Everybody is good!
Headquarters, all the stores in different places, through the optical fiber line connection, requires communication between all the stores with headquarters, between various stores don't have to each other,
Each store route to get to the Internet through their Internet access,
Has now set up a VLAN and run the rectified, each router set up static routing, generally no problem, but always think of this solution is not so good, such as when stores a routing problem, all stores a PC VLAN with headquarters impassability, consult everybody how great god need to improve?
Headquarters main switch: huawei S5720-32 p - EI - AC,
Other switches for thin S5700 around 2,
All routers are hundreds of pieces of ordinary routing,
Static routing based router:
The destination address gateway subnet mask Metric network interface description information operation
192.168.2.0 192.168.1.254 255.255.255.0 LAN 2 0
192.168.3.0 192.168.1.254 255.255.255.0 0 LAN 3
192.168.4.0 192.168.1.254 255.255.255.0 0 LAN 4
All the stores router static routing (only posted one and other similar) :
The destination address gateway subnet mask Metric network interface description information operation
LAN 192.168.1.0 192.168.3.254 255.255.255.0 0 1
The following is a topology, draw well, such as an unidentified please point out, thank you!

CodePudding user response:

In the first place, why don't you worry about the router down off worry switch down off
Secondly, as you say, the shuttle entry and local PC connected on the switch, the router is not redundant,
Stores 1 example
Layer 2 switches all interface delimit vlan2, and changed the all local vlan1 interface to vlan2 192.168.2.1 set vlan2 vlanif address, to enable the DHCP server, the gateway is set to 192.168.2.254, where local PC to obtain IP addresses directly from headquarters in 5700 on the second floor of layer 3 switches is out,
All the stores have to use a router, special line, routers, switches, PC,
As for the stores without visits need to based on three layers of acl deny

CodePudding user response:

Thanks for the great god help!
Add that the headquarters of each store with more than 30 kilometers, with mobile digital circuit, according to the moving company, imagine the digital circuit for a cable line, net line from headquarters to the meaning of each store,
=======================================
In the first place, why don't you worry about the router down off worry switch down off
-- -- -- -- -- -- -- -- -- because the switches are huawei S5700 series, operation is stable, but the router is not line, hundreds of pieces of D - Link, as is because when stores PC off line, required to pass through the router forwarding, and the router performance is poor, so often freezes, now set the automatic restart router every morning, the situation improved, do you want to be a router crashed, the effect of the line can also be used, but because of the PC a gateway is a router, the router DOWN so, special line is also not line, its four, for example: if the PC is the gateway to 192.168.4.254 VLANIF address as a gateway to the even without a router, line or pass, but need to get 192.168.4.1 switches in headquarters set 0.0.0.0 stores four on the PC to the network, the problem here, because of digital circuit to 4 m, stores, local PC through the Internet routing on the network, but also walk headquarters (don't know understand it right), speed is slow, so now is PC default gateway is 192.168.4.1, when the router set static routing to access 192.168.1.0 192.168.4.254, consequence is the router crashed, line not line,
===========================================
Secondly, as you say, the shuttle entry and local PC connected on the switch, the router is not redundant,
-- -- -- -- -- -- -- -- -- because as supplement, the store is too far away from headquarters, the line is too small, and the demand of the Internet, through the headquarters to the Internet, so all the stores have their own broadband Internet access,
============================================
Layer 2 switches all interface delimit vlan2, and changed the all local vlan1 interface to vlan2 192.168.2.1 set vlan2 vlanif address, to enable the DHCP server, the gateway is set to 192.168.2.254, where local PC to obtain IP addresses directly from headquarters in 5700 on the second floor of layer 3 switches is out,
All the stores have to use a router, special line, routers, switches, PC,
As for the stores don't visits will need to do in based on the three layers of acl deny
-- -- -- -- -- -- -- -- -- -- - for himself is an amateur in amateur, also need to digest, thanks for the great god help!

CodePudding user response:

Through learning, as a review

CodePudding user response:

I simulated also failed to understand, but what is certain, walk forward line has to be, if the router goes down, can only which thin S5700 switch configuration, and forward routing, provides a way of working is switch domain, can be connected to public through a router, can also be used by switches connected line network,

CodePudding user response:

What great god parsing is in place, there is no complete redundancy backup, basically be to see money

CodePudding user response:

No money, just have a batch file to change the adapter gateway, router is broken, point next batch headquarters out to the gateway into 254, good router change again after come back,

CodePudding user response:

I feel like doing ipsec is ok, the public also local export doesn't have to pull their special line,

CodePudding user response:

Network environment say specific point to operate, low bandwidth is dedicated only 4 m, can be used to run to the Intranet business headquarters, access to the Internet or exported from D - link dial-up,

Plan 1, change the router, low budget 831 correlates can choose new cisco routers, second-hand cisco gigabit 2911, hua correlates of three new firewall F100 - C, these a few price is in one thousand yuan, while some are MB, but is the enterprise performance is good, below 200 m broadband is no problem, because usually operators broadband usually run, than buy TPlink high grade of five centuries,

Scheme 2, the second floor in layer 3 switches, ordinary three layer can be weak, brand-new has several hundred yuan, in layer 3 switches for DHCP and static routing, headquarters is not afraid of this method to access the router down drop, but through the bottleneck of Dlink access to the Internet or in the,

Scheme 3, don't cost a cent, each PC manually change a setting, on the connected to the network card, IP address way to get the DHCP/manual setting, "senior" column to add two gateways, a router. 1 jump points to 1, a headquarters. Jump points is set to 3, 254 interface jump points to 1, so that in the case of the router down off automatically via alternate gateway. 254 headquarters of access network,