System Engineer PresentationID 2006 Cisco Systems Inc All

教育行业 魏衡 System Engineer Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1

教育行业 § 高校 § 普教（教育城域网、中小学、幼儿园） § 外国学校 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2

Traditional Deployment Models and Costs Data Voice Internet PSTN CCTV / Cable TV Video Conferencing Router Clocks & Bells Physical Security Surveillance Energy Management Overhead Paging Fire ISDN PBX MCM Data Switch Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3

The Power of Convergence Data Voice Video Streaming IP Network Video Conferencing PA (Intercom) Video Monitoring Building Controls Clocks and Bells Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4

Overview of SCCP and SIP Phone Models in CCM 5. 0 1 外国学校 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5

外国学校发展趋势 § One students one Mac. Book § Every students using WLAN to access network § Application including: Video Streaming, File sharing, Handouts Distribution, Podcast, Photo Sharing, etc. Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6

SAS 浦西校区 (Core-Distribution-Access) Pudong Campus IP电话服务器区 Emergency Response (Optional) �音�� LDAP 出口区 Internet EMAIL To Pu dong Campus 30 Mbps ATM �音网关 核心交换机 Call Manager PSTN 1000 Mbps CAT 6 IP Phone Extension Mobility Rising Firewall /Anti Spam/ IPS 10 Gbps Single Mode Fiber 汇聚层 小学、初中、高中、其他 网管区 NAC Manager 1000 Mbps Single Mode Fiber LWAP WLAN Controller 10/1000 M POE 接入交换机 10/1000 M POE Access Switch Telepresence Live. Meeting NAC Appliance IP Phone Wi. Fi PDA/PPC Laptop with IP Soft. Phone Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Works CLWMS Wi. Fi Cell Phone Wi. Fi IP Phone WLAN WCS Multi media Device Cisco Confidential PC Network Management Area 7

SAS 浦东校区 (Core-istribution-Access) Puxi Campus UC/IP Telephony Server Area Emergency Response (Optional) Firewall/SSL VPN Internet IP Phone Extension Mobility To Puxi Campus 30 Mbps ATM Core Layer Switch Call Manager Faculty out of Campus 1000 Mbps CAT 6 10 Gbps Single Mode Fiber Distribution Layer Switch Elementary , Middle , High School, and Others NAC Manager 1000 Mbps Single Mode Fiber LWAP WLAN Controller 10/100/1000 M POE Access Switch Telepresence Live. Meeting NAC Appliance IP Phone Wi. Fi PDA/PPC Laptop with IP Soft. Phone Presentation_ID Wi. Fi Cell Phone Wi. Fi IP Phone © 2006 Cisco Systems, Inc. All rights reserved. Multi media Device Cisco Confidential PC Network Management Area 8

分布层交换机 Catalyst 4900 M u冗余电源 u支持组播, IPv 6, 基于硬件的ACL u 交换容量: 320 Gbps u转发能力: 250 Mpps u最大支持24个万兆、40个千兆+8个万兆 u. Superior Quality of Service, Advanced Security Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9

接入交换机- 带 POE 供电 Catalyst 3560 E-24 PD u所有端口支持802. 3 af的15. 4 W Po. E u第一个支持802. 3 at 的交换机 , 可以支持最大到 24 W u支持组播, IPv 6, 基于硬件的ACL u 交换容量 68 -Gbps线速 u包转发能力: 90 Mpps u. Superior Quality of Service, Advanced Security u 128 MB Dram, 64 M Flash u. Flexlink (Link Redundancy with Convergence Time less than 100 ms) Catalyst 3560 E-24 PD Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10

SAS Wireless Topolgoy FTP Server Wi. SM Catalyst 4900 Catalyst 6509 Catalyst 4900 Wi. SM Catalyst 3560 E AP 1140 Presentation_ID Catalyst 3560 E 802. 11 BG(11 n draft 2. 0) © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential AP 1140 802. 11 BG(11 n draft 2. 0) 11

