Currently, many large Internet cafes have customized different charging standards for user different application situations in order to facilitate management. For example, general Internet access areas, online game areas, video chat areas, online movie areas (Internet cafe servers, Internet VOD on demand), VIP areas, etc. Like video chat, it is 1 yuan per hour more expensive than general Internet access areas. Since these different areas have different network bandwidth requirements, the choice of network equipment is also different. If we choose to support VLAN switching screens in both the center and the access? Reasonable VLAN division can effectively isolate broadcasts and improve the usage performance of the entire network. It can also provide convenience for Internet cafe management.
In addition, the network has a large capacity, which can fully meet the network users' needs for network bandwidth, and can also provide fast exchange and processing of network equipment. The network devices in the scheme will not only play the role of network interconnection. Therefore, while providing high-speed switching, good control can be performed on network devices and security guarantees can be provided based on hardware.
The plan is designed as follows:
1) It is recommended to use NETGEAR GSM7312 gigabit core switch for the core network equipment of the Internet cafe; the high-performance price ratio GSM7312 provides 12 10/100/1000M twisted pair copper cable gigabit ports and 12 gigabit Mini SFP GBIC slots (shared with 10/100/1000M electrical ports). The switching capacity of 24Gbps and the line-speed routing forwarding capacity of 17.5Mpps will fully meet the performance needs of the entire network. The flexible port configuration brings the greatest flexibility to networking in the Internet cafe. The GSM7312 core column switch supports a variety of forms of VLAN division, port mirroring, RIPv1v2, OSPF, SNMPv1v2v3, IGMP monitoring, 802.1x port authentication and other rich software feature sets, and provides rich packet filtering and priority setting functions and enhanced QoS functional features. It can further enhance network security and adapt to the needs of different network applications. It is an ideal choice for building large and medium-sized Internet cafe network centers.
2) Access switch: According to the design principles of Internet cafe wiring, NETGEAR FS750T/FSM526T intelligent switch is used as the switch at the access layer. It can provide information point access to the 10/100M port with a line speed downwards, and can use a gigabit port to connect to the central switch GSM7312 upwards.
The FS750T smart switch provides 48 10/100M ports and 2 10/100/1000M ports;
The FS526T smart switch provides 24 10/100M ports and 2 10/100/1000M ports;
The FS750T smart switch has 13.6Gbps backplane switching capability and 11Mpps packet forwarding rate;
The FS526T smart switch has 8.8Gbps backplane switching capability and 6.5Mpps packet forwarding rate;
NETGEAR smart switches have the characteristics of simple network management (WEB), but they can provide rich software features of network-managed switches. In terms of price, it is much lower than that of the same grade of network management switch, providing the greatest affordability for Internet cafe networking.
The smart switch can easily configure various functions of the switch device through a graphical WEB browser interface, such as monitoring of switch performance and switch port configuration, and can also implement advanced functions such as setting up link relay, establishing port-based and 802.1Q-based VLAN virtual local area network (VLAN), and quality of service settings (CoS), etc.
3) Connect to the Internet with a speed-transmission firewall.
The Speedway firewall plays the following roles here:
Install a quick-transit firewall at each network exit. Here, the Speedway firewall first plays the role of network isolation, division of different security domains, and performs access control. Through the multi-network structure design of the firewall, authorized legal users can access authorized services and restrict unauthorized access. At the same time, the authentication function of the Speed Pass firewall can realize internal user authentication, and can also realize user-level access control in combination with the user's original domain user authentication or radius authentication.
The intrusion detection function that comes with the SpeedTong Firewall adopts an intrusion detection system based on pattern matching, surpassing the intrusion detection function based on statistical anomalies in traditional firewalls, realizing an extensible attack detection library, truly realizing the protection against various known attack methods, and constantly resisting new attack methods by upgrading the intrusion detection library method. The intrusion detection module of SpeedTong Firewall can automatically detect potential intrusions, attacks and abuses in network data flow, and the firewall module can be linked, automatically adjust control rules, and provide dynamic network protection for the entire network. The Speedway firewall intrusion detection module includes detection of viruses and worms transmitted on the network. It can be detected before computer viruses and worms are transmitted to the host, preventing the spread of network viruses on the gateway and preventing problems before they occur. It has truly achieved the effect of spending less money and doing more.
