Large supermarket LAN planning and design scheme
Contents
Abstract
Keywords
Foreword
Chapter 1 Structure and Function of LAN Technology
1.1 LAN Switch Architecture
1.2 LAN Switch Core Technology < /span> 2.2 Solution description 4.4 Database structure References Conclusion 4.5 Overall Implementation Plan 4.3 System overall planning 4.2 Software support environment and development tools 4.1 Network logical planning Chapter 4 Support Environment Planning 3.6 Selection of routers 3.5 Selection of switches 3.4 Firewall Selection 3.3 Selection of operating system 3.2 Workstation 3.1 Selection of server Chapter 3 Equipment Selection Type 2.5 Function and description 2.4 User network security requirements 2.3 Specific design 2.1 Basic configuration requirements of the LAN
Chapter 2: Planning the LAN using the scale of 50 workstations as an example
Large Supermarket LAN Planning and Design Plan
——Taisian supermarket network planning and design plan With the development of computer technology and networks, the huge economic benefits brought by information technology have caused all walks of life to accelerate their informatization. With the improvement of people's consumption level, various domestic brand supermarkets have emerged, and many large foreign supermarket groups have also entered China. The development trend of supermarkets from small to large is accelerating. In order to adapt to this trend, improve the management capabilities of enterprises, especially improve the operating efficiency and service levels of supermarkets, and provide managers with timely, accurate and scientific basis for decision-making, it is necessary to develop an internal LAN system for large supermarkets. Through the analysis and research of the internal LAN system of large supermarkets, a computer environment centered on LAN is established with customer service as the basic requirement. At the same time, by focusing on supermarket management and assisting with logistics management, Coupled with comprehensive support for independent accounting within the supermarket, a new modern supermarket management model can be established for the supermarket, which can reduce the work intensity of supermarket staff and has high commercial value for the current needs of large supermarkets. Keywords Local area network; computer network; firewall; wireless LAN; integrated wiring Preface Supermarkets as a business format were born in the United States in the 20th century. In 1990, my country's first supermarket, Meijia Supermarket, was born in Humen Town, Dongguan, Guangdong. Subsequently, domestic supermarkets sprung up like mushrooms after a rain. After 1996, a number of world-class large supermarkets (Carrefour, Wal-Mart, etc.) entered China one after another. With the full opening of China’s retail industry on December 11, 2004, the pattern of the domestic retail market will undergo drastic changes, and competition among supermarkets will It will also be more intense. We divide supermarkets into two categories: professional supermarkets and non-professional supermarkets. The so-called professional supermarkets mainly refer to a certain category of goods as the main business varieties and serve specific consumer groups, such as home appliance supermarkets, pharmaceutical supermarkets, furniture supermarkets, mobile phone supermarkets, office supplies supermarkets, meat products supermarkets, etc.; non-professional supermarkets A large-scale supermarket refers to a large-scale supermarket that operates a wide range of goods with a wide range of products and serves a wide range of consumers. It mainly meets the needs of consumers for one-stop shopping, such as Carrefour, Wal-Mart, Lotus, Metro, etc. .
Chapter 1 Structural Function of LAN Technology
1.1 LAN Switch Architecture
From the current status of LAN switch technology development, its architecture There are roughly the following types.
Presidential structure, switches based on bus structure are generally divided into two categories: parallel bus and shared memory bus. The parallel presidential architecture uses a single backplane composed of a medium through which all information flow between modules must travel.
Point-to-point structure, point-to-point structure switches are also called crossbar switches or matrix switches. The scalability of the structure is related to its implementation method, and the capacity is known to be extended to 100G/s. High cost and complexity are the main limiting factors for increasing the capacity of such switches.
1.2 Core technology of LAN switches
In the future development process of LAN switches, the following technologies will be its core.
1. Combination technology of ATM and Ethernet
The combination of ATM and Ethernet technology is necessary. In order to make ATM and traditional Ethernet coexist, ATM The LANE specification provided by the forum better solves this problem. LANE enables ATM to support standard, interoperable network interconnections using any data network protocol. As a mature technology, LANE is located above AAL in the protocol and provides a second-layer LAN protocol bridge. It allows the sky-connected, broadcast Ethernet switching LAN to be transparently simulated on the connection-oriented ATM network, allowing LAN devices to communicate freely or connect to ATM devices across ATM network segments, thus making the LAN high-bandwidth and low-power. The cost characteristics are organically combined with the high reliability of ATM.
2. Virtual LAN (VLAN) technology
VLAN technology defines a logical wide area network. Port-based VLAN is the simplest form of VLAN association. From a network management perspective, VLAN is a group of ports on a LAN switch that can exchange single broadcast and broadcast packets. When a data packet is broadcast from a port belonging to a certain VLAN, the switch receives the data packet and copies it to all ports included in the VLAN. Some LAN switches also allow a VLAN to span ports on multiple switches, although this requires additional protocols for communicating VLAN information between switches. In addition, the switch can also adopt other VLAN association strategies based on internal information of Ethernet packets, such as MAC, network layer information and multicast groups. But in addition to port-based VLAN being implemented in many vendors' products, several other VLAN technologies are still waiting to gain widespread acceptance and standardization. VLAN has many advantages, including the ability to organize users scattered in any location into high-performance workgroups. Users can easily change working locations within the campus, which improves network security. However, if VLAN is not implemented with simple management tools, the price will be increased difficulty and cost of network management. Four main issues must be considered when implementing VLAN. First, how to define VLAN in the network; second, which method is best for exchanging VLAN member information on multiple switches; third, to what extent VLAN configuration should be automated. ; The fourth is how to transmit data between different VLANs. Users need to choose a solution that can cost-effectively obtain the advantages that VLANs can provide.
Chapter 2: Planning the LAN using the scale of 50 workstations as an example
2.1 Basic configuration requirements of the LAN
1. Use static method Complete the configuration
When using the static method to complete the local routing configuration task, you can follow the following steps: Click the "Start"/"Settings"/"Control Panel" command in sequence, and in the pop-up control In the panel window, double-click the "Network and Dial-up Connections" icon to open the network connection list window; right-click the "Local Area Connection" icon and execute the "Properties" command from the pop-up right-click menu to open the network connection property settings. window; click the "General" tab in this window, then select the "Internet Protocol (TCP/IP)" item in the corresponding tab page, and then click the "Properties" button to open the TCP/IP property setting window ;Click the "Advanced" button in this window again, and in the advanced property setting interface that appears, click the "IP Settings" tab; then click the "Default Gateway" setting item on the corresponding tab page "Add" button, and then click the "Add" button to complete the configuration task of the default gateway.
2. Complete the configuration dynamically
If the LAN allocates IP addresses to each workstation through a DHCP server, then any workstation can be connected When the power supply "joins" the LAN, it will automatically send request information for an IP address to the entire LAN. Once the DHCP server in the LAN receives this request, it will automatically assign a temporary IP to the current workstation. address and the corresponding network mask address. At the same time, the default gateway address and hop number will be automatically set for the workstation. Compared with LAN workstations, local routing parameters are preset through the DHCP server, so this configuration method is automatically completed during the dynamic login process. The priority of local routing information configured in a dynamic way is not as high as the priority of local routing information obtained in a static way; that is to say, if there are multiple routing configuration methods in the same LAN, the routing information configured in a static way takes precedence. It will take effect. The local routing information configured dynamically will take effect later.
2.2 Solution Description
1. Network center equipment
The network equipment in the central computer room uses modular three-layer switches, which can be flexibly configured as needed Different expansion modules can be freely selected to realize various configuration combinations. When the network is upgraded in the future, the expansion modules can be used to easily protect the existing network structure and investment. According to the needs of the existing network, the backbone switch is equipped with a routing module with three-layer switching function, five Gigabit optical fiber modules, and a 10/100M adaptive RJ-45 port module. For the convenience of management, it is equipped with 1 management module; the server can choose 3-4 multi-CPU SCSI disk RAID professional servers and dozens of ordinary computer DIY servers to form a server group; the router can choose a modular router as a gateway to the Internet and a dial-in server. Equipped with a workstation for network management and installed with network management software, network configuration and management can be performed.
