Huawei iMaster NCE-Campus

& Taoufik BACCARI

HUAWEI AP (Part 02) Taoufik.baccari@tmi.com.tn

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

+21699434121
 iMaster NCE-Campus : Add Device
iMaster NCE-Campus supports the management of Huawei network equipment through NETCONF and the management
of third-party equipment through SNMP.

▪ NETCONF: Network Configuration Protocol (NETCONF) is a communication mechanism used between a network
management system (iMaster) and managed devices. A network administrator can use NETCONF to add, modify, and
delete configurations of network devices, and obtain the configurations and status of network devices.

▪ SNMP: The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used
on UDP networks. Three SNMP versions are available SNMPv1, SNMPv2c, and SNMPv3. SNMP cannot meet
network management requirements, especially the configuration management requirements. To meet such
requirements, Extensible Markup Language (XML)-based NETCONF has been introduced.
 Add Huawei Device
Process of device to go online with iMaster NCE-Campus is as follow:
 Add Huawei Device
Before adding a device to the iMaster NCE-Campus, ensure that the dedicated license is installed on the iMaster.
To verify the license resource of the iMaster choose System > System Management > License Management.
 Add Huawei Device

The iMaster NCE-Campus support the following adding devices :

➢ Manual addition: applies to the scenario where a small number of devices need to be added to the same

site.

➢ Batch import: applies to the scenario where a large number of devices need to be added. A maximum of

1000 devices can be imported at a time.

➢ Automatic discovery: applies to the scenario where the controller automatically discovers and manages

devices.
 Add Huawei Device : Manual Add
The iMaster NCE-Campus support the manuall add of device using the ESN or Device Model.
To manually add a device:
1. Choose Design > Site Design > Device Management > Add Device > Add.
 Add Huawei Device : Manual Add
2. Choose NETCONF protocol, set the Site, set the Mode to ESN, click Add, type the ESN, name and role and click OK.
Note: For APs and LSWs, the value of Device Name is delivered to the devices as the hostname (sysname). To prevent
hostname delivery failures due to restrictions on the devices, the value of Device Name can contain only uppercase letters,
lowercase letters, digits, spaces, and the following special characters !"#$%&'()*+,-./:;<=>@[\]^_`{|}~
 Add Huawei Device : Batch Import
The iMaster NCE-Campus support the import in batches to add multiple device in one.
To add device in batch:
1. Choose Design > Site Design > Device Management > Add Device > import in batches.
 Add Huawei Device : Batch Import
2. Choose download the template. Fill out the template with the device information and then upload it to the iMaster
and click Start importing.
 Add Huawei Device : Automatic discover
Prerquist: The gateway or core network that connect the device has been managed by iMaster NCE-Campus.
After iMaster NCE-Campus manages a gateway or core device, it can automatically discover and collect information about
the device's neighbors through NETCONF, including the ESN and device model.

Go to Design > Site Design > Device Management > On the Device tab page, select the site, click Add Device, and
choose Automatic discovery. On the displayed page, select the NETCONF protocol as the device discovery protocol.
Then click Select Scan Device and select devices to be scanned.
 Add Huawei Device : Automatic discover
2. Wait for the scanning to complete, and click OK.
 Add Device Trough SNMP
To add Third-part device using SNMP, choose Design > Site Design > Device Management > click Add Device on the
Device page > Add to manually add the device > Select SNMP protocol. Set basic information, SNMP parameters, and
(optional) STelnet parameters.
 Create SNMP Template
Protocol parameters are configured in templates (for example, SNMP parameter template) so that iMaster NCE-Campus can
uniformly configure protocol parameters for multiple devices.
To configure an SNMP template go to Design > Network Design > Template Management > SNMP Protocol Template >
Create > Set the SNMP parameters > OK.
 Admission the Device
After adding the device to the iMaster NCE-Campus, you need to admission the device.
1. Choose Admission > Admission Device > In the Admission Device Management choose Cloud Managed
Admission Device and click Add to add the new added device
 Admission the Device
2. Select the device and drag it to the Selected page then click OK.
 Device Status
After Add the device to the Cloud Managed Admission Device, and connect the AP to the Network, you can check the
Status of the AP via Design > Site Design > Device Management.

