HCPP-01 CloudCampus Solution-2022.01

HCPP-IP Network
Huawei CloudCampus Solution

Page 0 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Foreword
• In today's digital transformation era, the availability and flexibility of enterprise IT networks
directly determine office and production efficiencies, and even impact the success or failure
of business decision-making and execution.
• Huawei CloudCampus Solution is designed especially for enterprises of all sizes to build ultra-
broadband, intelligent, simplified, secure, and open intent-driven campus networks. By
gaining real-time insights into and quickly responding to network and service needs, this
innovative solution empowers enterprises to capture new business opportunities.
• This course systematically introduces Huawei CloudCampus Solution, including the solution
architecture, key components, functions, and features. It describes the key functions and
features of the solution from multiple dimensions, such as ultra-broadband connectivity,
simplified network, multi-purpose network, intelligent policy, and intelligent O&M.

Objectives
• Upon completion of this course, you will be able to:
▫ Describe Huawei CloudCampus Solution.
▫ Describe the architecture, key components, and highlights of the CloudCampus Solution.
▫ Describe the ultra-broadband and simplified networks defined in the CloudCampus Solution.
▫ Understand VXLAN-based virtualized campus networks and their application scenarios.
▫ Distinguish common access authentication solutions for campus networks.
▫ Describe the methods of implementing intelligent policy, intelligent O&M, and intelligent
security in the CloudCampus Solution.
▫ Understand the openness and ecosystem of CloudCampus.

Contents
1. CloudCampus Overview
2. Ultra-Broadband Connectivity
3. Simplified Network
4. Multi-Purpose Network
5. Access Authentication
6. Intelligent Policy
7. Intelligent O&M
8. Intelligent Security

One-Stop Autonomous Driving Solution for
Campus Networks
Rapid network provisioning, improving deployment efficiency
Analyze
One-stop management
platform
• Device Plug-and-Play
Manage Control
• Simplified Network deployment

Design Deploy Policy
Fast service provisioning, improving user experience
NETCONF/YANG
• Free mobility
Medium- and large- Small- and medium-
sized campuses sized campuses
Campus network
interconnection • Intelligent terminal identification
OA VN
WAN/ • Intelligent HQoS
Internet
R&D VN
Quick intelligent O&M, improving network performance
• Real-time experience visualization

Security Security Security
OA VN group 1 group 2 group 3 • Access policy
• Precise fault analysis
• Bandwidth
Security Security • Priority
R&D VN • Intelligent network optimization
group 4 group 5

Intent-Driven Campus Network in the Wi-Fi 6
Era
Numerous industries are undergoing digital transformation
Customer flow e-Schoolbag Health Smart Government/Enterprise Education Retail Manufacturing Wireless City
analysis management OA OA
Open industry application development platform

SDK | API
Management & control iMaster NCE-Campus: one-stop O&M platform for management, control, and analysis
layer
Automatic network construction Intelligent O&M
Manage + Control + Enabling Wi-Fi 6 services Ensuring Wi-Fi 6 experience
Analyze
NETCONF/YANG Telemetry
Network layer
Wi-Fi 6 ready wired network
10GE access, delivering the speed of Wi-Fi 6
• Multi-GE switch + high-density 25GE fixed switch + 100G core, building Wi-Fi 6 ultra-broadband
channels
• Default converged management for wired and wireless users: up to 10K APs and 50K concurrent
users,One
supporting concurrent access of massive numbers of users in the Wi-Fi 6 era
hybrid cable
CloudEngine S series campus switches • Wireless campus with tens of thousands of users: 100G core switch CloudEngine 12700E with 57.6
Tbit/s throughput, which is able to manage 50,000 wireless users
AirEngine Wi-Fi 6 AirEngine Wi-Fi 6: all-wireless

Ultra-fast Stable coverage Stable application Stable roaming
Dual bands, 16 Smart antenna DynamicTurbo Lossless
antennas Signals move with users, Application Roaming
10.75 Gbit/s, twice improving the coverage acceleration, 0 packet loss
industry average radius by 20% < 10 ms latency during roaming

All-Scenario: Full Coverage from Single Campuses to Multi-
Branch Interconnection Campuses
Simple-service campus Multi-service campus Multi-branch

interconnection campus
VN 1
Internet VN 2
Internet
VN 3
MPLS
Store Primary/Secondary Hotel Large enterprise Higher education and large enterprises
education
Simple-Service Campus Multi-Service Campus Multi-Branch Interconnection Campus

Small scale, simple services Multiple branch sites, which need to
Network Large scale, complex services,
Large numbers of sites, with similar communicate with each other through hybrid
characteristics coexistence of multiple services
models WAN links
Multi-branch and small-sized enterprise Higher education institutions,
Typical Large enterprises, financial services outlets,
campuses, such as hotels and governments, large enterprise
scenarios etc.
primary/secondary schools campuses, etc.

Full Lifecycle: One-Stop Management Center for
Simplified Management
One-stop management center
Site design Network topology design Network resource

Design Template-based
planning
configuration
Day 0
Wireless environment Coverage area AP location Wireless signal WLAN
Planning settings settings design simulation planning report
Underlay Multi-branch
Full lifecycle
Small-sized campus Large- and medium-sized campus

deployment interconnection
Day 1
Overlay VNs in a campus Cross-campus VNs
deployment
Network access Free mobility SD-WAN policy

Day 2 Policy control
User group-based permission, Intelligent traffic steering,
bandwidth, QoS application scheduling
Converged LAN&WAN
Day N O&M monitoring
360-degree Intelligent O&M One-stop PMI
health management

Full Convergence: One Controller Manages both LAN
and WAN Services
Huawei CloudCampus Solution integrates the configuration and management models of LAN and WAN services on the campus network. In addition to
configuring and managing LAN services for campus networks, this solution can also manage WAN interconnection services, implementing integrated
management of LAN and WAN services.
RR
Control
WAN-side GUI
IPsec VPN EVPN plane
LAN-side (large or
small- and Centralized management Forwarding
medium-sized plane
campus)
One set of controller manages only LAN or GUI, flexible networking, device plug-and-play Central management of the control plane
manages both LAN and WAN services implements flexibly control while improving
scalability
Easy deployment Simplified configuration Forwarding-control separation
MPLS Internet
WAN-side Real-time Topology Various Intelligent WAN-side

monitoring visualization reports analysis LAN-side
LAN-side
Wired Wireless
Visualized network service data for monitoring and Services provided by the carrier can be extended from WAN to LAN and even
analyzing entire network status value-added services
Simplified O&M Value extension

Multiple Modes: Three Deployment Modes of
CloudCampus
CloudCampus
On-Premises Huawei Public Cloud MSP-owned Cloud
Huawei-operated: Customers do not MSP-operated: MSPs purchase software, such

