Professional Documents
Culture Documents
HCPP-03 - Small - and Medium-Sized Campus Network Design Guide-2022.01
HCPP-03 - Small - and Medium-Sized Campus Network Design Guide-2022.01
• Thanks to the evolution of the cloud • The cloud security becomes increasingly • The use of IoT directly leads to a huge
architecture, enterprises can focus on important. increase in the number and types of
services without the need to pay too much • Facing cloudification, enterprises are subject terminals that access the networks, and these
attention to the IT architecture construction. terminals generate a large amount of data.
to attacks that are different from traditional
• To support service cloudification, enterprises networks when providing various services. • Diversified IoT sensing networks need to be
need to create a ubiquitous, intelligent, • Security has shifted from passive defense to smoothly connected to the existing campus
controllable, and on-demand network. network.
proactive defense.
• The network needs to become more a • The types of terminals connected to the
• Detection and response have become as
service than a solution. campus network become complex, and the
important as defense.
network becomes a converged network with
multiple types of terminals and media.
Network cloudification brings rapid development in new ICT 1. Low deployment efficiency slows down service provisioning
technologies, such as cloud computing, cloud security, big data, Site survey, planning, deployment, software commissioning,
and IoT, leading to tremendous changes in all industries. configuration, and optimization must be completed onsite by
• Traditional retail industry such as shopping malls and professional IT personnel.
supermarkets often offer free Wi-Fi as a way to attract and 2. Complex network management causes high OPEX
retain customers, and they also use wireless positioning and Local professional O&M results in low O&M efficiency and high
customer flow analysis to carry out precision marketing. labor costs. The network management system (NMS), policy
• In education sector, electronic classrooms are becoming more control server, charging system, and data analysis platform are
and more popular, and various multimedia teaching methods deployed independently, causing high management and
can stimulate students' interest. maintenance costs.
• Small- and medium-sized enterprises (SMEs) implement 3. Poor network openness
simplified service deployment and fast provisioning through The open data provided by multiple management systems of
cloud management network interconnection, remote access,
the traditional network needs to be integrated. In addition, due
and mobile office, as well as unified cloud data management to the incompatibility of interfaces, the network and
and analysis. applications are connected at a far slower speed than
However, an increasing number of network nodes bring complex application development.
requirements.
Cloud
management
Network devices at a site Site network 2 platform
• Centrally delivers configurations of multiple • Centrally manages scattered campus • Interconnects with multiple management
sites, reducing onsite configuration and branches on the cloud through the systems to achieve unified network
commissioning workload and improving Internet. management through open APIs and big
deployment efficiency. • Integrates multiple automation tools for data analytics capabilities.
• Implements plug-and-play of network devices troubleshooting, monitoring, and other • Provides more value-added applications
and on-demand expansion, requiring low costs management operations, so as to to help digital transformation of
for upgrades. implement remote automated O&M. enterprises.
Digitalization leads to changes in network models, accelerating network transformation to cloud-based network management.
• Small- and medium-sized campus networks are sensitive to CAPEX and OPEX. Therefore, the public cloud management mode is recommended. In
this mode, the SaaS service provided by Huawei or MSPs is used to manage small- and medium-sized campus networks.
• Both Huawei public cloud and MSP-owned cloud modes are available and the two modes are similar. The only difference lies in the operation entity
and cloud management service provider. Unless otherwise specified, only Huawei public cloud management is used as an example.
Network
Procurement Deployment Acceptance O&M
planning
Traditional network
Manual order Manual 2D Onsite Manual Manual fault
placement planning deployment inspection locating
RESTful API
AP AP Firewall AP AR
Multi-tenant network
• Cloud-based network planning and mobile O&M: WLAN design and device O&M are simplified.
• Diversified product portfolios: Huawei provides different product portfolios, including full series
of network devices (switches, firewalls, ARs, and APs), meeting diversified network requirements of
tenants.
• Dual-working-mode: All network devices used in this solution can work in either cloud-based or
traditional management mode. Tenants can implement cloud-based network management after
devices are upgraded.
• VASs: Terminal behavior analysis is a value-added application of iMaster NCE-Campus. More VASs
can be developed based on terminal behavior analysis.
