Revision Record Do Not Print this

Page
Course Code Product Product Version Course Version

Author/ID Date Reviewer/ID New/ Update

Zhang Linrui /zwx570554

age 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Campus Network
Architectures and Practices
age 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Forewor
d
• A broad range of places, such as campuses, office spaces, and shopping
malls, are covered by networks. You can access internal resources of your
school, access internal printers of your company to print documents, or
access the Internet to browse news through the networks.
• These networks belong to campus networks and are generally constructed
by enterprises or organizations. Campus networks not only improve the
operational efficiency of enterprises, but also provide network access
services for external users.
• This chapter describes the basic architecture of a campus network and
details how to build a campus network.

age 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objective
s
• Upon completion of this course, you will be able to:
▫ Understand the definition of campus networks.

▫ Understand the typical networking architectures of campus networks.

▫ Master the planning and design methods of small campus networks.

▫ Master the deployment and implementation methods of small campus networks.

▫ Understand the small campus network O&M concepts.

▫ Understand the small campus network optimization concepts.

▫ Independently complete a campus network project.

age 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Content
s
1. Basic Concepts of Campus Networks
2. Campus Network Project Practice

age 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is a Campus Network?
Outside a
campus Private and public
Branch Other campuses Remote access user
clouds

Internet/Wide area network (WAN)

Inside a Demilitarized Campus egress layer

campus zone (DMZ)
Core layer
Data center Network
Aggregation layer
security
Network Access layer
management Terminal layer

Typical
scenario
Office building Campus Factory Government Enterprise Bank

A campus network is a local area network (LAN) that connects people and things in a specified area. Typically,
a campus network has only one management entity. If there are multiple management entries in an area, the
area is considered to have multiple campus networks.

age 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Campus Network Architecture
Internet WAN Branch campus
Anti-DDoS
Network management zone

Egress zone
Traveling
Firewall
employees
AC IPS

eLog Core layer

Data center

Aggregation
layer

Access
• Typically, a campus network is designed in a
layer hierarchical and modular manner.
• Campus networks can be classified into small,
midsize, and large campus networks based on
the number of terminals or NEs.

age 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of Small Campus
Networks

Internet • Small campus networks are typically

deployed in scenarios where the number of
access users is small (several or dozens of
users). A small campus network can cover
only one location, has a simple architecture,
and is constructed to enable mutual access
between internal resources.

Fat AP
• Characteristics of small campus networks:
Number of <
▫ Small number of users terminals 200
Host Number of NEs < 25
▫ Only one location

Network topology of a chain cafe ▫ Simple network architecture

▫ Simple network requirements

age 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of Midsize Campus
Networks
Internet
• A midsize campus network supports access of
hundreds to thousands of users.

• The modular design is introduced to midsize

Egress layer
campus networks, that is, the networks can
be partitioned by function. However, the
Core layer number of function modules is small. In most
cases, a midsize campus network is flexibly
partitioned based on service requirements.
Aggregation layer • Characteristics of midsize campus networks:
AC
▫ Midsize network scale Number of 200 to
terminals 2000
Access layer ▫ Most commonly used
Number of
AP 25 to 100
▫ Function partition NEs

▫ Typical three-layer network architecture: core,

Network topology of a foreign trade company
aggregation, and access

age 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of Large Campus
Networks
• A large campus network can cover multiple
Cloud DC Traveling
employees buildings and connect to multiple campuses in
a city through WANs. Typically, a large campus
Internet/WAN
network provides access services and allows
HQ campus Branch
campus traveling employees to access their company's
Network internal network through technologies such as
management
Virtual Private Network (VPN).

