Fabric Network Management
- Networking Scenario
- Virtualized Campus Network Deployment Procedure
- Configuring a Fabric Global Resource Pool
- Configuring an Underlay Automated Resource Pool
- Fabric Management
- LAN-side Logical Network Management
- (Optional) Configuring LAN-side VN Interworking at Layer 3
- Verifying the Configuration Status
- How Can I Adjust Physical Links?
Networking Scenario
- VXLAN network with centralized gateways: The VXLAN gateways are deployed on border nodes, and are responsible for communication between terminals on the campus network and the Internet, as well as inter-subnet communication between terminals.
Scenario description:
- Border node: It allows inter-subnet communication on VNs and external network access based on the Layer 3 VBDIF interfaces created for bridge domains (BDs). A border node can encapsulate and decapsulate VXLAN packets.
- Edge node: It resides on the edge of a VLAN and a VXLAN, and can encapsulate and decapsulate VXLAN packets. VXLAN packets are transmitted between border nodes and edge nodes on the overlay network.
- Access node: establishes Layer 2 channels between terminals and edge nodes using VLANs, extending the service network at Layer 2.
- VXLAN network with distributed gateways: VXLAN gateways are deployed on different devices. The nearest aggregation device (edge node) used by a terminal access device functions as the Layer 3 distributed gateway, and the core device (border node) functions as the egress Layer 3 gateway.
Scenario description:
- Border node: used only for access to external networks. A border node can encapsulate or decapsulate VXLAN packets for communicating with edge nodes on the VXLAN.
- Edge node: resides on the edge of a VLAN and a VXLAN, implements inter-subnet communication on VNs, encapsulates and decapsulates VXLAN packets, and communicates with border nodes and other edge nodes through VXLAN.
- Access node: establishes Layer 2 channels between terminals and edge nodes using VLANs, extending the service network at Layer 2.
- VLAN network: implements access-to-border automatic configuration based on VLANs. The VLAN network can share an underlay network with the centralized VXLAN network.
Virtualized Campus Network Deployment Procedure
After a physical underlay network is deployed, virtual Layer 2 or Layer 3 networks (overlay networks) need to be constructed over it. The following figure shows the functional modules involved in deploying VNs through iMaster NCE-Campus. You can select the services to be configured based on the actual networking requirements.
In the VN configuration phase, you can select the type of VNs to be configured as needed, including the virtual VXLAN and traditional VLAN. In addition, you can decide whether to deploy the service gateway of the default VN inside or outside the fabric based on whether the network that users access before authentication is a Layer 2 or Layer 3 network.
Configuring a Fabric Global Resource Pool
Before creating VNs, you need to configure global resources, including the resource pools of loopback interface IP addresses, VLANs, VNIs, and BDs. During VN creation, iMaster NCE-Campus automatically allocates resources from resource pools.
Prerequisites
You have to perform the following operations before deploying LAN services on iMaster NCE-Campus:
- A site has been created on iMaster NCE-Campus, and devices to be managed have been added to iMaster NCE-Campus. A switch can go online as a standalone device or a stacked device.
- VLANIF interfaces, loopback interfaces, VTEP IP addresses, and routes have been configured on border and edge devices to implement interconnection between endpoint devices on the LAN. If all devices to be deployed on a fabric network are managed by iMaster NCE-Campus, you can enable automatic routing domain orchestration when creating the fabric network. In this case, iMaster NCE-Campus will automatically configure interfaces and routes on the fabric network.
- A RADIUS template and AAA function have been configured on edge devices to implement authentication on the LAN.
- Free mobility has been enabled for edge devices as required.
Context
The following figure shows the layers of loopback interface, VLAN, VNI, and BD resources on the network and the relationships among the resources.
Procedure
- Choose from the main menu.
- Set parameters, and click
to make the settings take effect.
A service VLAN resource pool is required if you need to configure external gateway interconnection VLANs, network service resource interconnection VLANs, CAPWAP management VLANs, and VN access VLANs for user terminals. When planning VLANs, ensure that the desired VLANs are not used by non-Fabric services. For example, the VLAN ID of the planned management VLAN cannot be included in the VLAN pool. Otherwise, services may be interrupted.
Related Operations
- Select the resource to be deleted and click
to delete the resource.
- Click
to refresh resources displayed on the page.
Parameters
Parameter |
Description |
---|---|
VLAN |
VLAN resource pool for end users accessing the network. |
Loopback interface IP address |
IP address pool for Loopback interfaces. This parameter is configurable when VNs connect to network resource services, such as DHCP and RADIUS. |
Bridge Domain |
On a VXLAN network, VNIs can be mapped to BDs in 1:1 mode so that a BD can function as a VXLAN entity to transmit traffic. |
VXLAN Network Identifier |
A VNI is similar to a VLAN ID and identifies a VXLAN segment. |
Configuring an Underlay Automated Resource Pool
When you create fabric networks, you can enable automated routing domain orchestration. This implements automatic deployment of the underlay network. After this function is enabled, iMaster NCE-Campus automatically provisions configurations, such as VLANIF interfaces, loopback interfaces, VTEP IP addresses, and routes, required for BGP-EVPN on fabric networks. iMaster NCE-Campus automatically allocates resources from the underlay automated resource pool to devices.
Context
The following figure shows the layers where device interconnection IP address and VLAN resources reside on the network and the relationships between the resources.
Procedure
- Choose from the main menu.
- Set parameters, and click
to make the settings take effect.
Related Operations
- Select the resource to be deleted and click
to delete the resource.
- Click
to refresh resources displayed on the page.
How Do I Configure Underlay Automation in the Multi-Site Scenario?
By configuring automated routing domain orchestration on the underlay network, routes between border nodes and edge nodes on a fabric network can be automatically configured. The interconnection links between border nodes and between border nodes and edge nodes are configured to ensure that the VTEP IP addresses on the entire network are reachable to each other through OSPF routes.
If transparent transmission devices are deployed on the underlay network under a fabric network, it is recommended that the device role of border nodes be set as core, that of edge nodes be set as aggregation, that of transparent transmission devices (not deployed on the fabric network) between border nodes and edge nodes be set to core. Currently, only one layer of transparent transmission devices can be deployed between border nodes and edge nodes.
When a fabric network spans multiple sites, you need to configure correct device roles and ensure that the sites are reachable to each other through OSPF routes.
The following describes automatic underlay deployment in the multi-site scenario and in a three-layer networking.
