H3c Vac1000 User manual

H3C vAC1000 Virtual Access Controller

Cloud Connection Configuration Guide

New H3C Technologies Co., Ltd.

http://www.h3c.com

Software version: R5435P03

Document version: 5W100-20220524

No part of this manual may be reproduced or transmitted in any form or by any means without prior written

consent of New H3C Technologies Co., Ltd.

Trademarks

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this

document are the property of their respective owners.

Notice

The information in this document is subject to change without notice. All contents in this document, including

statements, information, and recommendations, are believed to be accurate, but they are presented without

warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions

contained herein.

Preface

The H3C vAC1000 virtual access controller documentation set describes the software features for

the vAC1000 virtual access controller and guide you through the software configuration procedures.

These guides also provide configuration examples to help you apply software features to different

network scenarios.

This configuration guide describes cloud connection configuration tasks.

This preface includes the following topics about the documentation:

•

Audience.

•

Conventions.

•

Documentation feedback.

Audience

This documentation is intended for:

•

Network planners.

•

Field technical support and servicing engineers.

•

Network administrators working with the vAC1000 virtual access controller.

Conventions

The following information describes the conventions used in the documentation.

Command conventions

Convention

Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which

you select one.

[ x | y | ... ] Square brackets enclose a set of optional syntax choices separated by vertical bars,

from which you select one or none.

{ x | y | ... } * Asterisk marked braces enclose a set of required syntax choices separated by vertical

bars, from which you select a minimum of one.

[ x | y | ... ] * Asterisk marked square brackets enclose optionalsyntaxchoices separated by vertical

bars, from which you select one choice, multiple choices, or none.

&<1-n> The argument or keyword and argument combination before the ampersand (&) sign

can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention

Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For

Convention

Description

example, the New User window opens; click OK.

> Multi-level menus are separated by angle brackets. For example, File > Create >

Folder.

Symbols

Convention

Description

WARNING!

An alert that calls attention to important information that if not understood or followed

can result in personal injury.

CAUTION:

An alert that calls attention to important information that if not understood or followed

can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT:

An alert that calls attention to essential information.

NOTE:

An alert that contains additional or supplementary information.

TIP:

An alert that provides helpful information.

Network topology icons

Convention

Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that

supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access

controller engine on a unified wired-WLAN switch.

Represents an access point.

Represents a wireless terminator unit.

Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security

gateway, or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL

VPN, IPS, or ACG module.

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model,

configuration, or software version. It is normal that the port numbers, sample output, screenshots,

and other information in the examples differ from what you have on your device.

Documentation feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.

Contents

Configuring cloud connections·······································································1

About cloud connections····································································································································1

Multiple subconnections·····························································································································1

Cloud connection establishment················································································································1

Configuring the H3C Oasis server ·····················································································································2

Configuring the local device·······························································································································2

Unbinding the device from the Oasis server······································································································3

Display and maintenance commands for cloud connections·············································································4

Cloud connection configuration examples ·········································································································4

Example: Configuring a cloud connection··································································································4

Configuring cloud connections

About cloud connections

A cloud connection is a management tunnel established between a local device and the H3C Oasis

server. It enables you to manage the local device from the H3C Oasis server without accessing the

network where the device resides.

Multiple subconnections

After a local device establishes a connection with the H3C Oasis server, service modules on the

local device can establish multiple subconnections with the microservices on the H3C Oasis server.

These subconnections are independent from each other and provide separate communication

channels for different services. This mechanism avoids interference among different services.

Cloud connection establishment

As shown in Figure 1, the cloud connection between the device and the H3C Oasis server is

established as follows:

1. The device sends an authentication request to the H3C Oasis server.

2. The H3C Oasis server sends an authentication success packet to the device.

The device passes the authentication only if the serial number of the device has been added to

the H3C Oasis server. If the authentication fails, the H3C Oasis server sends an authentication

failure packet to the device.

3. The device sends a registration request to the H3C Oasis server.

4. The H3C Oasis server sends a registration response to the device.

The registration response contains the uniform resource locator (URL) used to establish a

cloud connection.

5. The device uses the URL to send a handshake request (changing the protocol from HTTP to

WebSocket) to the H3C Oasis server.

6. The H3C Oasis server sends a handshake response to the device to finish establishing the

cloud connection.

7. After the cloud connection is established, the device automatically obtains the subconnection

URLs and establishes subconnections with the H3C Oasis server based on the service needs.

Figure 1 Establishing a cloud connection

Configuring the H3C Oasis server

For a successful cloud connection establishment, add the serial number of the device to be managed

to the H3C Oasis server. For more information about the H3C Oasis server settings, see the

installation guide for the H3C Oasis server.

Configuring the local device

About this task

You can specify a domain name for the H3C Oasis server and log in to the server through the domain

name on a remote PC to manage the local device.

For a device to establish a cloud connection to the Oasis server, perform either of the following tasks:

•

Specify the domain name of the Oasis server on the device through CLI.

•

Configure VLAN interface 1 of the device as a DHCP client and the Oasis server as the DHCP

server. The device obtains the IP address of the DHCP server and parses the option 253 field in

the DHCP packets to obtain the domain name of the Oasis server.

If the local device does not receive a response from the H3C Oasis server within three keepalive

intervals, the device sends a registration request to re-establish the cloud connection.

To prevent NAT entry aging, the local device sends ping packets to the H3C Oasis server

periodically.

