Local network in the office

Example of a local network in the office in a schematic form

Location of equipment in the office, possible cable networks for the office. Communication services: telephony, Internet, television.

Organization of telephone communications in the office with the organization IP telephony for remote employees.

Organization of the company's telephone network using the Internet. Creating a telephone network with high-quality telephone connection. Organization of free telephone calls for customers.

Local network scheme

Features of the local network

An example of a local network is provided for a more understandable and informative presentation of the network with the prioritization of the transfer of various types of traffic: the Internet, telephone traffic, television.

Local network scheme

In modern conditions, tough competition is important to respond quickly to any changes. The stability of the work of any company, cafe, shop or large corporation directly depends on the reliability and well-thought-out typology of the local network.

Key benefits of local business networks:

Continuous access of employees to documents, databases directly from the workplace;

Instant sharing reports between departments;

Organization of joint access to office equipment (printers, chamfer, copiers, scanners);

Organization of access to the Internet from all workstations;

The ability to automate routine processes;

Organization of free and protected corporate relations between individual cabinets, buildings.

A competently designed locally computing network at times increases the efficiency of the enterprise, allows you to free up human resources, provides a lot of additional opportunities

Why is the development of a corporate local network to entrust CANMOS?

In small offices, where you need to connect two to three computers, the local network can be organized by your own. But most enterprises are better to trust a specialized company.

Without experience, practical skills and knowledge of the network equipment market, a serious budget is possible without achieving the desired result. Sometimes, the incorrect connection or savings on cable and connectors leads to the fact that the expensive equipment works only by 10-20% of its capabilities. As a result, constant delays, failures, burning ports or the system failure at all.

Without the development of a detailed plan, after completion, it may turn out that they forgot to lay a line for a network printer, and in the router all ports are busy and no ability to connect another device. Since the scaling was not provided in advance, with the expansion of the office "stick new" computers naturally nowhere.

With CANMOS, all network problems will go to the past. For many years we have been providing communication services and design data transmission systems. When developing a network, we:

We think in detail the topology to satisfy all the needs of your enterprise for functionality;

Consider the scaling and convenient addition of new workstations with minimal investment;

Provide protection from external and internal threats;

We guarantee the ease of control.

Typical Local Network Scheme from Canmos

When designing a LAN, the preference is given to the Star typology - each node (computers, network printers) are connected to the switch by a separate cable. Such a solution provides:

Independent work of each workstation, which increases the reliability of the network;

The minimum cost and simplicity of adding new devices to the network when expanding the enterprise.

To improve reliability and fault tolerance, simplifying administration, optimizing the loads between the network equipment, the locally computing network is divided into several segments - subnets are connected to each other with high-speed optical channel. In a separate segment, mail servers, file and 1c, PBX are operating.

To simplify administration, computers from different departments, such as accounting, commercial or legal unites in the working groups.

Wireless Network Access provides Wi-Fi access points.

Technically, when laying LAN-networks, it is optimally server and network equipment in a separate room, to provide quick access from one place to the network administrator. A sockets for RJ-45 and RJ-12 (for IP-16Efony) are displayed near the employees' workplaces.

In the future, depending on the needs of the enterprise, office IP telephony can be deployed on the basis of a finished local network (for a stable connection, prioritization with a speed isolated 64 kb per unit), 1C network. A secure (encrypted) connection to the local network of remote employees can be connected to the VPN channel.

The structured cable system is a set of switching elements (cables, connectors, cross-headed panels and cabinets), as well as methods of their sharing, which allows you to create regular, easily expandable link structures in computing networks.

The structured cable system represents a kind of "constructor", with which the network designer builds the configuration you need from standard cables connected by standard connectors and switched on standard cross-panels. If you need, the configuration of links can be easily changed - add a computer, segment, switch, withdraw unnecessary equipment, and also change connections between computers and switches.

When building a structured cable system, it is understood that each workplace in the enterprise must be equipped with sockets for connecting the phone and computer, even if this moment does not need. That is, a good structured cable system is built redundant. In the future, this can save funds, since changes in the connection of new devices can be made by recoming already laid cables.

According to the task, the structural scheme of the location of buildings, each of which has its own subnet, is presented in Fig. 2.1.

Figure 2.1 - Structural Layout Layout

The structural scheme of subnets of each of the buildings is presented in Fig. 2.2 - 2.3. Since 5-storey buildings are two, and they have the same amount of switching equipment and PCs, their structural schemes are identical.

Figure 2.2 - Structural subnet circuit 5-storey building

Figure 2.3 - Structural subnet circuit 4-storey building

The block diagram of the compound of subnets into one network is presented in Fig. 2.4.

Figure 2.4 - General network structural scheme

In buildings, technology - FasteTherNet, between buildings -fddi, access to the Internet from each building along the radio channel.

3 Choice of equipment and cable

3.1 Selection of switches

Switch (eng. Switch) - a device designed to connect several computer network nodes within one or more network segments. The switch operates on the channel level of the OSI model. Unlike a hub that spreads traffic from one connected device to all other, the switch transmits data only directly to the recipient. It improves the productivity and safety of the network, eliminating the remaining network segments from the need to process the data that they were not intended.