- Scenario 1: A fabric network spans multiple sites, and only one site has a border node, as shown in the following figure.Figure 5-65 Multi-site scenario
Perform the following operations to configure automatic underlay deployment:
- Choose from the main menu and change the role of Edge2 to Core.
- Check the OSPF areas automatically orchestrated by the border node, choose from the main menu, click the tab, and manually configure the routes between interconnection interfaces on the border node and Edge2 to ensure that they are reachable to each other.
- Scenario 2: A fabric network has three layers of devices, including a border node, edge nodes, and an access device, as shown in the following figure.Figure 5-66 Three-layer fabric networking
Perform the following operations to configure automatic underlay deployment:
- Choose from the main menu and change the role of edge node 2 to Aggregation.
- Change the role of the access device on the fabric network to Edge.
Parameters
Parameter |
Description |
---|---|
Interconnection VLAN |
VLAN resource pool for device interconnection. This parameter is configurable when border and edge devices are interconnected on the underlay fabric network. |
Interworking IP |
IP address resource pool for device interconnection. This parameter is configurable when border and edge devices are interconnected on the underlay fabric network. |
Fabric Management
Configuring a Fabric
A fabric network consists of a group of interconnected border, edge, and access nodes to provide non-differentiated access capabilities. In this way, an access device can access different network services at the same time. This reduces costs and improves network device utilization.
The overlay virtualization technology VXLAN enables multiple virtual networks (VNs) to be carried on the same fabric network and supports flexible service deployment.
Prerequisites
- Devices are already online on iMaster NCE-Campus and under the management of the current tenant.
- The license of the VN type has been imported into the system.
Context
- Fabric network with a centralized gateway:
- Traffic transmitted from an internal network to external networks and transmitted on internal networks passes through the centralized gateway. In this case, only border devices can function as centralized gateways.
- VNs of L3 VXLAN, L2 VXLAN, L3 VLAN, and L2 VLAN types are supported.
- Fabric network with distributed gateways
- Traffic transmitted from an internal network to external networks and transmitted on internal networks passes through different gateways. In this case, edge and border devices can function as gateways.
- L3 VXLAN and L2 VXLAN types are supported, and L3 VLAN and L2 VLAN types are not supported.
Procedure
- Choose Create Fabric on the left. , and click
- Set the fabric name, add devices, and set related parameters as planned. You can configure two border nodes on the fabric to improve network reliability or to connect to two egresses in external networks. Two border nodes can be deployed only on the distributed networking.
When the system is upgraded, for example, from V300R019C00 to the latest version, if an error message is displayed indicating a configuration conflict when you enable Report terminal identification information during fabric network creation, set DHCP snooping to snooping on the page under .
- Set physical network parameters. Before enabling Automatic routing domain configuration, you need to configure a resource pool for underlay automation. After Automatic routing domain configuration is enabled, choose Routing domain orchestration tab to view OSPF area settings. , and click the
- If more than one RR (allowing up to two RRs) is deployed on a fabric network, for example, two RRs are configured on a fabric network with two border nodes, you need to configure the RR cluster ID.
If a physical link changes, click
in the upper left corner to view the fabric list, and click
on the right of the fabric where the physical link resides to update the corresponding routing domain. Alternatively, click
to update routing domains in the topology mode.
- Click Confirm.
- If the switch to be added has been registered with iMaster NCE-Campus using NETCONF but has been deleted from iMaster NCE-Campus, before you add this switch to iMaster NCE-Campus again, run the undo netconf command on the switch to clear the residual data in the NAAS database. If the residual data on the switch is not cleared, iMaster NCE-Campus may fail to deliver services to the switch, or the switch may fail to be managed by iMaster NCE-Campus.
- After enabling Automatic routing domain configuration, deploying edge devices that are not added to the fabric at a site, and configuring routes on the underlay network, you are not allowed to delete the edge devices. Otherwise, OSPF routes between border devices and the access devices connected to the edge devices will fail, causing service interruption.
- Network loops may occur in dual-border networking. You need to run commands to configure a loop prevention protocol based on site requirements.
Follow-up Procedure
- View a fabric.
Click the name of the target fabric to view the fabric information.
- View the configuration status.
Select the fabric to modify, click
under the fabric, and check the configuration status. If Configuration Status of any item is Failed, see Troubleshooting.
- Update a routing domain.
Select the fabric to modify and click
under the fabric to update the routing domain.
- Modify a fabric.
Select the fabric to modify and click
under the fabric to modify the fabric information.
- Delete a fabric.
Select the fabric to delete and click
under the fabric to delete the fabric.
Parameters
Parameter |
Description |
---|---|
Name |
Fabric name. Within a tenant, a fabric name must be unique. |
Networking Type |
Fabric networking deployment mode:
|
Stack |
Whether a device is a stack. If a device is a stack, on the page displaying the device details, you can view the member devices in the stack. In addition, in the port list and link list, you can view the ports and links of all member devices, respectively. |
Role |
Role of a device on a fabric network. The value can be Access (default), Edge, or Border. |
Model |
Device model. |
Storm Suppression |
Type of the traffic to be suppressed in a BD:
|
Broadcast CIR/Broadcast CBS |
Committed information rate (CIR) and committed burst size (CBS) of broadcast traffic. |
Multicast CIR/Multicast CBS |
CIR and CBS of multicast traffic. |
Unknown Unicast CIR/Unknown Unicast CBS |
CIR and CBS of unknown unicast traffic. |
Layer 2 Isolation |
When Layer 2 isolation is enabled, the RR does not reflect client routes. NOTICE:
|
Reporting terminal identification information |
Whether to report information used for terminal identification. After this function is enabled, devices on the fabric periodically report information, such as DHCP option, HTTP User-Agent, and mDNS settings for terminal identification. The default report interval is 10 minutes. You can choose from the main menu and then choose Switch > Report terminal monitoring information from the navigation pane to change this interval. |
Automated routing domain configuration |
Configure OSPF routing domains on the devices deployed on the fabric to establish underlay Layer 3 routes. After this function is enabled, the underlay network is automatically configured. You can specify the sites where routing domains are automatically configured and specify OSPF route parameters. Currently, the following parameters are supported: Area: OSPF area. If Single Area is configured, all devices belong to area 0. If Multi Area is configured, only the core devices belong to area 0, and each aggregation device forms an area with the core devices. Network Type: OSPF network type. The options are broadcast, P2MP, or P2P. Encryption: Encryption mode between adjacent devices. The options are HMAC-SHA256, MD5, or None. NOTE:
HMAC-SHA256 is recommended, because it is more secure than MD5. Key: Authentication key identifier of the interface's cipher authentication. Both ends must have the same key ID. The value is an integer in the range from 1 to 255. Password: Cipher-text password. The value is a string of 1 to 255 characters without spaces. Confirm password: Confirm the cipher-text password. OSPF GR: Whether to enable the OSPF graceful restart (GR) function. |
AS number |
AS number of BGP-EVPN. NOTE:
If BGP has been configured on the device, the AS number must be the same as the BGP AS number configured on the device. |
Reflector cluster ID |
If multiple RRs need to be configured, configure an RR cluster ID to prevent BGP route loops. If multiple RRs are deployed on a fabric network, for example, two RRs are deployed on a dual-border fabric network, the RR cluster ID needs to be specified. |
BGP Source Interface |
Connection interface type (including the VLAN interface and loopback interface) and number used by a device to send BGP packets. To enable a device to send BGP packets even if the physical interface fails, iMaster NCE-Campus sets the source interface for sending BGP packets to a connection interface when automatically delivering BGP configurations. NOTE:
The connection interface needs to be consistent with that configured on the border or edge device. If Automated routing domain configuration is configured, you do not need to set this parameter. |
Route Reflector |
Whether a device functions as a route reflector (RR) on a fabric network. One device configured as an RR cannot function as an access node at the same time on a fabric network. If an RR cluster ID is configured, multiple RRs can be configured. After an RR is configured, iMaster NCE-Campus automatically delivers the BGP configurations of all edge devices and border devices in the fabric. NOTE:
If no RR is specified, administrators need to perform basic BGP configuration using command lines. |
Managing Networks in Topology Mode
iMaster NCE-Campus can display a fabric network in a topology. You can view device status, add devices, query links, and modify device roles on the topology.
