ProHoster > Blog > Utongi > Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

Muna 2019, kambani yekubvunza Miercom yakaita yakazvimirira tekinoroji ongororo yeWi-Fi 6 controllers yeCisco Catalyst 9800 akatevedzana. inoongororwa muzvikamu zvinotevera:

  • Kuwanikwa;
  • Kuchengetedza;
  • Automation.

Zvigumisiro zvechidzidzo zvinoratidzwa pasi apa. Kubva 2019, mashandiro eCisco Catalyst 9800 akateedzana controllers akavandudzwa zvakanyanya - aya mapoinzi anoratidzwawo muchinyorwa ichi.

Iwe unogona kuverenga nezve mamwe mabhenefiti eWi-Fi 6 tekinoroji, mienzaniso yekushandisa uye nzvimbo dzekushandisa pano.

Solution overview

Wi-Fi 6 vatongi Cisco Catalyst 9800 akatevedzana

Iyo Cisco Catalyst 9800 Series Wireless Controllers, yakavakirwa paIOS-XE inoshanda sisitimu (inoshandiswawo kuCisco switch uye ma routers), inowanikwa mune dzakasiyana sarudzo.

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

Iyo yekare modhi ye9800-80 controller inotsigira isina waya network throughput kusvika ku80 Gbps. Imwe 9800-80 controller inotsigira inosvika zviuru zvitanhatu zvekusvika nzvimbo uye kusvika 6000 isina waya vatengi.

Iyo yepakati-renji modhi, iyo 9800-40 controller, inotsigira anosvika makumi mana Gbps throughput, anosvika zviuru zviviri zvekusvika nzvimbo uye anosvika zviuru makumi matatu nemaviri evatengi vasina waya.

Pamusoro pemhando idzi, ongororo yemakwikwi zvakare yaisanganisira iyo 9800-CL isina waya controller (CL inomiririra Cloud). Iyo 9800-CL inomhanya munzvimbo chaidzo paVMWare ESXI neKVM hypervisors, uye kuita kwayo kunoenderana neyakazvitsaurira Hardware zviwanikwa zve controller virtual muchina. Mukurongeka kwayo kwakanyanya, Cisco 9800-CL controller, senge yekare modhi 9800-80, inotsigira scalability inosvika zviuru zvitanhatu zvekusvika nzvimbo uye kusvika 6000 isina waya vatengi.

Pakuita tsvakiridzo nevatongi, Cisco Aironet AP 4800 akatevedzana mapoinzi ekupinda akashandiswa, achitsigira mashandiro pamafrequency e2,4 uye 5 GHz nekugona kushandura zvine simba kune mbiri 5-GHz modhi.

test bhenji

Sechikamu chekuyedzwa, chigadziko chakaunganidzwa kubva kune maviri eCisco Catalyst 9800-CL asina waya anodzora anoshanda musumbu uye Cisco Aironet AP 4800 akatevedzana ekuwana nzvimbo.

Laptops kubva kuDell neApple, pamwe neApple iPhone smartphone, yakashandiswa semidziyo yemutengi.

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

Accessibility Testing

Kuwanikwa kunotsanangurwa sekugona kwevashandisi kuwana nekushandisa sisitimu kana sevhisi. Kuwanikwa kwepamusoro kunoreva kuenderera mberi kune system kana sevhisi, yakazvimirira pane zvimwe zviitiko.

Kuwanikwa kwepamusoro kwakaedzwa muzviitiko zvina, mamiriro matatu ekutanga ari ekufungidzira kana akarongwa zviitiko zvinogona kuitika panguva kana mushure memaawa ebhizinesi. Mamiriro echishanu kutadza kwekare, chinova chiitiko chisingatarisirwi.

Tsanangudzo yezviitiko:

  • Kugadziriswa kwekukanganisa - micro-update yehurongwa (bugfix kana chigamba chekuchengetedza), iyo inokubvumira kugadzirisa imwe mhosho kana kushaya simba pasina kugadziriswa kwakakwana kwepurogiramu yepurogiramu;
  • Functional update - kuwedzera kana kuwedzera kushanda kwazvino kwegadziriro nekuisa zvigadziriso zvinoshanda;
  • Yakazara gadziriso - gadziridza iyo controller software mufananidzo;
  • Kuwedzera nzvimbo yekuwana - kuwedzera mutsva wekutsvaga modhi kune network isina waya pasina chikonzero chekugadzirisa zvakare kana kugadzirisa iyo isina waya controller software;
  • Kutadza-kutadza kweiyo isina waya controller.

Kugadzirisa tsikidzi uye vulnerabilities

Kazhinji, nemhinduro dzakawanda dzemakwikwi, kupeta kunoda kugadziridzwa kwesoftware kweiyo wireless controller system, izvo zvinogona kuguma nenguva isina kurongeka. Munyaya yeCisco solution, kupeta kunoitwa pasina kumisa chigadzirwa. Mapeche anogona kuisirwa pane chero chezvikamu apo isina waya zvivakwa zvinoramba zvichishanda.

Nzira yacho pachayo iri nyore. Iyo chigamba faira inoteedzerwa kune bootstrap folda pane imwe yeCisco isina waya controllers, uye oparesheni yacho inozosimbiswa kuburikidza neGUI kana mutsara wekuraira. Mukuwedzera, iwe unogona zvakare kugadzirisa uye kubvisa kugadzirisa kuburikidza neGUI kana mutsara wekuraira, zvakare pasina kukanganisa kushanda kwehurongwa.

