Today I will tell you how to organize a network in a small company office. We have reached a certain stage of learning about switches - today we will have the last video that completes the topic of Cisco switches. Of course, we will still be returning to switches, and in the next video tutorial I will show you a roadmap so that everyone understands in which direction we are moving and what part of the course we have already mastered.
Day 18 of our classes will be the beginning of a new topic dedicated to routers, and the next lesson, Day 17, I will devote an overview lecture on the topics covered and talk about plans for further learning. Before we start today's lesson topic, I ask you to remember to share these videos, subscribe to our YouTube channel, visit the Facebook group and the site , where you can read the announcements of the new series of lessons.
So, let's start creating an office network. If we divide this process into parts, the first thing to do is to find out the requirements that this network must satisfy. So before you start building a network for a small office, home network, or any other local network, you need to make a list of requirements for it.
The second thing to do is to design the network, decide how you plan to meet the requirements, and the third thing is to create the physical configuration of the network.
Suppose we are talking about a new office in which there are various departments: the marketing department Marketing, the administrative department Management, the financial department Accounts, the human resource department and the Server room, in which you will be located as an IT support specialist and system administrator . Next is the premises of the sales department Sales.
The requirements for the designed network are that employees of different departments should not be connected to each other. This means that, for example, employees of the sales department, which has 7 computers, can only exchange files and messages over the network with each other. Similarly, two computers in the marketing department can only communicate with each other. The administrative department, which has 1 computer, may expand to several employees in the future. In the same way, the accounting department and the personnel department should have a separate network of their own.
This is the requirement for our network. As I said, the server room is the room where you will sit and from where you will support the entire office network. Since this is a new network, you are free to choose its configuration, how to plan it. Before continuing, I want to show what the server room looks like.
It is up to you, as a network administrator, whether your server room will look like the one shown on the first slide, or the way it is shown on the second.
The difference between these two server rooms depends on how disciplined you are. If you follow the practice of tagging and labeling your network cables, you will be able to keep your office network in order. As you can see, in the second server room, all the cables are in order and each group of cables is provided with a tag indicating where these cables go. For example, one cable goes to the sales department, the other goes to the administration, and so on, that is, everything is identified.
You can make a server room, as shown on the first slide, if you have only 10 computers. You can poke cables in random order and arrange switches somehow without any system in their location. This is not a problem as long as you have a small network. But as more computers are added and the company's network expands, there will come a point where you'll spend most of your time identifying all those cables. You can accidentally cut the cable going to some computer or just not understand which cable is connected to which port.
So the sensible organization of the location of the devices in your server room is in your own interests. The next important thing to talk about is network development - cables, plugs and cable sockets. We talked a lot about switches, but forgot to talk about cables.
CAT5 or CAT6 cable is commonly referred to as unshielded twisted pair or UTP cable. If you remove the protective sheath of such a cable, you will see 8 pairs of twisted wires: green and white-green, orange and white-orange, brown and white-brown, blue and white-blue. Why are they twisted? Electromagnetic interference of electrical signals in two parallel wires creates interference that causes the signal to weaken with increasing wire length. Twisting the wires cancels out the resulting inductive currents, reduces interference and increases the signal transmission distance.
We have 6 categories of network cable - from 1 to 6. As the category increases, the signal transmission distance increases, mainly due to the fact that the degree of pair twisting increases. CAT6 cable has many more turns per unit length than CAT5, so it is much more expensive. Accordingly, category 6 cable provides a higher data transfer rate over a longer distance. Cable categories 5, 5e and 6 are the most common on the market. 5e cable is an advanced category 5 cable used by most companies, but CAT6 is mainly used in modern office networks.
If you strip this cable from the sheath, it will have 4 twisted pairs as shown on the slide. You also have an RJ-45 connector that contains 8 metal pins. You must insert the wires of the cable into the connector and use a crimping tool called a crimper. In order to crimp twisted pair wires, you must know how to properly position them in the connector. For this, the following schemes are used.
There is a direct and cross, or crossover crimp twisted pair. In the first case, you connect wires of the same color to each other, that is, you connect the white-orange wire to 1 pin of the RJ-45 connector, orange to the second, white-green to the third and further, as shown in the diagram.
