Ngati muli ndi wowongolera, palibe vuto: momwe mungasungire netiweki yanu opanda zingwe mosavuta

Mu 2019, kampani yofunsira Miercom idachita kafukufuku wodziyimira pawokha paukadaulo wa owongolera a Wi-Fi 6 a mndandanda wa Cisco Catalyst 9800. Pa kafukufukuyu, benchi yoyeserera idasonkhanitsidwa kuchokera kwa owongolera a Cisco Wi-Fi 6 ndi malo olowera, ndipo yankho laukadaulo linali. amawunikidwa m'magulu otsatirawa:

• kupezeka;
• Security;
• Zochita zokha.

Zotsatira za phunziroli zikuwonetsedwa pansipa. Kuyambira 2019, magwiridwe antchito a owongolera a Cisco Catalyst 9800 asinthidwa bwino - mfundo izi zikuwonetsedwanso m'nkhaniyi.

Mutha kuwerenga zaubwino wina waukadaulo wa Wi-Fi 6, zitsanzo za kukhazikitsa ndi madera ogwiritsira ntchito apa.

Mayankho mwachidule

Olamulira a Wi-Fi 6 Cisco Catalyst 9800 mndandanda

Cisco Catalyst 9800 Series Wireless Controllers, yochokera ku IOS-XE yogwiritsira ntchito (yomwe imagwiritsidwanso ntchito pa Cisco switches ndi routers), imapezeka m'njira zosiyanasiyana.

Mtundu wakale wa wowongolera wa 9800-80 umathandizira ma network opanda zingwe mpaka 80 Gbps. Wowongolera m'modzi wa 9800-80 amathandizira malo ofikira 6000 ndi makasitomala opitilira 64 opanda zingwe.

Mtundu wapakatikati, wowongolera 9800-40, umathandizira mpaka 40 Gbps kudutsa, mpaka malo ofikira 2000 ndi makasitomala opitilira 32 opanda zingwe.

Kuphatikiza pamitundu iyi, kusanthula kwapikisano kumaphatikizanso wowongolera opanda zingwe wa 9800-CL (CL imayimira Cloud). 9800-CL imayenda mozungulira pa VMWare ESXI ndi KVM hypervisors, ndipo magwiridwe ake amadalira zida zodzipatulira zamakina owongolera makina. Pakukhazikika kwake kokwanira, wowongolera wa Cisco 9800-CL, monga mtundu wakale wa 9800-80, amathandizira scalability mpaka 6000 malo ofikira mpaka 64 makasitomala opanda zingwe.

Pochita kafukufuku ndi olamulira, Cisco Aironet AP 4800 malo ofikira angapo adagwiritsidwa ntchito, kuthandizira pamayendedwe a 2,4 ndi 5 GHz ndi kuthekera kosinthira mwamphamvu kumachitidwe apawiri a 5-GHz.

benchi yoyesera

Monga gawo la kuyesako, choyimira chinasonkhanitsidwa kuchokera kwa owongolera opanda zingwe a Cisco Catalyst 9800-CL omwe amagwira ntchito mgulu ndi Cisco Aironet AP 4800 malo ofikira.

Malaputopu ochokera ku Dell ndi Apple, komanso foni yam'manja ya Apple iPhone, idagwiritsidwa ntchito ngati zida zamakasitomala.

Kupezeka kwa Mayeso

Kupezeka kumatanthauzidwa ngati kuthekera kwa ogwiritsa ntchito kupeza ndikugwiritsa ntchito dongosolo kapena ntchito. Kupezeka kwakukulu kumatanthauza kupeza nthawi zonse ku dongosolo kapena ntchito, popanda zochitika zina.

Kupezeka kwakukulu kunayesedwa muzochitika zinayi, zochitika zitatu zoyambirira kukhala zodziwikiratu kapena zochitika zomwe zinakonzedweratu zomwe zingachitike panthawi kapena pambuyo pa ntchito. Chochitika chachisanu ndi kulephera kwachikale, chomwe ndi chochitika chosayembekezereka.

Kufotokozera za zochitika:

• Kuwongolera zolakwika - kusinthika kwapang'onopang'ono kwa dongosolo (bugfix kapena chigamba chachitetezo), chomwe chimakulolani kukonza cholakwika china kapena chiwopsezo popanda kusinthidwa kwathunthu kwa pulogalamu yamapulogalamu;
• Kusintha kogwira ntchito - kuwonjezera kapena kukulitsa magwiridwe antchito adongosolo pokhazikitsa zosintha zamachitidwe;
• Kusintha kwathunthu - sinthani chithunzi cha pulogalamu yowongolera;
• Kuonjezera malo olowera - kuwonjezera njira yatsopano yofikira ku intaneti yopanda zingwe popanda kufunikira kukonzanso kapena kukonzanso mapulogalamu owongolera opanda zingwe;
• Kulephera-kulephera kwa chowongolera opanda zingwe.

Kukonza zolakwika ndi zofooka

Nthawi zambiri, ndi mayankho ambiri ampikisano, kuyika zigamba kumafuna kusinthidwa kwathunthu kwa pulogalamu yowongolera opanda zingwe, zomwe zingayambitse kutsika kosakonzekera. Pankhani ya yankho la Cisco, patching imachitika popanda kuyimitsa malonda. Zigamba zitha kukhazikitsidwa pazigawo zilizonse pomwe zida zopanda zingwe zikupitilizabe kugwira ntchito.

Ndondomeko yokha ndi yosavuta. Fayilo yachigamba imakopera ku foda ya bootstrap pa imodzi mwa olamulira opanda zingwe a Cisco, ndipo ntchitoyi imatsimikiziridwa kudzera pa GUI kapena mzere wa lamulo. Kuphatikiza apo, mutha kusinthanso ndikuchotsa kukonza kudzera pa GUI kapena mzere wolamula, komanso popanda kusokoneza magwiridwe antchito.