Customers purchase and own software entities,
need to purchase the controller or as the controller and analyzer, for operational
Scenario such as the controller and analyzer, which can
analyzer software. Instead, customers just purposes. The software can be deployed in
definition be deployed in their data centers or on the
purchase Huawei’s cloud managed their data centers or on the public cloud IaaS
public cloud IaaS platform.
network service. platform.
Customers in industries such as government, Customers in industries such as

Target customers education, large enterprise, retail, and financial government, education, large enterprise, MSP, carrier
services retail, and financial services
Operations entity Customer Huawei MSP, carrier
Software
Perpetual license + SnS SaaS mode TBL subscription mode
transaction mode

Solution Component 1: CloudCampus Hardware
Products
S12700E-12 CloudEngine S12700E: new core switches for campus networks in the Wi-Fi 6 era
S12700E-8
CloudEngine CloudEngine S6730-H: full-featured 10GE routing switches
switches S12700E-4
S7700 CloudEngine S5732-H: enhanced GE/multi-GE/optical-electrical hybrid switches
S5730-H/S S6730-H/S
S5735-/L
CloudEngine S5735-L: compact gigabit access switches
AirEngine 8760-X1-PRO: Wi-Fi 6 indoor flagship AP

AirEngine
Wi-Fi 6 APs AirEngine 6760-X1/X1E: Wi-Fi 6 indoor high-end APs
AirEngine 8760R-X1/X1E: Wi-Fi 6 outdoor APs
8760-X1-PRO 6760-X1/X1E 5760-51 5760-12W 6760R-51/51E 8760R-X1/X1E AirEngine 5760-12W: Wi-Fi 6 wall plate APs
USG6700E
USG6600E AR6300
USG6500E AR6200
AR610 AR650 AR6100
HiSecEngine AI firewalls NetEngine AR routers

Solution Component 2: iMaster NCE-Campus
Application service layer

• SDN-based automatic service
Health Asset Intelligent
MDM e-Schoolbag
management management
…
OAM Automated + configuration/deployment
Intelligent • AI-powered intelligent
analysis/prediction/troubleshooting
Management/Contro
l/Analysis layer
• Unified data base
Converged
Manage +
• Centralized
Control + Analyze detection/locating/processing
SecoManager
• Full lifecycle management

Infrastructure layer
Plan + Construct +
• Simulation/Verification/Monitorin
Maintain + Optimize g/Optimization
iMaster NCE-Campus, an autonomous driving campus network management and control system

Solution Component 3: iMaster NCE-CampusInsight
As-Is: device-centric network management To-Be: AI-powered intelligent O&M centered on user experience
• Visualized experience
• Topology mgmt. management
• Client journey playback
• Performance mgmt.
Traditional NMS • Alarm mgmt.
• Potential fault
identification
• Configuration • Root cause identification
mgmt. • Predictive network
SNMP Telemetry optimization
Minute-level network Second-level

data collection network data
collection
• Device-centric, lacking insights into user experience Visualized experience: Telemetry-based second-level data collection, visualizing
• Passive response, unable to identify potential faults experience of any user in any application at any moment
• Onsite fault locating relies on experienced engineers Minute-level proactive identification and root cause locating for potential faults
• Identifies potential faults based on dynamic baselines and big data correlation analysis.
• Accurately locates root causes using KPI correlation analysis and protocol trace.
Predictive network optimization: AI is used to intelligently analyze the load trend of APs
so as to complete predictive optimization of wireless networks.
In addition to using algorithms to improve efficiency, intelligent O&M leverages scenario-based continuous learning and accumulated
expert experience to free O&M personnel from complex alarms and noises, making O&M more automated and intelligent.

Simplified Full-Lifecycle Management for the Entire Network
Based on the One-Stop Management Center
Planning (Day 0) Construction (Day 1-2) Operations (Day N) Maintenance (Day N) Optimization (Day N)
Wireless network
Hardware installation Role definition Network monitoring Network optimization
planning
WLAN Planner Manual installation
Regular maintenance –
License management
Physical network for device
Wired network planning
deployment
Manual planning System maintenance –

for controller
Virtual network
Site design
deployment
User experience
visibility
Network resource Service policy

planning provisioning Exception identification
Fault demarcation
The contents highlighted in blue are the network lifecycle management service provided by iMaster
NCE.

Plan Construct Maintain Optimize
Day 0: Cloud-based WLAN Planner Shortens the Planning

Time and Ensures Coverage Based on the Built-In
Experience Base
1 Obtain the floor plan.
2 Log in to Huawei online WLAN Planner.

https://serviceturbo-cloud-
cn.huawei.com/serviceturbocloud/dist/#/toolappmarket
1. Environment setting
3
2. Region setting
With Huawei Cloud-based
WLAN Planner, users can
3. Device deployment complete WLAN planning in • Use the network planning
five steps. 4 report to provide guidance for
4. Signal simulation onsite construction.
• The network planning result
5. Report export can be imported into iMaster
NCE.

Day 0: 3D Network Planning, Visualizing the Planning Effect

and Roaming Simulation
3D signal simulation, presenting an intuitive view of the coverage effect

Day 0: 3D Network Planning, Making It Possible to

Determine the Roaming Effect in Advance Through
Roaming Simulation
1. Preset roaming
path
Strongest AP AP-25 CH: 6/36

Field strength 2.4G: -49.7dBm 5G: -47.5dBm
Application-layer rate 2.4G: 138 Mbit/s 5G: 135 Mbit/s
2. Display the AP to which

the terminal is connected,
Walking route the access rate, and radio
signal information.

Day 1: Device Plug-and-Play (1/4)

Through CloudCampus APP (barcode scanning) Through registration center
1 Record device information.

4
Tenant: Tenant X Synchronize device

Site: Site Y information.
Huawei
Device: AP (ESN...) 2 registration
1.1.1.1:8080
center
3
Register and
Internet Report AP
get 3 information. Tenant: Tenant X
Register and
managed. 5 6 Internet iMaster NCE: 1.1.1.1:8080
get managed.
Device: AP (ESN...)
Scan barcode 1
Switch to the cloud Automatically initiate a
mode and initiate a query request to Huawei
2
registration request 5 registration center to
4
The APP obtains the ESN to iMaster NCE. obtain the IP address and
and MAC address of the port number of iMaster
Site network Site network NCE.
AP.
Devices supported: AP Devices supported: AR, firewall, switch, AP


Through web system Through CLI
Register and Internet Register and Internet

get managed. get managed.
2 2
WEB CLI
1 1
In the web system, configure Internet On the CLI, configure Internet access
access parameters, cloud management parameters, cloud management
mode, and IP address/URL and port mode, and IP address/URL and port
Site network number of iMaster NCE. Site network number of iMaster NCE.
Devices supported: AR, firewall, switch, AP Devices supported: AR, firewall, switch, AP


Through DHCP Option 148
Internet
1 AR
• The network administrator has deployed the

