Sawubona, zakhamuzi ezithandekayo ze-Habro kanye nezivakashi ezingahleliwe. Kulolu chungechunge lwezihloko sizokhuluma ngokwakha inethiwekhi elula yenkampani engadingi kakhulu ingqalasizinda yayo ye-IT, kodwa ngesikhathi esifanayo inesidingo sokuhlinzeka abasebenzi bayo uxhumano lwe-inthanethi olusezingeni eliphezulu, ukufinyelela ifayela elihlanganyelwe. izinsiza, kanye nokuhlinzeka abasebenzi nge-VPN ukufinyelela emsebenzini nokuxhuma uhlelo lokubhekwa kwevidiyo, olungafinyelelwa noma yikuphi emhlabeni. Ingxenye yamabhizinisi amancane ibonakala ngokukhula ngokushesha futhi, ngokufanele, ukuhlela kabusha inethiwekhi. Kulesi sihloko sizoqala ngehhovisi elilodwa elinezindawo zokusebenza eziyi-15 futhi sizokwandisa inethiwekhi. Ngakho-ke, uma noma yisiphi isihloko esithakazelisayo, bhala kumazwana, sizozama ukusisebenzisa esihlokweni. Ngizothatha ngokuthi umfundi ujwayelene nezisekelo zamanethiwekhi wekhompiyutha, kodwa ngizohlinzeka ngezixhumanisi ze-Wikipedia kuwo wonke amagama obuchwepheshe; uma kukhona okungacacile, chofoza futhi ulungise lokhu kuntuleka.
Ngakho, ake siqale. Noma iyiphi inethiwekhi iqala ngokuhlola indawo futhi ithole izidingo zeklayenti, okuzokwakhiwa kamuva emibhalweni yezobuchwepheshe. Ngokuvamile ikhasimende ngokwalo aliqondi ngokugcwele ukuthi lifunani nokuthi yini eliyidingayo kulokhu, ngakho-ke lidinga ukuqondiswa kulokho esingakwenza, kodwa lokhu kungaphezu komsebenzi wommeleli wokuthengisa, sinikeza ingxenye yezobuchwepheshe, ngakho-ke ake sicabange ukuthi Sithole izidingo zokuqala ezilandelayo:
- Iziteshi zokusebenza eziyi-17 zama-PC edeskithophu
- Isitoreji sediski yenethiwekhi ()
- Isistimu ye-CCTV isebenzisa namakhamera we-IP (izingcezu eziyi-8)
- Ukufakwa kwe-Wi-Fi yehhovisi, amanethiwekhi amabili (angaphakathi nesivakashi)
- Kungenzeka ukwengeza amaphrinta enethiwekhi (kufika ku-3 izingcezu)
- Ithemba lokuvula ihhovisi lesibili ngaphesheya kwedolobha
Ukukhethwa kwezisetshenziswa
Ngeke ngijule ekukhetheni umdayisi, ngoba lokhu kuyindaba edala izingxabano zakudala, sizogxila eqinisweni lokuthi uhlobo seluvele lunqunyiwe, yiCisco.
Isisekelo senethiwekhi si (irutha). Kubalulekile ukuhlola izidingo zethu, njengoba sihlela ukwandisa inethiwekhi esikhathini esizayo. Ukuthenga i-router nge-reserve yalokhu kuzosindisa imali yekhasimende ngesikhathi sokunwetshwa, nakuba kuzobiza kancane kancane esigabeni sokuqala. I-Cisco yengxenye yamabhizinisi amancane inikeza uchungechunge lwe-Rvxxx, oluhlanganisa imizila yamahhovisi asekhaya (i-RV1xx, imvamisa enemojula eyakhelwe ngaphakathi ye-Wi-Fi), eklanyelwe ukuxhuma izindawo zokusebenza ezimbalwa kanye nokugcinwa kwenethiwekhi. Kepha asinandaba nazo, ngoba zinamakhono anqunyelwe we-VPN kanye nomkhawulokudonsa ophansi. Futhi asinantshisekelo kumojula eyakhelwe ngaphakathi engenantambo, ngoba kufanele ibekwe egumbini lobuchwepheshe endaweni yokubeka; I-Wi-Fi izohlelwa kusetshenziswa i-AP (). Ukukhetha kwethu kuzowela ku-RV320, okuyimodeli encane yochungechunge oludala. Asidingi inombolo enkulu yezimbobo kuswishi eyakhelwe ngaphakathi, njengoba sizoba neswishi ehlukile ukuze sinikeze inombolo eyanele yezimbobo. Inzuzo eyinhloko ye-router ukuthi ihamba kahle kakhulu. iseva (75 Mbits), ilayisensi yemigudu ye-VPN eyi-10, ikhono lokukhulisa umhubhe we-Site-2-site VPN. Okunye okubalulekile ubukhona bembobo yesibili ye-WAN ukuze unikeze ngoxhumano lwe-inthanethi oluyisipele.
I-router kufanele ibe . Ipharamitha ebaluleke kakhulu yeswishi isethi yemisebenzi enayo. Kodwa okokuqala, ake sibale amachweba. Esimweni sethu, sihlela ukuxhuma ekushintsheni: ama-PC angu-17, ama-AP angu-2 (izindawo zokufinyelela ze-Wi-Fi), amakhamera we-IP angu-8, i-1 NAS, amaphrinta enethiwekhi angu-3. Ngokusebenzisa i-arithmetic, sithola inombolo engu-31, ehambelana nenani lamadivayisi axhunywe kunethiwekhi ekuqaleni, engeza u-2 kulokhu. (sihlela ukwandisa inethiwekhi) futhi sizoma kumachweba angama-48. Manje mayelana nokusebenza: inkinobho yethu kufanele ikwazi , mhlawumbe bonke 4096, ngeke ubuhlungu yami, njengoba kuzokwazi ukuxhuma inkinobho ngakolunye uhlangothi lwesakhiwo usebenzisa i-optics, kufanele ikwazi ukusebenza embuthanweni ovaliwe, okwenza sikwazi ukugcina izixhumanisi (), futhi i-AP namakhamera azonikwa amandla ngepheya elisontekile, ngakho-ke kuyadingeka ukuba nakho (ungafunda kabanzi mayelana nemithethonqubo ku-wiki, amagama ayachofozeka). Iyinkimbinkimbi kakhulu Asidingi ukusebenza, ngakho ukukhetha kwethu kuzoba yi-Cisco SG250-50P, njengoba inomsebenzi owanele kithi futhi ngesikhathi esifanayo ayifaki imisebenzi engafuneki. Sizokhuluma nge-Wi-Fi esihlokweni esilandelayo, njengoba lesi isihloko esibanzi. Lapho sizohlala ekukhethweni kwe-AR. Asikhethi i-NAS namakhamera, sicabanga ukuthi abanye abantu benza lokhu, kodwa sinentshisekelo kunethiwekhi kuphela.
Ukuhlela
Okokuqala, ake sinqume ukuthi yimaphi amanethiwekhi abonakalayo esiwadingayo (ungafunda ukuthi ayini ama-VLAN ku-Wikipedia). Ngakho, sinezigaba ezimbalwa zenethiwekhi ezinengqondo:
- Iziteshi zokusebenza zeklayenti (ama-PC)
- Iseva (NAS)
- I-CCTV
- Amadivayisi esivakashi (WiFi)
Futhi, ngokwemithetho yokuziphatha okuhle, sizohambisa isixhumi esibonakalayo sokuphatha idivayisi sibe yi-VLAN ehlukile. Ungafaka izinombolo ze-VLAN nganoma iyiphi indlela, ngizokhetha lokhu:
- I-VLAN10 Management (MGMT)
- Iseva ye-VLAN50
- I-VLAN100 LAN+WiFi
- I-VLAN150 WiFI Yezivakashi (V-WiFi)
- Idatha ye-VLAN200CAM
Okulandelayo, sizodweba uhlelo lwe-IP futhi sisebenzise 24 bits kanye ne-subnet 192.168.x.x. Ake siqale.
Ichibi eligodliwe lizoqukatha amakheli azolungiswa ngokwezibalo (amaphrinta, amaseva, izixhumanisi zokuphatha, njll., kumakhasimende izokhipha ikheli eliguqukayo).
Ngakho-ke silinganisele i-IP, kukhona amaphuzu ambalwa engingathanda ukuwanaka:
- Asikho iphuzu ekusetheni i-DHCP kunethiwekhi yokulawula, njengasegunjini leseva, njengoba wonke amakheli anikezwa ngesandla lapho kulungiswa okokusebenza. Abanye abantu bashiya ichibi elincane le-DHCP uma kwenzeka bexhuma imishini emisha, ekucushweni kwayo kokuqala, kodwa ngikujwayele futhi ngikweluleka ukuthi ulungise imishini hhayi endaweni yekhasimende, kodwa etafuleni lakho, ukuze ngingakwenzi. yenza leli chibi lapha.
- Amanye amamodeli wamakhamera angase adinge ikheli elimile, kodwa sithatha ngokuthi amakhamera ayithola ngokuzenzakalelayo.
- Kunethiwekhi yendawo, sishiya i-pool yamaphrinta, njengoba isevisi yokuphrinta yenethiwekhi ayisebenzi ngokuthembekile ikakhulukazi ngamakheli aguqukayo.