Kusintha kogwira ntchito

Zosintha zamapulogalamu zogwira ntchito zimagwiritsidwa ntchito kuti zithandizire zatsopano. Chimodzi mwazosinthazi ndikukonzanso nkhokwe ya siginecha ya pulogalamu. Phukusili linayikidwa pa olamulira a Cisco monga kuyesa. Monga momwe zilili ndi zigamba, zosintha zimayikidwa, zimayikidwa, kapena zimachotsedwa popanda kutsika kapena kusokoneza dongosolo.

Kusintha kwathunthu

Pakalipano, kusinthidwa kwathunthu kwa chithunzi cha pulogalamu ya olamulira kumachitidwa mofanana ndi kusintha kwa ntchito, ndiko kuti, popanda nthawi yopuma. Komabe, izi zimangopezeka pakapangidwe kamagulu pokhapokha pali owongolera opitilira m'modzi. Kusintha kwathunthu kumachitika motsatana: choyamba pa wowongolera m'modzi, kenako wachiwiri.

Kuwonjezera njira yatsopano yofikira

Kulumikiza malo atsopano, omwe sanagwiritsidwepo kale ndi chithunzi cha pulogalamu ya olamulira omwe amagwiritsidwa ntchito, ku intaneti yopanda zingwe ndi ntchito yodziwika bwino, makamaka m'mabwalo akuluakulu (mabwalo a ndege, mahotela, mafakitale). Nthawi zambiri pamayankho opikisana nawo, ntchitoyi imafuna kukonzanso pulogalamu yamakina kapena kuyambitsanso owongolera.

Mukalumikiza malo atsopano a Wi-Fi 6 ku gulu la owongolera mndandanda wa Cisco Catalyst 9800, palibe zovuta zotere zomwe zimawonedwa. Kulumikiza mfundo zatsopano kwa woyang'anira kumachitika popanda kukonzanso pulogalamu ya olamulira, ndipo ndondomekoyi sikutanthauza kuyambiranso, motero sichikhudza intaneti yopanda zingwe mwanjira iliyonse.

Kulephera kwa owongolera

Malo oyesera amagwiritsa ntchito olamulira awiri a Wi-Fi 6 (Active/StandBy) ndipo malo olowera ali ndi kugwirizana kwachindunji kwa olamulira onse awiri.

Wowongolera opanda zingwe akugwira ntchito, ndipo winayo, motsatira, ndikusunga. Ngati wowongolera alephera, chowongolera chosunga zobwezeretsera chimatenga ndipo mawonekedwe ake amasintha kukhala yogwira. Izi zimachitika popanda kusokoneza malo olowera ndi Wi-Fi kwa makasitomala.

Chitetezo

Gawoli likukambirana za chitetezo, yomwe ndi nkhani yovuta kwambiri pamanetiweki opanda zingwe. Chitetezo cha yankho chimawunikidwa potengera izi:

• Kuzindikira ntchito;
• Kutsata kuyenda;
• Kusanthula kwa magalimoto obisika;
• Kuzindikira ndi kupewa kulowerera;
• Kutsimikizira kumatanthauza;
• Zida zotetezera chipangizo cha kasitomala.

Kuzindikiritsa ntchito

Mwazinthu zosiyanasiyana pamsika wamabizinesi ndi mafakitale a Wi-Fi, pali kusiyana momwe zinthu zimazindikirira kuchuluka kwa magalimoto pogwiritsa ntchito ntchito. Zogulitsa kuchokera kwa opanga osiyanasiyana zitha kuzindikira kuchuluka kwa mapulogalamu. Komabe, mapulogalamu ambiri omwe mayankho ampikisano amalemba momwe angathere kuti adziwike, kwenikweni, mawebusayiti, osati mapulogalamu apadera.

Palinso mbali ina yosangalatsa yozindikiritsa mapulogalamu: mayankho amasiyana kwambiri pakuzindikiritsa kulondola.

Poganizira zoyeserera zonse zomwe zachitika, titha kunena motsimikiza kuti njira ya Cisco Wi-Fi-6 imachita kuzindikira kwa mapulogalamu molondola kwambiri: Jabber, Netflix, Dropbox, YouTube ndi mapulogalamu ena otchuka, komanso mautumiki apaintaneti, adadziwika bwino. Mayankho a Cisco amathanso kulowa mkati mwa mapaketi a data pogwiritsa ntchito DPI (Deep Packet Inspection).

Kutsata kayendedwe ka magalimoto

Kuyesa kwina kunachitika kuti awone ngati dongosololi lingathe kutsata molondola ndi kulongosola kayendetsedwe ka deta (monga kusuntha kwakukulu kwa mafayilo). Kuti muyese izi, fayilo ya 6,5 megabyte idatumizidwa pa netiweki pogwiritsa ntchito File Transfer Protocol (FTP).

Yankho la Cisco linali lokwanira kugwira ntchitoyo ndipo lidatha kutsatira izi chifukwa cha NetFlow ndi luso lake la hardware. Magalimoto adadziwika ndikuzindikiridwa nthawi yomweyo ndi kuchuluka kwake komwe kwasamutsidwa.

Kusanthula kwamayendedwe obisika

Kuchuluka kwa deta ya ogwiritsa ntchito kukuchulukirachulukira. Izi zimachitidwa kuti zitetezedwe kuti zisatsatidwe kapena kugwidwa ndi omwe akuwukira. Koma nthawi yomweyo, obera akuchulukirachulukira kugwiritsa ntchito kubisa kubisa pulogalamu yaumbanda ndikuchita zinthu zina zokayikitsa monga Man-in-the-Middle (MiTM) kapena kuukira kwa keylogging.

