Scribd
Upload
11 views

00-2 Contents

huawei

Uploaded by

rudy wang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

00-2 Contents

huawei

Uploaded by

rudy wang
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

CloudCampus Solution

Design and Deployment Guide Deployment Guide


for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

Contents

1 Project Information Collection Before Deployment........................................................1


2 Solution Design......................................................................................................................17
2.1 Network Architecture Design............................................................................................................................................17
2.1.1 Network Topology............................................................................................................................................................. 17
2.1.2 Egress Network Architecture......................................................................................................................................... 19
2.1.3 Hierarchical Architecture of the Intranet.................................................................................................................. 20
2.2 Network Management Zone Design.............................................................................................................................. 23
2.2.1 Networking Design........................................................................................................................................................... 23
2.2.2 Server and Gateway Interconnection Design...........................................................................................................24
2.2.3 Design for Communication Between the Network Management Zone and Campus Intranet..............25
2.3 Basic Network Service Design.......................................................................................................................................... 27
2.3.1 VLAN Design....................................................................................................................................................................... 27
2.3.2 IP Address Design.............................................................................................................................................................. 29
2.3.3 DHCP Design....................................................................................................................................................................... 31
2.3.4 Gateway Design................................................................................................................................................................. 31
2.3.5 Routing Design................................................................................................................................................................... 32
2.4 Wireless Network Service Design.................................................................................................................................... 34
2.4.1 Suggestions on WLAN Planning...................................................................................................................................34
2.4.2 Network Architecture Design........................................................................................................................................ 34
2.4.3 AP Management Design................................................................................................................................................. 36
2.4.4 Radio Management Design........................................................................................................................................... 38
2.4.5 SSID Design......................................................................................................................................................................... 39
2.4.6 Roaming Design................................................................................................................................................................. 40
2.4.7 Wireless Location Design................................................................................................................................................ 42
2.5 Egress Network Service Design........................................................................................................................................ 45
2.5.1 Security Zone Design........................................................................................................................................................45
2.5.2 Egress Route Design......................................................................................................................................................... 47
2.5.3 Security Policy Design...................................................................................................................................................... 49
2.5.4 NAT Design.......................................................................................................................................................................... 50
2.6 Network QoS Design........................................................................................................................................................... 51
2.6.1 QoS Requirement Survey................................................................................................................................................ 51
2.6.2 Traffic Classification Design........................................................................................................................................... 52
2.6.3 QoS Scheduling Policy Design.......................................................................................................................................54

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. ii


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

2.6.3.1 QoS Scheduling Policy Design for Wired Networks........................................................................................... 54


2.6.3.2 QoS Scheduling Policy Design for WLANs............................................................................................................ 55
2.6.3.3 Recommended Scheduling Policy Suggestions.................................................................................................... 56
2.6.4 Intelligent HQoS Design................................................................................................................................................. 57
2.6.4.1 HQoS Solution Overview............................................................................................................................................. 57
2.6.4.2 Planning of VIP Users and Applications ................................................................................................................58
2.6.4.3 Design of Customized Applications......................................................................................................................... 59
2.6.4.4 Design of Application Scheduling Templates....................................................................................................... 59
2.6.4.5 Design Precautions........................................................................................................................................................ 61
2.7 Network Reliability Design................................................................................................................................................ 61
2.7.1 Device Reliability................................................................................................................................................................61
2.7.1.1 Switch Reliability............................................................................................................................................................ 61
2.7.1.2 WAC Reliability............................................................................................................................................................... 63
2.7.1.3 Firewall Reliability.......................................................................................................................................................... 64
2.7.2 Link Reliability.................................................................................................................................................................... 64
2.8 Network Security Design.................................................................................................................................................... 65
2.8.1 Egress Network Security Design...................................................................................................................................65
2.8.2 Intranet Security Design.................................................................................................................................................. 66
2.8.2.1 Core Layer......................................................................................................................................................................... 66
2.8.2.2 Aggregation Layer......................................................................................................................................................... 67
2.8.2.3 Wired Access Layer........................................................................................................................................................ 67
2.8.2.4 Wireless Access Layer................................................................................................................................................... 68
2.8.3 Network Admission Security Design........................................................................................................................... 71
2.8.3.1 Overall Admission Control Design........................................................................................................................... 71
2.8.3.2 Admission Authentication Mode Selection........................................................................................................... 74
2.8.3.3 Policy Control Solution Design.................................................................................................................................. 74
2.8.3.3.1 Traditional NAC Solution Design........................................................................................................................... 75
2.8.3.3.2 Free Mobility Solution Design................................................................................................................................ 76
2.8.3.4 Terminal Admission Security Design....................................................................................................................... 79
2.8.3.4.1 Terminal Identification Method Design.............................................................................................................. 79
2.8.3.4.2 Terminal Admission Policy Design........................................................................................................................ 81
2.8.4 Intelligent Security Collaboration Design................................................................................................................. 83
2.9 Network Deployment Design........................................................................................................................................... 84
2.9.1 Deployment Configuration Modes.............................................................................................................................. 84
2.9.2 Management Network Provisioning Design............................................................................................................ 86
2.9.3 Time Sequence Differences Between Deployment and Planning.....................................................................90
2.10 Network O&M Design...................................................................................................................................................... 91
2.10.1 Basic Network O&M...................................................................................................................................................... 91
2.10.2 Intelligent Network O&M............................................................................................................................................ 92
2.10.2.1 Overview of Intelligent O&M.................................................................................................................................. 92
2.10.2.2 Intelligent O&M Solution Architecture.................................................................................................................92
2.10.2.3 Deployment Design of the Intelligent O&M Solution.................................................................................... 96

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. iii


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

2.10.2.4 Precautions for Intelligent O&M Design..............................................................................................................96

