CN109587026A - A method of large and medium-sized enterprise's Network Programe Design based on Java - Google Patents

Abstract

The invention belongs to be specially adapted for administrative, business, finance, management, supervision or the data processing system or method of prediction purpose；What other classifications did not included is specially adapted for processing system or the method and technology field of administrative, business, finance, management, supervision or prediction purpose, a kind of method of large and medium-sized enterprise's Network Programe Design based on Java is disclosed, according to user and specific network design VLAN；Determine the unique IP address for being connected to each interface of host of network；Progress configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, aaa server is arranged, relevant device configuration is arranged in network management control；Operation test is carried out to the Network Programe Design of setting.Advanced information service and production environment can be provided for departments at different levels, office automation and the integrated management for improving each department are horizontal；Improve the quality of administrative staff and staff.

Description

A method of large and medium-sized enterprise's Network Programe Design based on Java

Technical field

The invention belongs to be specially adapted for administrative, business, finance, management, supervision or prediction purpose data processing system or Method；Administrative, business that other classifications did not included be specially adapted for, finance, management, supervision or prediction purpose processing system or Method and technology field more particularly to a kind of method of large and medium-sized enterprise's Network Programe Design based on Java.

Background technique

Currently, the prior art commonly used in the trade is such thatThe great variety and the world that internet is rapidly developing are each The information industry on ground generates far-reaching influence.Competition has become a kind of trend in world market.The China of 21 century is market The direction of diversification, globalization is developed.For large enterprise, while development strategy is adjusted, competitive strategy must take into account the whole world Market, and everything information platform will also be based on to utilize computer networking technology and the network planning, the principle of network, with true It protects smooth.More and more domestic enterprises or are being considered as at the information of Internet/Intranet technology building The corporate planning of reason system.Since the information of modern enterprise is greatly mostly from internet, by network, enterprise can more quickly from The information that world market obtains；By internet and extraneous exchange of information, Corporate Planning can make rapidly correct enterprise Macro adjustments and controls and decision, to adapt to the development trend in market.Company links together with the world, greatly improves collection information Ability and efficiency.With the continuous development of Intranet technology, Computer Company has been gradually applied to each key position, To greatly improve the working efficiency of enterprise.For large enterprise, this point is even more important.With some large enterprises according to The person's character of oneself, as there is more demands on network.Such as China Telecom, China Netcom, Bank of China, they need for network Network path, flow cannot be broken a very important thing.Because most of China are entire financial and communicate all These companies, the stability of their network are directly related to country and the various aspects such as politics and economic base.Therefore, for this The network design of a little large enterprises must take into account traffic and other details.Another in the China services network of today is important Problem is safe.Due to the Later development of the network of China, network security is not to be made fine.With many no matter from structure Upper or technically unreasonable design, which has been engaged in the network of early stage, many problems, this also results in the network security of bad luck Property.Enterprise is in some key sectors (such as finance), if there is criminal modifies or steal business in network file using it The loophole of secret, at the same it is also even destructive to oneself irreparable harm.For different companies, to service network Detail it is also not identical.Intranet (Intranet) is the technology of Internet (Internet) in enterprise or closing User group.Briefly, Intranet is to utilize Internet technology, especially ICP/IP protocol, and complete internal network.This Kind technology allows the interoperability of different computers platform, does not consider their position.Also referred to as user can be in any meter It accesses on calculation machine or is accessed from any computer.Based on the reality to these problems, enterprise must from concept intranet and Relevant computer networking technology, the network construction and construction plan embodiment of detailed design enterprise are advanced to realize, peace Entirely, practical, reliable target.Enterprise diagnosis network demand, more various network technologies, from the actual angle Selection LAN of discussion Backbone network, cable, various lectotype selections, network security, network management.When enterprise development to certain scale, there are many companies to exist Field office.Then, to accelerate enterprises information flow, enterprise needs to connect general headquarters and branch.Telecommunication network enterprise Demand be: by connecting in entire corporate networks, realize the quick transmission of data, office automation, it is final realize enterprise without Paperization office；There are the IP address and domain name of oneself in enterprise, establishes the web host in company, outwardly publicizes corporate image, The business activity of company and newest fruits etc.；The long-distance call of most of IP phone companies is saved, video conference can pass through IP Network is realized；Entire company needs reliable a, operation cost for the communication system afforded；Realize telnet and its His network service；Multiple functional, a wieldy management information system is established, examines general headquarters and branch throughout electronics The business criticized, can coordinate after the completion of work.Realize structured wiring, network design and planning, resource-sharing, access via telephone line are mutual The technology of networking, www server, hardware and software configuration and other partition enterprises is implemented.It is competing facing to fierce market It strives, company is increasing to workloads such as the collection of information, transmission, processing, storage, inquiry and forecast and decisions, electricity originally Brain is merely resting on the mode of single machine work, and the data between each department can not achieve shared, and working efficiency is caused to be greatly reduced, pure Pure manual management mode and means have been unable to adaption demand, this will seriously interfere the survival and development of company.Social progress requirement Enterprise must change existing backward management system, management method and means, and the new image established a modern enterprise system establishes this enterprise Automated management information system (i.e. corporate lan), to raise the management level, increase economic and social benefit.It is modern large-scale Enterprise network should have a more intelligent network management solution, be growing with meeting network size, and maintenance needs more Complicated work.Current network has been developed as " application-centered " information basic platform, needs network management energy Power has increased to service layer, the needs that traditional Intelligent Network Element cannot effectively support network management to develop.Example Such as, man power and material positions work in Networked E-Journals cable fault, and flexible service is disposed to different subscriber policies, access control The work of system and network audit log and virus control and the network operation and management process etc., due to consuming setting to network The intrinsic limitation of standby ability is also all a part of time-consuming, laborious task.Therefore, modern large-enterprise network is urgent The ability of the network equipment needed support has " application-centered " intelligent network O&M, and it is soft that intelligent management can be set Part, the network management personnel to free from hard work.Modern large-enterprise network needs to provide preferably end-to-end QoS guarantee, to meet the multiple service supporting net of business demand.The large-enterprise network that goes from strength to strength of enterprise is carried, rather than it is simple Singly increase bandwidth, be effectively protected the smooth exchange of data, so net must be taken into consideration in the large-enterprise network construction of today The degree of network should be urgent and critical event identification application, such as video, audio, data flow (MIS, ERP, OA, backup number According to).Can schedule network resources, guarantee bandwidth, delay and clog-free transmission priority, to realize the reasonable management of business Important and urgent business, while being that a large-enterprise network provides the guarantee service of " high-quality ".Modern Large enterprise network Network should have higher bandwidth, more powerful performance, to meet the ever-increasing communication requirement of user.With computer technology Rapid development, network-based application is more and more, and the enterprise network of today has been developed as a multiple service supporting platform. Not only to continue to implement Policies of Office Automation In Enterprises, the simple data service such as web page browsing, while also carry various operations and relating to And the data and bandwidth and the very high IP phone of multimedia service delay requirement of production business application system, video conference etc.. Therefore, data traffic will greatly increase, and especially propose unprecedented requirement in the data exchange of core network.In addition, As the cost of gigabit port continues to decline, the application of gigabit to desktop will become mainstream, in the near future, enterprise network. Since global interchanger market analysis in 2004 can be seen that be exactly gigabit large-scale application really it is fastest-rising 10Gbps case type interchanger, it is seen that it is horizontal.Therefore, the enterprise network of today, which has become, million to arrive to gigabit backbone Network construction of the desktop as a standard, core layer must have with layer, to establish an accessible " high-quality gigabit backbone Bandwidth and process performance the rank " large-enterprise network, to adapt to network size, the increasing need of portfolio of net.Clothes For the performance indicator of business device as a network server program, performance is primary index forever.Performance can be such defined that In given hardware condition and time, the task amount that is capable of handling.The server of hardware performance can be maximally utilised Design is only good design.Good server is designed it should also be taken into account that average service, for each client, server It should give each client average service, cannot allow some client that cannot service for a long time and " starvation " occurs Situation.Scalability, that is to say, that with the raising of hardware capabilities, the performance of server can linearly increase therewith.It realizes The calculating of high performance one actual server of approach be it is very complicated, be often mixed with IO calculate and CPU calculate.IO meter The computation model, such as file server, mail server etc. referred in calculating task based on IO is calculated, a large amount of network is mixed with IO and file I/O；CPU calculating refers to no or few IO in calculating task, such as encryption/decryption, coding/decoding, mathematical computations Etc..In CPU calculating, single thread and multithreading modelling effect are comparable.It says in " performance of Win32 multithreading " " one In the computer of a uniprocessor, the concurrently execution speed of the task based on CPU can not be faster than serially executing speed, but this Invention can see, and thread creation and the overhead of switching are very small at Windows NT；For very short calculating, and Hair executes only than serially executing slow 10%, and with the increase of computational length, the two times are just very close." as it can be seen that For pure CPU is calculated, if only one CPU, multithreading model is inappropriate.Consider that one executes intensively CPU calculate service, if there is tens such threads concurrently execute, excessively continually task switching result in it is unnecessary Performance loss.On programming is realized, single-threaded model computation model is very inconvenient for server program design.Therefore, It is that comparison is appropriate that CPU, which is calculated using thread pool working model,.QueueUserWorkItem function is very suitable for one A CPU calculating is put into thread pool.Thread pool realization will make great efforts to reduce this unnecessary thread switching, and control simultaneously hair line The number of journey is the number of CPU.It really needs and concerns that IO is calculated, general network server program is usually associated with largely IO calculate.The end that high performance approach is IO to be avoided waiting for is proposed, causes CPU idle, to utilize hardware capabilities as far as possible, One or more I/O devices are allowed concurrently to execute with CPU.Previously described asynchronous IO, APC, IO completing port can reach this Purpose.For network server, if client concurrent request number is fewer, just with simple multithreading model It can deal with.As soon as operating system will dispatch another if thread is because wait I/O operation to complete and be suspended The thread of thread puts into operation, concurrently executes to be formed.Classical network server logic mostly uses greatly multithreading/multi-process side Formula is initiated in client to when the connection of server, server will will create a thread, and the thread for making this new is located Manage subsequent transaction.It is this very intuitive come the programmed method for representing a client object with a special thread/process, easily In understanding.For large-scale network servers program, there is limitations for this mode.Firstly, creation thread/process and pin Ruin the feelings that thread/process cost is very high, especially uses TCP " short connection " mode or UDP mode to communicate in server Under condition, for example, in http protocol, after client initiates a connection, send a request, server response this request Afterwards, connection is also turned off.If designing HTTP server using classical mode, thread/pin is excessively continually created Ruining thread influences to be very severe caused by performance.Secondly, client connects even if taking TCP " long connection " in an agreement This connection is just always maintained at after upper server, classical design method is also to possess a drawback.If client concurrent request amount is very Height, in the case that synchronization has many client waiting for server to respond, it will there is excessive thread concurrently to execute, frequently Thread switches a part of computing capability that will use up.In fact, often prematurely being exhausted if concurrent thread number is excessive Physical memory, most time consumptions are in thread switching, because thread will also cause memory paging while switching.Finally Cause server performance sharply to decline, needs to deal with while having the network server of a large amount of client concurrent requests for one It says, thread pool is unique solution.Thread pool, which not only can be avoided, continually creates thread and destroying threads, and can A large amount of client concurrent requests can be handled with the seldom thread of number.It is worth noting that, little for a pressure Network server program design, the present invention do not recommend any of the above skill.The feelings of task can be completed in simple design Under condition, it is very unwise, very madness that thing, which is made very complicated,.

