Idan kana da mai sarrafawa, babu matsala: yadda zaka iya kula da cibiyar sadarwarka mara igiyar waya cikin sauƙi

A cikin 2019, kamfanin tuntuɓar Miercom ya gudanar da ƙididdigar fasaha mai zaman kanta na masu kula da Wi-Fi 6 na jerin Sisiko Catalyst 9800. Don wannan binciken, an tattara benci na gwaji daga masu kula da Cisco Wi-Fi 6 da wuraren samun dama, kuma mafita ta fasaha ta kasance. tantance a cikin wadannan rukunan:

• Samuwar;
• Tsaro;
• Kayan aiki da kai.

Ana nuna sakamakon binciken a ƙasa. Tun daga 2019, ayyukan Cisco Catalyst 9800 jerin masu kula da jerin an inganta su sosai - waɗannan abubuwan kuma ana nuna su a cikin wannan labarin.

Kuna iya karanta game da wasu fa'idodin fasahar Wi-Fi 6, misalan aiwatarwa da wuraren aikace-aikacen a nan.

Bayanin Magani

Wi-Fi 6 masu sarrafawa Cisco Catalyst 9800 jerin

Cisco Catalyst 9800 Series Wireless Controllers, dangane da tsarin aiki na IOS-XE (kuma ana amfani da shi don masu sauyawa da na'urori na Cisco), suna samuwa a cikin zaɓuɓɓuka iri-iri.

Tsohuwar ƙirar mai sarrafa 9800-80 tana goyan bayan fitar da hanyar sadarwa mara waya har zuwa 80 Gbps. Ɗayan mai kula da 9800-80 yana goyan bayan wuraren shiga har zuwa 6000 kuma har zuwa abokan ciniki mara waya 64.

Tsarin tsaka-tsaki, mai kula da 9800-40, yana goyan bayan kayan aiki na 40 Gbps, har zuwa wuraren samun damar 2000 da har zuwa abokan ciniki mara waya na 32.

Baya ga waɗannan samfuran, ƙididdigar gasa ta kuma haɗa da mai kula da mara waya ta 9800-CL (CL tana tsaye ga Cloud). 9800-CL yana gudana a cikin mahallin kama-da-wane akan VMWare ESXI da KVM hypervisors, kuma aikin sa ya dogara da kayan aikin da aka keɓe don na'ura mai sarrafawa. A cikin matsakaicin tsarin sa, Cisco 9800-CL mai sarrafa, kamar tsohuwar ƙirar 9800-80, tana goyan bayan haɓaka har zuwa wuraren samun damar 6000 kuma har zuwa abokan ciniki mara waya 64.

Lokacin gudanar da bincike tare da masu sarrafawa, Cisco Aironet AP 4800 jerin wuraren samun damar shiga an yi amfani da shi, yana goyan bayan aiki a mitoci na 2,4 da 5 GHz tare da ikon canzawa a hankali zuwa yanayin 5-GHz dual.

Gwajin tsayawa

A matsayin wani ɓangare na gwajin, an haɗa tasha daga masu kula da mara waya ta Cisco Catalyst 9800-CL guda biyu masu aiki a cikin gungu da Cisco Aironet AP 4800 jerin hanyoyin shiga.

Kwamfutar tafi-da-gidanka daga Dell da Apple, da kuma wayar Apple iPhone, an yi amfani da su azaman na'urorin abokin ciniki.

Gwajin Samun dama

Ana bayyana samuwa azaman ikon masu amfani don samun dama da amfani da tsari ko sabis. Babban samuwa yana nuna ci gaba da samun dama ga tsari ko sabis, mai zaman kansa daga wasu abubuwan da suka faru.

An gwada babban samuwa a cikin yanayi huɗu, al'amuran uku na farko ana iya faɗi ko abubuwan da aka tsara waɗanda zasu iya faruwa a lokacin ko bayan sa'o'in kasuwanci. Labari na biyar gazawa ce ta al'ada, wanda lamari ne da ba a iya faɗi ba.

Bayanin al'amura:

• Kuskuren gyara - ƙaramin sabuntawa na tsarin (bugfix ko facin tsaro), wanda ke ba ku damar gyara wani kuskure ko rauni na musamman ba tare da cikakken sabunta software na tsarin ba;
• Sabunta aiki - ƙara ko faɗaɗa ayyukan tsarin yanzu ta hanyar shigar da sabuntawar aiki;
• Cikakken sabuntawa - sabunta hoton software mai sarrafawa;
• Ƙara wurin samun dama - ƙara sabon samfurin hanyar shiga zuwa cibiyar sadarwa mara waya ba tare da buƙatar sake saitawa ko sabunta software mai sarrafawa ba;
• Kasawa — gazawar mai sarrafa mara waya.

Gyara kwari da lahani

Sau da yawa, tare da mafita masu gasa da yawa, faci yana buƙatar cikakken sabunta software na tsarin mai sarrafa mara waya, wanda zai iya haifar da raguwar lokaci mara shiri. Game da maganin Cisco, ana yin faci ba tare da dakatar da samfurin ba. Ana iya shigar da faci akan kowane ɗayan abubuwan yayin da kayan aikin mara waya ke ci gaba da aiki.

A hanya kanta ne quite sauki. Ana kwafin fayil ɗin facin zuwa babban fayil ɗin bootstrap akan ɗaya daga cikin masu kula da mara waya ta Cisco, sannan ana tabbatar da aikin ta hanyar GUI ko layin umarni. Bugu da kari, zaku iya sokewa da cire gyara ta hanyar GUI ko layin umarni, kuma ba tare da katse aikin tsarin ba.