Mabizinesi ambiri amawunika momwe magalimoto awo amasungidwira poyambira powachotsa pogwiritsa ntchito zozimitsa moto kapena njira zopewera kulowerera. Koma njirayi imatenga nthawi yochuluka ndipo sichipindulitsa ntchito ya intaneti yonse. Kuphatikiza apo, ikatsitsidwa, deta iyi imakhala pachiwopsezo choyang'ana maso.

Olamulira a Cisco Catalyst 9800 Series amathetsa bwino vuto la kusanthula magalimoto osungidwa ndi njira zina. Yankho lake limatchedwa Encrypted Traffic Analytics (ETA). ETA ndiukadaulo womwe pakadali pano ulibe ma analogue pamayankho ampikisano komanso omwe amazindikira pulogalamu yaumbanda mumsewu wobisika popanda kufunika kowamasulira. ETA ndi gawo lalikulu la IOS-XE lomwe limaphatikizapo Enhanced NetFlow ndipo imagwiritsa ntchito njira zotsogola zamakhalidwe kuti zizindikire machitidwe oyipa omwe amabisala mumsewu wobisika.

ETA sichichotsa mauthenga, koma imasonkhanitsa mbiri ya metadata yamayendedwe obisika - kukula kwa paketi, nthawi pakati pa mapaketi, ndi zina zambiri. Metadata imatumizidwa ku NetFlow v9 records kupita ku Cisco Stealthwatch.

Ntchito yofunika kwambiri ya Stealthwatch ndikuwunika kuchuluka kwa magalimoto nthawi zonse, komanso kupanga maziko azomwe zimachitika pa intaneti. Pogwiritsa ntchito ma metadata obisika omwe amatumizidwa kwa iwo ndi ETA, Stealthwatch imagwiritsa ntchito makina ophunzirira amitundu yambiri kuti azindikire zovuta zamagalimoto zomwe zingawonetse zochitika zokayikitsa.

Chaka chatha, Cisco adachita nawo Miercom kuti iwunike pawokha yankho lake la Cisco Encrypted Traffic Analytics. Pakuwunikaku, a Miercom adatumiza padera ziwopsezo zodziwika komanso zosadziwika (ma virus, Trojans, ransomware) mumsewu wobisika komanso wosasungidwa pamanetiweki akulu a ETA ndi omwe si a ETA kuti adziwe zowopseza.

Poyesa, code yoyipa idakhazikitsidwa pamanetiweki onse awiri. M’zochitika zonsezi, zinthu zokayikitsa zinapezeka pang’onopang’ono. Netiweki ya ETA idazindikira zowopseza 36% mwachangu kuposa netiweki yopanda ETA. Panthawi imodzimodziyo, pamene ntchitoyo inkapita patsogolo, zokolola zodziwika mu ETA zidayamba kuwonjezeka. Chotsatira chake, pambuyo pa maola angapo a ntchito, magawo awiri pa atatu a ziwopsezo zogwira ntchito adadziwika bwino pa intaneti ya ETA, yomwe imakhala yowirikiza kawiri kuposa pa intaneti yopanda ETA.

Magwiridwe a ETA amaphatikizidwa bwino ndi Stealthwatch. Zowopseza zimayikidwa mozama ndikuwonetseredwa ndi chidziwitso chatsatanetsatane, komanso njira zokonzanso zikatsimikiziridwa. Kutsiliza - ETA imagwira ntchito!

Kuzindikira ndi kupewa kulowerera

Cisco tsopano ili ndi chida china chachitetezo chothandiza kwambiri - Cisco Advanced Wireless Intrusion Prevention System (aWIP): njira yodziwira ndikupewa kuwopseza ma netiweki opanda zingwe. Yankho la aWIPS limagwira ntchito pamlingo wa olamulira, malo olowera ndi Cisco DNA Center management software. Kuzindikira ziwopsezo, kuchenjeza, ndi kupewa kumaphatikiza kusanthula kwa kuchuluka kwa magalimoto pamaneti, chipangizo cha netiweki ndi chidziwitso cha topology pamaneti, njira zozikidwa pa siginecha, ndi kuzindikira mosadziwika bwino kuti apereke ziwopsezo zolondola komanso zopewedwa opanda zingwe.

Kuphatikizira kwathunthu ma aWIPS pamanetiweki anu, mutha kuyang'anira mosalekeza kuchuluka kwa magalimoto opanda zingwe pamanetiweki opanda zingwe ndi opanda zingwe ndikuigwiritsa ntchito kuti mufufuze zomwe zingachitike kuchokera kumagwero angapo kuti muwonetsetse bwino komanso kupewa.

Kutsimikizira kumatanthauza

Pakadali pano, kuwonjezera pa zida zotsimikizika zachikale, Cisco Catalyst 9800 mayankho amathandizira WPA3. WPA3 ndiye mtundu waposachedwa kwambiri wa WPA, womwe ndi gulu la ma protocol ndi matekinoloje omwe amapereka kutsimikizika ndi kubisa kwamanetiweki a Wi-Fi.

WPA3 imagwiritsa ntchito Simultaneous Authentication of Equals (SAE) kuti ipereke chitetezo champhamvu kwambiri kwa ogwiritsa ntchito motsutsana ndi zomwe anthu ena amayesa kulosera mawu achinsinsi. Wogula akamalumikizana ndi malo olowera, amapanga kusinthana kwa SAE. Ngati atapambana, aliyense wa iwo adzapanga chinsinsi champhamvu cha cryptographically chomwe fungulo la gawo lidzachokera, ndiyeno adzalowa m'malo otsimikizira. Makasitomala ndi malo ofikira amatha kulowa m'malo ogwirira ntchito nthawi iliyonse pomwe kiyi yagawo ikufunika kupangidwa. Njirayi imagwiritsa ntchito chinsinsi chamtsogolo, momwe wowukira amatha kuswa kiyi imodzi, koma osati makiyi ena onse.

