1 About This Document.............................................................................................................1
2 Quick Guide to This Document............................................................................................ 4 3 Campus Network Connectivity Deployment.....................................................................6 3.1 Key Points of Network Connectivity Deployment........................................................................................................ 6 3.2 Deployment Differences Between Two-Layer and Three-Layer Network Architectures................................ 8 3.3 Deployment Differences Between a Standalone AC and an ACU2..................................................................... 10 3.4 Typical CSS and Stack Deployment................................................................................................................................ 11 3.5 Native AC Solution: Core Switches Function as the Gateway for Wired and Wireless Users.....................23 3.6 Native AC Solution: Aggregation Switches Function as Gateways for Wired and Wireless Users........... 37 3.7 Native AC + SVF Solution: the Parent Containing Core Switches Functions as the Gateway for Wired and Wireless Users.......................................................................................................................................................................53 3.8 Native AC + SVF Solution: Parents Containing Aggregation Switches Function as Gateways for Wired and Wireless Users.......................................................................................................................................................................72 3.9 Standalone AC Solution: Core Switches Function as the Gateway for Wired and Wireless Users........... 93 3.10 Standalone AC Solution: Aggregation Switches Function as Gateways for Wired and Wireless Users ......................................................................................................................................................................................................... 115 3.11 Standalone AC Solution: Core Switches and ACs Function as the Gateways for Wired and Wireless Users Respectively..................................................................................................................................................................... 139 3.12 Standalone AC Solution: Aggregation Switches and ACs Function as the Gateways for Wired and Wireless Users Respectively....................................................................................................................................................162
4.1 Key Points of Campus Egress Deployment................................................................................................................ 186 4.2 Deploying Firewalls as Egress Devices........................................................................................................................ 188 4.3 Deploying Firewalls in Off-Path Mode........................................................................................................................207 4.4 Connecting Firewalls to Egress Routers Directly..................................................................................................... 225 4.5 Deploying IPSec on Firewalls for Secure Communication with the Headquarters......................................244 4.6 Deploying IPSec on Egress Routers for Communication Between the Headquarters and Branch........ 262 4.7 Connecting an Egress Router in a Branch to the Headquarters Through a Private Line.......................... 276
6 Wired and Wireless User Access Authentication Deployment.................................311
6.1 Key Points of User Access Authentication Deployment........................................................................................ 311 6.2 Native AC + Free Mobility Solution: Core Switches Function as the Authentication Point for Wired and Wireless Users............................................................................................................................................................................. 313 6.3 Native AC + Policy Association Solution: Core Switches Function as the Authentication Point for Wired and Wireless Users.................................................................................................................................................................... 340 6.4 Native AC + NAC Solution: Core Switches Function as the Authentication Point for Wired and Wireless Users............................................................................................................................................................................................... 370 6.5 Native AC + Policy Association Solution: Aggregation Switches Function as the Authentication Points for Wired and Wireless Users................................................................................................................................................ 397 6.6 Native AC + NAC Solution: Aggregation Switches Function as the Authentication Points for Wired and Wireless Users............................................................................................................................................................................. 430 6.7 Native AC + Free Mobility Solution: Parent (Core Switches) in an SVF System Functions as the Authentication Point................................................................................................................................................................. 460 6.8 Native AC + NAC Solution: Parent (Core Switches) in an SVF System Functions as the Authentication Point............................................................................................................................................................................................... 486 6.9 Standalone AC + NAC Solution: Core Switches and ACs Function as the Authentication Points for Wired and Wireless Users Respectively.............................................................................................................................. 512 6.10 Standalone AC + NAC Solution: Aggregation Switches and ACs Function as the Authentication Points for Wired and Wireless Users Respectively....................................................................................................................... 543
8.1 Key Points of QoS Deployment..................................................................................................................................... 622 8.2 Aggregation Switch: Increasing the Priority of Special Traffic........................................................................... 623
9.1 Network Deployment in Small- and Medium-Sized Stores (AR Router Functioning as an Egress Gateway)...................................................................................................................................................................................... 629 9.1.1 Application Scenario and Service Requirements.................................................................................................. 629 9.1.2 Solution Design................................................................................................................................................................ 630 9.1.3 Deployment Roadmap and Data Plan..................................................................................................................... 631 9.1.4 Deployment Procedure..................................................................................................................................................636 9.1.4.1 Configuring the AR6300............................................................................................................................................ 636 9.1.4.2 Configuring the S5731-S........................................................................................................................................... 639 9.1.4.3 Configuring the AC6605............................................................................................................................................ 645
