Digital China dormitory access network solution

In the construction of the access layer of the campus network, the network access of the student dormitory area is the most typical, which occupies a large proportion in the construction of the access network of the entire campus network. Let's first analyze the characteristics of the campus dormitory access network.

Concentrated online time and large burst traffic

The access users of the campus network dormitory access network are students and faculty in the school, and the Internet time is mainly concentrated in the evening and holidays, so the network access traffic will soar to peak during this period, and there will be a large period of time Burst traffic. Therefore, high-performance access and aggregation switches need to be used when constructing the campus network dormitory access network, which can reduce access bottlenecks and ensure that there is sufficient bandwidth to meet the needs of access users.

High security control requirements

The main users of the campus network dormitory access network are students in the school. They are full of curiosity and enthusiasm. They deliberately and unintentionally try various network intrusions and attacks in the network environment. This is easy to give the campus network dormitory access network belt Hidden security problems have caused serious consequences such as network paralysis, illegal access, and information leakage. In order to improve the security of the campus network dormitory access network, it is necessary to improve the security control function of the access network equipment to meet the needs of the campus network dormitory access network for user access security control.

Network deployment is scattered, not easy to manage

The campus network dormitory access network is generally scattered, and the network equipment is also mainly installed in the corridor, so these access network equipment should not only provide multiple network connection methods to meet the needs of the connection distance, but also need access Network equipment can work reliably in high-temperature, high-humidity and high-dust environments. In addition, in the case of limited investment, the campus network dormitory access network is not easy to achieve one-stop unified network management, so it is necessary to use network equipment with multiple management methods when networking, which can not only meet the needs of current network management , And also provide other management channels for future expansion management.

According to the characteristics of campus network dormitory access network, China Digital Network Co., Ltd. launched a cost-effective dormitory access solution.

plan 1

As the design of the convergence layer of the campus network, the central wiring room of each dormitory building is equipped with cost-effective DCRS-5526 / DCRS-6512 routing switches, and uses Gigabit technology to connect to the network center of the campus network, while using the routing switch DCRS- The powerful routing function of 5526 / DCRS-6512 enables part of the routing strategy of the campus network to be implemented on the convergence layer, greatly reducing the pressure on the core layer routing switches and improving the overall performance of the network.

In the access network design of the dormitory area, DCS-2026B / DCS-2026 / DCS-2017 network management 10 / 100M Ethernet switch is used, and it is connected to the aggregation layer DCRS-5526 / DCRS-6512 Gigabit intelligent routing switch , To achieve a structured low-cost, high return on investment campus access network solution.

Campus dormitory access network solution 1

Salient features

The outstanding feature of this solution is that the overall performance of the network is good; the aggregation layer of the network has a routing function, which can reduce the routing pressure of the core layer network; the network design is very flexible and can meet the intelligent, safe, and operational requirements of the digital campus network function. For example, in order to meet the needs of student dormitory Internet authentication and billing (802.1X authentication method), or to achieve the end-to-end multicast design requirements to improve network performance, the access equipment can use DCS-2026B multi-function network management switch; on the contrary, it uses a high cost The DCS-2026 / DCS-2017 network management switch reduces the construction investment of the dormitory access network.

Other features

In order to improve the network connection bandwidth, the industry has proposed the concept of port aggregation (802.1ad), which is also widely used in the construction of campus networks. Shenzhou Digital Switch can aggregate multiple ports, and each trunk supports full-duplex mode. Port aggregation can be configured in a single switch to support load balancing within the aggregation channel.

In terms of security control, virtual local area networks (VLANs) are used to control broadcast domain and network segment traffic, improving network performance, security, and manageability. For example, students often like to play online games in the dormitory, and sometimes the network traffic generated by the game seriously impacts the overall performance of the backbone network. As another example, students generally have a strong desire for knowledge and curiosity, and often like to play the role of "hacker" in the network, which poses a great threat to other users of the campus network. Then, the method of dividing the virtual local area network (VLAN) can be used to limit the mutual access between the dormitory information points, thereby improving the overall performance of the network. It is even more worth mentioning that the access switch can use private VLANs to isolate ports from each other without occupying VLAN resources. When using a private VLAN, the ports cannot communicate with each other, and the Internet or community server can only be accessed through the uplink port of the expansion module or other uplink ports. If users want to communicate between ports, they must use Layer 3 switches or routers for routing and forwarding.