Sabunta aiki

Ana amfani da sabunta software na aiki don kunna sabbin ayyuka. Ɗaya daga cikin waɗannan haɓakawa shine sabunta bayanan sa hannun aikace-aikacen. An shigar da wannan fakitin akan masu kula da Sisiko a matsayin gwaji. Kamar dai tare da faci, ana amfani da sabunta fasalin, shigar, ko cirewa ba tare da wani tsangwama ko katsewar tsarin ba.

Cikakken sabuntawa

A halin yanzu, ana yin cikakken sabunta hoton software mai sarrafawa kamar yadda ake sabunta aikin, wato, ba tare da raguwa ba. Koyaya, wannan fasalin yana samuwa ne kawai a cikin tsarin tari lokacin da akwai mai sarrafawa fiye da ɗaya. Ana yin cikakken ɗaukakawa a jere: na farko akan mai sarrafawa ɗaya, sannan akan na biyu.

Ƙara sabon samfurin hanyar shiga

Haɗa sabbin wuraren shiga, waɗanda ba a taɓa sarrafa su tare da hoton software mai sarrafawa da aka yi amfani da su ba, zuwa hanyar sadarwa mara igiyar waya aiki ne na gama gari, musamman a manyan hanyoyin sadarwa (tashoshin jiragen sama, otal-otal, masana'antu). Sau da yawa a cikin hanyoyin fafatawa, wannan aikin yana buƙatar sabunta software na tsarin ko sake kunna masu sarrafawa.

Lokacin haɗa sabbin wuraren shiga Wi-Fi 6 zuwa gungu na Cisco Catalyst 9800 jerin masu kula, ba a ga irin waɗannan matsalolin. Ana haɗa sabbin maki zuwa mai sarrafawa ba tare da sabunta software mai sarrafawa ba, kuma wannan tsari baya buƙatar sake kunnawa, don haka baya shafar hanyar sadarwar mara waya ta kowace hanya.

gazawar mai sarrafawa

Yanayin gwajin yana amfani da masu sarrafa Wi-Fi 6 guda biyu (Active/StandBy) kuma wurin samun damar yana da haɗin kai kai tsaye zuwa duka masu sarrafawa.

Ɗayan mai kula da mara waya yana aiki, ɗayan kuma, bi da bi, madadin. Idan mai sarrafawa mai aiki ya gaza, mai kula da ajiyar yana ɗauka kuma matsayinsa yana canzawa zuwa aiki. Wannan hanya tana faruwa ba tare da katsewa ba don wurin shiga da Wi-Fi ga abokan ciniki.

Tsaro

Wannan sashe yana tattauna batutuwan tsaro, wanda lamari ne mai matukar wahala a cibiyoyin sadarwa mara waya. Ana kimanta tsaro na maganin bisa ga halaye masu zuwa:

• Gane aikace-aikacen;
• Bibiyar kwarara;
• Binciken zirga-zirgar da aka ɓoye;
• Gano kutse da rigakafin;
• Tabbatarwa yana nufin;
• Kayan aikin kariya na abokin ciniki.

Gane aikace-aikace

Daga cikin nau'ikan samfuran da ke cikin masana'antu da kasuwar Wi-Fi na masana'antu, akwai bambance-bambancen yadda samfuran ke tantance zirga-zirga ta aikace-aikace. Samfura daga masana'anta daban-daban na iya gano lambobin aikace-aikace daban-daban. Koyaya, da yawa daga cikin aikace-aikacen da gasa mafita ke jera yadda zai yiwu don ganewa, a zahiri, gidajen yanar gizo ne, kuma ba aikace-aikace na musamman ba.

Akwai wani fasali mai ban sha'awa na ƙwarewar aikace-aikacen: mafita sun bambanta sosai cikin daidaiton ganewa.

Yin la'akari da duk gwaje-gwajen da aka yi, za mu iya bayyana da alhakin cewa Cisco's Wi-Fi-6 bayani yana aiwatar da ƙwarewar aikace-aikacen daidai: Jabber, Netflix, Dropbox, YouTube da sauran shahararrun aikace-aikacen, da kuma ayyukan yanar gizo, an gano su daidai. Maganin Cisco kuma na iya nutsewa zurfi cikin fakitin bayanai ta amfani da DPI (Binciken Fakitin zurfafa).

Bin diddigin zirga-zirgar ababen hawa

An gudanar da wani gwaji don ganin ko tsarin zai iya bin diddigin daidai da bayar da rahoton kwararar bayanai (kamar manyan motsin fayil). Don gwada wannan, an aika fayil ɗin megabyte 6,5 akan hanyar sadarwa ta hanyar amfani da Fayil na Canja wurin Fayil (FTP).

Maganin Cisco ya cika aikin kuma ya sami damar bin wannan zirga-zirga godiya ga NetFlow da damar kayan aikin sa. An gano zirga-zirga kuma an gano shi nan da nan tare da ainihin adadin bayanan da aka tura.

Rufaffen bincike na zirga-zirga

Ana ƙara rufaffen bayanan masu amfani. Ana yin hakan ne domin a kare shi daga bin sawu ko kama shi daga maharan. Amma a lokaci guda, masu kutse suna ƙara yin amfani da ɓoyayyen ɓoyewa don ɓoye malware da kuma aiwatar da wasu ayyuka masu banƙyama kamar su Man-in-the-Middle (MiTM) ko hare-haren keylogging.

Yawancin 'yan kasuwa suna duba wasu ɓoyayyun hanyoyin zirga-zirgar su ta hanyar fara ɓarna shi ta amfani da shingen wuta ko tsarin rigakafin kutse. Amma wannan tsari yana ɗaukar lokaci mai yawa kuma baya amfanar aikin hanyar sadarwa gaba ɗaya. Bugu da ƙari, da zarar an ɓoye bayanan, wannan bayanan ya zama mai rauni ga idanu masu prying.

Cisco Catalyst 9800 Series controllers sun sami nasarar magance matsalar nazarin ɓoyayyen zirga-zirga ta wasu hanyoyi. Ana kiran maganin Encrypted Traffic Analytics (ETA). ETA fasaha ce wacce a halin yanzu ba ta da analogues a cikin hanyoyin gasa kuma wacce ke gano malware a cikin zirga-zirgar ɓoyayyiyar ba tare da buƙatar ɓoye shi ba. ETA shine ainihin fasalin IOS-XE wanda ya haɗa da Ingantattun NetFlow kuma yana amfani da algorithms na haɓaka haɓaka don gano mugayen tsarin zirga-zirgar da ke ɓoye a cikin ɓoyayyun zirga-zirga.

ETA ba ya yanke saƙon, amma yana tattara bayanan bayanan metadata na ɓoyayyun hanyoyin zirga-zirga - girman fakiti, tazarar lokaci tsakanin fakiti, da ƙari mai yawa. Ana fitar da metadata sannan a cikin rikodin NetFlow v9 zuwa Cisco Stealthwatch.

Makullin aikin Stealthwatch shine a koyaushe saka idanu akan zirga-zirga, da kuma ƙirƙirar tushen ayyukan cibiyar sadarwa na yau da kullun. Yin amfani da ɓoyayyen bayanan rafi da ETA ta aika masa, Stealthwatch yana amfani da koyon na'ura mai nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'i) ta aika da ETA,Stealthwatch yana amfani da ilmantarwa na na'ura mai nau'i-nau'i don gano abubuwan da ba su dace ba game da zirga-zirgar zirga-zirga wanda zai iya nuna abubuwan da ake tuhuma.

A shekarar da ta gabata, Cisco ta shiga Miercom don ƙididdige ma'anarta ta Cisco Encrypted Traffic Analytics. A yayin wannan kima, Miercom ta aika da sananniya da barazanar da ba a sani ba (viruses, Trojans, ransomware) a cikin ɓoyayyiyar zirga-zirgar zirga-zirgar da ba a ɓoye ba a cikin manyan hanyoyin sadarwa na ETA da waɗanda ba na ETA ba don gano barazanar.

Don gwaji, an ƙaddamar da lambar ɓarna akan cibiyoyin sadarwa biyu. A cikin duka biyun, an gano ayyukan da ake tuhuma a hankali. Cibiyar sadarwa ta ETA da farko ta gano barazanar 36% cikin sauri fiye da hanyar sadarwar da ba ta ETA ba. A lokaci guda, yayin da aikin ya ci gaba, haɓakar ganowa a cikin hanyar sadarwar ETA ya fara karuwa. A sakamakon haka, bayan an yi aiki da yawa a cikin sa'o'i da yawa, kashi biyu cikin uku na barazanar aiki an sami nasarar ganowa a cikin hanyar sadarwa ta ETA, wanda ya ninka sau biyu a cikin hanyar sadarwar da ba ta ETA ba.

Ayyukan ETA sun haɗa da kyau tare da Stealthwatch. Barazana an jera su da tsanani kuma ana nuna su tare da cikakkun bayanai, da kuma zaɓuɓɓukan gyara da zarar an tabbatar. Ƙarshe - ETA yana aiki!

Gano kutse da rigakafin

Cisco yanzu yana da wani ingantaccen kayan aikin tsaro - Cisco Advanced Wireless Intrusion Prevention System (aWIPS): tsarin ganowa da hana barazanar cibiyoyin sadarwa mara waya. Maganin aWIPS yana aiki a matakin masu sarrafawa, wuraren samun dama da software na Cibiyar Gudanarwa ta Cisco DNA. Gano barazanar, faɗakarwa, da rigakafi ya haɗu da nazarin zirga-zirgar hanyar sadarwa, na'urar cibiyar sadarwa da bayanan topology na cibiyar sadarwa, dabarun tushen sa hannu, da gano ɓarna don isar da ingantacciyar barazanar mara waya da za a iya hanawa.

Cikakkun haɗawa da aWIPS cikin ababen more rayuwa na cibiyar sadarwar ku, zaku iya ci gaba da saka idanu kan zirga-zirgar ababen hawa a kan hanyoyin sadarwar waya da mara waya kuma amfani da shi don bincika yuwuwar hare-hare ta atomatik daga tushe da yawa don samar da mafi kyawun ganowa da rigakafi mai yuwuwa.

Tabbatarwa yana nufin

A halin yanzu, ban da kayan aikin tabbatarwa na yau da kullun, Cisco Catalyst 9800 jerin mafita suna tallafawa WPA3. WPA3 shine sabon sigar WPA, wanda shine saitin ka'idoji da fasaha waɗanda ke ba da tabbaci da ɓoyewa don cibiyoyin sadarwar Wi-Fi.

WPA3 yana amfani da Tabbatar da Daidaitawa na Lokaci-lokaci (SAE) don samar da kariya mafi ƙarfi ga masu amfani daga yunƙurin hasashen kalmar sirri na ɓangare na uku. Lokacin da abokin ciniki ya haɗa zuwa wurin shiga, yana yin musayar SAE. Idan an yi nasara, kowannensu zai ƙirƙiri maɓalli mai ƙarfi na cryptographically wanda za a samo maɓallin zaman, sannan za su shiga yanayin tabbatarwa. Abokin ciniki da wurin shiga na iya shiga jihohin musafaha duk lokacin da ake buƙatar ƙirƙirar maɓallin zama. Hanyar tana amfani da sirrin gaba, wanda maharin zai iya fashe maɓalli ɗaya, amma ba duka maɓallan ba.