3 Deployment Process..............................................................................................................97
4 Deployment Guide................................................................................................................ 98
4.1 Installation Guide..................................................................................................................................................................98
4.1.1 Server and Software Installation..................................................................................................................................98
4.1.1.1 Installing iMaster NCE-Campus................................................................................................................................ 98
4.1.1.2 Installing iMaster NCE-CampusInsight................................................................................................................... 99
4.1.1.3 Installing the CloudCampus APP............................................................................................................................ 100
4.1.2 Network Device Installation........................................................................................................................................ 100
4.1.2.1 Installing a WAC.......................................................................................................................................................... 100
4.1.2.2 Installing an AP............................................................................................................................................................ 101
4.1.2.3 Installing a Switch....................................................................................................................................................... 101
4.1.2.4 Installing a Firewall..................................................................................................................................................... 101
4.1.2.5 Installing a Router....................................................................................................................................................... 102
4.1.3 Activating a License........................................................................................................................................................102
4.2 Site Creation......................................................................................................................................................................... 106
4.2.1 Creating Administrator Accounts...............................................................................................................................106
4.2.2 Creating a Site.................................................................................................................................................................. 113
4.2.3 Adding a Stack................................................................................................................................................................. 114
4.2.4 Adding a WAC Group.................................................................................................................................................... 115
4.2.5 Configuring a Network Plan....................................................................................................................................... 118
4.2.6 Configuring Device Management............................................................................................................................. 119
4.2.6.1 Configuring the Core Switch to Be Managed by the Controller................................................................. 119
4.2.6.2 Configuring the WAC to Be Managed by the Controller............................................................................... 120
4.2.6.3 Configuring Aggregation and Access Switches to Be Managed by the Controller............................... 122
4.2.7 Configuring a Physical Link......................................................................................................................................... 124
4.3 Subnet and Interface Configuration............................................................................................................................ 124
4.4 Route Configuration.......................................................................................................................................................... 126
4.5 WLAN Configuration......................................................................................................................................................... 126
4.5.1 Bringing a Fit AP Online on the WAC...................................................................................................................... 127
4.5.2 Delivering Authentication Profiles to the WAC (Native WAC)....................................................................... 129
4.5.3 Creating Authentication Profiles After Logging In to the WAC...................................................................... 130
4.5.4 Configuring WLAN Services......................................................................................................................................... 137
4.6 Egress Network Deployment.......................................................................................................................................... 140
4.6.1 Configuring Interfaces and Security Zones............................................................................................................ 140
4.6.2 Configuring Intelligent Traffic Steering...................................................................................................................144
4.6.3 Configuring HSB on Firewalls..................................................................................................................................... 147
4.6.4 Configuring Routes......................................................................................................................................................... 150
4.6.5 Configuring the NAT Service....................................................................................................................................... 151
4.7 Access Control Configuration......................................................................................................................................... 154
4.7.1 Configuring Authentication Control Points............................................................................................................ 154
4.7.1.1 Configuring an Authentication Control Point for Wired Access (Using Commands).......................... 154

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. iv


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

4.7.1.2 Configuring an Authentication Control Point for Wired Access (Using iMaster NCE-Campus)...... 157
4.7.1.3 Configuring the Authentication Control Point for Wireless Access............................................................ 159
4.7.2 Configuring Free Mobility............................................................................................................................................ 159
4.7.2.1 Configuring Security Groups.................................................................................................................................... 159
4.7.2.2 Configuring Resource Groups.................................................................................................................................. 159
4.7.2.3 Configuring Policy Control........................................................................................................................................160
4.7.2.4 Configuring IP-Security Group Entry Subscription........................................................................................... 160
4.7.3 Configuring User Access and Authentication........................................................................................................ 161
4.7.3.1 Adding Users................................................................................................................................................................. 161
4.7.3.2 Configuring Authentication Rules.......................................................................................................................... 161
4.7.3.3 Configuring Authorization Results and Authorization Rules........................................................................162
4.7.4 Configuring Terminal Identification.......................................................................................................................... 163
4.7.5 Configuring the Function of Synchronizing Accounts from AD/LDAP Servers.......................................... 164
4.8 Security Settings................................................................................................................................................................. 165
4.8.1 Configuring Egress Network Security...................................................................................................................... 165
4.8.2 Configuring Intranet Security......................................................................................................................................167
4.9 QoS Configuration............................................................................................................................................................. 168
4.9.1 Configuring Traditional QoS Functions................................................................................................................... 168
4.9.2 Configuring Intelligent HQoS..................................................................................................................................... 169
4.10 O&M Deployment............................................................................................................................................................ 170
4.10.1 Enabling the Function of Reporting Data to iMaster NCE-Campus........................................................... 170
4.10.2 Configuring Intelligent O&M.................................................................................................................................... 173

5 iMaster NCE-Campus Operation Reference..................................................................178


5.1 Configuration Constraints and Precautions...............................................................................................................178
5.2 System Administrator Configuration........................................................................................................................... 180
5.2.1 Initial Configuration....................................................................................................................................................... 180
5.2.1.1 Logging in to and Configuring the License Mode............................................................................................180
5.2.1.2 Managing System Administrator Accounts........................................................................................................ 185
5.2.1.3 Creating an MSP and the MSP Administrator................................................................................................... 200
5.2.1.4 Managing Licenses...................................................................................................................................................... 206
5.2.1.4.1 Obtaining License Files...........................................................................................................................................208
5.2.1.4.2 Managing Licenses (Global Perpetual Mode)................................................................................................ 212
5.2.1.4.3 Managing Licenses (Global Subscription Mode + License Redistribution Disabled)........................215
5.2.1.4.4 Managing Licenses (Global Subscription Mode+License Redistribution Enabled)............................220
5.2.1.5 Supplementary Tasks..................................................................................................................................................226
5.2.1.5.1 Managing the Device Whitelist........................................................................................................................... 226
5.2.1.5.2 Configuring a Map URL......................................................................................................................................... 228
5.2.1.5.3 Configuring the Registration Center.................................................................................................................. 234
5.2.1.5.4 Configuring an Email Server................................................................................................................................ 236
5.2.1.5.5 Configuring an SMS Server................................................................................................................................... 239
5.2.1.5.6 Configuring Interconnection with a Syslog Server....................................................................................... 249
1. Importing the Syslog Server Trust Certificate............................................................................................................. 249