A. Operations entity
A. Automatic deployment
C. Dual-working-mode
Firewall + L2 switch +
WLAN design
AP
Site area, number of terminals, etc. Requirements for advanced security features and egress gateway security
Number of APs, etc. Egress gateway device model and security feature requirements
Internet
AR or Firewall
Switch
AP ... AP
• Solution description
Internet
In single-AP networking, an AP functions as the gateway of end users
Carrier CPE and the egress device of the campus network.
• Applicable scenarios
This networking applies to small-sized stores (such as agent stores
• Solution description
Internet
Carrier LTE
In single-AR networking, an AR functions as the gateway to provide
Carrier CPE base station access for wired and wireless terminals.
• Applicable scenarios
Wired uplink 3G/LTE
This networking applies to small convenience stores and clothing stores
AR with an area of smaller than 50 m².
A maximum of 50 concurrent online terminals are supported.
Wired and wireless terminal access is supported, and wired uplinks or
3G/LTE wireless uplinks are required for Internet access.
• Solution description
In single-firewall networking, a firewall functions as the gateway to
Internet
provide access for wired and wireless terminals.
Carrier LTE
Carrier CPE base station • Applicable scenarios
This networking applies to high-security scenarios such as small stores for
Wired uplink 3G/LTE
logistics, office, and finance with an area of smaller than 50 m².
Firewall
A maximum of 50 concurrent online terminals are supported.
High security requirements (URL filtering/IPS/security
protection/antivirus) need to be met and Internet access is provided
through multiple uplinks. For example, in a scenario where an LTE backup
link is required, only simple PSK or non-authentication wireless access is
supported.
• Solution description
Internet
In a scenario where multiple APs are required to meet wireless
Carrier LTE
Carrier CPE coverage requirements, an AR functions as the user gateway to provide
base station
egress features, such as WAN access, DHCP, and NAT.
AP AP
Multiple APs are required to provide coverage, and a wired uplink or a
3G/LTE wireless uplink is required for Internet access.
• Solution description
Internet
In a scenario where multiple APs are required to meet wireless coverage
Carrier CPE requirements, a firewall functions as the user gateway to provide egress
features, such as WAN access, DHCP, and NAT.
• Applicable scenarios
This networking applies to small- and medium-sized experience stores
Firewall
and logistics/insurance service stores, with an area of smaller than 300
m² and fewer than 200 concurrent online terminals.
Multiple APs are required, high security requirements (URL
AP AP
filtering/IPS/security protection/antivirus) must be met, and Internet
access is provided through multiple uplinks.
• Applicable scenarios
L2 switch
This networking applies to small- and medium-sized clothing stores and
retail stores with an area of smaller than 3000 m² and fewer than 2000
AP AP concurrent online terminals.
Multiple APs need to be deployed to provide wireless access, a PoE LAN
switch is used to increase the number of APs that can be connected, and
multiple uplinks are required for Internet access.
Page 22 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Networking Solution: Firewall + L2 Switch + AP
• Solution description
AP AP
Multiple APs need to be deployed to provide wireless access, high
security requirements (URL filtering/IPS/security protection/antivirus)
need to be met, and multiple uplinks are required for Internet access.
Platform operator
Platform operator
• Description: It is also called the platform
administrator or system administrator.
MSP MSP • Account: The account is created by the
platform operator when iMaster NCE-Campus is
installed.
• Responsibilities:
Tenant Tenant Tenant Tenant
Installs and maintains iMaster NCE-Campus.
Manages MSPs and tenants.
Collects statistics on the number of devices
End user End user End user End user
and services on the entire network.
Provides basic network VASs.
MSP
Platform operator
• Description: It is also called cloud managed service provider and has
professional network construction and maintenance capabilities.
Page 26 Copyright © Huawei Technologies Co., Ltd. All rights reserved. administrator.
Important Roles in the CloudCampus Solution for
Small- and Medium-Sized Campus Networks (4/4)
Platform operator
MSP MSP
Internet
Networking design
• For a large-scale network, stack networking is recommended for the access
layer. If a single device can provide sufficient access capacity for downstream
terminals, the single-device networking can be used at the access layer.
When the upstream devices at the access layer are stacked, it is
recommended that Eth-Trunks be used to connect to the upstream devices.
If multiple APs need to be deployed, PoE LAN switches can be used to
Access layer Access layer increase the number of APs that can be connected.
• For a small-scale network, it is recommended that the single-device
networking be used at the access layer and a single link be used to connect
to the upstream device. If multiple APs need to be deployed, PoE LAN
switches can be used to increase the number of APs that can be connected.
