No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples(V100 and V200)

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Key Points of Security Deployment

Key Points of Security Deployment

Campus network security includes campus internal network security and campus egress security. Campus internal network security covers login security (for example, preventing unauthorized users from logging in to devices), data security (data not being intercepted or tampered with during forwarding), and other aspects. For campus egress security, professional security devices (such as firewalls) are deployed at the campus egress to implement network border protection and effectively prevent security threats from external networks.

  • Campus internal network security
    • Device login security

      It is recommended that the user name and password be used for local device login through the console port and a secure SSH protocol (for example, STelnet) be used for remote device login.

    • Security at different network layers

      As the border of the campus network, access devices need to prevent unauthorized users and terminals from accessing the network and control Layer 2 traffic forwarding. Core devices are located at the key position of the network, and the security of the core devices is critical. When a core device is configured as a centralized authentication point, the CPU performance must meet protocol packet processing requirements when a large number of users access the network. When a core device is configured as a gateway, ARP security must be considered.

    • Wireless service security

      Intrusion devices and attack users can be detected and contained to ensure the border security of wireless networks. In addition, the validity and security of user access need to be authenticated to ensure the security of user service data.

  • Campus egress security
    • Online behavior management

      If enterprise employees need to access external networks, functions such as URL filtering, file filtering, data filtering, application behavior control, and antivirus need to be enabled to protect internal hosts from external threats and prevent information leaks to ensure network security.

    • Border protection

      Employees, servers, and external networks can be assigned to different security zones for inter-zone traffic inspection and protection.

      The content security protection functions need to be enabled according to types of network services to be provided for external users. For example, file filtering and data filtering are enabled on the file server, mail filtering is enabled on the mail server, and antivirus and intrusion prevention are enabled on all servers.

Translation
Español 日本語 Русский 简体中文
Download
Updated: 2023-07-29

Document ID: EDOC1000069520

Views: 1864760

Downloads: 41246

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :