Keywords: VRRP; VLAN; DHCP; firewall; OSPF protocol
1.2 Research purpose and significance
Chapter 2 Campus Network Design and Requirements Analysis
2.1 Three-layer networking structure
2.1.1 Introduction to networking structure
2.2 Network services and redundancy design
2.2.1 Three-layer networking structure
2.2.3 Network services and security strategies
2.3 Overview of campus simulation zoning buildings
Chapter 3 Introduction to related technologies and tools
3.2 Eth-trunk link aggregation
3.3 MSTP+VRRP technology application
3.8 Firewall zone division and packet filtering strategy
Chapter 4 ensp simulation experiment
4.2.2 Aggregation layer switch
4.3 Access layer configuration
4.4 Aggregation layer configuration
Chapter 5 Configuration Result Test
5.2 Link aggregation verification
5.8 Intranet access to external network server test
6.1 Summary of research results
6.2 Suggestions and prospects for future research
Chapter One Introduction
1.1 Research background
In the 21st century, information technology has penetrated into every corner of our lives, especially in the field of education. With the popularity of digital teaching and online learning, the importance of campus networks has become increasingly prominent. It not only provides students with convenient learning resources, but also provides an efficient working environment for faculty and staff. However, with the increase in the number of campus network users and the diversification of business needs, how to design and plan a campus network that not only meets current needs but can adapt to future development has become a challenge faced by many researchers and engineers.
Chapter 2 Campus Network Design and Requirements Analysis
2.1 Three-layer networking structure
2.1.1 Introduction to networking structure
The three-layer networking structure is a standard design pattern in modern enterprise and campus networks, consisting of an access layer, aggregation layer and a core layer. The purpose of this structure is to meet the performance, scalability, and high availability requirements in large network environments. In this experiment, Huawei ENSP software was used to simulate the entire campus network. The topology diagram is as follows 2-1:
Chapter 3 Introduction to related technologies and tools
3.1 VLAN planning
VLAN, full name VirtualLocalAreaNetWork, is generally called virtual LAN in Chinese. The function of VLAN is to isolate broadcast domains, which can reduce network overhead, effectively prevent the spread of LAN attacks and configure access control. On traditional networks, if customers want to move the location of network equipment, they need to implement different physical configurations on different LANs, which is inconvenient and has hidden dangers. VLAN is a virtual logical network that can put different physical devices on the same network and achieve Layer 2 isolation by dividing different broadcast domains. This not only facilitates management, but also enables simple and convenient security management. If different If you want to communicate between VLANs, you can also achieve inter-VLAN communication through the three-layer routing function and flexibly build virtual workgroups. Therefore, using VLAN technology can simplify network management and improve network security. Therefore, if a school generally runs a relatively large LAN, the role of VLAN is to isolate conflict domains and broadcast domains to avoid network storms in the school LAN, and using VLAN to divide various areas in the school into VLAN areas will also be beneficial to future areas. Network maintenance: when it is necessary to switch the campus area network, you only need to change the VLAN division of the switch without changing the ports and connections. The campus network is more stable and also greatly reduces the cost of network maintenance.
Chapter 4 ensp simulation experiment
4.1 Address planning table
Table 4.1 Address planning table
vlan |
ip |
gateway |
|
information Center |
vlan10 |
192.168.10.0/24 |
192.168.10.254 |
Administration Building |
Vlan20 |
192.168.20.0/24 |
192.168.20.254 |
Teaching building |
Vlan30 |
192.168.30.0/24 |
192.168.30.254 |
dormitory |
Vlan40 |
192.168.40.0/24 |
192.168.40.254 |
server |
Vlan50 |
192.168.50.0/24 |
192.168.50.254 |
Core switch 1-egress firewall |
Internet address |
172.16.81.2/30 |
172.16.81.1/30 |
Core switch 2-egress firewall |
172.16.91.2/30 |
172.16.91.1/30 |
|
Core Switch 1-DMZ Firewall |
172.16.61.2/30 |
172.16.61.1/30 |
|
Core Switch 2-DMZ Firewall |
172.16.71.2/30 |
172.16.71.1/30 |
Chapter 5 Configuration Result Test
5.1 MSTP authentication
Core switch 1 is the root bridge of spanning tree instance 0, and core switch 2 is the backup root bridge of spanning tree instance 0. Therefore, the ports of the aggregation switch and the backup root bridge switch should be in the blocked state. Verify the port No. 4 of aggregation switch 1. Role, as shown in Figure 5.1:
Figure 5.1 Aggregation switch port 1 role
Verification result: Port 4 of aggregation switch 1 is a blocked interface.
Verify the spanning tree mode of aggregation switch 1, as shown in Figure 5.2:
Figure 5.2 Aggregation switch 1 spanning tree mode
Verification result: The spanning tree mode of aggregation switch 1 is mstp.
Core switch 1 is the root bridge switch. Verify the priority of the root bridge switch and the port role of the root bridge switch, as shown in Figure 5.3
Figure 5.3 Root bridge switch port roles
Verification result: The priority of the root bridge switch is 0, and the port roles of the root bridge switch are all designated interfaces.
Core switch 2 is the backup root bridge switch. Verify the priority of the root bridge switch and the port role of the root bridge switch, as shown in Figure 5.4
Figure 5.4 Backup root bridge switch port role
Verification result: The priority of the backup root bridge switch is 4096, and the port role that receives the root bridge bpdu is the root interface.
Chapter 6 Summary and Outlook
6.1 Summary of research results
After in-depth research and experiments, this article conducts a comprehensive discussion on the design and planning of campus networks. The main results are as follows:
1. Advantages of the three-layer networking structure: Through comparative analysis, the applicability and superiority of the three-layer networking structure in campus networks have been proven, especially in meeting the needs of large-scale users and ensuring network stability.
2. Application of VLAN and VRRP: VLAN was successfully applied for business division and VRRP for gateway redundancy in the simulation environment, which improved the reliability and flexibility of the network.
3. Selection of dynamic routing protocol: After experimental verification, OSPF was determined as the internal routing protocol of the campus network, ensuring the efficient operation of the network.
4. Formulation of firewall strategies: Based on security requirements, a complete set of firewall zone division and packet filtering strategies were developed, which effectively improved the security of the campus network.
5. Application of ENSP simulator: The ENSP simulator was used to successfully simulate the design and planning process of the entire campus network, providing a powerful reference for actual deployment.