Use the DNS/URL filtering function of the SpeedTong firewall to restrict users from accessing some bad sites. The Speedway firewall also has a built-in web page filtering database, which can block common pornographic and violent web pages and reduce the risk of online abuse.
In addition, the network has a large capacity, which can fully meet the network users' needs for network bandwidth, and can also provide fast exchange and processing of network equipment. The network devices in the scheme will not only play the role of network interconnection. Therefore, while providing high-speed switching, good control can be performed on network devices and security guarantees can be provided based on hardware.
The plan is designed as follows:
1) It is recommended to use NETGEAR GSM7312 gigabit core switch for the core network equipment of the Internet cafe; the high-performance price ratio GSM7312 provides 12 10/100/1000M twisted pair copper cable gigabit ports and 12 gigabit Mini SFP GBIC slots (shared with 10/100/1000M electrical ports). The switching capacity of 24Gbps and the line-speed routing forwarding capacity of 17.5Mpps will fully meet the performance needs of the entire network. The flexible port configuration brings the greatest flexibility to networking in the Internet cafe. The GSM7312 core column switch supports a variety of forms of VLAN division, port mirroring, RIPv1v2, OSPF, SNMPv1v2v3, IGMP monitoring, 802.1x port authentication and other rich software feature sets, and provides rich packet filtering and priority setting functions and enhanced QoS functional features. It can further enhance network security and adapt to the needs of different network applications. It is an ideal choice for building large and medium-sized Internet cafe network centers.
2) Access switch: According to the design principles of Internet cafe wiring, NETGEAR FS750T/FSM526T intelligent switch is used as the switch at the access layer. It can provide information point access to the 10/100M port with a line speed downwards, and can use a gigabit port to connect to the central switch GSM7312 upwards.
The FS750T smart switch provides 48 10/100M ports and 2 10/100/1000M ports;
The FS526T smart switch provides 24 10/100M ports and 2 10/100/1000M ports;
The FS750T smart switch has 13.6Gbps backplane switching capability and 11Mpps packet forwarding rate;
The FS526T smart switch has 8.8Gbps backplane switching capability and 6.5Mpps packet forwarding rate;
NETGEAR smart switches have the characteristics of simple network management (WEB), but they can provide rich software features of network-managed switches. In terms of price, it is much lower than that of the same grade of network management switch, providing the greatest affordability for Internet cafe networking.
The smart switch can easily configure various functions of the switch device through a graphical WEB browser interface, such as monitoring of switch performance and switch port configuration, and can also implement advanced functions such as setting up link relay, establishing port-based and 802.1Q-based VLAN virtual local area network (VLAN), and quality of service settings (CoS), etc.
3) Connect to the Internet with a speed-transmission firewall.
The Speedway firewall plays the following roles here:
Install a quick-transit firewall at each network exit. Here, the Speedway firewall first plays the role of network isolation, division of different security domains, and performs access control. Through the multi-network structure design of the firewall, authorized legal users can access authorized services and restrict unauthorized access. At the same time, the authentication function of the Speed Pass firewall can realize internal user authentication, and can also realize user-level access control in combination with the user's original domain user authentication or radius authentication.
The intrusion detection function that comes with the SpeedTong Firewall adopts an intrusion detection system based on pattern matching, surpassing the intrusion detection function based on statistical anomalies in traditional firewalls, realizing an extensible attack detection library, truly realizing the protection against various known attack methods, and constantly resisting new attack methods by upgrading the intrusion detection library method. The intrusion detection module of SpeedTong Firewall can automatically detect potential intrusions, attacks and abuses in network data flow, and the firewall module can be linked, automatically adjust control rules, and provide dynamic network protection for the entire network. The Speedway firewall intrusion detection module includes detection of viruses and worms transmitted on the network. It can be detected before computer viruses and worms are transmitted to the host, preventing the spread of network viruses on the gateway and preventing problems before they occur. It has truly achieved the effect of spending less money and doing more.
Use the DNS/URL filtering function of the SpeedTong firewall to restrict users from accessing some bad sites. The Speedway firewall also has a built-in web page filtering database, which can block common pornographic and violent web pages and reduce the risk of online abuse.