H3C MSR3610-I iMC EAD Deployment Manual

H3C
Brand
H3C
Model
MSR3610-I iMC EAD
Category
Networking
Type
Deployment Manual
H3C MSR3610-I iMC EAD
End-user Admission Defense Gateway
VM Deployment Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: MSR-CMW710-E0809
Document version: 5W100-20200619
Copyright © 2020, New H3C Technologies Co., Ltd. and its licensors
All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior written
consent of New H3C Technologies Co., Ltd.
Trademarks
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this
document are the property of their respective owners.
Notice
The information in this document is subject to change without notice. All contents in this document, including
statements, information, and recommendations, are believed to be accurate, but they are presented without
warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions
contained herein.
Preface
This deployment guide describes the fundamentals of VM deployment on the H3C MSR3610-I iMC
EAD End-user Admission Defense Gateway, including the VM login method, network configuration,
and service data interaction modes. It also covers the following information:
How to deploy the EAD gateway.
How to configure RAID on the EAD gateway.
How to manage and configure the VM and display VM information on the EAD gateway.
This preface includes the following topics about the documentation:
Audience.
Conventions.
Documentation feedback.
Audience
This documentation is intended for:
Network planners.
Field technical support and servicing engineers.
Network administrators.
Conventions
The following information describes the conventions used in the documentation.
Command conventions
Convention Description
Boldface Bold
text represents commands and keywords that you enter literally as shown.
Italic
Italic text represents arguments that you replace with actual values.
[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.
{ x | y | ... }
Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.
[ x | y | ... ]
Square brackets enclose a set of optional syntax choices separated by vertical bars,
from which you select one or none.
{ x | y | ... } *
Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select a minimum of one.
[ x | y | ... ] *
Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.
&<1-n>
The argument or keyword and argument combination before the ampersand (&) sign
can be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
GUI conventions
Convention Description
Boldface
Window names, button names, field names, and menu items are in Boldface. For
example, the
New User
window opens; click
OK
.
>
Multi-level menus are separated by angle brackets. For example,
File
>
Create
>
Folder
.
Symbols
Convention Description
WARNING!
An alert that calls attention to important information that if not understood or followed
can result in personal injury.
CAUTION:
An alert that calls attention to important information that if not understood or followed
can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT:
An alert that calls attention to essential information.
NOTE:
An alert that contains additional or supplementary information.
TIP:
An alert that provides helpful information.
Network topology icons
Convention Description
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that
supports Layer 2 forwarding and other Layer 2 features.
Represents an access controller, a unified wired-WLAN module, or the access
controller engine on a unified wired-WLAN switch.
Represents an access point.
Represents a wireless terminator unit.
Represents a wireless terminator.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
Represents a security product, such as a firewall, UTM, multiservice security
gateway, or load balancing device.
T
T
T
T
Convention Description
Represents a security module, such as a firewall, load balancing, NetStream, SSL
VPN, IPS, or ACG module.
Examples provided in this document
Examples in this document might use devices that differ from your device in hardware model,
configuration, or software version. It is normal that the port numbers, sample output, screenshots,
and other information in the examples differ from what you have on your device.
Documentation feedback
You can e-mail your comments about product documentation to [email protected].
We appreciate your comments.