DHCP response 4 Switch to the cloud mode and
DHCP service on the network in advance (by
deploying the DHCP service on the egress 3 carrying Option initiate a registration request
DHCP request 2
device or deploying an independent DHCP 148 to iMaster NCE.
server.)
• In addition to delivering IP addresses to the
devices to be deployed, the DHCP server uses Switch to be
DHCP Option 148 to notify the devices of the deployed Site network
iMaster NCE IP address and port number.
Devices supported: AR, switch, AP


Email-based deployment
1. The network administrator configures ZTP and selects the email-based
1 deployment mode on iMaster NCE.
Network
administrator
2. iMaster NCE packs the deployment configuration into a series of character
2 strings and sends them to the email address specified by the administrator.
5
Internet
3. The site deployment personnel log in to the email box on a PC at the site
Email server
and receive the deployment email.
4. During site deployment, the site deployment personnel connect the PC to

Site network
the CPE in wired or wireless mode and click the hyperlink in the email
AR
body. The PC then automatically logs in to the CPE, parses the parameters
in the hyperlink to obtain the deployment configuration of the CPE, and
Site deployment
personnel 4 writes the configuration into the CPE.
3
5. The CPE connects to the WAN and automatically sends a registration
3
request to iMaster NCE. Note: The CPE refers to the AR router in the figure.
Devices supported: AR

Day 1: Automatic Underlay Deployment on Medium- and

Large-Sized Campus Networks
Implement automatic underlay deployment using the GUI and
NETCONF/YANG
Device
information • Input device and topology information using an Excel file.
input
R&D VN
• Network resource pool planning: IP address, VLAN
Resource
• Pre-configuration based on the configuration template and
configuration
feature template
OA VN
IoT VN
Device • Install devices, connect cables, and power on the devices.
installation • Manually register egress/core devices with iMaster NCE.
Overlay
Automatic • Aggregation devices, access devices, and APs automatic go

configuration online, and iMaster NCE verifies the topology (advantage).
delivery • The devices automatically obtain configuration data.
IGP (OSPF) Automatic

route • Create a fabric and enable automatic route orchestration.
orchestration
Interconnection VLAN
Underlay Interconnection IP address Device fault • Replace faulty devices by scanning barcodes using the APP,
without requiring any manual configuration (advantage).
Note: Configuration can be performed before or after installation.

Day 1: Automatic Overlay Deployment on Medium- and

Large-Sized Campus Networks
Scenario
Higher education, government campus, commercial building, and other
scenarios where isolated virtual networks need to be provided for multiple
services or tenants to achieve "one network for multiple purposes" and
R&D VN improve network resource utilization.
Requirements
1. A physical network is divided into multiple virtual networks that are
OA VN isolated from each other.
IoT VN 2. Virtual networks are automatically deployed.
Overlay
Huawei Solution and Customer Benefits
Multi-
• VXLAN-based multi-purpose network
purpose
network
• Automatic tunnel establishment through BGP-EVPN
Automation
• NETCONF/YANG
• iMaster NCE GUI
Underlay • Policy association at the aggregation and access layers

Smooth
(access switches do not need to support VXLAN)
evolutio
n
• iMaster NCE supports automatic deployment of VLAN
networks.

Day 2: SDN-Based Fine-Grained Policy Control and Automatic

Deployment, Enabling Free Mobility
Security group-based communication matrix

Scenario
Sales R&D Marketing
Enterprises, higher education institutions, governments, and other scenarios
Sales √ × √
where refined management of network policies is required
R&D × √ √
Marketing √ √ √ Requirements
1. Fine-grained policy control, allowing users to move across the entire network
with consistent policies and service experience
2. Flexible and simplified policy deployment, lowering OPEX
Office Office
building 1 building 2 Huawei solution and customer benefits
Security
group- • User- and application-based policy/experience, including
based permissions, bandwidth, and QoS
SDN • Centralized policy control based on the SDN controller

Move • Service intent-oriented
Policy migration, consistent experience

Natural • GUI
User A User A language
• Natural language-based configuration
Security group (R&D) Security group (R&D)

Day 2: LAN-WAN Convergence Simplifies

Management
LAN management SD-WAN
Access Route Intelligent traffic
Integrated GUI, improving deployment
Site configuration
authentication management steering
and O&M efficiency
Resource
Campus VXLAN Free mobility WAN VPN
management
Integrated deployment, integrated policy,
Site management
integrated O&M
Diverse SD-WAN policies, improving

application experience
MPLS One-stop management Internet
Application identification, application-based
intelligent traffic steering, application-specific
CPE1 CPE2 CPE3 fine-grained QoS scheduling
One platform, reducing user

investment
HQ campus Branch 1 Branch 2
Multi-service campus Simple-service campus Simple-service campus iMaster NCE can be deployed in a single-node
system or a cluster.
Day 2: SD-WAN Featuring Refined Application

Control
MPLS
CPE CPE
Site 1 Site 2
Video Internet
HTTP
Application identification Intelligent traffic steering Multi-level hierarchical QoS scheduling
Identification of 6,000+ well-known and • Application- and traffic classifier-based • Application- and VPN-based multi-level
user-defined applications • IP FPM in-line service quality detection queues
• Bandwidth allocation for different VPNs

iMaster NCE-Based Network-Wide Monitoring
Health status Alarms

• Site health overview • Current alarms, historical alarms, masked
• Inter-site monitoring (overlay topology alarms
and interconnection status) • Alarm notification mode setting
• 360-degree terminal, application, and (notification by mail)
device monitoring • ...
• ...
Reports Event logs

• Statistical analysis (including terminal • Terminal authentication events
behavior analysis) • Key device events
• Agile report • Device connection and disconnection
• ... logs

iMaster NCE-Based Simplified O&M
Configuration maintenance Device maintenance
• View device configuration result • Monitor device assets (subracks, boards,
• Save device configuration subcards, etc.)
• Upgrade devices
Diagnostic tools
• Activate device license
• Ping, trace, obtain packet header, trace
• Backup up and restore device configuration file
packet path, collect diagnosis
• ...
information, detect application quality ...

iMaster NCE-CampusInsight: Improving User and

Service Experience Based on Prediction and AI
Intelligent network
Real-time experience visibility Minute-level fault locating
optimization
1. Per-area: intuitively displays the network 1. Proactive issue identification: proactively 1. Real-time simulation feedback:
status and user experience on the entire identifies 85% of potential network issues evaluates channel conflicts on wireless
network or in each area through the using the AI algorithms that are networks in real time and provides
seven-dimensional evaluation system. continuously trained via Huawei's optimization suggestions based on
2. Per-user: displays network experience 200,000+ terminals. neighbor and radio information about
(who connects to which AP at what time, 2. Minute-level fault locating: uses the fault devices on each floor.
experience, and issue) of each user in real inference engine to locate issues within 2. Predictive optimization: identifies edge
time throughout the journey, making minutes, identify root causes of the issues, APs and predicts the load trend of APs
faults easier to be traced. and provide effective fault rectification based on historical data analysis,
3. Per-application: perceives experience of suggestions. performs predictive optimization on
voice and video applications in real time, 3. Intelligent fault prediction: uses AI to wireless networks, and compares the
demarcates faulty devices quickly and learn historical data and dynamically gains before and after the optimization.
intelligently, and analyzes the root cause generate a baseline, and compares and This practice improves the network-wide
of poor quality. analyzes real-time data against the performance by 50%+ (Tolly certification).
baseline to predict possible faults.