Kushanda update

Inoshanda software inogadziridza inoshandiswa kugonesa maficha matsva. Imwe yeiyi kuvandudzwa ndeye kuvandudza iyo application siginecha dhatabhesi. Iyi pasuru yakaiswa paCisco controllers seyedzo. Kungofanana nezvigamba, zvigadziriso zvinoiswa, kuiswa, kana kubviswa pasina kudzika kana kukanganiswa kwehurongwa.

Full update

Parizvino, kugadziridzwa kwakazara kweiyo controller software yemufananidzo kunoitwa nenzira imwecheteyo seyekuita basa rekuvandudza, ndiko kuti, pasina kuderera. Nekudaro, iyi ficha inongowanikwa mu cluster configuration kana paine anopfuura mumwe controller. Kugadziridza kwakazara kunoitwa zvakatevedzana: kutanga pane mumwe controller, ipapo pane yechipiri.

Kuwedzera imwe nzira yekuwana nzvimbo

Kubatanidza nzvimbo itsva dzekuwana, dzisina kumbobvira dzashandiswa nemufananidzo wesoftware yakashandiswa, kune network isina waya ibasa rakajairika, kunyanya mumatiweki makuru (ndege, mahotera, mafekitori). Kazhinji mumakwikwi mhinduro, kushanda uku kunoda kuvandudza sisitimu software kana kutangazve ma controller.

Kana uchibatanidza mitsva yeWi-Fi 6 nzvimbo dzekuwana kune sumbu reCisco Catalyst 9800 nhevedzano vatongi, hapana matambudziko akadaro anocherechedzwa. Kubatanidza mapoinzi matsva kune controller kunoitwa pasina kuvandudza iyo controller software, uye maitiro aya haadi reboot, nekudaro haakanganisa network isina waya chero nzira.

Kutadza kwemutongi

Iyo nharaunda yekuyedza inoshandisa maviri eWi-Fi 6 controller (Active/StandBy) uye nzvimbo yekupinda ine chinongedzo chakananga kune vese vatongi.

Imwe isina waya controller inoshanda, uye imwe, zvichiteerana, ndeye backup. Kana iyo inoshanda controller ikatadza, iyo backup controller inotora uye chimiro chayo chinoshanduka kuita inoshanda. Iyi nzira inoitika pasina kukanganisa kwenzvimbo yekuwana uye Wi-Fi yevatengi.

Chengetedzo

Ichi chikamu chinokurukura zvinhu zvekuchengetedza, inova nyaya iri kunyanya kudzvanya mumawaya network. Kuchengeteka kwemhinduro kunoongororwa zvichibva pane zvinotevera maitiro:

  • Kuzivikanwa kwekushandisa;
  • Flow tracking;
  • Kuongororwa kweiyo encrypted traffic;
  • Kuonekwa kwekupinda nekudzivirira;
  • Authentication zvinoreva;
  • Client mudziyo kudzivirira maturusi.

Kuzivikanwa kwekushandisa

Pakati pezvakasiyana zvezvigadzirwa mubhizimusi uye indasitiri yeWi-Fi musika, pane misiyano yekuti zvigadzirwa zvinozivisa sei traffic nekushandisa. Zvigadzirwa kubva kune vakasiyana vagadziri zvinogona kuratidza nhamba dzakasiyana dzemashandisirwo. Nekudaro, mazhinji emashandisirwo ayo anokwikwidza mhinduro anonyora sezvinobvira pakuzivikanwa, ari mawebhusaiti, uye kwete akasiyana maapplication.

Pane chimwe chinonakidza chimiro chekuzivikanwa kweapp: mhinduro dzinosiyana zvakanyanya mukuzivikanwa kwechokwadi.

Tichifunga nezve bvunzo dzese dzakaitwa, tinogona kutaura zvine musoro kuti Cisco's Wi-Fi-6 mhinduro inoita kucherechedzwa kweapp nemazvo: Jabber, Netflix, Dropbox, YouTube uye mamwe maapplication akakurumbira, pamwe newebhu masevhisi, akaonekwa nenzira kwayo. Cisco mhinduro dzinogonawo kunyura zvakadzika mumapakiti edata uchishandisa DPI (Deep Packet Inspection).

Traffic flow tracking

Imwe bvunzo yakaitwa kuti ione kana sisitimu yacho yaigona kunyatso tevera uye kushuma mafambiro e data (senge mafambisirwo makuru efaira). Kuti uedze izvi, faira re6,5 megabyte rakatumirwa pamusoro petiweki uchishandisa File Transfer Protocol (FTP).

Iyo Cisco mhinduro yaive yakakwana kune iyo basa uye yakakwanisa kuteedzera iyi traffic yekutenda kuNetFlow nekugona kwayo hardware. Traffic yakaonekwa uye yakaonekwa nekukasira nehuwandu hwe data yakaendeswa.

Encrypted traffic analysis

Mushandisi data traffic iri kuwedzera kuve encrypted. Izvi zvinoitirwa kudzivirira kuti isatevererwe kana kubatwa nevanorwisa. Asi panguva imwecheteyo, matsotsi ari kuwedzera kushandisa encryption kuvanza malware avo uye kuita mamwe mabasa asina chokwadi akadai seMan-in-the-Middle (MiTM) kana keylogging kurwisa.

Mazhinji mabhizinesi anoongorora mamwe etrafiki yavo yakavharidzirwa nekutanga kuibvisa uchishandisa firewall kana intrusion kudzivirira masisitimu. Asi izvi zvinotora nguva yakawanda uye hazvibatsiri kushanda kwetiweki zvachose. Uye zvakare, kana yabviswa, iyi data inova panjodzi yekuona maziso.

