Feature Planning
After the S12708 agile switches are deployed on the campus network, the following agile features can be applied to solve the service deployment problems described in Networking Requirements, and to enable the network to fast and flexibly adapt to service requirements.
Wired and wireless convergence: Wired and wireless networks are uniformly managed and maintained.
Agile switches at the core layer provide native capabilities on their line cards, so no independent AC devices or AC cards (such as ACU2) are required. Administrators do not need to configure and deploy user access services on the wired and wireless networks respectively and can manage wired and wireless networks simply as managing one device. The high switching capability and scalability of agile switches eliminate bottlenecks in centralized traffic forwarding when independent ACs or AC cards are used.
Free mobility: Service control policies can be migrated with users, delivering consistent experience for users.
For example, in Networking Requirements, teacher Lee connects to the campus network from the office area, teaching area, library, and residential community every day. He may be granted different access rights on a traditional network. For example, he can access the essay database only in the office area, teaching area, and library, but not in public areas in the campus.
The free mobility solution enables users to have the same network access rights at different locations. Network access policies are configured centrally on the Agile Controller and delivered to all associated access devices. In this way, users can obtain the same network access policies and enjoy consistent network access experience at any locations and using any IP addresses.
Table 1 lists the access policies that are configured on the Agile Controller and delivered to three user groups: guest, student, and teacher.
Table 1 Free mobility policy configuration User (Source Security Group) Resource (Destination Security Group) Access Control Policy Guest Public resources (IP address: 10.10.1.1/32) Permit Education management system (IP address: 10.10.2.1/32) Forbid Fire Transfer Protocol (FTP) resources (IP address: 10.10.3.1/32) Forbid Student Public resources (IP address: 10.10.1.1/32) Permit Education management system (IP address: 10.10.2.1/32) Forbid Fire Transfer Protocol (FTP) resources (IP address: 10.10.3.1/32) Permit Teacher Public resources (IP address: 10.10.1.1/32) Permit Education management system (IP address: 10.10.2.1/32) Permit Fire Transfer Protocol (FTP) resources (IP address: 10.10.3.1/32) Permit After the preceding policies are configured, users have the same network access rights and network experience after passing authentication.
Super Virtual Fabric (SVF): Agile switches deliver configurations to devices at the aggregation and access layers.
The SVF solution virtualizes core, aggregation, and access switches on a network into one switch. The core switch manages the aggregation and access switches, and uses configuration templates to complete batch configuration of aggregation and access switches. In this way, administrators do not need to configure switches one by one.
Table 2 describes the roles in an SVF system. The agile switch functions as a parent to manage all access switches (ASs) and APs. In the SVF system, wired and wireless users are all managed on the parent.
Table 2 SVF deployment Role Device Parent Two S12708 switches in a CSS Client Level-1 AS Switches directly connected to the parent, providing wired connections to access switches or terminals Level-2 AS Switches directly connected to level-1 ASs, providing wired connections to terminals Wireless access device APs on a WLAN, providing wireless connections to terminals
If APs are deployed in an SVF system, the parent functions as a wireless access controller (AC) to control and manage all APs.
Services on ASs are configured on the parent, and the key states of ASs and APs are maintained on the parent. Administrators can complete service configurations for aggregation and access switches by simply connecting unconfigured aggregation and access switches to the parent. The aggregation and access layers realize zero-touch configuration, automatic upgrade, and plug-and-play deployment, simplifying network configuration, management, and maintenance.
An SVF system supports at most two levels of ASs and one level of APs. When eSight is deployed to manage the SVF system, SVF can better simplify device management.
Packet Conservation Algorithm for Internet (iPCA): iPCA allows an agile network to be aware of the service quality and to locate network failures.
An agile switch with iPCA configured can monitor packet loss in real time. Table 3 lists packet loss measurement modes. If a link fails, an iPCA-capable switch can quickly detect the fault and sends an alarm to administrators immediately. iPCA allows the network to be aware of the service quality, reducing impact of network failures. eSight can display packet loss measurement results on a GUI, so administrators can easily monitor the network quality.
Table 3 iPCA deployment Packet Loss Measurement Mode Deployment Scenario Network-level packet loss measurement Monitor packet loss on the links between the main campus and branch campuses. iPCA needs to be configured on local and remote core switches. Device-level packet loss measurement Monitor packet loss on core switches. iPCA only needs to be configured on local core switches.
Table 4 lists the minimum versions supporting agile features and precautions for configuring these features.
| Agile Feature | Minimum Version | Precaution |
|---|---|---|
| SVF | V200R007 (V200R007C20 is not included) | A license is required to enable the SVF function on a parent. When enabling the SVF function, ensure that the current and next startup network admission control (NAC) configuration modes are the unified mode. |
| Free mobility | V200R006 | The Agile Controller needs to be deployed to enable the free mobility function. Free mobility is supported only in the unified NAC mode. |
| iPCA | V200R006 | If modular switches are used, X series cards need to be installed. |
| Wired and wireless convergence | V200R005 (V200R007C20 is not included) | If modular switches are used, X series cards need to be installed. For details about the applicable AP models and versions, see the product documents. |
This case uses S series switches in V200R009C00 as an example. The configuration may slightly vary depending on the product and version. Refer to the configuration manual accordingly.