In the current networking, two devices can be connected through only one logical link.
In some scenarios, to increase the bandwidth between two devices or increase the reliability, you need to connect two devices through more than one physical link. In this case, you need to add the interfaces on the local device to an Eth-Trunk interface, and those on the remote device to another Eth-Trunk interface.
After interfaces on the local and peer device are added to an Eth-Trunk interface, respectively, if the devices are online, you can click the device names to go to the device details page. On the interface list page and link management page, perform interface configuration synchronization and link discovery, respectively.
Context
In a topology, you can obtain the icon meanings on the right. Pay attention to the following:
- A device with
displayed in the lower right corner of the device icon is displayed on the current page. If there are a large number of devices in a fabric, the devices are displayed on multiple pages in the topology. A maximum of 10 devices and their upper-level devices can be displayed on each page.
- If an AP is directly connected to a device,
is displayed in the upper left corner of the device icon, and the number in the circle indicates the number of directly connected APs.
- In a fabric, the switches that can be managed include physical switches and stack switches. A stack combines multiple stacking-capable switches into a logical switch. Stacking technology provides high network reliability and forwarding performance, and simplifies network management.
- You can tune the topology structure as required, and then click
on the right to save the modification.
Prerequisites
A fabric network has been created.
Procedure
- Choose Network Management tab. , and click the
- Click
in the upper right corner to enter the topology mode.
- Click Add Device, select devices to be added, and set the related parameters as planned.
- View information about APs or stack members.Right-click the device to be configured and choose View AP, or View Stack Members from the shortcut menu.
Only access and edge devices support the function of viewing APs.
- Adjust the device role.
Right-click the device to be configured and choose Set as Core, Set as Edge, or Set as Extended from the shortcut menu.
- Configure an external gateway.
When a tenant needs to access an external network, you need to configure information about the connection between a border device and external network and information about an external gateway for service provisioning. The following conditions must be met:
- An external gateway has been pre-configured. The IP address and VLAN of the port on the external gateway to be connected to the border device have been configured.
- A fabric has been created and a border device has been configured.
- It has been determined that the tenant network is a Layer 2 or Layer 3 LAN.
- If the tenant network is a Layer 3 LAN, the gateway needs to connect to an egress network device through a Layer 3 interface. In such case, a Layer 3 external gateway needs to be created to implement network connectivity between the gateway and egress network device.
- If the tenant network is a Layer 2 LAN, the gateway needs to connect to an egress network device through a Layer 2 interface. In such case, a Layer 2 external gateway needs to be created to implement network connectivity between the gateway and egress network device.
Click the icon of the external gateway. On the Configure External Gateway tab page, click Create. Configure the border gateway to connect to external networks through static routes, BGP, or OSPF, and then click OK. Table 5-370 describes the external gateway parameters.
- In dual-border networking, you can configure multiple external gateways in one external network with a Layer 3 shared egress. However, if a Layer 3 exclusive egress is required for an external network, you need to configure an external network with a Layer 3 exclusive egress for each of the border nodes. When configuring an external network that exclusively uses a Layer 3 egress, you need to manually configure static routes if you need to use static routes to implement load balancing between two border nodes. External service IP Address cannot fulfill this requirement.
- To configure two border nodes to work in active/standby mode, you have to configure an external network with a Layer 3 exclusive egress and configure dynamic routes. In this case, devices on the external network advertise routes with different costs to the border nodes so that the border nodes can work in active/standby mode.
- Network loops may occur in dual-border networking. You need to run commands to configure a loop prevention protocol based on site requirements.
- To modify information about an external gateway, click
next to the external gateway.
- To delete an external gateway, click
next to the external gateway.
- Click
next to the external network to view the detailed configuration of the external network.
- Configure network service resources.
The DHCP server is connected to the border node in off-path mode to provide the DHCP service for the tenant network. The DHCP server processes requests for address assignment, address lease renewal, and address release from clients or relay agents, and assigns IP addresses and other network configurations to clients. When the gateway of a Layer 3 VN needs to use the DHCP service, the system automatically delivers related configurations based on the DHCP server configuration. For a Layer 2 VN, no DHCP group needs to be configured.
End users access the portal server, RADIUS server, and DNS server through a core device. You need to configure interconnection information between the core device and servers for service provisioning.
Before configuring network service resources, you need to perform the following operations:
- Set up a fabric and configure a border node.
Click the icon of the network service resources. On the Create, set parameters, and click Complete after the configuration.
tab page, click - Check the source IP address of the device that connects to network service resources.
Click the icon of the network service resources, select the desired network service resource on the
tab page, and clickto view the source IP address of the device that connects to the network service resource.
- To modify information about a network service resource group, click
next to the group.
- To delete a network service resource group, click
next to the group.
- To modify information about a network service resource group, click
- Configure a route monitoring group.
