Construction solution for local data centers with 150 nodes
I. Local Data Center
When I came into the company last year, there were only 20 people, and now it has grown to 100. At that time, the office was quite small and could accommodate up to 40 employees. By March, the company plans to move its office. In view of the office environment at that time, in fact, the dummies switch and routing, coupled with the network cable and telephone lines are intertwined, like a spider network, dropped lines are also common. When there were more than 40 people, they went to view the route and checked the negative cut, 100%, and were able to connect to the Internet, but the packet loss was extremely serious. In view of this situation, it is necessary to build a stable local office data center environment.
Ii. Machine Selection
| Serial number | Product Model | Description | Quantity |
| Vro | |||
| 1 | MSR2600-10-WiNet | H3C MSR 2600-10-WiNet router host | 1 |
| Online behavior management | |||
| 1 | NS-ACG1010 + LIS-1 | H3C SecPath ACG1010 application control gateway host (12GE electrical port), including one-year feature library upgrade | 1 |
| Core Switch | |||
| 1 | LS-5500-24P-WiNet | H3C S5500-24P-WiNet Ethernet switch host (24GE + 4SFP Combo) | 1 |
| Access POE Switch | |||
| 1 | LS-5120-28P-POE-WiNet | H3C S5120-28P-POE-WiNet L2 Ethernet switch host, 24 10/100/1000BASE-T, 4 SFP, AC110/220 V, POE | 1 |
| Wireless AC Controller |
| 1 | EWP-WAC360 | 16 APs are managed by default, and cannot be resized. the maximum number of management users is 512. 1 xWAN + 4 xLAN + 2 xUSB | 1 |
| Wireless AP | |||
| 1 | EWP-WAP722-FIT | Built-in antenna, non-External antenna, 2.4/5 GHz dual-band 866 M, built-in power supply, fat and thin integrated, ceiling Plate | 9 |
| Network Cabinet | |||
| 1 | WD8632-A | Width, depth, height, 800*600*1600, standard fan, 4, laminate, 2, 1 Power Supply plug, black | 1 |
| Forty-eight 10-Gigabit Access Switch | |||
| 1 | LS-S3110-52TP-SI | H3C S3110-52TP-SI Ethernet switch host (48FE + 2GE + 2SFP, AC power supply) | 4 |
| Unshielded 48-port Distribution Frame | |||
| 1 | 935548 | Sol cat5e unshielded 48-port distribution frame (full configuration) | 8 |
| Telephone Programmable switch |
| 1 | WS824-9H | 8 extension lines 64 cannot be expanded | 1 |
| IDC wiring implementation | |||
| 1 | IDC Wiring | Data center cabling, repair and other work, 150 information points |
Iii. Topology
Iv. configuration steps
Router S2600-10
1.1 configure Telnet User Logon using AAA Authentication
system-view
Enable the Telnet server function of the Router.
telnetserverenable
Configure Telnet user logon to use AAA authentication.
user-interfacevty04authentication-modescheme
Set the Telnet user and password
Local-useradminpasswordcipher enter password authorization-attributelevel3service-typetelnetterminalservice-typeweb
1.2 dialing 1 settings
InterfaceDialer1natoutbound3001link-protocolppppppchapuser dial-up account pppchappasswordcipher password ppppaplocal-user dial-up account passwordcipher password ipaddressppp-negotiatetcpmss1024dialeruser account dialer-group1dialerbundle1
1.3 dial 2 Settings
InterfaceDialer2natoutbound3002link-protocolppppppchapuser account pppchappasswordcipher password ppppaplocal-user Account passwordcipher password ipaddressppp-negotiatetcpmss1024dialeruser account dialer-group2dialerbundle2
1.4 configure ACL
aclnumber3001rule0permitipaclnumber3002rule0permitipsource10.1.9.00.0.0.255
1.5 create rule node 5 and apply it to G0/2
policy-based-routeserverpermitnode5if-matchacl3002applyoutput-interfaceGigabitEthernet0/2policy-based-routeserverpermitnode10
