Professional Documents
Culture Documents
General Principles
l On a campus network, use public network IP addresses for a few devices in the
demilitarized zone (DMZ) or Internet zone and private network IP addresses for devices
inside the campus.
l Principles for using a dynamic or static IP address are as follows:
– Use static IP addresses for servers, special terminal devices (such as clocking
terminals, printing servers, and IP video surveillance devices), and manufacture
devices.
– Use the Dynamic Host Configuration Protocol (DHCP) to dynamically obtain the IP
addresses of office devices (such as PCs and IP phones).
DHCP Planning
l Deploy an independent DHCP server in the data center or server zone of the campus.
l On the convergence layer gateway, configure a DHCP relay agent, which is directed to
an IP address allocated by the DHCP server.
l Allocate IP addresses through a virtual local area network (VLAN) within a DHCP
campus. (The DHCP relay agent carries the IP address of the gateway so that it is
allocated an IP address in the same network segment as the gateway.)
l Divide DHCP addresses by service type, office area, to facilitate uniform management
and fault locating.
l Enable the DHCP relay function when the DHCP needs to cross network segments to
obtain IP addresses.
l Enable the DHCP security authentication function to prevent deployment of
unauthorized DHCP servers and access of unauthorized users.
Management 6 PQ 6 6 3
Service
Internet and 0 PQ 0 0 0
Data Service
WiFi Service 0 PQ 0 0 0
Voice 5 PQ 5 5 2
Service
AP Service 0 PQ 0 0 0
Camera 5 PQ 5 5 2
Service
VoD Service 3 PQ 0 0 0
BTV Service 3 PQ 0 0 0
NOTE
Service priorities in this table are recommended values. The service priorities are arranged according to
actual planning.
Traffic Monitoring
Item Man Intern Wi-Fi Voice AP Video VoD BTV
agem et and Servic Servic Servic Monit Servic Servic
ent Data e e e or e e
Servi Servic Servic
ce e e
NOTE
[Note 1]
l The rate restriction on the BRAS or SR is recommended. OLTs and ONUs do not restrict the rate
for service streams.
l If BRAS does not support rate restriction, OLTs can restrict the rate for service streams through the
traffic profile.
l The sum of the assured bandwidth of all ONUs connected to a PON port and the fixed bandwidth
of OMCI management channel is less than the GPON upstream bandwidth. Some bandwidth must
be reserved for the future service expansion.
[Note 2] Rate limit on AC is recommended.
NOTE
l The device provides comprehensive security measures, but not all security measures need to be
deployed. Only the security measures that meet the following requirements need to be deployed:
l The security measures can be used on the live network;
l The security measures are easy to deploy;
l The security measures are effective;
l Security features vary by device. Select security features based on actual device capabilities.
Security Planning
Solution Suggestion and Description
Traffic rate limit Configure the rate limit on the OLT to limit the traffic
entering the port.
Main control board 1+1 The system uses two main control boards of the same
protection model and version. The two main control boards work in
the active/standby mode by default. When the active main
control board fails, the system switches to the standby main
control board to prevent service interruption.
Power board 1+1 protection A subrack is configured with two power boards of the same
model and version, which back up each other. When one of
the power boards fails, the other power board can still
provide power supply to the device and so the system can
still work properly.
Upstream board 1+1 The system uses two upstream interface boards of the same
protection model and version. Each upstream interface board provides
one upstream port and two upstream ports are bound
together using Link Aggregation Control Protocol (LACP).
When the active upstream port fails, traffic will be
transmitted upstream through the standby upstream port.
NOTE
Link aggregation group and Ethernet protection group usually are not configured at the same time. You are
advised to configure only one of the two protection schemes.
GPON Type B single l Two PON ports on the same OLT back up each other.
homing l When one of the PON ports fails, the system
automatically switches to the other PON port.
l This protection scheme provides port-level protection
with low costs.
GPON Type B dual homing l Two PON ports on the different OLTs back up each
other.
l When one of the PON ports fails, the system
automatically switches to the other PON port.
l This protection scheme provides device-level protection
with highest costs.