When there are two or more egresses on a network, if the active egress fails, all traffic can be transmitted through the standby egress with a lower priority. To implement network backup, you can associate routes with NQA test instances and route monitoring groups to quickly detect link faults. After an NQA instance detects a link fault, the corresponding routes will be deleted from the IP routing tables on the devices bound to the NQA instance. Then, service traffic is switched to a route without a link fault, preventing lengthy service interruptions.
Click Create. Set parameters, and click OK after all settings are complete.
. On the tab page, select and clickClick Route Monitor tab page, select and click Create. Set parameters, and click OK after all settings are complete.
. On the
Parameters
Parameter |
Description |
---|---|
Name |
Name of an external gateway. |
External network type |
Type of the egress connecting the tenant network to an external network. The options are as follows:
|
Use default VRF |
Whether to use the default VRF of the border device. |
Connecting to the Internet |
Whether to connecting to the Internet. |
External service IP Address |
IP address of the remote network connected to the current egress. This IP address is used by iMaster NCE-Campus to automatically deliver the static route pointing to the remote network. This parameter needs to be set only when External network type is set to L3. |
Core device |
Core device to be connected to the remote network. |
Port |
Port that connects the core device to the PE device and description of the port. The description is a string of 1 to 80 case-sensitive characters. The value can contain spaces. |
Description |
|
VLAN |
Interconnection VLAN between the core device and PE. This parameter needs to be set only when External network type is set to L3. |
IP address type |
IP address type of the interconnection port:
|
Local IPv4 address/Local IPv6 address |
IP address of the core device's port to be connected to the PE. This parameter needs to be set only when External network type is set to L3. |
Peer IPv4 address/Peer IPv6 address |
IP address of the PE's port to be connected to the core device. This parameter needs to be set only when External network type is set to L3. |
IPv4 Mask/IPv6 Mask |
IP address mask of the interconnection ports between the core device and PE. This parameter needs to be set only when External network type is set to L3. |
Deliver static routes |
Whether to deliver static routes. If this function is enabled, iMaster NCE-Campus automatically delivers the static routes pointing to the remote network. This parameter needs to be set only when External network type is set to L3. In dual-border device networking, if static routes are required to implement load balancing between two border devices, you need to manually create static routes. External service IP Address cannot fulfill this requirement. |
Input route |
BGP is configured on border devices to statically add routes in the IP routing table to the BGP routing table and advertise these routes to peers. |
Aggregated route |
Summary route. Border devices suppress the advertisement of specific routes of summary routes and advertise only summary routes. |
BGP peer |
BGP peer information of border devices:
|
OSPF |
OSPF process information on the border gateway.
|
area |
OSPF area information about the border gateway.
|
Parameter |
Description |
---|---|
Name |
Name of a network service resource group. |
Server Type |
Currently, the following four types of servers are supported:
|
Server Interworking Address Pool |
IP address used by a border or edge device to communicate with third-party servers. The loopback address of the border device is used. |
Loopback interface number |
Source address of an external server that provides network services. If this parameter is not specified and an IPv6 DHCP server, a portal server, or a RADIUS server has been configured, the system will automatically deliver a loopback interface number. This number may conflict with that manually configured on switches. |
Scenario |
Interconnection mode between external servers and fabric devices. The following scenarios are available:
|
Interconnection Device |
Devices interconnected with servers. |
External Port |
Physical port for connecting the device to the server. You can select the desired port from the drop-down list by clicking NOTE:
When the border device is connected to a switch, the type of the interconnection port on the border device is set to trunk by default. The interconnection port on the switch must be of the same type as that on the border device. |
Interconnection IPv4/IPv6 |
IP address and mask of the border device's VLANIF interface connected to servers. |
Mask |
|
External VLAN |
VLAN to which the physical port used by the device to connect to the server belongs and description of the VLAN. The description is a string of 0 to 80 case-sensitive characters. The value can contain spaces. |
Description |
|
Peer IPv4 |
IPv4 address and mask of the peer switch in the Directly connected to a switch in bypass mode scenario. |
Mask |
Parameter |
Description |
|
---|---|---|
NQA |
Device |
Device on which an NQA test instance is configured. |
Name |
Name of the NQA test instance. |
|
Destination IP |
Destination IP address of the NQA test instance. |
|
Next hop IP |
Next hop IP address of the NQA test instance. |
|
Number of sent packets |
Number of probes to be sent each time for an NQA test instance. The value is an integer in the range from 1 to 15. The default value is 3. |
|
Interval of sent packets(s): |
Interval at which packets are sent in an NQA test instance. The value is an integer in the range from 1 to 60, in seconds. The default value is 4. |
|
Timeout(s) |
Timeout period of a probe for an NQA test instance. The value is an integer in the range from 1 to 60, in seconds. The default value is 3. |
|
Detection frequency(s) |
Interval at which an NQA test instance is automatically executed. The value is an integer in the range from 1 to 604800, in seconds. The default value is 15. |
|
Route Monitor Group |
Device |
Device on which a route monitoring group is configured. |
Name |
Name of the route monitoring group. |
|
NQA |
NQA test instance bound to the route monitoring group. |
|
Routing relationship |
Relationship between the NQA test instances to be tracked. The relationship can be: OR: A link switchover is performed only when all links monitored by NQA test instances in a route monitoring group fail. AND: If the link monitored by an NQA test instance in a route monitoring group fails, a link switchover is performed. |
|
Handover delay(second) |
Delay in switching traffic from the faulty link to the backup link. The value is an integer in the range from 0 to 1000, in seconds. The default value is 0. |
|
Switchback delay(second) |
Delay time for a traffic switchback after a fault is rectified. The value is an integer in the range from 0 to 1000, in seconds. The default value is 5. |
Managing Networks in List Mode
After creating a fabric network, you can add, delete, and modify devices and links on the fabric as required.
Prerequisites
A fabric network has been created.
Context
On a fabric network, the switches that can be managed include physical switches and stack switches. A stack combines multiple stacking-capable switches into a logical switch. Stacking technology provides high network reliability and forwarding performance, and simplifies network management.
Procedure
- Choose Network Management tab. , and click the
- Click
in the upper right corner to enter the list mode.
Click Add Device. Select devices to be added and set the related parameters as planned.
- If the switch to be added has been registered with iMaster NCE-Campus using NETCONF but has been deleted from iMaster NCE-Campus, before you add this switch to iMaster NCE-Campus again, run the undo netconf command on the switch to clear the residual data in the NAAS database. If the residual data on the switch is not cleared, iMaster NCE-Campus may fail to deliver services to the switch, or the switch may fail to be managed by iMaster NCE-Campus.