• In small- and medium-sized stores, APs need to be deployed. APs can be
directly connected to egress gateways without access switches.
Terminal
• Two egress gateways can
be deployed for dual-
Highly reliable data center
You can consider the bypass policy that is system backup.
used if the authentication server is faulty. • LAN switches at the core
Currently, there are two types of policies that and aggregation layers
come into effect after a fault: those that can be stacked to
require no authentication and those that implement physical
prevent user access from being affected. device backup.
3
Register and get Internet Report AP
managed. information. Tenant: Tenant X
Register and iMaster NCE:
5 3 get managed. 6 Internet 1.1.1.1:8080
Device: AP (ESN...)
Scan
barcode. 1
Automatically initiate a
Switch to the cloud
query request to Huawei
2 mode and initiate a
registration center to
registration request 5 4 obtain the IP address and
The APP obtains the ESN
to iMaster NCE.
and MAC address of the AP. port number of iMaster
NCE.
WEB CLI
1 1
In the web system, configure Internet access On the CLI, configure Internet access parameters,
parameters, cloud management mode, and IP cloud management mode, and IP address/URL and
address/URL and port number of iMaster NCE. port number of iMaster NCE.
Devices supported: AR, firewall, switch, AP Devices supported: AR, firewall, switch, AP
Internet
1 AR
• The network administrator has deployed the
DHCP service on the network in advance (by DHCP response 4 Switch to the cloud mode and
deploying the DHCP service on the egress 3 carrying Option initiate a registration request
device or deploying an independent DHCP
DHCP request 2 148 to iMaster NCE.
server.)
• In addition to delivering IP addresses to the
devices to be deployed, the DHCP server uses Switch to be deployed
DHCP Option 148 to notify the devices of the
iMaster NCE IP address and port number.
• In the Huawei public cloud scenario, the registration center is recommended for deployment.
• If you do not want to synchronize device information to the registration center, you can use the DHCP option
deployment mode.
A. Access switch models are selected based on the number of APs to be connected and whether PoE is
required.
B. In small-scale sites, such as small stores, APs and egress devices must be deployed to provide WLAN
coverage. APs cannot directly connect to egress links and do not support NAT.
D. As a switch is selected according to the following formula: Number of connected APs x AP power ≤
Power provided by the PoE switch, it is important to select PoE switch models with power supplies sufficient
for the model and quantity of APs used.
Page 38 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Basic Service Design — VLAN
• Allocate consecutive VLAN IDs to ensure proper use of VLAN resources.
• Reserve a specific number of VLANs for future use.
• VLANs are classified into service VLANs, management VLANs, and interconnection VLANs.
• Typically, VLANs are divided based on interfaces. According to different design principles, interfaces of
access switches are added to different VLANs so that users of different service types can be isolated.
VLANIF 100
VLAN assignment by 192.168.100.254
geographic area
192.168.1.254
192.168.5.254
VLANIF 100
192.168.100.254
192.168.100.254
Carrier CPE
End user
users be assigned IP
IP addresses of WAN interfaces on egress gateways are assigned by AP addresses in DHCP mode
the carrier in static, DHCP, or PPPoE mode. The IP addresses of and the gateway provide the
these interfaces need to be obtained from the carrier in advance. DHCP service.
Internet Internet
AP
When the egress gateway connects to an L3 switch, It is recommended that the IP address
it is recommended that the interconnection IP of the AP be dynamically assigned
addresses be manually configured in static mode. through DHCP after the DHCP server is
deployed on the gateway.
1. Environment setting
3
2. Region setting
With Huawei Cloud-based
WLAN Planner, users can
3. Device deployment complete WLAN planning in 4 • Use the network planning
five steps. report to provide guidance for
4. Signal simulation onsite construction.
• The network planning result
5. Report export can be imported into iMaster
NCE.
• After the leader AP is elected, other APs set up CAPWAP links with
the leader AP for sending radio calibration and load balancing
messages.
5 day.
• APs perform calibration detection according to the configured mode and switch to
2 other channels to scan neighboring APs. The scanning lasts for 15 minutes.
All APs perform
4 3 • During the detection, the APs report the detected data to the leader AP every 10s.
detection.