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. v


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

2. Configuring Syslog................................................................................................................................................................250
5.2.1.5.7 Configuring Two-Factor Authentication........................................................................................................... 253
5.2.2 Configuring Interconnection with iMaster NCE-CampusInsight.....................................................................255
5.3 MSP Administrator Configuration................................................................................................................................ 262
5.3.1 Initial Configuration....................................................................................................................................................... 262
5.3.1.1 Logging In to iMaster NCE-Campus as an MSP Administrator................................................................... 262
5.3.1.2 Creating a Root Tenant..............................................................................................................................................265
5.3.1.3 Managing Licenses...................................................................................................................................................... 272
5.3.1.3.1 Managing Licenses in Global Subscription Mode with License Redistribution Enabled..................274
1. Allocating Licenses (Global Subscription Mode + License Redistribution Enabled)...................................... 274
5.3.1.3.2 Managing Licenses in Tenant Subscription Mode with License Redistribution Enabled................. 278
1. Applying for a License......................................................................................................................................................... 278
2. Splitting a License................................................................................................................................................................. 279
3. Activating and Allocating a License (Tenant Subscription Mode + License Redistribution Enabled)......283
5.3.1.4 Supplementary Tasks..................................................................................................................................................289
5.3.1.4.1 Managing MSP Administrator Accounts.......................................................................................................... 289
5.3.1.4.2 Configuring an Email Server................................................................................................................................ 304
5.3.1.4.3 Configuring an SMS Server................................................................................................................................... 307
5.3.1.4.4 Configuring Two-Factor Authentication........................................................................................................... 313
5.3.2 Tenant Service Configuration (MSP-Managed O&M)........................................................................................ 315
5.3.2.1 Authorizing an MSP to Maintain Tenant Services............................................................................................315
5.3.2.2 (Optional) Accessing the View for Managing Services for a Tenant......................................................... 316
5.3.2.3 Configuring Tenant Networks................................................................................................................................. 317
5.4 Tenant Administrator Configuration............................................................................................................................ 317
5.4.1 Initial Configuration....................................................................................................................................................... 317
5.4.1.1 Logging In to iMaster NCE-Campus as a Tenant Administrator................................................................. 317
5.4.1.2 Configuring Account Policies and Password Policies.......................................................................................321
5.4.1.3 Creating a User Role................................................................................................................................................... 325
5.4.1.4 Creating a Sub-Tenant Administrator Account.................................................................................................. 327
5.4.1.5 License Management................................................................................................................................................. 342
5.4.1.5.1 Viewing License Information (Global Subscription Mode + License Redistribution Enabled)...... 344
5.4.1.5.2 Viewing License Information (Tenant Subscription Mode + License Redistribution Enabled)......345
5.4.1.5.3 Activating and Authorizing Licenses (Tenant Subscription Mode + License Redistribution
Disabled)...................................................................................................................................................................................... 346
5.4.1.6 Configuring the Tunnel Mode................................................................................................................................. 352
5.4.1.7 Supplementary Tasks..................................................................................................................................................352
5.4.1.7.1 Configuring an SMS Server................................................................................................................................... 352
5.4.1.7.2 Configuring Interconnection with a Syslog Server....................................................................................... 358
1. Importing the Syslog Server Trust Certificate............................................................................................................. 358
2. Configuring a Syslog Server.............................................................................................................................................. 359
5.4.1.7.3 Configuring Interconnection with a DNS Server........................................................................................... 369
5.4.1.7.4 Configuring a Mobile Number and SMS Authentication for Two-Factor Authentication.............. 370
5.4.2 Synchronizing Data to iMaster NCE-CampusInsight.......................................................................................... 372

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. vi


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

5.4.3 Network Design............................................................................................................................................................... 373


5.4.3.1 Setting Global Parameters........................................................................................................................................373
5.4.3.2 Creating a Site.............................................................................................................................................................. 384
5.4.3.3 Adding Devices............................................................................................................................................................. 391
5.4.3.3.1 Context......................................................................................................................................................................... 391
5.4.3.3.2 Adding Cloud Managed Devices......................................................................................................................... 395
5.4.3.3.3 Adding SNMP-Managed Network Devices......................................................................................................400
5.4.3.3.4 Adding SNMP-Managed PON Devices..............................................................................................................408
1. Configuring SNMP Parameters on Devices.................................................................................................................. 408
2. Adding an OLT....................................................................................................................................................................... 409
3. Configuring a Type B Dual-Homing Protection Group............................................................................................ 412
4. Configuring a Type C Dual-Homing Protection Group............................................................................................ 416
5.4.3.3.5 Creating a Stack........................................................................................................................................................420
5.4.3.3.6 Creating a WAC Group........................................................................................................................................... 424
5.4.3.3.7 Creating an Automatic Discovery Task............................................................................................................. 425
5.4.3.3.8 AP Grouping Recommendations......................................................................................................................... 426
5.4.3.4 Configuring a Network Plan.................................................................................................................................... 429
5.4.3.5 Configuring a LAN Resource Pool.......................................................................................................................... 430
5.4.3.6 Configuring a Fabric Global Resource Pool........................................................................................................ 431
5.4.3.7 Configuring an Underlay Automated Resource Pool...................................................................................... 434
5.4.3.8 Template Management............................................................................................................................................. 438
5.4.3.8.1 Configuring an SNMP Template......................................................................................................................... 438
5.4.3.8.2 Customizing a Policy Template........................................................................................................................... 441
1. ACL Template......................................................................................................................................................................... 441
2. Dynamic ACL Template...................................................................................................................................................... 443
3. URL Category Template...................................................................................................................................................... 444
4. RADIUS Server Template.................................................................................................................................................... 445
5. HWTACACS Server Template............................................................................................................................................ 449
6. Portal Server Template........................................................................................................................................................450
7. URL Template......................................................................................................................................................................... 452
8. RADIUS Relay Server............................................................................................................................................................453
9. Authentication Template.................................................................................................................................................... 457
10. Configuring a Security Profile........................................................................................................................................ 459
11. Bypass Policy Template.................................................................................................................................................... 470
12. Traffic Classifier Template............................................................................................................................................... 471
13. Traffic Behavior Template............................................................................................................................................... 473
14. Custom Application........................................................................................................................................................... 474
15. Application Scheduling Template................................................................................................................................. 475
16. Traffic Template.................................................................................................................................................................. 475
17. MxU Configuration Template......................................................................................................................................... 476
18. Voice User Configuration................................................................................................................................................. 478
19. 802.1X Configuration........................................................................................................................................................ 480

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. vii


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

20. Configuring a Signature................................................................................................................................................... 482