• Characteristics of large campus networks:

Number of >
▫ Wide coverage
terminals 2000
▫ Large number of users Number of NEs > 100

▫ Complex network requirements

▫ Comprehensive function modules

Network topology of a large enterprise
▫ Complex network architecture

age 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Main Protocols and Technologies of Campus
Networks
WLAN
protocols/technologie Common
s
protocols/technologies
AC
NAT, OSPF, static routing, and PPPoE
Egress zone
SNMP/
NETCONF

Stacking, OSPF, static routing, and

Core layer
NMS ACL

DHCP, stacking, link aggregation,

spanning tree protocol, OSPF, and
static routing Aggregation layer

VLAN, spanning tree, link

aggregation, and AAA
Access layer

age 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Content
s
1. Basic Concepts of Campus Networks
2. Campus Network Project Practice

age 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Networking Requirements
• A company (with about 200 employees) plans to build a brand-new campus
network to meet service development requirements. The network
requirements are as follows:
▫ Meet the current services requirements of the company.

▫ Use a simple network topology for easy O&M.

▫ Provide wired access for employees and wireless access for guests.

▫ Implement simple network traffic management.

▫ Ensure network security.

age 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Campus Network Project Lifecycle

1 Planning and design 2 Deployment and

implementation
• Device model • Device installation
selection • Single UPS commissioning
• Physical topology • Joint commissioning test
• Logical topology • Network migration and integration
• Technologies and
protocols

3 Network O&M 4 Network optimization

• Routine maintenance • Network security improvement
• Software and configuration • Software and configuration
backup backup
• Centralized monitoring via the • User experience improvement
network management system
(NMS)
• Software upgrade

age 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Small Campus Network Design

4. Network O&M
1. Networking
2. Network design 3. Security design and management
solution design
design

Device model Basic network

Basic service Egress security
selection management

Intranet wired
Physical topology WLAN Intelligent O&M
security

Layer 2 loop Intranet wireless

prevention security

Network reliability

age 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Networking Solution Design

Naming and interface selection
The physical topology is designed rules
upon full consideration of the Internet • The names should be easy to
GE0/0/0 remember and can be extended.
budget and service requirements.
CORE-R1 • The interfaces should meet the
The following figure shows the GE0/0/1
bandwidth requirements of
services.
topology. GE0/0/1
GE0/0/2
Agg-S1
GE0/0/1 GE0/
GE0/0/3 0/6
AC1 4
0/ GE0/
0/ 0/ 5
E0/0/1 GE E0/0/1 E0/0/1
E0/0/1

Acc-S1 Acc-S2 Acc-S3 Acc-S4

E0/0/10 E0/0/11
Printer Printer
GE0/0/0 GE0/0/0

AP1 AP2 Printer Administrator

FTP server
Guest reception R&D department Marketing department Administrative department
center

age 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Basic Service Design: VLAN Design

• You are advised to assign consecutive VLAN IDs to ensure proper use of VLAN resources.

• VLANs can be classified into service VLANs, management VLANs, and interconnection VLANs as required.

• Typically, VLANs are assigned based on interfaces.

Service VLAN design Management VLAN design

VLANIF 100
VLAN assignment by
192.168.100.254
geographic area

VLAN assignment by VLAN assignment by VLANIF 100 VLANIF 100

logical area personnel structure Management
192.168.100.1 192.168.100.2
VLAN 100

VLAN assignment by In most cases, Layer 2 switches use VLANIF interface

service type addresses as management addresses. It is recommended
that all switches on the same Layer 2 network use the same
management VLAN and their management IP addresses be
on the same network segment.

age 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

VLAN Planning
• A management VLAN is reserved for Layer 2 devices.

• VLANs are classified into the guest VLAN, R&D department VLAN, marketing department VLAN, and
administrative department VLAN.

• Layer 3 switches need to be connected to routers through VLANIF interfaces. Therefore, interconnection
VLANs need to be reserved.

• A VLAN is established for CAPWAP tunnels between APs and ACs.