In this course, there are room switches in each room of buildings - workgroup switches, on each floor there is a floor switch that combines the switches of the working groups of its floors, and the root switch located in the server room on the first floor to which the switches of all floors are connected.

Switching equipment (switches, routers) was selected from the Cisco manufacturer. According to Dell "ORO GROUP Cisco has a 60% of the world network equipment market, that is, more than all other competitors. This manufacturer has the widest line on all network solutions, a wide range of technologies, protocols, ideologies, as standard, so And its own, allowing to expand network capabilities, the widest possible trouble finding faults built into almost all Cisco devices.

According to the optimal ratio of price, performance and functionality, the following models related to the Cisco 300 series developed specifically for small businesses were selected. The ruler includes a number of low-cost control switches providing a powerful basis for maintaining a corporate network.

Features of the 300 Cisco Switch Switch

provide high availability and performance required for major business applications, while at the same time reducing the possible idle time.

allowed to monitor network traffic using modern functions such as service quality analysis, static third-level routing, IPv6 protocol support.

have understandable tools with a web interface; The possibility of mass deployment; Similar functions in all models.

allow optimize energy consumption, while not affecting performance.

3.1.1 Working Group Switches

According to the task of the course work in a 4-storey building in three rooms on each floor there is 35 computers, and in two 5-storey buildings in one room on each floor - 31 computers, to connect the switch SG300-52, having 48 ports (Fig. 3.1).

Figure 3.1 - SG300-52 Working Group Switch

Switch SG300-52 (price: 7522 UAH.), Cisco manufacturer firms, equipped with 48 10/100/1000 MBs for Ethernet networks with automatic speed consignment for RJ45 ports, which facilitates the installation of the device.

This switch provides good performance and allows you to improve the characteristics of the working group and network bandwidth and the main node, ensuring the simplicity and flexibility of the installation and settings. Due to the compact size of the housing, the device is ideal for placing on a limited space of the desktop; Also, the device can be mounted in the rack. Dynamic Lights Displays the state of the switch in real time and allow you to carry out the basic diagnostics of the device.

The main technical characteristics of the switch SG300-52 are installed in Table 3.1.

Table 3.1 - SG300-52 switch technical specifications

	Controlled switch
Interface	4 x SFP (MINI-GBIC), 48 x Gigabit Ethernet (10/100/1000 Mbps)
	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, SNMP 2C, HTTP, HTTPS, TFTP, SSH,
Routing protocol	Static IPv4 Routing, 32 Routes
Table MAC addresses	16000 records
	128 MB (RAM), Flash Memory - 16 mV
Encryption algorithm
Additional features	Up to 32 static routes and up to 32 IP interfaces Broadcast DHCP at level 3 Broadcast User Datagram Protocol (UDP) The SmartPorts feature simplifies the configuration and security management Built-in configuration utility, access via the web interface (HTTP / HTTPS) Dual Stack of IPv6 and IPv4 protocol update software
Supported standards	IEEE 802.3 10Base-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab 1000Base-T Gigabit Ethernet, IEEE 802.3ad LACP, IEEE 802.3z Gigabit Ethernet, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP, and GVRP), IEEE 802.1q / p VLAN, IEEE 802.1W RSTP, IEEE 802.1S Multiple Stp, IEEE 802.1x Port Access Authentication, IEEE 802.3af, Ieee
	Internal power supply. 120-130 V AC, 50/60 Hz, 53 W.
Terms of OCP. Environments	Operating temperature: 0 ° C ~ 40 ° C
Sizes (SHHDHV)	440 * 260 * 44 mm

For two 5-storey buildings, which in the remaining rooms on each floor are 18 and 25 computers, respectively, are selected for connecting 18 computers - switch to 24 ports - SF300-24P (price: 4042 UAH), and for connection 25 Computers are two switches, each on 16 ports - SG300-20 (price: 3023 UAH.), which are presented with Naris. 3.2. The remaining ports are on the reserve.

Figure 3.2 - SF300-24P Working Group Switch (A) and SG300-20 (B)

The SF300-24P model is a 24-port controlled switcher for networks. These switches provide all the necessary features for the work of critical business applications, protect confidential information and optimize bandwidth to more efficient data transmission on the network. Support Plug-and-Play and automatic speed matching allows the switch to automatically determine the type of device connected (for example, an Ethernet network adapter) and choose the most appropriate speed. LED LED LED LEDs are used to control the connection of the cable and standard diagnostics. Switch can be installed on the table or mount in the rack.

The SG300-20 switch is designed for small working groups and is equipped with 18 Ethernet ports 10/100 / 1000base-Tx and 2 mini-GBIC. The switch data functionality is similar to the SF300-24P switch functionality, since they both belong to the same Cisco 300 series.

The main technical characteristics of the SF300-24P switch are presented in Table 3.2, and the SG300-20 switch is Table. 3.3.

