Switch Configuration

users need to configure the service vlans and ip gateways required for the switch in the switch configuration section, and configure the dhcp server or specify the ip address of the dhcp server multiple business vlans can be added as needed to handle different business requirements switch configuration switch configuration small/mid scale campus small/mid scale campus for small/mid scale campus, business gateways are distributed and deployed on leaf switches at each access layer users only need to create wired business configurations on the leaf \[dhcp relay] configure the dhcp server ip address when the dhcp server does not support recognizing the option82 field, the option82 option needs to be disabled note since the dhcp server is not directly connected to the business devices on the leaf, a dhcp relay needs to be configured when using spine devices as dhcp servers, the loopback0 addresses of the two spine devices need to be filled in here \[vlan] create service vlans note that in addition to basic service vlans, a management vlan for user aps to connect to the controller must also be created \[ip] configure an address as the gateway for the service vlan \[access/trunk] select the mode according to whether the interface transmits/receives packets with vlan tags access accepts packets without vlan tag, typically configured for the ap management vlan trunk accepts packets with vlan tag, typically configured for service vlans \[member interfaces] click the drop down arrow to select the member interfaces of the vlan dai/ipsg(optional) the controller enables the dhcp snooping function by default to effectively prevent dhcp server impersonation attacks, ensuring dhcp clients obtain ip addresses from legitimate dhcp servers administrators do not need to manage trusted/untrusted interfaces on different devices the controller automatically generates configurations based on topology information administrators can enable arp inspection (dai) and ip source guard (ipsg) based on network security requirements these functions validate host legitimacy using global dhcp snooping entries to prevent malicious hosts from forging legitimate identities or attacking the network via self assigned ip addresses, thus avoiding potential ip conflicts mac scan (optional) in ethernet, mac address table entries guide devices to perform layer 2 data forwarding after enabling this function, arp request packets corresponding to the ip address in the request table can be sent based on the snooping and user bind table entries, which are commonly used for dumb terminals and server deployment proactively update device mac and arp table entries large/mid scale campus large/mid scale campus for large/mid scale campus networks, they are divided into default access areas and server areas, and business configurations for each of the two areas need to be created separately business network switch group wired service configuration business network switch group wired service configuration default configuration type selection, the rest is the same as \[small/mid scale network deployment] , please refer to the previous section to complete the configuration server network switch group wired service configuration server network switch group wired service configuration 1 server area leaf 1 server area leaf the leaf switch of mc lag network needs to be configured with link aggregation port and business vlan select \[configuration type] as server area select \[device] as the leaf mc lag pair that needs to be configured select \[device role] as leaf follow the prompts on the page to fill in the required business configuration link aggregation lag link aggregation id, users can create ids within the range of 1501 2000 as needed mode static/lacp, choose whether the link aggregation mode is static or lacp dynamic negotiation member select the member interface connected to this business server services vlan vlan users can fill in vlan ids ranging from 2 to 4050 as needed access/trunk the access interface is used to connect terminal devices and belongs to a vlan; the trunk interface is used to connect network devices and allows traffic from multiple vlans to pass through member member interfaces can only select lag ports that have been configured in link aggregation 2 server area spine 2 server area spine the business gateway of mc lag network is deployed on spine devices, and when selecting devices, devices of spine type also need to be added create a business gateway for the business vlan corresponding to the leaf switch in the server area if the spine downstream device needs to obtain an ip address from the spine upstream dhcp server, a dhcp relay needs to be configured services vlan vlan the business vlan corresponding to the leaf switch in the server area ip fill in the gateway ip address of the business vlan access/trunk the access interface is used to connect terminal devices and belongs to a vlan; the trunk interface is used to connect network devices and allows traffic from multiple vlans to pass through broadcast domain select the mac address of the leaf switch corresponding to the vlan traditional l2 network traditional l2 network unlike full l3 networks, the service network in traditional l2 networks is deployed on spine devices therefore, when selecting devices, spine type devices must also be added spine spine if the dhcp server is external, dhcp relay needs to be enabled on the spine device so that the broadcast dhcp requests from the ap and the terminal can be converted into unicycle messages through dhcp relay and sent to the dhcp server create service vlan leaf leaf the leaf switch is purely configured for layer 2 on this interface, only the vlan id and member interfaces need to be specified, and all other configurations are generated by the controller open cloud connect open cloud connect the open cloud connect scenario opens up the classic layer 2 and layer 3 functions of a single machine, and the gateway can be deployed on the aggregation or access device gateway deployed on aggregation devices gateway deployed on aggregation devices when the gateway is deployed on aggregation devices, the leaf switches are configured as pure layer 2 devices on this view, service vlan ids and member interfaces need to be specified, while the remaining configurations are generated by the controller select the downstream and upstream port of the switch for the member interface of the services vlan gateway deployed on access devices gateway deployed on access devices if the gateway is deployed on access