VLAN ID VLAN Description
1 Guest VLAN or WLAN service VLAN
2 R&D department VLAN
3 Marketing department VLAN
4 Administrative department VLAN
100 Management VLAN of Layer 2 devices
101 Management VLAN of WLAN services
Interconnection VLAN between Agg-S1 and
102
CORE-R1

age 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M

Basic Service Design: IP Address

Design Implementatio Optimization
n

Design
Service IP address Management IP address

192.168.1.254
192.168.5.254
192.168.100.254 VLANIF 100
192.168.100.254

VLANIF 100 VLANIF 100

192.168.100.1 Management 192.168.100.2
VLAN 100

Employee Partner Guest

192.168.1.0/24 192.168.5.0/24 192.168.100.0/24 Layer 2 devices use VLANIF interface IP addresses as the
management IP addresses. It is recommended that all Layer 2
switches connected to a gateway use on the same network
The service IP addresses are the IP addresses of servers, segment.
hosts, or gateways.
• It is recommended that the gateway IP addresses use the IP address for network device interconnection
same rightmost digits, such as .254.
• The IP address ranges of different services must be clearly
distinguished. The IP addresses of each type of service It is recommended that the interconnection IP
terminals must be continuous and can be aggregated.
•
addresses use a 30-bit mask, and core devices use
An IP address segment with a 24-bit mask is
recommended. smaller host IP addresses.

age 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

IP Address Planning
• Reserve sufficient IP addresses based on the number of clients to be accessed and plan network segments and gateway
addresses for each type of service.

• Plan network segments for management IP addresses.

• Divide network segments for interconnection IP addresses.

IP Network Gateway
Network Segment Description
Segment/Mask Address
Network segment to which wireless access guests
192.168.1.0/24 192.168.1.254
belong, with the gateway located on Agg-S1
Network segment to which the R&D department
192.168.2.0/24 192.168.2.254
belongs, with the gateway located on Agg-S1
Network segment to which the marketing department
192.168.3.0/24 192.168.3.254
belongs, with the gateway located on Agg-S1
Network segment to which the administrative
192.168.4.0/24 192.168.4.254 department belongs, with the gateway located on Agg-
S1
Management network segment of Layer 2 devices,
192.168.100.0/24 192.168.100.254
with the gateway located on Agg-S1
192.168.101.0/24 N/A Management network segment of WLAN services
192.168.102.0/30 N/A Network segment between Agg-S1 and CORE-R1
Loopback interface address on CORE-R1, which is used
1.1.1.1/32 N/A
as the management IP address
age 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization

Basic Service Design: IP Address Allocation

n

Mode Design
Egress gateway Devices such as servers and printers

It is recommended that servers and special terminals

(such as punch-card machines, printing servers, and IP
video surveillance devices) use statically bound IP
Internet addresses.

Carrier End users

device

Interne
WAN interface: static t
IP address, DHCP, or
PPPoE
Egress Egress
gateway gateway It is recommended
that IP addresses of
end users are
IP addresses of WAN interfaces are assigned by AP allocated by gateways
the carrier in static, DHCP, or PPPoE mode. The IP through DHCP.
addresses of the egress gateways need to be
obtained from the carrier in advance.

age 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

IP Address Allocation Mode Planning

• The egress gateway obtains an IP address through PPPoE.

• All terminals obtain IP addresses through DHCP. The servers and printers are assigned fixed IP addresses.

• IP addresses of all network devices (except APs) are statically configured.

IP Network
Allocation
Segment/Interfac Allocation Mode Description
Mode
e
192.168.1.0/24 Allocated by Agg-S1. Agg-S1
192.168.2.0/24 allocates fixed IP addresses to fixed
DHCP
192.168.3.0/24 devices such as servers and
192.168.4.0/24 printers.
Device management IP addresses,
192.168.100.0/24 Static
which are statically configured
IP addresses of ACs are statically
192.168.101.0/24 DHCP configured, and IP addresses of APs
are allocated by Agg-S1.
Interconnection IP address, which is
192.168.102.0/30 Static
statically configured
GE0/0/0 on CORE-R1 PPPoE IP address assigned by the carrier

age 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Basic Service Design: Routing Design

• Routing design inside a campus network:
• Intra-network segment: After an IP address is
allocated using DHCP, a default route is
Internet generated by default and Agg-S1 functions as a
Layer 3 gateway.
• Inter-network segment: The current network
topology is simple. You can deploy static routes
on all devices that need to forward Layer 3 data
Layer 3 network to meet the requirements. No complex routing
Layer 2 network protocol needs to be deployed.
• Routing design at the campus egress:
Configure static default routes.

