Molweni, bahlali abathandekayo kunye neendwendwe ezingaqhelekanga. Kolu luhlu lwamanqaku siza kuthetha ngokwakha inethiwekhi elula yenkampani engafuneki kakhulu kwiziseko zayo ze-IT, kodwa kwangaxeshanye inesidingo sokubonelela abasebenzi bayo ngonxibelelwano oluphezulu lwe-Intanethi, ukufikelela kwifayile ekwabelwana ngayo. izibonelelo, kunye nokubonelela abasebenzi nge-VPN ukufikelela kwindawo yokusebenzela kunye nokudibanisa inkqubo yokucupha ividiyo, enokufikelela kuyo naphi na emhlabeni. Icandelo lamashishini amancinci libonakaliswe ngokukhula ngokukhawuleza kwaye, ngokufanelekileyo, ukucwangciswa kwakhona kwenethiwekhi. Kweli nqaku siza kuqala ngeofisi enye eneendawo zokusebenza ezili-15 kwaye siya kwandisa ngakumbi inethiwekhi. Ngoko ke, ukuba nasiphi na isihloko esinomdla, bhala kwizimvo, siya kuzama ukusisebenzisa kwinqaku. Ndiza kucinga ukuba umfundi uqhelene neziseko zothungelwano lwekhompyuter, kodwa ndiya kubonelela ngamakhonkco kwiWikipedia kuwo onke amagama obugcisa; ukuba kukho into engacacanga, cofa kwaye ulungise le ntsilelo.
Ngoko, masiqale. Nayiphi na inethiwekhi iqala ngokuhlolwa kwendawo kunye nokufumana iimfuno zomthengi, eziza kuthi kamva zenziwe kwiinkcukacha zobugcisa. Ngokuqhelekileyo umthengi ngokwakhe akayiqondi ngokupheleleyo into ayifunayo kwaye yintoni ayifunayo kule nto, ngoko kuyimfuneko ukumkhokela kwinto esinokuyenza, kodwa lo ngumsebenzi ongaphezu kommeli wokuthengisa, sinikezela ngecandelo lobugcisa, ngoko ke siya kucinga ukuba sifumene ezi mfuno zilandelayo:
- Izixhobo zokusebenza ezili-17 zeePC zedesktop
- Ugcino lwediski yenethiwekhi ()
- Inkqubo yeCCTV usebenzisa kunye neekhamera ze-IP (iziqwenga eziyi-8)
- Ukhuseleko lweWi-Fi yeOfisi, iinethiwekhi ezimbini (zangaphakathi kunye neendwendwe)
- Kuyenzeka ukongeza abashicileli bomsebenzi womnatha (ukuya kumaqhekeza ama-3)
- Ithemba lokuvula iofisi yesibini kwelinye icala lesixeko
Ukukhetha izixhobo
Andizukungena ekukhetheni umthengisi, kuba lo ngumba obangela iingxabano zakudala; siya kugxila kwinto yokuba uphawu sele lugqitywe ngalo, yiCisco.
Isiseko sothungelwano si (umzila). Kubalulekile ukuvavanya iimfuno zethu, njengoko siceba ukwandisa uthungelwano kwixesha elizayo. Ukuthenga i-router kunye nendawo yokugcina oku kuya kugcina imali yomthengi ngexesha lokwandiswa, nangona kuya kuba yindleko encinci kwinqanaba lokuqala. I-Cisco yecandelo lamashishini amancinci inika uluhlu lwe-Rvxxx, olubandakanya ii-routers zeeofisi zasekhaya (i-RV1xx, ininzi i-module eyakhelwe-ngaphakathi ye-Wi-Fi), eyilelwe ukudibanisa iindawo ezininzi zokusebenza kunye nokugcinwa kwenethiwekhi. Kodwa asinamdla kubo, kuba banamandla alinganiselweyo e-VPN kunye ne-bandwidth ephantsi. Kananjalo asinamdla kwimodyuli eyakhelwe-ngaphakathi engenazingcingo, kuba ifanele ukubekwa kwigumbi lobugcisa kwindawo yokubeka; I-Wi-Fi iya kucwangciswa kusetyenziswa i-AP (). Ukhetho lwethu luya kuwela kwi-RV320, eyimodeli encinci yochungechunge oludala. Asiyidingi inani elikhulu lamachweba kwinguqu eyakhelwe-ngaphakathi, kuba siya kuba netshintshi eyahlukileyo ukuze sinikeze inani elaneleyo lamazibuko. Inzuzo ephambili ye-router kukuphuma kwayo okuphezulu ngokufanelekileyo. umncedisi (75 Mbits), ilayisenisi yeetonela ze-VPN ezili-10, ukukwazi ukuphakamisa i-site-2-site VPN tunnel. Kwakhona kubalulekile ubukho bezibuko le-WAN yesibini ukubonelela ngoqhagamshelo lwe-Intanethi.
