Networking operation of Tianhuangping Hydropower Station

The hydropower station has six 300,000-kilowatt vertical shaft reversible pumping generating units with a total installed capacity of 65,438+800,000 kilowatts. This hydropower station is not only the one with the largest installed capacity and the highest head among similar power stations built and under construction in China, but also a world-class pumped storage power station. Considering the actual situation, if you use switches to expand information points, it is not conducive to later management and maintenance, and it is easy to cause network paralysis. At the same time, the office has been renovated and the staff has settled in. If you rewire, it will inevitably affect the existing decoration and daily office. Therefore, the person in charge of East China Tianhuangping Pumped Storage Co., Ltd. decided to adopt wireless network technology to build an external network system. At the same time, in order to ensure the security and manageability of the external network, the company hopes that the client must pass the authentication before accessing the external network, and must bind the authenticated user name, password, IP and MAC information. In addition, it is also required to use multiple external network links, control the bandwidth flow of users, restrict non-business applications such as P2P, and ensure the smooth flow of external networks.

After comprehensive consideration of various schemes, the hydropower station finally chose the wireless overall solution of D-Link to implement the planning and transformation of the network system. More than 40 scattered wireless AP devices were deployed in Tianhuangping Hydropower Station in Anji County and Tianchi Hotel in Hangzhou. The unified management, configuration and authentication of the two places were realized through wireless switches, which met the wireless network coverage requirements of 500 ~ 600 office workers in the two places. At the same time, authentication and billing gateway equipment is set between the core switch and the firewall as the identity authentication of wireless access users, so as to optimize the export traffic of the whole network. In view of the security of the network, D-Link adopts a set of DFL- 1600 firewall system which integrates the functions of firewall, load balancing, regional defense, content filtering, DoS protection and VPN remote secure connection. It carries out linkage security processing with D-Link switch, which will effectively ensure the security of the system. Another feature of the overall solution of hydropower station is the pairing of network devices to realize wireless, authentication and security functions respectively. Specifically, the whole scheme uses wireless switches DWS-3024 and DWL-3500AP to form a wireless network, and uses DSA-4000 broadband access gateway and DRS-5000 authentication system to achieve unified authentication. Through the seamless integration of DFL- 1600 firewall and D-Link switch, the linkage early warning of network security can be better realized.

This collocation method integrates the advantages and functions of different devices and can better meet the needs of users. Through the cooperation of DSA-400 and DRS-5000, users only need a set of account/password to access the network and use the external network. The authentication and related restrictions are the same, and there will be no compatibility problems in future equipment replacement. In addition, DSA4000 can also realize automatic assignment of clients, which is convenient for use and later maintenance.

After the implementation of the scheme, the person in charge of the hydropower station believes that the application of D-Link wireless integrated solution saves a lot of resources and time in the implementation. Because unauthenticated users can't use the external network, the number of computers using the external network is effectively controlled, and the upstream and downstream bandwidth of the network is limited for each user, so that the network bandwidth can be used reasonably and effectively. In addition, the regional defense functions of firewalls and switches can effectively isolate infected computers, prevent the spread of malicious data streams, and prevent network exits from being blocked by malicious data streams such as viruses.