1.6 When the working mode is set to Rout, it is used as a layer-3 Ethernet interface.
G0/0 interface
interfaceGigabitEthernet0/0portlink-moderoutepppoe-clientdial-bundle-number1
G0/2 Interface
interfaceGigabitEthernet0/2portlink-moderoutepppoe-clientdial-bundle-number2
1.7 configure the management IP Address
interfaceGigabitEthernet0/1portlink-moderouteipaddress10.1.7.1255.255.255.0tcpmss1024ippolicy-based-routeserver
1.8 set static routes
iproute-static0.0.0.00.0.0.0Dialer1iproute-static10.1.0.0255.255.0.010.1.7.3
1.9 enable DHCP
dhcpenable
1.10 set trigger dialing Conditions
dialer-rule1ippermitdialer-rule2ippermit
This command is used to set the conditions for triggering dial-up. This command indicates that the IP package can
Trigger dialing. The dialer-group command in the following interface configuration mode corresponds to this command, used to specify the dialing Interface
The trigger dialing condition used.
1.11 View Interface Details
2. internet behavior management NS-ACG1010
There are no too many restrictions. It is only used to view the current network bandwidth. The configuration file is shown here for reference.
!configauthorized-tableadminauthorizedreadallauthorizedwriteall!useradministratoradminlocalsecretHg6MAD7MGTUEcoT9gHG+LhDc6E07QwG71SmiEodL/fQT/YirzsAURqDjk69469yauthorized-tableadminuseradministratoradminauthorized-addressfirst0.0.0.0/0!!timezone57!pkicacrlupdate-period30!!interfacebvi2ipaddress10.1.7.2/24allowaccesshttpsallowaccesshttpallowaccesspingallowaccesstelnet!interfacege0ipaddress192.168.1.1/24allowaccesshttpsallowaccesshttpallowaccessping!interfacege1!interfacege2bridge-group2!interfacege3bridge-group2!interfacege4!interfacege5!interfacege6!interfacege7!interfacege8!interfacege9!interfacege10!interfacege11!!address!!address6!!address-group!!service!!service-group!!schedule-day!!schedule-week!!schedule-month!!schedule-once!!user!!user-group!!!user-policy!!!!!!!policydefault-actionpermitpolicywhite-listenable!snmpcommunitysecret6NSjZ2FJfHqUtCqRXdechDETsW7nP4FFcq1ujxx1HotuCZoZGsn14R7gwFVplw1write-communitysecretQuVJ8MPv5S7noa5Lp+C7xY4UnIZD5gm5LCCvi9RLtC2fYqVZdaKQ0rdwLAIf36P!dhcp!!!iproute0.0.0.0/010.1.7.1!!user-param!user-paramrecognitionthreshold60000!user-webauth!!ipsessionlimit!!!!!!qos-profileline01limitingressmaxbandwidthingress1000matchinterfacege0!qos-profilechanneldef_01parent01!policy6default-actionpermit!ha-config!end
3. Core switch LS-5500-24.
3.1 configure vlan1, vlan2, vlan5, vlan6, vlan7, vlan9, and vlan100 on the web page.
3.2 configure routes and enable DHCP
3.3 set the interface to Trunk Mode
Vc0FBUmdicV9oUjZnNzUxLmpwZw = "src =" http://www.bkjia.com/uploads/allimg/160414/0409103D5-11.jpg "title =" 9.jpg"/>
3.4 interface 20 settings
Definition
1. The Trunk port and the Trunk port can transmit packets of multiple VLANs at the same time, which is generally used for links between switches.
2. Hybrid port. The Hybrid port can transmit packets of multiple VLANs at the same time. It is generally used for links between switches or between switches on servers.
3. The Access port can only belong to one VLAN and is generally used to connect to the computer port.
4. Tag and Untag: the vlan id, which indicates the vlan where the data packet belongs. The untag indicates that the data packet does not belong to any vlan and does not contain vlan tags.
5. pvid, that is, the port vlan id, which is a non-tagged port vlan id. When a non-tagged packet enters the switch, the switch checks the vlan settings and determines whether to forward the packets. When an IP packet enters the switch port, if it does not contain a tag header and pvid is configured on the port, the packet will be tagged accordingly! If the incoming IP packet already has a tag header (vlan data), the switch generally does not add a tag header, even if the pvid is configured on the port, when the unlabeled packet enters the switch.