I-router kufuneka ibe . Eyona parameter ibalulekileyo yokutshintsha yiseti yemisebenzi enayo. Kodwa kuqala, masibale amazibuko. Kwimeko yethu, siceba ukudibanisa kwi-switch: ii-PC ze-17, ii-APs ezi-2 (iindawo zokufikelela kwi-Wi-Fi), iikhamera ze-8 ze-IP, i-1 NAS, i-3 abashicileli benethiwekhi. Ukusebenzisa i-arithmetic, sifumana inombolo ye-31, ehambelana nenani lezixhobo eziqhagamshelwe kwinethiwekhi, yongeza i-2 kule. (siceba ukwandisa inethiwekhi) kwaye siya kumisa kumachweba angama-48. Ngoku malunga nokusebenza: utshintsho lwethu kufuneka lukwazi , ngokukhethekileyo zonke i-4096, aziyi kulimaza yam, ekubeni kuya kuba nako ukudibanisa iswitshi kwelinye isiphelo sesakhiwo usebenzisa optics, kufuneka ikwazi ukusebenza isangqa evaliweyo, nto leyo eyenza kube nokwenzeka ukuba sigcine amakhonkco (), kwakhona i-AP kunye neekhamera ziya kunikwa amandla ngesibini esijijekileyo, ngoko ke kuyimfuneko ukuba ube nayo (unokufunda ngakumbi malunga neeprothokholi kwiwiki, amagama ayacofa). Intsonkothe ββkakhulu Asiyidingi ukusebenza, ngoko ukhetho lwethu luya kuba yiCisco SG250-50P, ekubeni inomsebenzi owaneleyo kuthi kwaye kwangaxeshanye ayibandakanyi imisebenzi engafunekiyo. Siza kuthetha nge-Wi-Fi kwinqaku elilandelayo, njengoko esi sisihloko esibanzi. Apho siya kuhlala kukhetho lwe-AR. Asikhethi i-NAS kunye neekhamera, sicinga ukuba abanye abantu benza oku, kodwa sinomdla kuphela kwinethiwekhi.
Ukucwangcisa
Okokuqala, makhe sigqibe ukuba zeziphi iinethiwekhi ezibonakalayo esizifunayo (unokufunda ukuba zeziphi iiVLANs kwiWikipedia). Ke, sinamacandelo amaninzi enethiwekhi anengqiqo:
- Iindawo zokusebenzela zabathengi (iiPC)
- Iseva (NAS)
- I-CCTV
- Izixhobo zeendwendwe (WiFi)
Kwakhona, ngokwemigaqo yokuziphatha kakuhle, siya kuhambisa ujongano lolawulo lwesixhobo kwiVLAN eyahlukileyo. Ungafaka iinombolo zeVLAN ngayo nayiphi na iodolo, ndiya kukhetha oku:
- Ulawulo lwe-VLAN10 (MGMT)
- VLAN50 Umncedisi we
- VLAN100 LAN+WiFi
- I-VLAN150 ye-WiFI yeeNdwendwe (V-WiFi)
- VLAN200 CAM's
Emva koko, siza kucwangcisa isicwangciso se-IP kwaye sisebenzise 24 bits kunye subnet 192.168.x.x. Masiqalise.
Iqula eligciniweyo liya kuqulatha iidilesi eziya kuqwalaselwa ngokwezibalo (abashicileli, abancedisi, ujongano lolawulo, njl. njl., kubathengi. iya kukhupha idilesi eguqukayo).
Ke siqikelele i-IP, kukho amanqaku ambalwa endifuna ukuwahoya:
- Akukho sizathu sokuseta i-DHCP kwinethiwekhi yolawulo, njengakwigumbi lomncedisi, ekubeni zonke iidilesi zabelwe ngesandla xa ziqwalasela izixhobo. Abanye abantu bashiya i-pool encinci ye-DHCP kwimeko yokudibanisa izixhobo ezitsha, kuqwalaselo lwayo lokuqala, kodwa ndiyiqhelile kwaye ndikucebisa ukuba uqwalasele izixhobo kungekhona kwindawo yomthengi, kodwa kwidesksi yakho, ngoko andiyi. yenza le pool apha.
- Ezinye iimodeli zekhamera zinokufuna idilesi engatshintshiyo, kodwa sicinga ukuba iikhamera zifumana ngokuzenzekelayo.
- Kumsebenzi womnatha wendawo, sishiya i-pool kubashicileli, kuba inkonzo yoshicilelo yenethiwekhi ayisebenzi ngokukodwa ngokuthembekileyo ngeedilesi eziguqukayo.
Ukuseta umzila
Ewe, ekugqibeleni masiqhubele phambili kulungiselelo. Sithatha intambo ye-patch kwaye sidibanise kwelinye lamachweba amane e-LAN ye-router. Ngokungagqibekanga, iseva ye-DHCP inikwe amandla kwi-router kwaye ifumaneka kwidilesi 192.168.1.1. Unokujonga oku usebenzisa i-ipconfig console utility, kwisiphumo apho umzila wethu uya kuba lisango elingagqibekanga. Masijonge:
Kwi-browser, yiya kule dilesi, qinisekisa uxhulumaniso olungakhuselekanga kwaye ungene ngegama lomsebenzisi / igama lokugqitha cisco / cisco. Ngokukhawuleza tshintsha igama lokugqitha libe lelikhuselekileyo. Kwaye okokuqala kuyo yonke into, yiya kuCwangciso ithebhu, icandelo leNethiwekhi, apha sabela igama kunye negama lesizinda somzila.
