An enterprise builds an internal LAN and connects to the Internet. Based on the size and purpose of the enterprise, it selects different network devices for this purpose. For small enterprises, it is quite simple to implement this network function. A small access-type router and a switch can satisfy their needs. Therefore, the focus of this article is on the network construction of large and medium-sized enterprises. Some suggestions are given from the design of the entire network structure to the implementation of additional functions and specific device selection, hope to help readers.
This network topology is suitable for medium and large enterprises with a total number of nodes ranging from. The objective is to establish a stable, secure, and efficient network system with Mbit/s to the desktop within the enterprise, including its branches in various regions; To use network resources to implement the enterprise's internal IP phone number; the master server not only provides data and storage services for the entire company, but also provides external publishing services. Because the situations of different enterprises are different, this topology only provides a more common and practical method. Different enterprises can choose their own scenarios, add or remove certain devices to maximize the benefits and usage.
Below, I will describe the detailed configuration of this network topology.
First of all, I would like to explain the network cable selection of the entire network: Single-Mode Optical Fiber devices are used to support routers and switches and between switches) to reduce network bottlenecks. The desktop network cable uses good quality non-shielded cat-5e.
The second is device selection:
Internet access device: this is not necessary for some enterprises. If an enterprise wants to share and exchange data in a LAN, the device can be omitted. However, Internet access does not only mean that enterprises can access the Internet, especially for enterprises with branches in different regions, connect to the Internet to implement a virtual lan vpn between the wide area network provided by the ISP and the branches. The VPN technology refers to the tunnel technology and encryption, identity authentication, and other methods, the technology of building a private network on the public network. Data is transmitted through a secure "encrypted Pipeline" in the public network ). This not only ensures data security, but also ensures the timeliness of data exchange between different regions and accelerates the operational efficiency of enterprises.
Here, I recommend Cisco 3600 series routers. These series routers not only allow enterprises to access the Internet, but also implement VPN through the append network module. After the network module is added, the Cisco 3620 and 3640 routers can provide hardware-based encryption services with Mbps 3DES performance. After Cisco append a dedicated module to 3660, it can provide hardware-based encryption services with 40 Mbps 3DES performance. Three models of the same series can be selected based on the size of the encrypted data volume that the enterprise needs to transmit.
The primary switch used by an enterprise depends on its stability and compatibility. A stable switch will bring smooth services to the enterprise's network; good compatibility provides convenient conditions for network expansion and can protect the value of buyers.
CISCO 4500 series switches are recommended in this location. The CISCO 4500 series switches provide excellent compatibility and provide non-blocking layer-2 switches, in this way, both old network devices and new network devices of the enterprise are compatible with each other without packet loss. In addition, the switch of this series also has a highly available integrated voice, video, and data network, in this way, it will be very convenient for enterprises to deploy their internal IP phone systems and video conferences.
Speaking of this, we can't help but mention VoIPVoice-Over-Internet Protocol in the Structure Diagram for Internet-based voice transmission. The system consists of two parts: Voice Gateway and network guard. We recommend that you use the products of a vendor for this system, in this way, servers with network guard software can provide better number distribution, resolution, and other services for the Voice Gateway in the background. I was looking for some specific products here, however, some products of major manufacturers cannot find relevant information. Many enterprises in China are doing this product, but they cannot be recommended because they have not been used ). With the addition of VoIP, you can easily achieve zero cost for the enterprise's internal telephone system, even in remote branches. In addition, you can add components to derive telephone, video conferencing, and other functions to enrich the enterprise's network functions.
For cost and stability considerations, I used a combination of the Huawei "Quidway AR 28-10" series router and the "Quidway 2026C SI" stackable Ethernet switch in series. "Quidway 2026C-SI" is a layer 2 switch. Based on the data link layer, it supports bandwidth percentage-based broadcast storm suppression on all its ports based on MAC address addressing, this improves the utilization of the network and the stability of the entire subnet to a certain extent. The S2026C-SI also provides a fiber-optic expansion capability that allows a switch to connect over a fiber-optic network so that a fiber connection can be used between the router and the vswitch in series, accelerating the transmission speed between the vswitch and the vro, reduces network bottlenecks. The "Quidway 2026C SI" series can Stack Ethernet switches with 24 ports and up to 16 ports. According to ipv4 rules, the maximum node capacity in each network segment is 256, however, it is recommended that each subnet segment should have no more than 230 nodes during use. Therefore, 10 switches can be stacked in each subnet to meet the requirements.
You can add one or more wireless aps to any location in the LAN for wireless network expansion. However, you should pay attention to IP Address Allocation in the subnet to avoid insufficient IP addresses in a subnet. We recommend that you use 3com's "Quidway WA1208" high-power AP. It supports IEEE802.11b and IEEE802.11b + protocols and can transmit at 1 Mbps/2 Mbps/5.5 Mbps/11 Mbps and 22 Mbps. In the office environment, the maximum valid distance is 35-meters. It is recommended that no more than 30 persons be supported for each AP. In terms of security, the MAC address of "Quidway WA1208" is forcibly locked to prevent unauthorized computer access to the network. In addition, its maximum encryption technology is 256bit, ensure data security even if wireless data is intercepted.
Finally, let's talk about the enterprise's master server, which should be selected according to the enterprise's requirements. The foreign IBM, HP, and domestic Lenovo are all very good choices. When selecting a server, you must never think that the more comprehensive the functions and the higher the price, the better. The most important thing is to select a configuration that meets your application requirements.