In conclusion problem of the existing technology is:Traditional Intelligent Network Element lacks to urgent and critical event Identification application；Broadband performance is poor, does not adapt to present gigabit port；Server performance is poor；Traditional enterprise network security Measure be mainly to pass through the deployment of firewall, IDS, anti-virus software, and realize disease with the ACL of switch or router The defence of poison and hacker attack, these Passive Defence measures can not efficiently solve enterprise network security problem.

Summary of the invention

In view of the problems of the existing technology, the present invention provides a kind of, and large and medium-sized enterprise's network planning based on Java is set The method of meter.

The invention is realized in this way a method of large and medium-sized enterprise's Network Programe Design based on Java, the base Include: in the method for large and medium-sized enterprise's Network Programe Design of Java

Step 1, according to user and specific network design VLAN；

Step 2 determines the unique IP address for being connected to each interface of host of network；

Step 3 carries out configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, AAA clothes Being engaged in, device is arranged, relevant device configuration is arranged in network management control；

Step 4 carries out operation test to the Network Programe Design of setting.

Further, the HSRP configuration of the step 3 is configured using warm back-up HSRP technology.

Further, the Routing Protocol configuration of the step 3 uses EIGRP agreement.

Further, the crucial three-layer equipment routing table of operation test point and network connectivty validation test of the step 4.

Further, the testing procedure of the crucial three-layer equipment routing table is as follows:

(1) couple in router R1 routing table；

(2) core layer switch HX1 routing table.

Further, steps are as follows for the network connectivty validation test:

(1) our department's access-layer switch SW1 accesses server；

(2) other places branch company R4 accesses server；

(3) other places branch company SW10 accesses our department's access switch.

In conclusion advantages of the present invention and good effect are as follows:Network of the invention has certain flexibility, realizes The quick transmission of data, office automation may finally realize enterprise's paperless office；And enterprise using oneself IP address and Domain name can establish the web host of company, outwardly publicize corporate image, the business activity of company and newest fruits etc.；Simultaneously The long-distance call of most of IP phone companies is saved, video conference can be realized by IP network；Realize telnet and its His network service；So that general headquarters and branch is spread the business of electronic approval, can coordinate after the completion of work；The present invention can be whole A enterprise provides efficiently smooth information superhighway and environment is supported in public service, formed one with it is reliable, fast, can provide Information management system based on the computer network of multiple functions, can be provided for departments at different levels advanced information service and Production environment, while the office automation and integrated management level of each department are improved again；Change traditional idea in management and pipe Reason mode improves the quality of administrative staff and staff；It frees staff from many and diverse hand labour, increases Economic and social benefit.