Status Description
Normal The AP work properly.
Alarm The AP work and generate an alarm.
Offline The AP is disconnected from the controller.
Unregistered Possible cause:
Possible cause 1: The device version is incorrect.
Possible cause 2: The ESNs that are added to iMaster is
incorrect.
Possible cause 3: The license of iMaster reached the limit.
Possible cause 4: The registration service is not started.
Possible cause 5: Network IP addresses conflict.
 Rename the Device
You can change the name of a device at any time by going to Design > Site Design > Click on to Modify.
 Replace a Device
You can replace a faulted device by new one using Design > Site Design > Click on to replace the selected
device. Select from the existing device or enter the new ESN and click OK.
 Delete a Device
To delete a device choose Design > Site Design > Click on of the selected device to delete it.
 Site Configuration : AP Interface
You are advertise to configure the interface GE of the AP belong to the same site as a trunk interface that allow the
Management VLAN using by the Cloud AP and service VLAN using by the SSID.
1. Go to Provision > Device Deployment > Select the site to be configured.
 Site Configuration : AP Interface
2. In the site configuration page, go to AP > Advanced > Interface → Set the Configuration Mode as Global → Click on
then select the device model and click OK.
 Site Configuration : AP Interface
3. Select the interface 0, Set the Scenario to Directly connected to an uplink switch, set default VLAN and the
Allowed VLAN as needed and click OK.
 Site Configuration : Setting Radio Parameters
▪ Country/region:
In different countries and areas, laws and regulations define different working channels and power for wireless
communication. When APs are deployed, radio parameters must comply with local laws and regulations.
To Set the Contry/Region Parameter, go to Provision > Device Deployment > Site Configuration > select the Site >
Choose AP > Wi-Fi > Radio > in the Basic Configuration set the Country/Region to Tunisia > Click OK.
 Site Configuration : Setting Radio Parameters
▪ Radio Calibration: the radio calibration function can be deployed to reduce interference by dynamically adjust channels
and power of APs deployed in the same Site
Parameter Description
Calibration mode • Automatic: APs perform calibration based on the configured start time and interval.
• Scheduled: APs perform calibration at the specified time point every day.
• Manual: APs do not automatically perform calibration.
Calibration policy The calibration policy takes effect only in automatic radio calibration mode.
• Rogue AP: Select this policy when rogue APs (out of control by a iMaster) exist on a network. The device then immediately
takes actions to avoid interference. This policy may lead to frequency channel switchovers. You are advised to use this policy
under the instruction of technical support personnel.
• Noise floor: When the noise floor of APs is high due to special external interference, service experience may degraded.
With this radio calibration policy, the device takes actions to avoid interference. When detecting that the noise floor of the
current channel exceeds the threshold for three consecutive times, the AP switches its channel and does not switch back in
30 minutes.
• Non Wi-Fi: When non-Wi-Fi interference occurs on a network, the device immediately takes actions to avoid interference.
Self-calibration • You are advised to enable this function for cloud APs that require self-calibration on a Layer 3 network to improve the
optimization effect.
Radio mode Radio mode of APs. Only the Wi-Fi 6 AirEngine APs support this parameter. The options are as follows:
• Default mode: In this mode, the device works in standard two-radio mode.
• Standard 2 radios
• 2G enhanced 2 radios: The 2 GHz radio in this mode provides a larger capacity than the standard mode.
• 3 radios: Ensure that the third radio of the AP has WLAN service configuration before selecting this mode. Otherwise, this
radio fails to work.
• 2 radios + independent scanning
 Site Configuration : Setting Radio Parameters
To configure the Radio calibration, go to Provision > Device Deployment > Site Configuration > select the Site > Choose
AP > Wi-Fi > Radio > in the General Parameters set the Radio Calibration Parameters.
 Site Configuration : Setting Radio Parameters
▪ Radio Type : Some old network card may not be able to discover and connect to the WIFI 6. In this situation you
are advertise the set the AP on the Site work as WIFI6.
Go to Provision > Device Deployment > Site Configuration > select the Site > Choose AP > Wi-Fi > Radio > in the
2.4 GHz and 5GHZ Radio Configuration Set radio to dot11n and dot11 ac.
 Site Configuration : Wireless Roaming
When a WLAN is deployed for an enterprise or campus, the coverage area of a single AP is limited, and multiple APs are
generally required to implement continuous wireless coverage of the entire space. To deliver good user experience and
ensure service continuity when STAs move among APs, the APs must support roaming.

Before Roaming After Roaming

1.The STA sends data packets to the HAP. 1.The STA sends data packets to the FAP.
2.The HAP forwards the data packets received 2.The FAP forwards the data packets received
from the STA to the upper-layer network from the STA to the upper-layer network
through the user gateway. through the user gateway.