4. access layer switch
4.1S3110-01
4.1.2 Initial Configuration
SysnameH3C-S3110-01 # domaindefaultenablesystem # ipv6 # telnetserverenable # password-recoveryenable # domainsystemaccess-transport-cutdisableself-service-urldisable # user-groupsystemgroup-attributeallow-guest # local-guest password authorization-attributelevel3service-typetelnetterminalservice-typeweb # user-interfaceaux0user-interfacevty04authentication-modeschemeuser-interfacevty515
4.1.3 create a vlan
vlan1#vlan2#vlan5to7#vlan100#
4.1.4 configuration management address
interfaceVlan-interface1ipaddress10.1.1.4255.255.255.0
4.1.5 Add the current Access port to the specified VLAN2
interfaceEthernet1/0/1portaccessvlan2#interfaceEthernet1/0/2portaccessvlan2#interfaceEthernet1/0/3portaccessvlan2#interfaceEthernet1/0/4portaccessvlan2#interfaceEthernet1/0/5portaccessvlan2#interfaceEthernet1/0/6portaccessvlan2#interfaceEthernet1/0/7portaccessvlan2#interfaceEthernet1/0/8portaccessvlan2#interfaceEthernet1/0/9portaccessvlan2#interfaceEthernet1/0/10portaccessvlan2#interfaceEthernet1/0/11portaccessvlan2#interfaceEthernet1/0/12portaccessvlan2#interfaceEthernet1/0/13portaccessvlan2#interfaceEthernet1/0/14portaccessvlan2#interfaceEthernet1/0/15portaccessvlan2#interfaceEthernet1/0/16portaccessvlan2#interfaceEthernet1/0/17portaccessvlan2#interfaceEthernet1/0/18portaccessvlan2#interfaceEthernet1/0/19portaccessvlan2#interfaceEthernet1/0/20portaccessvlan2#interfaceEthernet1/0/21portaccessvlan2#interfaceEthernet1/0/22portaccessvlan2#interfaceEthernet1/0/23portaccessvlan2#interfaceEthernet1/0/24portaccessvlan2#interfaceEthernet1/0/25portaccessvlan2#interfaceEthernet1/0/26portaccessvlan2#interfaceEthernet1/0/27portaccessvlan2#interfaceEthernet1/0/28portaccessvlan2#interfaceEthernet1/0/29portaccessvlan2#interfaceEthernet1/0/30portaccessvlan2#interfaceEthernet1/0/31portaccessvlan2#interfaceEthernet1/0/32portaccessvlan2#interfaceEthernet1/0/33portaccessvlan2#interfaceEthernet1/0/34portaccessvlan2#interfaceEthernet1/0/35portaccessvlan2#interfaceEthernet1/0/36portaccessvlan2#interfaceEthernet1/0/37portaccessvlan2#interfaceEthernet1/0/38portaccessvlan2#interfaceEthernet1/0/39portaccessvlan2#interfaceEthernet1/0/40portaccessvlan2#interfaceEthernet1/0/41portaccessvlan2#interfaceEthernet1/0/42portaccessvlan2#interfaceEthernet1/0/43portaccessvlan2#interfaceEthernet1/0/44portaccessvlan2#interfaceEthernet1/0/45portaccessvlan2#interfaceEthernet1/0/46portaccessvlan2#interfaceEthernet1/0/47portaccessvlan2#interfaceEthernet1/0/48portaccessvlan2
4.1.6 each vswitch has four cascade ports, and each port is configured in trunk mode with 52 interfaces.