Printer Printer

FTP server Printer Administrator

Guest reception center R&D department Marketing departmentAdministrative department

age 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

WLAN Design
WLAN networking design WLAN data forwarding design

DHCP server AC Network

AC Network

192.168.101.1/24

CAPWAP tunnel
User data

192.168.101.X/24 192.168.101.Y/24 Control data


Based on the IP addresses of the AC and APs and
whether data traffic passes through the AC, the
networking can be divided into:

Inline Layer 2 networking

Control packets and data packets are transmitted on a

Bypass Layer 2 networking WLAN.

Inline Layer 3 networking

Control packets are forwarded through CAPWAP

Bypass Layer 3 networking tunnels.

This example uses the bypass Layer 2 networking.

User data packets are forwarded in tunnel or direct
mode.

This example uses the direct forwarding mode.

age 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

WLAN Data Plan

Item
Management VLAN for APs
Service VLAN for STAs
DHCP server
IP address pool for APs
IP address pool for STAs
Source interface address of
the AC
AP group
Regulatory domain profile
SSID profile
Security profile
Value
VLAN 101
VLAN 1
Agg-S1 functions as a DHCP server to allocate IP addresses to APs and STAs. The
default gateway address of STAs is 192.168.1.254.
192.168.101.2 to 192.168.101.253/24
192.168.1.1 to 192.168.1.253/24
VLANIF 101: 192.168.101.1/24
Name: ap-group1
Referenced profiles: VAP profile WLAN-Guest and regulatory domain profile default
Name: default
Country code: CN
Name: WLAN-Guest
SSID name: WLAN-Guest
Name: WLAN-Guest
Security policy: WPA-WPA2+PSK+AES
Password: WLAN@Guest123

Name: WLAN-Guest
Forwarding mode: direct forwarding
VAP profile
Service VLAN: VLAN 1
Referenced profiles: SSID profile WLAN-Guest and security profile WLAN-Guest

age 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Reliability Design
• Port-level reliability:
Internet Eth-Trunk is used to improve reliability between
access switches and aggregation switches and
increase link bandwidth.
• Device-level reliability
iStack or cluster switch system (CSS) technology
can be used, which is not involved in this
networking.

Printer Printer

FTP server Printer Administrator

Guest reception R&D department Marketing departmentAdministrative department
center

age 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Layer 2 Loop Prevention

• Question: Although no redundant link is introduced
to the current network segment, how can we
Internet prevent Layer 2 network loops caused by
misoperations of office personnel?
• Suggestion: Use spanning tree technology on the
Layer 2 network to prevent loops. In addition, you
are advised to manually configure Agg-S1 as the
root bridge.

Misconnection
Printer Printer

FTP server Printer Administrator

Guest reception center R&D department Marketing department Administrative department

age 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Egress NAT Design

Static NAT Dynamic NAT NAPT and Easy IP
1.2.3.4 1.2.3.4 1.2.3.4
Network egress Network egress Network egress

NAT mapping table NAT mapping table

NAT address pool ------------------------------------------------
------------------------------------------------
----------------------------------- Private IP Public IP
Private IP Address Public IP Address Address:Port Address:Port
1.2.3.1 Not in use
Number Number
192.168.1.1 1.2.3.1
1.2.3.2 Not in use 192.168.1.10:80 1.2.3.4:10335
192.168.1.2 1.2.3.2
1.3.3.3 Not in use
• NAPT translates port numbers based on
• dynamic NAT to improve public address
• Static NAT applies to scenarios where a large Dynamic NAT introduces the address pool
usage.
number of static IP addresses are configured concept. Available IP addresses in the
• Easy IP applies to scenarios where IP
and clients need to use fixed IP addresses. address pool are allocated to clients for
addresses of outbound network interfaces
Internet access.
are dynamically allocated.
NAT Server