2. Secondary switching equipment
Use a Gigabit stacking switch group, which consists of a stackable switching master and a stackable switching slave to form a non-blocking star topology stacking structure , can provide hundreds of 10/100M adaptive RJ-45 ports (depending on the specific equipment, high-traffic networks such as Internet cafes require about 100 ports as a virtual subnet to be relatively stable). The stacking method can provide high Gbps backplane bandwidth.
2.3 Specific design
A local area network composed of about 50 computers is a small network. Networks of this size are currently used in schools, training institutions, Internet cafes and some Small and medium-sized enterprises are more common.
1. The choice of network structure adopts the currently popular Fast Ethernet technology and uses a star topology to build a small LAN that can meet the requirements of client/server and peer-to-peer networks.
2. Hardware preparation Networking hardware includes servers, workstations, network cards, hubs, twisted pairs, etc. When selecting, overall analysis and consideration need to be based on different network application requirements.
Server: The key equipment of the network. If permitted, try to configure it as high as possible. It is best to use a dedicated server to avoid using ordinary high-configuration computers as servers. The reason is that dedicated servers are targeted at network applications. Specially designed, network performance is much better than ordinary computers.
Network implementation plan
1. Network topology
uses a star network, that is, each computer is connected through a network hub.
2. Preparation work
Before starting network wiring, you must first draw a construction diagram. Determine how and where each computer is placed, and then mark the location of the nodes on the diagram. Determine the location of the network hub according to the distribution of nodes. It should be noted that the placement of the gateway server (that is, the computer that connects to the Internet) must match the entry direction of the Internet telephone line, because the shorter the telephone line, the better.
3. Start wiring
First, "lay out the cables", determine the distance between the network hub and each computer, intercept the corresponding length of network cables, and then Thread the network cable through the pipe (PVC pipe). You can also run the wires directly along the wall without passing through the pipe. It should be noted that the length of the twisted pair (network cable) must not exceed 100 meters, otherwise a repeater must be installed to amplify the signal.
The next step is to "make a network connector", which is to make an RJ45 twisted pair connector. Before describing how to wire correctly, we must first explain the numbering rules of the 8 twisted pairs. The numbering sequence is defined as follows: put the side of the RJ45 with the clip downwards, and the end of the gold-plated pins of the 8 wires upwards. From the left, they are 12345678. Let’s talk about the so-called “1, 2, 3, 6” connection method. "1, 2, 3, 6" are used for uplink and downlink data transmission. 1, 2 and 3, 6 are each a pair. We only need to use a pair of twisted wires for 1 and 2, and a pair of twisted wires for 3 and 6. That's it. As for the colors, they just need to be the same. If the above connection method is not used, you can also connect the 8 wires individually. The specific method is as follows: Hold the RJ45 crystal head in your left hand and the wires in your right hand. Connect them in the order of brown, brown-white, blue, blue-white, green, green-white, orange, orange-white. Insert it and clamp it with wire clamps. Under normal circumstances, special wire clamping pliers should be used for wiring (some experts can use needle nose pliers instead, but for the majority of novices, RJ45 crystal heads are 2 yuan each, so it is better to use special wire clamping pliers for insurance). After connecting the wires according to the above method, clamp the RJ45 crystal head with wire clamps and press it firmly. It should be noted that the creasing line must be pressed to the bottom, usually two to three times is enough.
Insert the connectors at both ends of the network cable into the network card and network hub respectively. In this way, the wiring work is basically completed.
4. Networking, detection and fault diagnosis
The next work is the specific networking work, including physical connectivity and peer-to-peer interconnection of computer operating systems. It is very simple to judge whether the computer is physically connected: just check whether the indicator light of the network card or the corresponding indicator light on the network hub is normal. Generally, the green light on the network card indicates network connectivity.
Physical network connectivity alone cannot make the entire network work. You must configure the network for each computer. First you need to install the network card. Network cards can be divided into two types according to bus standards: PCI and ISA. Insert the network card into the motherboard and after restarting the computer, you also need to set it up in Windows. In the "Network" option of "Control Panel", select "Add" → "Adapter", then select the manufacturer and network card model. After pressing "OK", the added network card device will be displayed in the network window, and the corresponding network card device will also be installed. Network protocols and network clients. Note that you only need to install the TCP/IP protocol, Microsoft network client, file and printer sharing. Double-click "TCP/IP Protocol" and fill in the local IP address, subnet mask, gateway address and DNS server IP address in the pop-up IP dialog box. For example, the author's settings: the local IP is 192.168.0.1~192.168.0.20; the subnet mask is 255.255.255.0; the gateway address is 192.168.0.1; the DNS server address is 61.128.128.68.
Open the "Identification" tab in the network dialog box. This is where you give the machine a network name and divide it into workgroups. Fill in the network name of the computer in "Computer Name", and others can use this name to access your machine in "Network Neighborhood"; then fill in a workgroup name in "Workgroup", and the name of the workgroup in the same LAN The names must be the same.
Now check whether the network is connected. Double-click "Network Neighborhood" on the Windows desktop. If you see your own and other computer names in the window that opens, it means that the network is connected.
Shared service First ensure that the LAN within the LAN is connected, and then select a computer as the gateway machine. Install the WIN2003 version of the operating system on the gateway machine, and install the Modem or ISDN at the same time to ensure that the dial-up Internet access of the machine is normal. The method to add Internet connection sharing is very simple. Select "Internet Connection Sharing" in the "Internet Tools" option of "Windows Installer" and follow the prompts to install. The IP address is set to 192.168.0.1.
The most important point in the workstation settings is to specify the gateway address as 192.168.0.1, which is the IP address of the gateway machine. In addition, the DNS server IP address can be set to the DNS server provided by the ISP, such as: 61.128.128.68. Use the Ping command on the client computer to check whether the shared connection is connected to the Internet. If the ping succeeds to the specified IP on the Internet, it means that the access has been successful.
2.4 User network security requirements
1. Basic content of firewalls
A firewall is a system or a group of systems that operates on an intranet It implements certain security policies with the Internet. It is actually an isolation technology. An effective firewall should be able to ensure that all information flowing from or to the Internet will pass through the firewall, and all information flowing through the firewall should be inspected. The firewall can define a key point to prevent external intrusion; monitor the security of the network and give alarm prompts in abnormal situations, especially when a significant amount of information passes through, in addition to checking, log registration should also be done; provide network address translation function , helps to alleviate the problem of tight IP address resources, and at the same time, it can avoid the trouble of renumbering when an intranet changes ISP; the firewall is an ideal location to provide services to customers, that is, the corresponding WWW and FTP can be configured on it Services etc.
2. The function of the firewall:
Control the information packets entering and leaving the network, and serve as a central "control point" to centrally manage network security;
Support network usage and traffic logs and auditing, manage and monitor network access;
Implement NAT to alleviate the problem of address space shortage while hiding the details of the internal network structure; < a i=21> Deploy WWW and FTP servers, and publish information to internal and external network customers at the same time; 2.5 Function and description After installing the firewall and bastion host, Increase the level of network security. Firewalls copy and pass data through gateways, placing direct connections between trusted servers and clients and untrusted hosts. The bastion host is installed on the internal network, making the bastion host the only host directly reachable from the external network. This ensures that the internal network is not attacked by unauthorized external users.
Chapter 3 Equipment Selection
3.1 Server Selection
Manufacturer: HP
Model: HP ProLiant ML370 G5
Features:
Specifically designed to optimize system performance and maintainability. Seamlessly manage anywhere, anytime with Integrated Lights Out and HP Systems Insight Manager. Enterprise-class redundancy features provide excellent availability and uptime for critical applications. Excellent flexibility and broad development space
Technical indicators:
Using Intel Xeon 5130 dual-core processor, processor speed is 2GHz, with 4MB (1 x 4MB) L2 cache, and can be upgraded to dual processors. Using Intel 5000P chipset, standard 1GB (2 x 512MB) memory, with a maximum optional memory of 64GB. Embedded dual NC373i multifunction Gigabit network adapters with TCP/IP offload engines support accelerated iSCSI through an optional ProLiant Essentials licensing kit. 9 fully expansion slots; 8 available slots: 6 PCI-Express x4 and 2 PCI-X 64-bit/133MHz. 48x speed CD-ROM drive. 1 serial port (second serial and parallel port available through optional kit); 1 pointing device (mouse) connector; 1 VGA port (1 additional VGA port available on front of rack-mount models) ; 1 keyboard interface; 2 RJ-45 interfaces; 1 iLO2 remote management port; 5 USB 2.0 ports (2 on the back, 2 on the front, and 1 built-in); 1 USB 2.0 dedicated port (for DAT USB tape connection). ACPI 1.0b compliant; PCI 2.2 compliant; WOL supported; Microsoft logo certified; PXE support. 800 watt CE Mark compliant hot-swappable power supply (1000 watt high voltage line), optional second power supply for redundancy.