Restrictions and guidelines

You can specify one primary server by using the cloud-management server domain

command and a maximum of eight backup servers by repeating the cloud-management

backup-server domain command.

When establishing a cloud connection, the device connects to one of the primary and backup servers

according to the sequence in which they are specified. The first specified server has the highest

priority. When the connected server fails, the device switches to another server and does not switch

Cloud connection

Registration request

Registration response

Device

Handshake request

Handshake response

H3C Oasis server

Authentication request

Authentication success packet

back to the original server even if the original server recovers. To view the connected server, execute

the display cloud-management state command.

The domain name obtained through DHCP has a higher priority than the domain name configured

manually.

If a device obtains the domain name of the Oasis server through DHCP after establishing a cloud

connection to the Oasis server with the manually configured domain name, the device performs the

following tasks:

•

If the automatically obtained and manually configured domain names are identical, the device

retains the cloud connection.

•

If the automatically obtained and manually configured domain names are different, the device

tears down the cloud connection and then establishes a cloud connection to the Oasis server

with the automatically obtained domain name.

Reduce the ping interval value if the network condition is poor or the NAT entry aging time is short.

Prerequisites

Before configuring this feature, make sure a DNS server is configured to translate domain names.

To obtain the domain name of the Oasis server automatically, first configure the option 253 field as

the domain name of the Oasis server.

Procedure

1. Enter system view.

system-view

2. Configure the domain name of the H3C Oasis server.

cloud-management server domain domain-name

By default, the domain name of the H3C Oasis server is not configured.

3. (Optional.) Specify a backup H3C Oasis server by its domain name.

cloud-management backup-server domain domain-name

By default, no backup H3C Oasis server is specified.

4. (Optional.) Set the keepalive interval.

cloud-management keepalive interval

By default, the keepalive interval is 180 seconds.

5. (Optional.) Set the ping interval.

cloud-management ping interval

By default, the ping interval is 60 seconds.

6. (Optional.) Specify the TCP port number used to establish cloud connections.

cloud-management server port port-number

By default, the TCP port number used to establish cloud connections is 19443.

Unbinding the device from the Oasis server

About this task

A device can be registered on the Oasis server by only one user.

To register a device that has been registered by another user, you need to take the following steps:

1. Obtain a verification code for device unbinding from the Oasis server.

2. Execute the command on the device for sending the verification code to the Oasis server.

3. Register the device on the Oasis server.

Procedure

1. Enter system view.

system-view

2. Send the verification code for device unbinding to the Oasis server.

cloud-management unbinding-code code

Display and maintenance commands for cloud

connections

Execute display commands in any view.

Task Command

Display cloud connection state information.

display cloud-management

state

Cloud connection configuration examples

Example: Configuring a cloud connection

Network configuration

As shown in Figure 2, configure the AC to establish a cloud connection with the H3C Oasis server.

Figure 2 Network diagram

Procedure

1. Configure IP addresses for interfaces as shown in Figure 2, and configure a routing protocol to

make sure the devices can reach each other. (Details not shown.)

2. Log in to the H3C Oasis server to add the serial number of the AC to the server. (Details not

shown.)

3. Configure the domain name of the H3C Oasis server as oasis.h3c.com.

<AC> system-view

[AC] cloud-management server domain oasis.h3c.com

NOTE:

The DNS service is provided by the ISP DNS server.

IP network

Cloud connection

AC H3C Oasis server

Switch Gateway

GE1/0/1

10.0.0.1/24

139.217.27.153/24

Verifying the configuration

# Verify that the AC and the H3C Oasis server have established a cloud connection.

[AC] display cloud-management state

Cloud connection state : Established

Device state : Request_success

Cloud server address : 139.217.27.153

Cloud server domain name : oasis.h3c.com

Cloud connection mode : Https

Cloud server port : 19443

Connected at : Wed Jan 27 14:18:40 2018

Duration : 00d 00h 02m 01s

Process state : Message received

Failure reason : N/A

Last down reason : socket connection error (Details:N/A)

Last down at : Wed Jan 27 13:18:40 2018

Last report failure reason : N/A

Last report failure at : N/A

Dropped packets after reaching buffer limit : 0

Total dropped packets : 1

Last report incomplete reason : N/A

Last report incomplete at : N/A

Buffer full count : 0

Table of contents

Popular IP Access Controllers manuals by other brands

Stanley

Stanley PAC iPAC quick start guide

TimeTec

TimeTec FingerTec Face ID 6 installation guide

REINER SCT

REINER SCT Authenticator quick guide

Kizone

Kizone PX2500 user manual

Sebury

Sebury sKey2 instruction manual

ACT

ACT ACTPRO 1010 Wiring instruction

GVS

GVS H Series user manual

SDC

SDC 923PW EntryCheck installation instructions

TECOM

TECOM ChallengerPlus Installation and Quick Programming Manual

Yetong

Yetong YET-112 installation guide

SecuGen

SecuGen Hamster Air user guide

iGuard

iGuard LM530 user guide

Zennio

Zennio IWAC Display v2 user manual

Anviz

Anviz T50 user manual

Matrix

Matrix COSEC ATOM RD300 Quick installation guide

EverFocus

EverFocus ERM-871 Specifications

Kaba

Kaba Simplex LP1000 Series installation instructions

NAPCO

NAPCO ACM1D datasheet

H3C vAC1000 User manual

Popular IP Access Controllers manuals by other brands