No relevant resource is found in the selected language.

Enterprise

Worldwide

- Türkçe

Search

History
Popular search
Switches Routers Servers Storage Data Center Energy Cloud Computing
Quick access
Recommended

Support

Documentation

CloudCampus Solution V100R019C10 Deployment Guide for Large- and Medium-Sized Campus Networks (Non-virtualization Scenario)

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Configuring Intranet Security

Configuring Intranet Security

Context

A typical large- and medium-sized campus network uses a three-layer architecture, consisting of the core layer, aggregation layer, and access layer. Simplified networks may use a two-layer architecture, consisting of only the core layer and access layer. Security features can be configured layer by layer to ensure comprehensive intranet security.

Configuration Tasks

Network Layer	Task Description	Deployment Procedure
Access layer	Enabling storm control	Create an interface security profile. For details, see Configuring an Interface Template. Create an object group, and add the ports to which the interface security profile is to be delivered to the object group. For details, see Configuring an Interface Template. Deliver the interface security profile configuration to the object group.
	Enabling DHCP snooping
	Enabling IP Source Guard (IPSG)
	Enabling dynamic ARP inspection (DAI)
	Enabling port isolation
Access layer (wireless side)	Configuring air interface security	You need to log in to the WAC web system or access the WAC command-line interface (CLI) to perform the configuration. For details about the planned functions, see the plan for the wireless access layer in Intranet Security Design. For details about the configuration on the standalone WAC, see the product documentation at https://support.huawei.com/enterprise/en/category/wlan-pid-1482616818654?submodel=21782201. For details about the configuration on the native WAC, see the product documentation of campus switches at https://support.huawei.com/enterprise/en/category/switches-pid-1482605678974?submodel=9856733.
	Configuring terminal access security
	Configuring service security
Aggregation layer	If terminals are connected to the aggregation layer, perform security configuration by referring to configuration at the access layer. If the aggregation device functions as the user gateway or authentication point, perform security configuration by referring to configuration at the core layer.
Core layer	Configuring defense against CPU attacks	All the listed functions of the core switch have default configurations. These configurations ensure that the CPU can process and respond to normal services. You can run commands on the core switch to customize these functions. For details, see the campus switch product documentation at: https://support.huawei.com/enterprise/en/category/switches-pid-1482605678974?submodel=9856733
	Configuring attack source tracing
	Configuring port attack defense
	Configuring user-level rate limiting
	Enabling optimized ARP reply

Context
Configuration Tasks

Translation

简体中文

Download

Updated: 2021-04-29

Document ID: EDOC1100141247

Views: 121293

Downloads: 625

Average rating:

This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode