Use layer-3 switches to divide multiple subnets

I. Question proposal:

With the increasing number of computers in the school, more than 254 hosts are deployed on the network, and the IP address of a Class c Network (192.168.1.0) is insufficient. Although the lease period of IP addresses can be shortened, however, frequent IP Address requests may cause Network Information congestion, and too many computers in the same network segment may cause a broadcast storm. The center switch of our school network adopts the layer-3 Switch Alcatel Omnistack-5024, so we decided to use the layer-3 switch function to achieve multi-subnet division.

II. Implementation principle:

If the campus network is large, for example, if there are more than 254 servers:

One option is to use a Class B network address, and then the IP addresses of each building use a small area. The other option is to use multiple Class C network segments; for the first option, you can save a vro, or you can save a lot of money by saying that a vswitch at the core location does not have to be a layer-3 vswitch, however, the larger the network segment, the larger the broadcast storm may occur. All Hosts send a series of broadcast frames to the network, occupying a large amount of network resources.

For the second option, multiple Class C networks are used, and each CIDR Block uses a class c cidr block address. Then, the switch at the core is matched with the switch with the layer-3 switching function. The layer-3 Switch isolates the broadcast storm, so that the broadcast information of each network segment can be broadcast only within the scope of this segment, thus reducing the network bandwidth occupied by the broadcast frame.

Traditional switching is performed at the data link layer in the standard OSI network model, while the layer-3 switching technology implements high-speed data packet forwarding at the layer-3 of the network model. Simply put, layer-3 exchange technology is layer-2 exchange technology + layer-3 forwarding technology. The emergence of layer-3 switching technology solves the problem that after the LAN segment is divided, the subnet must rely on routers for management, and solves the network bottleneck caused by the low speed and complexity of traditional routers. Of course, the layer-3 exchange technology is not a simple superposition of network switches and routers, but an organic combination of the two to form an integrated and complete solution.

The Ethernet layer-3 switching device has many switching ports. Logically, it can be seen as a layer-2 switching device with a layer-3 forwarding function, at the same time, it uses high-speed interconnection with the Third-layer data forwarding module. During data communication, if the online site belongs to the same subnet, the second-layer forwarding mode is adopted; otherwise, the third-layer forwarding mode is used. P #

Assume that two sites using IP addresses communicate with each other through the layer-3 switch and the Ethernet segments on both sides. When the sending site starts sending, the IP address of the destination site is known, but the MAC address of the destination IP address is unknown. At this time, it must be determined through ARP (Address Resolution Protocol, the sending site compares its IP address with the IP address of the destination site. The subnet mask is used to determine whether the destination site and the destination site belong to the same subnet. If a packet belongs to the same subnet, the sender sends the packet carrying the MAC address of the destination station to the layer-3 Switch. Then, the sender can use the core of the layer-2 switch to find the MAC destination station and forward the packet. If the two sites are not on the same subnet, the sending site will forward the data packets through a "Default Gateway" (which can be viewed as a router, the IP address of the Gateway has been set in the system software. This IP address actually points to the layer-3 switching block in the switch.

Iii. Specific implementation:

Network Structure:

The console interface on the switch is connected to the serial port of the PC through the RS-232 cable, and the simulation program of the terminal is configured. The communication parameters of the serial port are as follows:

Baud Rate: 9600bps

Parity bit: None

Data bit: 8 bits

Stop bit: 1 bit

Stream Control: None

Enter the default administrator username and password. for secure and convenient management, modify the administrator password of the vswitch, change the default IP address of the vswitch to 192.168.1.1, and the network address of the original Campus Network (192.168.1.0) consistent, (the switch configuration can also be configured through Telnet on the TCP/IP network), then we can see that all the ports of the switch belong to the same network segment, considering the usage of students, teachers, living areas, and office buildings, three CIDR blocks must be created. The default IP addresses are 192.168.2.1, 192.168.3.1, and 192.168.4.1. Add ports s4/1-8 to the CIDR Block 192.168.2.0, add ports 5/1-4 to the CIDR Block 192.168.3.0 and ports 5/5-8 to the CIDR Block 192.168.4.0. The remaining port s3/1-8 still belongs to the network segment 192.168.1.0. In this way, four network segments are successfully divided.

Network Topology:

Note:

1. Switch Alcatel Omnistack-5024 panel:

There are 24 Ethernet ports divided into three parts: s3, s4, and s5. S1 (console) is the console interface, s2 is the preset slot, You can append a module to it.

2. The first address in the box is the IP address, the second is the subnet mask, and the third is the default gateway.

3. Each port of s3/1-3 connects to a server.

4. cascade the switches connecting student computers to s3/4-8, and cascade the switches connecting instructor computers to ports s4/1-8, cascade the switches connected to the living area to ports s5/1-4, and cascade the switches connected to the office building to ports s5/5-8.

5. IP addresses of workstations in different network segments are dynamically allocated through DHCP. Configure four network adapters and four network segments on the DHCP server (for example: ports s3/3, s4/1, s5/1, and s5/5 are connected, respectively. Fill in the correct IP address 192.168.1.10, subnet mask 255.255.255.0, IP address 192.168.2.10, and subnet mask 255.255.255.0, IP address 192.168.3.10, subnet mask 255.255.0, IP address 192.168.4.10, and subnet mask 255.255.255.0. The default gateways of workstations in students, teachers, living areas, and office buildings should match the default IP addresses of their respective CIDR blocks: 192.168.1.1, 192.168.2.1, 192.168.3.1, 192. 168. 4.1. The default settings of the gateway can be implemented through the scope option of DHCP.

6. Because the broadcast method cannot span the CIDR block, it cannot communicate with computers in other CIDR blocks by means of broadcasting, and the computers shared by other CIDR blocks cannot be seen in "Network neighbors, both WINS and LMHOSTS can span network segments. To achieve cross-network segment browsing, the DHCP server is used as the WINS server at the same time, and the WINS server is used to resolve the ing between computer names and IP addresses, you can view the domain information collected in WINS.

After the above configuration, students, teachers, living areas, office buildings, workstations can communicate with each other, however, workstations in three networks, including teachers, living areas, and office buildings, cannot communicate with the web and mail servers. In order to achieve mutual access between them, further settings are required:

For servers such as web and mail, run the route command in the command line status to add static routes:

Route-p add 192.168.2.x mask 255.255.255.0 192.168.1.1

Route-p add 192.168.3.x mask 255.255.255.0 192.168.1.1

Route-p add 192.168.4.x mask 255.255.255.0 192.168.1.1

The-p parameter indicates that the path is added permanently. After the preceding configuration, all hosts in the four CIDR blocks can communicate with each other.