No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudCampus Solution V100R019C10 Deployment Guide for Large- and Medium-Sized Campus Networks (Virtualization Scenario)
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Typical Applications

Typical Applications

iMaster NCE-Campus supports three typical deployment scenarios. You can access the desired deployment configuration page through the corresponding navigation path to quickly perform deployment configurations.

Deployment of Branch Network

Context

This solution is applicable to deployment operations in scenarios such as sales stores, large-scale shopping malls, and modern campuses, and supports fast deployment of firewalls, switches, APs, and ARs.

Procedure

By following instructions on the deployment configuration page, you can quickly deploy sites. The following configurations are used for reference only (some optional parameters are not described here).

  1. Navigate to the page for deployment of hybrid devices.

    1. Log in to iMaster NCE-Campus as a tenant administrator.
    2. Click Branch Network in the Typical Scenario area.

  2. In the Site Management phase:

    • Create sites on the Site Management tab page. For details, see Create a Site.
    • View and set device deployment locations to plan wireless networks on the Floor tab page. For details, see Monitoring Sites.

  3. In the Device Management phase:

    • Add devices to sites on Device Manage tab page. For details, see Adding Devices.
    • Upload a network plan on the Network Planning Import tab page. After a network plan is imported, related information is automatically imported, improving manual configuration efficiency. For details, see Configuring a Network Plan.

  4. In the Device Onboarding phase:

    Configure devices downstream connected to a gateway to access the network through the gateway.

    Table 5-429 Parameters on the Device Onboarding page

    Parameter

    Description

    Select the management subnet gateway

    Select a gateway device at the local site.

    Device management subnet VLAN

    The value is the same as the VLAN ID of the gateway that is directly connected to intranet devices.

    To obtain the subnet segment, perform the following steps

    This parameter value can be set to Manual or Automatic.

    • Manual: You need to manually configure the default IP addresses and masks.
    • Auto: The default IP addresses are allocated automatically from the address pool.

    IP address pool

    This parameter value can be set to an available IP address from the resource pool. Alternatively, you can click to create an available IP address.

    IP address

    IP address of a VLANIF interface, which is used as the default gateway address of DHCP clients.

    Mask

    Subnet mask of an IP address that a DHCP client automatically obtains. The gateway IP address and subnet mask determine the IP address range (DHCP address pool) that DHCP clients may obtain.

    AP mode

    Mode of an AP in the subnet. The options are Cloud AP and Fit AP.

    NOTE:

    The AP mode of the current subnet can be specified only when the AP is managed by iMaster NCE-Campus for the first time. If the AP device is not configured with the initial configuration or has been executed, the AP mode cannot be changed.

    Automatically negotiates the controller address

    When the function is enabled, the DHCP server of the current subnet automatically generates Option 148. Devices (switches or cloud-based APs) in the subnet can obtain the iMaster NCE-Campus address through Option 148 to register with iMaster NCE-Campus.

    Controller address type

    Type of the iMaster NCE-Campus address. The value can be an IP address or a domain name.

    If the iMaster NCE-Campus address is set to a domain name, ensure that the DNS function is configured on the live network to resolve the iMaster NCE-Campus domain name. Otherwise, devices fail to register with iMaster NCE-Campus.

    Automatically negotiates the WAC address

    When the function is enabled, the DHCP server of the current subnet automatically generates Option 43. Devices (Fit APs) in the subnet can obtain the WAC address through Option 43.

    NOTE:

    When there are Fit APs in the site, this item needs to be configured.

    WAC address

    Enter the WAC address, which is separated by newline characters.

  5. Device Configuration.

    On the One Config tab page, click the role icon of a device on the network and configure the device.

    When adding a device to a site, you can set the role of the device. The configuration varies according to device roles. The following figure shows configurations required for each device role.

    Table 5-430 Quick configuration features for different device roles

    Device Type

    Role

    Feature

    Reference

    AP

    AP

    Area, SSID, security authentication
    • Configure an SSID. An SSID is a network name displayed when a station (STA) connects to a wireless network. An authentication mode can be specified for each SSID to perform access control for STAs. An AP allows multiple SSIDs. For example, employees and guests use different SSIDs, and different authentication modes can be used. For details about how to configure an SSID, see Configuring an SSID.
    • Configure a security policy. To improve network security, you are advised to configure security policies to enhance the attack defense capability of APs. For details about how to configure a security policy, see Configuring Security Policies.

    FW

    Gateway

    Uplink, NAT, DNS, traffic policy, interface
    • For details about how to configure uplinks, NAT, and DNS, see Configuring a Network.
    • Configure a quintuple-based security policy (based on the source IP address, source port, destination IP address, destination port, and protocol) and a traffic policy to ensure security and control traffic. For details, see Configuring a Traffic Policy.
    • Configure a network interface on a firewall to ensure that it connects to a wired network. For details about how to configure a network interface, see Configuring Physical Interfaces.

    Gateway+Core

    Uplink, NAT, DNS, subnet, traffic policy, interface

    Core

    DNS, subnet, traffic policy, interface

    LSW

    Core

    Subnet, physical interface

    Aggregation

    Physical interface

    Access

    Physical interface

    AR

    Gateway

    Uplink link management, NAT, DNS

    For details about how to configure uplinks, NAT, DNS, and subnets, see Configuring a Network.

    Gateway+Core

    Uplink link management, NAT, DNS, subnet

  6. Check the configuration delivery result.

    Check whether the configurations are successfully delivered to devices on iMaster NCE-Campus web UI. For details, see Checking the Configuration Delivery Result.

Deployment of Site Interconnection

Context

CloudCampus Solution integrates the configuration and management models of LAN and WAN services on the campus network. In addition to configuring and managing LAN services for campus networks, this solution can also manage WAN interconnection services, implementing integrated configuration and management of LAN and WAN services.

This solution is applicable to deployment in EVPN tunnel mode in scenarios where site interconnection and Internet access need to be configured. ARs, firewalls, switches, and APs can be deployed.

Procedure

  1. Navigate to the page for deployment in site interconnection scenarios.

    1. Log in to iMaster NCE-Campus as a tenant administrator.
    2. Click Multi-Branch Interconnection in the Typical Scenario area.

  2. In the Global Configuration phase:

    • On the Physical Network tab page, set global parameters involved in tenant physical networks, including transport network parameters, IPSec encryption parameters, device activation security parameters, link failure detection parameters, and traffic steering policy parameters. For details, see Setting Global Parameters.
    • On the Virtual Network tab page, set global parameters involved in tenant virtual networks, including the AS number, address pool, and DNS. For details, see Setting Global Parameters.

  3. In the Site Management phase:

    • Create sites on the Site Management tab page. For details, see Create a Site.
    • View and set device deployment locations to plan wireless networks on the Floor tab page. For details, see Monitoring Sites.

  4. In the Device Management phase:

    • Add devices to sites on Device Manage tab page. For details, see Adding Devices.
    • Upload a network plan on the Network Planning Import tab page. After a network plan is imported, related information is automatically imported, improving manual configuration efficiency. For details, see Configuring a Network Plan.
    • Configure a management VLAN for a switch. For details, see Configuring a Management VLAN.

  5. In the Device Onboarding phase:

    • On the ZTP tab page, configure physical links on the WAN. This operation is mandatory for site deployment. After a site is configured or activated, you can add or delete WAN-side links. For details, see Configuring the Network Access Mode for a Site.
    • When adding multiple sites, configure the same gateway type, the same number of WAN links, and the same transport network for them on the WAN Link Template tab page. By customizing a site template, you can modularize repeated configuration information. When configuring a site, you can use the site template to automatically fill in the same configuration information, improving the configuration efficiency. A WAN link template is also a classification of sites. You can quickly search for a site by selecting a WAN link template. Once a WAN link template is used by a site, only the template name and description can be modified. Other parameters cannot be modified. Plan the data before creating a WAN link template. For details, see (Optional) Configuring a WAN-side Site Template.
    • On the WAN Underlay tab page, configure the WAN-side underlay network, including interfaces and routes. For details, see Configuring the Underlay Network.
    • On the RR tab page, associate an edge site with an RR if the EVPN tunnel mode is selected. For details, see Associating an Edge Site with an RR Site.

  6. In the VPN Configuration phase:

  7. In the Flow Policy phase:

Fabric Network

Context

To meet the requirements of multi-service convergence on a campus network, you can deploy and configure service-oriented virtual networks (VNs) on a single physical campus network using iMaster NCE-Campus.

Based on the LAN (including VXLAN and VLAN) technology, the following requirements can be met:
  • Multiple services share the same physical network, but are logically isolated. Mutual access control is implemented within a service.
  • Service configurations are automated. Configurations of VNs are delivered by iMaster NCE-Campus in a unified manner. You do not need to log in to devices to manually configure VNs.
  • End users can access VNs at any physical location on the campus network, implementing free mobility.
  • A large number of tenants can access the network. In addition, tenants are allowed to plan their own VNs, not limited by the physical network IP addresses or broadcast domains. In this way, network management is greatly simplified.

Currently, LAN-based VNs are applicable to large- and medium-sized campus networks in the CloudCampus Solution.

Procedure

  1. Navigate to the page for deployment in site interconnection scenarios.

    1. Log in to iMaster NCE-Campus as a tenant administrator.
    2. Click VXLAN in the Typical Scenario area.

  2. In the Site Management phase:

    • Create sites on the Site Management tab page. For details, see Create a Site.
    • View and set device deployment locations to plan wireless networks on the Floor tab page. For details, see Monitoring Sites.

  3. In the Device Management phase:

    • Add devices to sites on Device Manage tab page. For details, see Adding Devices.
    • Upload a network plan on the Network Planning Import tab page. After a network plan is imported, related information is automatically imported, improving manual configuration efficiency. For details, see Configuring a Network Plan.
    • Configure a management VLAN for a switch. For details, see Configuring a Management VLAN.

  4. In the Resource Pool phase:

    • Configuring fabric global resource pools: Before creating VNs, you need to configure global resources, including the resource pools of loopback interface IP addresses, VLANs, VNIs, and BDs. During VN creation, iMaster NCE-Campus automatically allocates resources from resource pools. For details, see Configuring a Fabric Global Resource Pool.
    • Configuring underlay automated resource pools: You can enable automated routing domain configuration to implement automatic deployment of the underlay network when creating fabrics, so that the underlay network can be configured automatically. iMaster NCE-Campus automatically allocates resources from the underlay automated resource pools to devices. For details, see Configuring an Underlay Automated Resource Pool.

  5. In the Fabric Management phase:

    After a physical underlay network is deployed, virtual Layer 2 or Layer 3 networks (overlay networks) are constructed over it. For details, see Fabric Management.

  6. In the VN Configuration phase:

    VNs are created based on a fabric network. A VN corresponds to a network tenant or a service. For details, see LAN-side Logical Network Management.

  7. In the Service Deployment phase:

    • A security group is a collection of communicating objects on the network. iMaster NCE-Campus authorizes specific security groups to users based on 5W1H conditions. Alternatively, administrators can specify users' IP addresses in security groups. Security groups are authorized to users through Huawei proprietary RADIUS attributes (Attribute 26 to Attribute 160). For details, see Configuring a Security Group.
    • Tenant administrators can define inter-group access control policies based on security groups and resource groups on the entire network. The policies are present in a policy control matrix. After a policy control matrix is configured, configure an inter-group access control policy from a source security group to a destination security group or resource group based on the policy control matrix. For details, see Configuring Inter-Group Policy Control.

Command Configuration Tool

Creating and Delivering Templates

Context

You can create and deliver a command template to configure services on SNMP-managed devices in batches.

The command configuration tool applies only to SNMP-managed devices, instead of cloud managed devices.