The leader AP The APs report
• The leader AP performs computing and calibration every 5 minutes and performs
performs computing detection data.
and calibration. computing for three times to achieve algorithm convergence.
• The leader AP delivers the calibration result to each AP in the group, including the
calculated channel and power.
• If the number of APs exceeds the management capability of a leader AP, network planning is required. Management VLANs
need to be planned for AP grouping. When there are a large number of APs in a management VLAN, the APs are automatically
divided into multiple groups.
• Radio calibration is performed on WLANs in a continuous area. Therefore, it is recommended that APs be grouped by
geographic location such as by floor to ensure that APs in a group are in the same area. This maximizes the calibration effect.
F1 F1
VLAN 1001
F2 F2
VLAN 1002
F3 F3
If manual intervention is not performed when the number of APs exceeds In a continuous area (such as adjacent APs or APs on the same floor),
the upper limit, APs are randomly grouped, affecting the calibration effect. management VLANs are planned for AP grouping. A leader AP is
elected in each group.
• 2.4 GHz frequency band: Channel sets 1, 6, and 11 • 2.4 GHz frequency band: Only the
are recommended. If APs are densely deployed, 20 Mbit/s bandwidth can be
channel sets 1, 5, 9, and 13 are recommended. selected.
• 5 GHz frequency band: When an AP uses a single 5 • 5 GHz frequency band: The 40
GHz radio, it is recommended that high and low Mbit/s bandwidth is recommended.
frequency channels of neighboring APs be
staggered. When an AP uses dual 5 GHz radios, it is
recommended that two 5 GHz radios be planned at
low and high frequencies respectively.
1. When a STA roams between APs on the same Layer 2 network, the • APs before and after STA roaming belong to different service
service VLAN remains unchanged before and after the roaming. VLANs. The two APs belong to different Layer 2 service domains,
and connect to different service gateways.
2. Characteristics: Two APs at the same site have the same SSID and
service VLAN. • Characteristics: Two APs at the same site have the same SSID and
authentication mode but different service VLANs.
• When more than 50 APs are deployed on a network or there are more than 1,000 STAs, Layer 3 roaming needs to be deployed.
(An SSID corresponds to different service VLANs.)
• 802.11r fast roaming supports an enhanced roaming mechanism based on device-pipe synergy when working with Huawei
terminals. This mechanism helps reduce the roaming handover delay and packet loss rate. Therefore, you are advised to enable
the mechanism when enabling 802.11r fast roaming.
• Description:
▫ Wireless roaming is supported only by APs at the same site.
▫ If the Layer 2 roaming domain is large, broadcast packets may be flooded. You are advised to rate limit broadcast packets on iMaster NCE-
Campus. By default, the rate limit for broadcast packets is 256 pps.
▫ Each AP supports only 64 Layer 3 roaming STAs. If there are a larger number of Layer 3 roaming STAs, roaming fails and STAs need to go offline
and then online again.
▫ When a STA roams at Layer 3, its traffic is detoured to the AP that the STA accesses for the first time or another AP in the same Layer 2 domain
as the AP that the STA accesses for the first time. Therefore, it is recommended that a large Layer 2 domain be planned for APs at the network
ingress to facilitate traffic detouring and load sharing after Layer 3 roaming.
MAC Address
Item Portal Authentication 802.1X Authentication
Authentication
Client No special requirements No special requirements Required
Egress gateway
• Portal authentication is recommended for guests.
Authentication points can be deployed on APs, ARs, or
firewalls based on the networking requirements.
L2 switch
• Portal or 802.1X authentication can be selected for
enterprise employees. It is recommended that access
Dumb
devices be selected as authentication points.
AP
terminal
• Dumb terminals in enterprises are connected to the
network in wired mode. MAC address authentication is
recommended for these dumb terminals, and access
switches can be selected as authentication points.
Employee’s terminal Guest’s terminal
To deploy the automatic terminal identification and policy delivery solution, the network administrator needs
to design terminal identification methods and terminal policies.
1 2
Identification
Description Applicable Scenario
Method
Some options of a terminal's DHCP packets can be used to Mobile phones, tablets, PCs, workstations,
DHCP Option
classify terminals, for example, DHCP options 55, 60, and 12. IP cameras, IP phones, printers
mDNS mDNS packets contain terminal model and service information. Apple devices, printers, IP cameras, etc.
When terminals access the network, network devices can collect terminal information and report the information to iMaster NCE-
Campus, which can automatically identify the type, operating system, and manufacturer of the terminals.
Page 58 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Access Control Design — Terminal Identification
Methods (2/2)
1 Analyze the network 2 Traverse items one by one according to the following table
1. Collect the types of terminals Based on the collected information, traverse the items listed in the following table and select the required
terminal identification methods. All the identification methods that meet requirements must be enabled.
on the network, such as PCs,
mobile phones, printers, IP Identification
Identifiable Terminal Type Application Scenario
cameras, and access control Method
devices. MAC OUI All IP terminals (identifying device manufacturers only) General scenarios
2. Check whether Portal Mobile phones, tablets, PCs, workstations, intelligent Portal authentication
HTTP UserAgent
authentication is deployed. audio/video terminals scenarios only
3. Check whether the IP Mobile phones, tablets, PCs, workstations, IP cameras, Dynamic IP address
DHCP Option
IP phones, printers, etc. assignment scenarios only
addresses of terminals are
assigned in DHCP or static LLDP IP phones, IP cameras, network devices, etc. General scenarios
mode. mDNS Apple devices, printers, IP cameras, etc. General scenarios
1 Perform policy design. Sort out the types of terminals that require automatic
policy delivery on the network,
3
• Enable automatic policy delivery based on terminal types to design corresponding authorization policies, and
authorize policies depending on access authentication. configure the policies on iMaster NCE-Campus.
• Deploy access authentication on access switches and APs. Item Access Policy Authorization Policy
• Enable MAC address authentication on access switches and Operating system:
APs when dumb terminals are deployed. User access Authorized ACL 1
Android
B. Device deployment
C. Signal simulation
D. Report export
E. Configuration delivery
2. Which of the following functions are also supported by the CloudCampus APP?
A: Deployment
B: Onsite acceptance
C: O&M
D: Site survey
Page 61 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Quiz
• 3. What are the advantages of MAC address authentication?
A:Authentication packets and data packets are separately transmitted through logical
interfaces.
B:If terminals (including dumb terminals such as printers and fax machines) fail to be
authenticated using 802.1X authentication, they can be authenticated through MAC address
authentication.
C:A user does not need to enter a user name and password for MAC address authentication.
D:In the CloudCampus Solution, the intelligent terminal identification function can be used
to eliminate the need to manually record terminals' MAC addresses.
SSID1 SSID2
Unlimited Bandwidth
bandwidth < 20 Mbit/s
Employee terminals Customer terminals Employee terminals Customer terminals FTP applications
This mode is applicable to the scenario where an This mode is applicable to the scenario where This mode is applicable to the scenario where
administrator wants to perform refined control an administrator performs comprehensive an administrator manages and controls the
over the traffic of each user. For example, the management and control over traffic of all traffic that meets specific characteristics. For
administrator assigns different bandwidths for users connected to a specific service. For example, the administrator rate-limits FTP
VIP users, enterprise employees, and guests. example, the administrator limits the maximum traffic on the network.
bandwidth for all guests to 20 Mbit/s.
Modifying DSCP priorities based on application types Re-marking DSCP priorities of packets based on user groups
Internet Internet
VIP
The firewall can identify traffic attributes and match the attributes with security
policy conditions.
Internet If all the conditions are met, the traffic matches the security policy. The firewall
External
network then applies the action defined in the matching security policy to the traffic.
• Control traffic
• If the action is permit, the firewall checks the traffic content, and determines
forwarding whether to permit traffic based on content security detection results.
• Control content
security monitoring Firewall • If the action is deny, the firewall does not allow the traffic to pass through.
On downlink interfaces of the access layer, configure When DHCP snooping is enabled, the interface directly or
suppression of broadcast, unknown unicast, and multicast indirectly connected to a trusted DHCP server needs to be
(BUM) packets to effectively reduce broadcast storms. configured as a trusted interface, and other interfaces are
configured as untrusted interfaces. This ensures that
DHCP clients can obtain IP addresses only from the
authorized DHCP server.
Port isolation
Bogus traffic
L2 switch L2 switch
IPSG prevents unauthorized hosts from accessing or attacking the network You are advised to configure port isolation on
through IP addresses of authorized hosts or through specified IP addresses. the interfaces connecting the access switch to
A device with DAI enabled matches the source IP address, source MAC terminals. This configuration secures user
address, interface, and VLAN ID in an ARP packet against a binding table, and communication and prevents invalid
then discards invalid ARP packets after detecting them. broadcast packets from affecting user services.