Ndiko kuti, SAE idapangidwa m'njira yoti wowukirayo azitha kuthamangitsa magalimoto ali ndi kuyesa kamodzi kokha kuti anene mawu achinsinsi data yomwe idalandidwa isanakhale yopanda ntchito. Kukonzekera kuchira kwachinsinsi kwautali, mudzafunika kupeza malo ofikira.

Chitetezo cha chipangizo cha kasitomala

Mayankho opanda zingwe a Cisco Catalyst 9800 Series pakali pano amapereka gawo lalikulu lachitetezo chamakasitomala kudzera pa Cisco Umbrella WLAN, ntchito yachitetezo chapamtambo yochokera pamtambo yomwe imagwira ntchito pamlingo wa DNS ndikuzindikira zowopsa zomwe zimadziwika komanso zomwe zikuchitika.

Cisco Umbrella WLAN imapereka zida zamakasitomala zolumikizidwa zotetezeka pa intaneti. Izi zimatheka kudzera mu kusefa zomwe zili, ndiko kuti, poletsa kugwiritsa ntchito zinthu pa intaneti molingana ndi mfundo zamabizinesi. Chifukwa chake, zida zamakasitomala pa intaneti zimatetezedwa ku pulogalamu yaumbanda, ransomware, ndi phishing. Kukhazikitsa malamulo kumatengera magawo 60 omwe akusinthidwa mosalekeza.

Zodzichitira

Ma network opanda zingwe amasiku ano ndi osinthika kwambiri komanso ovuta, kotero njira zachikhalidwe zosinthira ndikupeza zidziwitso kuchokera kwa owongolera opanda zingwe sizokwanira. Oyang'anira ma netiweki ndi akatswiri achitetezo azidziwitso amafunikira zida zodzipangira zokha ndi kusanthula, zomwe zimapangitsa ogulitsa opanda zingwe kuti apereke zida zotere.

Kuti athetse mavutowa, owongolera opanda zingwe a Cisco Catalyst 9800, pamodzi ndi API yachikhalidwe, amapereka chithandizo cha RESTCONF / NETCONF network configuration protocol ndi YANG (Yet Another Next Generation) chinenero chachitsanzo.

NETCONF ndi protocol yozikidwa pa XML yomwe mapulogalamu angagwiritse ntchito kufunsa zambiri ndikusintha masinthidwe a zida zama netiweki monga owongolera opanda zingwe.

Kuphatikiza pa njirazi, a Cisco Catalyst 9800 Series Controllers amapereka mphamvu yojambula, kupeza, ndi kusanthula deta yoyendetsera deta pogwiritsa ntchito ndondomeko za NetFlow ndi sFlow.

Kwa chitetezo ndi chitsanzo cha magalimoto, kukwanitsa kuyang'anira kayendedwe kake ndi chida chofunika kwambiri. Kuti athetse vutoli, protocol ya sFlow idakhazikitsidwa, yomwe imakulolani kuti mutenge mapaketi awiri pa zana lililonse. Komabe, nthawi zina izi sizingakhale zokwanira kusanthula ndi kuphunzira mokwanira ndikuwunika kuyenda. Chifukwa chake, njira ina ndi NetFlow, yokhazikitsidwa ndi Cisco, yomwe imakulolani kuti 100% isonkhanitse ndi kutumiza mapaketi onse mumayendedwe odziwika kuti muwunikenso.

Chinthu china, komabe, chomwe chimapezeka pokhapokha pakukhazikitsa kwa hardware kwa olamulira, omwe amakulolani kuti muzitha kuyendetsa ma netiweki opanda zingwe mu olamulira a Cisco Catalyst 9800, ndi chithandizo chothandizira chinenero cha Python monga chowonjezera chogwiritsira ntchito. scripts mwachindunji pa wireless controller palokha.

Pomaliza, Cisco Catalyst 9800 Series Controllers amathandizira pulogalamu yotsimikiziridwa ya SNMP 1, 2, ndi 3 yowunikira ndi kuyang'anira ntchito.

Choncho, ponena za automation, Cisco Catalyst 9800 Series zothetsera zimakwaniritsa zofunikira zamalonda zamakono, kupereka zonse zatsopano ndi zapadera, komanso zida zoyesedwa nthawi yogwiritsira ntchito makina opangira ma analytics mu maukonde opanda zingwe a kukula kulikonse ndi zovuta.

Pomaliza

M'mayankho ozikidwa pa Cisco Catalyst 9800 Series Controllers, Cisco inawonetsa zotsatira zabwino kwambiri m'magulu a kupezeka kwakukulu, chitetezo ndi makina.

Njira yothetsera vutoli imakwaniritsa zofunikira zonse zopezeka kwambiri monga kulephera kwachiwiri kwachiwiri pazochitika zosakonzekera komanso kutsika kwa zero pazochitika zomwe zakonzedwa.

Ma Cisco Catalyst 9800 Series Controllers amapereka chitetezo chokwanira chomwe chimapereka kuwunika kwapaketi kwakuya kwa kuzindikira ndi kuwongolera ntchito, kuwonekera kwathunthu mumayendedwe a data, ndikuzindikiritsa zowopseza zobisika mumsewu wobisika, komanso kutsimikizika kwapamwamba komanso njira zotetezera zida zamakasitomala.

Pazodzichitira zokha komanso kusanthula, Cisco Catalyst 9800 Series imapereka kuthekera kwamphamvu pogwiritsa ntchito mitundu yodziwika bwino: YANG, NETCONF, RESTCONF, ma API achikhalidwe, ndi zolemba za Python zomangidwa.

Chifukwa chake, Cisco imatsimikiziranso udindo wake monga mtsogoleri wotsogola padziko lonse lapansi wa mayankho ochezera pa intaneti, kutsatira nthawi komanso kuganizira zovuta zonse zamabizinesi amakono.

Kuti mumve zambiri za banja la Catalyst switch, pitani malo cisco.

