No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Feature Planning

Feature Planning

After the S12708 agile switches are deployed on the campus network, the following agile features can be applied to solve the service deployment problems described in Networking Requirements, and to enable the network to fast and flexibly adapt to service requirements.

  • Wired and wireless convergence: Wired and wireless networks are uniformly managed and maintained.

    Agile switches at the core layer provide native capabilities on their line cards, so no independent AC devices or AC cards (such as ACU2) are required. Administrators do not need to configure and deploy user access services on the wired and wireless networks respectively and can manage wired and wireless networks simply as managing one device. The high switching capability and scalability of agile switches eliminate bottlenecks in centralized traffic forwarding when independent ACs or AC cards are used.

  • Free mobility: Service control policies can be migrated with users, delivering consistent experience for users.

    For example, in Networking Requirements, teacher Lee connects to the campus network from the office area, teaching area, library, and residential community every day. He may be granted different access rights on a traditional network. For example, he can access the essay database only in the office area, teaching area, and library, but not in public areas in the campus.

    The free mobility solution enables users to have the same network access rights at different locations. Network access policies are configured centrally on the Agile Controller and delivered to all associated access devices. In this way, users can obtain the same network access policies and enjoy consistent network access experience at any locations and using any IP addresses.

    Table 2-5 lists the access policies that are configured on the Agile Controller and delivered to three user groups: guest, student, and teacher.

    Table 2-5  Free mobility policy configuration
    User (Source Security Group) Resource (Destination Security Group) Access Control Policy
    Guest Public resources (IP address: 10.10.1.1/32) Permit
    Education management system (IP address: 10.10.2.1/32) Forbid
    Fire Transfer Protocol (FTP) resources (IP address: 10.10.3.1/32) Forbid
    Student Public resources (IP address: 10.10.1.1/32) Permit
    Education management system (IP address: 10.10.2.1/32) Forbid
    Fire Transfer Protocol (FTP) resources (IP address: 10.10.3.1/32) Permit
    Teacher Public resources (IP address: 10.10.1.1/32) Permit
    Education management system (IP address: 10.10.2.1/32) Permit
    Fire Transfer Protocol (FTP) resources (IP address: 10.10.3.1/32) Permit

    After the preceding policies are configured, users have the same network access rights and network experience after passing authentication.

  • Super Virtual Fabric (SVF): Agile switches deliver configurations to devices at the aggregation and access layers.

    The SVF solution virtualizes core, aggregation, and access switches on a network into one switch. The core switch manages the aggregation and access switches, and uses configuration templates to complete batch configuration of aggregation and access switches. In this way, administrators do not need to configure switches one by one.

    Table 2-6 describes the roles in an SVF system. The agile switch functions as a parent to manage all access switches (ASs) and APs. In the SVF system, wired and wireless users are all managed on the parent.

    Table 2-6  SVF deployment
    Role Device
    Parent Two S12708 switches in a CSS
    Client Level-1 AS Switches directly connected to the parent, providing wired connections to access switches or terminals
    Level-2 AS Switches directly connected to level-1 ASs, providing wired connections to terminals
    Wireless access device

    APs on a WLAN, providing wireless connections to terminals

    If APs are deployed in an SVF system, the parent functions as a wireless access controller (AC) to control and manage all APs.

    Services on ASs are configured on the parent, and the key states of ASs and APs are maintained on the parent. Administrators can complete service configurations for aggregation and access switches by simply connecting unconfigured aggregation and access switches to the parent. The aggregation and access layers realize zero-touch configuration, automatic upgrade, and plug-and-play deployment, simplifying network configuration, management, and maintenance.

    NOTE:

    An SVF system supports at most two levels of ASs and one level of APs. When eSight is deployed to manage the SVF system, SVF can better simplify device management.

  • Packet Conservation Algorithm for Internet (iPCA): iPCA allows an agile network to be aware of the service quality and to locate network failures.

    An agile switch with iPCA configured can monitor packet loss in real time. Table 2-7 lists packet loss measurement modes. If a link fails, an iPCA-capable switch can quickly detect the fault and sends an alarm to administrators immediately. iPCA allows the network to be aware of the service quality, reducing impact of network failures. eSight can display packet loss measurement results on a GUI, so administrators can easily monitor the network quality.

    Table 2-7  iPCA deployment
    Packet Loss Measurement Mode Deployment Scenario
    Network-level packet loss measurement Monitor packet loss on the links between the main campus and branch campuses. iPCA needs to be configured on local and remote core switches.
    Device-level packet loss measurement Monitor packet loss on core switches. iPCA only needs to be configured on local core switches.

Table 2-8 lists the minimum versions supporting agile features and precautions for configuring these features.

Table 2-8  Applicable versions and precautions
Agile Feature Minimum Version Precaution
SVF V200R007 (V200R007C20 is not included)

A license is required to enable the SVF function on a parent.

When enabling the SVF function, ensure that the current and next startup network admission control (NAC) configuration modes are the unified mode.

Free mobility V200R006

The Agile Controller needs to be deployed to enable the free mobility function. Free mobility is supported only in the unified NAC mode.

iPCA V200R006

If modular switches are used, X series cards need to be installed.

Wired and wireless convergence V200R005 (V200R007C20 is not included)

If modular switches are used, X series cards need to be installed.

For details about the applicable AP models and versions, see the product documents.

NOTE:

This case uses S series switches in V200R009C00 as an example. The configuration may slightly vary depending on the product and version. Refer to the configuration manual accordingly.

Download
Updated: 2019-04-20

Document ID: EDOC1000069520

Views: 696456

Downloads: 30199

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next