Table 3.2 - SF300-24P Switch Specifications

	Controlled switch
Interfaces	24 Ethernet port 10Base-T / 100Base-TX - RJ-45 connector, POE support; Console control port - 9 PIN D-Sub (DB-9); 4 Ethernet port 10Base-T / 100Base-TX / 1000BASE-T - RJ-45 connector, 2 port for SFP (Mini-GBIC) modules.
Remote Administration Protocol
Routing protocol	Static IPv4 Routing
Table MAC addresses	16000 records
	128 MB (RAM), Flash Memory - 16 mV
Encryption algorithm
Control	SNMP versions 1, 2C and 3 built-in RMON software agent to control, observation and traffic analysis double stack of IPv6 and IPv4 protocols update software Mirroring DHCP ports (options 66, 67, 82, 129 and 150) The SmartPorts feature simplifies the configuration and security management cloud Services other management functions: traceroute; management through a single IP address; Http / https; SSH; RADIUS; DHCP client; Bootp; SNTP; Xmodem update; cable diagnostics; ping; system log; Telnet client (SSH support)
Supported standards	IEEE 802.3 10Base-T Ethernet IEEE 802.3U 100BASE-TX Fast Ethernet IEEE 802.3AB 1000Base-T Gigabit Ethernet IEEE 802.3ad LACP IEEE 802.3z Gigabit Ethernet IEEE 802.3x Flow Control IEEE 802.1D (STP, GARP, AND GVRP) IEEE 802.1q / P VLAN IEEE 802.1W RSTP IEEE 802.1s Multiple Stp IEEE 802.1x Port Access Authentication IEEE 802.3AF IEEE 802.3AT
Performance	Unlocked switching at speeds up to 9.52 million packages / s (packet size 64 byte) Switching matrix: up to 12.8 Gb / samples of batch buffer: 4 MB
Availability	Automatic power off on the RJ-45 ports Gigabit Ethernet in the absence of a connection, re-inclusion when resuming activity

Table 3.3 - SF300-20 switch technical specifications

	Controlled switch
Interfaces	18 Ethernet 10Base-T / 100Base-TX ports - RJ-45 connector, 2 ports for SFP (Mini-GBIC) modules.
Remote Administration Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, SNMP 2C, HTTP, HTTPS, TFTP, SSH,
Routing protocol	Static IPv4 Routing
Table MAC addresses	16000 records
	128 MB (RAM), Flash memory - 16 mV, buffer volume - 1 mV
Encryption algorithm	802.1X RADIUS, HTTPS, MD5, SSH, SSH-2, SSL / TLS
Management protocols	IgMPV1 / 2/3, SNMPV1 / 2C / 3
Supported standards	IEEE 802.1ab, IEEE 802.1d, IEEE 802.1p, IEEE 802.1q, IEEE 802.1S, IEEE 802.1W, IEEE 802.1x, IEEE 802.3, IEEE 802.3ab, IEEE 802.3ad, IEEE 802.3at, IEEE 802.3u, IEEE 802.3x , IEEE 802.3z.
Supported network protocols	IPv4 / IPv6, HTTP, SNTP, TFTP, DNS, BOOTP, BONJOUR
Functional	Plot management support Mirror reflection of the port Channel Union Support Jumbo Frames. Monitoring "broadcast storm" Speed \u200b\u200blimit DHCP client SPANNING TREE protocol and others.
	Internal power supply. 120-130 V AC, 50/60 Hz, 53 W.
Terms of OCP. Environments	Operating temperature: 0 ° C ~ 40 ° C

3.1.2 Floor switches

Floor switches are used to connect switches of working groups, which is selected SRW208G-K9 switch (price: 1483 UAH), which has 8 ports (Fig. 3.3).

Figure 3.3 - Floor Switch SRW208G-K9

The SRW208G-K9 switch is equipped with 8 RJ45 ports for Fast Ethernet, 1 Gigabit Ethernet port and two SFP ports (mini-GBIC) that operate in automatic setup mode and speed definition.

Cisco Catalyst 2960 is a series of new Ethernet intelligent switches with a fixed configuration. They provide a need for data transmission with a speed of 100 Mbps and 1 Gb / s, allow you to use LAN services, for example, for data networks built in corporate branches. The Catalyst 2960 family allows you to ensure high data security due to the built-in NAC, support for QoS and high system stability.

Key Features:

High security, enhanced access control lists (ACL);

Organization of network control and canal width optimization using QoS, differentiated speed limit and ACL.

To ensure the security of the network, switches use a wide range of user authentication methods, data encryption technologies, and to organize access to resources based on the user ID, port and MAC addresses.

Switches are easy to manage and configure

Awlifting feature is available via Smart ports for some specialized applications.

The main technical characteristics of this switch, the manufacturer of Cisco, coincide with the characteristics presented in Table. 3.2. For a switcher of the same company.

3.1.3 Root switches

The root switches are used to connect the floor switches, which in each building a switch was selected - SG300-20, having 16 ports. This switch was also selected as a working group switch, its description is represented in clause 3.1.1.

3.2 Choosing routers

Router (router) is a device that has a minimum of two network interfaces and forwarding data packets between different network segments that make up the shipment solutions based on the network topology information and certain rules specified by the administrator.

Routers help reduce network load, thanks to its separation on the domains of collisions or broadcast domains, as well as by filtering packets. They are mainly used to combine networks of different types, often incompatible by architecture and protocols. Often the router is used to provide access from the local network to the Internet, using address transmission and firewall.

To connect buildings to one network, the router is used, which was selected by Cisco 7507 series 7500 (price: 121360 UAH.), Having the ability to connect the FDDI module (Fig. 3.4).

