In view of the characteristics of large and medium-sized Internet cafes in technical specifications, in the "Green Network Home" direct shop local area network, we adopted the switch with a tree (star type of a special structure) set of the topology, the advantages of this topology is:
1, conflict domain small: that is, each switch split open a conflict domain, hundreds of points of Internet cafes divided into a number of small conflict domain, CSMA/CD mechanism can work smoothly.
2, strong security: As long as the core layer of the switch to ensure the normal operation of the entire network to operate normally, if the access layer switch problems, will only affect the corresponding area of information points, and not to the entire network paralysis. Some areas of the fault will not affect the operation of the entire Internet bar, the greatest extent to reduce the loss caused by the failure.
3, easy to maintain: the use of tree structure, network failure will be based on the level of the unit is positioned at different levels of exchange, and then at the level of positioning will soon be able to identify the failure of the switch or node, this method to simplify the complex maintenance problems.
4, Scalability good: In the expansion of the network scale, only need to have the expansion of the corresponding layer to install a new switch can, without changing the entire network topology, the real realization of the "side of business, edge expansion." (Computer science)
The topological structure of the switch tree (a special structure of star type) and the description of each constituent element:
1, Border routers: host the entire intranet and extranet connection, with a number of high bandwidth ports, support ISDN remote access function, so that administrators can carry out off-site control. Support for optical access.
2, the core layer of exchange equipment: Because of the core layer of the work characteristics: by the board bandwidth requirements, packet transfer large, carrying multiple areas between the exchange, connect a variety of servers. So this layer of equipment selection, high bandwidth, high forwarding rate, the third generation above the high-end switching equipment.
3, Access Layer switch: The access layer switch is the direct connection user machine's Exchange equipment, is connects the core layer and the information point between the bridge, therefore this layer exchange equipment in the choice request uses the stability good, the technical risk low molding equipment, and achieves 100[please use the civilized term "the port to the desktop principle."
4, Firewall: In the network environment increasingly complex today, the installation of a reliable, stable firewall is a network environment is necessary. The firewall will shield the external illegal intrusion, monitor various sessions, and create a relatively secure network environment.
5, File server: In this server with serv-u, peanut shells and other software to establish Internet cafes inside the FTP server, convenient for users to upload, download files, but also in the daily management of Internet cafes and system updates played a certain role in helping.
6, terminal node: that is, the individual PC in the Internet bar. Based on customer demand, we set aside the location of the notebook interface.
7, IP Phone: The use of public networks for telephone communication, saving the operating costs.
Technical essentials in operation and maintenance:
If you want to make a network of efficient, stable and safe work, management is an indispensable part of the development of a standardized, rigorous management system, we also give the corresponding technical solutions.
1, VLAN Division
VLAN is a virtual network, using VLAN technology, can be different physical location but the same work of some departments of the terminal or server into a VLAN group, so that both easy to manage and increase network security. For example, you can divide the headquarters and two-level units in different places into the same VLAN group. There can be one or more VLANs in each subnet, and no more molecular networks in the VLAN.
VLAN is divided into three ways: according to the switch port division, according to the Use of Network Protocol division, according to the MAC address division.
According to the MAC address Division, the main applications are in the Mobile Office field, and the network protocol partitioning is mainly applied to the coexistence of multiple network protocols. According to the technical characteristics of Internet cafes: the machine location and interface is relatively fixed, the network is based on TCP/IP protocol, we choose the machine according to different uses, the region for the interface VLAN division.
2, the ACL settings
ACL is the access control list, in which you can set the IP address, protocol type, port number, etc. that need to be blocked, this is a kind of network security management tool implemented on the router. According to state regulations, in the ACL shielding the corresponding site's IP address, such as yellow, reactionary site.
3, the use of port mirroring technology:
Port mirroring technology is the technique of monitoring a specified port at any time with a partitioned port.
The port mirroring technology is adopted in the switch port, which realizes the monitoring function of connecting the external network port, and monitors and restricts the browsing of illegal websites to the greatest extent.
4, LAN internal monitoring:
In the LAN internal installation of professional-level monitoring software, such as: Works2000,sniffer, to achieve real-time monitoring of the internal LAN, the rapid detection of Trojans, worms and illegal preemption bandwidth and so on.
5, Firewall
In the Internet Café VOD server, charge server installation firewall, so that it is protected from illegal attacks, to ensure its normal work.
6, anti-virus software
Install real-time monitoring anti-virus software on each machine and update the virus library on time.