Modern large-enterprise network should have a more fully reliability design, realize real-time network flow, guarantee Normal production and operation.As enterprise is transferred to the network that different service applications is integrated into a computer more and more, There is no network communication interrupt operation to have become key, to ensure normal production and operation.Modern large-enterprise network should provide Better network security solution reduces the economic loss of enterprise to prevent the attack of virus and hacker.Traditional enterprise network The measure of network safety is mainly to pass through the deployment of firewall, IDS, anti-virus software, and is come with the ACL of switch or router Realize the defence of virus and hacker attack, but these prove that Passive Defence measure can not efficiently solve enterprise network security Problem.Enterprise network have become company today manufacturing operations important component, modern enterprise network must from The access control at family is arranged, a series of security control, with the HIV suppression of initiative recognition data packet, to effectively guarantee enterprise The stable operation of industry network.

Detailed description of the invention

Fig. 1 is the method flow diagram of large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java.

Fig. 2 is that the network of the method for large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java is set Meter figure.

Fig. 3 is that the network of the method for large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java is opened up Flutter figure.

Specific embodiment

In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.

Integrated Management Information System is to realize enterprise information management and office automation and build, it can be entire enterprise Industry provides efficiently smooth information superhighway and public service and supports environment, formed one with it is reliable, fast, can provide it is a variety of Information management system based on the computer network of function can provide advanced information service and production for departments at different levels Environment, while the office automation and integrated management level of each department are improved again.Change traditional idea in management and management mould Formula improves the quality of administrative staff and staff；Free staff from many and diverse hand labour；Therefore, build Vertical one it is reliable, practical, be easily managed, the intranet with comprehensive advanced level is necessary.

Application principle of the invention is explained in detail with reference to the accompanying drawing.

As shown in Figure 1, the method packet of large and medium-sized enterprise's Network Programe Design provided in an embodiment of the present invention based on Java Include following steps:

S101: according to user and specific network design VLAN；

S102: the unique IP address for being connected to each interface of host of network is determined；

S103: configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, AAA service are carried out Relevant device configuration is arranged in device setting, network management control；

S104: operation test is carried out to the Network Programe Design of setting.

As the preferred embodiment of the present invention, the HSRP configuration of the S103 is configured using warm back-up HSRP technology.

As the preferred embodiment of the present invention, the Routing Protocol configuration of the S103 uses EIGRP agreement.

As the preferred embodiment of the present invention, the crucial three-layer equipment routing table of operation test point and network of the S104 tetra- Connectivity Verification test.

As the preferred embodiment of the present invention, the testing procedure of the key three-layer equipment routing table is as follows:

(1) couple in router R1 routing table；

(2) core layer switch HX1 routing table.

As the preferred embodiment of the present invention, steps are as follows for the network connectivty validation test:

(1) our department's access-layer switch SW1 accesses server；

(2) other places branch company R4 accesses server；

(3) other places branch company SW10 accesses our department's access switch.

Application principle of the invention is further described combined with specific embodiments below.

1, system of the invention

The enterprise is located at Tangshan City High-Tech Development Zone, and company needs network support there are three building.These three buildings It is respectively: No. 1 building, No. 2 building and No. 3 building.No. 1 building totally three floor, including market department, Finance Department, sales department.No. 2 building totally three floor, packet Include management department.No. 3 three floor of building, including Human Resource Department, client service center.Wherein there are 8 computers in market department, and Finance Department has 10 There are 15 computers in computer, sales department, and there are 10 computers in Human Resource Department, and there are 20 computers, management department in client service center There are 10 computers.

Center of three floor in No. 2 building as whole network, herein server, router and core switch framework, Then network is expanded to optical cable management department, No. 1 building and No. 3 building in No. 2 building.

Specific network design figure is as shown in Figure 2.

2, the research of feasibility

2.1 technical feasibility

2.1.1 important technology

1)VLAN

VLAN (virtual LAN) is referred to as " virtual LAN " in China.VLAN is that lan device will be drawn by logic It is divided into a network segment, to realize the virtual workgroup of emerging data switching technology.This emerging technology is mainly used in interchanger And router, but still in being switched to mainstream applications.But not all interchanger has this function, and second floor has this function VLAN agreement before switch only has above.

The target of VLAN (virtual LAN, virtual LAN) is very more.It, can be definitely by understanding the property of VLAN Know their use.

Firstly, the present invention, which must be known by 192.168.1.2/30 and 192.168.2.6/30, belongs to different network segments, it is necessary to Those are accessed by router, and who is wanted access to each other in different fields, it is necessary to pass through router.The essence of VLAN refers to One network segment, why referred to as virtual LAN, because it is to create a virtual router interface.

The advantages of VLAN: the broadcast on limitation network, network, which is divided into multiple VLAN, can reduce setting for participation broadcast storm Standby quantity.LAN segment can prevent broadcast storm from spreading all over whole network.VLAN can provide that establish firewall excessive to prevent Broadcast the mechanism of exchange network.Using VLAN, it can be switch port or distribute to the user of specific VLAN group, the VLAN Group can or cross over multiple switch in an exchange network, and broadcast will not be by the VLAN outgoing in a VLAN It send.Equally, adjacent port not will receive broadcast and generate others VLAN.This can reduce broadcast traffic, and release bandwidth is to use Family application program reduces the generation of broadcast.

2) two-node cluster hot backup

Two-node cluster hot backup technology is a kind of higher error-tolerant applications scheme of software and hardware combining.The program is by two-server System and an external shared disk disk array cabinet (can also not have, but take RAID card in respective server) and corresponding Two-node cluster hot backup software composition.

In this fault-tolerant networks, operating system and application program are mounted on the local system disk of two-server, whole The data of a network system are by disk array centralized management and data backup.Data centralized management is to pass through two-node cluster hot backup The data of all websites are directly read from central storage device and are stored, and are managed by professional by part system, greatly Ground protects the safety and confidentiality of data.The data of user are stored in external shared disk array, in a server When failure, standby host actively substitutes host work, guarantees that network service is uninterrupted.

Dual-machine hot backup system guarantees contacting for main system and back-up system using " heartbeat " method.So-called " heartbeat ", refers to Be between master-slave system mutually according to certain time interval send communication signal, show the current operation shape of respective system State.Once " heartbeat " signal stops showing that host system breaks down or back-up system can not receive " the heart of host system Jump " signal, then the high availability management software of system thinks that host system breaks down, and host stops working, and system is provided Source is transferred in back-up system, and back-up system plays a role host is substituted, to guarantee that network service operation is uninterrupted.