Figure 3.4 - Cisco 7507 Router

This router was chosen based on the possibility of connecting the FDDI module, the optimal price from the entire line of this series and the fact that the Cisco 7500 modular routers are the most powerful routers of Cisco. They satisfy the highest requirements for modern data networks. The flexible modular architecture of the routers of this series allows them to be used in large network nodes by selecting optimal solutions.

The Cisco 7500 series consists of three models. Cisco 7505 has one routing and switching processor (RSP1 \u003d ROUTE / SWITCH PROCESSOR), one power supply and four slots for interface processors (only 5 slots). Cisco 7507 and Cisco 7513 with seven and thirteen slots, respectively, provide greater bandwidth and can be equipped with two RSP2 or PSP4 and a backup power source. In combination with a new, dubbed cybus bus, Cisco 7507/7513 routers have unsurpassed capabilities in terms of performance and reliability. This is achieved thanks to a new, distributed multiprocessor architecture, which includes three elements:

Integrated routing and switching processor (RSP);

New Multipurpose (Versatile) Interface Processor (VIP);

New high-speed Cisco Cybus bus.

In the two RSP configuration (integrated routing and switching processor), Cisco 7500 distributes the functions between the main and auxiliary RSP, increasing the performance of the system, and in case of refusal of one of the processors, the other takes on all the functions.

The Cisco 7507 router is a modular router, designed to build large networks and works with almost all technology and global networks and with all major network protocols.

The Cisco 7507 series supports a very wide range of connections, including: Ethernet, Token Ring, FDDI, Serial, HSSI, ATM, CHANNELIZED T1, Fractionalized E1 (G.703 / G.704), ISDN PRI, Channel Interface for IBM Mainframes.

Network interfaces are located on modular processors that provide a direct connection between the high-speed Cisco Extended Bus (CXBUS) and the external network. Seven connectors are available for interface processors in the Cisco 7507 model. The possibility of "hot" replacement allows you to add, replace or delete CXBUS processor modules without interrupting the network. Standard Flash memory is used to store information. All models come with a set for mounting in the standard 19 "Rack.

There are such interface communication modules:

Ethernet Intelligent Link Interface - 2/4 Ethernet port with the possibility of high-speed filtering (29000 p / s), support for the Transparent Bridging and Spanning Tree algorithms, configuring using the Optivity system;

Token Ring Intelligent Link Interface - 2/4 of the port of Token Ring 4/16 MB / s;

FDDI Intelligent Link Interface - 2 ports that support two SAS connections or one DAS connection, filtering at speeds up to 500,000 p / s;

ATM Intelligent Link Interface.

3.3 Cable selection

The cable is a design of one or more insulated from each other of the conductors (lived), or optical fibers enclosed in the shell. In addition to actually, the veins and insulation may contain the screen, power elements and other structural elements. The main purpose is the transfer of a high-frequency signal in various fields of technology: for cable television systems, for communication systems, aviation, space technology, computer networks, home appliances, etc. When using switches, the Fast Ethernet protocol can work in a duplex mode in which there is no restrictions on the total length of the network, but remain limitations on the length of the physical segments connecting the adjacent devices (switch-adarter and switch switch).

On the task inside the buildings, Fast Ethernet technology was used with a 100Base-TX specification, as a link - unshielded twisted pair (UTP) 5 categories.

Between buildings - FDDI technology, used as a link

optical cable for outdoor gasket.

UTP cable for internal gasket, 2 pairs, category 5, used in the subscription wiring when accessing data network services. A manufacturer's cable NEOMAX - NM10000 (Fig. 3.4) was selected for the gasket due to high strength and long service life, its characteristics are presented in Table 3.4.

Figure 3.4 - UTP, 2 pairs, cat. 5e: 1 - outer shell; 2 - twisted pair

Table 3.4 - the main characteristics of the UTP cable, category 5

Conductor	wire of electrolytic copper
Housing insulation	high density polyethylene
Conductor diameter (veins)	0.51 mm (24 AWG)
Conductor diameter with shell	0.9 ± 0.02 mm
Outer diameter (size) cable
The thickness of the outer shell
Color of twisted pairs:	blue and white / blue, orange-white / orange
Cable bending radius:	4 external cable diameters
Working temperature:	20 ° C - + 75 ° C

3.4 Wireless Equipment Selection

A radio channel is used to access the Internet of each of the buildings. As an antenna on the BPS selected the directional antenna Maximus Sector 515812-V (Fig. 3.5, a), and on buildings, a WiFi-access point TP-Link TL-WA7510N is selected as an external access point (Fig. 3.5, b). This equipment was chosen by the optimal ratio of price and functionality.

A frequency range of 5GHz was chosen as a range of work, as the 2.4 GHz range is more saturated (loaded) due to the ubiquitous distribution of wireless networks. At this frequency, work: the old standard 802.11b, recently gone 802.11g and 802.11n. Regardless of whether you use 802.11b, 802.11g or 802.11n - you transmit data on the same channel. Another disadvantage of 2.4 GHz is the presence of "side noise" in the wireless channel, which worsen the channel's passability, since it shares the spectrum with many other unlicensed devices - microwave furnaces, mini monitors, wireless phones, etc. Also the number of radio channels used in the range 2.4 GHz is limited. The range of 5 GHz is less saturated and has more channels used due to a slightly shorter zone of action.