NAT mapping table

------------------------------------------------
1.2.3.4 Private IP Public IP
The NAT server applies to scenarios
Network egress Address:Port Number Address:Port Number where a server on the intranet
Server providing 192.168.1.1:10321 1.2.3.4:1025 needs to externally provide services.
services
192.168.1.2:17087 1.2.3.4:1026
externally

age 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Security Design
Traffic Control DHCP Security

Internet Internal traffic Trusted port

R&D
department Guest data DHCP-enabled home routerAccess switch DHCP server

Guest network
Marketing LAN • On a campus network, employees often connect
department unauthorized DHCP-enabled wireless routers to the
network, causing private address disorders, address
conflicts, and Internet access failures.
• In most cases, DHCP snooping is enabled on access
Administrative switches to prevent this issue.
department
Internal network Network Management Security
• Different departments can access each other but cannot • When network devices are managed through Telnet or
access the Internet.
•
the web system, you can use access control list (ACL)
Guests can access the Internet but cannot access the
internal network. technology to allow only users with fixed IP addresses
• You can use technologies such as traffic policing and to log in to the devices.
traffic filtering to isolate the internal network from the • For the centralized NMS, SNMPv3 supports identity
external network and use NAT to control the internal authentication and encryption, significantly enhancing
network's access to the Internet. the NMS security.

age 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M

Network O&M and Management

Design Implementatio Optimization
n

Design
Traditional Device Management Management Based on iMaster NCE

Op
WE en
B Flo
w
SSH/Telnet Telemetry
LAN Network

F
N MP C ON
S
N ET

• When the network administrator and devices' IP

addresses are routable to each other, you can
manage the devices through Telnet, the web
system, or SSH.
• When there are a large number of devices on a
network, you can deploy an SNMP-based unified
NMS for network O&M and management.
• In addition to the SNMP-based traditional NMS,
Huawei iMaster NCE can also be used for network
management and O&M to implement autonomous
network driving.

age 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization

Small Campus Network Deployment and

n

Implementation
• The project deployment and implementation process must include:
▫ Solution formulation

▫ Device installation

▫ Network commissioning

▫ Network migration and integration

▫ Transfer-to-maintenance (ETM) training

▫ Project acceptance

• The specific process is determined based on the actual situation.

age 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Configuration Scheme (1)

1. Connect network devices using physical cables, configure link aggregation, and add interface
description. For details, see the following two tables.
Interfac Devic
Device Configuration Interface Configuration
e e
Mode: LACP-static Mode: LACP-static
Trunkport: GE0/0/1, GE0/0/2, Eth-trunk 1 Trunkport: GE0/0/3, GE0/0/7, GE0/0/8
Eth-trunk 1
GE0/0/3 Description: to Acc-S1's eth-trunk 1
Acc-S1 Description: to Agg-S1's eth-trunk 1
Mode: LACP-static
E0/0/10 Description: to AP1 Trunkport: GE0/0/4, GE0/0/9,
Eth-trunk 2
GE0/0/10
E0/0/11 Description: to AP2 Description: to Acc-S2's eth-trunk 1
Mode: LACP-static Mode: LACP-static
Trunkport: GE0/0/1, GE0/0/2, Trunkport: GE0/0/5, GE0/0/11,
Acc-S2 Eth-trunk 1 Agg-S1 Eth-trunk 3
GE0/0/3 GE0/0/12
Description: to Agg-S1's eth-trunk 2 Description: to Acc-S3's eth-trunk 1
Mode: LACP-static Mode: LACP-static
Trunkport: GE0/0/1, GE0/0/2, Trunkport: GE0/0/6, GE0/0/13,
Acc-S3 Eth-trunk 1 Eth-trunk 4
GE0/0/3 GE0/0/14
Description: to Agg-S1's eth-trunk 3 Description: to Acc-S4's eth-trunk 1
Mode: LACP-static GE0/0/1 Description: to CORE-R1's GE0/0/1
Trunkport: GE0/0/1, GE0/0/2,
Acc-S4 Eth-trunk 1
GE0/0/3 GE0/0/2 Description: to AC1's GE0/0/1
Description: to Agg-S1's eth-trunk 4
AC1 GE0/0/1 Description: to Agg-S1's GE0/0/2
age 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
CORE-R1 GE0/0/1 Description: to Agg-S1's GE0/0/1
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Configuration Scheme (2)

2. Assign VLANs based on interfaces. For details, see the following two tables.

Devic Interfac Devic Interfac

Type Configuration Type Configuration
e e e e
Eth-trunk PVID:100 Eth-trunk PVID:100
1 Allow-pass VLAN 1, 100, 101 Trunk
1 Allow-pass VLAN 1, 100, 101
Acc-S1 Trunk
E0/0/10 PVID:101 Eth-trunk PVID:100
Trunk
E0/0/11 Allow-pass VLAN 1, 101 2 Allow pass VLAN 2, 100

Eth-trunk PVID:100 Eth-trunk PVID:100

Trunk Trunk
1 Allow pass VLAN 2, 100 3 Allow pass VLAN 3, 100
Acc-S2 Agg-S1
Other Acces Eth-trunk PVID:100
Default VLAN 2 Trunk
ports s 4 Allow pass VLAN 4, 100
Eth-trunk PVID:100
Trunk
1 Allow pass VLAN 3, 100 GE0/0/2 Access Default VLAN 101
Acc-S3
Other Acces
Default VLAN 3
ports s GE0/0/1 Access Default VLAN 102
Eth-trunk PVID:100
Trunk
1 Allow pass VLAN 4, 100
Acc-S4 AC1 GE0/0/1 Access Default VLAN 101
Other Acces
Default VLAN 4
ports s

age 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Configuration Scheme (3)

3. Allocate IP addresses to STAs and APs using DHCP and statically configure IP addresses for
network devices. For details, see the following two tables.
Device Interface Address/Mask Devic Interfac
Address/Mask
VLANIF 1 192.168.1.254/24 e e
VLANIF 2 192.168.2.254/24 VLANIF
Acc-S1 192.168.100.1/24
100
VLANIF 3 192.168.3.254/24
VLANIF
Agg-S1 VLANIF 4 192.168.4.254/24 Acc-S2 192.168.100.2/24
100
VLANIF 100 192.168.100.254/24 VLANIF
Acc-S3 192.168.100.3/24
VLANIF 101 192.168.101.254/24 100
VLANIF 102 192.168.102.2/30 VLANIF
Acc-S4 192.168.100.4/24
100
GE0/0/1 192.168.102.1/30
VLANIF
Automatic obtaining via AC1 192.168.1.101/24
CORE-R1 GE0/0/0 101
PPPoE
Loopback0 1.1.1.1/32

age 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

Configuration Scheme (4)
4. Configure the IP address allocation mode. For details about DHCP, see the following table.
Network
Other Parameters
Segment
Gateway:192.168.1.254
192.168.1.0/24
DNS:192.168.1.254
Gateway:192.168.2.254
192.168.2.0/24
DNS:192.168.2.254
Gateway:192.168.3.254
192.168.3.0/24
DNS:192.168.3.254
Gateway:192.168.4.254
192.168.3.0/24
DNS:192.168.4.254
192.168.101.0/24 N/A
age 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n
Remarks
Agg-S1 functions as a DHCP server.
Agg-S1 functions as a DHCP server.
Fixed IP addresses are allocated to
printer (1) and the FTP server.
Agg-S1 functions as a DHCP server.
A fixed IP address is allocated to printer
(2).
Agg-S1 functions as a DHCP server.
Fixed IP addresses are allocated to
printer (3) and the network
administrator.
Agg-S1 functions as a DHCP server.
The IP address (192.168.101.1) occupied
by the AC is not allocated.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Configuration Scheme (5)

5. Configure routes. Static routes are used because the network scale is small and the
number of NEs is also small. For details, see the following table.