3)DHCP

DHCP is the abbreviation of dynamic host configuration protocol (dynamic host configuration protocol), its predecessor BOOTP.BOOTP is most Just for host disk on non-network connection: network host guide optical ROM, rather than and be connected to network, BOOTP can To automatically configure these hosts of TCP/IP environment.But BOOTP has a disadvantage that you must be provided with the hardware address of client in thing It is obtained before first, corresponding IP is static.In other words, BOOTP lacks " dynamic " very much, if in a limited money In the environment in source, IP, BOOTP correspond the very serious waste that can lead to resource.DHCP can be described as BOOTP, it is divided into Two-part enhancing version: one is server end, and the other is client.It is concentrated by Dynamic Host Configuration Protocol server and dhcp client It manages all IP network configuration datas and is responsible for processing request；And the environment number that the IP server that client uses distributes According to.Using DHCP, (in addition to IP address, server can send identical across the allocation of computer available message of file Subnet mask, default gateway, dns server and others TCP/IP are configured).Compared to BOOTP, DHCP is effective through " lease " It is arranged with the TCP/IP of dynamic distribution client, and is considered as compatible concept, the need of bootp client is fully utilized in DHCP It wants.DHCP distribution form: firstly, you must an at least Dynamic Host Configuration Protocol server on network, it listens to DHCP request net Network, and discuss and the TCP/IP of environment and client is arranged.

4)HSRP

HSRP: Hot Standy Router Protocol (HSRP: Hot Standy Router Protocol) is a kind of unique technology platform, is thought Section is the proprietary protocol of cisco.

The agreement includes multiple routers, a corresponding HSRP group.This group only has a router forwarding and undertakes the responsibility Customer flow, this is active router.When active router breaks down, it is new as one that backup router will undertake the role Active Routers.This is the principle of warm back-up.

Realize that more than one condition is HSRP route system, they form one " warm back-up group ", which forms one A virtual router.At any one time, the router in only one group is movable, by forwarding data packet, if active ways When being broken down by device, router will select a backup to carry out replacement activity router, but the host in network view is empty Quasi- router, which has, not to be changed.So host still maintains connection, failure does not influence main body, to solve Switch Router Problem.

5) eigrp routing protocol

The advantages of EIGRP is the privately owned Routing Protocol of Cisco, it combines distance vector and link state, its spy It puts and includes:

Fast convergence

Part updates

Support multiple network layer protocol

Use multicast and unicast

It supports variable length subnet mask (VLSM)

It is seamlessly connected data link layer protocol and topological structure

6) aaa authentication

AAA, network service；It authorizes (authorization): the result of the network identity validation service based on the opening to user；Charging System.Network management and safety problem in the entire system is highly effective.

Firstly, authentication section provides subscriber authentication.Entire certification is usually inputted the power of username and password by user Limit audit.It is that each user has a unique privilege to obtain standard by the principle of certification.Aaa server and user Standard criterion database, and check whether each user.If it is, then user is certified.If not provided, so refusing Linking Internet is provided.

Next, user can also obtain the permission by the respective task of Authorized operation.For example, being used after landing system The order that family can execute is operated, and then, licensing process will test whether user has the permission for executing these orders.Letter For list, which is a series of force policies, including a combination: determining the type or matter of activity, resource or service The user of amount is allowed to anything.Licensing process occurs in authentication context.Once user has passed through certification, phase will be awarded in they The permission answered.The number of resources that last step allows for the user consumed during the connection process will be calculated.These resource packets The Connection Time or user included during the connection process sends and receives traffic etc..Log can connect process and use according to statistics The process of account is realized in the activity of family information and authorization control, charging, trend analysis, resource utilization and capacity planning.

2.1.2 technology is analyzed

1)VLAN

There are 6 departments in company of the present invention, wherein network center, management department and the client service center of No. 2 three floor of building are to network Response speed requires highest, and the requirement of other 4 departments is taken second place.So when dividing VLAN, it is necessary to embody each The priority of VLAN.Therefore, the method for dividing VLAN is to divide VLAN by user.

2) two-node cluster hot backup

It is the central node of network since the center of whole network is in three floor in No. 2 building, burden weight.Central node is once It breaks down, then the whole network is impacted.So needing two servers when purchasing equipment, and two-node cluster hot backup is configured, To improve the reliability of network.

3)DHCP

It needs to configure IP address for router interface and all PC machine interfaces in Configuration network.Since there are many node, Workload for each PC manual configuration address is quite big, so the present invention will use DHCP technology.

4)HSRP

The effect of core layer switch is fast-forwarding, if it breaks down, will lead to the paralysis of lower layer's all-network. So the redundancy that backup to core layer switch.This has just used three layers of redundancy: warm back-up HSRP.

5) eigrp routing protocol

EIGRP is the proprietary protocol of Cisco company.EIGRP combines link state and distance vector type Route Selection association The Cisco specialized protocol of view can not be sent and regularly be routed more using disperse correction algorithm (DUAL) Lai Shixian fast convergence New information supports the multiple networks layer protocols such as Appletalk, IP, Novell and NetWare to reduce the occupancy of bandwidth.

6) aaa authentication

Aaa server (aaa server) is capable of handling the server program that user requests access to.Authentication vs. authorization clothes are provided Business account number.Aaa server is usually identical NS software, gateway server, database and user information, such as cooperation Working directory.With aaa server by network connection to cooperating for server interface be " remote authentication Dial-In User Service (RADIUS)”。

2.2 economic feasibility

2.2.1 important equipment

1) server

Server, also referred to as servomechanism.Server is the high-performance computer in network environment, it listens to other on network The service request that computer (client computer) is submitted, and corresponding service is provided, for this purpose, server must have the service of undertaking and Ensure the ability of service.

The basic parameter as shown in table 1 of IBM System x3250M4 (2583I19)

2) core switch

Core switch is not the switch of a type, in the core layer (network backbone part) of the switch.

Computer will have to spend a certain number of core switch, and taproot interchanger does not have road below 50 By device.For the network architecture of so-called core switch, if it is several computers in a Small-scale LAN, eight switches can claim It is small core interchanger on obtaining！In the core switch of the network industry, there are Network Management Function, powerful the 2nd layer or handling capacity 3 layers of interchanger, in the network of 100 multiple stage computers, if you want stabilizations and high-speed cruising, core switch is It is essential.

The basic parameter of core switch M6506-24GT/8SFP is as shown in table 2.

3) access layer equipment

Under normal conditions, the part that user is directly connected to network is known as network or the access of access layer, and effect is fair Permitted the terminal user's access layer for being connected to network, so with characteristic at low cost and high port density, access-layer switch.

The basic parameter of H3C S1550 is as shown in table 3.

4) router

Router (router) is connected to each LAN of internet, WAN device, it can automatically select and according to circumstances with Optimal path configures routed channels, according to the sequence before the signal of sending device.Router is the hinge of internet, " is handed over Logical police ".Router has been widely used for all trades and professions at present, and the product of various class has become backbone network, realizes various Inside connection, the main force of backbone interconnection and interoperability and the Internet backbone network service.

The basic parameter of CISCO 7206VXR is as shown in table 4.

2.2.2 device analysis

Equipment summary sheet needed for constructing large and medium-sized enterprise's network is as shown in table 5.