Figure 3.5 - Wireless equipment: a) antenna; b) access point

Model TL-WA7510N (price: 529 UAH) is an outdoor wireless device of a long-range operation, operating in the frequency range of 5 GHz and transfers data over a wireless connection at a speed of up to 150 Mbps. The device has an antenna with double polarization and a gain of 15 dBi, which is a key element for building Wi-Fi compounds to large distances. It is designed to transmit a signal with angle of radiation 60 degrees horizontally and 14 degrees vertically, increasing the power of the signal due to the radiation concentration in the specified direction.

Thanks to the All-weather corpus and temperature stability of the internal hardware, the access point can function in various natural conditions, in solar or rainy weather, with strong wind or in snowfall. Built-in protection against static electricity discharges up to 15 kV and lightning protection up to 4000 V can prevent voltage jumps in a thunderstorm, which ensures the stability of the device. In addition, the device has a ground terminal for a more professional protection level for some experienced users.

The device can work not only in the access point mode. The TL-WA7510N model also supports the operating modes of the access point client, the access point, the access point, the bridge, repeater, and the client, which allows you to significantly expand the device to apply the device, to provide users as a multifunctional product as possible.

Thanks to the power of the PoE injector, the outdoor access point can use an Ethernet cable for simultaneous data transmission and electricity where the access point is not to 60 meters. The presence of this function increases the possible accommodation options for accessing the access point, allowing you to arrange the access point in the most suitable place to get better signal quality.

The main characteristics of TL-WA7510N are presented in Table. 3.5.

Table 3.5 - Characteristics TL-WA7510N

Interface	1 port 10/100 Mbps with RJ45 auto definition (Auto-MDI / MDIX, POE) 1 External Reverse Socket SMA 1 Ground Terminal
Wireless data standards	IEEE 802.11a, IEEE 802.11n
	Directional antenna with double polarization, gain 15 dBi
Sizes (SHHDHV)	250 x 85 x 60,5 mm (9.8 x 3.3 x 2.4 inches)
Ray width antenna	Horizontally: 60 ° vertical: 14 °
	Protection against static electricity 15 kV Protection against lightning strikes up to 4000 V built-in ground terminal
Continuation of table. 3.5
frequency range	5,180-5,240 GHz 5,745-5,825 GHz Note: The frequency depends on the region or country.
Fighter transmission signals	11A: up to 54 Mbps (dynamic) 11N: up to 150 Mbps (dynamic)
Sensitivity (reception)	802.11a 54 Mbit / s: -77 dBm 48 Mbps: -79 dBm 36 Mbit / s: -83 dBm 24 Mbps: -86 dBm 18 Mbps: -91 dBm 12 Mbps: -92 dBm 9 Mbps: -93 dBm 6 Mbps: -94 dBm	802.11n 150 Mbps: -73 dBm 121.5 Mbit / s: -76 dBm 108 Mbps: -77 dBm 81 Mbps: -81 dBm 54 Mbps: -84 dBm 40.5 Mbps : -88 dBm 27 Mbps: -91 dBm 13.5 Mbps: -93 dBm
Modes of work	Router access point Router client access points (client WISP) Access point / Client / Bridge / repeater
Protection of wireless network	Enable / disable SSID; Filter by MAC address 64/128 / 152-bit encryption WEP WPA / WPA2, WPA-PSK / WPA2-PSK (AES / TKIP)
Additional features	POE support for up to 60 meters 4-level LED indicator

The sector antenna Maximus Sector 515812-B (price: 991 UAH.) Vertical polarization is made in an antenna casing from UV-resistant plastic with a cast aluminum bracket. High-quality materials allow the antenna in hard weather conditions. It can be used for basic stations of small, medium and large sizes. The antenna gives a strong and stable signal on medium and large distances. The main characteristics are presented in Table. 3.6.

Table 3.6 - Specifications Maximus Sector 515812-in

The big problem with which I encounter when working with networks of enterprises is the lack of clear and understandable logic network schemes. In most cases, I come across situations when the customer cannot provide nic logic circuits or charts. Network charts (hereinafter L3-schemes) are extremely important in solving problems, or planning changes in the enterprise network. Logical schemes in many cases are more valuable than the schemes of physical compounds. Sometimes I encounter "logical-physically-hybrid" schemes that are practically useless. If you do not know the logical topology of your network, you are blind. As a rule, the ability to depict the logical network scheme is not a common skill. It is for this reason that I write this article about creating clear and understandable logic network schemes.

What information should be presented on L3-schemes?

In order to create a network scheme, you must have an accurate idea of what The information must be present and what exactly are Schemes. Otherwise, you will mix the information and eventually it turns out another useless "hybrid" scheme. Good L3 schemes contain the following information:

• subnet
  • VLAN ID (all)
  • vLAN names "s
  • network addresses and masks (prefixes)
• L3 devices
  • routers, firewalls (hereinafter ITU) and VPN gateways (at a minimum)
  • most significant servers (for example, DNS, etc.)
  • iP addresses of these servers
  • logical interfaces
• routing protocols information

What information should not be on L3 schemes?

