The development of the campus network has gone through a process from 'zero' management to 'manageable'. The early networks mainly provided the most basic combined services and Internet services. However, with the rapid expansion of user scale, network management problems have become prominent. Due to the lack of management of users and the inability to carry out effective identity confirmation, address spoofing, network fraud and attacks increase, seriously affecting the normal use and development of campus networks. At the same time, the performance of the original equipment cannot start to meet the development of the network. For example, insufficient switching capacity, limited flow classification, and limited QoS support have all caused bottlenecks in network development. However, the transformation of the campus network is facing another problem: how to protect early investment. The development of the network is gradual, and subversive transformation is impossible. Therefore, an excellent campus network transformation plan is to improve the overall network performance, increase its management, and protect the initial investment so that the old equipment can continue to function at a suitable level. Correspondingly, the reform of the campus network of Beijing Normal University is a good example.
Campus network transformation plan
Transform the dormitory area into a manageable network and have the ability to make blood. It needs to realize that students, faculty and staff need to be authenticated to access the network, and can be charged according to traffic, duration, or monthly subscription. It is necessary to ensure the security of the network, prevent the theft of addresses, and ensure the development of multicast, voice, and streaming media services.
Beijing Normal University cooperated with Huawei to select the centralized layer 3 switch Quidway S6506 and the certified accounting software CAMS (Comprehensive Access Management Server) independently developed by Huawei, and make full use of existing equipment to upgrade the campus network of Beijing Normal University , The switching performance of the entire network has been greatly improved while providing user management, business management and flexible billing strategies.
The core idea of â€‹â€‹network reform is: unified management, unified certification!
The core part uses Quidway S6506, which is a high-density layer 3 switch developed by Huawei. It is suitable as a core switching device in campus networks and large campus networks. The system backplane has a bandwidth of 128G, a switching capacity of 64G, and a forwarding capacity of 48Mpps. The S6506 not only improves the performance of the entire network, but also enables unified management and authentication of users across the entire network, changing the current status of unmanaged networks. Cooperating with CAMS at the same time, Huawei's integrated management system realizes user authentication, authorization, billing and authority management, and ensures the security of network and user information. Moreover, CAMS can also issue prepaid cards to achieve billing based on traffic, monthly subscription, or duration.
Because Quidway S6506 provides powerful Qos / ACL capabilities, it can allocate a certain bandwidth for each user or a certain subnet. The combination of QOS / ACL and CAMS can be used to customize the personalized service by adopting flexible billing schemes according to the actual needs of users. The Quidway S6506 supports the DHCP RELAY function, which enables users in multiple subnets to use the same DHCP server, saving server expenses, and can check the legality of dynamically assigned IP addresses, prohibiting users who use illegal addresses from accessing external networks; Quidway S6506 supports the latest 802.1x authentication. Combining with CAMS can provide a complete authentication and accounting solution, which can realize network management and value-added.
The network of the dormitory area of â€‹â€‹Beijing Normal University after transformation is as follows:
Each port on the downstream of the S6506 starts 802.1x authentication. The PCs on each floor must be authenticated through the 802.1x client. Enter the user name and password. The S6506 will authenticate the user name and password through the CAMS server. At the same time, the CAMS server starts to charge users. After the 802.1x authentication is passed, users who want to access the external network need to dynamically obtain an IP address, which is assigned by the DHCP server. Configure the DHCP relay on each downstream interface of the S6506 and enable the address check function. If it is not a legal IP address dynamically obtained through DHCP, but a randomly configured IP address, users will not be able to access the Internet. Set an access control list on S6506 to limit the bandwidth of each user to a maximum of 64Kbit / s, which can limit the situation of multiple machines surfing the Internet through a gateway (such as wingate).
Considering that the development of the network is a step-by-step process, currently only one S6506 is added to the campus network, which is equivalent to the S6506 functioning as a service gateway. As the number of users increases, one S6506 can be added, and two S6506s can perform service sharing, or the 802.1x and DHCP RELAY functions can be moved down. Layer 3 switches and Layer 2 switches attached to the S6506 implement authentication, DHCP RELA, and other functions. , To reduce the burden of S6506.
This rectification plan has the following two characteristics:
1. Small network changes and low investment. Add a device to make the whole network certifiable and manageable (the original access layer can still not support 802.1x authentication)
2. Good scalability, S6506 has 6 expansion slots, which can adapt to the subsequent expansion of the network. CAMS adopts module design, which can add new performance and modules according to user needs.
In summary, the development of the network has its own laws, and its transformation must not only take into account the investment in the original network equipment, but also need to be forward-looking. The reconstruction of the dormitory area of â€‹â€‹Beijing Normal University provides us with a good example. With minimal investment and changes, the network is not only manageable, but also has a self-blood-making mechanism. This is also the current network reform method.
Recurve Bow Bow
Weihai sanding Sports Equipments Co.,Ltd , https://www.sandingarchery.com