Source: www.habr.com

Mu 2019, kampani yofunsira Miercom idachita kafukufuku wodziyimira pawokha paukadaulo wa owongolera a Wi-Fi 6 a mndandanda wa Cisco Catalyst 9800. Pa kafukufukuyu, benchi yoyeserera idasonkhanitsidwa kuchokera kwa owongolera a Cisco Wi-Fi 6 ndi malo olowera, ndipo yankho laukadaulo linali. amawunikidwa m'magulu otsatirawa:

• kupezeka;
• Security;
• Zochita zokha.

Zotsatira za phunziroli zikuwonetsedwa pansipa. Kuyambira 2019, magwiridwe antchito a owongolera a Cisco Catalyst 9800 asinthidwa bwino - mfundo izi zikuwonetsedwanso m'nkhaniyi.

Mutha kuwerenga zaubwino wina waukadaulo wa Wi-Fi 6, zitsanzo za kukhazikitsa ndi madera ogwiritsira ntchito apa.

Mayankho mwachidule

Olamulira a Wi-Fi 6 Cisco Catalyst 9800 mndandanda

Cisco Catalyst 9800 Series Wireless Controllers, yochokera ku IOS-XE yogwiritsira ntchito (yomwe imagwiritsidwanso ntchito pa Cisco switches ndi routers), imapezeka m'njira zosiyanasiyana.

Mtundu wakale wa wowongolera wa 9800-80 umathandizira ma network opanda zingwe mpaka 80 Gbps. Wowongolera m'modzi wa 9800-80 amathandizira malo ofikira 6000 ndi makasitomala opitilira 64 opanda zingwe.

Mtundu wapakatikati, wowongolera 9800-40, umathandizira mpaka 40 Gbps kudutsa, mpaka malo ofikira 2000 ndi makasitomala opitilira 32 opanda zingwe.

Kuphatikiza pamitundu iyi, kusanthula kwapikisano kumaphatikizanso wowongolera opanda zingwe wa 9800-CL (CL imayimira Cloud). 9800-CL imayenda mozungulira pa VMWare ESXI ndi KVM hypervisors, ndipo magwiridwe ake amadalira zida zodzipatulira zamakina owongolera makina. Pakukhazikika kwake kokwanira, wowongolera wa Cisco 9800-CL, monga mtundu wakale wa 9800-80, amathandizira scalability mpaka 6000 malo ofikira mpaka 64 makasitomala opanda zingwe.

Pochita kafukufuku ndi olamulira, Cisco Aironet AP 4800 malo ofikira angapo adagwiritsidwa ntchito, kuthandizira pamayendedwe a 2,4 ndi 5 GHz ndi kuthekera kosinthira mwamphamvu kumachitidwe apawiri a 5-GHz.

benchi yoyesera

Monga gawo la kuyesako, choyimira chinasonkhanitsidwa kuchokera kwa owongolera opanda zingwe a Cisco Catalyst 9800-CL omwe amagwira ntchito mgulu ndi Cisco Aironet AP 4800 malo ofikira.

Malaputopu ochokera ku Dell ndi Apple, komanso foni yam'manja ya Apple iPhone, idagwiritsidwa ntchito ngati zida zamakasitomala.

Kupezeka kwa Mayeso

Kupezeka kumatanthauzidwa ngati kuthekera kwa ogwiritsa ntchito kupeza ndikugwiritsa ntchito dongosolo kapena ntchito. Kupezeka kwakukulu kumatanthauza kupeza nthawi zonse ku dongosolo kapena ntchito, popanda zochitika zina.

Kupezeka kwakukulu kunayesedwa muzochitika zinayi, zochitika zitatu zoyambirira kukhala zodziwikiratu kapena zochitika zomwe zinakonzedweratu zomwe zingachitike panthawi kapena pambuyo pa ntchito. Chochitika chachisanu ndi kulephera kwachikale, chomwe ndi chochitika chosayembekezereka.

Kufotokozera za zochitika:

• Kuwongolera zolakwika - kusinthika kwapang'onopang'ono kwa dongosolo (bugfix kapena chigamba chachitetezo), chomwe chimakulolani kukonza cholakwika china kapena chiwopsezo popanda kusinthidwa kwathunthu kwa pulogalamu yamapulogalamu;
• Kusintha kogwira ntchito - kuwonjezera kapena kukulitsa magwiridwe antchito adongosolo pokhazikitsa zosintha zamachitidwe;
• Kusintha kwathunthu - sinthani chithunzi cha pulogalamu yowongolera;
• Kuonjezera malo olowera - kuwonjezera njira yatsopano yofikira ku intaneti yopanda zingwe popanda kufunikira kukonzanso kapena kukonzanso mapulogalamu owongolera opanda zingwe;
• Kulephera-kulephera kwa chowongolera opanda zingwe.

Kukonza zolakwika ndi zofooka

Nthawi zambiri, ndi mayankho ambiri ampikisano, kuyika zigamba kumafuna kusinthidwa kwathunthu kwa pulogalamu yowongolera opanda zingwe, zomwe zingayambitse kutsika kosakonzekera. Pankhani ya yankho la Cisco, patching imachitika popanda kuyimitsa malonda. Zigamba zitha kukhazikitsidwa pazigawo zilizonse pomwe zida zopanda zingwe zikupitilizabe kugwira ntchito.

Ndondomeko yokha ndi yosavuta. Fayilo yachigamba imakopera ku foda ya bootstrap pa imodzi mwa olamulira opanda zingwe a Cisco, ndipo ntchitoyi imatsimikiziridwa kudzera pa GUI kapena mzere wa lamulo. Kuphatikiza apo, mutha kusinthanso ndikuchotsa kukonza kudzera pa GUI kapena mzere wolamula, komanso popanda kusokoneza magwiridwe antchito.