Ngoku masenze iiVLANs kwirutha yethu. Yiya kuLawulo lweZibuko/uBulungu beVLAN. Siyakubuliswa ngumqondiso we-VLAN-ok, uqwalaselwe ngokungagqibekanga
Asizifuni, siya kuzicima zonke ngaphandle kweyokuqala, kuba ayigqibekanga kwaye ayinakususwa, kwaye siya kongeza kwangoko iiVLAN ebesizicwangcisile. Ungalibali ukujonga ibhokisi phezulu. Siza kuvumela ulawulo lwesixhobo kuphela kuthungelwano lolawulo, kwaye sivumele uthungelwano phakathi kothungelwano kuyo yonke indawo ngaphandle kwenethiwekhi yeendwendwe. Siza kuqwalasela izibuko kamva kancinane.
Ngoku makhe siqwalasele iseva yeDHCP ngokwetafile yethu. Ukwenza oku, yiya kwi-DHCP/DHCP Setup.
Kwiinethiwekhi apho i-DHCP iya kukhutshazwa, siya kuqwalasela kuphela idilesi yesango, eya kuba ngowokuqala kwi-subnet (kunye nemaski ngokufanelekileyo).
Kuthungelwano nge-DHCP, yonke into ilula kakhulu, sikwaqwalasela idilesi yesango, kwaye sibhalisa amachibi kunye ne-DNS ngezantsi:
Ngale nto siye sajongana ne-DHCP, ngoku abathengi abaqhagamshelwe kwinethiwekhi yendawo baya kufumana idilesi ngokuzenzekelayo. Ngoku makhe siqwalasele izibuko (iizibuko ziqwalaselwe ngokomgangatho , ikhonkco licofa, unokuziqhelanisa nalo). Ekubeni kucingelwa ukuba bonke abaxumi baya kudityaniswa ngokutshintsha okulawulwayo kweVLAN engabhalwanga (yemveli), onke amazibuko aya kuba yiMGMT, oku kuthetha ukuba nasiphi na isixhobo esiqhagamshelwe kweli zibuko siya kuwela kule nethiwekhi (inkcukacha ezininzi apha). Masibuyele kuLawulo lweZibuko/uBulungu beVLAN kwaye siqwalasele oku. Sishiya i-VLAN1 engabandakanywanga kuwo onke amachweba, asiyifuni.
Ngoku kwikhadi lethu lomnatha kufuneka siqwalasele idilesi ye-static kwi-subnet yokulawula, ekubeni siphelile kule subnet emva kokuba sicofe "gcina", kodwa akukho mncedisi we-DHCP apha. Yiya kwisethingi yeadaptha yenethiwekhi kwaye uqwalasele idilesi. Emva koko, i-router iya kufumaneka kwi-192.168.10.1
Masisete uqhagamshelo lwethu lwe-Intanethi. Masicinge ukuba sifumene idilesi engatshintshiyo kumboneleli. Yiya kuSeto/Inethiwekhi, phawula i-WAN1 ezantsi, cofa Hlela. Khetha i-IP engatshintshiyo kwaye uqwalasele idilesi yakho.
Kwaye into yokugqibela namhlanje kukuqwalasela ukufikelela kude. Ukwenza oku, yiya kwi-Firewall / Jikelele kwaye ukhangele ibhokisi yoLawulo olukude, qwalasela i-port ukuba kuyimfuneko
Kuphelele apho namhlanje. Ngenxa yenqaku, sine-router emiselweyo esisiseko esinokufikelela kuyo kwi-Intanethi. Ubude benqaku bude kunokuba bendilindele, ngoko ke kwicandelo elilandelayo siya kugqiba ukuseta i-router, ukufaka i-VPN, ukuqwalasela i-firewall kunye nokugawulwa kwemithi, kunye nokuqwalasela ukutshintshela kwaye siya kukwazi ukubeka iofisi yethu ekusebenzeni. . Ndiyathemba ukuba eli nqaku ubuncinci libe luncedo kwaye linolwazi kuwe. Ndibhala okokuqala, ndiya kuvuya kakhulu ukufumana ukugxekwa okwakhayo kunye nemibuzo, ndiya kuzama ukuphendula wonke umntu kwaye ndithathele ingqalelo izimvo zakho. Kwakhona, njengoko bendibhalile ekuqaleni, iingcinga zakho malunga nokuba yeyiphi enye into enokuthi ivele eofisini kwaye yintoni enye esiya kuyiqwalasela yamkelekile.
Abafowunelwa bam:
I tilegram:
I-Skype/imeyile: [imeyile ikhuselwe]
Sidibanise, masithethe.
umthombo: www.habr.com