Cisco Catalyst 9800 Series controllers zvinobudirira kugadzirisa dambudziko rekuongorora encrypted traffic nedzimwe nzira. Mhinduro yacho inonzi Encrypted Traffic Analytics (ETA). ETA itekinoroji iyo parizvino isina analogues mumakwikwi mhinduro uye iyo inoona malware mune yakavharidzirwa traffic pasina kukosha kwekuibvisa. ETA chinhu chakakosha cheIOS-XE chinosanganisira Enhanced NetFlow uye inoshandisa advanced behaviour algorithms kuona yakashata maitiro emumigwagwa akavanda mutrafiki yakavharidzirwa.

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

ETA haiburitse mameseji, asi inounganidza metadata profiles yeyakavanzika traffic inoyerera - saizi yepakiti, nguva dzenguva pakati pemapaketi, nezvimwe zvakawanda. Iyo metadata inozoendeswa kunze kwenyika muNetFlow v9 marekodhi kuCisco Stealthwatch.

Basa rakakosha reStealthwatch kugara uchitarisa traffic, pamwe nekugadzira hwaro hwezvakajairika network chiitiko. Ichishandisa yakavharidzirwa rukova metadata yakatumirwa kwairi neETA, Stealthwatch inoshandisa akawanda-layered muchina kudzidza kuona maitiro etraffic anomalies anogona kuratidza zviitiko zvekufungira.

Gore rapfuura, Cisco yakabata Miercom kuti iongorore yakazvimirira Cisco Encrypted Traffic Analytics mhinduro. Munguva yekuongorora uku, Miercom yakatumira zvakasiyana inozivikanwa uye isingazivikanwe kutyisidzira (mavhairasi, Trojans, ransomware) mune yakavanzika uye isina kuvharirwa traffic pane yakakura ETA uye isiri-ETA network kuona kutyisidzira.

Pakuyedzwa, kodhi ine hutsinye yakatangwa pamanetiweki ese ari maviri. Muzviitiko zvose zviri zviviri, kuita kwokunyumwira kwakaonekwa zvishoma nezvishoma. Iyo ETA network yakatanga kuona kutyisidzira 36% nekukurumidza kupfuura iyo isiri-ETA network. Panguva imwecheteyo, sezvo basa richifambira mberi, chibereko chekuonekwa muETA network chakatanga kuwedzera. Nekuda kweizvozvo, mushure memaawa akati wandei ebasa, zvikamu zviviri muzvitatu zvekutyisidzira kwakasimba zvakaonekwa zvakabudirira muETA network, iyo inopetwa kaviri kupfuura mune isiri-ETA network.

ETA mashandiro akanyatsobatanidzwa neStealthwatch. Kutyisidzirwa kunoiswa pakuomarara uye kunoratidzwa neruzivo rwakadzama, pamwe nesarudzo dzekugadzirisa kana dzasimbiswa. Mhedziso - ETA inoshanda!

Kuonekwa kwekupinda nekudzivirira

Cisco ikozvino ine chimwe chinoshanda chekuchengetedza chishandiso - iyo Cisco Advanced Wireless Intrusion Prevention System (aWIP): nzira yekuona nekudzivirira kutyisidzira kune isina waya network. Iyo aWIPS mhinduro inoshanda pamwero wevatongi, nzvimbo dzekuwana uye Cisco DNA Center management software. Kuona kutyisidzira, kunyevera, uye kudzivirira kunobatanidza kuongororwa kwetiweki traffic, network network uye network topology ruzivo, siginecha-yakavakirwa matekiniki, uye anomaly yekuona kuendesa kwakaringana uye kudzivirirwa kutyisidzira kusina waya.

Kunyatsobatanidza aWIPS mune yako network network, unogona kuenderera mberi nekutarisa isina waya traffic pane ese ane waya uye isina waya network uye woishandisa kuongorora otomatiki kurwiswa kunogona kubva kune akawanda masosi kuti upe iyo yakazara yakazara yekuona nekudzivirira inogoneka.

Authentication zvinoreva

Parizvino, mukuwedzera kune ekare echokwadi maturusi, Cisco Catalyst 9800 akatevedzana mhinduro anotsigira WPA3. WPA3 ndiyo yazvino vhezheni yeWPA, inova seti yemaprotocol uye matekinoroji anopa huchokwadi uye encryption yeWi-Fi network.

WPA3 inoshandisa Simultaneous Authentication of Equals (SAE) kupa dziviriro yakasimba kune vashandisi kubva pakuedza kufungidzira password nevechitatu mapato. Kana mutengi akabatana nenzvimbo yekuwana, inoita shanduko yeSAE. Kana ikabudirira, mumwe nemumwe wavo achagadzira kiyi yekriptographically yakasimba kubva iyo kiyi yechikamu ichatorwa, uye ivo vanozopinda mune yekusimbisa mamiriro. Mutengi uye nzvimbo yekuwana inogona kupinda munzvimbo dzekubata maoko nguva yega yega kiyi yechikamu inoda kugadzirwa. Iyo nzira inoshandisa zvakavanzika zvemberi, umo munhu anorwisa anogona kupaza kiyi imwe, asi kwete mamwe makiyi ese.

Ndiko kuti, SAE yakagadzirwa nenzira yekuti munhu anorwisa anobata traffic anongoyedza imwe chete yekufungidzira password iyo data yakabatwa isati yave isina basa. Kuti uronge kudzoreredza password refu, iwe unozoda kuwana kwemuviri kunzvimbo yekuwana.