3.2 workstation
Using HP Pro 2000MT (LE164PA)
CPU model: Intel Pentium dual-core E5800
CPU frequency: 3200MHz
Memory capacity: 2GB DDR3 1333MHz
Hard drive capacity: 500GB SATA
Graphics chip: Intel GMA X4500 HD
Optical drive type: DVD-ROM
Product type: Home computer
Graphics card type: Integrated graphics card
Sound card description: Integrated
Number of cores: Dual core
Network card: Choose 10M/100M adaptive PCI bus network card for workstation computers. Dedicated servers generally come with it. A 10M/100M adaptive network card.
Twisted pair: Using Category 5e twisted pair, each UTP requires two RJ-45 connectors (commonly known as crystal heads). After all the hardware is ready, use twisted pairs to connect the network cards in each workstation and server to the hub. The hardware part of the LAN is complete. Next comes the installation of the software part.
3.3 Selection of operating system
The server uses Windows 2003 Server network operating system, and the workstation can use Windows xp. After configuring the server’s service settings and network configuration, After installing the operating system and network-related settings of the workstation, the overall debugging of the LAN can be carried out. If the debugging is passed, the establishment of the LAN is completed.
3.4 Firewall Selection
Manufacturer: Juniper Net Screen
Model: Juniper NetScreen-204A
Features:
NetScreen-204A is the most comprehensive security device product on the market. It can easily integrate and protect network security in a variety of different network environments, including medium and large enterprise offices, e-commerce sites, data centers and carrier infrastructure. NetScreen-204A has 8 10/100 Base-T Ethernet interfaces with automatic rate detection and bipolar automatic adjustment functions, which can provide firewall functions close to wire speed. Even strict applications such as 3DES and AES encryption can provide rate performance above 200 Mbps.
Technical indicators:
Equipment type: Large and medium-sized enterprise-level firewall
Hardware parameters: 4 10/100M Ethernet interfaces< /span> Support automatic port flipping/built-in DHCP server, and can also perform static address allocation/support static routing/support virtual servers, DMZ hosts /Provide DoS attack prevention, with automatic virus isolation function /Support universal plug and play, data that meets UPnP standards can pass smoothly /Support dynamic DNS function /Can specifically open the Internet access rights of designated computers /Has on-demand connection, automatic Disconnection function/Supports MAC address modification and cloning/Provides system security log and traffic statistics functions/Provides manual reset button/Supports TFTP online software upgrade/External power adapter. 4 LAN interfaces WAN interface 1 Port structure Non-modular Transmission rate 10/100Mbps Product model TL-R410+ 3.6 Router Selection 8000 MAC addresses 16MB DRAM and 8MB flash memory Shared by all ports 8MB packet cache memory structure Maximum transmission bandwidth 4.4Gbps Catalyst 2950T-24: 6.6Mpps line speed transmission rate Based on 64-byte data Packet transmission rate 8.8Gbps switching fabric Performance: Technical indicators: Features: Excellent performance, QoS, easy to use and easy to install, integrated Cisco IOS switching solution, super management capabilities, security and redundancy. Model : Catalyst 2950T-24 Manufacturer: Cisco Corporation 3.5 Switch Selection Management: SNMP Control port: RS -232 Security standards: CE, FCC Intrusion detection: DoS User limit: No user limit Security filtering bandwidth (Mbps): 200 VPN: Supported
Number of concurrent connections: 128000