Cisco Aironet 1140 接入点 § 集成天� 2. 4 GHz (b/g/n) § 10/1000 以太网口 § Console 口 § 安全� § 金属包塑料壳的�� § 支持802. 3 af Po. E Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12

企业级设计 Cisco Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Aruba Cisco Confidential Motorola 13

802. 11 n 技术原理 MIMO 40 Mhz Channels Packet Aggregation 通道绑定 技术 数据包聚合 技术 多输入多输 出技术 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Backward Compatibility 向后兼容性 14

Voice over 802. 11 n 802. 11 abg Performance Still Benefits from 802. 11 n Vo. Wi-Fi with 11 g 11 b AP Vo. Wi-Fi with 11 n 11 a 11 g AP 11 n FLOOR PLAN Presentation_ID FLOOR PLAN 5 5 0 0 MOS Score © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential MOS Score 15

Proposed SAS IP Telephony/ UC System Topology Pu. Xi Campus Unity Connection Server Pu. Dong Campus Emergency Responder/ Presence or Other UC Application (Optional) Call Manager Server-A Tele presence Live. Meeting(Optional) Cisco Voice Gateway Call Manager Server -B E 1 Trunk PSTN Analog Trunk Line Groupwise 7. 0 Email LDAP 30 M ATM/ Intranet Tele presence (Optional) 30 M New Core Layer Switch Cat 6509 Wi. Fi Cell Phone Wi. Fi PDA/PPC Laptop with IP Soft. Phone Call Manager 7. 0 Presentation_ID 5’ 55” Wi. Fi Cell Phone Cisco Unity Connection © 2006 Cisco Systems, Inc. All rights reserved. Laptop with Wi. Fi IP Phone IP Soft. Phone 3’ 16” Cisco Confidential Cisco Unified Presence 3’ 00” Tele presence Wi-Fi IP Phone 3’ 26” 16

Recommended IP Phone Purpose Product Recommended Qty 教室 CP-7941 G 455 CP-7965 G+ 7916 2 高级秘书 CP-7965 G 10+10 软电话 CUPC 150 无线电话* CP-7921 G* or VT-Go in Wi-Fi Phone 10+10 前台 秘书 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Picture + or 17

G Physical Security Capture IP Cameras Store View Video Surveillance Manager Legacy Integration Respond Integrated Comms Policy Engine Analog Multiservices Platforms Web Client Access Control Network as the Platform Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20

Cisco Physical Security: Video Surveillance, Access Control, Incident Response Video & Device Capture Cisco IP Cameras Video Surveillance, Access Control and Incident Management Response Safety & Security Desktop Physical Access Manager Multiservices Platform Cisco Access Control 3 rd Party Analog and IP Cameras Cisco Video Surveillance Manager (VSM) Analog Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. IPICS Multiservices Platform Integrated Services Router Video Media Management and Storage Cisco Confidential Radios, Mobile Phones, IP Phones Digital Media Signage 21

Overview of SCCP and SIP Phone Models in CCM 5. 0 2 普教 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22

XX区教育城域网网络拓扑图 Cernet 2 xx区教育局数据中心 Cisco. ASA 5550 网管 CNC Cisco 7604 Cisco. ASA 5550 Catalyst 6509 市教委 Catalyst 6509 信息中心局域网 Catalyst 3750 图例： xx xx Catalyst 6509 GE 学校区域 1 FE Catalyst 3750 © 2006 Cisco Systems, Inc. All rights reserved. Catalyst 3750 学校区域 3 学校区域 2 Presentation_ID 10 G Cisco Confidential 23

教育网出口 100 MBase-TX 1000 MBase 10000 MBase 电信网出口 Cisco 6500系列 中软 4120 （原有设备） F 5 2400 Cisco 3560系列 (原有设备） Cisco 7206 （原有设备） XX教育局网络中心 接入 层 xx镇汇聚中心 汇 聚 层 核 心 xx镇汇聚 中心 层 xx汇聚中 心 xx镇汇聚 中心 xx汇聚中 心 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24