Wato an ƙera SAE ta yadda maharin da ke katse zirga-zirgar ababen hawa yana da ƙoƙari ɗaya kawai don tantance kalmar sirri kafin bayanan da aka kama su zama mara amfani. Don tsara dogon dawo da kalmar sirri, kuna buƙatar samun damar jiki zuwa wurin shiga.

Kariyar na'urar abokin ciniki

Cisco Catalyst 9800 Series mafita mara waya a halin yanzu yana samar da fasalin kariyar abokin ciniki na farko ta hanyar Cisco Umbrella WLAN, sabis na tsaro na cibiyar sadarwa na tushen girgije wanda ke aiki a matakin DNS tare da gano atomatik na sananne da barazanar da ke fitowa.

Cisco Umbrella WLAN yana ba da na'urorin abokin ciniki tare da amintaccen haɗi zuwa Intanet. Ana samun wannan ta hanyar tace abun ciki, wato, ta hanyar toshe hanyoyin samun albarkatu akan Intanet daidai da manufofin kasuwanci. Don haka, na'urorin abokin ciniki akan Intanet ana kiyaye su daga malware, ransomware, da phishing. Yin aiwatar da manufofin ya dogara ne akan nau'ikan abun ciki 60 da aka ci gaba da sabunta su.

Autom

Cibiyoyin sadarwa mara waya ta yau sun fi sassauya da sarkakiya, don haka hanyoyin gargajiya na daidaitawa da dawo da bayanai daga masu sarrafa mara waya ba su isa ba. Masu gudanar da hanyar sadarwa da ƙwararrun tsaro na bayanai suna buƙatar kayan aiki don sarrafa kansa da nazari, yana sa masu siyar da waya su ba da irin waɗannan kayan aikin.

Don magance waɗannan matsalolin, Cisco Catalyst 9800 jerin masu kula da mara waya, tare da API na gargajiya, suna ba da goyan baya ga ka'idar saitin hanyar sadarwa ta RESTCONF / NETCONF tare da YANG (Duk da haka Wani Ƙarni na gaba) yaren ƙirar bayanai.

NETCONF wata yarjejeniya ce ta tushen XML wacce aikace-aikace za su iya amfani da su don neman bayanai da canza tsarin na'urorin cibiyar sadarwa kamar masu sarrafa mara waya.

Baya ga waɗannan hanyoyin, Cisco Catalyst 9800 Series Controllers suna ba da ikon kamawa, dawo da, da kuma nazarin bayanan kwararar bayanai ta amfani da ka'idojin NetFlow da sFlow.

Don tsaro da ƙirar zirga-zirga, ikon bin ƙayyadaddun kwarara kayan aiki ne mai mahimmanci. Don magance wannan matsalar, an aiwatar da tsarin sFlow, wanda ke ba ku damar ɗaukar fakiti biyu cikin kowane ɗari. Duk da haka, wani lokacin wannan bazai isa a yi nazari da kuma cikakken nazari da kimanta kwararar ruwa ba. Don haka, madadin shine NetFlow, wanda Cisco ke aiwatarwa, wanda ke ba ku damar tattarawa da fitar da duk fakiti 100% a cikin ƙayyadaddun kwarara don bincike na gaba.

Wani fasalin, duk da haka, samuwa ne kawai a cikin aiwatar da kayan aiki na masu sarrafawa, wanda ke ba ku damar sarrafa aikin cibiyar sadarwa mara waya a cikin Cisco Catalyst 9800 jerin masu kula, an gina shi a cikin goyon baya ga harshen Python a matsayin ƙari don amfani. rubutun kai tsaye akan mai sarrafa mara waya kanta.

A ƙarshe, Cisco Catalyst 9800 Series Controllers suna goyan bayan ingantaccen sigar SNMP 1, 2, da 3 don saka idanu da ayyukan gudanarwa.

Don haka, dangane da aiki da kai, Cisco Catalyst 9800 Series Solutions sun cika cikakkun buƙatun kasuwancin zamani, suna ba da sabbin sabbin abubuwa da na musamman, da kuma kayan aikin da aka gwada lokaci don ayyukan sarrafa kai da nazari a cikin cibiyoyin sadarwa mara waya na kowane girman da rikitarwa.

ƙarshe

A cikin mafita dangane da Cisco Catalyst 9800 Series Controllers, Cisco ya nuna kyakkyawan sakamako a cikin nau'ikan babban samuwa, tsaro da aiki da kai.

Maganinta ya cika duk manyan buƙatun samuwa kamar gazawar ƙaramin abu na biyu yayin abubuwan da ba a tsara su ba da lokacin faɗuwar lokaci don abubuwan da aka tsara.

Cisco Catalyst 9800 Series Controllers suna ba da cikakken tsaro wanda ke ba da zurfin duba fakiti don gano aikace-aikacen da sarrafawa, cikakken gani cikin kwararar bayanai, da gano barazanar da ke ɓoye a cikin ɓoyayyun zirga-zirgar zirga-zirgar, da ingantattun hanyoyin tabbatarwa da tsaro don na'urorin abokin ciniki.

Don aiki da kai da nazari, Sisiko Catalyst 9800 Series yana ba da ƙarfi mai ƙarfi ta amfani da mashahuran daidaitattun samfura: YANG, NETCONF, RESTCONF, APIs na gargajiya, da rubutun Python da aka gina a ciki.

Don haka, Cisco ya sake tabbatar da matsayinsa a matsayin jagorar masana'antar hanyoyin sadarwa ta duniya, tare da kiyaye zamani tare da yin la'akari da duk ƙalubalen kasuwancin zamani.

Don ƙarin bayani game da Catalyst sauya iyali, ziyarci shafin cisco.

source: www.habr.com

A cikin 2019, kamfanin tuntuɓar Miercom ya gudanar da ƙididdigar fasaha mai zaman kanta na masu kula da Wi-Fi 6 na jerin Sisiko Catalyst 9800. Don wannan binciken, an tattara benci na gwaji daga masu kula da Cisco Wi-Fi 6 da wuraren samun dama, kuma mafita ta fasaha ta kasance. tantance a cikin wadannan rukunan:

• Samuwar;
• Tsaro;
• Kayan aiki da kai.

Ana nuna sakamakon binciken a ƙasa. Tun daga 2019, ayyukan Cisco Catalyst 9800 jerin masu kula da jerin an inganta su sosai - waɗannan abubuwan kuma ana nuna su a cikin wannan labarin.

Kuna iya karanta game da wasu fa'idodin fasahar Wi-Fi 6, misalan aiwatarwa da wuraren aikace-aikacen a nan.

Bayanin Magani

Wi-Fi 6 masu sarrafawa Cisco Catalyst 9800 jerin

Cisco Catalyst 9800 Series Wireless Controllers, dangane da tsarin aiki na IOS-XE (kuma ana amfani da shi don masu sauyawa da na'urori na Cisco), suna samuwa a cikin zaɓuɓɓuka iri-iri.

Tsohuwar ƙirar mai sarrafa 9800-80 tana goyan bayan fitar da hanyar sadarwa mara waya har zuwa 80 Gbps. Ɗayan mai kula da 9800-80 yana goyan bayan wuraren shiga har zuwa 6000 kuma har zuwa abokan ciniki mara waya 64.

Tsarin tsaka-tsaki, mai kula da 9800-40, yana goyan bayan kayan aiki na 40 Gbps, har zuwa wuraren samun damar 2000 da har zuwa abokan ciniki mara waya na 32.

Baya ga waɗannan samfuran, ƙididdigar gasa ta kuma haɗa da mai kula da mara waya ta 9800-CL (CL tana tsaye ga Cloud). 9800-CL yana gudana a cikin mahallin kama-da-wane akan VMWare ESXI da KVM hypervisors, kuma aikin sa ya dogara da kayan aikin da aka keɓe don na'ura mai sarrafawa. A cikin matsakaicin tsarin sa, Cisco 9800-CL mai sarrafa, kamar tsohuwar ƙirar 9800-80, tana goyan bayan haɓaka har zuwa wuraren samun damar 6000 kuma har zuwa abokan ciniki mara waya 64.

Lokacin gudanar da bincike tare da masu sarrafawa, Cisco Aironet AP 4800 jerin wuraren samun damar shiga an yi amfani da shi, yana goyan bayan aiki a mitoci na 2,4 da 5 GHz tare da ikon canzawa a hankali zuwa yanayin 5-GHz dual.

Gwajin tsayawa

A matsayin wani ɓangare na gwajin, an haɗa tasha daga masu kula da mara waya ta Cisco Catalyst 9800-CL guda biyu masu aiki a cikin gungu da Cisco Aironet AP 4800 jerin hanyoyin shiga.

Kwamfutar tafi-da-gidanka daga Dell da Apple, da kuma wayar Apple iPhone, an yi amfani da su azaman na'urorin abokin ciniki.

Gwajin Samun dama

Ana bayyana samuwa azaman ikon masu amfani don samun dama da amfani da tsari ko sabis. Babban samuwa yana nuna ci gaba da samun dama ga tsari ko sabis, mai zaman kansa daga wasu abubuwan da suka faru.

An gwada babban samuwa a cikin yanayi huɗu, al'amuran uku na farko ana iya faɗi ko abubuwan da aka tsara waɗanda zasu iya faruwa a lokacin ko bayan sa'o'in kasuwanci. Labari na biyar gazawa ce ta al'ada, wanda lamari ne da ba a iya faɗi ba.

Bayanin al'amura:

• Kuskuren gyara - ƙaramin sabuntawa na tsarin (bugfix ko facin tsaro), wanda ke ba ku damar gyara wani kuskure ko rauni na musamman ba tare da cikakken sabunta software na tsarin ba;
• Sabunta aiki - ƙara ko faɗaɗa ayyukan tsarin yanzu ta hanyar shigar da sabuntawar aiki;
• Cikakken sabuntawa - sabunta hoton software mai sarrafawa;
• Ƙara wurin samun dama - ƙara sabon samfurin hanyar shiga zuwa cibiyar sadarwa mara waya ba tare da buƙatar sake saitawa ko sabunta software mai sarrafawa ba;
• Kasawa — gazawar mai sarrafa mara waya.

Gyara kwari da lahani

Sau da yawa, tare da mafita masu gasa da yawa, faci yana buƙatar cikakken sabunta software na tsarin mai sarrafa mara waya, wanda zai iya haifar da raguwar lokaci mara shiri. Game da maganin Cisco, ana yin faci ba tare da dakatar da samfurin ba. Ana iya shigar da faci akan kowane ɗayan abubuwan yayin da kayan aikin mara waya ke ci gaba da aiki.

A hanya kanta ne quite sauki. Ana kwafin fayil ɗin facin zuwa babban fayil ɗin bootstrap akan ɗaya daga cikin masu kula da mara waya ta Cisco, sannan ana tabbatar da aikin ta hanyar GUI ko layin umarni. Bugu da kari, zaku iya sokewa da cire gyara ta hanyar GUI ko layin umarni, kuma ba tare da katse aikin tsarin ba.