Procedure

  1. Log in to iMaster NCE-Campus as a tenant administrator and click Smart configuration tool on the homepage.

  2. Choose Template Deploy from the navigation pane.

    • Create a user template.
      1. Click New Template on the right.

        A tenant can create a maximum of 100 templates. A template is a set of configuration commands and can be used to configure same services for different devices in batches.

      2. Configure the template name, description, and commands to be delivered as needed.
        • The template content cannot exceed 200 lines.
        • Avoid delivering the reboot command. After a device restarts, iMaster NCE-Campus cannot check whether the command is successfully executed.
        • When using the command configuration tool to configure commands to be delivered, you need to consider the view of the commands to be executed. The quit command cannot be executed in the system view.
        • The protocol stack of iMaster NCE-Campus automatically executes some user interaction commands and you do not need to deliver these commands again. If the commands are repeatedly executed, the command execution will fail.
        • Templates can contain variables, which can be anonymized, to improve template reusability and security.
          • Variable format: ${Variable name}, for example, ${ipAddress}. ipAddress is used as the variable name. Users can set the value of ${ipAddress}.
          • If you need to anonymize key information, select Anonymize. Then, the system anonymizes the information based on the anonymization policy.
          • A variable name can contain digits and letters.

      3. After the configuration is complete, click Confirm.
        • You can view created templates in the template list and deliver template task configurations.

        • To modify command parameters in a template or the name of a template, click on the right of the template.
        • To delete a template, select the template and click on the right.
    • Deliver a configuration task.
      1. Select the template to be delivered and click on the right.
      2. On the parameter configuration page, you can modify command parameters. If you do not need to modify the parameters, click Next.

      3. On the device selection page, click Add to select the devices to which the template is to be delivered and click OK.

        To delete a device, select the device and click on the right or click Clear to deselect all devices.

      4. Click Next. The task configuration page is displayed.

      5. Configure the task name, task description, and task type as required.
        • If you need to deliver the configuration task immediately, select Run Immediately.
        • If you need to deliver the configuration task at a specified time, select Once and configure an execution time.
        • If you need to deliver the configuration task at a specified time within a specified period, select Periodic and configure an execution time.
      6. Click Deploy and select I have understood the consequence of the operation and confirm to perform the operation.
      7. Click OK to deliver the template.

Configuring a Command Delivery Task

Context

You can manage all delivery tasks on the Configuration Task page in a unified manner. For example, you can view and delete tasks, and modify, enable, or disable periodic tasks. You can also view historical task delivery records and modify commands to re-deliver failed tasks.

Procedure

  1. Log in to iMaster NCE-Campus as a tenant administrator and click Smart configuration tool on the homepage.

  2. Choose Deploy Tasks from the navigation pane.

    • Manage delivered tasks.
      1. For a configuration task that does not need to be executed, select the task and click Delete on the right.
      2. For a periodic configuration task, select the task and click Enable or Disable on the right to manage the task.
        • Each tenant can manage a maximum of 50 configuration tasks.
        • Only periodic configuration tasks can be enabled or disabled.
    • View configuration tasks.
      1. Click in the Operation column on the right to view details about a task.

      2. Click in the Operation column on the right to view the execution status and result of a task.

        A maximum of 20 delivery records can be saved for a task. If the number of delivery records exceeds 20, iMaster NCE-Campus deletes the earliest delivery record.

    • Modify configuration tasks.
      1. Click in the Operation column on the right to modify the task description, execution time, and devices to which the task needs to be delivered.
        • Modify task information.

          On the task modification page, you can modify the task description and execution time.

        • Modify the devices to which the task needs to be delivered.

          Operation

          Description

          Click Add or Clear.

          Manage a device.

          In the device list, click on the right.

          Modify configuration commands for the device.

          Click in the Operation column on the right.

          Delete a device.

          You can modify only scheduled and periodic tasks.

Translation
简体中文
Download
Updated: 2021-04-29

Document ID: EDOC1100141248

Views: 125297

Downloads: 509

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :