Business Configuration

to simplify the configuration of common typical network setups, the controller has four built in scenarios small/mid scale campus, large/mid scale campus, traditional l2 network, and open cloud connect administrators can select any network setup according to the network scale to complete topology planning after all devices in the planned topology are online and connected to the controller, the acc will automatically detect and identify the connection status between devices to generate a real network topology administrators can check whether the topology is correct, and after confirming it is error free, deploy the configuration to the devices to complete network configuration and deployment after entering the specific venue, the administrator clicks the \[configuration] \[design topology] button to select the specific scenario to be used small/mid scale campus small/mid scale campus this is a full l3 network solution with a two tier spine leaf architecture, for example, using the cx308 series as the spine devices and the cx204y 48gt series as the leaf devices each spine device can provide up to 48 interfaces to connect with leaf devices, and each leaf device offers 48 access interfaces thus, the network can support up to 48 x 48 = 2304 access interfaces this scenario is suitable for smaller scale network large/mid scale campus large/mid scale campus this is a full l3 network solution with a three tier spine aggregation leaf architecture, for example, using the cx308 series as spine devices, the cx206p 24s series as aggregation devices, and the cx204y 48gt series as leaf devices each spine device can provide up to 48 interfaces to connect with aggregation devices, each aggregation device can provide up to 24 interfaces to connect with leaf devices, and each leaf device offers 48 access interfaces thus, the network can support up to 48 × 24 × 48 = 55,296 access interfaces this scenario is suitable for larger scale network traditional l2 network traditional l2 network traditional l2 network solution, spine leaf l2 architecture, leaf for pure l2 access, gateway deployed on spine device open cloud connect open cloud connect the gateway is deployed on aggregation or access devices suitable for scenarios where there are already aggregation devices or access layer expansion in the park, providing two classic modes layer 2 forwarding and access layer gateway small/mid scale network deployment small/mid scale network deployment design topology design topology procedure description step 1 select the small/mid scale campus network scenario, fill in the models and quantities of spine and leaf devices, then click \[save] to finish the pre planning of the network topology the controller will generate a recommended network topology based on the pre planned typical network architecture step 2 users can click the \[edit] button on the device side, select devices from the inventory to be applied to the current topology in the slide out panel on the right, and then choose interconnection interfaces mac uniquely select a device via its mac address loopback ip configure the ip address for the device's loopback0 interface, which will be used for in band management of the device hostname configure the hostname of the device device role assign the device role as spine or leaf interconnection interfaces local interface the interface on the current device neighbor select the peer device connected to the local interface neighbor port the interface on the peer device interconnected with the current device's local interface or click \[import configuration] in the upper right corner of the page to import the configuration before importing, users can click \[export configuration] on the right to obtain a blank configuration file step 3 click the \[save] button in the upper right corner to save your edits to the topology basic network basic network procedure description step 1 click \[basic network] to enter the basic network configuration interface to configure the basic network that carries the service network, including the routing protocols between leaf and spine, and between spine and up link devices besides information such as ip addresses that must be specified by the user, the controller will dynamically generate basic configurations based on the network topology that do not require the user's attention step 2 configuring spine device up link interface information step 3 configure the ip address of the spine device uplink interface and static routing information on the spine device note if the spine and the core device do not use static route but use dynamic route, user can click \[advance] button to configure it \[bgp enable] enable the bgp function of spine device and configure the as number and ip address information of the up link device, so that spine can establish bgp neighbor relationship with the up link device \[ospf enable] enable ospf on spine devices, configure the ospf domain id and establishment method, so that spine and up link devices can establish neighbor relationships via ospf to synchronize routes \[route aggregation enable] when the spine devices enable the bgp function, the routing information of the terminal will be synchronized with the up link device in form of aggregated routes \[ha] when enabled, the two spine devices will provide a cross device lag interface to the up link device through the mc lag function step 4 configure device management related information timezone configure the system time zone ntp configure ntp server snmp configure snmp community syslog configure syslog server ip address tacacs+ configure tacacs server ip address device acl configure acl rules restricting ssh, snmp, telnet connections to device wired service configuration wired service configuration wired service configuration wired service configuration click \[switch configure] to enter the wired service management interface, where you can configure corresponding service vlans and ip gateways on switches for wired and wireless users, and specify the ip address of the dhcp server multiple service vlans can be added to handle different service requirements procedure step 1 \[dhcp relay] configure the dhcp server ip address when the dhcp server does not support recognizing the option82 field, the option82 option needs to be disabled step 2 \[business vlan] vlan create service vlans note that in addition to basic service vlans, a management vlan for user aps to connect to the controller must also be created ip configure an address as the gateway for the service vlan access/trunk select the mode according to whether the interface transmits/receives packets with vlan tags access accepts packets without vlan tag, typically configured for the ap management vlan trunk accepts packets with vlan tag, typically configured for service vlans member interfaces click the drop down arrow to select the member interfaces of the vlan dai/ipsg the controller enables the dhcp snooping function by default to effectively prevent dhcp server impersonation attacks, ensuring dhcp clients obtain ip addresses from legitimate dhcp servers administrators do not need to manage trusted/untrusted interfaces on different devices the controller automatically generates configurations based on topology information administrators can enable arp inspection (dai) and ip source guard (ipsg) based on network security requirements these functions validate host legitimacy using global dhcp snooping entries to prevent malicious hosts from forging legitimate identities or attacking the network via self assigned ip addresses, thus avoiding potential ip conflicts mac scan (optional) in ethernet, mac address table entries guide devices to perform layer 2 data forwarding after enabling this function, arp request packets corresponding to the ip address in the request table can be sent based on the snooping and user bind table entries, which are commonly used for dumb terminals and server deployment proactively update device mac and arp table entries step 3 (optional) \[security] administrators can further enhance network security by configuring device management acls and service acls to set blacklists/whitelists for user internet traffic step 4 (optional) \[user authorization] in enterprise networks or public places with high security requirements, enable 802 1x based user authentication this ensures only authenticated users and devices can access network resources, enhancing security through the graphical interface, administrators can define and apply authentication policies, including specifying ports for 802 1x authentication and setting different authentication rules dhcp server configuration dhcp server configuration the controller supports users to configure dhcp server functionality on spine devices procedure description step 1 click on \[configuration] \[wired service configuration] \[dhcp] to enter the dhcp server configuration interface, and click on the \[+] button on the page to create a new configuration step 2 follow the prompts on the page to configure address pool details fields marked with are mandatory name user defined network specify the network segment where the ip address assigned by the dhcp server to the dhcp client is located gateway address specify the gateway address assigned by the dhcp server to the dhcp client dns specify the dns server address address pool specify the address range allocated by the dhcp server to dhcp clients lease time specify the ip address lease time step 3 (optional) click on \[dhcp option] and fill in the relevant information next server configure the ip address of the network server to be used in the next step during the dhcp client startup process vendor specific (option 43) hexadecimal number used to transmit vendor specific information to client devices of a particular vendor server identifier (option 54) notify the client of the address of the dhcp server tftp server (option 66) configure the tftp server address used by dhcp clients bootfile name (option 67) configure the startup configuration file name for dhcp clients capwap ac (option 138) dhcp options specifically designed for wireless ap discovery controllers, fill in the controller ip address step 4 (optional) the controller supports configuring mac binding ip function, which users can fill in as needed step 5 click save step 6 click the \[push configuration] button, select the configuration edited in the previous step, click \[next] \[start] , and send the configuration to the spine switch wireless service configuration wireless service configuration procedure description step 1 click \[wireless configuration] \[+] \[create configuration] to configure the necessary basic information for the wireless ap, e g ssid settings, security policy the controller can automatically generate the corresponding configuration script based on the administrator's input the controller supports the configuration of different wireless service configurations, and after the ap goes online, it will determine which configuration should be issued to the ap based on the \[config tag] attributes of the configuration step 2 set time zone and select whether to enable led step 3 configure ssid related content if there is a specific application scenario, the administrator can also customize the default configuration of the ap in the \[advanced settings] step 4 configure lan interface when the ap is one that has an extended wired interface and is capable of accessing terminals by wired means, such as a panel ap, the user can configure the access method for wired terminals through the configuration in lans upstreamports specify the up link interfaces for wired terminal to access the network through ap, usually it is the interface for ap to connect to the switch, and keep the same with \[upstreamports] in \[ssid] \[advanced] settings, the default is wan downstreamports interfaces for wired terminal access downstream vlan tag whether the wired terminal carries vlan tag vlan id the ap receives messages from wired terminals that add this vlan tag to identify dhcp snooping trusted dhcp snooping trusted interface, if the wired terminal needs to obtain ip address through dhcp service, this switch needs to be on wireless rf configure wireless rf configure when the ap is online and connected to the controller, according to the actual deployment environment, if you need to adjust the wireless rf related configuration of the ap, you can configure it in the \[radio configuration] page configuration release configuration release switch switch procedure description step 1 the equipment is managed by the controller devices in the factory state, both management and service ports, with a status of up will initiate a dhcp request to ask the dhcp server to provide a temporary management ip address and the controller ip address on the cloud to connect to the controller for configuration information step 2 after all devices have finished going online, click \[real topology] to confirm that the topology recognized by the controller based on the online devices is consistent with the design topology after confirming that there is no error, follow the steps below to issue the configuration step 3 confirm whether the actual topology matches the plan step 4 click \[configuration] \[design topology] \[basic network] \[push configuration] to issue the basic configuration for all devices by default, the controller will select all switches click the \[next] \[start] button to start issuing basic network configurations for the switches step 5 click \[ configuration] \[switch configuration] \[push configuration] to issue a configuration for the device ap ap the ap does not need to manually issue the configuration after the configuration of the device is issued and takes effect, the poe power supply function of the switch is turned on, and the ap can power on and work when the ap connects to the controller with the information obtained through the dhcp service, the controller will automatically send the configuration to the corresponding ap based on the comparison between the tag identification stored in the ap inventory and the tag identification in the planning configuration large/mid scale network deployment large/mid scale network deployment the large/mid scale campus network can adopt a spine aggregation leaf three level structure, which expands the number of accessible leaf devices through aggregation and further expands the number of access ports support configuring mc lag access servers on leaf switches design topology design topology procedure description step 1 the device selection and topology editing are the same as the small/mid scale campus networks if mc lag needs to be deployed, it is necessary to choose the model and quantity of server network switch group and switches during topology planning, and mc lag enable should be automatically enabled on the server area leaf switch after selection step 2 the topology overview is shown below step 3 click on the topology editor in the bottom right corner of the device, and enable mc lag enable on the leaf switch basic network basic network procedure description step 1 configure the in band management network for aggregation devices typically the spine and leaf devices are layer 3 devices in band management can use the loopback0 address while the aggregation device is a layer 2 device for which you need to configure the management vlan and ip controller can assign an in band management address to each aggregation device based on the address segments that are entered by the user step 2 configure in band management network for leaf devices (optional if out of band management is selected, there is no need to configure the management address range) configure the peerlink interface vlan and peerlink ip step 3 the configuration of egress route part is consistent with the \[small/mid scale network deployment] , please refer to the previous section to complete the configuration step 4 the configuration of device management part is consistent with the \[small/mid scale network deployment] , please refer to the previous section to complete the configuration wired service configuration wired service configuration business network switch group wired service configuration business network switch group wired service configuration default configuration type selection, the rest is the same as \[small/mid scale network deployment] , please refer to the previous section to complete the configuration server network switch group wired service configuration server network switch group wired service configuration procedure description step 1 create leaf switch configuration select \[configuration type] as server area select \[device] as the leaf mc lag pair that needs to be configured select \[device role] as leaf step 2 the leaf switch of mc lag network needs to be configured with link aggregation port and business vlan lag link aggregation id, users can create ids within the range of 1501 2000 as needed mode static/lacp, choose whether the link aggregation mode is static or lacp dynamic negotiation member select the member interface connected to this business server step 3 create business vlan for leaf switch step 4 create spine switch configuration the business gateway of mc lag network is deployed on spine devices, and when selecting devices, devices of spine type also need to be added create a business gateway for the business vlan corresponding to the leaf switch in the server area step 5 (optional) configure the ip address of the dhcp server if the terminal server needs to obtain an ip address from the dhcp server, the dhcp relay needs to be configured if the dhcp server does not support recognizing the option82 field, the option82 option needs to be turned off step 6 configure the business vlan for spine switch broadcast domain select the mac address of the leaf switch corresponding to the vlan step 7 (optional) dhcp server configuration please refer to the previous chapters, spine will automatically run dhcp failover to ensure business stability wireless service configuration wireless service configuration the configuration of this part is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration configuration release configuration release the configuration of this part is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration traditional l2 network deployment traditional l2 network deployment design topology design topology device selection and topology editing is the same as for the small/mid scale campus network the topology is summarized as shown below basic network basic network procedure description step 1 specify a vlan id as the in band management vlan, configure the address segment of the management ip and the gateway address for in band management (this gateway address will be configured on the spine device), and select the member interfaces of the vlan and the mode (trunk/access) when joining the vlan step 2 select the interface id of the spine device's up link interface and configure the ip address step 3 configure default route for spine switch step 4 the configuration of device management is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration wired service configuration wired service configuration procedure description step 1 create switch configuration note when selecting devices, spine type devices must also be added step 2 create service gw on spine switch configure dhcp relay function step 3 create service vlan and gw ip step 4 create leaf switch configuration on this interface, only the vlan id and member interfaces need to be specified, and all other configurations are generated by the controller step 5 (optional) create service acls to configure access control lists between services in different network segments note this configuration takes effect on spine devices, and vlan isolation is applied between leaf devices step 6 the configuration of user access authentication is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration wireless service configuration wireless service configuration the configuration of this part is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration configuration release configuration release the configuration of this part is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration open cloud connect open cloud connect open cloud connect scenarios support users to configure access switches in bulk the gateway is deployed on aggregation or access devices suitable for scenarios where there are already aggregation devices or access layer expansion in the park, providing two classic modes layer 2 forwarding and access layer gateway wired service configuration wired service configuration procedure description step 1 create switch configuration without design topology step 2 create static route and choice uplink interface step 3 create a business vlan there has two way to configuration vlanif interface ip address dhcp request the vlan interface will act as a dhcp client, sending dhcp request packets to the dhcp server to obtain an ip address static configure in the static configuration mode, an ip address range is specified, and ip addresses are assigned sequentially to all switches that apply this configuration wireless service configuration wireless service configuration the configuration of this part is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration configuration release configuration release the open cloud connect scenario does not require the issuance of basic network configuration, and the rest of this part is consistent with the egress route of \[small/mid scale network deployment] , please refer to the previous section to complete the configuration