Sabunta aiki

Ana amfani da sabunta software na aiki don kunna sabbin ayyuka. Ɗaya daga cikin waɗannan haɓakawa shine sabunta bayanan sa hannun aikace-aikacen. An shigar da wannan fakitin akan masu kula da Sisiko a matsayin gwaji. Kamar dai tare da faci, ana amfani da sabunta fasalin, shigar, ko cirewa ba tare da wani tsangwama ko katsewar tsarin ba.

Cikakken sabuntawa

A halin yanzu, ana yin cikakken sabunta hoton software mai sarrafawa kamar yadda ake sabunta aikin, wato, ba tare da raguwa ba. Koyaya, wannan fasalin yana samuwa ne kawai a cikin tsarin tari lokacin da akwai mai sarrafawa fiye da ɗaya. Ana yin cikakken ɗaukakawa a jere: na farko akan mai sarrafawa ɗaya, sannan akan na biyu.

Ƙara sabon samfurin hanyar shiga

Haɗa sabbin wuraren shiga, waɗanda ba a taɓa sarrafa su tare da hoton software mai sarrafawa da aka yi amfani da su ba, zuwa hanyar sadarwa mara igiyar waya aiki ne na gama gari, musamman a manyan hanyoyin sadarwa (tashoshin jiragen sama, otal-otal, masana'antu). Sau da yawa a cikin hanyoyin fafatawa, wannan aikin yana buƙatar sabunta software na tsarin ko sake kunna masu sarrafawa.

Lokacin haɗa sabbin wuraren shiga Wi-Fi 6 zuwa gungu na Cisco Catalyst 9800 jerin masu kula, ba a ga irin waɗannan matsalolin. Ana haɗa sabbin maki zuwa mai sarrafawa ba tare da sabunta software mai sarrafawa ba, kuma wannan tsari baya buƙatar sake kunnawa, don haka baya shafar hanyar sadarwar mara waya ta kowace hanya.

gazawar mai sarrafawa

Yanayin gwajin yana amfani da masu sarrafa Wi-Fi 6 guda biyu (Active/StandBy) kuma wurin samun damar yana da haɗin kai kai tsaye zuwa duka masu sarrafawa.

Ɗayan mai kula da mara waya yana aiki, ɗayan kuma, bi da bi, madadin. Idan mai sarrafawa mai aiki ya gaza, mai kula da ajiyar yana ɗauka kuma matsayinsa yana canzawa zuwa aiki. Wannan hanya tana faruwa ba tare da katsewa ba don wurin shiga da Wi-Fi ga abokan ciniki.

Tsaro

Wannan sashe yana tattauna batutuwan tsaro, wanda lamari ne mai matukar wahala a cibiyoyin sadarwa mara waya. Ana kimanta tsaro na maganin bisa ga halaye masu zuwa:

• Gane aikace-aikacen;
• Bibiyar kwarara;
• Binciken zirga-zirgar da aka ɓoye;
• Gano kutse da rigakafin;
• Tabbatarwa yana nufin;
• Kayan aikin kariya na abokin ciniki.

Gane aikace-aikace

Daga cikin nau'ikan samfuran da ke cikin masana'antu da kasuwar Wi-Fi na masana'antu, akwai bambance-bambancen yadda samfuran ke tantance zirga-zirga ta aikace-aikace. Samfura daga masana'anta daban-daban na iya gano lambobin aikace-aikace daban-daban. Koyaya, da yawa daga cikin aikace-aikacen da gasa mafita ke jera yadda zai yiwu don ganewa, a zahiri, gidajen yanar gizo ne, kuma ba aikace-aikace na musamman ba.

Akwai wani fasali mai ban sha'awa na ƙwarewar aikace-aikacen: mafita sun bambanta sosai cikin daidaiton ganewa.

Yin la'akari da duk gwaje-gwajen da aka yi, za mu iya bayyana da alhakin cewa Cisco's Wi-Fi-6 bayani yana aiwatar da ƙwarewar aikace-aikacen daidai: Jabber, Netflix, Dropbox, YouTube da sauran shahararrun aikace-aikacen, da kuma ayyukan yanar gizo, an gano su daidai. Maganin Cisco kuma na iya nutsewa zurfi cikin fakitin bayanai ta amfani da DPI (Binciken Fakitin zurfafa).

Bin diddigin zirga-zirgar ababen hawa

An gudanar da wani gwaji don ganin ko tsarin zai iya bin diddigin daidai da bayar da rahoton kwararar bayanai (kamar manyan motsin fayil). Don gwada wannan, an aika fayil ɗin megabyte 6,5 akan hanyar sadarwa ta hanyar amfani da Fayil na Canja wurin Fayil (FTP).

Maganin Cisco ya cika aikin kuma ya sami damar bin wannan zirga-zirga godiya ga NetFlow da damar kayan aikin sa. An gano zirga-zirga kuma an gano shi nan da nan tare da ainihin adadin bayanan da aka tura.

Rufaffen bincike na zirga-zirga

Ana ƙara rufaffen bayanan masu amfani. Ana yin hakan ne domin a kare shi daga bin sawu ko kama shi daga maharan. Amma a lokaci guda, masu kutse suna ƙara yin amfani da ɓoyayyen ɓoyewa don ɓoye malware da kuma aiwatar da wasu ayyuka masu banƙyama kamar su Man-in-the-Middle (MiTM) ko hare-haren keylogging.

Yawancin 'yan kasuwa suna duba wasu ɓoyayyun hanyoyin zirga-zirgar su ta hanyar fara ɓarna shi ta amfani da shingen wuta ko tsarin rigakafin kutse. Amma wannan tsari yana ɗaukar lokaci mai yawa kuma baya amfanar aikin hanyar sadarwa gaba ɗaya. Bugu da ƙari, da zarar an ɓoye bayanan, wannan bayanan ya zama mai rauni ga idanu masu prying.