The information listed below should not be on network circuits, because It refers to other levels [OSI model, approx. per.] and, accordingly, should be reflected on other schemes:

• all information L2 and L1 (generally)
• L2 switches (only control interface can be presented)
• physical connections between devices

Used designations

As a rule, logic symbols are used on logic circuits. Most of them do not require explanations, but because I have already seen the errors of their use, I will allow myself to stop and bring some examples:

What information is necessary to create an L3 schema?

In order to create a logic network scheme, you will need the following information:

• Scheme L2 (or L1) - Presentation of physical connections between L3 devices and switches
• Configurations of L3 devices
• Configuration devices L2. - Text files or access to GUI, etc.

Example

In this example, we will use a simple network. It will present Switches Cisco and ITU Juniper Netscreen. We are provided with the L2 scheme, as well as configuration files of most devices represented. ISP borderline routers configuration files are not provided, because In real life, ISP does not transmit such information. Below is the L2-topology of the network:

And here the device configuration files are presented. Only necessary information left:

aSW1.

!
VLAN 210.
Name Servers1
!
VLAN 220.
Name Servers2.
!
VLAN 230.
Name Servers3.
!
VLAN 240.
Name Servers4.
!
VLAN 250.
Name In-Mgmt
!
Switchport Mode Trunk.
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 250.
IP Address 192.168.10.11 255.255.255.128
!

aSW2.

!
VLAN 210.
Name Servers1
!
VLAN 220.
Name Servers2.
!
VLAN 230.
Name Servers3.
!
VLAN 240.
Name Servers4.
!
VLAN 250.
Name In-Mgmt
!
Interface Gigabitethernet0 / 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet0 / 2
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 250.
IP Address 192.168.10.12 255.255.255.128
!
IP Default-Gateway 192.168.10.1

aSW3.

!
VLAN 210.
Name Servers1
!
VLAN 220.
Name Servers2.
!
VLAN 230.
Name Servers3.
!
VLAN 240.
Name Servers4.
!
VLAN 250.
Name In-Mgmt
!
Interface Gigabitethernet0 / 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet0 / 2
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 250.
IP address 192.168.10.13 255.255.255.1288
!
IP Default-Gateway 192.168.10.1

cSW1

!
VLAN 200.
Name In-Transit
!
VLAN 210.
Name Servers1
!
VLAN 220.
Name Servers2.
!
VLAN 230.
Name Servers3.
!
VLAN 240.
Name Servers4.
!
VLAN 250.
Name In-Mgmt
!
Interface Gigabitethernet0 / 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet0 / 2
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface Port-Channel 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 200.
IP Address 10.0.0.29 255.255.255.240
STANDBY 1 IP 10.0.0.28
!
Interface VLAN 210.
IP Address 192.168.0.2 255.255.255.128
STANDBY 2 IP 192.168.0.1
!
Interface VLAN 220.
IP Address 192.168.0.130 255.255.255.128
STANDBY 3 IP 192.168.0.129
!
Interface VLAN 230.
IP Address 192.168.1.2 255.255.255.1288
STANDBY 4 IP 192.168.1.1
!
Interface VLAN 240.
IP Address 192.168.1.130 255.255.255.128
STANDBY 5 IP 192.168.1.129
!
Interface VLAN 250.
IP Address 192.168.10.2 255.255.255.128
STANDBY 6 IP 192.168.10.1
!

cSW2.

!
VLAN 200.
Name In-Transit
!
VLAN 210.
Name Servers1
!
VLAN 220.
Name Servers2.
!
VLAN 230.
Name Servers3.
!
VLAN 240.
Name Servers4.
!
VLAN 250.
Name In-Mgmt
!
Interface Gigabitethernet0 / 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet0 / 2
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Interface Gigabitethernet0/3
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Interface GigabitetherNet0 / 4
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet0 / 5
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet0 / 6
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface Port-Channel 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 200.
IP Address 10.0.0.30 255.255.255.240
STANDBY 1 IP 10.0.0.28
!
Interface VLAN 210.
IP Address 192.168.0.3 255.255.255.128
STANDBY 2 IP 192.168.0.1
!
Interface VLAN 220.
IP Address 192.168.0.131 255.255.255.128
STANDBY 3 IP 192.168.0.129
!
Interface VLAN 230.
IP Address 192.168.1.3 255.255.255.128
STANDBY 4 IP 192.168.1.1
!
Interface VLAN 240.
IP Address 192.168.1.131 255.255.255.128
STANDBY 5 IP 192.168.1.129
!
Interface VLAN 250.
IP Address 192.168.10.3 255.255.255.128
STANDBY 6 IP 192.168.10.1
!
IP ROUTE 0.0.0.0 0.0.0.0 10.0.0.17

fW1

Set Interface Ethernet0 / 1 Manage-IP 10.0.0.2

Set Interface Ethernet0 / 2 Manage-IP 10.0.0.18

fW2.

set Interface Ethernet0 / 1 Zone Untrust
Set Interface Ethernet0 / 1.101 TAG 101 ZONE DMZ
Set Interface Ethernet0 / 1.102 Tag 102 Zone Mgmt
Set Interface Ethernet0 / 2 Zone Trust
Set Interface Ethernet0 / 1 IP 10.0.0.1/28
Set Interface Ethernet0 / 1 Manage-IP 10.0.0.3
Set Interface Ethernet0 / 1.101 IP 10.0.0.33/28
Set Interface Ethernet0 / 1.102 IP 10.0.0.49/28
Set Interface Ethernet0 / 2 IP 10.0.0.17/28
Set Interface Ethernet0 / 2 MANAGE-IP 10.0.0.19
SET VROUTER TRUST-VR ROUTE 0.0.0.0/0 Interface Ethernet0 / 1 Gateway 10.0.0.12

outsw1.

!
VLAN 100.
Name Outside
!
VLAN 101.
Name Dmz.
!
VLAN 102.
Name Mgmt.
!
Description to-inet-RTR1
Switchport Mode Access.
Switchport Access VLAN 100
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Interface Port-Channel 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 102.
IP Address 10.0.0.50 255.255.255.240
!

outsw2.

!
VLAN 100.
Name Outside
!
VLAN 101.
Name Dmz.
!
VLAN 102.
Name Mgmt.
!
Interface GigabitetherNet1 / 0
Description to-inet-RTR2
Switchport Mode Access.
Switchport Access VLAN 100
!
Interface GigabitetherNet1 / 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface GigabitetherNet1 / 3
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Interface GigabitetherNet1 / 4
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
Channel-Group 1 Mode Active
!
Interface Port-Channel 1
Switchport Mode Trunk.
Switchport Trunk Encapsulation Dot1q
!
Interface VLAN 102.
IP Address 10.0.0.51 255.255.255.240
!
IP Default-Gateway 10.0.0.49

Collection of information and its visualization

Okay. Now that we have all the necessary information, you can proceed to visualization.

Display process step by step

1. Collection of information:
   1. To begin with, open the configuration file (in this case ASW1).
   2. Take from there each IP address from interface partitions. In this case, there is only one address ( 192.168.10.11 ) With mask 255.255.255.128 . Interface Name - vLAN250., and the name VLAN 250 - In-mgmt..
   3. Take all static routes from congruence. In this case, there is only one (IP Default-Gateway), and it indicates 192.168.10.1 .
2. Display:
   1. Now let's see the information we have collected. First, draw the device ASW1.. ASW1 is a switch, so use the switch symbol.
   2. Draw a subnet (tube). Appoint her name In-mgmt., VLAN-ID 250 and address 192.168.10.0/25 .
   3. Connect ASW1 and subnet.
   4. We insert the text field between the ASW1 and subnet characters. Display in it the name of the logical interface and the IP address. In this case, the name of the interface will be vLAN250., and the latest IP address octet - .11 (This is a common practice - to display only the last octet of the IP address, because the IP address of the network is already present in the diagram).
   5. Also on the IN-MGMT network there is another device. Or, at least, must be. We are still unknown the name of this device, but its IP address 192.168.10.1 . We learned this because ASW1 indicates this address as a default gateway. Therefore, let's see this device in the diagram and give him the temporary name "??". Also add its address to the scheme - .1 (By the way, I always allocate inaccurate / unknown information in red so that looking at the scheme could be immediately understood that it requires clarification).

At this stage, we get a scheme similar to this:

Repeat this process step by step for each network device. Collect all the information related to the IP, and display on the same scheme: each IP address, each interface and each static route. In the process, your scheme will become very accurate. Make sure the devices that are mentioned, but are still unknown, displayed in the diagram. Just as we did earlier with the address. 192.168.10.1 . As soon as you do all of the above-known network devices, you can start creating unknown information. You can use Mac and ARP table for this table (I wonder if it is worth writing the next post, telling detail about this stage?).

Ultimately, we will have a scheme like this:

Conclusion

Draw a logic network scheme can be very simple if you have relevant knowledge. This is a long process performed by hand, but this is not a magic. As soon as you have an L3-scheme of the network, it is easy to maintain it up to date. The benefits obtained are made of effort:

• you can plan changes quickly and accurately;
• solving problems occupies a much less time than before. Imagine that someone needs to solve the problem of the unavailability of the service for 192.168.0.200 before 192.168.1.200. After viewing the L3 scheme, it is safe to say that ITU is not the cause of this problem.
• You can easily comply with the correctness of ITU rules. I saw the situation when ITU contained the rules for traffic that would never have passed through this ITU. This example shows that the logical topology of the network is unknown.
• Usually as soon as the L3 scheme of the network is created, you will immediately notice which parts of the network do not have redundancy, etc. In other words, the L3 topology (as well as redundancy) is as important as redundancy at the physical level.

Introduction

The object of passage of pre-diploma practice is the educational institution of MBOU SOSH D.N. D.N. Village.

The purpose of the pre-diploma practice is to create an information system (IC) of the school.

The information system is a local computing network for school. Its main purpose is the connection of school computers among themselves to a local network with subsequent Internet access.

The local network will be created to share the peripheral equipment, information resources. Internet access is necessary for school communication with other organizations (for example, Goruo), as well as to access schoolchildren and teachers to the information resources of the Internet. In addition to solving basic IP design issues, electronic passing systems (PEP), a single information system (EIS) and a video surveillance system (SVN) will be implemented in the designed building.