Kusintha kogwira ntchito

Zosintha zamapulogalamu zogwira ntchito zimagwiritsidwa ntchito kuti zithandizire zatsopano. Chimodzi mwazosinthazi ndikukonzanso nkhokwe ya siginecha ya pulogalamu. Phukusili linayikidwa pa olamulira a Cisco monga kuyesa. Monga momwe zilili ndi zigamba, zosintha zimayikidwa, zimayikidwa, kapena zimachotsedwa popanda kutsika kapena kusokoneza dongosolo.

Kusintha kwathunthu

Pakalipano, kusinthidwa kwathunthu kwa chithunzi cha pulogalamu ya olamulira kumachitidwa mofanana ndi kusintha kwa ntchito, ndiko kuti, popanda nthawi yopuma. Komabe, izi zimangopezeka pakapangidwe kamagulu pokhapokha pali owongolera opitilira m'modzi. Kusintha kwathunthu kumachitika motsatana: choyamba pa wowongolera m'modzi, kenako wachiwiri.

Kuwonjezera njira yatsopano yofikira

Kulumikiza malo atsopano, omwe sanagwiritsidwepo kale ndi chithunzi cha pulogalamu ya olamulira omwe amagwiritsidwa ntchito, ku intaneti yopanda zingwe ndi ntchito yodziwika bwino, makamaka m'mabwalo akuluakulu (mabwalo a ndege, mahotela, mafakitale). Nthawi zambiri pamayankho opikisana nawo, ntchitoyi imafuna kukonzanso pulogalamu yamakina kapena kuyambitsanso owongolera.

Mukalumikiza malo atsopano a Wi-Fi 6 ku gulu la owongolera mndandanda wa Cisco Catalyst 9800, palibe zovuta zotere zomwe zimawonedwa. Kulumikiza mfundo zatsopano kwa woyang'anira kumachitika popanda kukonzanso pulogalamu ya olamulira, ndipo ndondomekoyi sikutanthauza kuyambiranso, motero sichikhudza intaneti yopanda zingwe mwanjira iliyonse.

Kulephera kwa owongolera

Malo oyesera amagwiritsa ntchito olamulira awiri a Wi-Fi 6 (Active/StandBy) ndipo malo olowera ali ndi kugwirizana kwachindunji kwa olamulira onse awiri.

Wowongolera opanda zingwe akugwira ntchito, ndipo winayo, motsatira, ndikusunga. Ngati wowongolera alephera, chowongolera chosunga zobwezeretsera chimatenga ndipo mawonekedwe ake amasintha kukhala yogwira. Izi zimachitika popanda kusokoneza malo olowera ndi Wi-Fi kwa makasitomala.

Chitetezo

Gawoli likukambirana za chitetezo, yomwe ndi nkhani yovuta kwambiri pamanetiweki opanda zingwe. Chitetezo cha yankho chimawunikidwa potengera izi:

• Kuzindikira ntchito;
• Kutsata kuyenda;
• Kusanthula kwa magalimoto obisika;
• Kuzindikira ndi kupewa kulowerera;
• Kutsimikizira kumatanthauza;
• Zida zotetezera chipangizo cha kasitomala.

Kuzindikiritsa ntchito

Mwazinthu zosiyanasiyana pamsika wamabizinesi ndi mafakitale a Wi-Fi, pali kusiyana momwe zinthu zimazindikirira kuchuluka kwa magalimoto pogwiritsa ntchito ntchito. Zogulitsa kuchokera kwa opanga osiyanasiyana zitha kuzindikira kuchuluka kwa mapulogalamu. Komabe, mapulogalamu ambiri omwe mayankho ampikisano amalemba momwe angathere kuti adziwike, kwenikweni, mawebusayiti, osati mapulogalamu apadera.

Palinso mbali ina yosangalatsa yozindikiritsa mapulogalamu: mayankho amasiyana kwambiri pakuzindikiritsa kulondola.

Poganizira zoyeserera zonse zomwe zachitika, titha kunena motsimikiza kuti njira ya Cisco Wi-Fi-6 imachita kuzindikira kwa mapulogalamu molondola kwambiri: Jabber, Netflix, Dropbox, YouTube ndi mapulogalamu ena otchuka, komanso mautumiki apaintaneti, adadziwika bwino. Mayankho a Cisco amathanso kulowa mkati mwa mapaketi a data pogwiritsa ntchito DPI (Deep Packet Inspection).

Kutsata kayendedwe ka magalimoto

Kuyesa kwina kunachitika kuti awone ngati dongosololi lingathe kutsata molondola ndi kulongosola kayendetsedwe ka deta (monga kusuntha kwakukulu kwa mafayilo). Kuti muyese izi, fayilo ya 6,5 megabyte idatumizidwa pa netiweki pogwiritsa ntchito File Transfer Protocol (FTP).

Yankho la Cisco linali lokwanira kugwira ntchitoyo ndipo lidatha kutsatira izi chifukwa cha NetFlow ndi luso lake la hardware. Magalimoto adadziwika ndikuzindikiridwa nthawi yomweyo ndi kuchuluka kwake komwe kwasamutsidwa.

Kusanthula kwamayendedwe obisika

Kuchuluka kwa deta ya ogwiritsa ntchito kukuchulukirachulukira. Izi zimachitidwa kuti zitetezedwe kuti zisatsatidwe kapena kugwidwa ndi omwe akuwukira. Koma nthawi yomweyo, obera akuchulukirachulukira kugwiritsa ntchito kubisa kubisa pulogalamu yaumbanda ndikuchita zinthu zina zokayikitsa monga Man-in-the-Middle (MiTM) kapena kuukira kwa keylogging.