Cisco Catalyst 9800 Series controllers sun sami nasarar magance matsalar nazarin ɓoyayyen zirga-zirga ta wasu hanyoyi. Ana kiran maganin Encrypted Traffic Analytics (ETA). ETA fasaha ce wacce a halin yanzu ba ta da analogues a cikin hanyoyin gasa kuma wacce ke gano malware a cikin zirga-zirgar ɓoyayyiyar ba tare da buƙatar ɓoye shi ba. ETA shine ainihin fasalin IOS-XE wanda ya haɗa da Ingantattun NetFlow kuma yana amfani da algorithms na haɓaka haɓaka don gano mugayen tsarin zirga-zirgar da ke ɓoye a cikin ɓoyayyun zirga-zirga.

ETA ba ya yanke saƙon, amma yana tattara bayanan bayanan metadata na ɓoyayyun hanyoyin zirga-zirga - girman fakiti, tazarar lokaci tsakanin fakiti, da ƙari mai yawa. Ana fitar da metadata sannan a cikin rikodin NetFlow v9 zuwa Cisco Stealthwatch.

Makullin aikin Stealthwatch shine a koyaushe saka idanu akan zirga-zirga, da kuma ƙirƙirar tushen ayyukan cibiyar sadarwa na yau da kullun. Yin amfani da ɓoyayyen bayanan rafi da ETA ta aika masa, Stealthwatch yana amfani da koyon na'ura mai nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'in nau'i) ta aika da ETA,Stealthwatch yana amfani da ilmantarwa na na'ura mai nau'i-nau'i don gano abubuwan da ba su dace ba game da zirga-zirgar zirga-zirga wanda zai iya nuna abubuwan da ake tuhuma.

A shekarar da ta gabata, Cisco ta shiga Miercom don ƙididdige ma'anarta ta Cisco Encrypted Traffic Analytics. A yayin wannan kima, Miercom ta aika da sananniya da barazanar da ba a sani ba (viruses, Trojans, ransomware) a cikin ɓoyayyiyar zirga-zirgar zirga-zirgar da ba a ɓoye ba a cikin manyan hanyoyin sadarwa na ETA da waɗanda ba na ETA ba don gano barazanar.

Don gwaji, an ƙaddamar da lambar ɓarna akan cibiyoyin sadarwa biyu. A cikin duka biyun, an gano ayyukan da ake tuhuma a hankali. Cibiyar sadarwa ta ETA da farko ta gano barazanar 36% cikin sauri fiye da hanyar sadarwar da ba ta ETA ba. A lokaci guda, yayin da aikin ya ci gaba, haɓakar ganowa a cikin hanyar sadarwar ETA ya fara karuwa. A sakamakon haka, bayan an yi aiki da yawa a cikin sa'o'i da yawa, kashi biyu cikin uku na barazanar aiki an sami nasarar ganowa a cikin hanyar sadarwa ta ETA, wanda ya ninka sau biyu a cikin hanyar sadarwar da ba ta ETA ba.

Ayyukan ETA sun haɗa da kyau tare da Stealthwatch. Barazana an jera su da tsanani kuma ana nuna su tare da cikakkun bayanai, da kuma zaɓuɓɓukan gyara da zarar an tabbatar. Ƙarshe - ETA yana aiki!

Gano kutse da rigakafin

Cisco yanzu yana da wani ingantaccen kayan aikin tsaro - Cisco Advanced Wireless Intrusion Prevention System (aWIPS): tsarin ganowa da hana barazanar cibiyoyin sadarwa mara waya. Maganin aWIPS yana aiki a matakin masu sarrafawa, wuraren samun dama da software na Cibiyar Gudanarwa ta Cisco DNA. Gano barazanar, faɗakarwa, da rigakafi ya haɗu da nazarin zirga-zirgar hanyar sadarwa, na'urar cibiyar sadarwa da bayanan topology na cibiyar sadarwa, dabarun tushen sa hannu, da gano ɓarna don isar da ingantacciyar barazanar mara waya da za a iya hanawa.

Cikakkun haɗawa da aWIPS cikin ababen more rayuwa na cibiyar sadarwar ku, zaku iya ci gaba da saka idanu kan zirga-zirgar ababen hawa a kan hanyoyin sadarwar waya da mara waya kuma amfani da shi don bincika yuwuwar hare-hare ta atomatik daga tushe da yawa don samar da mafi kyawun ganowa da rigakafi mai yuwuwa.

Tabbatarwa yana nufin

A halin yanzu, ban da kayan aikin tabbatarwa na yau da kullun, Cisco Catalyst 9800 jerin mafita suna tallafawa WPA3. WPA3 shine sabon sigar WPA, wanda shine saitin ka'idoji da fasaha waɗanda ke ba da tabbaci da ɓoyewa don cibiyoyin sadarwar Wi-Fi.

WPA3 yana amfani da Tabbatar da Daidaitawa na Lokaci-lokaci (SAE) don samar da kariya mafi ƙarfi ga masu amfani daga yunƙurin hasashen kalmar sirri na ɓangare na uku. Lokacin da abokin ciniki ya haɗa zuwa wurin shiga, yana yin musayar SAE. Idan an yi nasara, kowannensu zai ƙirƙiri maɓalli mai ƙarfi na cryptographically wanda za a samo maɓallin zaman, sannan za su shiga yanayin tabbatarwa. Abokin ciniki da wurin shiga na iya shiga jihohin musafaha duk lokacin da ake buƙatar ƙirƙirar maɓallin zama. Hanyar tana amfani da sirrin gaba, wanda maharin zai iya fashe maɓalli ɗaya, amma ba duka maɓallan ba.