As a large and medium-sized enterprise, total assets 40,000,000 or more, annual sales amount more than 30,000,000 RMB, and The expense of all devices, which is added together, needs 293935 RMB.There is no economic pressures for a large and medium-sized enterprise.And And can promote to link up between employee by enterprise network, working efficiency is improved, bring economic benefit absolutely can exceed that exploitation Cost.

3, demand analysis

In order to adapt to the business development of information technology, to meet stable operation and network, the construction of enterprise network of today Ever-increasing communication requirement has higher requirement than the network construction of the traditional forms of enterprises, below will be by analyzing the following aspects To cook up one for network topology optimum target.

3.1 enterprise demand

Facing to fierce market competition, company is to the collection of information, transmission, processing, storage, inquiry and forecast and decision Etc. workloads it is increasing, computer originally is merely resting on the mode of single machine work, and the data between each department can not achieve altogether It enjoys, working efficiency is caused to be greatly reduced, pure manual management mode and means have been unable to adaption demand, this will seriously interfere company Survival and development.Social progress requires enterprise that must change existing backward management system, management method and means, establishes existing For the new image of enterprise, the automated management information system (i.e. corporate lan) of this enterprise is established, to raise the management level, is increased Add economic and social benefit

Integrated Management Information System is to realize enterprise information management and office automation and build, it can be entire enterprise Industry provides efficiently smooth information superhighway and public service and supports environment, formed one with it is reliable, fast, can provide it is a variety of Information management system based on the computer network of function can provide advanced information service and production for departments at different levels Environment, while the office automation and integrated management level of each department are improved again.Change traditional idea in management and management mould Formula improves the quality of administrative staff and staff；Free staff from many and diverse hand labour；Therefore, build Vertical one it is reliable, practical, be easily managed, the intranet with comprehensive advanced level is necessary.

3.2 functional requirement

3.2.1 Network Management Function

Modern large-enterprise network should have a more intelligent network management solution, to meet network size increasingly Expand, maintenance needs more complicated work.Current network has been developed as " application-centered " information basic platform, Network management capabilities are needed to have increased to service layer, traditional Intelligent Network Element cannot effectively support network management The needs of development.For example, man power and material positions work in Networked E-Journals cable fault, flexible service is to different user's plans It slightly disposes, the work of access control and network audit log and virus control and the network operation and management process etc., due to The intrinsic limitation of the ability of the equipment of network is consumed, is also all a part of time-consuming, laborious task.Therefore, modern big There is an urgent need to the abilities of the network equipment of support " application-centered " intelligent network O&M for type enterprise network, and can set Intellective Management Software is set, the network management personnel to free from hard work.

3.2.2 identification information function

Modern large-enterprise network needs to provide better end-to-end QoS and guarantees, is held with meeting the multi-service of business demand Support grid.The large-enterprise network that goes from strength to strength of enterprise is carried, rather than simply increases bandwidth, is effectively protected the unimpeded of data Exchange, so the degree that network must be taken into consideration in the large-enterprise network construction of today should be that urgent and critical event identification is answered With such as video, audio, data flow (MIS, ERP, OA, Backup Data).Can schedule network resources, guarantee bandwidth, prolong It to realize the important and urgent business of the reasonable management of business, while being one large-scale enterprise late with clog-free transmission priority Industry network provides the guarantee service of " high-quality ".

3.3 performance requirement

3.3.1 broadband performance

Modern large-enterprise network should have higher bandwidth, and more powerful performance is ever-increasing logical to meet user Letter demand.With the rapid development of computer technology, network-based application is more and more, and the enterprise network of today has developed As a multiple service supporting platform.Not only to continue to implement Policies of Office Automation In Enterprises, the simple data service such as web page browsing, Various operations are also carried simultaneously to be related to producing the data of business application system and bandwidth and multimedia service delay requirement very High IP phone, video conference etc..Therefore, data traffic will greatly increase, and especially propose in the data exchange of core network Unprecedented requirement.In addition, the cost with gigabit port continues to decline, the application of gigabit to desktop will become mainstream, In the near future, enterprise network.From 2004 global interchanger market analysis can be seen that be exactly gigabit large-scale application The case type interchanger of fastest-rising 10Gbps is really started, it is seen that horizontal.Therefore, the enterprise network of today has been As can not million arrive network construction of the gigabit backbone to desktop as a standard, core layer must have with layer, to establish one Accessible " bandwidth and process performance the rank " large-enterprise network, to adapt to network size, industry of high-quality gigabit backbone The increasing need of business amount.

3.3.2 server performance

For the performance indicator of server as a network server program, performance is primary index forever.Performance can To be such defined that in given hardware condition and time, the task amount being capable of handling.Hardware can be maximally utilised The server design of energy is only good design.Good server is designed it should also be taken into account that average service, objective for each Family end, server should give each client average service, cannot allow some client for a long time cannot service and The situation of " starvation " occurs.Scalability, that is to say, that with the raising of hardware capabilities, the performance of server can be in therewith Linear increase.Realize high performance one actual server of approach calculating be it is very complicated, be often mixed with IO calculating It is calculated with CPU.IO calculates the computation model, such as file server, mail server etc. referred in calculating task based on IO, mixes A large amount of network I/O and file I/O are closed；CPU calculating refers to no or few IO in calculating task, such as encryption/decryption, compiles Code/decoding, mathematical computations etc..In CPU calculating, single thread and multithreading modelling effect are comparable." Win32 multithreading Performance " in say that " in the computer of a uniprocessor, the concurrently execution speed of the task based on CPU can not be than serial It is fast to execute speed, but the present invention can see, thread creation and the overhead of switching are very small at Windows NT；It is right In very short calculating, concurrently execute only than serially executing slow 10%, and with the increase of computational length, the two times are just It is very close." as it can be seen that if, only one CPU, multithreading model is inappropriate for pure CPU is calculated. Consider that executes the service that intensive CPU is calculated, if there is tens such threads concurrently execute, excessively continually task Switching results in unnecessary performance loss.On programming is realized, single-threaded model computation model designs server program It is very inconvenient.Therefore, CPU is calculated using thread pool working model is that comparison is appropriate.QueueUserWorkItem Function is very suitable for a CPU calculating being put into thread pool.Thread pool realization will make great efforts to reduce this unnecessary thread Switching, and the number that the number for controlling concurrent thread is CPU.The present invention, which really needs, concerns that IO is calculated, general net Network server program is usually associated with a large amount of IO and calculates.The end that high performance approach is IO to be avoided waiting for is proposed, is caused CPU is idle, to utilize hardware capabilities as far as possible, one or more I/O devices is allowed concurrently to execute with CPU.Previously described asynchronous IO, APC, IO completing port can reach this purpose.For network server, if client concurrent request number ratio If less, it can be dealt with simple multithreading model.If a thread is because wait I/O operation to complete and hung It rises, operating system will dispatch another ready thread and put into operation, concurrently execute to be formed.Classical network service Device logic mostly uses greatly multithreading/multi-process mode, initiates in a client to when the connection of server, server will be created Build a thread, the thread for making this new handles subsequent transaction.It is this that a visitor is represented with special thread/process The programmed method of family end object is very intuitive, should be readily appreciated that.For large-scale network servers program, this mode there is Limitation.Firstly, creation thread/process and destroying threads/process cost are very high, TCP especially is used in server In the case that " short connection " mode or UDP mode communicate, for example, after client initiates a connection, sending one in http protocol A request, after this request of server response, connection is also turned off.If designing HTTP service using classical mode Device, then excessively continually creation thread/destroying threads influence to be very severe caused by performance.Secondly, an even if association TCP " long connection " is taken in view, client is just always maintained at this connection after connecting server, and classical design method is also to have disadvantage Disease.If client concurrent request amount is very high, in the case that synchronization has many client waiting for server to respond, it will There is excessive thread concurrently to execute, frequent thread switches a part of computing capability that will use up.In fact, if concurrent thread number If mesh is excessive, physical memory is often prematurely exhausted, most time consumptions are in thread switching, because thread switches While will also cause memory paging.It eventually leads to server performance sharply to decline, one is needed to deal with while having a large amount of For the network server of client concurrent request, thread pool is unique solution.Thread pool not only can be avoided frequently Ground creates thread and destroying threads, and a large amount of client concurrent requests can be handled with the seldom thread of number.Value It obtains it is noted that the network server program little for a pressure designs, the present invention does not recommend any of the above skill.? Simple design can be in the case where completion task, and it is very unwise, very madness that thing, which is made very complicated,.

