Build an enterprise branch network

This paper is based on school enterprise network interconnection as the project background. The network scale is small. The network technology applied in the cases of this paper is relatively simple and easy for readers to get started. The routing technology in the case of this paper includes static routing, one-arm routing, RIPv2 and other related content; the switching technology includes VLAN , Trunk and SVI (Switch Virtual Interface) configuration and other related content; the network security and network management technology includes privileged passwords, password encryption, Telnet (Remote Terminal Protocol) and SSH (Secure Shell Protocol) and other related contents; network services include WEB , DNS , DHCP and TFTP and other related contents; WAN technology includes NAT (Network Address Translation) and GREVPN and other related contents. By studying the cases in this paper, readers can cultivate their network planning, design and implementation capabilities, and at the same time, have a preliminary understanding of the work process of network engineers.

1.1Project background

ZHJQ is a company that invests in education. The company established a private school in HZ City. The school has established a clothing company engaged in school uniform processing in the suburbs of HZ City. Both the school and the company have their own private networks and are connected to ISPo through optical fiber. Currently, the school is in a stage of rapid development and is facing difficulties in capital turnover caused by expansion. Provide financial support for the clothing company to upgrade its corporate network. Therefore, the clothing company does not have a dedicated server. The school network center will temporarily provide service support for it. The school and the company will establish a VPN channel through the ISP to achieve interoperability between their networks .

1.2 Project topology

Figure 1-1 Project topology

1.3 Project requirements

(1) Equipment naming and topology construction

Modify the names of all devices according to the project topology;
Complete device connections according to the project topology.

(2) VLAN and Trunk configuration

According to the VLAN planning table, divide VLANs reasonably to ensure correct interface allocation;
Properly configure the Trunk according to the project topology, and its encapsulation mode is IEEE 802.lq.

(3) IP address configuration

Complete the configuration of the physical interface or sub-interface IP address according to the address planning table;
Complete the SVI address configuration according to the address planning table;
Check the interface information and ensure that the interface IP address is configured correctly and is in the up state;
Staticly assign an IP address to the server according to the address planning table. The IP address of the gateway used by the internal network is the last available IP address of the corresponding network segment.

(4) DHCP service configuration

Configure the DHCP service on the QD-Router to assign IP addresses to the company's BM1 and BM2 users;
All terminal PCs are required to obtain IP addresses dynamically;
Check whether the PCs in BM1 and BM2 have obtained the IP addresses of the corresponding network segments;
Configure a DHCP relay on the Layer 3 switch DS1 to ensure that VLAN users can dynamically obtain IP addresses from a dedicated DHCP server.

(5) RIP (Routing Information Protocol) configuration

Use RIPv2 between R-Edge and DS1, and turn off the automatic route summary function;
Declare the intranet segment;
Propagate the default route on the router R-Edge.

(6) Static routing configuration

Configure static default routes on the border routers R-Edge and QD·Router;
Configure a static default route on the public network core switch DS2±;
Use static routing between ISP and DS2.

(7) Single-arm routing configuration

Configure single-arm routing on the QD-Router to implement inter-VLAN routing.

(8) NAT configuration

Configure the NAPT function on R-Edge and QD-Router so that the internal network can access the public network;
Configure NAT port mapping on R-Edge so that the external network can access the internal network's WEB server and TFTP server through the exit IP address of the border router, and can access the internal network's border router from the external network through SSH.

(9) GRE Tunnel configuration

Configure Tunnel on router R-Edge and QD-Router;
Tunnels use static routes to access each other.

(10)Server configuration

Configure the WEB server so that internal and external network users can access relevant websites;
Configure a DNS server to provide domain name resolution services for the WEB server;
Configure a DHCP server to assign IP addresses to school intranet user PCs;
Configure the TFTP server and back up the configuration files of all devices to the TFTP server.

(11)Remote access configuration

Configure the enable password to cisco, and each network device supports up to 3 users to log in at the same time using Telnet or SSH;
The login password for Layer 2 switches AS-1 and AS-2 is 17netl;
Layer 2 switch AS2-1 only allows Telnet login. When logging in, you need to provide a user name and password. The user name is smy and the password is 17netl;
Three-layer devices R-Edge, QD-Router. DS2 and ISP only allow SSH login. When logging in, you need to provide a user name and password. The user name is smy and the password is 17netl;
Requires encryption of all clear text passwords.

1.4 Equipment selection

Table 1-1 is the equipment selection table of ZHJQ Company.

Equipment type	Equipment Quantity	Extension modules	Device corresponding name
Cisco 2960 Switch	3 units	—	AS-1、AS-2、AS2-1
Cisco 3650 Switch	2 units	AC-POWER-SUPPLY GLC-LH-SMD	DS1、DS2
Cisco 2901 Router	1 unit	HWIC-1GE-SFP GLC-LH-SMD	R-Edge
Cisco 2911 Router	1 unit	HWIC-1GE-SFP GLC-LH-SMD	ISP
Cisco 1941 Router	1 unit	HWIC-IGE-SFP GLC-LH-SMD	QD-Router

1.5 Technology selection

Table 1-2 is ZHJQ company’s technology selection table

Table 1-2 ZHJQ company technology selection table

involving technology	Specific content
routing technology	Direct routing, static routing, RIPv2 , route redistribution, single-arm routing
switching technology	VLAN 、Trunk 、ALL
Security management technology	enable password, password encryption, Telnet , SSH , TFTP file backup, DHCP
Service configuration technology	WEB、DNS、DHCP、TFTP
WAN technology	NAT 、GREVPN

1.6 Address planning

1.6.1 Switching device address planning table

Table 1-3 is the address planning table for switching equipment of ZHJQ Company

Table 1-3 ZHJQ company switching equipment address planning table

Device name	interface	Address planning	Interface description
DS1	Gigl/0/1	—