Mabizinesi ambiri amawunika momwe magalimoto awo amasungidwira poyambira powachotsa pogwiritsa ntchito zozimitsa moto kapena njira zopewera kulowerera. Koma njirayi imatenga nthawi yochuluka ndipo sichipindulitsa ntchito ya intaneti yonse. Kuphatikiza apo, ikatsitsidwa, deta iyi imakhala pachiwopsezo choyang'ana maso.

Olamulira a Cisco Catalyst 9800 Series amathetsa bwino vuto la kusanthula magalimoto osungidwa ndi njira zina. Yankho lake limatchedwa Encrypted Traffic Analytics (ETA). ETA ndiukadaulo womwe pakadali pano ulibe ma analogue pamayankho ampikisano komanso omwe amazindikira pulogalamu yaumbanda mumsewu wobisika popanda kufunika kowamasulira. ETA ndi gawo lalikulu la IOS-XE lomwe limaphatikizapo Enhanced NetFlow ndipo imagwiritsa ntchito njira zotsogola zamakhalidwe kuti zizindikire machitidwe oyipa omwe amabisala mumsewu wobisika.

ETA sichichotsa mauthenga, koma imasonkhanitsa mbiri ya metadata yamayendedwe obisika - kukula kwa paketi, nthawi pakati pa mapaketi, ndi zina zambiri. Metadata imatumizidwa ku NetFlow v9 records kupita ku Cisco Stealthwatch.

Ntchito yofunika kwambiri ya Stealthwatch ndikuwunika kuchuluka kwa magalimoto nthawi zonse, komanso kupanga maziko azomwe zimachitika pa intaneti. Pogwiritsa ntchito ma metadata obisika omwe amatumizidwa kwa iwo ndi ETA, Stealthwatch imagwiritsa ntchito makina ophunzirira amitundu yambiri kuti azindikire zovuta zamagalimoto zomwe zingawonetse zochitika zokayikitsa.

Chaka chatha, Cisco adachita nawo Miercom kuti iwunike pawokha yankho lake la Cisco Encrypted Traffic Analytics. Pakuwunikaku, a Miercom adatumiza padera ziwopsezo zodziwika komanso zosadziwika (ma virus, Trojans, ransomware) mumsewu wobisika komanso wosasungidwa pamanetiweki akulu a ETA ndi omwe si a ETA kuti adziwe zowopseza.

Poyesa, code yoyipa idakhazikitsidwa pamanetiweki onse awiri. M’zochitika zonsezi, zinthu zokayikitsa zinapezeka pang’onopang’ono. Netiweki ya ETA idazindikira zowopseza 36% mwachangu kuposa netiweki yopanda ETA. Panthawi imodzimodziyo, pamene ntchitoyo inkapita patsogolo, zokolola zodziwika mu ETA zidayamba kuwonjezeka. Chotsatira chake, pambuyo pa maola angapo a ntchito, magawo awiri pa atatu a ziwopsezo zogwira ntchito adadziwika bwino pa intaneti ya ETA, yomwe imakhala yowirikiza kawiri kuposa pa intaneti yopanda ETA.

Magwiridwe a ETA amaphatikizidwa bwino ndi Stealthwatch. Zowopseza zimayikidwa mozama ndikuwonetseredwa ndi chidziwitso chatsatanetsatane, komanso njira zokonzanso zikatsimikiziridwa. Kutsiliza - ETA imagwira ntchito!

Kuzindikira ndi kupewa kulowerera

Cisco tsopano ili ndi chida china chachitetezo chothandiza kwambiri - Cisco Advanced Wireless Intrusion Prevention System (aWIP): njira yodziwira ndikupewa kuwopseza ma netiweki opanda zingwe. Yankho la aWIPS limagwira ntchito pamlingo wa olamulira, malo olowera ndi Cisco DNA Center management software. Kuzindikira ziwopsezo, kuchenjeza, ndi kupewa kumaphatikiza kusanthula kwa kuchuluka kwa magalimoto pamaneti, chipangizo cha netiweki ndi chidziwitso cha topology pamaneti, njira zozikidwa pa siginecha, ndi kuzindikira mosadziwika bwino kuti apereke ziwopsezo zolondola komanso zopewedwa opanda zingwe.

Kuphatikizira kwathunthu ma aWIPS pamanetiweki anu, mutha kuyang'anira mosalekeza kuchuluka kwa magalimoto opanda zingwe pamanetiweki opanda zingwe ndi opanda zingwe ndikuigwiritsa ntchito kuti mufufuze zomwe zingachitike kuchokera kumagwero angapo kuti muwonetsetse bwino komanso kupewa.

Kutsimikizira kumatanthauza

Pakadali pano, kuwonjezera pa zida zotsimikizika zachikale, Cisco Catalyst 9800 mayankho amathandizira WPA3. WPA3 ndiye mtundu waposachedwa kwambiri wa WPA, womwe ndi gulu la ma protocol ndi matekinoloje omwe amapereka kutsimikizika ndi kubisa kwamanetiweki a Wi-Fi.

WPA3 imagwiritsa ntchito Simultaneous Authentication of Equals (SAE) kuti ipereke chitetezo champhamvu kwambiri kwa ogwiritsa ntchito motsutsana ndi zomwe anthu ena amayesa kulosera mawu achinsinsi. Wogula akamalumikizana ndi malo olowera, amapanga kusinthana kwa SAE. Ngati atapambana, aliyense wa iwo adzapanga chinsinsi champhamvu cha cryptographically chomwe fungulo la gawo lidzachokera, ndiyeno adzalowa m'malo otsimikizira. Makasitomala ndi malo ofikira amatha kulowa m'malo ogwirira ntchito nthawi iliyonse pomwe kiyi yagawo ikufunika kupangidwa. Njirayi imagwiritsa ntchito chinsinsi chamtsogolo, momwe wowukira amatha kuswa kiyi imodzi, koma osati makiyi ena onse.