The designed local network (LAN) should meet the most modern requirements for networking networks, ensure reliable centralized storage and protection of data, transfer data at high speed and communicate with other educational institutions. In addition, further network expansion should not be associated with high costs. With the further acquisition of the School of the PEVM, the network should allow simple expansion. It is also necessary to maximize the use of software and hardware.

Purpose: get practical network design skills. Learn to choose network technologies and components and be able to justify your choice. Design the information system of the school.

Design LAN;

Introduce the SEP system, EIS, SVN;

Organize an Internet access;

Ensure the use of peripheral devices;

Pick up the necessary software;

Test IP.

1 Local Computer Scheme

During the design, the "Star" topology will be applied. The hierarchical star consists of the main switch to which the workstations are connected. The topology "Star" has a number of advantages:

- inexpensive cable and fast installation;

- Easy union of working groups;

- Simple network expansion.

The advantage of such a topology is also the possibility of a simple exclusion of a faulty node. Star Topology Provides protection against cable break. If the workstation cable is damaged, it will not lead to the failure of the entire network segment. It also allows you to easily diagnose connection problems, since each workstation has its own cable segment connected to the switch. For diagnostics, it is enough to find a cable break, which leads to a non-working station. The rest of the network continues to work normally.

For school, a client-server architecture is selected. At the same time, I was guided by the following reasons:

- the number of users exceeds ten;

- required centralized resource management or backup;

- a specialized server is needed;

- need access to the global network;

- you need to share resources at the user level;

- Provides a centralized management of user accounts, security and access, which simplifies network administration.

Architecture Client - Server is the concept of an information network, in which the bulk of its resources is concentrated in servers serving their clients. This architecture defines two types of components: servers and clients.

The server is an object that provides service to other network objects on their requests. The service is the process of customer service. The server works on customer assignments and manages the execution of their tasks. After completing each job, the server sends the results to the client, which provided this task.

The process that causes a service function with certain operations is called a client. They may be a program or user.

Clients are workstations that use server resources and provide user-friendly user interfaces.

Networks client - server architecture have the following advantages:

- provide a centralized management of user accounts, security and access, which simplifies network administration;

- allow networks with a large number of workstations;

- ensure efficient access to network resources;

- Provide access to all network resources, based on the user account.

Figure 1 shows the designed scheme of the school.

Figure 1 - Scheme

2 Modeling a local computing network

3 Information System

3.1 System of Electronic Passing (SEP)

Modern school, in addition to the organization of the educational process, should ensure the safety of students at school and promptly inform parents about emerging issues. The EPP was specially created for educational institutions, not only prevents the penetration of outsiders, but also with the help of SMS messages notifies parents about the time of the child's arrival at school and leaving it. Monitoring of passes and late students contributes to improving attendance and, as a result, an increase in the quality of knowledge. Parents' confidence in the child's safety at school and the growth of knowledge quality indicators increase the rating of the educational institution. For the introduction of the SEP, a set of electronic passages was purchased. The kit entered:

IP turnstile;

Basic software;

Remote control;

Contact access cards.

The principle of operation of the SEP is submitted in Table 10.

Table 10 - Operation Principle

Continued Table 10.

Pupils, teachers and educational institutions are issued electronic plastic transmission cards.
Information about students and school staff and credited them cards is entered into the system memory.
To go through the turnstile, you need to bring your card to a special scoreboard on the turnstile.
The information from the card is read automatically, and if the card is registered in the system, the turnstile will open for the passage.

Continued Table 10.

Create a LAN schema using our topology scanning program and drawing schemes in manual or automatic mode!

The program is designed to build networks for Windows. With it, you can scan the network topology and find all connected devices. All discovered computers, switches and routers are placed on the scheme.

If your switches support the SNMP protocol, the program will determine the network topology and draws communication between devices automatically. Trace Route and LLDP protocol are also supported.

You can refine the network topology scheme using built-in editing tools., Take the connection, put inscriptions, draw areas, pour them with different colors and textures. The program contains an extensive library of vector icons of network devices. Then save the scheme to the file, print or export to Microsoft Visio.

The program is included in the Single Register of the Russian on the Ministry of Communications.

Windows XP / VISTA / 7 / 8.1 / 10 is supported; Server 2003/2008/2012/2016/2019. Download a free 30-day version right now and try it!

Examples of using

Advantages of the program

• Automatic construction links between hosts when receiving information about the network topology from managed switches (using SNMP protocol).
• Powerful built-in network scheme editor.
• Support for scanning network structure via LLDP protocol and route tracing.
• Vector network device icons and high quality images of network schemes and printouts.
• Export network schemes in MS Visio.

The program "10-Strike: network scheme" was awarded award in the "BestSoft 2010" competition held by PC Magazine magazine!

Screenshot of the main window of the program of creating network schemes and network topology scanning:

The program can draw a global network scheme using route traces:

When buying a license, you will receive a subscription to free program updates and those. Support for one year.

Download a free 30-day version right now and try it! Windows XP / VISTA / 7 / 8.1 / 10 is supported; Server 2003/2008/2012/2016/2019.