I previously made a network transformation project for a company, and now I will make a case. I hope it will help some netizens.
First, we will introduce the basic situation of this enterprise. This is a 300 or 400-person medium-sized company with three office buildings. At the beginning, the company was relatively small and attracted 50 m of Unicom's exclusive bandwidth. Connecting to the switch hub can meet enterprises' network needs. Due to enterprise development and business expansion, the company pulled m of Telecom's exclusive bandwidth for the IDC room, and 50 m of Telecom's exclusive bandwidth for the office area, also did not go through the overall planning. With business development and information security requirements, the current network structure is far from meeting the needs of enterprise information development.
The network topology before the transformation is as follows:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/44/34/wKiom1PfmTbjCa_WAADaIdy96zY969.jpg "Title =" 1.png" alt = "wkiom1pfmtbjca_waadaidy96zy969.jpg"/>
The network has the following problems before the transformation:
1) users in different office areas are not isolated, and the speed limit of the two areas is not achieved;
2) users in different office areas are physically isolated and cannot be connected;
3) There is a single-point single-link hidden danger in the entire network;
4) the networks of the three buildings are scattered, and unified network management and monitoring cannot be implemented;
5) users in the office area need to access the server cluster through the Internet, so that users in the office area need to go through the Unicom network to reach the telecom network. Interconnection seriously affects the access quality;
6) The server cluster is exposed to the Internet and lacks corresponding security measures.
After analyzing the current situation of the enterprise, we re-plan the network of the enterprise. The topology is as follows:
(During the later implementation, we found that the firewall function of the H3C switch was sufficient to meet the requirements, so we removed the firewall)
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/44/34/wKioL1PfmnjDqnPaAAGBbCE19NY001.jpg "Title =" 3.png" alt = "wkiol1pfmnjdqnpaaagbbce19ny001.jpg"/>
For example, a two-line switch is configured. Two core switches, switch1 2 and swit2 2, are mounted under the firewall to implement cold backup. In the event of a device, port, or link failure, the service can be quickly restored to solve the single-point single-link problem;
Switch3, switc4, and switch5 are connected to the core switches switch1 and switch2 respectively. Connect to different office buildings. In addition, you can set different VLANs to ensure that each building can perform access control. And some sensitive information is protected. Employees do not need to access the company's resources through external networks. Improve work efficiency.
This article is from the mr. Wu blog, please be sure to keep this source http://ahanwu.blog.51cto.com/6394099/1535734