Overview of SCCP and SIP Phone Models in CCM 5. 0 3 高校 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25

四校区全网状互联 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27

校区互联方案-网状结构 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28

Virtual Switch System Introduction Virtual Switch System is a new technology break through for the Catalyst 6500 family… Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29

Catalyst 6500 Virtual Switch Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30

校区互联方案-采用虚拟交换机技术简化网络结构 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31

教科网 校校通 电信 DR. ASR 1002 出口层设备 SCE xx校区 核心层设备 Catalyst 6500 汇聚层设备 Catalyst 6500 接入层设备 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32

MPLS/VPN （L 2/L 3） 教科网 校校通 电信 • 学生宿舍连接 • 一卡通备份 • 数据中心 xx校区 L 2 VPN Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33

硬件IPv 6 （双栈、TUNNEL、6 VPE，与MPLS同时支持） 教科网 校校通 电信 • 主要采用双栈的方式 • 有MPLS/VPN的地方 可以采用 6 VPE将双栈 节点连接起来 徐汇校区 奉贤校区 IPV 6双栈 6 VPE Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34

组播----电视直播、视频监控 Router A Video Server 4 MB MPEG Video Streams T 1 Router-D Router B Router C Receiver Group 1 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. WAN Receiver Group 2 Cisco Confidential 35

DHCP Option 82 Operation Clients Broadcast for DHCP Requests Option 82 Append Remote ID + Circuit ID 1 2 DHCP Server If Option 82 aware, use appended information 3 IP Helper Takes DHCP requests and unicast to DHCP Server DHCP Client 5 4 Strip-off option 82, implement policy and forward IP address assignment Based on appended information, return IP Address, and policies 接入交换机把交换机的MAC地址和交换机端口插入到DHCP请 求中，发送到DHCP服务器，DHCP服务器根据这些信息给客户 端分配地址 Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36

部署方式 Internet Cernet 流量控制 WEB认证 Qo. S策略 DHCP 服务器 CAT 3560 CAT 2950 Presentation_ID MAC地 址管理 DAI ACL DHCP Snooping Local Proxy ARP ………… PVLAN BC、MC DHCP Snooping DHCP Option 82 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38

Flexible Authentication Wired Ethernet End Points Catalyst Switch Ethernet Port ACS/AAA Employee Contractor 802. 1 X Client Valid MAC Address Valid Asset Guest User EAP MAB 802. 1 X Timer MAB Timer URL NAC Web. Auth EAP MAB URL Flex. Auth: § 802. 1 X § MAC § One configuration: all use cases Authentication Bypass § Web Authentication § Concurrent Auth: highly desired behavior EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39

Multi Authentication § Today –One user and one phone may authenticate to a port § Allows a set of users to authenticate to a switch port § This includes authentication by various methods including MAC Auth Bypass, 802. 1 x, Web Auth § Downloadable per-user ACL support 802. 1 x EDCS-508242 WEB Auth © 2006 Cisco Systems, Inc. All rights reserved. MAB Cisco Confidential 40

xx大学无线网络建设时间轴 EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41

覆盖范围-xx校区 § 2004年 EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42

覆盖范围-xx校区 § 2006年 EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43

覆盖范围-xx校区 § 2007年 EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44

网络拓扑图 EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45

特色需求 § 特定AP只允许特定用户接入 § LDAP用户信息 § 用户带宽限制 § 定制化的认证页面（添加验证码） EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47

广域网出口优化 Branch Office Small Office ISP 1/WAN 1 ISP 1 MC/BR ISP 2/WAN 2 WAN BR Headquarters/Data Centers ISP 1/WAN 1 BR ISP 2/WAN 2 MC Components BR § BR—Border Router (Forwarding Path) § MC—Master Controller (Decision Maker) EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48

总体流量情况 WEB P 2 P BT UDP E-Donkey TCP EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50

前十位网站 EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51

EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52

EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53

EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54

EDCS-508242 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55