Wato an ƙera SAE ta yadda maharin da ke katse zirga-zirgar ababen hawa yana da ƙoƙari ɗaya kawai don tantance kalmar sirri kafin bayanan da aka kama su zama mara amfani. Don tsara dogon dawo da kalmar sirri, kuna buƙatar samun damar jiki zuwa wurin shiga.

Kariyar na'urar abokin ciniki

Cisco Catalyst 9800 Series mafita mara waya a halin yanzu yana samar da fasalin kariyar abokin ciniki na farko ta hanyar Cisco Umbrella WLAN, sabis na tsaro na cibiyar sadarwa na tushen girgije wanda ke aiki a matakin DNS tare da gano atomatik na sananne da barazanar da ke fitowa.

Cisco Umbrella WLAN yana ba da na'urorin abokin ciniki tare da amintaccen haɗi zuwa Intanet. Ana samun wannan ta hanyar tace abun ciki, wato, ta hanyar toshe hanyoyin samun albarkatu akan Intanet daidai da manufofin kasuwanci. Don haka, na'urorin abokin ciniki akan Intanet ana kiyaye su daga malware, ransomware, da phishing. Yin aiwatar da manufofin ya dogara ne akan nau'ikan abun ciki 60 da aka ci gaba da sabunta su.

Autom

Cibiyoyin sadarwa mara waya ta yau sun fi sassauya da sarkakiya, don haka hanyoyin gargajiya na daidaitawa da dawo da bayanai daga masu sarrafa mara waya ba su isa ba. Masu gudanar da hanyar sadarwa da ƙwararrun tsaro na bayanai suna buƙatar kayan aiki don sarrafa kansa da nazari, yana sa masu siyar da waya su ba da irin waɗannan kayan aikin.

Don magance waɗannan matsalolin, Cisco Catalyst 9800 jerin masu kula da mara waya, tare da API na gargajiya, suna ba da goyan baya ga ka'idar saitin hanyar sadarwa ta RESTCONF / NETCONF tare da YANG (Duk da haka Wani Ƙarni na gaba) yaren ƙirar bayanai.

NETCONF wata yarjejeniya ce ta tushen XML wacce aikace-aikace za su iya amfani da su don neman bayanai da canza tsarin na'urorin cibiyar sadarwa kamar masu sarrafa mara waya.

Baya ga waɗannan hanyoyin, Cisco Catalyst 9800 Series Controllers suna ba da ikon kamawa, dawo da, da kuma nazarin bayanan kwararar bayanai ta amfani da ka'idojin NetFlow da sFlow.

Don tsaro da ƙirar zirga-zirga, ikon bin ƙayyadaddun kwarara kayan aiki ne mai mahimmanci. Don magance wannan matsalar, an aiwatar da tsarin sFlow, wanda ke ba ku damar ɗaukar fakiti biyu cikin kowane ɗari. Duk da haka, wani lokacin wannan bazai isa a yi nazari da kuma cikakken nazari da kimanta kwararar ruwa ba. Don haka, madadin shine NetFlow, wanda Cisco ke aiwatarwa, wanda ke ba ku damar tattarawa da fitar da duk fakiti 100% a cikin ƙayyadaddun kwarara don bincike na gaba.

Wani fasalin, duk da haka, samuwa ne kawai a cikin aiwatar da kayan aiki na masu sarrafawa, wanda ke ba ku damar sarrafa aikin cibiyar sadarwa mara waya a cikin Cisco Catalyst 9800 jerin masu kula, an gina shi a cikin goyon baya ga harshen Python a matsayin ƙari don amfani. rubutun kai tsaye akan mai sarrafa mara waya kanta.

A ƙarshe, Cisco Catalyst 9800 Series Controllers suna goyan bayan ingantaccen sigar SNMP 1, 2, da 3 don saka idanu da ayyukan gudanarwa.

Don haka, dangane da aiki da kai, Cisco Catalyst 9800 Series Solutions sun cika cikakkun buƙatun kasuwancin zamani, suna ba da sabbin sabbin abubuwa da na musamman, da kuma kayan aikin da aka gwada lokaci don ayyukan sarrafa kai da nazari a cikin cibiyoyin sadarwa mara waya na kowane girman da rikitarwa.

ƙarshe

A cikin mafita dangane da Cisco Catalyst 9800 Series Controllers, Cisco ya nuna kyakkyawan sakamako a cikin nau'ikan babban samuwa, tsaro da aiki da kai.

Maganinta ya cika duk manyan buƙatun samuwa kamar gazawar ƙaramin abu na biyu yayin abubuwan da ba a tsara su ba da lokacin faɗuwar lokaci don abubuwan da aka tsara.

Cisco Catalyst 9800 Series Controllers suna ba da cikakken tsaro wanda ke ba da zurfin duba fakiti don gano aikace-aikacen da sarrafawa, cikakken gani cikin kwararar bayanai, da gano barazanar da ke ɓoye a cikin ɓoyayyun zirga-zirgar zirga-zirgar, da ingantattun hanyoyin tabbatarwa da tsaro don na'urorin abokin ciniki.

Don aiki da kai da nazari, Sisiko Catalyst 9800 Series yana ba da ƙarfi mai ƙarfi ta amfani da mashahuran daidaitattun samfura: YANG, NETCONF, RESTCONF, APIs na gargajiya, da rubutun Python da aka gina a ciki.

Don haka, Cisco ya sake tabbatar da matsayinsa a matsayin jagorar masana'antar hanyoyin sadarwa ta duniya, tare da kiyaye zamani tare da yin la'akari da duk ƙalubalen kasuwancin zamani.

Don ƙarin bayani game da Catalyst sauya iyali, ziyarci shafin cisco.

source: www.habr.com