Usually, if you are connecting 2 different devices, for example, a switch and a hub or a switch and a router, you use a direct crimp. If you want to connect the same devices, for example a switch to another switch, you must use a crossover. In both cases, a wire of the same color is connected to a wire of the same color, you simply change the relative position of the wires and connector pins.
To understand this, think of a telephone. You speak into the phone's microphone and listen to the sound from the speaker. If you are talking to your friend, what you say into the microphone goes to the speaker of his phone, and what your friend says into his microphone, you hear from your speaker.
This is what a crossover connection is. If your microphones are connected to each other and also connected to the speakers, the phones will not work. It's not the best analogy, but I hope you get the point of the crossover: the receiver wire goes to the transmitter wire, and the transmitter wire goes to the receiver.
The scheme for direct connection of various devices works like this: the switch and the router have different ports, and if pins 1 and 2 of the switch are intended for transmission, then pins 1 and 2 of the router are intended for reception. If the devices are the same, then pins 1 and 2 of both the first and second switches are used for transmission, and since the wires for transmission cannot be connected to the same wires, pins 1 and 2 of the transmitter of the first switch are connected to pins 3 and 6 of the second switch, i.e. with the receiver. That's what the crossover is for.
But today these schemes are outdated, instead Auto-MDIX is used - a data transfer interface that depends on the environment. You can find out about it from Google or the Wikipedia article, I don't want to waste time on this. In short, this electrical and mechanical interface allows you to use any cable, for example, a direct connection, and the βsmartβ device will automatically determine what type of cable is used - a transmitter or a receiver, and connect it accordingly.
So, we have considered how to connect cables and now we will move on to the requirements of network design. Let's open Cisco Packet Tracer and see that I've placed our office layout as a base for the top layer of network development. Since different departments have different networks, it is best to organize them from independent switches. I will place one switch in each room, so we have a total of six switches from SW0 to SW5. Then I will place 1 computer for each office worker - 12 in total from PC0 to PC11. After that, I will connect each computer to the switch using a cable. Such a scheme is quite secure, the data of one department is not available to another department, you do not know about the success or failure of another department, and this is the correct office policy. Perhaps someone in the sales department has hacking skills and could break into the computers of the marketing department over a public network and delete information, or employees of different departments simply should not exchange data for business reasons, etc., so separate networks help prevent similar cases.
The problem is this. I will add a cloud at the bottom of the picture - this is the Internet, to which the network administrator's computer in the server room is connected via a switch.
You cannot give each department individual access to the Internet, so you must connect the department switches to the switch in the server room. This is exactly what the requirement for connecting the office Internet sounds like - all individual devices must be connected to a common switch that has access outside the office network.
Here we have a well-known problem: if you leave the network with default settings, then all computers will be able to communicate with each other, because they will be connected to the same native VLAN1. To avoid this, we need to create different VLANs.
We will work with the 192.168.1.0/24 network, which we will divide into several small subnets. Let's start by creating a voice network VLAN10 with an address space of 192.168.1.0/26. You can look at the table in one of the previous video tutorials and tell me how many hosts will be on this network - /26 means 2 borrowed bits that divide the network into 4 parts of 64 addresses, so your subnet will have 62 free IP addresses for hosts. We must create a separate voice network to separate voice from data. This must be done so that an attacker cannot connect to a telephone conversation and use Wireshark to decrypt data transmitted over the same channel as voice communication.
Thus, the VLAN10 network will be used only for IP telephony. The slash 26 means that 62 phones can be connected to this network. Next, we will create a VLAN20 administration network with an address space of 192.168.1.64/27, i.e. the network address range will be 32 with 30 valid host IP addresses. VLAN30 will be given to the Marketing Department, VLAN40 to the Sales Department, VLAN50 to the Finance Department, VLAN60 to the Human Resources Department, and VLAN100 will be the IT Department's network.
Let's label these networks on the office network topology diagram and start with VLAN20 because VLAN10 is reserved for telephony. After that, we can consider that we have developed the design of a new office network.
If you remember, I said that your server room can have a chaotic layout or be carefully planned out. In any case, you need to get documentation - these can be records on paper or on a computer, which will record the structure of your network, describe all subnets, connections, IP addresses and other information necessary for the work of a network administrator. In this case, as the network develops, you will always be in control. This will save you time and trouble when connecting new devices and creating new subnets.
So, after we have created separate subnets for each department, that is, we have made it so that devices can only communicate within their own VLAN, the following question arises. As you remember, the switch in the server room is the central communicator to which all other switches are connected, so it must know about all the networks in the office. However, switch SW0 only needs to know about VLAN30, because there are no other networks in this department. Now imagine that we have expanded the sales department and we will have to transfer part of the employees to the premises of the marketing department. In this case, we will also need to create a VLAN40 network in the marketing department, which will also need to be connected to the SW0 switch.
In one of the previous videos, we discussed what is called interface management, that is, we went into the VLAN1 interface and assigned an IP address. Now we have to configure 2 computers of the management department so that they are connected to the access ports of the switch, which correspond to VLAN30.
Let's take a look at your PC7 computer, from which you, as a network administrator, must remotely manage all the switches on the network. One way to ensure this is to go into the management department and manually configure the SW0 switch to communicate with your computer. However, you must be able to configure this switch remotely, because local configuration is not always possible. But you are on VLAN100 because PC7 is connected to the VLAN100 switch port.
Switch SW0 does not know anything about VLAN100, so we must assign VLAN100 to one of its ports so that PC7 can communicate with it. If you assign the IP address of VLAN30 to interface SW0, only PC0 and PC1 can join it. However, you must be able to manage this switch from your PC7 in VLAN100. Therefore, we need to create an interface for VLAN0 in switch SW100. We must do the same with the rest of the switches - all these devices must have a VLAN100 interface, to which we must assign an IP address from the address range used by PC7. This address is taken from the 192.168.1.224/27 range of the IT VLAN and is assigned to all switch ports to which VLAN100 is assigned.
After that, from the server room, from your computer, you can contact any of the switches using the Telnet protocol and configure them in accordance with the requirements of the network. However, as a network administrator, you also need out-of-band access to these switches. To provide such access, you need a device called Terminal Server, or a terminal server.
According to the logical topology of the network, all these switches are located in different rooms, but physically they can be installed on a common rack in the server room. You can insert a terminal server into the same rack, to which all computers will be connected. Optical cables come out of this server, at one end of which there is a Serial connector, and at the other end there is a regular plug for a CAT5 cable. All of these cables are connected to the console ports of switches installed in the rack. Each optical cable can connect 8 devices. This terminal server must be connected to your PC7. Thus, through Terminal Server you can connect to the console port of any of the switches via an external communication channel.
You may ask why this is necessary if all these devices are located next to you in one server room. This is because your computer can only connect directly to one console port. Therefore, in order to test several switches, you will need to physically disconnect the cable from one device in order to connect to another. When using a terminal server, just press one key on your computer keyboard to connect to the console port of switch #0, to switch to another switch, just press another key, and so on. Thus, you can control any of the switches by simply pressing the keys. Therefore, under normal conditions, you need a terminal server to manage switches when troubleshooting network problems.
So, we are done with the development of network design and now we will look at the basic network settings.
Each device needs to be assigned a hostname, which you must do from the command line. I hope that along with this course, you will gain practical knowledge, so you will know by heart the commands required to assign a hostname, create a welcome banner, set a password for the console, a password for Telnet, and enable the password prompt mode. You must know how to manage the switch's IP address, assign a default gateway, administratively shut down the device, enter deny commands, and save changes made to the switch settings.
If you follow all three steps: determine the requirements for the network, draw a diagram of the future network at least on paper and then go to the settings, you can easily organize your server room.
As I said, we have almost finished studying switches, although we will still return to them, so in the next video tutorials we will move on to routers. This is a very interesting topic, which I will try to cover as fully as possible. We will look at the first video about routers through the lesson, and the next lesson, Day 17, I will dedicate to the results of the work done on studying the CCNA course, tell you what part of the course you have already mastered and how much you still have to study, so that everyone clearly understands what stage of learning he is has reached.
I'm planning on posting practice assignments on our site soon, and if you sign up, you'll be able to take tests similar to the ones you'll have to take for the CCNA Certification Exam.
Thank you for staying with us. Do you like our articles? Want to see more interesting content? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of entry-level servers, which was invented by us for you: (available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper? Only here in the Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $99! Read about
Source: habr.com