21. IGMP Snooping Template................................................................................................................................................ 484
5.4.3.9 Configuring a Device Configuration Template.................................................................................................. 487
5.4.3.10 Configuring a Site Template.................................................................................................................................. 490
5.4.3.10.1 Configuring a LAN-side Site Template........................................................................................................... 490
5.4.3.10.2 (Optional) Configuring a WAN-side Site Template................................................................................... 525
5.4.3.11 Configuring a Physical Interface.......................................................................................................................... 532
5.4.3.12 Configuring the Network Access Mode for a Site......................................................................................... 536
5.4.3.13 Configuring Time Synchronization for a Site...................................................................................................545
5.4.3.14 Associating an Edge Site with an RR Site......................................................................................................... 548
5.4.3.15 Viewing the Device Topology................................................................................................................................ 550
5.4.3.16 Managing Links......................................................................................................................................................... 551
5.4.3.16.1 Overview................................................................................................................................................................... 552
5.4.3.16.2 Discovering a Link................................................................................................................................................. 552
5.4.3.16.3 Creating a Link........................................................................................................................................................552
5.4.3.16.4 Configuring a Link................................................................................................................................................. 554
5.4.3.16.5 Viewing the Links...................................................................................................................................................555
5.4.4 Site Deployment for WAN Services.......................................................................................................................... 555
5.4.4.1 Deployment Process................................................................................................................................................... 556
5.4.4.2 Quick Deployment.......................................................................................................................................................558
5.4.4.3 Email-based Deployment..........................................................................................................................................565
5.4.4.3.1 (Optional) Configuring an Email Template.................................................................................................... 565
5.4.4.3.2 Deploying a Site by Email..................................................................................................................................... 567
5.4.4.4 USB-based Deployment............................................................................................................................................ 572
5.4.4.5 DHCP-based Deployment......................................................................................................................................... 576
5.4.4.6 Deployment Through the Registration Center.................................................................................................. 581
5.4.4.7 Checking the Deployment Result........................................................................................................................... 582
5.4.5 App Deployment............................................................................................................................................................. 582
5.4.5.1 Download CloudCampus APP................................................................................................................................. 582
5.4.5.2 Using the CloudCampus APP................................................................................................................................... 583
5.4.6 Admission Configuration.............................................................................................................................................. 583
5.4.6.1 Authentication and Authorization Management............................................................................................. 583
5.4.6.1.1 Configuration Guide in Typical Scenarios........................................................................................................ 583
5.4.6.1.2 Configuring User Access Without Authentication........................................................................................ 584
5.4.6.1.3 Password Authentication....................................................................................................................................... 585
1. Configuring PSK-based User Access............................................................................................................................... 585
2. Configuring PPSK-based User Access............................................................................................................................. 586
5.4.6.1.4 Portal Authentication..............................................................................................................................................589
1. Configuration Task Overview............................................................................................................................................589
2. (Optional) Configuring an Account for an End User............................................................................................... 594
1. Configuring a User and User Group............................................................................................................................... 594
2. (Optional) Attaching a Role to an Account.................................................................................................................603

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. viii


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

3. Setting Basic Parameters.................................................................................................................................................... 604


3. (Optional) Connecting to Third-Party Platforms....................................................................................................... 612
1. Configuring an Email Server............................................................................................................................................. 612
2. Configuring an SMS Server............................................................................................................................................... 616
4. (Optional) Enabling the HTTP Port................................................................................................................................ 622
5. (Optional) Enabling the Port for Outdated Device Certificates........................................................................... 623
6. (Optional) Customizing a Portal Page Pushed to End Users................................................................................ 624
1. Importing a Customized Page Using a Template...................................................................................................... 625
2. Customizing a Portal Page................................................................................................................................................ 626
3. Configuring a Language Template................................................................................................................................. 633
4. Example for Portal Page Customization....................................................................................................................... 635
7. Configuring a Portal Page Pushing Policy.................................................................................................................... 640
8. (Optional) Configuring an Online User Control Policy............................................................................................642
9. (Optional) Configuring a Portal Server Template..................................................................................................... 648
10. (Optional) Configuring a RADIUS Server Template............................................................................................... 649
11. Configuring an Authentication Point........................................................................................................................... 653
12. Configuring an Authentication Rule............................................................................................................................ 660
13. Configuring an Authorization Result........................................................................................................................... 675
14. Configuring an Authorization Rule.............................................................................................................................. 679
5.4.6.1.5 Multi-Network Portal Authentication............................................................................................................... 689
5.4.6.1.6 802.1X Authentication............................................................................................................................................ 692
1. Configuring a User Group and User............................................................................................................................... 692
2. (Optional) Attaching a Role to an Account.................................................................................................................698
3. Setting Basic Parameters.................................................................................................................................................... 699
4. (Optional) Configuring an Online User Control Policy............................................................................................707
5. (Optional) Configuring a Policy Element..................................................................................................................... 713
6. Configuring a RADIUS Template..................................................................................................................................... 717
7. Configuring an Authentication Point............................................................................................................................. 721
8. Configuring an Authentication Rule...............................................................................................................................725
9. Configuring an Authorization Result............................................................................................................................. 740
10. Configuring an Authorization Rule.............................................................................................................................. 744
5.4.6.1.7 MAC Address Authentication............................................................................................................................... 754
1. Creating a MAC Account.................................................................................................................................................... 754
2. (Optional) Attaching a Role to an Account.................................................................................................................757
3. Configuring a RADIUS Server Template........................................................................................................................ 758
4. (Optional) Configuring an Online User Control Policy............................................................................................761
5. Configuring an Authentication Point............................................................................................................................. 767
6. Configuring an Authentication Rule...............................................................................................................................771
7. Configuring an Authorization Result............................................................................................................................. 785
8. Configuring an Authorization Rule................................................................................................................................. 789
5.4.6.1.8 PSK+MAC Address Authentication..................................................................................................................... 798
5.4.6.1.9 Two-Factor Authentication................................................................................................................................... 802

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. ix


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

1. Overview.................................................................................................................................................................................. 803
2. Authentication by Using Username and Password and SMS Verification Code............................................. 803
3. Portal Authentication by Using Username and Password and RADIUS Token............................................... 806
4. Two-Factor Authentication Using an SSL VPN-Enabled Firewall......................................................................... 809
5.4.6.1.10 iMaster NCE-Campus as a Relay Agent......................................................................................................... 811
1. Enabling the RADIUS Port................................................................................................................................................. 811
2. Portal Authentication.......................................................................................................................................................... 812
1. Connecting to a Third-Party Portal Server in API Mode......................................................................................... 812
1. Configuring a Portal Page Pushing Rule....................................................................................................................... 812
2. Configuring an Authentication Point............................................................................................................................. 814
3. Configuring an Authorization Result............................................................................................................................. 815
4. Configuring an Authorization Rule................................................................................................................................. 819
2. Connecting to a Third-Party Portal Server via a RADIUS Relay Agent.............................................................. 829
1. Configuring a Portal Page Pushing Rule....................................................................................................................... 829
2. Configuring a RADIUS Relay Template......................................................................................................................... 831
3. Configuring an Authentication Point............................................................................................................................. 835
3. RADIUS Authentication....................................................................................................................................................... 836
1. Configuring a RADIUS Relay Template......................................................................................................................... 836
2. Configuring an Authentication Point............................................................................................................................. 840
3. Configuring an Authentication Rule...............................................................................................................................841
5.4.6.1.11 Interconnection with a Third-Party Authentication Server..................................................................... 851
1. Connecting to a Portal Server.......................................................................................................................................... 852
1. Configuring a Third-Party Portal Template..................................................................................................................852
2. Configuring a Third-Party RADIUS Template.............................................................................................................. 853
3. Configuring an Authentication Point............................................................................................................................. 857
2. Connecting to a RADIUS Server....................................................................................................................................... 858
1. Configuring a Third-Party RADIUS Template.............................................................................................................. 858
2. Configuring an Authentication Point............................................................................................................................. 862
5.4.6.1.12 HWTACACS Authentication................................................................................................................................ 862
1. Overview.................................................................................................................................................................................. 863
2. Configuring a User Account.............................................................................................................................................. 866
3. Configuring an Authentication Rule...............................................................................................................................871
4. Configuring a Shell Profile and a Command Set....................................................................................................... 874
5. Configuring an Authorization Rule................................................................................................................................. 878
6. Configuring an Admission Device................................................................................................................................... 881
5.4.6.1.13 Device Administrator Authentication..............................................................................................................886
1. Overview.................................................................................................................................................................................. 887
2. Configuring a User and User Group............................................................................................................................... 887
3. (Optional) Attaching a Role to an Account.................................................................................................................892
4. Setting Basic Parameters.................................................................................................................................................... 893
5. Configuring an Authentication Rule...............................................................................................................................901
6. Configuring an Authorization Result............................................................................................................................. 915

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. x


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

7. Configuring an Authorization Rule................................................................................................................................. 918


8. Configuring a RADIUS Template..................................................................................................................................... 927
9. Configuring an Access Control Device........................................................................................................................... 931
5.4.6.1.14 Secure Access for IoT Access Control Terminals..........................................................................................935
1. Overview.................................................................................................................................................................................. 936
2. Configuring Interconnection with Intelligent Access Platform............................................................................. 938
3. Configuring MAC Address + 802.1X Mixed Authentication....................................................................................939
1. Configuring MAC Address Authentication................................................................................................................... 939
2. Configuring 802.1X Authentication................................................................................................................................ 951
3. Configuring an Authentication Point............................................................................................................................. 965
4. Terminal Management........................................................................................................................................................969
5.4.6.1.15 Configuring Secure Access for Cellular Network Terminals (IoT).........................................................971
1. Overview.................................................................................................................................................................................. 971
2. Configuring Interconnection with the SMF on the Core Network.......................................................................974
3. Managing Terminals............................................................................................................................................................ 975
4. Configuring an Authentication Rule and an Authorization Rule for Cellular Network Terminal Access
......................................................................................................................................................................................................... 978
5. (Optional) Configuring Interconnection with an MSCG......................................................................................... 980
1. Configuring Online Behavior Management.................................................................................................................980
2. Configuring IP-Security Group Entry Synchronization............................................................................................. 984
6. Viewing Online Users.......................................................................................................................................................... 985
5.4.6.2 Guest Management.................................................................................................................................................... 986
5.4.6.2.1 Configuring a Guest Administrator.................................................................................................................... 986
5.4.6.2.2 Configuring Guest Access Through Self-Registered Accounts.................................................................. 990
5.4.6.2.3 Configuring Guest Access Through One-Click Authentication by Account, Email Address, or
Mobile Number.......................................................................................................................................................................... 996
5.4.6.2.4 Configuring Guest Access Using a Public QR Code...................................................................................... 999
5.4.6.2.5 Configuring Guest Access Using Accounts Created by Administrators............................................... 1004
5.4.6.2.6 Configuring Guest Access Using a Facebook Account.............................................................................. 1018
5.4.6.2.7 Configuring Guest Access Using a Twitter Account................................................................................... 1026
5.4.6.2.8 Configuring Guest Access Through One-Click WeChat Portal Authentication................................ 1035
5.4.6.2.9 Configuring Guests to Obtain an Authentication URL by Following a WeChat Official Account
(Editing Mode)......................................................................................................................................................................... 1040
5.4.6.2.10 Configuring Guests to Obtain an Authentication URL by Following a WeChat Official Account
(in Developer Mode).............................................................................................................................................................. 1051
1. Overview................................................................................................................................................................................ 1051
2. Setting Up a WeChat Official Accounts Platform Server Using the PHP Application................................ 1056
3. Binding a WeChat Official Account to the Enterprise WeChat Official Accounts Platform Server........1060
4. Setting Parameters for Connecting the Enterprise WeChat Official Accounts Platform Server to iMaster
NCE-Campus............................................................................................................................................................................. 1065
5. Configuring iMaster NCE-Campus............................................................................................................................... 1069
6. Appendix - Secondary Development of the WeChat Official Accounts Platform........................................ 1074
1. WeChat Authentication Information Management............................................................................................... 1074
2. Configuring an Encryption Key...................................................................................................................................... 1075

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xi


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

3. Encrypting Authentication Information...................................................................................................................... 1075


5.4.6.2.11 Configuring Guest Access Through QR Code Scanning Using the WeChat APP via Wi-Fi........ 1076
5.4.6.3 Account Blacklist Management............................................................................................................................1082
5.4.6.4 CA Management........................................................................................................................................................1084
5.4.6.4.1 Overview................................................................................................................................................................... 1084
5.4.6.4.2 Third-Party CA Management.............................................................................................................................1085
1. Deploying a Third-party CA Server.............................................................................................................................. 1085
2. Configuring a CA Certificate Policy.............................................................................................................................. 1092
3. (Optional) Configuring CRL Synchronization........................................................................................................... 1099
4. (Optional) Uploading a CRL File................................................................................................................................... 1100
5. Configuring an OCSP Server........................................................................................................................................... 1101
6. Configuring an SCEP Server............................................................................................................................................ 1104
5.4.6.4.3 Built-in CA Management.................................................................................................................................... 1106
1. Configuring a Certificate Profile.................................................................................................................................... 1106
2. Checking the CMP Protocol Information....................................................................................................................1117
3. Configuring Request Verification.................................................................................................................................. 1118
4. Configuring CA Interconnection.................................................................................................................................... 1119
5. (Optional) Configuring a CRL Server...........................................................................................................................1121
6. (Optional) Interworking with a CRL Server.............................................................................................................. 1124
7. Configuring a CA Certificate Policy.............................................................................................................................. 1126
5.4.6.5 Boarding Configuration........................................................................................................................................... 1130
5.4.6.5.1 Application Scenarios and Fundamentals..................................................................................................... 1131
5.4.6.5.2 Configuring the Boarding Function (Single-SSID Scenario)................................................................... 1140
5.4.6.5.3 Configuring the Boarding Function (Dual-SSID Scenario)...................................................................... 1149
5.4.6.6 AD/LDAP Synchronization...................................................................................................................................... 1155
5.4.6.6.1 Overview................................................................................................................................................................... 1155
5.4.6.6.2 Synchronization by OU for the AD/LDAP Server........................................................................................ 1164
5.4.6.6.3 Synchronization by Group for the AD Server (Organization Structure Is Described by OU)...... 1187
5.4.6.6.4 Synchronization by Group for the AD Server (Organization Structure Is Described by Group) 1207
5.4.6.6.5 Synchronization by Group for the LDAP Server.......................................................................................... 1224
5.4.6.6.6 Synchronization by Plane Structure or User-defined Synchronization................................................1242
5.4.6.6.7 Synchronization by Conditions.......................................................................................................................... 1263
5.4.6.6.8 Configuring Non-Synchronization....................................................................................................................1283
5.4.6.7 Authentication Using a RADIUS Token Server................................................................................................ 1300
5.4.6.8 Authentication Using a Third-Party HTTP Server.......................................................................................... 1309
5.4.6.9 Authentication Using a Third-Party Database................................................................................................ 1315
5.4.6.10 SSO Through Interconnection with AD FS..................................................................................................... 1323
5.4.6.11 Configuring Online Behavior Management.................................................................................................. 1334
5.4.6.12 Configuring a RADIUS Accounting Device..................................................................................................... 1345
5.4.6.13 Managing Admission Devices............................................................................................................................. 1347
5.4.6.14 Region Management............................................................................................................................................. 1353
5.4.6.14.1 Configuring a Region and Binding Devices to the Region.................................................................... 1354

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xii


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

5.4.6.14.2 Configuring a Regional Roaming Policy...................................................................................................... 1356


5.4.6.15 Terminal Management......................................................................................................................................... 1357
5.4.6.15.1 Overview................................................................................................................................................................ 1358
5.4.6.15.2 Configuring Terminal Identification.............................................................................................................. 1360
5.4.6.15.3 Configuring Terminal Management..............................................................................................................1366
5.4.6.16 MDM Interconnection........................................................................................................................................... 1373
5.4.6.16.1 Overview................................................................................................................................................................ 1373
5.4.6.16.2 Interconnecting with an MDM System (Ivanti)........................................................................................ 1376
5.4.6.16.3 Authorizing Mobile Devices by the MDM Status..................................................................................... 1384
5.4.6.17 Appendix.................................................................................................................................................................... 1385
5.4.6.17.1 Configuring the Standard 802.1X client Provided by the Operating System..................................1385
1. Configuring Wireless 802.1X Authentication............................................................................................................ 1385
1. Microsoft Windows 7........................................................................................................................................................ 1386
2. Microsoft Windows 8........................................................................................................................................................ 1387
3. Microsoft Windows 10...................................................................................................................................................... 1389
4. MAC......................................................................................................................................................................................... 1391
5. iOS........................................................................................................................................................................................... 1391
6. Android................................................................................................................................................................................... 1391
2. Configuring Wired 802.1X Authentication................................................................................................................. 1392
1. Microsoft Windows 7........................................................................................................................................................ 1392
2. Microsoft Windows 8........................................................................................................................................................ 1395
3. Microsoft Windows 10...................................................................................................................................................... 1396
5.4.6.17.2 EAP-GTC Plug-In.................................................................................................................................................. 1397
1. Overview................................................................................................................................................................................ 1397
2. Installing the EAP-GTC Plug-In...................................................................................................................................... 1397
3. Using EAP-GTC for 802.1X Authentication................................................................................................................ 1399
4. Log........................................................................................................................................................................................... 1404
5. Uninstalling the EAP-GTC Plug-In................................................................................................................................ 1404
5.4.6.17.3 Association Between the iMaster NCE-Campus and a Third-Party Online Behavior Management
Device to Implement SSO.................................................................................................................................................... 1406
1. SSO Overview...................................................................................................................................................................... 1406
1. Packet Exchange Process Between the iMaster NCE-Campus and a Third-Party Online Behavior
Management Device.............................................................................................................................................................. 1407
2. Packet Format...................................................................................................................................................................... 1408
1. Authentication Success (Login) Packet....................................................................................................................... 1409
2. Deregistration Success (Logout) Packet..................................................................................................................... 1412
3. Authentication Response Packet................................................................................................................................... 1415
4. Deregistration Response Packet.................................................................................................................................... 1417
5. Online Status Query Packet............................................................................................................................................ 1418
3. Packet Encryption Algorithm.......................................................................................................................................... 1420
1. AES........................................................................................................................................................................................... 1420
2. 3DES........................................................................................................................................................................................ 1421
3. Enhanced AES...................................................................................................................................................................... 1421

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xiii


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

5.4.7 Free Mobility.................................................................................................................................................................. 1422