Client mudziyo kudzivirira

Cisco Catalyst 9800 Series isina waya mhinduro parizvino inopa iyo yakakosha kuchengetedzwa kwevatengi kuburikidza neCisco Umbrella WLAN, gore-yakavakirwa netiweki yekuchengetedza sevhisi inoshanda padanho reDNS nekuona otomatiki kwese kutyisidzira kunozivikanwa uye kuri kubuda.

Cisco Umbrella WLAN inopa vatengi zvishandiso zvine yakachengeteka yekubatanidza kuInternet. Izvi zvinowanikwa kuburikidza nekusefa kwemukati, ndiko kuti, nekuvhara kupinda kune zviwanikwa paInternet zvinoenderana nemutemo webhizinesi. Saka, zvishandiso zvevatengi paInternet zvakachengetedzwa kubva kune malware, ransomware, uye phishing. Kutevedzwa kwepolicy kwakavakirwa pazvikamu makumi matanhatu zvinoramba zvichivandudzwa zvemukati.

Kuzvishandura

Mazuva ano mawaya network akanyanya kuchinjika uye akaomarara, saka nzira dzechinyakare dzekugadzirisa uye kudzoreredza ruzivo kubva kune vasina waya controller hadzina kukwana. Network administrator uye ruzivo rwekuchengetedza ruzivo vanoda maturusi e otomatiki uye analytics, zvichiita kuti vatengesi vasina waya vape maturusi akadaro.

Kugadzirisa matambudziko aya, iyo Cisco Catalyst 9800 yakatevedzana isina waya controllers, pamwe neyechinyakare API, inopa rutsigiro rweiyo RESTCONF / NETCONF network kumisikidza protocol neYANG (Yet Imwe Inotevera Generation) data modelling mutauro.

NETCONF ndeye XML-yakavakirwa protocol iyo maapplication anogona kushandisa kubvunza ruzivo uye kushandura magadzirirwo etiweki zvishandiso senge mawaya controller.

Kuwedzera kune idzi nzira, iyo Cisco Catalyst 9800 Series Controllers inopa kugona kutora, kutora, uye kuongorora ruzivo rwekuyerera data uchishandisa NetFlow uye sFlow protocol.

Nekuchengetedza uye traffic modelling, kugona kuteedzera kuyerera chaiko chinhu chakakosha chishandiso. Kugadzirisa dambudziko iri, iyo sFlow protocol yakaitwa, iyo inobvumidza iwe kutora mapaketi maviri kubva muzana rega rega. Zvisinei, dzimwe nguva izvi zvinogona kunge zvisina kukwana kuongorora uye kudzidza zvakakwana uye kuongorora kuyerera. Saka, imwe nzira ndeye NetFlow, inoshandiswa neCisco, iyo inokubvumira kuti 100% iunganidze uye utumire kunze mapaketi ose mukuyerera kwakatarwa kwekuongorora kunotevera.

Chimwe chinhu, zvisinei, chinowanikwa chete mukushandiswa kwehardware kwevanodzora, izvo zvinokutendera kuti uite otomatiki kushanda kweiyo wireless network muCisco Catalyst 9800 series controllers, yakavakirwa-mukati tsigiro yemutauro wePython sekuwedzera-kwekushandisa. zvinyorwa zvakananga pane isina waya controller pachayo.

Chekupedzisira, Cisco Catalyst 9800 Series Controllers inotsigira yakasimbiswa SNMP vhezheni 1, 2, uye 3 protocol yekutarisa uye manejimendi mashandiro.

Saka, maererano ne automation, Cisco Catalyst 9800 Series mhinduro dzinozadzisa zvizere zvinodiwa zvebhizimisi zvemazuva ano, zvinopa zvose zvitsva uye zvakasiyana-siyana, pamwe chete nenguva yakaedzwa maturusi ekushanda otomatiki uye analytics mumatambo asina waya emhando ipi neipi uye kuoma.

mhedziso

Mumhinduro dzakavakirwa paCisco Catalyst 9800 Series Controllers, Cisco yakaratidza mhedzisiro yakanakisa muzvikamu zvekuwanikwa kwepamusoro, chengetedzo uye otomatiki.

Mhinduro yacho inosangana zvizere nezvose zvinodiwa zvekuwanikwa zvakanyanya senge sub-second failover panguva yezviitiko zvisina kurongwa uye zero downtime yezviitiko zvakarongwa.

Iyo Cisco Catalyst 9800 Series Controllers inopa kuchengetedzeka kwakadzama kunopa yakadzika packet ongororo yekuzivikanwa kwechikumbiro uye manejimendi, kuoneka kwakakwana mukuyerera kwedata, uye kuzivikanwa kwekutyisidzira kwakavanzwa mumigwagwa yakavharidzirwa, pamwe nekusimbisa kwepamberi uye nzira dzekuchengetedza dzemidziyo yemutengi.

Kune otomatiki uye analytics, iyo Cisco Catalyst 9800 Series inopa masimba ane simba uchishandisa akakurumbira akajairwa modhi: YANG, NETCONF, RESTCONF, echinyakare APIs, uye akavakirwa-mukati maPython zvinyorwa.

Nekudaro, Cisco inosimbisazve chimiro chayo semutungamiri wepasirese wekugadzira networking mhinduro, inofambirana nenguva uye ichifunga nezvese matambudziko ebhizinesi razvino.

Kuti uwane rumwe ruzivo nezve Catalyst switch mhuri, shanya site cisco.