devices, you need to enable 【create vlanif】 when creating the service vlan and fill in the 【ip】 as the gateway address for this service note when the gateway is deployed on the access device, if you want the downstream terminal to go online by obtaining an ip address through the dhcp process, you need to configure the required dhcp address pool on the access device or configure a dhcp relay on the access device to ensure that the request messages sent by the terminal can reach the designated dhcp server 1 configure dhcp server 1 configure dhcp server the open cloud connect scenario supports users in configuring a dhcp server on access devices click the \[+] on the right side of \[ip management] to create a dhcp server select the ip management method as \[dhcp server] , choose vlan and click \[next] configure the network, address pool range, gateway address, and lease time configure dhcp option(optional) if clients connected under the ap need to access the controller, the controller address must be added in the dhcp option page when configuring the ap address pool configure mac bind ip (optional) once all configurations are complete, click \[save] in the upper right corner 2 configure dhcp relay 2 configure dhcp relay click the \[+] on the right side of \[ip management] to configure the dhcp relay select \[ip management] method as \[dhcp relay] , and choose the service vlan that requires relay configuration click \[next] , enter the dhcp server ip, and then click \[save] in the top right corner to complete the configuration optional functions optional functions poe poe if the access switch features poe functionality, which can be directly enabled in the wired service configuration to supply power to pd devices click \[create] select the interface where the poe function is to be enabled and set the startup delay time poe delay this refers to a brief, intentional time delay introduced at a poe switch port between when it begins to supply power and when it actually delivers power to the powered device (pd) wired clients information collection wired clients information collection interfaces with this feature enabled will report information about the connected wired terminals to the controller if this option is not selected, the wired terminal cannot be viewed on the controller page it is recommended to enable this option at the interface where the wired terminal is connected on the switch network security configuration network security configuration administrators can further enhance network security by configuring device management acls and service acls to set blacklists/whitelists for user internet traffic user authentication configuration user authentication configuration in enterprise networks or public places with high security requirements, enable 802 1x based user authentication this ensures only authenticated users and devices can access network resources, enhancing security through the graphical interface, administrators can define and apply authentication policies, including specifying ports for 802 1x authentication and setting different authentication rules dhcp dhcp the controller supports users to configure dhcp server functionality on spine devices after entering the venue, click on \[configuration] \[wired service configuration] \[dhcp] to enter the dhcp server configuration interface, and click on the \[+] button on the page to create a new configuration follow the prompts on the page to configure address pool details fields marked with are mandatory click on \[dhcp option] and fill in the relevant information (optional, if you need to obtain the address of the device connected to the controller, you need to fill in \[controller ip] ) other functions can be expanded as needed by users next server configure the ip address of the network server to be used in the next step during the dhcp client startup process the dhcp server, while allocating ip addresses to dhcp clients, can also assign ip addresses of servers that provide network services to dhcp clients for instance, some clients similar to ip telephony, after automatically obtaining an ip address, still need to connect to a designated server to install software in order to function properly execute this command to configure the server address that the client will use next after automatically obtaining the ip address after the client automatically acquires the ip address, it will request configuration information from the specified server vendor specific (option 43) hexadecimal number used to transmit vendor specific information to client devices of a particular vendor if a third party ap does not support or cannot recognize option 138, the ip address of the controller can be specified for it by configuring option 43 of the dhcp server server identifier (option 54) notify the client of the address of the dhcp server when there are multiple dhcp servers in the network, the client may receive multiple offers the client clearly informs all servers of which one it has chosen by copying option 54 from one of the offers into the request it sent the selected server will conduct the final confirmation, while the other servers will reclaim the ip addresses they have provided when troubleshooting dhcp issues, packet capture and checking the option 54 field is the most direct way to confirm which server the client is actually communicating with and whether the server address is correct tftp server (option 66) configure the tftp server address used by dhcp clients after the device starts up, it may need to obtain the configuration file from the tftp server this configuration enables the dhcp client to obtain the ip address of the tftp server while acquiring the ip address, so that the client can access the server after startup and obtain the necessary information bootfile name (option 67) configure the startup configuration file name for dhcp clients in addition to assigning ip addresses to clients, dhcp servers can also provide network configuration parameters required by clients, such as startup configuration files, etc after configuring this command, the offer and ack messages sent by the dhcp server to the client will carry this file name then the dhcp client retrieves the startup configuration file from the specified file server based on the file name controller ip： dhcp options specifically designed for wireless ap discovery controllers, fill in the controller ip address the controller supports configuring mac binding ip function, which users can fill in as needed after completing the configuration, click save