Device Route Configuration Remarks

Acc-S1
Acc-S2 Route that enables the network
0.0.0.0 0 192.168.100.254 administrator to access Layer 2 switches
Acc-S3 across network segments.
Acc-S4
Route that enables the administrator to
AC1 0.0.0.0 0 192.168.101.254
access AC1 across network segments.
Route that matches the traffic destined for
Agg-S1 0.0.0.0 0 192.168.102.1
the Internet
192.168.0.0 20 Aggregated route for the core router to
192.168.102.2 access the intranet
CORE-R1
Route pointing to an interface on the
Default route
external network

age 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Configuration Scheme (6)

6. Configure network management. Set the network management mode to Telnet-based remote
management and authentication mode to Authentication, Authorization, and Accounting (AAA). For
details, see the following table.
Device Management Mode Authentication Mode Remarks
Acc-S1
Acc-S2
Acc-S3
The user name and password must
Acc-S4 Telnet AAA be complex and different. In
addition, record them.
Agg-S1
CORE-R1
AC1
Centralized control and
AP1&AP2 N/A N/A
management by the AC

7. Network egress configuration

Device Interface Access Mode NAT Mode Remarks
User name: PPPoEUser123
CORE-R1 GE0/0/0 PPPoE Easy IP
Password: Huawei@123

age 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Configuration Scheme (7)

8. Configure the WLAN as planned.
9. Perform security-related configurations. For details, see the following table.

Module Related Technology Configuration

1. Configure an advanced ACL to block the traffic from
192.168.1.0/24 to the service network segment on the
intranet and allow other traffic to pass through. Configure a
Traffic Traffic policy, NAT, and traffic filtering policy to reference this ACL and apply the
monitoring ACL policy to an interface.
2. Configure a basic ACL to permit only the traffic from
192.168.1.0/24 and apply this ACL to the NAT configuration
on an outbound network interface.
Configure a basic ACL to permit only the packets whose source
Network
IP address is the administrator's IP address and wildcard mask is
management AAA and ACL
0, and apply the ACL to the VTY interfaces of all managed
security
devices.
Enable DHCP snooping on all access switches and configure the
DHCP security DHCP snooping
uplink interfaces as trusted interfaces.

age 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M

Small Campus Network

Design Implementatio Optimization
n

Commissioning
2. High Reliability 3. Service Performance
1. Connectivity Test
Commissioning Test

Basic link interconnection Loop prevention function

Service traffic test
test test

Layer 2 interoperability test Path switchover test Access control test

Layer 3 interoperability test Hot Standby (HSB) test

age 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Small Campus Network O&M

• After a small campus network is provisioned, it enters the O&M phase.
Common O&M methods include:
▫ Device environment check

▫ Basic device information check

▫ Device running status check

▫ Service check

▫ Alarm handling

• When the network scale reaches a certain level, the network management
software can be used for network management and O&M to improve
efficiency.
age 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Deployment
Planning and and Network
Network O&M
Design Implementatio Optimization
n

Small Campus Network Optimization

• Network optimization can comprehensively improve the reliability and
robustness of networks and better support the development of enterprise
services. Common network optimization solutions include but are not limited
to:
▫ Device performance optimization, such as hardware upgrade and software
version update
▫ Basic network optimization, such as network architecture optimization and
routing protocol adjustment
▫ Service quality optimization, such as preferential forwarding of voice and video
services

• Formulate an appropriate network optimization solution based on network

age 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What is the complete lifecycle of a campus network?
2. What is the function of a management IP address?

age 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summar
y
• This chapter describes the concepts, types, and common technologies of
campus networks.
• Understand the lifecycle of campus networks:
▫ Planning and design

▫ Deployment and implementation

▫ Network O&M

▫ Network optimization

• Based on the previous courses, this course focuses on the planning, design,
deployment, and implementation of campus networks and details how to
establish a small campus network.
age 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

age 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.