CloudCampus APP: Simplifying E2E Planning,

Deployment, and O&M
Mobile APP that covers full lifecycle
management for campus networks
Connects to the Cloud-based WLAN Planner to record photos

Site survey
and texts based on drawings.
Network Connects to the Cloud-based WLAN Planner to display network

planning planning results, heatmaps, and AP attributes anytime anywhere.
Deployment Deployment by scanning barcode
One-click test, single service test, project test

Acceptance Deployment position acceptance based on the cloud-based
network planning project
Mobile O&M, device and application monitoring

O&M AP access through Bluetooth/management VAP, AP offline
diagnosis

AI-Powered Smart Radio Calibration
Scenario 1: manual calibration Scenario 2: automatic calibration
• Challenge 1: The result of manual planning is • Challenge 1: Load balancing-based

not optimal. calibration, without considering AP load
• Challenge 2: Network environment and • Challenge 2: Only the current status can be
interference changes cannot be detected in real detected, but historical load and interference
time. cannot.
• Air interface environment is complex

Real-time simulation feedback Predictive calibration
and changeable.
Displays real-time feedback based Leverages big data and AI to
• Signal interference and channel conflicts
on environmental changes, and provide calibration capability
frequently occur.
provides prediction and simulation based on service weights.
• Traditional radio calibration cannot
tools to drive network optimization.
effectively improve wireless experience.

Quiz
1. Which Deployment Modes that CloudCampus Support
A. On-Premises
B. Huawei Public Cloud
C. MSP-owned Cloud
D. Virtual Machine
2. What components does CloudCampus include?

A. AirEngine, CloudEngine
B. HiSecEngine, NetEngine
C. iMaster NCE-Campus
D. iMaster NCE-CampusInsight

Quiz
1. AP support device Plug-and-Play can be through
A. CloudCampus APP
B. Registration center
C. Web system
D. CLI
E. DHCP
F. Email

Contents
7. Intelligent O&M

E2E Bandwidth Upgrade, Meeting the Needs of Digital
Terminals and Service Growth
Scenario requirements
Core layer • Scenario: enterprise office and campus with increasing

bandwidth requirements
40GE 100GE • Requirements
• Reuses existing cabling and improves end-to-end
Aggregation bandwidth
layer
• Raises AP deployment density, and increases the PoE
10GE 40GE
transmission distance without sacrificing the AP uplink
Access layer
bandwidth
(switch)
Solution
GE, 100m PoE Multi-GE, 300m PoE
• Multi-GE → 25/40GE → 100GE: meets future evolution requirements
Access layer • Hybrid cable: a cable integrating long-distance transmission

(AP) capability of optical fibers and power supply capability of copper
802.11n/11ac 802.11ax cables
• 300 m long-distance power supply: 300 m PoE++ power supply

CloudEngine S12700E: New Campus Network Switching
Core with Superior Performance
Full
Wired and wireless
Massive throughput programmability
convergence
Service agility
Scenario Typical Application
Functioning as the core switch, CloudEngine

Medium- and S12700E integrates the WAC function to improve
large-sized the wireless traffic forwarding capability. It also
CloudEngine CloudEngine CloudEngine campus networks integrates wired and wireless policy control to
S12700E-4 S12700E-12 S12700E-8 reduce configuration and failure points.
Functioning as the border node of a VXLAN-

based virtual campus network, CloudEngine
Campus
S12700E works with the controller to implement
MPUE GE electrical interface cards - X5E/X5S virtualization
multi-purpose campus network, thus improving
network resource utilization.
CloudEngine S12700E enables 100G

SFUE GE optical interface cards - X6E/X6S interconnection between campus and data center
High-bandwidth
networks, 100G interconnection between campus
campus
and WAN networks, and 100G interconnection
interconnection
within a campus network, meeting the
requirements of fast-growing services.
100G X6E/100G X6S 10GE X6E/X6S

AirEngine 8760-X1-PRO: Huawei 5G-Powered Wi-Fi 6 AP
16 spatial streams + flexible 2 x 10GE uplink ports
choices of radio modes
16 spatial streams
Ultra-high capacity
10.75 10GE 10GE
Gbps Optical port: 1 x 10GE SFP+
Multiple radio modes: 4+8+independent Dual PoE power supplies, Electrical port: 2 x 10GE
scanning radio/4+12/4+8+4 improving AP reliability Hybrid cable
Independent probe Mini air duct + liquid cooling
4 degrees
AirEngine 8760-X1-
PRO Big data-based radio
Independent hardware +
dual-band scanning Mini air duct system for Liquid cooling
calibration with excellence in heat dissipation
Real-time network
CampusInsight
optimization
Parameter Name Specifications Parameter Name Specifications

Port 2 x 10GE electrical ports + 1 x 10GE SFP+ Antenna Built-in smart antenna
DC: 42.5 V to 57 V
Bluetooth BLE5.0 Power supply
PoE++, dual power supplies in backup mode
AP speed 1.15 Gbps (2.4 GHz) + 9.6 Gbps (5GHz) USB port 1
Built-in IoT module ZigBee, RFID, asset management, electronic shelf label Security Hardware encryption: IPsec, DTLS, WPA3

Contents
7. Intelligent O&M

Native WAC Implements Wired and Wireless
Convergence
Independent WAC WAC card
• Independent service WAC card • Installed on a switch
Independent WAC
forwarding as a WAC card
• Separate device • Simply provides
management hardware-level
• Separate user convergence
policies
Separate wired and wireless authentication points, distributed policy control, separate traffic forwarding, complex troubleshooting, difficult to
manage
Wired and wireless convergence (native WAC)
Native WAC The switch integrates the WAC function to eliminate bottlenecks in wireless traffic forwarding,
reduce failure points, and manage wired and wireless traffic in a centralized manner:
• Uniformly manages and forwards wired and wireless services.
• Functions as the gateway of both wired and wireless users and manages both types of users.
• Used as the authentication point for both wired and wireless access.
• Enforces policies for both wired and wireless services.

Converged Forwarding, Converged Authentication, and
Converged Policy Enforcement
NM Area
Native Native
WAC WAC
CAPWAP
Unified forwarding: Wired and wireless traffic is centrally
processed by the core switch before being forwarded.
Unified authentication: The core switch functions as the

unified authentication point and Layer 3 gateway for both
wired and wireless users.
Unified policy execution: The core switch is the unified policy

enforcement point for wired and wireless users.

Wi-Fi & IoT Convergence Allows Unified Network
Deployment and O&M, Lowering TCO by 50%
ESL Medical Health Asset Scenarios and challenges

management IoT management management
• Scenarios: retail, healthcare, education, enterprise, and other campuses

IoT service management
where innovative digital services need to be provided based on IoT
platform
• Challenges: Wi-Fi and IoT (such as Bluetooth and RFID) networks are
deployed separately. Numerous wireless networks are deployed, resulting
in high costs and inflexible service expansion. There is also radio frequency
Internet
interference between these wireless networks, affecting service experience.
Store Huawei IoT AP

Bluetooth
• Wi-Fi & IoT converged architecture
RFID
IoT AP
• Converged site for the AP and IoT base station, reducing auxiliary
ZigBee resources (such as access and power supply management) by 50%
• Cloud-based management and plug-and-play, facilitating service
configuration
• Wi-Fi and IoT configuration association, allowing automatic Wi-Fi channel
switching in case of conflict
Wi-Fi Wi-Fi Bluetooth RFID IoT Wristband 2.4 GHz (Wi-Fi) 2.4 GHz (RFID)
terminal tag tag tag sensor Channel-6 Channel-11

CSS: 2-to-1 Horizontal Virtualization, Delivering Higher Link
Bandwidth and Simplifying Management
Traditional: route redundancy with 1:1

Huawei: device cluster with 1+1 link protection
link protection
Physical topology Logical topology Physical topology Logical topology

CSS
• Two core devices are virtualized
into one device using CSS,
reducing the number of

managed NEs by 50%.
• Aggregation devices implement
uplink aggregation using Eth-
Trunk, increasing the bandwidth
by 100%.
Blocked by STP

iStack: Many-to-One Horizontal Virtualization, Simplify
Device Configuration and Management
Physical topology Logical topology
• Virtualizes multiple devices into one

CSS device, greatly simplifying network
configuration and device management.
• Works with Eth-Trunk to provide uplink
aggregation and load balancing,

improving uplink reliability.
• Supports service port stacking, without
requiring dedicated stack ports or stack

iStack iStack
cards, making networking convenient
and flexible.
CSS/iStack can be used with Eth-Trunk to form a logical tree topology. This simplified network topology prevents Layer 2 loops and
improves network reliability.

Contents
7. Intelligent O&M

One-to-Many Virtualization Implements Multi-
Purpose Network
Internet Internet
• Multiple services carried on one
network
• Automatic physical network
deployment
• Automatic VN deployment
• Automatic service policy delivery
VXLAN VN3
VN1 VN2 Security
OA VN VC VN protection
VN
OA Videoconferencing Security OA Videoconferencing Security OA Videoconferencing Security protection

protection protection

Diversified Networking Models
Border
Transport Edge Edge
VXLAN
Edge Edge Access
• Two-layer physical network • Three-layer physical network • Three-layer physical network • Aggregation switches
• Access switches function as • Access switches function as • Aggregation switches function as function as edge nodes and
edge nodes. edge nodes. edge nodes. provide the native WAC
function.
• Aggregation switches do not • Access switches do not need to
need to support VXLAN. support VXLAN and can work with • APs are managed by
aggregation switches to aggregation switches. APs do
implement policy association. not need to support VXLAN
and can be reused.
• Legacy access switches can be
reused.

Multi-Border Network
Internet Internet DataCenter Internet Internet
Campus1
Campus2
Border1 Border2 Border1 Border2 Border1 Border2
VXLAN VXLAN
VXLAN
Edge Edge Edge Edge Edge Edge
Description: Multiple border nodes Description: Multiple border nodes Scenario description: Multiple campuses.
connect to the same egress to implement connect to different egresses, and Each campus connects to its external
egress redundancy. different services are transmitted through network through its own border.
Application: A campus network has different border nodes. Application: Multiple campus networks
multiple border nodes connected to the Application: A single campus network has belong to the same fabric, and each campus
same external network to implement different external networks that are network has an independent border and
reliability in non-stack scenarios. connected through different border nodes. egress network.

Contents
7. Intelligent O&M

User Access Authentication
Authentication modes:
• Portal authentication: user name and password
Third-party
Social media authentication Third-party
RADIUS authentication, anonymous authentication, SMS
QQ, Weibo, WeChat, Facebook, Twitter Portal server
server
authentication, QQ authentication, Sina Weibo
authentication, WeChat authentication, Facebook
authentication, Twitter authentication, passcode
Portal page customization authentication

User
management • MAC address authentication
Portal server RADIUS server
• 802.1X authentication
Transmission protocols:
Configuration Authentication Authentication • HTTP/2 and RADIUS for authentication data
NETCONF HTTP/2 RADIUS
transmission
• NETCONF for configuration data transmission
Authentication
device Open authentication:
• Interconnection with third-party Portal servers
User terminal • Interconnection with social media such as QQ, Weibo,
WeChat, Facebook, and Twitter
Intelligent Policy Engine Achieves Refined
Policy Control
Condition: 5W1H-based policy Result: fine-grained permission control
User identity
User/User Permission VLAN/ACL/Security group, VIP
Who
group/Role user...
Site, region, device
group, device type, Access position
device, SSID, IP Where Uplink/Downlink bandwidth,
Bandwidth
address DSCP value
Access time
Day/Hour
When High/Medium/Low
QoS Traffic duration control (for
Terminal type Portal authentication only)
PC/iOS/Android, etc.
What
Intelligent
policy Application Application group/Application
Company-issued/BYOD Device attribute
terminal Whose engine
Wired/Wireless Access mode

Portal/MAC Security URL filtering
How
address/802.1X
authentication

Portal Authentication: Allows Portal Page
Customization
With this function, enterprises can conveniently customize their own Portal pages so as to launch VASs such as brand
promotion and advertisement push.

Terminal Identification and Policy Automation
Overview
Requirements & challenges Terminal identification and policy automation
Terminal fingerprint
database
Example: higher education Proactive scanning
institution
50+ types of smart terminals
Data of smart terminals

collected by level-2
departments Information reporting
Difficult and error-prone MAC
address collection
>
Example: an enterprise
Terminal type-based Terminal type-based Terminal type-based
10+ authentication faults
reported every day Automatic authentication Automatic authorization Bogus terminal detection
Recognized as a printer Recognized as a camera Recognized as an IP phone first
Difficult to locate
• Automatic MAC address • Automatically added to a video and then a PC
bogus terminals
authentication, without the surveillance group • Report a bogus terminal alarm.
need of manual MAC address • Set as a VIP user
input

Terminal Identification: Supports Proactive and
Passive Detection
• Terminal visibility: collects terminal type statistics (by vendor and OS), displays the relationship between terminals and access ports, queries access
policies (covering VLAN, QoS, and authentication mode), and exports reports
• Terminal policy automation:
• Supports automatic terminal access based on terminal types, thereby achieving automatic MAC address authentication of dumb terminals
• Authorizes policies (covering VLAN, security group, access permission, and QoS) on a per-terminal group basis
• Supports IPv4/IPv6 dual-stack terminals
Proactive detection Passive detection

Deliver
Deliver
configurations/policie
configurations/policies
s
4 5
3 4
Display Display
Administrator Administrato
identification result identification
r
Scan- result
fingerprint
1
and- 3 Report fingerprint
Collect
detect
2
2 Feedback
Send traffic 1

Terminal Identification: Numerous Identification
Methods
Identification
Type Description Applicable Scenario
Method
The first three bytes of a MAC address indicate
MAC OUI Identify the device manufacturer only
the manufacturer.
A browser's UserAgent string contains the Mobile phones, tablets, PCs,

HTTP UserAgent manufacturer, terminal type, operating system, workstations, intelligent voice and video
browser type, and other information. terminals
Information Some options of a terminal's DHCP packets Mobile phones, tablets, PCs,
reporting DHCP Option can be used to classify terminals, for example, workstations, IP cameras, IP phones,
DHCP options 55, 60, and 12. printers, etc.
IP phones, IP cameras, network devices,

LLDP LLDPDUs carry device model information.
etc.
mDNS packets contain terminal model and

mDNS Apple devices, printers, IP cameras, etc.
service information.
Obtains identification information by querying

SNMP Query Network devices, printers, etc.
device information-related SNMP MIB objects.
Proactive
scanning
Scans the OS and services of terminals to PCs, workstations, printers, phones, IP
NMAP
detect the terminal model and OS information. cameras, etc.

Terminal Identification: Automatic Policy Delivery
Process Based on Terminal Types
The administrator enables terminal
1 identification and configures terminal
policies.
iMaster NCE matches the
terminal's fingerprint information
against the fingerprint database
and identifies the terminal type.
4 ① On the iMaster NCE web UI, an administrator enables the
terminal identification function, selects terminal types,
and specifies the corresponding policies.
2 iMaster NCE delivers
configurations to the ② iMaster NCE delivers terminal identification
network device.
configurations to network devices.
③ When terminals access the network, network devices
5
iMaster NCE collect the fingerprint information of the terminals and
delivers access report the information to iMaster NCE.
and authorization
policies for the ④ iMaster NCE automatically matches the terminals'
The network terminal to the
3 device reports network device. fingerprint information against the fingerprint database
terminal
fingerprint
to identify the terminal types.
information.
⑤ iMaster NCE automatically delivers admission and
authorization policies for the terminals based on the
policies defined by the administrator.

Quiz
1. Which Protocols Supported by Terminal Identification
A. Radius
B. HTTP
C. LLDP
D. DHCP
E. OSPF
B. What radio modes that Flagship AP Air Engine 8760-X1-PRO support

A. 4(2.4g)+12 (5g)
B. 4(2.4g)+8(5g)+4(5g)
C. 4(2.4g)+8(5g)+independent scanning radio

Contents
7. Intelligent O&M

Free Mobility Achieves Security Group-Based
Policy Management
• Free mobility: grants a user consistent network permissions and enforces the corresponding policies, regardless
of the user's location and the IP address used to access the network.
Sales R&D Server resource Security groups are defined, each

security group security group security group 1 specifying a group of users with the same
network access policies.
Permission policies Permission control policies and user

2
experience policies are configured based on
security groups and delivered to network
Deliver security groups and policies
devices.
After user traffic enters a network,

Campus
4 network devices enforce policies based on
network
source and destination security groups of
the traffic.
Access Access Access
authentication authentication authentication
Security groups are authorized to the
User A User B User C 3 users who pass access authentication.

IP-Security Group Entry Synchronization
Scenarios and pain points IP-security group entry synchronization
Function description: iMaster NCE synchronizes the mappings between user IP addresses and groups to
the switches functioning as policy enforcement points. In this way, authentication points and policy
enforcement points can be separated, implementing flexible networking. In addition, hybrid networking
with third-party devices can be easily achieved.

IP Group
1.1.1.1 Group 1 3
2.2.2.2 Group 2
4 Synchronize the mappings between IP

addresses and groups through HTTP/2.
1. Switches that do not support free mobility Authenticate the user. 2
2. WAC 5
3. Routers Third-party device Execute the

inter-group
4. Third-party devices (non-Huawei) policy when
the traffic
These devices do not support free mobility, so A user attempts to 1 arrives.
access the network.
how to realize free mobility if a solution includes
these devices? PC1 1.1.1.1 PC2 2.2.2.2

Preferential Access of VIP Users
Access denied for non-VIP users Access permitted for VIP users
Access of a non-VIP user Identified as a VIP

is denied. user
2 The number of access users 2 Connect

The number of access users
reaches the threshold. successfully
reaches the threshold.
4
1 1
STA STA
AP AC AP AC
STA STA
A connected user is
A user who has connected to A user who has connected to 3 forced to go offline.
the network the network
If a non-VIP user attempts to connect to an AP when the If a VIP user attempts to connect to an AP when the number of
number of users connected to the AP reaches the threshold, users connected to the AP reaches the threshold, the AP
the connection attempt will fail. forcibly disconnects a non-VIP user and connects the VIP user
to the network.

Bandwidth Reservation for VIP Users:
Guaranteeing Sufficient Bandwidth
Define the percentage of Scenario

1 Define VIP users. 2 bandwidth to be reserved for VIP
When the number of users in a conference room
users. increases sharply, mobile user terminals preempt air
interface resources, deteriorating wireless
experience of conference terminals.
Requirements
Identify VIP users and guarantee sufficient
bandwidth for them.
• Spectra dedicated
for VIP users Solution
bandwidth
Frequency
• Reserved fixed
subcarriers • OFDMA spectrum resources are reserved for
VIP users.
• Spectra shared 3 • On-demand bandwidth reservation:
by common 20% bandwidth Bandwidth  No bandwidth is reserved when no VIP user
users accesses an AP.
• Shared
reserved contention
subcarriers  Sufficient resources are reserved only for
VIP users.
Time
OFDMA spectrum resources
Conference terminal User terminal
reserved for VIP users VIP user Common user
VIP user Common user

Intelligent HQoS: User- and Application-Based QoS
Policies
Challenges
• Traditional QoS schedules traffic based on port

Management- • Defines VIP users
1 bandwidth, allowing differentiation of traffic based
control-analysis • Defines application
priorities on service levels. However, it is difficult to
differentiate services based on users.
• Traditional QoS cannot manage and schedule traffic

of multiple services from multiple users
Two-level
2 simultaneously.
scheduling: user
queue and
Network device application queue Solution
Native WAC and
independent WAC • Hierarchical QoS (HQoS) can not only differentiate
support large buffer
and four levels of traffic of different users but also schedule traffic
queues.
VIP user Common user based on service priorities.
• HQoS differentiates service traffic using multi-level

queues, and manages and schedules transport
User terminal objects such as multiple users and services in a
VIP user Common user unified manner.