- After enabling Automatic routing domain configuration, deploying edge devices that are not added to the fabric at a site, and configuring routes on the underlay network, you are not allowed to delete the edge devices. Otherwise, OSPF routes between border devices and the access devices connected to the edge devices will fail, causing service interruption.
- Network loops may occur in dual-border networking. You need to run commands to configure a loop prevention protocol based on site requirements.
For a device that has been online, you can click the device name to view the device status. In addition, you can also reboot the device or click Command Line to run commands on the device.
- The web UI display varies according to different devices.
- Only firewalls, ARs and WACs support the Device Configuration function. This enables users to log in to the web NMS of the devices through iMaster NCE-Campus. A maximum of 20 device's web NMSs can be opened together.
- If a user opens the web system of a device through this function and then opens the web system of another device, the session information of the first device will be overwritten and the user will be logged out from the web system of the first device when the user opens the web system of the second device. This is because different devices use the same IP address to forward sessions using SSH. If you need to open the web system of two devices at the same time, open a non-trace page or use another browser to log in to iMaster NCE-Campus, and then switch to the web system of the devices.
- Delete devices.
Select one or more devices to be deleted and click Delete. Alternatively, to delete a device, click
next to the device.
A device cannot be deleted if the device has been deployed with services, such as extended access, DHCP group, external gateway, and VN services. Before deleting a device, delete the network services deployed on the device in the following sequence: VN interworking > VN > network service resource > external network > access management service.
- Change the role of a device to border, edge, or access.
Select one or more devices to be modified, click Set Role, and select a value from the drop-down list box.
The role of a device cannot be changed if the device has been deployed with services, such as extended access, DHCP group, external gateway, and VN services.
On a centralized fabric network, there can be only one border gateway node and multiple extended nodes and edge nodes. On a distributed fabric network with dual border nodes, there can be two border gateway nodes and multiple extended nodes and edge nodes.
- Configure source interfaces for sending BGP packets.
Select one or more devices to be modified and click Set BGP Source Interface. In the displayed dialog box, select the connection interface type, enter the interface number, and click OK.
After automatic orchestration of routing domains is enabled, the source interfaces for sending BGP packets cannot be set.
The connection interface of a device cannot be changed if the device has been deployed with services, such as extended access, DHCP group, external gateway, and VN services.
- Change the RR.
To enable or disable the RR role of a device, set Route Reflector.
- On a fabric network with a centralized gateway, only one device can be configured as an RR. On a fabric network with distributed gateways, a maximum of two devices can be configured as RRs. In both scenarios, the role of RRs cannot be set to access.
- If the RR is disabled, all basic BGP configurations will be deleted from the device, and administrators need to perform re-configurations using command lines.
- Redeliver configurations.
If BGP Pre-configuration Status or Configuration Status of the Terminal Identification Channel of a device does not display success, select the device and click Redeliver to redeliver configurations.
- Update a routing domain.
When a physical link on a fabric changes, click Update Routing Domain to update the underlay network of the fabric.
Configuring Access Management
This section describes how to configure access management, such as the access authentication mode. Specifically, this section describes how to configure Network Access Control (NAC) authentication points on an edge node in a fabric to implement policy association between access and edge nodes so that end users' requirements of free mobility can be met.
If access users do not need to be authenticated on VNs, skip this section.
Prerequisites
- You have configured policy templates for access nodes to access VNs. For details about how to configure a policy template, see Policy Template.
- You have enabled the built-in RADIUS server or portal server in the authentication template. That is, you have enabled iMaster NCE-Campus to function as the RADIUS server or portal server. Alternatively, you have specified a third-party RADIUS server or portal server in the authentication template. In this case, ensure that you have configured network service resources for fabric networks.
- You have performed admission configuration, including configuring user accounts, authentication rules, authorization rules, and authentication results. For details, see Admission Configuration.
- For a distributed fabric, edge devices have been configured on the fabric network. For a centralized fabric, edge and border devices have been configured on the fabric network.
Procedure
- Choose Access Management tab. , and click the
- Select the target fabric on the left, and select an authentication control point.
Configure the extended parameters of the authentication control point.
- Configure interfaces on of the authentication control point.
In the interface list, click
next to an interface, set the Connected Device Type and Authentication Template parameters of the interface, and click
. For details about how to configure an authentication template, see Customizing a Policy Template.
- Only the transparent transmission devices that have been added to a fabric can be deployed between authentication control points and enforcement points. Otherwise, downstream access switches, which are authentication enforcement points, connected to the transport transmission devices cannot be identified by the authentication control points.
- To configure interfaces in batches, you need to select the target interfaces and click the setting button on the top of the interface list.
- When an authentication template is configured on an interface of an authentication control point, either IPv4 or IPv6 portal server can be configured.
- If the authentication control point is a border gateway and Set Connected Device Type is set to Extended AP, you need to configure routes from the border gateway to edge devices to ensure that iMaster NCE-Campus can access the AP management network. The routes can be automatically learned through dynamic routing protocols or specified as static routes. When a static route is configured through the device CLI or delivered with site configurations from iMaster NCE-Campus, the destination address of the static route must be set to the management IP address of CAPWAP, and the next hop must be set to the VTEP IP address of an edge device.
- (Optional) Configure the policy for each interface on the authentication execution point connected to the authentication control point.
Before the configuration, click Refresh Execution Point Device List to refresh status of the authentication execution point.
- (Optional) Associate a wireless authentication SSID with the desired authentication template. Perform this step if iMaster NCE-Campus functions as an authentication server. Wireless access can be configured only on the switches that support native AC. SSIDs need to be configured on the switch's web NMS and SSID names must be the same as VAP profile names.
Portal authentication and 802.1X authentication templates cannot be associated to an SSID at the same time. That is, portal authentication and 802.1X authentication cannot be specified at the same time in an authentication template associated to an SSID.
- Click Apply.
- (Optional) When a third-party device needs to be configured as an access control device or portal authentication exemption needs to be configured on fabric networks, choose from the main menu.
- On the page that is displayed, click the Portal address authentication-free control policy tab and click Create to create a portal address authentication-free control policy. This portal address authentication-free control policy takes effect only when the third-party device serves as the authentication point.
- After the portal address authentication-free control policy is configured, click
to apply the policy to a user groups or user. A user group or user can be bound to only one portal address authentication-free control policy. If Portal authentication-free extension is enabled on the Advanced Parameters tab page under , this function takes effect in the portal address authentication-free control policy. That is, the portal address authentication-free validity period is extended as configured.