i
Contents
Introduction ····················································································· 1
Factory defaults ························································································································· 1
Interfaces ·························································································································· 1
Default VM parameters ········································································································· 2
VM login method ························································································································ 2
VM network configuration ············································································································ 3
Service data interaction modes of the VM ······················································································· 3
Intra-VLAN broadcasting ······································································································· 3
Layer 3 routing ···················································································································· 4
Deploying the EAD gateway in a network ·············································· 5
Deployment process ··················································································································· 5
Preparations for EAD gateway deployment ······················································································ 5
Preparing a management host and tool software ········································································ 5
Connecting the management host and the EAD gateway ····························································· 6
Configuring IP address settings for the management host ···························································· 6
Preparing for VNC Viewer login ······························································································ 7
Logging in to the VM ··················································································································· 8
Configuring VM network settings ··································································································· 9
Configuring the EAD gateway through IMC ···················································································· 11
About EAD gateway configuration through IMC ········································································ 11
Displaying IMC service running status···················································································· 11
Example: Deploying the EAD gateway in a network ········································································· 13
Configuring RAID ··········································································· 15
About RAID ···························································································································· 15
Restrictions and guidelines for RAID configuration ·········································································· 15
Configuring RAID ····················································································································· 16
Partitioning the hard disks and modifying the file system format ·················································· 16
Creating a RAID ················································································································ 16
Restoring a RAID ·············································································································· 16
Removing a RAID ·············································································································· 17
Displaying RAID status information ······················································································· 17
Managing VMs ·············································································· 17
Starting the VM ······················································································································· 17
Stopping the VM ······················································································································ 18
Configuring VM auto-start ·········································································································· 18
Backing up the VM ··················································································································· 18
Restoring the VM ····················································································································· 19
Exporting the VM to a .pkg file ···································································································· 19
Uninstalling the VM ·················································································································· 19
Adding a disk to the VM············································································································· 19
Configuring VMs ············································································ 20
Display and maintenance commands for VM management ····················· 20
1
Introduction
The H3C MSR3610-I iMC EAD End-user Admission Defense Gateway (referred to as the EAD
gateway hereinafter) can cooperate with access services (for example, L2TP, 802.1X, and portal) to
achieve the following purposes:
Ensure endpoint access security.
Prevent endpoints from network threats.
Control endpoints' network access behaviors.
To improve the high availability of authentication data, the EAD gateway is built with two
SIC-M2-SATA drives operating in RAID 1 mode.
The EAD gateway is shipped with a VM that runs the CentOS operating system. The VM is installed
with IMC software and EAD components by default, and it has been assigned an SR-IOV NIC with
an IP address.
Factory defaults
Interfaces
The EAD gateway provides the following interfaces by default:
Layer 3 Ethernet combo interfaces GigabitEthernet 0/0 and GigabitEthernet 0/1.
Layer 2 Ethernet copper interfaces GigabitEthernet 0/2 to GigabitEthernet 0/8, in which
GigabitEthernet 0/8 is an internal interface used to connect the SR-IOV NIC of the VM.
Figure 1 sh
ows the interfaces on the EAD gateway.
Figure 1 Interface network diagram
2
Default VM parameters
The EAD gateway is shipped with a VM. The default VM parameters are as follows:
The VM name is EAD_VM, which is case sensitive.
The VM operating system is CentOS.
The login username of the VM operating system is root, which is case sensitive.
The login password of the VM operating system is iMC123, which is case sensitive.
The VNC port number is 98. Users can log in to the desktop of the VM by using this port number
through VNC Viewer.
The VM is assigned an SR-IOV NIC. By default, the NIC belongs to VLAN 4094.
The IP address of the VM is 10.1.1.2/30 and the default gateway is 10.1.1.1.
The IP address of VLAN-interface 1 is 192.168.0.1/23.
The IP address of VLAN-interface 4094 is 10.1.1.1/30.
VM login method
To use a management host to log in to the VM, make sure the management host has routes to reach
the EAD gateway.
The EAD gateway allows users that use VNC Viewer to log in to the desktop of the VM by connecting
to the VM VNC server in VNC server IP address:VNC port number format.
VNC server IP address—The IP address of a Layer 3 interface or a VLAN interface on the
EAD gateway.
VNC port number—The VNC port number of the VM. The VNC port number is configurable at
the CLI of the EAD gateway.
Figure 2 VM login through the IP address of a Layer 3 interface
3
Figure 3 VM login through the IP address of a VLAN interface
VM network configuration
The VM deployed on the EAD gateway is assigned a high-performance SR-IOV NIC by default. The
NIC is shipped with IP address 10.1.1.2/30 and gateway 10.1.1.1. For a client host to access the VM,
use one of the following methods:
Configure the client host to use an IP address that can reach the subnet of the VM NIC.
Log in to the desktop of the VM and reconfigure an IP address for the VM NIC according to the
user network configuration.
Service data interaction modes of the VM
The EAD gateway provides the following service data interaction modes for the VM:
Intra-VLAN broadcasting.
Layer 3 routing.
IMPORTANT:
By default, the SR-IOV NIC of the VM on the EAD gateway belongs to VLAN 4094.
Intra-VLAN broadcasting
For a client host to access the VM, configure IP addresses for the client host and the VM that belong
to the same subnet and assign them to the same VLAN. As shown in Figure 4, the cli
ent host
accesses the VM through a Layer 2 Ethernet interface on the EAD gateway in the same VLAN.
4
Figure 4 Intra-VLAN broadcasting mode
Layer 3 routing
The VM NIC belongs to a VLAN. Set the IP address of the VLAN interface to an IP address reachable
to the client hosts, and specify the default gateway of the VM as the IP address of the VLAN interface.
The client hosts interact with the VM through a Layer 3 Ethernet interface or VLAN interface of the
EAD gateway, as shown in Figure 5.
Figure 5
Layer 3 routing mode
5
Deploying the EAD gateway in a network
Deployment process
The EAD gateway ensures endpoint access security, controls endpoints' access behaviors, and
backs up authentication data in the network. Figure 6 sh
ows the deployment process of the EAD
gateway in a network.
Figure 6 Deployment process
Preparations for EAD gateway deployment
Preparing a management host and tool software
Prepare a management host used to log in to the VM on the EAD gateway. Prepare a serial
cable and a network cable to connect the management host and the EAD gateway.
Install a terminal emulation program (for example, PuTTY) on the management host used to log
in to the CLI of the EAD gateway for VM parameter configuration and query.
Install remote login software (for example, VNC Viewer) on the management host used to log in
to the desktop of the VM and process services on the VM operating system.
6
Connecting the management host and the EAD gateway
Use the serial cable to connect the management host and the console port of the EAD gateway. The
management host can use the PuTTY software to log in to the CLI of the EAD gateway through the
serial cable.
Use the network cable to connect the management host and GigabitEthernet 0/3 on the EAD
gateway. The management host can communicate with the EAD gateway through the network cable.
Figure 7 s
hows the network diagram.
Figure 7 Connecting the management host and EAD gateway
Configuring IP address settings for the management host
About this task
Use one of the following methods to configure IP address settings for the management host:
Automatic IP address assignment—By default, DHCP is enabled on the EAD gateway. If the
management host chooses to dynamically obtain an IP address, the EAD gateway randomly
assigns an IP address to the management host from the IP address pool. By default, the IP
address pool on the EAD gateway contains IP addresses from 192.168.1.1/23 to
192.168.1.254/23.
Manual IP address configuration—Manually configure an IP address for the management
host.
Procedure
To manually configure an IP address for the management host:
1. Open the Network and Sharing Center and select Local Area Connection.
2. In the dialog box that opens, click Properties.
3. In the dialog box that opens, select Internet Protocol Version 4 (TCP/IPv4) and click
Properties.
4. In the dialog box that opens, configure the IP address settings as shown in Figure 8.
In this examp
le, the IP address is 192.168.0.2/23.
7
Figure 8 Configuring IP address settings for the management host
Verifying the configuration
# Verify that the management host can ping the EAD gateway and the EAD gateway can ping the
management host. (Details not shown.)
Preparing for VNC Viewer login
About this task
To use VNC Viewer to log in to the desktop of the VM, you must obtain the VM name and VNC port
number and make sure the VM has been started. Perform this task to obtain the VM name and VNC
port number and view the VM status.
By default, the VM name on the EAD gateway is EAD_VM and the VNC port number is 98.
Obtaining the VM name and VM status
Log in to the CLI of the EAD gateway and use the display vmlist command to obtain the VM
name and status. If the VM is in shutoff state, use the start vm command to start the VM.
# Obtain the VM name and status.
<H3C> display vmlist
Id Name Status
------------------------------------------
- EAD_VM running
# (Optional.) Start the VM.
<H3C> system-view
[H3C] vmm
[H3C-vmm] start vm EAD_VM
Domain EAD_VM started
Obtaining the VNC port number of the VM
# Obtain the VNC port number of the VM.
<H3C> display vncport vm EAD_VM
:98
8
Logging in to the VM
In this example, IP address 192.168.0.1/23 is used as the VNC server IP address. This IP address is
the default IP address of VLAN-interface 1 on the EAD gateway.