3.4 reliability requirement

3.4.1 equipment dependability

Modern large-enterprise network should have a more fully reliability design, realize real-time network flow, guarantee Normal production and operation.As enterprise is transferred to the network that different service applications is integrated into a computer more and more, There is no network communication interrupt operation to have become key, to ensure normal production and operation.Modern large-enterprise network it is reliable Property design mainly in terms of following three the considerations of.

The reliability design of the device: it not only to check whether the network equipment realizes the redundancy backup of critical component, also examine Look into the various network equipments of type that engine is handled from whole design framework etc..

Reliability design service: in network equipment failure handoff procedure, either the normal operation of business is impacted.

Reliability design friendly link: linking secure Ethernet is selected from mulitpath, so work as the network construction of enterprise, Consider whether the network equipment can provide the effective means of link self-healing, and is the support of Fast Reroute protocols.

3.4.2 network security

Modern large-enterprise network should provide better network security solution, to prevent the attack of virus and hacker, Reduce the economic loss of enterprise.The measure of traditional enterprise network security is mainly to pass through the deployment of firewall, IDS, anti-virus Software, and realize with the ACL of switch or router the defence of virus and hacker attack, but these proof Passive Defences Measure can not efficiently solve enterprise network security problem.Enterprise network have become company today manufacturing operations weight Component part is wanted, modern enterprise network must be arranged from the access control of user, a series of security control, with initiative recognition number According to the HIV suppression of packet, to effectively guarantee the stable operation of enterprise network.

4, design and realization

4.1 network topological diagram

Network topology structure refers to the physical layout of various apparatus interconnection transmission mediums, which type of is using net in a manner of Network connects computer and other equipment.Topological diagram provides network server, work station, network configuration, main hub-and-spoke configuration, ring Shape structure, bus structures, distributed architecture.

There are three buildings in company in present system, is No. 1 building, No. 2 building and No. 3 building respectively.The wherein core of entire company 1 floor and 2 floor of the heart management department in No. 2 building, three floor of the center of whole network in No. 2 building.Current most of Web vector graphics are opened up Flutterring structure has 3 kinds: hub-and-spoke configuration, ring structure and bus structures.The wherein particularly suitable present system of hub-and-spoke configuration.Because No. 2 three floor of building of present system is the administrative center of whole network, centered on node, be used for centralized control whole network. 6 departments of company are communicated as branch node by central node.

Hub-and-spoke configuration, which compares, simultaneously meets the needs of company is to network.Hub-and-spoke configuration has the advantage that

1) control is simple.Any website is only connected with central node, thus media access control method is simple, causes Access protocol also very simple.It is easy to network monitoring and management.

2) fault diagnosis and isolation are easy.Connection line, which can be isolated, in central node one by one carries out fault detection and determines Position, the failure of single point of attachment only influence an equipment, will not influence the whole network.

3) facilitate service.Central node reconfigures each serve sites and network with can be convenient.

But hub-and-spoke configuration also has one disadvantage in that, central node burden weight.Central node once breaks down, then the whole network by It influences.So needing two servers when purchasing equipment, two-node cluster hot backup is generallyd use to this centring system, to mention The reliability of high system.

Network topological diagram is as shown in Figure 3.

Illustrate: in No. 2 three floor of building, each VLAN1 to VLAN40 is corresponding by server, three-tier switch and network management VLAN in figure Each department.

4.2VLAN dividing

This system divides VLAN by user.

VLAN is divided by user, is referred in a network, it, can be according to user and specific network to meet specific VLAN The particular/special requirement for designing VLAN limits, and allows non-user group access VLAN, but needs to provide user password.

There are 6 departments in present system company, wherein network center, management department and the client service center of No. 2 three floor of building are to net The response speed of network requires highest, therefore, the vlan number of network center, management department and client service center be set as VLAN1, VLAN2 and VLAN3, the vlan number of market department, Finance Department, sales department and Human Resource Department be set as VLAN10, VLAN20, VLAN30 and VLAN40.Priority between each VLAN are as follows: VLAN1 > VLAN2 > VLAN3 > VLAN10=VLAN20=VLAN30 =VLAN40.

VLAN divides as shown in table 6.

The planning of the address 4.3IP

In the internet, each interface for being connected to the host of network has required a unique IP address.Planning It is one kind based on IP addressing function, aims at equipment and distribute the IP address of corresponding network, thus realize efficient network, it is so-called Network address.Router produces some independent networks, and each of isolated network in island is known as a subnet.

IP address planning is as shown in table 7.

4.4 device configuration

4.4.1 configurations

Switch>en

Into privileged mode

Switch#conf t

Into global schema

Switch(config)#hostname SW1

The name for modifying router or interchanger, facilitates management

SW1(config)#no ip domain lookup

It closes inquiry of the domain name to enable and forbid dns server, it is possible to reduce the waiting time of input error order

SW1(config)#line console 0

Into under 0 mouth line journey of CONCOLE, switch or router interface is directly controlled by CONSOLE line serial ports

SW1(config-line)#no exec-timeout

It closes time-out time (cannot be ordered with this in true engineering)

SW1(config-line)#logging synchronous

For synchronism output user when for interchanger configuration order, configuration order can be by the inside of interchanger generation on the line Information separates or upsets to use order logging synchronous setting interchanger to replicate after next line CLI prompt The input of user.

It is configured to the basic configuration of router and interchanger above, plays the role of that management is facilitated to prevent error, so every It will be configured in equipment.

