Anhui Tongling VPN Education Network Case

There are dozens of primary and secondary schools in Tongling, Anhui, and each school ’s campus network has a certain foundation, but there is no interconnection between the schools and they cannot share resources; at the same time, there is no Internet access, and some schools have passed proxy servers Internet access, Internet access performance is very poor, and unstable, these problems need to be resolved urgently. At present, the metropolitan area network has been successfully constructed. If you apply for a 10M Ethernet fiber in the metro area network, the cost of user input is not high, so it is a good opportunity for schools. The school's networking requirements are as follows:

Each school has applied for a 10M fiber line

To achieve mutual access between all schools and the education committee

Schools need to access the Internet

Some schools have WWW servers that need to be published

To ensure safety

The router needs to support VLAN to ensure that all departments of the school can access the Internet

The network is scalable and does not exclude the possibility of using voice (VoIP) in the future

Second, the program overview

Network construction principles

1. Ease of use: For users, it is very easy to use, does not bring great learning challenges, and is easy to maintain.

2. Security: Due to the particularity of the tax system, absolute security is required

3. Standardity and compatibility: The equipment complies with various standards and has good compatibility with equipment of other manufacturers. If other equipment enters the network in the future, there will be no unusable situation.

4. Scalability: easy to expand new applications and needs

5. Upgradability: If the system upgrade is required, it can be upgraded smoothly at low cost

6. Stability: must ensure the stability of the system operation

7. Comprehensiveness: Provide comprehensive solutions

Network construction ideas

Several education committees and all primary and secondary schools have applied for 10M or 100M Ethernet fiber. The DCE-3660 router is used in the education committee, and the fast Ethernet module MR-NM-1FE-TX is configured. All the schools below use DCR- The 1720 router is configured with the Ethernet interface card MR-WIC-1ETH. DCR-3660 reserves 4 network slots and DCR-1720 reserves 1 interface card slot. It is easy to upgrade and expand in the future if you need to expand or have new applications.

Because you need to access the Internet, you need to use the NAT address translation function, and the WWW server needs to use static address translation; for the interconnection between the schools and the education committee, use the VPN function, it is recommended to use IPSec, which is the IP security standard It supports many protocols and many algorithms. Digital China's routers currently support IPSec, GRE, and L2TP protocols, and are very compatible with CISCO equipment.

For security considerations, you can use the firewall function of the router. If you need higher security, you can equip a dedicated firewall device.

If the school has many departments, or VLANs are divided in the original network, they all need to access the Internet through a router. At this time, the China Digital Router supports the 802.1q protocol to ensure that all networks can access the Internet.

Considering that there may be voice (VoIP) requirements in the future, this requires routing equipment to support the VoIP function and reserve slots for configuring voice modules. The DCR-1700 / 2600/2800/3600 series routers using Digital China can fully realize the voice function. In this solution, the demand for the expansion of the voice function is also considered.

plan description

The above digital China network equipment interconnection scheme fulfills all the needs of users, and in accordance with the principles of this scheme construction, an economical tailor-made scheme is realized for users. Has good scalability and scalability.

3. Features

1. High security

Digital China's DCR-1700 / 2600/2800/3600 series modular routers have extremely high security, can implement powerful VPN (virtual private network) functions, can implement private network applications in public networks, and support IPSec VPN with GRE and other methods, and supports hardware encryption. The services provided are: encryption, authentication and data integrity protection, anti-replay, and can resist denial of service attacks. Support IPSec, IKE, DES, 3DES, MD5, SHA, AH, ESP, IKE, ISAKMP, Oakley, Skeme, Diffie-Hellman and other algorithms and standards;

Have the function of firewall, use packet filtering mechanism to realize the security control of firewall through access list, support standard and extended access control list function, and can perform security control according to address, protocol, port, service and time period;

Supporting address translation (NAT) function, on the one hand, it solves the problem of limiting the number of legal addresses, and on the other hand, it achieves a certain degree of security, helping users hide the internal topology.

Support 802.1q VLAN, can control the mutual access between VLANs.

Support AAA authentication function, can do router local authentication and Radius and Tacacs authentication.

Support SNMP network management and Log log function, so that not only can be managed remotely, but also can record various security information.

Sweep, welcome attention

Official WeChat of Educational Equipment Procurement Network

Master the latest and most authoritative information in the education equipment industry

Office Desk

Reception desk,Executive Desk,Hight adjustable Desk,Center table,Meeting Table

Feat Top International(China) CO.,LTD , https://www.nbfeattop.com