Isetha irutha
Nokho, ekugcineni asiqhubekele ekusetheni. Sithatha intambo yesichibi bese sixhuma kwelinye lamachweba amane e-LAN omzila. Ngokuzenzakalelayo, iseva ye-DHCP inikwe amandla kumzila futhi itholakala ekhelini elithi 192.168.1.1. Ungahlola lokhu usebenzisa insiza ye-ipconfig console, ekuphumeni kwayo umzila wethu ozoba isango elizenzakalelayo. Ake sihlole:
Esipheqululini, hamba kuleli kheli, uqinisekise ukuxhumana okungavikelekile bese ungena ngegama lomsebenzisi/iphasiwedi cisco/cisco. Shintsha ngokushesha iphasiwedi ibe evikelekile. Futhi okokuqala, yiya kuthebhu yokuSetha, isigaba senethiwekhi, lapha sinikeza igama negama lesizinda somzila.
Manje ake sengeze ama-VLAN kumzila wethu. Iya ku-Port Management/VLAN Ubulungu. Sizobingelelwa uphawu lwe-VLAN-ok, olulungiselelwe ngokuzenzakalelayo
Asizidingi, sizosusa konke ngaphandle kweyokuqala, njengoba izenzakalelayo futhi ayikwazi ukususwa, futhi sizokwengeza ngokushesha ama-VLAN ebesiwahlelile. Ungakhohlwa ukumaka ibhokisi phezulu. Futhi sizovumela ukuphathwa kwedivayisi kuphela kunethiwekhi yokuphatha, futhi sivumele umzila phakathi kwamanethiwekhi yonke indawo ngaphandle kwenethiwekhi yesivakashi. Sizomisa izimbobo ngemva kwesikhashana.
Manje ake silungiselele iseva ye-DHCP ngokwetafula lethu. Ukuze wenze lokhu, iya kokuthi Ukusethwa kwe-DHCP/DHCP.
Kumanethiwekhi lapho i-DHCP izokhutshazwa khona, sizomisa kuphela ikheli lesango, elizoba ngelokuqala ku-subnet (kanye nemaski ngokufanele).
Kumanethiwekhi ane-DHCP, yonke into ilula, siphinde silungise ikheli lesango, bese sibhalisa amachibi kanye ne-DNS ngezansi:
Ngalokhu sibhekane ne-DHCP, manje amaklayenti axhunywe kunethiwekhi yendawo azothola ikheli ngokuzenzakalelayo. Manje ake silungiselele amachweba (amachweba alungiselelwe ngokuya ngokwejwayelekile , isixhumanisi siyachofozeka, ungajwayelana naso). Njengoba kucatshangwa ukuthi wonke amaklayenti azoxhunywa ngokushintsha okuphethwe kwe-VLAN engamakiwe (yomdabu), zonke izimbobo zizoba yi-MGMT, lokhu kusho ukuthi noma iyiphi idivayisi exhunywe kule chweba izowela kule nethiwekhi (imininingwane eyengeziwe lapha). Ake sibuyele ku-Port Management/VLAN Ubulungu futhi silungiselele lokhu. Sishiya i-VLAN1 Ikhishiwe kuwo wonke amachweba, asiyidingi.
Manje ekhadini lethu lenethiwekhi sidinga ukumisa ikheli elimile kusuka ku-subnet yokuphatha, njengoba sigcine kule subnet ngemva kokuchofoza "londoloza", kodwa ayikho iseva ye-DHCP lapha. Iya kuzilungiselelo ze-adaptha yenethiwekhi bese ulungisa ikheli. Ngemuva kwalokhu, i-router izotholakala ku-192.168.10.1
Masimise uxhumano lwethu lwe-inthanethi. Ake sicabange ukuthi sithole ikheli elimile kumhlinzeki. Iya kokuthi Setha/Inethiwekhi, maka i-WAN1 ngezansi, chofoza Hlela. Khetha i-IP emile bese ulungisa ikheli lakho.
Futhi into yokugcina yanamuhla ukulungisa ukufinyelela okukude. Ukuze wenze lokhu, vakashela ku-Firewall/General bese ubheka ibhokisi elithi Remote Management, lungisa ichweba uma kunesidingo
Cishe yilokho kuphela okwanamuhla. Njengomphumela walesi sihloko, sinerutha eyisisekelo emisiwe esingafinyelela ngayo i-inthanethi. Ubude be-athikili bude kunalokho engangikulindele, ngakho-ke engxenyeni elandelayo sizoqedela ukusetha i-router, ukufaka i-VPN, ukulungisa i-firewall nokuloga, futhi nokulungisa ukushintshwa futhi sizokwazi ukusebenzisa ihhovisi lethu. . Ngithemba ukuthi lesi sihloko okungenani besiwusizo futhi sinolwazi kuwe. Ngibhala okokuqala, ngizojabula kakhulu ukuthola ukugxekwa okwakhayo nemibuzo, ngizozama ukuphendula wonke umuntu futhi ngicabangele ukuphawula kwakho. Futhi, njengoba ngibhale ekuqaleni, imicabango yakho mayelana nokuthi yini enye engavela ehhovisi nokuthi yini enye esizoyilungisa yamukelekile.
Engixhumana nabo:
Ikholomu:
I-Skype/imeyili: [i-imeyili ivikelwe]
Singeze, sixoxe.
Source: www.habr.com