5.4.7.1 Introduction................................................................................................................................................................. 1422
5.4.7.2 Configuring a Security Group............................................................................................................................... 1427
5.4.7.3 Configuring a Resource Group............................................................................................................................. 1428
5.4.7.4 Configuring Inter-Group Policy Control............................................................................................................. 1429
5.4.7.5 Configuring IP-Security Group Entry Subscription......................................................................................... 1434
5.4.8 LAN-Side Site Configuration..................................................................................................................................... 1436
5.4.8.1 Configuring a Feature Deployment Template................................................................................................. 1436
5.4.8.1.1 Configuring an Interface or Device Template.............................................................................................. 1436
5.4.8.1.2 Configuring an Object Group............................................................................................................................ 1452
5.4.8.2 Configuring General Functions at a Site........................................................................................................... 1454
5.4.8.2.1 Configuring Service Parameters........................................................................................................................1454
5.4.8.2.2 Configuring a Management VLAN.................................................................................................................. 1465
5.4.8.2.3 Configuring a Command Whitelist.................................................................................................................. 1468
5.4.8.3 Configuring AP Services.......................................................................................................................................... 1501
5.4.8.3.1 Configuring an SSID..............................................................................................................................................1501
5.4.8.3.2 Configuring Radio Parameters.......................................................................................................................... 1512
5.4.8.3.3 Configuring AP Security Services......................................................................................................................1527
5.4.8.3.4 Configuring an IoT Module................................................................................................................................ 1533
5.4.8.3.5 Configuring a Bluetooth Module..................................................................................................................... 1537
5.4.8.3.6 Configuring IPSec VPN......................................................................................................................................... 1546
5.4.8.3.7 Configuring Physical Interfaces.........................................................................................................................1552
5.4.8.3.8 Configuring DHCP................................................................................................................................................. 1564
5.4.8.3.9 Configuring NAT Logs.......................................................................................................................................... 1567
5.4.8.3.10 Configuring Terminal Connectivity Check...................................................................................................1568
5.4.8.3.11 Configuring the Mesh Function......................................................................................................................1568
5.4.8.4 Configuring AR Services.......................................................................................................................................... 1572
5.4.8.4.1 Configuring a Network........................................................................................................................................ 1572
5.4.8.4.2 Configuring a Static Route................................................................................................................................. 1582
5.4.8.4.3 Configuring PBR..................................................................................................................................................... 1583
5.4.8.4.4 Configuring Physical Interfaces.........................................................................................................................1585
5.4.8.4.5 Configuring a Traffic Policy................................................................................................................................ 1588
5.4.8.4.6 Configure URL Filtering....................................................................................................................................... 1590
5.4.8.4.7 Configuring an SSID..............................................................................................................................................1591
5.4.8.4.8 Configuring Radio Parameters.......................................................................................................................... 1593
5.4.8.5 Configuring Switch Services...................................................................................................................................1595
5.4.8.5.1 Configuring a Subnet........................................................................................................................................... 1595
5.4.8.5.2 Configuring Physical Interfaces.........................................................................................................................1600
5.4.8.5.3 Configuring a Loopback Interface....................................................................................................................1621
5.4.8.5.4 Configuring a Static Route................................................................................................................................. 1623
5.4.8.5.5 Configuring OSPF.................................................................................................................................................. 1625
5.4.8.5.6 Configuring OSPF on an Interface................................................................................................................... 1628

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xiv


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

5.4.8.5.7 Configuring a Fit AP..............................................................................................................................................1630


5.4.8.5.8 Configuring a Static MAC Address Entry....................................................................................................... 1632
5.4.8.5.9 Configuring a Traffic Policy (QoS)...................................................................................................................1633
5.4.8.5.10 Configuring Authentication............................................................................................................................. 1635
5.4.8.5.11 Configuring Static Management IP Addresses for Switches.................................................................1638
5.4.8.5.12 Setting Advanced Parameters......................................................................................................................... 1643
1. Configuring STP.................................................................................................................................................................. 1643
2. Configuring Attack Defense............................................................................................................................................ 1647
3. Configuring Voice STA OUI............................................................................................................................................. 1648
4. Configuring Device VLANs.............................................................................................................................................. 1649
5. Configuring a DNS Server............................................................................................................................................... 1650
6. Configuring Free Mobility................................................................................................................................................ 1652
7. Viewing HiSec Insight Interworking Information.................................................................................................... 1653
8. Configuring VRRP............................................................................................................................................................... 1654
5.4.8.6 Configuring Firewall Services................................................................................................................................ 1656
5.4.8.6.1 Configuring a Network........................................................................................................................................ 1656
5.4.8.6.2 Configuring a Static Route................................................................................................................................. 1668
5.4.8.6.3 Configuring PBR..................................................................................................................................................... 1669
5.4.8.6.4 Configuring Physical Interfaces.........................................................................................................................1671
5.4.8.6.5 Configuring an SSID..............................................................................................................................................1677
5.4.8.6.6 Configuring Authentication................................................................................................................................ 1679
5.4.8.6.7 Configuring a Traffic Policy................................................................................................................................ 1680
5.4.8.6.8 Configuring a Mirror Group............................................................................................................................... 1683
5.4.8.6.9 Configuring Radio Parameters.......................................................................................................................... 1685
5.4.8.6.10 Configuring ASPF.................................................................................................................................................1687
5.4.8.6.11 Configuring Security Services.......................................................................................................................... 1688
1. Overview................................................................................................................................................................................ 1688
2. Configuring a Security Profile........................................................................................................................................ 1689
3. Configuring a Security Policy......................................................................................................................................... 1698
5.4.8.7 Configuring WAC Services...................................................................................................................................... 1705
5.4.8.7.1 Configuring a Fit AP..............................................................................................................................................1705
5.4.8.7.2 Configuring Authentication................................................................................................................................ 1707
5.4.8.8 Configuring PON Service........................................................................................................................................ 1709
5.4.8.8.1 Service Configuration........................................................................................................................................... 1709
1. ONT Template Configuration......................................................................................................................................... 1709
2. MxU Template Configuration......................................................................................................................................... 1715
5.4.8.8.2 Zero-Touch Policy Management....................................................................................................................... 1720
5.4.8.8.3 Deployment Task Management....................................................................................................................... 1723
1. Basic OLT Configuration................................................................................................................................................... 1723
2. ONU Service Configuration............................................................................................................................................. 1724
5.4.8.8.4 IP+POL Configuration Example.........................................................................................................................1725
5.4.8.9 Verifying the Configuration Delivery Result.................................................................................................... 1736

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xv


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

5.4.9 WAN-Side Site Configuration................................................................................................................................... 1737