Source: www.habr.com

Muna 2019, kambani yekubvunza Miercom yakaita yakazvimirira tekinoroji ongororo yeWi-Fi 6 controllers yeCisco Catalyst 9800 akatevedzana. inoongororwa muzvikamu zvinotevera:

  • Kuwanikwa;
  • Kuchengetedza;
  • Automation.

Zvigumisiro zvechidzidzo zvinoratidzwa pasi apa. Kubva 2019, mashandiro eCisco Catalyst 9800 akateedzana controllers akavandudzwa zvakanyanya - aya mapoinzi anoratidzwawo muchinyorwa ichi.

Iwe unogona kuverenga nezve mamwe mabhenefiti eWi-Fi 6 tekinoroji, mienzaniso yekushandisa uye nzvimbo dzekushandisa pano.

Solution overview

Wi-Fi 6 vatongi Cisco Catalyst 9800 akatevedzana

Iyo Cisco Catalyst 9800 Series Wireless Controllers, yakavakirwa paIOS-XE inoshanda sisitimu (inoshandiswawo kuCisco switch uye ma routers), inowanikwa mune dzakasiyana sarudzo.

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

Iyo yekare modhi ye9800-80 controller inotsigira isina waya network throughput kusvika ku80 Gbps. Imwe 9800-80 controller inotsigira inosvika zviuru zvitanhatu zvekusvika nzvimbo uye kusvika 6000 isina waya vatengi.

Iyo yepakati-renji modhi, iyo 9800-40 controller, inotsigira anosvika makumi mana Gbps throughput, anosvika zviuru zviviri zvekusvika nzvimbo uye anosvika zviuru makumi matatu nemaviri evatengi vasina waya.

Pamusoro pemhando idzi, ongororo yemakwikwi zvakare yaisanganisira iyo 9800-CL isina waya controller (CL inomiririra Cloud). Iyo 9800-CL inomhanya munzvimbo chaidzo paVMWare ESXI neKVM hypervisors, uye kuita kwayo kunoenderana neyakazvitsaurira Hardware zviwanikwa zve controller virtual muchina. Mukurongeka kwayo kwakanyanya, Cisco 9800-CL controller, senge yekare modhi 9800-80, inotsigira scalability inosvika zviuru zvitanhatu zvekusvika nzvimbo uye kusvika 6000 isina waya vatengi.

Pakuita tsvakiridzo nevatongi, Cisco Aironet AP 4800 akatevedzana mapoinzi ekupinda akashandiswa, achitsigira mashandiro pamafrequency e2,4 uye 5 GHz nekugona kushandura zvine simba kune mbiri 5-GHz modhi.

test bhenji

Sechikamu chekuyedzwa, chigadziko chakaunganidzwa kubva kune maviri eCisco Catalyst 9800-CL asina waya anodzora anoshanda musumbu uye Cisco Aironet AP 4800 akatevedzana ekuwana nzvimbo.

Laptops kubva kuDell neApple, pamwe neApple iPhone smartphone, yakashandiswa semidziyo yemutengi.

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

Accessibility Testing

Kuwanikwa kunotsanangurwa sekugona kwevashandisi kuwana nekushandisa sisitimu kana sevhisi. Kuwanikwa kwepamusoro kunoreva kuenderera mberi kune system kana sevhisi, yakazvimirira pane zvimwe zviitiko.

Kuwanikwa kwepamusoro kwakaedzwa muzviitiko zvina, mamiriro matatu ekutanga ari ekufungidzira kana akarongwa zviitiko zvinogona kuitika panguva kana mushure memaawa ebhizinesi. Mamiriro echishanu kutadza kwekare, chinova chiitiko chisingatarisirwi.

Tsanangudzo yezviitiko:

  • Kugadziriswa kwekukanganisa - micro-update yehurongwa (bugfix kana chigamba chekuchengetedza), iyo inokubvumira kugadzirisa imwe mhosho kana kushaya simba pasina kugadziriswa kwakakwana kwepurogiramu yepurogiramu;
  • Functional update - kuwedzera kana kuwedzera kushanda kwazvino kwegadziriro nekuisa zvigadziriso zvinoshanda;
  • Yakazara gadziriso - gadziridza iyo controller software mufananidzo;
  • Kuwedzera nzvimbo yekuwana - kuwedzera mutsva wekutsvaga modhi kune network isina waya pasina chikonzero chekugadzirisa zvakare kana kugadzirisa iyo isina waya controller software;
  • Kutadza-kutadza kweiyo isina waya controller.

Kugadzirisa tsikidzi uye vulnerabilities

Kazhinji, nemhinduro dzakawanda dzemakwikwi, kupeta kunoda kugadziridzwa kwesoftware kweiyo wireless controller system, izvo zvinogona kuguma nenguva isina kurongeka. Munyaya yeCisco solution, kupeta kunoitwa pasina kumisa chigadzirwa. Mapeche anogona kuisirwa pane chero chezvikamu apo isina waya zvivakwa zvinoramba zvichishanda.

Nzira yacho pachayo iri nyore. Iyo chigamba faira inoteedzerwa kune bootstrap folda pane imwe yeCisco isina waya controllers, uye oparesheni yacho inozosimbiswa kuburikidza neGUI kana mutsara wekuraira. Mukuwedzera, iwe unogona zvakare kugadzirisa uye kubvisa kugadzirisa kuburikidza neGUI kana mutsara wekuraira, zvakare pasina kukanganisa kushanda kwehurongwa.

Kushanda update

Inoshanda software inogadziridza inoshandiswa kugonesa maficha matsva. Imwe yeiyi kuvandudzwa ndeye kuvandudza iyo application siginecha dhatabhesi. Iyi pasuru yakaiswa paCisco controllers seyedzo. Kungofanana nezvigamba, zvigadziriso zvinoiswa, kuiswa, kana kubviswa pasina kudzika kana kukanganiswa kwehurongwa.

Full update

Parizvino, kugadziridzwa kwakazara kweiyo controller software yemufananidzo kunoitwa nenzira imwecheteyo seyekuita basa rekuvandudza, ndiko kuti, pasina kuderera. Nekudaro, iyi ficha inongowanikwa mu cluster configuration kana paine anopfuura mumwe controller. Kugadziridza kwakazara kunoitwa zvakatevedzana: kutanga pane mumwe controller, ipapo pane yechipiri.

Kuwedzera imwe nzira yekuwana nzvimbo

Kubatanidza nzvimbo itsva dzekuwana, dzisina kumbobvira dzashandiswa nemufananidzo wesoftware yakashandiswa, kune network isina waya ibasa rakajairika, kunyanya mumatiweki makuru (ndege, mahotera, mafekitori). Kazhinji mumakwikwi mhinduro, kushanda uku kunoda kuvandudza sisitimu software kana kutangazve ma controller.

Kana uchibatanidza mitsva yeWi-Fi 6 nzvimbo dzekuwana kune sumbu reCisco Catalyst 9800 nhevedzano vatongi, hapana matambudziko akadaro anocherechedzwa. Kubatanidza mapoinzi matsva kune controller kunoitwa pasina kuvandudza iyo controller software, uye maitiro aya haadi reboot, nekudaro haakanganisa network isina waya chero nzira.

Kutadza kwemutongi

Iyo nharaunda yekuyedza inoshandisa maviri eWi-Fi 6 controller (Active/StandBy) uye nzvimbo yekupinda ine chinongedzo chakananga kune vese vatongi.

Imwe isina waya controller inoshanda, uye imwe, zvichiteerana, ndeye backup. Kana iyo inoshanda controller ikatadza, iyo backup controller inotora uye chimiro chayo chinoshanduka kuita inoshanda. Iyi nzira inoitika pasina kukanganisa kwenzvimbo yekuwana uye Wi-Fi yevatengi.

Chengetedzo

Ichi chikamu chinokurukura zvinhu zvekuchengetedza, inova nyaya iri kunyanya kudzvanya mumawaya network. Kuchengeteka kwemhinduro kunoongororwa zvichibva pane zvinotevera maitiro:

  • Kuzivikanwa kwekushandisa;
  • Flow tracking;
  • Kuongororwa kweiyo encrypted traffic;
  • Kuonekwa kwekupinda nekudzivirira;
  • Authentication zvinoreva;
  • Client mudziyo kudzivirira maturusi.

Kuzivikanwa kwekushandisa

Pakati pezvakasiyana zvezvigadzirwa mubhizimusi uye indasitiri yeWi-Fi musika, pane misiyano yekuti zvigadzirwa zvinozivisa sei traffic nekushandisa. Zvigadzirwa kubva kune vakasiyana vagadziri zvinogona kuratidza nhamba dzakasiyana dzemashandisirwo. Nekudaro, mazhinji emashandisirwo ayo anokwikwidza mhinduro anonyora sezvinobvira pakuzivikanwa, ari mawebhusaiti, uye kwete akasiyana maapplication.

Pane chimwe chinonakidza chimiro chekuzivikanwa kweapp: mhinduro dzinosiyana zvakanyanya mukuzivikanwa kwechokwadi.

Tichifunga nezve bvunzo dzese dzakaitwa, tinogona kutaura zvine musoro kuti Cisco's Wi-Fi-6 mhinduro inoita kucherechedzwa kweapp nemazvo: Jabber, Netflix, Dropbox, YouTube uye mamwe maapplication akakurumbira, pamwe newebhu masevhisi, akaonekwa nenzira kwayo. Cisco mhinduro dzinogonawo kunyura zvakadzika mumapakiti edata uchishandisa DPI (Deep Packet Inspection).

Traffic flow tracking

Imwe bvunzo yakaitwa kuti ione kana sisitimu yacho yaigona kunyatso tevera uye kushuma mafambiro e data (senge mafambisirwo makuru efaira). Kuti uedze izvi, faira re6,5 megabyte rakatumirwa pamusoro petiweki uchishandisa File Transfer Protocol (FTP).

Iyo Cisco mhinduro yaive yakakwana kune iyo basa uye yakakwanisa kuteedzera iyi traffic yekutenda kuNetFlow nekugona kwayo hardware. Traffic yakaonekwa uye yakaonekwa nekukasira nehuwandu hwe data yakaendeswa.

Encrypted traffic analysis

Mushandisi data traffic iri kuwedzera kuve encrypted. Izvi zvinoitirwa kudzivirira kuti isatevererwe kana kubatwa nevanorwisa. Asi panguva imwecheteyo, matsotsi ari kuwedzera kushandisa encryption kuvanza malware avo uye kuita mamwe mabasa asina chokwadi akadai seMan-in-the-Middle (MiTM) kana keylogging kurwisa.

Mazhinji mabhizinesi anoongorora mamwe etrafiki yavo yakavharidzirwa nekutanga kuibvisa uchishandisa firewall kana intrusion kudzivirira masisitimu. Asi izvi zvinotora nguva yakawanda uye hazvibatsiri kushanda kwetiweki zvachose. Uye zvakare, kana yabviswa, iyi data inova panjodzi yekuona maziso.