- On the page that is displayed, click the Portal address authentication-free control policy tab and click Create to create a portal address authentication-free control policy. This portal address authentication-free control policy takes effect only when the third-party device serves as the authentication point.
Follow-up Procedure
- Modify the access management configuration.
Select the target authentication control point to be modified from the authentication control point list and modify related parameters. To make the modification take effect, click Apply. To cancel the modification, click Cancel.
- Delete the access management configuration.
To delete all access management configurations, click Reset.
Parameters
Parameter |
Description |
---|---|
Control Point |
For a distributed fabric, control points can only be deployed on edge devices. Multiple control point devices are allowed. For a centralized fabric, control points can be deployed on multiple edge devices or one border device.
|
Number of execution point devices |
This parameter indicates the maximum number of enforcement point devices supported by a control point device. |
Management VLAN of CAPWAP |
A control point (edge or border device) manages the connected execution points (edge or access devices) through the VLAN and IP address. This parameter is mandatory when the value of Connected Device Type on the control point port is Extended AP or Extended access switch. The two parameters must be configured together. |
Management IP of CAPWAP |
|
Authentication-free rule |
This parameter specifies the network accessible to users before successful authentication. NOTE:
Only some switch models support authentication-free rules defined based on ACLs, and the models supporting IPv4 ACLs and IPv6 ACLs are different. For details, see the corresponding switch product documentation. |
Connected Device Type |
This parameter indicates the type of the devices connected to a control point device port. The options are as follows:
|
Authentication Template |
A template is used to specify the authentication mode used by a control point device port. NOTE:
When an authentication template is configured with a bypass policy template defined with IPv6 ACLs, the authentication configuration fails to be delivered to authentication control points that do not support IPv6 ACLs. For details about the switch models that support IPv6 ACLs, see the corresponding switch product documentation. |
Authentication Mode |
|
Set Uplink Port |
When the control point is not directly connected to its upper-level device, you need to manually specify the uplink port. |
Inherit Authentication Template on Control Point Port |
After this parameter is enabled, ports of enforcement point devices connected to a control point device inherit the authentication profile of the connected control point device port. |
SSID |
SSID used for wireless authentication. |
Authentication profile |
Authentication profile to be bound to the SSID for wireless authentication. |
Supported Device Types
The following table lists the models of the devices that can be configured as authentication control points and enforcement points.
Device Function |
Device Type |
Device Model Software Version |
---|---|---|
Authentication control point |
S12700 |
S12704 S12708 S12712 S12710 |
S12700E |
S12700E-4 S12700E-8 S12700E-12 |
|
S7700 |
S7703 S7706 S7710 S7712 |
|
S5700 |
S5720HI S5730-HI S5731-H S5731-H-K S5731S-H S5732-H S5732-H-K |
|
S6700 |
S6720-HI S6730-H S6730-H-K S6730S-H S6730-S S6730S-S |
|
Authentication enforcement point |
S1700 |
S1730S-H |
S5700 |
S5720-LI S5735-L S5735S-L S5735S-L-M S5720S-LI S5720-SI S5735-S S5735S-S S5735-S-I S5730-SI S5730S-EI S5720-EI S5730-HI S5731-H S5731-H-K S5731-S S5731S-H S5731S-S S5732-H S5732-H-K |
|
S6700 |
S6720-LI S6720S-LI S6720-SI S6720S-SI S6720-EI S6720S-EI S6730-H S6730-H-K S6730S-H S6730-S S6730S-S |
|
S600-E |
S600-E |
LAN-side Logical Network Management
Configuring a Default VN on the LAN Side
Unauthenticated users can access the default VN temporarily in the following scenarios:
- Before authentication, an end user accesses the default VN to apply for a temporary IP address. During portal authentication, the authentication server needs to obtain the user's temporary IP address to push the Portal page to the user. After the authentication succeeds, the end user is connected to a service VN.
- Pre-authentication resources need to be deployed together with the authentication-free function. For example, resources such as the FTP server for downloading 802.1X clients can be deployed in the default VN to ensure that unauthenticated users can access the FTP server.
Prerequisites
- Before managing the default VN, you must have the corresponding management permission. The permission can be assigned when a tenant administrator is created, and can be modified after the role is created. The permission assigned for a tenant administrator can be either of the following:
- Permission to manage all sites in the system
- Permission to manage a specific default VN
The default tenant administrator is the first tenant administrator created in the system and has the permission to manage all VNs.
- A fabric network has been created and related configurations have been performed.
Context
- A fabric network supports only one default VN.
- The default VN supports the following network types:
- Fabric network with a centralized gateway: Virtualized VXLAN and traditional VLAN
- Fabric network with distributed gateways: Virtualized VXLAN
- You can set the service gateway location in the default VN to Outside the Fabric based on the users' requirements of Layer 2 VN access before authentication.
- You can set the service gateway location in the default VN to Inside the Fabric based on the users' requirements of Layer 3 VN access before authentication.
Procedure
- Choose .
- Select the target fabric on the left, move the cursor over the default VN, and click
displayed in the upper right corner of the default VN. Modify VN parameters on the page that is displayed.
- Configure the network type of the default VN.Figure 5-67 Configuring the default VN on a fabric network with a centralized gatewayFigure 5-68 Configuring the default VN on a fabric network with distributed gateways
- (Optional) Set External network. To create, modify, or delete an external gateway, click
.
- (Optional) Set Network service resources. To create, modify, or delete an external gateway, click
.
- Configure User gateway.
Click Create and set subnet parameters. Click
.
- For the VLAN type of the default VN, only static VLANs are supported.
- The default VN configuration will be delivered to the access interfaces configured with authentication and their uplink authentication control points. The authentication mode on access interfaces is configured on the Access Management page.
- Click Apply.
Parameters
Parameter |
Description |
|
---|---|---|
Network technology |
Configure the network technology of the default VN.
|
|
User gateway location |
Service gateway of the default VN.
|
|
External network |
External gateway of the default VN. This parameter needs to be set if the users within the VN need to access the external network. |
|
Network service resources |
DHCP server of the default VN. This parameter needs to be set if the users within the VN need to use the DHCP service. This parameter needs to be set only when the tenant network is a Layer 3 network. |
|
User gateway |
VLAN |
VLAN ID of a subnet. |
IP Type |
Type of an IP address. The value can be IPv4 or IPv6. |
|
Subnet |
Subnet IP address and mask. |
|
Gateway Address |
Gateway IP address of a subnet. |
|
DHCP |
Mode in which the DHCP server assigns IP addresses to users in a subnet.
|
|
Description |
Description of a VLAN. The value is a string of 0 to 80 case-sensitive characters without spaces and question marks (?). |
Configuring a LAN-Side VN
iMaster NCE-Campus allows administrators to create LAN-side VNs on a fabric network. Different VNs carry different tenant services, and thereby implement service isolation between tenants.