Logging in to the desktop of the VM
1. On the management host, open VNC Viewer, and connect to the desktop of the VM by using
the VNC server in the format of VNC server IP address:VNC port number, as shown in Figure 9.
Figure 9
VNC Viewer login interface
2. If VNC Viewer flashes to exit, set the VNC configuration color level to full:
a. Click Options on the login interface.
b. Click the Expert tab.
c. Select ColorLevel.
d. Set the value of ColorLevel to full as shown in Figure 10.
Figure 10
Modifying the color level
9
Logging in to the VM operating system
As a best practice to ensure VM security, change the default login password of the VM operating
system.
After you use VNC Viewer to log in to the desktop of the VM, enter the username and password to
log in to the VM operating system.
By default, the login username is root and the login password is iMC123.
As shown in Figure 11, ent
er the password to log in to the VM operating system.
Figure 11 Logging in to the VM operating system
Configuring VM network settings
About this task
By default, the VM IP address is 10.1.1.2/30 and the gateway is 10.1.1.1. To modify the IP address
settings, perform this task.
Restrictions and guidelines
The VM NIC belongs to a VLAN. The gateway address of the VM must be the IP address of the
VLAN interface.
Procedure
1. Select the Network Settings menu in the upper right corner of the desktop.
2. Select Wired Connected and click Wired Settings, as shown in Figure 12.
10
Figure 12 Opening the wired connection
3. Click the gear icon as shown in Figure 13.
Figure 13 Opening the network setting configuration page
4. Configure IP address settings for the VM, as shown in Figure 14.
Figure 14 Configuring IP address settings
11
5. Verify that the management host can ping the VM. To ensure a successful ping operation, make
sure the firewall of the VM is disabled. By default, the firewall of the VM is disabled. (Details not
shown.)
Configuring the EAD gateway through IMC
About EAD gateway configuration through IMC
After the management host and the EAD gateway become reachable, you can access the IMC Web
interface to configure the EAD gateway through the management host. For more information about
IMC, see user manuals for the H3C Intelligent Management Center in the network management
section of technical documents on H3C websites.
Displaying IMC service running status
The IMC services installed on the VM of the EAD gateway have been set to auto-start when the
gateway is shipped. When the VM starts up, the IMC services also start up.
To view the running status of IMC services and the deployment status of the EAD component:
1. Right-click the VM desktop and select Open Terminal to enter the CLI of the CentOS
system. Figure 15 sh
ows the CLI.
Figure 15 VM CLI
2. Open the page that displays IMC services.
[root@localhost~]# cd /opt/iMC/deploy/
[root@localhost~]# ./dma.sh
Figure 16 shows the page that displays IMC services.
12
Figure 16 IMC services
3. Click the Process and Deploy tabs to view the status of the IMC service processes and the
deployment status of the EAD component, respectively, as shown in Figure 17 a
nd Figure 18.
Figure 17 IMC service processes
13
Figure 18 IMC component deployment
Example: Deploying the EAD gateway in a
network
Network configuration
As shown in Figure 19, configure the EAD gateway to control the access behaviors of Device A,
Device B, and Device C.
Device A, Device B, and Device C access Layer 2 Ethernet interface GigabitEthernet 0/2 on the EAD
gateway through the switch.
The management host accesses Layer 2 Ethernet interface GigabitEthernet 0/3 on the EAD
gateway.
14
Figure 19 Network diagram
Procedure
1. Configure the IP address of the management host as 192.168.0.2/23 and the default gateway
as 192.168.0.1. (Details not shown.)
2. Configure the IP addresses of Device A, Device B, and Device C as 192.168.0.3/23,
192.168.0.4/23, and 192.168.0.5/23, respectively. Configure their default gateway as
192.168.0.1. (Details not shown.)
Verifying the configuration
1. Verify that the management host can ping the VM on the EAD gateway. (Details not shown.)
2. Verify that you can log in to the Web interface of the IMC platform. To log in to the Web interface,
enter a string in the VM IP address:port number/imc format in the address bar of the Web
browser, as shown in Figure 20.
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27

H3C MSR3610-I iMC EAD Deployment Manual

H3C
Brand
H3C
Model
MSR3610-I iMC EAD
Category
Networking
Type
Deployment Manual
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers

Other documents