Open Cloud Connect Usage Guide

17 min

\scenario overview\ the open cloud connect scenario fully unleashes the classic layer 2 switching and layer 3 routing capabilities in standalone mode its modular architecture provides flexible component combination options, allowing users to customize network functions based on actual business needs \visualized centralized management and device level flexible configuration\ this solution offers flexible and open network configuration capabilities through a centralized controller, operations staff can deliver configurations to switches via a graphical interface, significantly simplifying the deployment process at the same time, the solution supports atomic level, on demand service configuration for individual devices this process is independent of the network topology, offering high flexibility and scenario adaptability to precisely meet various business needs from standardized deployments to highly customized requirements \intelligent and unified operations management with proactive insights\ in terms of deployment and management, this solution utilizes a unified controller for centralized policy distribution and device management beyond that, the controller boasts powerful real time monitoring and intelligent analysis capabilities it continuously collects operational status and performance metrics from across the network, intelligently calculates a health score for each device based on multi dimensional data, and provides extensive logging and precise real time alerts this mechanism greatly simplifies network operations, enabling administrators to proactively identify potential risks, quickly locate issues, and resolve them thereby comprehensively improving operational efficiency and network reliability \enhanced network services and edge autonomy\ furthermore, the system supports the direct deployment of dhcp servers on leaf nodes, further enhancing the autonomy and deployment flexibility of network services this effectively meets users' address management requirements in diverse network environments \scheme design\ \network architecture \ the open cloud connect scenario allows users to flexibly configure access devices in the above network design, wireless networks are deployed on access 1 and access 2, while a wired network is deployed on access 3 the gateways for the wireless networks are uniformly deployed on the core, whereas the gateways for the wired network are deployed on the access devices, making management and expansion more convenient \dhcp deployment \ the dhcp services for wireless terminals and ap management are deployed on the core device, providing a consistent ip address acquisition point for wireless terminals and enabling seamless roaming in contrast, the dhcp service for wired terminals is deployed on the access devices, facilitating rapid fault localization and streamlining the troubleshooting process \controller deployment \ the controller is cloud deployed and managed uniformly via a graphical interface it enables centralized policy distribution, configuration management, and status monitoring, significantly enhancing operational efficiency particularly for batch configuration and deployment of access devices, it greatly reduces the workload \service planning \ service type ip segment gateway service vlan ssid wireless service 180 10 0 0/24 180 10 0 1/24 1080 new ssid wired service 181 10 0 0/24 181 10 0 1/24 1081 ap management 182 10 0 0/24 182 10 0 1/24 1082 \device import\ administrators can create or import devices in bulk to specified sites/organizations when an added inventory device connects to the controller and comes online, the controller will automatically assign it to the designated organization/site based on its mac address \add devices one by one \ click \[configuration] \[inventory information] \[+] to create an inventory device fill in the relevant information as prompted on the page \import via excel\ click \[upload devices] click \[download template] and enter the information for the devices to be added to the inventory according to the template's specifications mac the device's mac address this information is typically found on the device's label device type the device model name the device hostname by default, it is the device's mac address configtag after an ap connects to the controller, it will automatically pull the configuration file corresponding to this tag by default, the tag value is default firmwaretag when performing firmware upgrades, devices requiring an upgrade can be filtered based on their firmware tag type by default, the tag value is default loopback the device's loopback address for all devices operating at layer 3, this address serves as the device's in band management address aclscaleprofile optional values are default or large scale by default, the value is default license the ap's license file for bulk imports, you can either enter the json formatted license file content directly in the excel sheet, or add all devices to inventory first and then import the license files in bulk afterward description descriptive information about the device click \[choose file] to upload the completed template, then click \[test upload data] the controller will automatically check if the uploaded data complies with the specifications and display the results in the test report once completed, users can view the created devices in the \[inventory information] view \service configuration\ \design topology\ navigate to the \[configuration] view from the controller's navigation bar, click \[design topology] , select \[open cloud connect] , and then click \[save] \switch configuration\ click \[create] on the right to set up the switch configuration \access 1\ create a switch configuration for access 1 name user defined device select the access 1 device procedure description step 1 \configure business vlan\ access 1 is a pure layer 2 configuration, where only business vlan id and member interface need to be specified all other configurations are generated by the controller \configuring the wireless business vlan\ dhcp trust authorizes the selected switch port to forward dhcp messages from legitimate dhcp servers ports not configured as "trusted" are prohibited from doing so, fundamentally preventing dhcp spoofing attacks access/trunk select the mode based on whether the interfaces send and receive frames with vlan tags access receives untagged frames typically configured for the ap management vlan and wired service vlans trunk receives tagged frames typically configured for wireless service vlans members click the dropdown arrow to select the member interfaces for the vlan on the device \configuring the ap management vlan \ note when the address allocation method for the vlanif interface is set to dynamic, the switch will obtain an ip address through the dhcp process this ip address serves as the management address for the switch and resides in the same ip subnet as the management addresses of the aps step 2 \poe\ the access switch features poe functionality, which can be directly enabled in the wired service configuration to supply power to pd devices click \[create] select the interface where the poe function is to be enabled and set the startup delay time step 3 \device\ ntp configure the ntp server ip address as the controller's address to provide a unified, accurate, and reliable time reference for the devices \access 2\ the configuration for access 2 is identical to that of access 1 users can complete the entire setup by copying the configuration from access 1 and then making targeted modifications click the \[copy] button on the right change the configuration name and click \[save] click the \[edit] button on the right change the device to access 2 once completed, click \[save] on the right \access 3\ deploy the wired service configuration on the access 3 and deploy the wired service gateway procedure description step 1 \configuring routing\ click \[create] in this scenario, the access device supports connecting to external networks by configuring static routes to ensure normal network operation, a default route typically needs to be configured the next hop ip should be the uplink address of the access device once completed, click \[add] step 2 \configure business vlan\ if the gateway is deployed on the access device, you need to enable \[create vlanif] when creating the service vlan and fill in the \[ip] address as the gateway for this service step 3 \dhcp server\ the open cloud connect scenario supports the deployment of a dhcp local service on access devices click \[create] on the right side of ip management select the ip management method as \[dhcp server] , choose vlan as the wired service vlan 1081, and click \[next] configure the network, address pool range, gateway address, and lease time configure mac bind ip (optional) once all configurations are complete, click \[save] in the upper right corner step 4 \wired clients information collection\ interfaces with this feature enabled will report information about the connected wired terminals to the controller step 5 \device \ same as access 1 once all configurations are complete, click \[save] to finalize the access 3 setup \wi fi configuration\ click \[wi fi configuration] \[+] to configure the necessary basic information for the wireless ap, e g ssid settings, security policy the controller can automatically generate the corresponding the controller supports the configuration of different wireless service configurations, and after the ap goes online, it will determine which configuration should be issued to the ap based on the \[config tag] attributes of the configuration \ssid\ \lan(optional)\ when the ap is one that has an extended wired interface and is capable of accessing terminals by wired means, such as a panel ap, the user can configure the access method for wired terminals through the configuration in lans upstreamports specify the up link interfaces for wired terminal to access the network through ap, usually it is the interface for ap to connect to the switch, and keep the same with \[upstreamports] in \[ssid] \[advanced] settings, the default is wan downstreamports interfaces for wired terminal access downstream vlan tag whether the wired terminal carries vlan tag vlan id the ap receives messages from wired terminals that add this vlan tag to identify dhcp snooping trusted dhcp snooping trusted interface, if the wired terminal needs to obtain ip address through dhcp service, this switch needs to be on \configuration release\ \switch\ on the \[configuration] \[switch configuration] view, select the configuration to be deployed and click the \[push configuration] button in the pop up window, click \[next] \[start] to deploy the switch configuration to the switch \ap\ the ap does not need to manually issue the configuration after the configuration of the device is issued and takes effect, the poe power supply function of the switch is turned on, and the ap can power on and work when the ap connects to the controller with the information obtained through the dhcp service, the controller will automatically send the configuration to the corresponding ap based on the comparison between the tag identification stored in the ap inventory and the tag identification in the planning configuration