How to design a small company network with more than 200 people

[[421158]]

Project Requirements

XX small company has about 200 people . Due to the company's business needs, it needs to build a network that specifically needs to meet the following requirements:

1. It can support the company staff to access the internet via wired connection and can support WIFI access for external guests;

2. The network topology is simple, which is convenient for maintenance personnel to manage;

3. The network has a certain degree of security.

Overall design idea

This article focuses on how to design a small network. It does not provide specific details. It mainly lets everyone know what we need to consider when designing a small network. (For reference only)

1. Networking solution design:

Network solution design mainly includes two aspects: physical network topology design and equipment selection ;

When designing the physical network topology , we consider that it is a small network and the cost factor, so the network topology should be as simple as possible.

When selecting equipment, just choose network equipment that meets your business needs to avoid wasting budget.

1. Physical network topology design:

(1) Physical network topology: A simple three-layer architecture is adopted, namely access-aggregation-core;

(2) Equipment naming: Based on the principle of easy memory and management, you can use the equipment room location + equipment cabinet location + equipment model + equipment role + management IP for naming; for example: BJ-RACKA44U-S3700-ACC01-192.168.1.1.

(3) Port planning : Port planning needs to take into account business bandwidth requirements, and an appropriate convergence ratio can be designed based on business requirements.

2. Equipment selection:

(1) Access layer: The access switch uses S3700 to provide 100M network access for employee PCs, printers and other terminals.

(2) Aggregation layer: Use S5700 devices as the gateway of the Layer 2 network.

(3) Core & egress : Use AR2240 equipment as the egress of the entire campus network.

2. Network design:

1. VLAN planning and design:

(1) VLAN planning principles:

a. VLANs are recommended to be allocated continuously to ensure the rational use of VLAN resources;

b. The most commonly used VLAN division method is port-based division;

c. VLAN can be divided into management VLAN , business VLAN and interconnection interface VLAN according to its purpose.

(2) This VLAN planning (for reference only):

2. IP address planning and design:

(1) IP address planning principles:

a. IP address planning suggestions: Continuous allocation to ensure the rational use of IP resources;

b. IP addresses can be divided into management IP segment, business IP segment and Internet IP segment according to their usage.

(2) This IP address planning (for reference only):

3. Routing design:

(1) Since the network architecture is relatively simple, the service gateway is on the aggregation switch, and the interconnection between the aggregation and core can be achieved through static routing ;

(2) The core network can point to the Internet through the default route .

3. Reliability design:

1. Link aggregation:

Port-level reliability can achieve link-level reliability through link aggregation;

In this networking, two links can be used for aggregation between the aggregation and core to enhance reliability.

2. Stacking:

Device-level reliability can be achieved through stacking, which is not involved in this networking.

3. STP anti-loop:

Enable the STP function on the Layer 2 network (aggregation-access) to avoid loops caused by incorrect wiring.

4. Export network design:

Egress NAT design: NAT can be used on the egress device to control internal network access to the Internet.

5. Safety design:

Traffic-policy, traffic-filter and other technologies can be used to isolate the internal and external networks and achieve secure access.