Campus network management often has this problem. A mobile user can easily access the Internet by plugging in an Internet cable at any access point on the campus network, which poses a great hidden danger to the security of the network. China Digital Access Switch supports port and MAC address binding, that is, it can be set manually so that each port can only be connected to a specified number of MAC addresses, thereby improving network security.

Another important measure of campus access network security is to use the 802.1X authentication protocol. The 802.1x protocol is a port authentication protocol that focuses on the opening and closing of ports. For legitimate users who access based on account and password, the port opens; and For illegal user access or no user access, the port is closed. The protocol includes 802.1x server mode and 802.1x data forwarding mode. DCS-2026B not only supports 802.1x port authentication, but can also bind to MAC after user authentication. DCS-2026B supports RADIUS (Remote Dial-up Authentication Service). RADIUS supports users' identity authentication through the 802.1X protocol.

Students often implement network applications such as video-on-demand and audio-on-demand in the dormitory, so they need to configure the multicast function in the dormitory access network to improve the overall performance of the network. DCRS-6512 / DCRS-5526 / DCS-2026B supports priority queuing and IP multicast (IGMP), quality of service (QOS) can effectively arrange some multimedia applications, facilitate the implementation of multicast services such as remote teaching, and achieve End multicast application.

According to the description in the previous chapter, students have the characteristics of concentrated online time and large burst traffic. For example, students' online time is concentrated in the rest time. A large amount of network traffic has a serious impact on the campus network. China Digital Access Switch supports powerful flow control functions. In full-duplex mode, the switch's embedded flow control (Flow Control) can prevent user data loss during network transmission. When connecting a LAN adapter that supports flow control, if the network traffic is too large, the switch will send a signal to the computer that the buffer is overloaded, and the computer will postpone the data transmission until the switch can receive the data again. Full-duplex uses IEEE 802.3x flow control protocol. At the same time, these devices provide different access bandwidths for different users of the campus network, reducing the network traffic on the campus backbone network. Digital exchange price of China supports port speed limit function. The switch port can provide 8 different rates for operators and users to choose.

In terms of network management, in order to improve the flexibility of campus access network management, network devices are required to support flexible management methods. The access switch supports Telnet, SNMP and RMON network management protocols, and meets the requirements of standardized network management. The switch can be monitored and managed through the Digital Chinese LinkManager all-Chinese network management system or other third-party network management software. In addition, it can be configured remotely through LinkManager.

Another strategy of Digital China Network Management can use the port mirroring function, which allows you to map the data packets passing through a port to another port to detect the port information.

Scenario 2

Campus Dormitory Access Network Solution 2

The difference between this solution and solution 1 is that the aggregation layer design uses a layer 2 switch. After stacking the layer 2 network-managed switches DCS-3726S / DCS-3628S, it is connected to the network center by gigabit. It is connected to the aggregation layer switch DCS-3726S / DCS-3628S. It is not convenient for wiring in the building or the floor far away from the aggregation layer wiring room. DCS-2026B / DCS-2026 / DCS-2017 network management switch can be used in the corresponding floor , And then connect with the aggregation layer switch to achieve a high-performance flexible and cost-effective dormitory network access solution.

Salient features

The feature of this solution is that the access network of the dormitory area is implemented by stacking. The characteristics of the stacking method determine the better performance of the access network, which solves the bandwidth limitation caused by the cascading of switches at all levels; the solution is also very good It embodies the characteristics of flexible design. According to the user's network requirements, the DCS-2026B network management switch with stronger functions or the DCS-2026 / DCS-2017 network management switch with less investment can be used at the access layer.

Other features

Same as "Other characteristics" of Option 1.

Scheme 3

Campus dormitory access network solution 3

Salient features

The design idea of ​​this solution is similar to that of solution 2. At the aggregation layer, China Digital DCS-3000 series two-layer network management switches are used, and Gigabit is connected to the network center. The floors of each dormitory building are DCS-2026B or DCS-2026 according to needs. / DCS-