Note: The Smart Roaming is activated by default. Provision > Device Deployment >
Site Configuration > select the Site > Choose AP > Wi-Fi > Radio > in the General
Parameters > User Access.
 Site Configuration : Security
Attack defense:
To check if the Attack Defense are enabled on the site, go to Provision > Device Deployment > Site Configuration >
select the Site > Choose AP > Security > Attack Defense.
 Site Configuration : Security
Storm Suppression : is a feature ensures that the size of a particular type of traffic (broadcast, multicast, or unknown
unicast traffic) does not exceed the threshold on an interface.
To enable the storm suppression feature, go to Provision > Device Deployment > Site Configuration > select the Site >
Choose AP > Security > Storm Suppression > and enable ALL.
 Site Configuration : Security
Management SSID Password: You can specify the management SSID of the Cloud AP.
Go to Provision > Device Deployment > Site Configuration > select the Site > Choose AP > Security > Management
SSID Password > and set a password.
 Site Configuration : Create SSID
Management SSID Password: You can specify the management SSID of the Cloud AP.
1. Go to Provision > Device Deployment > Site Configuration > select the Site > Choose AP > Wi-Fi > SSID > Click
Create to add a new SSID.
 Site Configuration : Create SSID
2. Set the SSID name and the VLAN ID and click Next.
Note: It is advised to set this value of the VLAN ID other than 1. Otherwise, users may fail to go online.
 Site Configuration : Create SSID
3. Set the Security/authentication mode. In this Example 802.1x is selected and click Next.
 Site Configuration : Create SSID
3. Set the Security/authentication mode. In this Example PSK is selected and click Next.
 Site Configuration : Create SSID
4. Set a Policy Control for traffic limit as needed and click OK.
 Site Configuration : Hide an SSID
You can hide the SSID by clicking on Advanced when create or edit the SSID.
To edit the SSID, click on Enable SSID hiding >Next >Next > OK.
 Site Configuration : Disable an SSID
You can disable the SSID by clicking on Advanced when create or edit the SSID.
To edit the SSID, click on disable the Working status >Next >Next > OK.
 Site Configuration : MAC address filtering
You can apply MAC address filter by clicking on Advanced when create or edit the SSID.
To edit the SSID, click on Enable Terminal MAC address filtering > set MAC Address>Next >Next > OK.
 Admission Policy : Authentication/Authorization Rule
When use iMaster as Radius server for 802.1x, you are advertise to configure an Authentication and Authorization rule
for users.
To create an authentication Rule, go to Admission > Authentication and Authorization > in the Authentication
Rule page click Create.
 Admission Policy : Authentication/Authorization Rule
Set the Authentication Name and the associated parameters (User Group, Site, SSID, Data Source …)
 Admission Policy : Authentication/Authorization Rule
Authentication Parameters:
 Admission Policy : Authentication/Authorization Rule
Authentication Parameters: Set the Access permission for non existent accounts to Deny access and click OK
 Admission Policy : Authentication/Authorization Rule
To create an Authorization Rule, go to Admission > Authentication and Authorization > in the Authorization Rule
page click Create.
 Admission Policy : Authentication/Authorization Rule
Set the Authorization Name and the associated parameters (User Group, Site, SSID, Data Source …)
 Admission Policy : Authentication/Authorization Rule
Authorization Parameters: Set the Authorization result to Permit Access and click OK.
 Monitoring Terminal Authentication
To check the terminal authentication log go to Monitoring > Event Logs > Terminal Authentication Logs and
choose Radius Login and Logout Logs.
 Monitoring Terminal
To see the online user, choose Admission > Admission Policy > Online User Control.
 Email Notification
If iMaster NCE-Campus needs to send emails to users, you need to configure an email server first.
iMaster NCE-Campus could send emails in the following scenarios:
✓ After a tenant administrator performs alarm settings on iMaster NCE-Campus, iMaster NCE-Campus
needs to send emails to notify users of reported alarms.
✓ When an MSP administrator or a tenant administrator forgets the password, iMaster NCE-Campus needs
to send a reset password to the administrator's mailbox.
 Email Notification
Email Notification Configuration :
1. Log in to iMaster NCE-Campus as the system administrator and choose System > System Management
> Third-party Service from the main menu. Set parameters for interconnection with the email server.
 Email Notification
2. After set the email server parameters, click Test to verify the email sending function.
➢ If the message "The test succeeds" is displayed and the mailbox receives the test email,
the configuration is successful. Click Save.
➢ If the message "The test succeeds" is displayed but the mailbox does not receive the test
email, check whether the email function of the SMTP server is normal.
➢ If the message "Failed to connect to the email server" is displayed, check whether the
above parameters are correctly configured.
 Email Notification
Configure Alarm Notification via Email: Log in to iMaster NCE-Campus as Tenant user, choose Monitoring >
Alarm > Alarm Notification from the main menu. Click the Email Notification tab, toggle on Email
Notification, set email notification parameters as needed, and click OK.
 Topology Management
iMaster NCE-Campus supports the following topology management operations:

• Viewing a site's physical topology: The system presents network information in a topology view, where devices are color-

coded based on alarm severity and alarm statistics are provided. This view provides visibility and insights into the real-time

status of the entire network.

• Dragging nodes in the topology

• Saving a topology: Users can save a topology after changing NE positions in the topology. In this case, the saved topology

will be displayed by default when users access the topology view next time.

• Zooming in and zooming out on the topology

• Viewing information about a node in the topology

• Viewing information about a link in the topology

 Topology Management
To access to the Topology management, choose Design > Network Design > Physical Topology.
 Thank You
www.huawei.com