STA AP AC AAA
Access
authentication
Link encryption
Attack Policy control
detection and
prevention
Rogue device Ad-hoc device Rogue STA Rogue AP Rogue bridge
The same static key needs to be preconfigured on the server and client. Both the encryption mechanism and the
WEP
encryption algorithm are vulnerable to security threats. Therefore, this authentication mode is not recommended.
WPA and WPA2 provide almost the same level of security. WPA/WPA2 has two editions: enterprise edition and personal
edition.
• WPA/WPA2 in enterprise edition requires an authentication server and is recommended for employee access on
WPA/WPA2 medium- and large-sized campus networks.
• WPA/WPA2 in personal edition does not require an authentication server and is recommended for guest access on
medium- and large-sized campus networks. The WPA/WPA2-Private PSK (PPSK) enhances network security while
ensuring the convenience.
WAPI WAPI is a WLAN security standard proposed in China and provides higher security than WEP and WPA.
For example, in an enterprise, the following access authentication modes can be used:
• Enterprise employees: WPA/WPA2-802.1X authentication
• Guests: WPA/WPA2-PPSK or Portal authentication
• Dumb terminals: MAC address authentication
In addition, if users do not need to communicate with each other, it is recommended that user isolation be configured.
Cloud management
API orchestration framework
platform
Tenant network
• Manual replacement of paper shelf labels in stores, which is slow and error-prone
Solutions
• IoT APs provide built-in IoT slots to implement IoT & Wi-Fi convergence and co-
site deployment. ELSs interconnect with management and ERP systems of
supermarkets to dynamically display prices and implement interactive functions
such as real-time price change and out-of-stock warning.
Small chain • Information about wireless terminals such as barcode scanners can be imported
supermarket in batches, implementing access of massive terminals quickly.
Customer benefits
POS Mobile Barcode POS Mobile Barcode
machine phone scanner machine phone scanner
• IoT & Wi-Fi convergence deployment and unified planning, saving investments
Store 1 Store N • Real-time or periodic update of ESLs, ensuring fast response, eliminating errors,
and reducing costs
Solutions
• Firewalls function as egress gateways. Switches and APs provide wired and wireless
Internet network access, and the switches supply power to APs and terminals.
• The wireless network reports information to big data platform in real time. iMaster
Big data platform then analyzes customers' preferences and habits, accurately
pushes advertisements to customers, and assists in goods display.
• The digital screen displays discount information in real time for customers and
online price comparison and self-service checkout are supported.
Medium-sized store
Customer benefits
• Access devices supply power to cameras, reducing cabling costs. Video surveillance
POS Mobile Barcode POS Mobile Barcode
machine phone scanner machine phone scanner ensures property security.
Camera Camera
• iMaster NCE-CampusInsight helps customers make operation decisions, improve
Store 1 Store N sales performance, and enhance customer loyalty through precision pushing.
Solutions
• Core switches, access switches, and APs are managed in a unified manner,
• Portal, SMS, social media, and MAC address authentication modes are supported
to ensure access security of dumb terminals (including phones, printers, and
cameras).
• On a WLAN, APs collect and report RSSI information about terminals to the RTLS.
The RTLS then uses the established fingerprint database to calculate locations of
Large shopping mall terminals and provide services such as car seeking and store navigation.
Shopping Parking lot Office
area area Customer benefits
Customer benefits
Mobile Mobile
Wristband Camera Wristband Camera
phone phone • Devices are plug-and-play and networks are deployed remotely, reducing deployment
costs. Servers such as the network management system (NMS) do not need to be
PC PC
deployed locally, reducing investment costs.
School 1 School N • The cloud platform provides various northbound APIs to connect to multiple applications,
facilitating on-demand subscription.
Page 75 Copyright © Huawei Technologies Co., Ltd. All rights reserved.
Quiz
• 1. In Huawei public cloud scenario, the DHCP options cannot be configured on the network. Which
deploy mode is recommended?
A. CloudCampus APP
B. Registration center
C. Web system
D. CLI
2. Which terminal identification methods can be used in portal authentication scenarios only?
A. MAC OUI
B. HTTP UserAgent
C. DHCP Option
D. LLDP