Cisco Catalyst 9800 Series controllers zvinobudirira kugadzirisa dambudziko rekuongorora encrypted traffic nedzimwe nzira. Mhinduro yacho inonzi Encrypted Traffic Analytics (ETA). ETA itekinoroji iyo parizvino isina analogues mumakwikwi mhinduro uye iyo inoona malware mune yakavharidzirwa traffic pasina kukosha kwekuibvisa. ETA chinhu chakakosha cheIOS-XE chinosanganisira Enhanced NetFlow uye inoshandisa advanced behaviour algorithms kuona yakashata maitiro emumigwagwa akavanda mutrafiki yakavharidzirwa.

Kana iwe uine controller, hapana dambudziko: maitiro ekuchengetedza nyore network yako isina waya

ETA haiburitse mameseji, asi inounganidza metadata profiles yeyakavanzika traffic inoyerera - saizi yepakiti, nguva dzenguva pakati pemapaketi, nezvimwe zvakawanda. Iyo metadata inozoendeswa kunze kwenyika muNetFlow v9 marekodhi kuCisco Stealthwatch.

Basa rakakosha reStealthwatch kugara uchitarisa traffic, pamwe nekugadzira hwaro hwezvakajairika network chiitiko. Ichishandisa yakavharidzirwa rukova metadata yakatumirwa kwairi neETA, Stealthwatch inoshandisa akawanda-layered muchina kudzidza kuona maitiro etraffic anomalies anogona kuratidza zviitiko zvekufungira.

Gore rapfuura, Cisco yakabata Miercom kuti iongorore yakazvimirira Cisco Encrypted Traffic Analytics mhinduro. Munguva yekuongorora uku, Miercom yakatumira zvakasiyana inozivikanwa uye isingazivikanwe kutyisidzira (mavhairasi, Trojans, ransomware) mune yakavanzika uye isina kuvharirwa traffic pane yakakura ETA uye isiri-ETA network kuona kutyisidzira.

Pakuyedzwa, kodhi ine hutsinye yakatangwa pamanetiweki ese ari maviri. Muzviitiko zvose zviri zviviri, kuita kwokunyumwira kwakaonekwa zvishoma nezvishoma. Iyo ETA network yakatanga kuona kutyisidzira 36% nekukurumidza kupfuura iyo isiri-ETA network. Panguva imwecheteyo, sezvo basa richifambira mberi, chibereko chekuonekwa muETA network chakatanga kuwedzera. Nekuda kweizvozvo, mushure memaawa akati wandei ebasa, zvikamu zviviri muzvitatu zvekutyisidzira kwakasimba zvakaonekwa zvakabudirira muETA network, iyo inopetwa kaviri kupfuura mune isiri-ETA network.

ETA mashandiro akanyatsobatanidzwa neStealthwatch. Kutyisidzirwa kunoiswa pakuomarara uye kunoratidzwa neruzivo rwakadzama, pamwe nesarudzo dzekugadzirisa kana dzasimbiswa. Mhedziso - ETA inoshanda!

Kuonekwa kwekupinda nekudzivirira

Cisco ikozvino ine chimwe chinoshanda chekuchengetedza chishandiso - iyo Cisco Advanced Wireless Intrusion Prevention System (aWIP): nzira yekuona nekudzivirira kutyisidzira kune isina waya network. Iyo aWIPS mhinduro inoshanda pamwero wevatongi, nzvimbo dzekuwana uye Cisco DNA Center management software. Kuona kutyisidzira, kunyevera, uye kudzivirira kunobatanidza kuongororwa kwetiweki traffic, network network uye network topology ruzivo, siginecha-yakavakirwa matekiniki, uye anomaly yekuona kuendesa kwakaringana uye kudzivirirwa kutyisidzira kusina waya.

Kunyatsobatanidza aWIPS mune yako network network, unogona kuenderera mberi nekutarisa isina waya traffic pane ese ane waya uye isina waya network uye woishandisa kuongorora otomatiki kurwiswa kunogona kubva kune akawanda masosi kuti upe iyo yakazara yakazara yekuona nekudzivirira inogoneka.

Authentication zvinoreva

Parizvino, mukuwedzera kune ekare echokwadi maturusi, Cisco Catalyst 9800 akatevedzana mhinduro anotsigira WPA3. WPA3 ndiyo yazvino vhezheni yeWPA, inova seti yemaprotocol uye matekinoroji anopa huchokwadi uye encryption yeWi-Fi network.

WPA3 inoshandisa Simultaneous Authentication of Equals (SAE) kupa dziviriro yakasimba kune vashandisi kubva pakuedza kufungidzira password nevechitatu mapato. Kana mutengi akabatana nenzvimbo yekuwana, inoita shanduko yeSAE. Kana ikabudirira, mumwe nemumwe wavo achagadzira kiyi yekriptographically yakasimba kubva iyo kiyi yechikamu ichatorwa, uye ivo vanozopinda mune yekusimbisa mamiriro. Mutengi uye nzvimbo yekuwana inogona kupinda munzvimbo dzekubata maoko nguva yega yega kiyi yechikamu inoda kugadzirwa. Iyo nzira inoshandisa zvakavanzika zvemberi, umo munhu anorwisa anogona kupaza kiyi imwe, asi kwete mamwe makiyi ese.

Ndiko kuti, SAE yakagadzirwa nenzira yekuti munhu anorwisa anobata traffic anongoyedza imwe chete yekufungidzira password iyo data yakabatwa isati yave isina basa. Kuti uronge kudzoreredza password refu, iwe unozoda kuwana kwemuviri kunzvimbo yekuwana.