9.1.5 Verifying the Deployment............................................................................................................................................ 651
9.1.6 Configuration Files..........................................................................................................................................................651 9.2 Higher Education Campus Network Deployment (ME60 Used as the Gateway and Authentication Point + Firewall Used as the Egress)...................................................................................................................................655 9.2.1 Application Scenario and Service Requirements.................................................................................................. 655 9.2.2 Solution Design................................................................................................................................................................ 657 9.2.3 Deployment Roadmap and Data Plan..................................................................................................................... 660 9.2.4 Deployment Procedure.................................................................................................................................................. 676 9.2.4.1 Configuring Access Switches (S5735-L)............................................................................................................... 676 9.2.4.2 Configuring Aggregation Switches (S6730-H).................................................................................................. 678 9.2.4.3 Configuring the Core Switch (S12708E).............................................................................................................. 679 9.2.4.4 Configuring the ME60................................................................................................................................................ 682 9.2.4.5 Configuring Firewalls (USG6315E)........................................................................................................................ 690 9.2.5 Verifying the Deployment............................................................................................................................................ 696 9.2.6 Configuration Files..........................................................................................................................................................697 9.3 Deployment of a Subway Bearer Network Featuring High-Speed Self Recovery........................................709 9.3.1 Service Requirements and Solution Description...................................................................................................709 9.3.2 Basic Configurations...................................................................................................................................................... 713 9.3.2.1 Data Plan........................................................................................................................................................................ 713 9.3.2.2 Configuring Device Information............................................................................................................................. 717 9.3.2.3 Configuring Interfaces................................................................................................................................................718 9.3.2.4 Enabling BFD................................................................................................................................................................. 720 9.3.3 Deploying OSPF............................................................................................................................................................... 720 9.3.3.1 Deployment Roadmap............................................................................................................................................... 721 9.3.3.2 Configuring OSPF........................................................................................................................................................ 721 9.3.4 Deploying MPLS LDP..................................................................................................................................................... 723 9.3.4.1 Deployment Roadmap............................................................................................................................................... 724 9.3.4.2 Data Plan........................................................................................................................................................................ 724 9.3.4.3 Enabling MPLS LDP.....................................................................................................................................................725 9.3.4.4 Configuring Synchronization Between LDP and OSPF................................................................................... 726 9.3.4.5 Configuring LDP GR.................................................................................................................................................... 727 9.3.4.6 Configuring BFD for LSPs.......................................................................................................................................... 728 9.3.5 Deploying MPLS TE........................................................................................................................................................ 729 9.3.5.1 Deployment Roadmap............................................................................................................................................... 729 9.3.5.2 Data Plan........................................................................................................................................................................ 730 9.3.5.3 Configuring MPLS TE Tunnels and Hot Standby.............................................................................................. 733 9.3.5.4 Configuring RSVP GR..................................................................................................................................................737 9.3.5.5 Configuring BFD for CR-LSPs................................................................................................................................... 737 9.3.6 Deploying L3VPN Services and Protection (HoVPN).......................................................................................... 740 9.3.6.1 Deployment Roadmap............................................................................................................................................... 740 9.3.6.2 Data Plan........................................................................................................................................................................ 742 9.3.6.3 Configuring MP-BGP...................................................................................................................................................746 9.3.6.4 Configuring L3VPN......................................................................................................................................................749