Multi-Campus Interconnection: IPsec VPN and SD-
WAN Support
Static IPsec VPN SD-WAN
RR
Branch 1
BGP EVPN+
HQ Branch 2
Branch 1
Internet
HQ MPLS
MPLS/Internet
Branch 1
Internet
Branch 2
HQ MPLS
MPLS/Internet
Branch 2
An IPsec VPN is a type of static VPN, in which IPsec tunnels are EVPN can be used to establish tunnels between sites and dynamically
established between devices at different sites to create VPN channels. advertise routes. The forwarding plane supports GRE or GRE over
Traffic is diverted to the VPN tunnels based on the configured static IPsec. In addition, high-quality links can be chosen based on
network segments to implement mutual access between the sites. applications and policies for data transmission, implementing
application- and policy-based intelligent traffic steering.

Functions and Features of the SD-WAN-Based
Interconnection Solution
Centralized
Flexible overlay network based on the hybrid Intelligent traffic steering, ensuring application
management/control and
WAN experience
visualization
GUI
MPLS
2
MPLS Internet
Dynamic
Internet adjustment
Centralized
management
1 Delay and control
Performance
data
When an enterprise has multiple types of Measures the quality of different WAN links,
WAN egress links (hybrid WAN), WAN links defines network quality requirements of
can be flexibly used to implement applications, and performs intelligent traffic
interconnection and interworking. steering based on specific policies.

Application Experience Optimization Policy:
Intelligent Traffic Steering (1/2)
Link quality–based traffic steering Load balancing–based traffic steering
CPE2 CPE2
MPLS Internet MPLS Internet

3 4
2. Dynamically
1. The link SLA adjust traffic.
1 2 1 2 3 4
deteriorates to
the lowest level
that can be Voice data Voice data
tolerated by CPE1 1 2 3 4 CPE1 1 2 3 4
voice services.
Voice and video services are sensitive to delay and packet loss rate. You
can configure the good-quality MPLS link as the primary link and the When an enterprise has multiple links, you can configure load
Internet link as the secondary link for the two types of service. In balancing-based traffic steering to make full use of the link bandwidth.
addition, you need to configure SLA requirements for the services so
that intelligent traffic steering can be performed based on link SLA.

Application Experience Optimization Policy:
Intelligent Traffic Steering (2/2)
Application priority–based traffic steering Bandwidth-based traffic steering
CPE2 CPE2
Low priority
Select a link that
meets the
MPLS Internet MPLS bandwidth usage Internet
requirement for
High priority new traffic.
High-quality link Low-quality Bandwidth Bandwidth
(network congestion) link usage: 70% usage: 2%
Voice and video

CPE1 CPE1 Voice application
File transfer
If multiple types of service packets are transmitted on the same link, When the bandwidth usage of a link reaches the threshold, this link is
traffic of high-priority applications is preferentially processed in the not selected for new traffic of some applications, and other links that
case of congestion, ensuring user experience of high-priority meet the requirements are preferred. This method ensures the
applications. bandwidth usage of high-priority services and prevents application
quality and link quality from deteriorating due to network congestion.

Contents
7. Intelligent O&M

Campus Network O&M Requirements: AI-
Powered Intelligent O&M
As-Is: device-centric network management To-Be: AI-powered intelligent O&M centered on user experience
• Visualized experience
management
• Topology mgmt. • Client journey playback
Traditional NMS • Performance mgmt. • Potential fault
• Alarm mgmt. identification
• Configuration mgmt. • Root cause identification
• Predictive network
SNMP Telemetry optimization
Minute-level Second-level network data

network data collection
collection
• Device-centric, without perception of user experience Visualized experience: Telemetry-based second-level data collection, visualizing experience of
any user in any application at any moment
• Passive response, unable to identify potential faults
Minute-level proactive identification and root cause locating for potential faults
• Onsite fault locating relies on experienced engineers
• Proactively identifies potential faults based on dynamic baselines and big data correlation
analysis
• Accurately locates root causes using KPI correlation analysis and protocol trace
Network optimization and self-healing: uses AI to intelligently analyze APs' load trend, thus
completing predictive optimization of wireless networks.
In addition to using algorithms to improve efficiency, intelligent O&M leverages scenario-based continuous learning and accumulated
expert experience to free O&M personnel from complex alarms and noises, making O&M more automated and intelligent.

Panorama of Intelligent O&M
Autonomy and
Automatic calibration in off-peak hours in the event of high interference
self-healing
Fault Prediction &
Autonomous Self-healing
Fault prediction Optical module fault prediction
Group fault Analysis of four types of issues: Network dialing test

analysis Quick root cause analysis based on the rule engine for access service
Fault Identification & Root
Cause Analysis
Big Data & ML Individual fault Access analysis: Experience analysis: Application analysis:
analysis Protocol trace Poor-QoE client analysis Voice/Video application quality awareness
Network-wide quality Per-client journey playback Integrated wired and wireless topology
Experience Visualization Experience
evaluation system
Telemetry visualization Visualized and comparable WLAN calibration
Wi-Fi signal heatmap
CampusInsight: Cloud-based Cluster

Single-node deployment
deployment deployment

Intelligent Identification of Four Types of
Typical Issues (1/2)
Issue Type Issue Name Description
Authentication failure
(wireless+wired)
iMaster NCE-CampusInsight collects statistics on authentication issues by authentication control point. It calculates the proportion of users failing to be
Authentication timeout authenticated/users whose authentication times out/users with slow authentication among all users to be authenticated within a period of time. When a
(wireless+wired) proportion exceeds the threshold (which is generated after learning of historical authentication data), an authentication control point authentication
issue is identified.
Slow authentication
(wireless+wired)
Connectivity
issues Association failure (wireless) iMaster NCE-CampusInsight collects statistics on connectivity issues by AP. It calculates the proportion of users failing to be associated/users associated
slowly among all users to be associated within a period of time. When a proportion exceeds the threshold (which is generated after learning of historical
Slow association (wireless) association data), an AP association issue is identified.
DHCP failure iMaster NCE-CampusInsight collects statistics on DHCP issues by authentication control point. It calculates the proportion of users whose IP addresses
(wireless+wired) fail to be obtained through DHCP/users whose IP addresses are obtained slowly through DHCP among all users who attempt to obtain IP addresses
through DHCP within a period of time. When a proportion exceeds the threshold (which is generated after learning of historical authentication data), an
Slow DHCP (wireless+wired) authentication control point DHCP issue is identified.
iMaster NCE-CampusInsight collects statistics on signal strength of access clients for each AP. If the signal strength of most access clients under an AP
Weak coverage (wireless)
remains to be weak for a long time, an AP weak coverage issue is identified.
iMaster NCE-CampusInsight collects statistics on RFs that suffer from various types of signal interference such as co-channel, adjacent-channel, or non-
High interference (wireless) Wi-Fi signal interference within a period of time. If the value remains higher than the threshold (which is generated after learning of the historical
interference data for each RF) for a period of time, a high interference issue is identified.
iMaster NCE-CampusInsight collects statistics on the radios with high channel usage, including the radios occupied for transmitting normal Wi-Fi data
High channel usage
Performanc and those occupied by interference signals. If the usage remains higher than the threshold (generated after the historical channel usage of each radio is
(wireless)
learned) for a period of time, a high channel usage issue is identified.
e issues
Air interface congestion iMaster NCE-CampusInsight collects statistics on air interface data by radio. If a large amount of data needs to be transmitted on a radio, data may be
(wireless) delayed or lost. If the data volume on a radio remains to be greater than the threshold, an air interface congestion issue is identified.
Dual-band-capable client For APs working at both 2.4 GHz and 5 GHz bands, iMaster NCE-CampusInsight checks whether dual-band-capable clients frequently access the 2.4 GHz
prefers 2.4G (wireless) band and therefore result in high latency. If this scenario persists on an AP, a "dual-band-capable clients prefer 2.4 GHz" issue is identified.
CampusInsight collects client capacity statistics by AP. If the number of clients connected to an AP exceeds the threshold (which is generated based on
Client capacity (wireless)
the number of clients connected to the AP historically) for a long period of time, a client capacity issue is identified.