Client mudziyo kudzivirira

Cisco Catalyst 9800 Series isina waya mhinduro parizvino inopa iyo yakakosha kuchengetedzwa kwevatengi kuburikidza neCisco Umbrella WLAN, gore-yakavakirwa netiweki yekuchengetedza sevhisi inoshanda padanho reDNS nekuona otomatiki kwese kutyisidzira kunozivikanwa uye kuri kubuda.

Cisco Umbrella WLAN inopa vatengi zvishandiso zvine yakachengeteka yekubatanidza kuInternet. Izvi zvinowanikwa kuburikidza nekusefa kwemukati, ndiko kuti, nekuvhara kupinda kune zviwanikwa paInternet zvinoenderana nemutemo webhizinesi. Saka, zvishandiso zvevatengi paInternet zvakachengetedzwa kubva kune malware, ransomware, uye phishing. Kutevedzwa kwepolicy kwakavakirwa pazvikamu makumi matanhatu zvinoramba zvichivandudzwa zvemukati.

Kuzvishandura

Mazuva ano mawaya network akanyanya kuchinjika uye akaomarara, saka nzira dzechinyakare dzekugadzirisa uye kudzoreredza ruzivo kubva kune vasina waya controller hadzina kukwana. Network administrator uye ruzivo rwekuchengetedza ruzivo vanoda maturusi e otomatiki uye analytics, zvichiita kuti vatengesi vasina waya vape maturusi akadaro.

Kugadzirisa matambudziko aya, iyo Cisco Catalyst 9800 yakatevedzana isina waya controllers, pamwe neyechinyakare API, inopa rutsigiro rweiyo RESTCONF / NETCONF network kumisikidza protocol neYANG (Yet Imwe Inotevera Generation) data modelling mutauro.

NETCONF ndeye XML-yakavakirwa protocol iyo maapplication anogona kushandisa kubvunza ruzivo uye kushandura magadzirirwo etiweki zvishandiso senge mawaya controller.

Kuwedzera kune idzi nzira, iyo Cisco Catalyst 9800 Series Controllers inopa kugona kutora, kutora, uye kuongorora ruzivo rwekuyerera data uchishandisa NetFlow uye sFlow protocol.

Nekuchengetedza uye traffic modelling, kugona kuteedzera kuyerera chaiko chinhu chakakosha chishandiso. Kugadzirisa dambudziko iri, iyo sFlow protocol yakaitwa, iyo inobvumidza iwe kutora mapaketi maviri kubva muzana rega rega. Zvisinei, dzimwe nguva izvi zvinogona kunge zvisina kukwana kuongorora uye kudzidza zvakakwana uye kuongorora kuyerera. Saka, imwe nzira ndeye NetFlow, inoshandiswa neCisco, iyo inokubvumira kuti 100% iunganidze uye utumire kunze mapaketi ose mukuyerera kwakatarwa kwekuongorora kunotevera.

Chimwe chinhu, zvisinei, chinowanikwa chete mukushandiswa kwehardware kwevanodzora, izvo zvinokutendera kuti uite otomatiki kushanda kweiyo wireless network muCisco Catalyst 9800 series controllers, yakavakirwa-mukati tsigiro yemutauro wePython sekuwedzera-kwekushandisa. zvinyorwa zvakananga pane isina waya controller pachayo.

Chekupedzisira, Cisco Catalyst 9800 Series Controllers inotsigira yakasimbiswa SNMP vhezheni 1, 2, uye 3 protocol yekutarisa uye manejimendi mashandiro.

Saka, maererano ne automation, Cisco Catalyst 9800 Series mhinduro dzinozadzisa zvizere zvinodiwa zvebhizimisi zvemazuva ano, zvinopa zvose zvitsva uye zvakasiyana-siyana, pamwe chete nenguva yakaedzwa maturusi ekushanda otomatiki uye analytics mumatambo asina waya emhando ipi neipi uye kuoma.

mhedziso

Mumhinduro dzakavakirwa paCisco Catalyst 9800 Series Controllers, Cisco yakaratidza mhedzisiro yakanakisa muzvikamu zvekuwanikwa kwepamusoro, chengetedzo uye otomatiki.

Mhinduro yacho inosangana zvizere nezvose zvinodiwa zvekuwanikwa zvakanyanya senge sub-second failover panguva yezviitiko zvisina kurongwa uye zero downtime yezviitiko zvakarongwa.

Iyo Cisco Catalyst 9800 Series Controllers inopa kuchengetedzeka kwakadzama kunopa yakadzika packet ongororo yekuzivikanwa kwechikumbiro uye manejimendi, kuoneka kwakakwana mukuyerera kwedata, uye kuzivikanwa kwekutyisidzira kwakavanzwa mumigwagwa yakavharidzirwa, pamwe nekusimbisa kwepamberi uye nzira dzekuchengetedza dzemidziyo yemutengi.

Kune otomatiki uye analytics, iyo Cisco Catalyst 9800 Series inopa masimba ane simba uchishandisa akakurumbira akajairwa modhi: YANG, NETCONF, RESTCONF, echinyakare APIs, uye akavakirwa-mukati maPython zvinyorwa.

Nekudaro, Cisco inosimbisazve chimiro chayo semutungamiri wepasirese wekugadzira networking mhinduro, inofambirana nenguva uye ichifunga nezvese matambudziko ebhizinesi razvino.

Kuti uwane rumwe ruzivo nezve Catalyst switch mhuri, shanya site cisco.

Source: www.habr.com