interfaceGigabitEthernet1/0/52portlink-typetrunkporttrunkpermitvlanall
4.1.7 configure static routes
iproute-static0.0.0.00.0.0.010.1.1.1
4.2 Similarly, the other three switches are also the same configuration, but in the S3110-04 configuration more than vlan9
#interfaceEthernet1/0/6portaccessvlan9#interfaceEthernet1/0/8portaccessvlan9#interfaceEthernet1/0/10portaccessvlan9#interfaceEthernet1/0/12portaccessvlan9#interfaceEthernet1/0/14portaccessvlan9#interfaceEthernet1/0/16portaccessvlan9#interfaceEthernet1/0/18portaccessvlan9#interfaceEthernet1/0/20portaccessvlan9#interfaceEthernet1/0/22portaccessvlan9#interfaceEthernet1/0/24portaccessvlan9#interfaceEthernet1/0/26portaccessvlan9#interfaceEthernet1/0/28portaccessvlan9#interfaceEthernet1/0/30portaccessvlan9#interfaceEthernet1/0/32portaccessvlan9
5. Access POE switch LS-5120
5.1 G1/0/24 configure the trunk mode, the IP address of virtual sub-interface 1, and route table settings
5.2 POE settings
6. Wireless controller EWP-WAC360
6.1 create a vlan
#vlan2#vlan4to7#vlan100#
6.2 set the logon user and password
Local-useradminpasswordcipher password authorization-attributelevel3service-typetelnetterminalservice-typeweb
6.3 RF rate setting
wlanrrmdot11amandatory-rate61224dot11asupported-rate918364854dot11bmandatory-rate12dot11bsupported-rate5.511dot11gmandatory-rate125.511dot11gsupported-rate69121824364854
6.4 wireless access service,
6.4.1 one company, the other is customer access
wlanservice-template2cryptossidCompanybindWLAN-ESS2cipher-suiteccmpsecurity-iersnservice-templateenable
6.4.2 another is customer access
#wlanservice-template3cryptossidCompanyVistorbindWLAN-ESS3cipher-suiteccmpsecurity-iersnservice-templateenable
6.5 Interface Management
6.5.1 configure its management IP Address
interfaceVlan-interface100ipaddress10.1.100.254255.255.255.0
6.5.1 switch the G1/0/1 interface to the L2 mode as a L2 Ethernet port.
interfaceGigabitEthernet1/0/1portlink-modebridgeportlink-typetrunkporttrunkpermitvlanall
6.6 create a pre-shared key
6.6.1 and allow customers to access vlan6
interfaceWLAN-ESS2portaccessvlan6port-securityport-modepskport-securitytx-key-type11keyport-securitypreshared-keypass-phrasecipher
6.6.2 and allow customers to access vlan5
interfaceWLAN-ESS3portaccessvlan5port-securityport-modepskport-securitytx-key-type11keyport-securitypreshared-keypass-phrasecipher
6.7 AP settings, serial number used
6.7.1 create an AP name
wlanap-groupdefault_groupapap1apap2apap3apap4apap5apap6apap7apap8apap9dot11aservice-template1dot11bgservice-template1dot11aradioenabledot11bgradioenable
6.7.1 add an AP
6.7.1.1
wlanapap2modelWAP722id2serial-id219801A0Q19154G00032radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.2
wlanapap3modelWAP722id3serial-id219801A0Q19154G00025radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.3
wlanapap4modelWAP722id4serial-id219801A0Q19154G00052radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.4
wlanapap5modelWAP722id5serial-id219801A0Q19154G00338radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.5
wlanapap6modelWAP722id6serial-id219801A0Q19154G00110radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.6
wlanapap7modelWAP722id7serial-id219801A0Q19154G00195radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.7
wlanapap8modelWAP722id8serial-id219801A0Q19154G00080radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.7.1.8
wlanapap9modelWAP722id9serial-id219801A0Q19154G00038radio1service-template2service-template3radioenableradio2service-template2service-template3radioenable
6.8 configure Static Routing
iproute-static0.0.0.00.0.0.010.1.100.253
6.9 Enable telnet
user-interfacecon0user-interfacevty04authentication-modeschemeuserprivilegelevel3
V,
The cabinets are small to buy, and the channels are full. There are also several local servers, and there is no extra space, so I bought a tower. This IDC construction did not take the scalability into account! Learn the lesson and prepare for the next improvement of the IDC!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