4.4.2VLAN being configured with IP

VLAN is divided and the order of IP distribution is as follows:

Switch1#config t

Switch1(config)#ip routing

Note: the above order effect is activation routing

Switch1#

Switch1#vlan database

Switch1(vlan)#vlan 1

Switch1(vlan)#vlan 2

Switch1(vlan)#vlan 3

Switch1(vlan)#vlan 10

Switch1(vlan)#vlan 20

Switch1(vlan)#vlan 30

Switch1(vlan)#vlan 40

Switch1(vlan)#exit

Note: the above order effect is to divide 7 VLAN

Switch1#config t

Switch1(config)#config vlan1

Switch1(config-if)#ip address 10.0.0.0 10.0.0.254

Switch1(config-if)#no shutdown

Switch1#config t

Switch1(config)#config vlan2

Switch1(config-if)#ip address 10.1.0.010.1.3.254

Switch1(config-if)#no shutdown

Switch1#config t

Switch1(config)#config vlan3

Switch1(config-if)#ip address 10.1.4.0 10.1.7.254

Switch1(config-if)#no shutdown

Switch1#config t

Switch1(config)#config vlan10

Switch1(config-if)#ip address 10.1.8.0 10.1.11.254

Switch1(config-if)#no shutdown

Switch1#config t

Switch1(config)#config vlan20

Switch1(config-if)#ip address 10.1.12.0 10.1.15.254

Switch1(config-if)#no shutdown

Switch1#config t

Switch1(config)#config vlan30

Switch1(config-if)#ip address 10.1.16.0 10.1.19.254

Switch1(config-if)#no shutdown

Switch1#config t

Switch1(config)#config vlan40

Switch1(config-if)#ip address 10.1.16.0 10.1.23.254

Switch1(config-if)#no shutdown

Note: the above order effect is to distribute IP address to divided VLAN

Switch1#

Switch1#config t

Switch1(config)#vtp domain china_mobile

Switch1(config)#vtp mode server

Switch1(config)#end

Note: the above order effect is configuration VIP

Switch1#

Switch1#config t

Switch1(config)#interface gigabitethernet0/1

Switch1(config-if)#switchport trunk encapsulation isl

Switch1(config-if)#switchport mode trunk

Switch1(config-if)#end

Note: the above order effect is configuration Trunk

Switch1#show vlan

Switch1#show ip route

Switch1#show interface gigabitethernet0/1 switchport

Switch1#show run

Switch1#show vtp status

Note: the above order effect is to check above-mentioned configuration

Switch1#copy running-config startup-config

Note: the above order effect is storage configuration.

4.4.3 DHCP is configured

It needs to configure IP address for router interface and all PC machine interfaces now.It is each since there are many node The workload of PC manual configuration address is quite big, so the present invention will use DHCP technology.

HX1(config)#ip dhcp excluded-address 10.1.0.1

HX1(config)#ip dhcp excluded-address 10.1.0.2

HX1(config)#ip dhcp excluded-address 10.1.0.100

HX1(config)#ip dhcp excluded-address 10.1.3.254

Note: the above order effect is to remove the non-serviceable IP address of PC machine

HX1(config)#ip dhcp excluded-address 10.1.4.1

HX1(config)#ip dhcp excluded-address 10.1.4.2

HX1(config)#ip dhcp excluded-address 10.1.4.100

HX1(config)#ip dhcp excluded-address 10.1.7.254

HX1(config)#ip dhcp excluded-address 10.1.8.1

HX1(config)#ip dhcp excluded-address 10.1.8.2

HX1(config)#ip dhcp excluded-address 10.1.8.100

HX1(config)#ip dhcp excluded-address 10.1.11.254

HX1(config)#ip dhcp excluded-address 10.1.12.1

HX1(config)#ip dhcp excluded-address 10.1.12.2

HX1(config)#ip dhcp excluded-address 10.1.12.100

HX1(config)#ip dhcp excluded-address 10.1.15.254

HX1(config)#ip dhcp excluded-address 10.1.16.1

HX1(config)#ip dhcp excluded-address 10.1.16.2

HX1(config)#ip dhcp excluded-address 10.1.16.100

HX1(config)#ip dhcp excluded-address 10.1.19.254

HX1(config)#ip dhcp excluded-address 10.1.20.1

HX1(config)#ip dhcp excluded-address 10.1.20.2

HX1(config)#ip dhcp excluded-address 10.1.20.100

HX1(config)#ip dhcp excluded-address 10.1.23.254

HX1(config)#ip dhcp pool ccie1

HX1(config)#ip dhcp pool ccie2

network 10.1.4.0255.255.248.0

default-router 10.1.4.100

lease infinite

HX1(config)#ip dhcp pool ccie3

network 10.1.8.0255.255.248.0

default-router 10.1.8.100

lease infinite

HX1(config)#ip dhcp pool ccie4

network 10.1.12.0255.255.248.0

default-router 10.1.12.100

lease infinite

HX1(config)#ip dhcp pool ccie5

network 10.1.16.0255.255.248.0

default-router 10.1.16.100

lease infinite

HX1(config)#ip dhcp pool ccie6

network 10.1.20.0255.255.248.0

default-router 10.1.20.100

lease infinite

PC1(config)#ip default-gateway 10.1.0.100

Note: the above order effect is that default gateway is specified in PC machine.

4.4.4 HSRP is configured

The effect of core layer switch is fast-forwarding, if it breaks down, will lead to the paralysis of lower layer's all-network. So the redundancy that backup to core layer switch.The present invention generally uses two core switches.This has just used three layers Redundancy: warm back-up HSRP.

HX1(config)#interface Vlan 2

HX1(config-if)#ip address 10.1.0.1255.255.248.0

HX1(config-if)#standby 1ip 10.1.0.100

HX1(config-if)#standby 1priority 105

HX1(config-if)#standby 1preempt

HX1(config-if)#standby 1track FastEthernet0/0

The above configuration VALN 234 will be done

HX1(config)#interface Vlan 5

HX1(config-if)#ip address 172.16.2.1255.255.255.0

HX1(config-if)#standby preempt

HX1(config-if)#standby 2 ip 172.16.2.100

The above configuration VALN 567 will be done.

4.4.5 Routing Protocol configures

EIGRP (Enhanced Interior Gateway Routing Protocol) enhances internal gateway routing line Road agreement.Also it is translated as reinforced Interior Gateway Routing Protocol.EIGRP is the proprietary protocol of Cisco company.Cisco company is The inventor of the agreement and the manufacturer for uniquely having agreement explanation and the power of amendment.EIGRP combines link state and apart from arrow The Cisco specialized protocol of amount type routing protocol can not be sent out using disperse correction algorithm (DUAL) Lai Shixian fast convergence Regularly routing update information is sent to reduce the occupancy of bandwidth, supports a variety of nets such as Appletalk, IP, Novell and NetWare Network layers agreement.

