int G0/2 overload //配置NAT
INTERNET-R1(config-if)exit
INTERNET-R1(config)# ip nat in sour stat tcp 100.1.100.1 80 202.145.1.1 8 //将web服务器的80端口映射
INTERNET-R1(config)#interface g0/0 //将NAT应用到接口上
INTERNET-R1(config-if)#ip nat
INTERNET-R1(config-if)#ip nat in //在进接口里设置为NAT的in
INTERNET-R1(config-if)ex
INTERNET-R1(config)#interface g0/1
INTERNET-R1(config-if)#ip nat in
INTERNET-R1(config-if)ex
INTERNET-R1(config)#interface g0/2
INTERNET-R1(config-if)#ip nat out //在出接口设置为NAT的out
4.6 ACL的配置
ACL能有效的保护我们的局域网,首先财务部的PC只能访问内网,不允许访问外网;其次外网的路由不允许进入内网;CWB的PC可以ping通其他部门的网络,但是其它部门的网络不能ping通CWB的PC。
INTERNET-R1(config)# access-list 1 deny 30.1.1.0 0.0.0.255 //拒绝IP地址为30.1.1.0/24的设备
INTERNET-R1(config)# access-list 1 permit any //允许放行所有地址
INTERNET-R1(config)# inter g0/0 //进入g0/0接口
INTERNET-R1(config-if)#ip access-group 1 in //编号为1的ACL组为接口的in方向
INTERNET-R1(config-if)#exit
INTERNET-R1(config)# inter g0/1
INTERNET-R1(config-if)#ip access-group 1 in
INTERNET-R1(config-if)#exit
INTERNET-R1(config)# inter g0/2
INTERNET-R1(config-if)#ip access-group 1 out
HX-1(config)#access-list 111 deny icmp host 30.1.1.1 10.1.1.0 0.0.0.255 echo-reply //允许源30.1.1.1,目标是10.1.1.0这个网段的 回响(ping)应答数据包
HX-1(config)#access-list 111 deny icmp host 30.1.1.1 20.1.1.0 0.0.0.255 echo-reply
HX-1(config)#access-list 111 deny icmp host 40.1.1.1 40.1.1.0 0.0.0.255 echo-reply
HX-1(config)#access-list 111 deny icmp host 50.1.1.1 50.1.1.0 0.0.0.255 echo-reply
HX-1(config)#access-list 111 permit icmp any any //允许所有的地址进行ping操作
HX-1(config)#int vlan 30
HX-1(config-if)#ip access-group 111 in //在接口上应用
4.7 DHCP技术
通过DHCP服务器上根据VLAN来分配不同的IP地址,部门终端无需手动而是自动的获取到IP地址、掩码、网关、DNS。
图5-3 DHCP配置图
4.8 HTTP服务
在局域网中创建了个HTTP服务器,供内部人员浏览、发送通知、下载文件等操作。
图5-4 Web配置图
4.9 DNS域名解析
内部人员不需要知道Web服务器的IP地址,用户输入服务器对外的域名DNS就帮助用户自动跳转到Web页面。
图5-5 DNS配置图
总结
本论文旨在探讨基于Cisco Packet Tracer的医院网络设计,从网络需求分析、可行性分析、建网原则和建网目标等角度进行研究。通过对医院网络功能需求的分析,可以确保设计的网络与医院的实际业务需求相匹配,提供高效、安全和可靠的服务。可行性分析的评估可以保证网络设计方案的可行性和可操作性,确保设计的成功实施。遵循建网原则,包括网络可靠性、安全性、扩展性和性能等方面的要求,可以构建稳定、安全且具备发展潜力的网络架构。设定明确的建网目标,可以指导设计的方向和重点,确保网络设计能够实现预期的目标。
通过这一研究,可以为医院网络的设计和运营提供指导和支持,从而提高医疗服务的效率和质量。优化的网络架构能够实现医院内各部门的高效协作和信息共享,提高医疗流程的效率。同时,合理的网络设计还可以增强医疗数据的安全性和可靠性,保护患者数据的隐私,防止信息泄露和网络攻击。此外,基于Cisco Packet Tracer的实验和仿真技术的应用,有助于学生和专业人士培养医疗信息技术领域的专业能力,推动医疗信息化进程。
综上所述,本论文的研究内容对于医院网络设计具有重要的意义和应用价值。通过深入探索基于Cisco Packet Tracer的医院网络设计,可以为医疗领域的发展和进步提供积极的影响,推动医院网络的发展,提供更好的医疗服务。
参考文献
[1]虞宏达.基于Wi-Fi 6技术的医院高安全性无线网络设计[J].大众标准化,2022,(02):146-148.
[2]王凯.医院计算机网络规划设计[J].计算机与网络,2020,(20):50-51.
[3] Li Chaofan, Liu Qiong, Li Minxi, Xu Hao, Ma Kai. Research and simulation design of hospital virtual private network [J]. China Digital Medicine, 2020, (10): 91-93.
[4] Liu Haoran, Liu Bin. Research on network transformation design plan of Panzhihua Second People’s Hospital [J]. Modern Information Technology, 2020, (18): 147-149.
[5] Yi Zhanxiang. Design and implementation of hospital wireless network [D]. Instructor: Teng Shaohua. Guangdong University of Technology, 2019.
[6] Li Shuling, Shang Ping. Technical network design based on SDN - taking a large hospital as an example [J]. Computer Knowledge and Technology, 2019, (21): 44-46.
[7] Zhang Yu. Application of VLAN technology in hospital network construction [J]. Electronic Technology and Software Engineering, 2019, (08): 4-5.
[8] Wang Yaping. Discussion on the key points of network design of hospital computer information management system [J]. Computer Programming Skills and Maintenance, 2019, (03): 171-173.
[9] Fan Nianfeng, Yin Lin, Wu Longqiang, Huang Lingyun. Hospital network architecture design based on medical cloud [J]. China Medical Device Information, 2019, (05): 39-40+47.
[10] Kou Jianqiu, Yan Zhengzhong, Zhang Weixin, Jiang Yan. Design and implementation of Internet hospitals based on physical hospitals [J]. China Medical Equipment, 2018, (11): 135-139.
[11] Qi Haoran. Research on the design of medical consortium network under hierarchical diagnosis and treatment [D]. Supervisor: Fu Xiaoling. Southeast University, 2018.
[12] Huang Sheng, He Yi. Discussion on the construction of intelligent network in hospitals [J]. Automation Application, 2018, (08): 72-75.
[13] Li Min, Cao Yang, Guo Yifeng, Wang Yan. Hospital network design and transformation based on EVPN technology [J]. China Digital Medicine, 2018, (07): 82-84.
[14] Huang Wurong. Discussion on network design of hospital computer information management system [J]. Science and Technology Wind, 2018, (17): 73.
[15] Sun Yulong. Design of hospital building information network system [J]. Intelligent Building Electrical Technology, 2017, (05): 63-67.