For example, if the tenant is a university, VNs can be created for the faculty of computer and the faculty of finance and economics of the university, respectively.
Prerequisites
- Before managing the default VN, you must have the corresponding management permission. The permission can be assigned when a tenant administrator is created, and can be modified after the role is created. The permission assigned for a tenant administrator can be either of the following:
- Permission to manage all sites
- Permission to manage a specific VN
The default tenant administrator is the first tenant administrator created in the system and has the permission to manage all VNs.
- A fabric network has been created and related configurations have been performed.
- Before performing extended access configuration for a fabric, if the fabric contains a device port whose authentication profile uses portal authentication or customers are allowed access to network resources before being authenticated, you need to configure a default VN.
Context
- VNs support the following network types:
- Fabric network with a centralized gateway: Virtualized VXLAN and traditional VLAN
- Fabric network with distributed gateways: Virtualized VXLAN
- You can set the gateway location in the default VN to Outside the Fabric based on the users' requirements of Layer 2 VN access before authentication.
- You can set the gateway location in the default VN to Inside the Fabric based on the users' requirements of Layer 3 VN access before authentication.
Procedure
- Choose .
- Select the target fabric network on the left and click Create VN.
- In the Create VN area, set the VN name.
- Configure the network type of the VN.Figure 5-69 Configuring a VN on a fabric network with a centralized gatewayFigure 5-70 Configuring a VN on a fabric network with distributed gateways
- (Optional) Set External network. To create, modify, or delete an external gateway, click
.
In dual-border networking, if two external networks with a Layer 3 exclusive egress are configured, configure two VNs to bind to the two external gateways to ensure that the border nodes can work in active/standby mode.
- (Optional) Set Network service resources. To create, modify, or delete an external gateway, click
.
- Configure User gateway.
- Automatic creation: Click Automatic, and enter the number of subnets and the number of IP addresses on a single subnet. Click OK.
Only VN subnets can be automatically created.
If a VN is assigned to a voice VLAN, the CDP function is enabled by default on the devices in the VN. If you need to configure interfaces that have joined in the voice VLAN on the devices, choose from the main menu and choose from the navigation pane to enable the CDP function on the iMaster NCE-Campus web UI.
- Manual creation: Click Manual and set subnet parameters. Click
.
- Automatic creation: Click Automatic, and enter the number of subnets and the number of IP addresses on a single subnet. Click OK.
- Configure wired client access.
- Click Create.
- Set the service name, service access type, and the site involved in the service.
- Under Port List, set the authorization mode of service access ports.
- Click OK.
- Configure wireless client access.
- Click Create.
- Select the site involved in the service.
- Under Port List, select the devices to be added to the VN.
- Click OK.
If the fabric configuration conflicts with the device configuration in the site configuration, the fabric network may fail to be deployed. For details about the conflicting devices and conflict causes, see the conflicting device and conflicting path in the prompt information.
- Click Apply.
Follow-up Procedure
- Modify a VN.
Move the cursor over the icon of the VN to be modified, click
displayed in the upper right corner of the icon, and modify VN parameters on the page that is displayed.
- Delete a VN.
Move the cursor over the icon of the VN to be deleted and click
displayed in the upper right corner of the icon to delete it.
Parameters
Parameter |
Description |
|
---|---|---|
Name |
VN name. |
|
Network technology |
Configure the network technology of the VN.
|
|
User gateway location |
Service gateway of the VN.
|
|
User-defined VRF name |
VRF name of a VN. The value is a string of 1 to 31 case-sensitive characters. It cannot contain spaces or question marks (?). |
|
External network |
External gateway of a VN. This parameter needs to be set if the users within the VN need to access the external network. |
|
Network service resources |
Network service resources of a VN. This parameter is configurable when users in the VN need to use the DHCP service or other servers. Multiple network service resources can be selected. |
|
DHCP Snooping |
Whether to enable DHCP snooping for BDs or VLANs in all subnets in batches. This function needs to be enabled when terminal identification is configured. |
|
mDNS Snooping |
Whether to enable mDHS snooping for BDs or VLANs in all subnets in batches. This function needs to be enabled when terminal identification is configured. |
|
Name |
Subnet name. When you create a subnet manually, the value is a string of 1 to 80 case-sensitive characters without spaces and question marks (?). When a subnet is automatically created, the rule for generating the subnet name is as follows:
In the preceding information, dyn indicates the VLAN type, and 192_192_192_192 and FC00_0000_130F_0000_0000_09C0_876A_130B indicate the gateway address. |
|
User gateway (Automatic) |
Number of subnets |
Number of subnets to be created in automatic subnet creation mode and maximum number of IP addresses supported by a single subnet. After the two parameters are specified, iMaster NCE-Campus obtains available resources from the global resource pool and automatically delivers the resources to the subnets. |
IP address type |
Type of an IP address. The value can be IPv4 or IPv6. |
|
IPv4/IPv6 subnet mask |
Subnet mask. |
|
Start IPv4 address/Start IPv6 address |
Start IP address of a subnet. |
|
VLAN Type |
VLAN type.
|
|
Start VLAN ID |
Start VLAN ID of a subnet. |
|
DHCP Snooping |
Whether to enable DHCP snooping in a BD or VLAN on a subnet. This function needs to be enabled when terminal identification is configured. |
|
mDNS Snooping |
Whether to enable mDHS snooping in a BD or VLAN on a subnet. This function must be enabled when terminal identification is configured. |
|
User gateway(Manual) |
VLAN Type |
VLAN type.