Configuration order is as follows:

HX1(config)#ip routing

R1(config)#router eigrp 100

R1(config-router)#no auto-summary

Note: the above order effect is to enable EIGRP agreement and close to summarize function automatically

R1(config-router)#network 202.100.1.0

Note: the above order effect is that 202.100.1.0 network segment is declared into agreement

R1(config-router)#network 192.168.1.0

R1(config-router)#network 192.168.2.0

HX1(config)#router eigrp 100

HX1(config-router)#no auto-summary

HX1(config-router)#network 192.168.1.0

HX1(config-router)#network 192.168.3.0

HX1(config-router)#network 10.1.0.0

HX1(config-router)#network 10.1.4.0

HX1(config-router)#network 10.1.8.0

HX1(config-router)#network 10.1.12.0

HX1(config-router)#network 10.1.16.0

HX1(config-router)#network 10.1.20.0

HX2(config)#router eigrp 100

HX2(config-router)#no auto-summary

HX2(config-router)#network 192.168.2.0

HX2(config-router)#network 192.168.4.0

HX2(config-router)#network 10.1.0.0

HX2(config-router)#network 10.1.4.0

HX2(config-router)#network 10.1.8.0

HX2(config-router)#network 10.1.12.0

HX2(config-router)#network 10.1.16.0

HX2(config-router)#network 10.1.20.0

4.4.6, aaa server is set

Aaa server (aaa server) is capable of handling the server program that user requests access to.Authentication vs. authorization clothes are provided Business account number.Aaa server is usually identical NS software, gateway server, database and user information, such as cooperation Working directory.With aaa server by network connection to cooperating for server interface be " remote authentication Dial-In User Service (RADIUS)”。

Configuration order is as follows:

HX2(config)#aaa new-mode 1

HX2(config)#aaa authentication dot1x default group radius

HX2(config)#dot1x system-auth-control

HX2(config)#interface f0/1

HX2(config-if)#swichport mode access

HX2(config-if)#dot1x port-control auto

HX2(config-if)#dot1x guest-vlan 1

HX2(config-if)#dot1x auth-fail vlan 1

HX2(config)#aaa authentication login telnet group tacacs+

HX2(config)#aaa authorization exec telnet group tacacs+

HX2(config)#aaa accounting exec telnet start-stop group tacacs+

HX2(config)#tacacs-sever host 192.168.100.100

HX2(config)#tacacs-sever key cisco

4.4.7, network management control is set

Control is easily managed intranet safety in order to facilitate administrator, and the present invention is needed to seat configuration so that administrator Interchanger all can be directly connected to or remotely log on to using PC to be controlled.

Configuration order is as follows:

HX2(config)#line vty 04

HX2(config-line)#password ccna1

HX2(config-line)#login

Note: the above order effect is the password and Sign-On authentication of configuration remote access interchanger

HX2(Config-line)#exec-timeout 1 11

HX2(config-line)#line con 0

HX2(config-line)#password ccna2

HX2(config-line)#login

HX2(config-line)#exec-timeout 1 11

5, operation test

5.1 crucial three-layer equipment routing tables

5.1.1 couple in router R1 routing table

Router R1 and R2 are present networks couple in routers, and " O (ospf) " routing entry is telecommunications, operator, Netcom is this The routing iinformation that network provides." D (eigrp) " routing entry is the routing iinformation of present networks three-layer routing equipment room.

This routing table information is shown, on router R1, all network segments involved in present networks are reachable.

5.1.2 core layer switch HX1 routing table

Core layer switch HX1 and HX2 are present networks core switch, and " D (eigrp) 192.168.8.0 " is server Network segment information.Remaining " D (eigrp) " routing entry is the routing iinformation of present networks three-layer routing equipment room.

This routing table information is shown, on interchanger HX1, all network segments inside present networks are reachable.

The verifying of 5.2 network connectivties

5.2.1 our department's access-layer switch SW1 accesses server

Local departmental network sends request of data with user orientation server, and test result is unimpeded.

5.2.2 other places branch company R4 accesses server

Nonlocal branch office network user sends request of data to local server, and test result is unimpeded.

5.2.3 other places branch company SW10 accesses our department's access switch

Nonlocal branch office network user sends request of data to local departmental network user, and test result is unimpeded.

The basic parameter of 1 IBM System x3250 M4 (2583I19) of table

The basic parameter of 2 M6506-24GT/8SFP of table

The basic parameter of 3 H3C S1550 of table

The basic parameter of 4 CISCO 7206VXR of table

5 equipment summary sheet of table

6 VLAN of table divides table

Vlan number	VLAN name	Explanation
			VLAN1	MVLAN	Network management VLAN
VLAN2	Management	Management department
			VLAN3	Customer Service Center	Client service center
VLAN10	Marketing	Market department
			VLAN20	Finance	Finance Department
VLAN30	Sales	Sales department
			VLAN40	Human	Human Resource Department

7 IP address planning table of table

Vlan number	IP network section	Default gateway
			VLAN1	10.0.0.0/24	10.0.0.254
VLAN2	10.1.0.0/22	10.1.3.254
			VLAN3	10.1.4.0/22	10.1.7.254
VLAN10	10.1.8.0/22	10.1.11.254
			VLAN20	10.1.12.0/22	10.1.15.254
VLAN30	10.1.16.0/22	10.1.19.254
			VLAN40	10.1.20.0/22	10.1.23.254

The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (7)

1. a kind of method of large and medium-sized enterprise's Network Programe Design based on Java, which is characterized in that described based on the big of Java The method of medium-enterprise network planning and designing includes:

Step 1, according to user and specific network design VLAN；

Step 2 determines the unique IP address for being connected to each interface of host of network；

Step 3 carries out configurations, VLAN and IP configuration, DHCP configuration, HSRP configuration, Routing Protocol configuration, aaa server Relevant device configuration is arranged in setting, network management control；

Step 4 carries out operation test to the Network Programe Design of setting.

2. the method for large and medium-sized enterprise's Network Programe Design based on Java as described in claim 1, which is characterized in that described The HSRP configuration of step 3 is configured using warm back-up HSRP technology.

3. the method for large and medium-sized enterprise's Network Programe Design based on Java as described in claim 1, which is characterized in that described The Routing Protocol configuration of step 3 uses EIGRP agreement.

4. the method for large and medium-sized enterprise's Network Programe Design based on Java as described in claim 1, which is characterized in that described The crucial three-layer equipment routing table of operation test point of step 4 and network connectivty validation test.

5. the method for large and medium-sized enterprise's Network Programe Design based on Java as claimed in claim 4, which is characterized in that described The testing procedure of crucial three-layer equipment routing table is as follows:

(1) couple in router R1 routing table；

(2) core layer switch HX1 routing table.

6. the method for large and medium-sized enterprise's Network Programe Design based on Java as claimed in claim 4, which is characterized in that described Steps are as follows for network connectivty validation test:

(1) our department's access-layer switch SW1 accesses server；

(2) other places branch company R4 accesses server；

(3) other places branch company SW10 accesses our department's access switch.

7. at a kind of information data of the method using large and medium-sized enterprise's Network Programe Design described in claim 1 based on Java Manage terminal.