Intelligent Identification of Four Types of
Typical Issues (2/2)
Issue Type Issue Name Description
iMaster NCE-CampusInsight checks whether clients roam between two APs multiple times within a
Repeated roaming (wireless) short period of time and whether the KPI metrics deteriorate before and after the roaming. If the
Roaming number of roaming times reaches the threshold, a repeated roaming issue is identified.
issues iMaster NCE-CampusInsight collects statistics on roaming anomalies (such as roaming failure and long
Roaming anomaly* (wireless) roaming duration) of each AP by day. If the number of roaming anomalies for an AP reaches the
learning threshold, a roaming anomaly issue is identified.
AP disconnection (wireless)
Device disconnection
(wireless+wired)
PoE fault (wired)
Forwarding entry exceeds
Device maximum (wired) iMaster NCE-CampusInsight collects statistics of device issues by device. If the device-level metrics
issues High CPU usage remain to be higher than the learning threshold for a period of time, a device issue is identified.
(wireless+wired)
High memory usage
(wireless+wired)
Packet loss due to CPU CAR
limit (wired)

Contents
7. Intelligent O&M

Cloud Management of Security Services for Small-sized
Campus Networks and Multi-branch Networks
iMaster NCE security service management
Integrates Huawei
security controller • Intrusion protection system (IPS)
SecoManager • File filtering
Firewall service
management • Content filtering
• Security policy • Antivirus (AV)
• URL filtering
• IPS • URL filtering
• Antivirus Internet • Application behavior control
configuration
• APT defense
• ... Benefits
• Plug-and-play, rapid provisioning
• Hosting for small- and medium-sized enterprises,
interconnection among mass branches of large-
FW FW sized enterprises
• Proactive registration of firewalls for rapid
incorporation into the cloud-based management
FW LSW platform
AP • Rapid and unattended deployment
AP AP • Policy delivery, unified management
• Remote security service configuration and
management
• Remote device monitoring and fault management
• Cloud-based management of massive numbers of
Branch 1 Branch 2 Branch N
devices, simplifying O&M

Quiz
1. (Multiple-choice question) Which of the following intelligent traffic steering modes are
supported in Huawei SD-WAN Solution?
A. Link quality–based traffic steering
B. Load balancing–based traffic steering
C. Application priority–based traffic steering
D. Bandwidth-based traffic steering
2. (True or false) When free mobility is deployed on a campus network, the authentication
point of user terminals must be a Huawei device.

Summary
• Network architecture
▫ One iMaster NCE-Campus can centrally manage LAN, WAN, security (firewall), and user access authentication.
▫ Full-lifecycle network services.
▫ Three deployment modes for controller: On-premises mode – physical server, On-premises mode – virtual machine
(VM), Cloud hosting mode
• Planning and deployment (Day 0 & Day 1):

▫ WLAN planning: Indoor WLAN planning, Outdoor WLAN planning, Mobile app-based site survey, Interference source
settings, 3D network planning.
▫ Design: Site design, Scenario-specific deployment, Service template design, Service pre-configuration.
▫ Deployment: Underlay, Overlay, Policy.
• O&M (Day N)
▫ Experience Visibility: Network-level, User-level, Application-level.
▫ Anomaly identification and root cause analysis.
▫ Troubleshooting and optimization: Radio calibration, Real-time WLAN AP channel simulation feedback, Big data-
based predictive WLAN optimization without manual intervention.

Thank You
www.huawei.com

HCPP-01 CloudCampus Solution-2022.01

Uploaded by

Copyright:

Available Formats

You might also like

HCPP-01 CloudCampus Solution-2022.01

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCPP-01 CloudCampus Solution-2022.01

Uploaded by

Copyright:

Available Formats

HCPP-IP Network

Huawei CloudCampus Solution

Page 1 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

▫ Describe Huawei CloudCampus Solution.

▫ Understand VXLAN-based virtualized campus networks and their application scenarios.

▫ Distinguish common access authentication solutions for campus networks.

▫ Understand the openness and ecosystem of CloudCampus.

Page 2 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Page 3 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

• Simplified Network deployment

Fast service provisioning, improving user experience

• Real-time experience visualization

Page 4 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Open industry application development platform

AirEngine Wi-Fi 6 AirEngine Wi-Fi 6: all-wireless

Page 5 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Simple-service campus Multi-service campus Multi-branch

Simple-Service Campus Multi-Service Campus Multi-Branch Interconnection Campus

Page 6 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

One-stop management center

Site design Network topology design Network resource

Small-sized campus Large- and medium-sized campus

Network access Free mobility SD-WAN policy

Page 7 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

WAN-side Real-time Topology Various Intelligent WAN-side

Page 8 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

On-Premises Huawei Public Cloud MSP-owned Cloud

Huawei-operated: Customers do not MSP-operated: MSPs purchase software, such

Customers in industries such as government, Customers in industries such as

Operations entity Customer Huawei MSP, carrier

Page 9 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

AirEngine 8760-X1-PRO: Wi-Fi 6 indoor flagship AP

AirEngine 8760R-X1/X1E: Wi-Fi 6 outdoor APs

HiSecEngine AI firewalls NetEngine AR routers

Page 10 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Application service layer

• Full lifecycle management

Page 11 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Minute-level network Second-level

Page 12 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Manual planning System maintenance –

Network resource Service policy

Page 13 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Day 0: Cloud-based WLAN Planner Shortens the Planning

2 Log in to Huawei online WLAN Planner.

Page 14 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Day 0: 3D Network Planning, Visualizing the Planning Effect

3D signal simulation, presenting an intuitive view of the coverage effect

Page 15 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Day 0: 3D Network Planning, Making It Possible to

Strongest AP AP-25 CH: 6/36

2. Display the AP to which

Page 16 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Day 1: Device Plug-and-Play (1/4)

1 Record device information.

Tenant: Tenant X Synchronize device

Devices supported: AP Devices supported: AR, firewall, switch, AP

Page 17 Copyright © Huawei Technologies Co., Ltd. All rights reserved.

Day 1: Device Plug-and-Play (2/4)