|
VLAN |
VLAN ID of a subnet. |
|
IP type |
Type of an IP address. The value can be IPv4 or IPv6. |
|
IPv4 subnet/IPv6 subnet |
Subnet IP address and mask. |
|
IPv4 gateway address/IPv6 gateway address |
Gateway IP address of a subnet. |
|
DHCP |
Mode in which the DHCP server assigns IP addresses to users in a subnet. When the service gateway is Inside the Fabric:
|
|
DHCP Snooping |
Whether to enable DHCP snooping in a BD or VLAN on a subnet. This function needs to be enabled when terminal identification is configured. |
|
mDNS Snooping |
Whether to enable mDHS snooping in a BD or VLAN on a subnet. This function must be enabled when terminal identification is configured. |
|
Description |
Description of a VLAN. The value is a string of 0 to 80 case-sensitive characters without spaces and question marks (?). |
|
L2 Network |
VLAN Type |
VLAN type:
|
VLAN |
VLAN ID of a Layer 2 network. |
|
Wired access |
Service name |
Name of a service. |
Device Name |
Name of an edge node or an extended node. |
|
Site Name |
Name of the site where the service is to be deployed. |
|
Port |
User access port. |
|
Authentication Mode |
Authentication mode of the port, which is inherited from the authentication control point. |
|
Service VLAN |
VLAN through which a port connects to the VXLAN when receiving service traffic. |
|
Voice VLAN |
VLAN through which a port connects to the VXLAN when receiving voice traffic. |
|
Tagged VLAN |
Allows packets with VLAN tags to pass through the port when the port is connected to a switch. |
|
Wireless access |
Site |
Site where the service needs to be deployed. |
Device |
Wireless access device where the service needs to be deployed. |
(Optional) Configuring LAN-side VN Interworking at Layer 3
By default, devices in different LAN-side VNs cannot communicate with each other. However, if mutual access is required between LAN-side VNs and security requirements are not high, configure border devices to implement mutual access between the VNs at Layer 3.
You can configure access between subnets of LAN-side VNs by IP prefix.
- When configuring VN interworking at Layer 3, note the following:
- On a fabric network with distributed gateways, ensure that Network technology of both the source VN and destination VN is set to Virtualized VXLAN, and User gateway location of both VNs is set to Inside the Fabric.
- On a fabric network with a centralized gateway, ensure that User gateway location of both the source VN and destination VN is set to Inside the Fabric.
- The default VN cannot be configured to communicate with other VNs.
- Interworking between Layer 3 VNs cannot be transmitted. For example, if interworking between VN1 and VN2 and between VN2 and VN3 is configured, VN1 and VN3 cannot communicate with each other. Interworking between VN1 and VN3 needs to be configured separately.
Prerequisites
- The VNs that need to access each other have been created.
- An external gateway has been configured.
Procedure
- Choose .
- Select a specified fabric network on the left and click
in the upper right corner. The VN Interwork tab page is displayed.
- Click Add and set parameters as needed.
Related Operations
- Delete a VN interworking configuration.
Click
next to the target VN interworking configuration to delete this configuration.
Parameters
Parameter |
Description |
---|---|
Name |
Name of VN interworking. |
Interworking Device |
Border node to which static routes for VN communication are delivered. In a multi-border node scenario, you can select multiple border nodes to which static routes for VN communication are delivered. |
Interworking Mode |
It is used to configure whether all VNs between the source VN and destination VN can communicate with each other or only some subnets can communicate with each other. |
IP address type |
Type of an IP address. The value can be IPv4 or IPv6. |
Source VN |
Source and destination VNs that can interwork with each other. |
Destination VN |
|
Source IP Prefix |
When the value of Interworking Mode is set to Partial Interwork, you can manually specify the subnets that can communicate with each other. If the subnets represented by the IP prefixes of source and destination VNs cannot meet configuration requirements, you can manually enter the customized subnet IP prefixes. |
Destination IP Prefix |
Verifying the Configuration Status
After the service configuration is complete, you can query the service configuration status.
Procedure
- Choose Network Management tab. , and click the
- Click
next to the fabric name to expand the fabric list. Click
in the row that contains the desired fabric to view the fabric configuration result.
- Choose .
- Move the cursor over the name of the created fabric and click
next to the fabric to view the VN configuration result.
Troubleshooting
If Failed is displayed in the Configuration Status column, click to redeliver the configuration. If the fault persists, click
to redeliver full configurations to rectify the fault.
The following describes the possible causes:
- During configuration delivery, the service card of the device is not registered.
- The device does not respond with any acknowledgement packet. As a result, iMaster NCE-Campus considers that the configuration delivery times out on the device after a period of time.
- An exception, for example, a database fault, occurs on iMaster NCE-Campus when it processes the response from the device. As a result, iMaster NCE-Campus fails to update the configuration status of the device.
- During VN deletion and modification, online or per-authenticated users may exist on VN subnets. In this case, you need to redeliver the deletion or modification data after these users go offline.
- If there are site configurations that fail to be delivered, you need to restore site configurations before redelivering the fabric configuration by clicking
. Otherwise, the fabric configuration cannot be redelivered.
How Can I Adjust Physical Links?
This section describes how to adjust the physical links connected to access devices. Exercise caution when performing the following operations.
Context
Typical scenarios include:
- Ports connecting access device A and border device B need to be adjusted.
- Devices connected to access devices are changed.
Adjusting physical links after service deployment will cause network traffic interruptions, after which the system cannot recover services automatically. Therefore, make confirmations before performing the operations. Perform the operations when the system is idle and exercise cautions during the operations.
If operations are performed without strict compliance with description in this section, restore the system to the initial state before adjustment, and then perform operations according to this section.
Procedure
- Check and delete the VN services deployed on the access devices with physical links to be adjusted.
- Choose .
- Select the fabrics to which the physical links belong and select the configured VNs (excluding default VNs).
- Click View Ports in the wired and wireless access areas.
- In the port list, check whether there are selected access devices.
- If so, click the editing icon of the VN and deselect the access device or directly delete the VN.
- If not, go to the next step.
- If so, click the editing icon of the VN and deselect the access device or directly delete the VN.
- Check and delete the extended access services deployed on the access devices with physical links to be adjusted.
- Choose .
- Select the fabrics to which physical links belong. Click the Access Management tab.
- Expand the Execution Point Device Configuration for Control Point Extension area, click
before every access device, and set Connected Device Type to -- for all ports.
- Adjust the physical links.
- After the physical links are adjusted, discover new links.
- Choose Discover Link. , and click
- Click Discover, select the access devices with the links adjusted, and click OK to discover and synchronize new links.
- Complete extended access and VN service configurations for the access devices again based on the requirements.
- Networking Scenario
- Virtualized Campus Network Deployment Procedure
- Configuring a Fabric Global Resource Pool
- Configuring an Underlay Automated Resource Pool
- Fabric Management
- LAN-side Logical Network Management
- (Optional) Configuring LAN-side VN Interworking at Layer 3
- Verifying the Configuration Status
- How Can I Adjust Physical Links?