Successful campus network construction of Beijing Normal University

Source: Internet
Author: User

The original campus network student dormitory of Beijing Normal University is a typical network composed of three-layer switches and two-layer switches. It not only has limited performance, but also does not provide a wide range of effective management methods. As students need to access the Internet and more businesses are added, students and faculty members need to authenticate the network and pay for the network by traffic, duration, or monthly subscription. the campus network needs to be operated securely, to prevent address theft, You need to perform multicast, voice, streaming media, MPLS, and other services in the future. Therefore, the current equipment and networking solutions are difficult to meet the requirements. They urgently hope to transform and expand the network, effectively manage the whole network, and develop more services.

To this end, Beijing Normal University cooperated with Huawei to choose the three-tier switch QuidwayS6506, independently developed by Huawei, and the certified billing software CAMS (Integrated Access Management Server Comprehensive Access Management Server ), and make full use of existing equipment to upgrade the campus network of Beijing Normal University, so that the overall network switching performance is greatly improved while providing user management, business management and flexible billing policies. The following is an overview of the campus network upgrade and transformation of Beijing Normal University.

Overview of the original Campus Network

The original master Exchange Device of the campus network of Beijing Normal University is 3550 of a 3COM instance, which is uplinked to an external Internent network through a hardware firewall through NAT translation. The downlink connection is the 3624i and 3225 of the D-LINK, basically a dormitory building a 3624i or 3225. For 3624i and 3225, the user's PC is directly connected to 3624 and 1624. The networking solution with medium and low-end Layer-3 switches as the core has the following limitations:

1. The primary switch is no longer able to meet service traffic requirements.

2. the bandwidth of each user cannot be limited. Therefore, it is difficult for multiple users to use a gateway (such as wingate) to access the Internet, resulting in a loss of revenue for school operations, there are blind spots in management.

3. the billing mode is single. Currently, you can only use the monthly subscription billing method. It is difficult to customize the billing mode based on the personalized needs of different users, such as billing by time, traffic, or bandwidth.

4. There is no effective authentication and billing method. It cooperates with third-layer switching equipment and professional certification billing software to efficiently and standardize the unified electronic management of various users. Currently, two-layer switch and three-layer switch 802.1x authentication modes on the Internet do not have a billing service platform.

5. It is difficult to achieve effective and unified management of the entire campus network. Currently, the campus network of normal China Normal University uses the static IP Address Configuration method. Even if the user uses an IP address that is not his or her own, the user can access the Internet normally. Therefore, the use of others' IP addresses often causes management inconvenience.

6. Because each building is basically divided into four or more VLANs, data exchange between all VLANs requires a layer-3 Switch. When the data traffic between floors or buildings is large, it is easy to make layer-3 switches a network bottleneck.

Huawei's upgrade solution

How does Huawei upgrade the solution to integrate layer-3 Switch Quidway? S6506 and CAMS (Integrated Access Management Server Comprehensive Access Management Server) as the core.

Where, Quidway? S6506 is a high-density three-layer switch developed by Huawei. It is suitable for campus networks and large campus networks as core switching devices. Its system backboard bandwidth is 128 GB and the switching capacity is 64 GB, the forwarding capability of the entire machine reaches 48 Mpps. CAMS is a certified billing software developed by Huawei for the goals of manageable, operational, and profitable networks, CAMS can work with network products such as routers, Ethernet switches, VoIP gateways, and access servers to complete end-user authentication, authorization, billing, and permission management, the network is manageable and value-added, ensuring the security of network and user information. What is Quidway added to the campus network of Beijing Normal University? After S6506 and CAMS, both performance and operation management capabilities have been greatly improved. The planned campus network of Beijing Normal University is as follows:

S6506 provides powerful Qos/ACL capabilities, which can allocate certain bandwidth to each user in the campus network or the subnet of a dormitory. QOS/ACL and CAMS can be combined to meet the actual needs of users, A flexible billing solution is used to customize personalized services. S6506 supports the latest 802.1x authentication. Combined with CAMS, it can provide a complete authentication and billing solution to achieve manageable and value-added networks.

Start 802.1x authentication for each port under S6506. The PCs on each dormitory floor must pass the 802.1x client for authentication. Enter the user name and password. S6506 authenticates the user name and password through the CAMS server, if the authentication succeeds, the user's PC can access the external network, and the CAMS server starts billing for the user. After 802.1x authentication is passed, you need to dynamically obtain the IP address to access the external network, which is allocated by the DHCP server. DHCP relay is configured on each downstream interface of S6506, and the address check function is enabled. If the IP address is not obtained dynamically through DHCP, but is configured randomly, the user cannot access the Internet. The access control list is also set on S6506 to limit the maximum bandwidth of each user to 64 Kbit/s, which can effectively limit the access of multiple machines through a gateway (such as wingate. To save investment in network transformation, this upgrade only adds one S6506, which is equivalent to S6506 as a service gateway. S6506 supports authentication of 4,000 users, and the CAMS system supports authentication of 10,000 users. As the number of users increases, you can add one S6506 and two S6506 for business sharing, or move the 802.1x and dhcp relay functions down, the layer-3 Switch and layer-2 switch mounted under S6506 implement functions such as authentication and dhcp rela, thus reducing the burden on S6506.

At present, campus network construction is showing features similar to IP Man, with more and more emphasis on network operation and management capabilities. The campus network upgrade of Beijing Normal University is a typical case that fully reflects this trend and has a good construction effect. In addition to the campus network of Beijing Normal University, Huawei has helped Tongji University, Nankai University, Heilongjiang University and other universities in Shanghai successfully build a "operable and manageable" campus network.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.