5.4.9.1 Configuring the Underlay Network.................................................................................................................... 1737
5.4.9.1.1 Configuring WAN Interfaces.............................................................................................................................. 1737
5.4.9.1.2 Configuring Underlay Routes (OSPF)............................................................................................................. 1739
5.4.9.1.3 Configuring Underlay Routes (BGP)............................................................................................................... 1743
5.4.9.1.4 Configuring Underlay Routes (Static Routes)..............................................................................................1748
5.4.9.2 Verifying the Network Deployment Result...................................................................................................... 1749
5.4.10 Fabric Network Management................................................................................................................................ 1750
5.4.10.1 Networking Scenario............................................................................................................................................. 1750
5.4.10.2 Virtualized Campus Network Deployment Procedure............................................................................... 1752
5.4.10.3 Fabric Resource Planning..................................................................................................................................... 1752
5.4.10.3.1 Configuring a Fabric Global Resource Pool................................................................................................ 1752
5.4.10.3.2 Configuring an Underlay Automated Resource Pool.............................................................................. 1755
5.4.10.3.3 Configuring an Authentication Template................................................................................................... 1760
5.4.10.3.4 Configuring an IGMP Snooping Template.................................................................................................. 1763
5.4.10.4 Fabric Management............................................................................................................................................... 1766
5.4.10.4.1 Configuring a Fabric Network.........................................................................................................................1766
5.4.10.4.2 Managing Fabric Networks in Topology Mode.........................................................................................1774
5.4.10.4.3 Managing Fabric Networks in List Mode.................................................................................................... 1787
5.4.10.4.4 Configuring Access Management.................................................................................................................. 1791
5.4.10.5 LAN-side Logical Network Management....................................................................................................... 1798
5.4.10.5.1 Configuring a Default VN on the LAN Side............................................................................................... 1799
5.4.10.5.2 Configuring a LAN-Side VN............................................................................................................................. 1802
5.4.10.5.3 Configuring Layer 2 Multicast........................................................................................................................ 1814
5.4.10.6 (Optional) Configuring LAN-side VN Interconnection at Layer 3......................................................... 1815
5.4.10.7 Verifying the Configuration Status................................................................................................................... 1817
5.4.11 Virtual Network Management.............................................................................................................................. 1818
5.4.11.1 Configuring IPsec VPN.......................................................................................................................................... 1818
5.4.11.2 Configuring VNs in LAN-WAN Interconnection Scenario......................................................................... 1825
5.4.11.2.1 Creating VNs in LAN-WAN Interconnection Scenario............................................................................ 1825
5.4.11.2.2 Configuring WAN Services............................................................................................................................... 1826
1. Configuring an Overlay Topology................................................................................................................................. 1827
2. Configuring a Topology Policy....................................................................................................................................... 1833
3. Configuring WAN-side Routes....................................................................................................................................... 1837
5.4.11.2.3 Configuring LAN Services................................................................................................................................. 1839
1. Configuring Network Devices........................................................................................................................................ 1840
5.4.11.2.4 Configuring LAN-WAN Interconnection...................................................................................................... 1841
5.4.12 Policy Management...................................................................................................................................................1859
5.4.12.1 Configuring a Traffic Policy................................................................................................................................. 1860
5.4.12.1.1 Configuring a Traffic Policy Template.......................................................................................................... 1860
1. Creating a Traffic Classifier Template......................................................................................................................... 1860
2. Creating a Policy Behavior Template........................................................................................................................... 1865

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xvi


CloudCampus Solution
Design and Deployment Guide Deployment Guide
for Large- and Medium-Sized Campus Networks
(Non-virtualization Scenario) Contents

3. (Optional) Creating an Effective Time Template.................................................................................................... 1871


5.4.12.1.2 Configuring an Internet Access Policy for a Site...................................................................................... 1873
5.4.12.1.3 Configuring a Mutual-Access Policy for Traditional Sites......................................................................1880
5.4.12.1.4 Creating an ACL Policy for the Underlay Network.................................................................................. 1884
5.4.12.1.5 Creating an ACL Policy for the Overlay Network.....................................................................................1889
5.4.12.1.6 Creating a NAT Policy for the Underlay Network....................................................................................1895
5.4.12.1.7 Creating a NAT Policy for the Overlay Network...................................................................................... 1901
5.4.12.1.8 Creating an Intelligent Traffic Steering Policy for the Overlay Network.........................................1907
5.4.12.1.9 Creating a QoS Policy for the Overlay Network.......................................................................................1918
5.4.12.1.10 Configuring a Redirect Policy for the Overlay Network...................................................................... 1923
5.4.12.1.11 Configuring the VAS Connection................................................................................................................. 1927
5.4.12.1.12 Creating a QoS Policy (General Configuration)..................................................................................... 1932
5.4.12.1.13 Configuring NAT ALG...................................................................................................................................... 1937
5.4.12.1.14 Connecting to a Third-Party Secure Cloud Gateway Policy............................................................... 1939
5.4.12.2 Configuring VN Traffic Distribution................................................................................................................. 1942
5.4.12.3 Configuring a Security Policy.............................................................................................................................. 1943
5.4.12.3.1 Creating a Network Security Policy.............................................................................................................. 1943
5.4.12.4 Configuring Applications and Application Groups...................................................................................... 1952
5.4.12.4.1 Configuring SAC................................................................................................................................................... 1952
5.4.12.4.2 Checking Predefined Applications................................................................................................................. 1953
5.4.12.4.3 (Optional) Creating a Customized Application.........................................................................................1954
5.4.12.4.4 Creating a Customized Application Group................................................................................................. 1960
5.4.12.5 Checking the Policy Deployment Result......................................................................................................... 1963
5.4.13 Typical Applications................................................................................................................................................... 1964
5.4.13.1 Branch Network...................................................................................................................................................... 1964
5.4.13.2 Multi-Branch Interconnection.............................................................................................................................1970
5.4.13.3 Fabric Network........................................................................................................................................................ 1972
5.4.13.4 Scenario-Specific Deployment............................................................................................................................ 1975
5.4.13.5 Command Configuration Tool............................................................................................................................ 1978
5.4.13.5.1 Creating and Delivering Templates............................................................................................................... 1978
5.4.13.5.2 Configuring a Command Delivery Task....................................................................................................... 1982

Issue 04 (2021-10-10) Copyright © Huawei Technologies Co., Ltd. xvii

You might also like