Ndiko kuti, SAE idapangidwa m'njira yoti wowukirayo azitha kuthamangitsa magalimoto ali ndi kuyesa kamodzi kokha kuti anene mawu achinsinsi data yomwe idalandidwa isanakhale yopanda ntchito. Kukonzekera kuchira kwachinsinsi kwautali, mudzafunika kupeza malo ofikira.

Chitetezo cha chipangizo cha kasitomala

Mayankho opanda zingwe a Cisco Catalyst 9800 Series pakali pano amapereka gawo lalikulu lachitetezo chamakasitomala kudzera pa Cisco Umbrella WLAN, ntchito yachitetezo chapamtambo yochokera pamtambo yomwe imagwira ntchito pamlingo wa DNS ndikuzindikira zowopsa zomwe zimadziwika komanso zomwe zikuchitika.

Cisco Umbrella WLAN imapereka zida zamakasitomala zolumikizidwa zotetezeka pa intaneti. Izi zimatheka kudzera mu kusefa zomwe zili, ndiko kuti, poletsa kugwiritsa ntchito zinthu pa intaneti molingana ndi mfundo zamabizinesi. Chifukwa chake, zida zamakasitomala pa intaneti zimatetezedwa ku pulogalamu yaumbanda, ransomware, ndi phishing. Kukhazikitsa malamulo kumatengera magawo 60 omwe akusinthidwa mosalekeza.

Zodzichitira

Ma network opanda zingwe amasiku ano ndi osinthika kwambiri komanso ovuta, kotero njira zachikhalidwe zosinthira ndikupeza zidziwitso kuchokera kwa owongolera opanda zingwe sizokwanira. Oyang'anira ma netiweki ndi akatswiri achitetezo azidziwitso amafunikira zida zodzipangira zokha ndi kusanthula, zomwe zimapangitsa ogulitsa opanda zingwe kuti apereke zida zotere.

Kuti athetse mavutowa, owongolera opanda zingwe a Cisco Catalyst 9800, pamodzi ndi API yachikhalidwe, amapereka chithandizo cha RESTCONF / NETCONF network configuration protocol ndi YANG (Yet Another Next Generation) chinenero chachitsanzo.

NETCONF ndi protocol yozikidwa pa XML yomwe mapulogalamu angagwiritse ntchito kufunsa zambiri ndikusintha masinthidwe a zida zama netiweki monga owongolera opanda zingwe.

Kuphatikiza pa njirazi, a Cisco Catalyst 9800 Series Controllers amapereka mphamvu yojambula, kupeza, ndi kusanthula deta yoyendetsera deta pogwiritsa ntchito ndondomeko za NetFlow ndi sFlow.

Kwa chitetezo ndi chitsanzo cha magalimoto, kukwanitsa kuyang'anira kayendedwe kake ndi chida chofunika kwambiri. Kuti athetse vutoli, protocol ya sFlow idakhazikitsidwa, yomwe imakulolani kuti mutenge mapaketi awiri pa zana lililonse. Komabe, nthawi zina izi sizingakhale zokwanira kusanthula ndi kuphunzira mokwanira ndikuwunika kuyenda. Chifukwa chake, njira ina ndi NetFlow, yokhazikitsidwa ndi Cisco, yomwe imakulolani kuti 100% isonkhanitse ndi kutumiza mapaketi onse mumayendedwe odziwika kuti muwunikenso.

Chinthu china, komabe, chomwe chimapezeka pokhapokha pakukhazikitsa kwa hardware kwa olamulira, omwe amakulolani kuti muzitha kuyendetsa ma netiweki opanda zingwe mu olamulira a Cisco Catalyst 9800, ndi chithandizo chothandizira chinenero cha Python monga chowonjezera chogwiritsira ntchito. scripts mwachindunji pa wireless controller palokha.

Pomaliza, Cisco Catalyst 9800 Series Controllers amathandizira pulogalamu yotsimikiziridwa ya SNMP 1, 2, ndi 3 yowunikira ndi kuyang'anira ntchito.

Choncho, ponena za automation, Cisco Catalyst 9800 Series zothetsera zimakwaniritsa zofunikira zamalonda zamakono, kupereka zonse zatsopano ndi zapadera, komanso zida zoyesedwa nthawi yogwiritsira ntchito makina opangira ma analytics mu maukonde opanda zingwe a kukula kulikonse ndi zovuta.

Pomaliza

M'mayankho ozikidwa pa Cisco Catalyst 9800 Series Controllers, Cisco inawonetsa zotsatira zabwino kwambiri m'magulu a kupezeka kwakukulu, chitetezo ndi makina.

Njira yothetsera vutoli imakwaniritsa zofunikira zonse zopezeka kwambiri monga kulephera kwachiwiri kwachiwiri pazochitika zosakonzekera komanso kutsika kwa zero pazochitika zomwe zakonzedwa.

Ma Cisco Catalyst 9800 Series Controllers amapereka chitetezo chokwanira chomwe chimapereka kuwunika kwapaketi kwakuya kwa kuzindikira ndi kuwongolera ntchito, kuwonekera kwathunthu mumayendedwe a data, ndikuzindikiritsa zowopseza zobisika mumsewu wobisika, komanso kutsimikizika kwapamwamba komanso njira zotetezera zida zamakasitomala.

Pazodzichitira zokha komanso kusanthula, Cisco Catalyst 9800 Series imapereka kuthekera kwamphamvu pogwiritsa ntchito mitundu yodziwika bwino: YANG, NETCONF, RESTCONF, ma API achikhalidwe, ndi zolemba za Python zomangidwa.

Chifukwa chake, Cisco imatsimikiziranso udindo wake monga mtsogoleri wotsogola padziko lonse lapansi wa mayankho ochezera pa intaneti, kutsatira nthawi komanso kuganizira zovuta zonse zamabizinesi amakono.

Kuti mumve zambiri za banja la Catalyst switch, pitani malo cisco.

Source: www.habr.com