Abstract

iMaster NCE-Campus is Huawei’s next-generation autonomous driving network management and control system for campus networks, Huawei campus switches are ideal for building future-proof campus networks with simplified management, high reliability, and service intelligence, across industries such as enterprises, governments, education, finance, and manufacturing. Legacy networks may already have a Network Access Control (NAC) system implemented and, thus, it is important to demonstrate interoperability with such existing systems.

Tolly engineers verified the interoperability of the Huawei CloudCampus solution with Forescout Platform 8.1 across a wide range of function types and interconnection methods with Huawei networking interconnections. Independent interconnections were tested via Huawei switches. Interconnection via iMaster NCE-Campus was tested for VXLAN, Cloud switches scenarios.

The test suite covered the following areas: endpoint discovery, endpoint identification, access authentication, endpoint security check, and control & authorization.

Endpoint discovery tests included discovery via mirrored packets, obtaining MAC/ARP table via SNMP, discovery via DHCP, discovery via 802.1X/RADIUS, and endpoint aging. Endpoint identification tests included identifying endpoint type, endpoint vendor, access locations, hardware information, MAC/IP addresses, OS type, username, authentication status and user group membership.

Access authentication tests covered both MAC and 802.1X authentication. Endpoint security check verified policy via NetBIOS name.

Control and authorization tests included VLAN assignments, ACL assignment, port blocking, authorizing a user to a group, downloadable ACL, authorization by device type, authorization by connection mode, authorization by location, and bandwidth control.

The Huawei CloudCampus solution passed all the relevant test cases to interoperate with Forescout network access control system.