Context
On a large or midsize campus network, there are a large number of access terminals, which fall into various types, such as PCs, mobile phones, IP phones, printers, and IP cameras. This brings the difficulties in terminal management:
- The legacy network management system (NMS) can only display the IP and MAC addresses of access terminals. It cannot identify the type of each specific terminal, and therefore cannot manage network terminals in a refined manner.
- The administrator needs to manually configure different services and policies for different service terminals, so the service deployment is complex and operations are time-consuming.
To address these problems, Huawei iMaster NCE-Campus provides the terminal identification function. With this function, iMaster NCE-Campus can display terminal types and systems on the entire network, and collect statistics and display traffic based on terminal types. In addition, for dumb terminals that use MAC address authentication, such as IP phones, printers, and IP cameras, iMaster NCE-Campus implements automatic MAC address authentication and automatic policy provisioning, eliminating the need to manually add MAC accounts for each type of dumb terminals.
Configuration Tasks
Description
|
Operation Procedure
|
|---|
Configuring terminal identification (centralized gateway solution)
|
- Enable terminal identification on iMaster NCE-Campus.
- (Optional) Enable automatic terminal admission on iMaster NCE-Campus. This function must be enabled for automatic MAC address authentication.
- Enable terminal identification information reporting on network devices.
- For wired terminal identification: You can enable this function when creating a fabric (Creating a Fabric). If the DHCP option or mDNS mode is used for terminal identification, you need to enable DHCP snooping or mDNS snooping when creating a VN (Creating a VN). By default, after the terminal identification information reporting function is enabled on the fabric, DHCP snooping or mDNS snooping is enabled globally in the VN.
- For wireless terminal identification: Access the WAC's web system, and select the desired AP group. Under AP > AP System Profile > WMI Profile (Channel 1), select the options next to STA identification data report. If the DHCP option or mDNS mode is used for terminal identification, you need to enable IP learning or mDNS snooping in the VAP profile. The IP learning function is enabled by default.
|
Configuring terminal identification (distributed gateway solution)
|
- Enable terminal identification on iMaster NCE-Campus.
- (Optional) Enable automatic terminal admission on iMaster NCE-Campus. This function must be enabled for automatic MAC address authentication.
- Enable the terminal identification information reporting function on network devices. You can enable this function when creating a fabric (Creating a Fabric). If the DHCP option or mDNS mode is used for terminal identification, you also need to perform the following operations:
- When creating a VN (Creating a VN), enable DHCP snooping or mDNS snooping. By default, DHCP snooping or mDNS snooping is enabled globally in a VN.
- Log in to the web system of the WAC and enable IP learning or mDNS snooping in the VAP profile. The IP learning function is enabled by default.
|
Reference Links for iMaster NCE-Campus Operations
