[All About Switches - Configuration Examples]Example for Configuring ... Highlighted

Latest reply: Nov 7, 2016 14:37:00 3042 3 1 0

 

Introduction to S12700+ACU2

As increasing laptops, tablet PCs, and Wi-Fi mobile phones are used to connect to the Internet, WLAN access has become an important access mode for enterprises, and therefore wireless access control and switching are indispensable on enterprise networks. The Access Controller Unit 2 (ACU2) can be used on an S12700 switch to provide wireless access control capabilities on wired networks of enterprises. The S12700 switch with the ACU2 provides both wireless and wired service capabilities, reducing space occupied and cables in equipment rooms and lowering network construction cost.

Configuration Notes

l   In this example, the security policy is WPA2-PSK-CCMP. To ensure network security, configure an appropriate security policy according to service requirements.

l   In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. In direct forwarding mode, you are advised not to configure the management VLAN and service VLAN to be the same.

l   If direct forwarding is used, configure port isolation on the interfaces directly connected to APs. If port isolation is not configured, unnecessary broadcast packets will be transmitted in the VLANs or WLAN users on different APs can directly communicate at Layer 2.

l   Configure the management VLAN and service VLAN:

       In tunnel forwarding mode, service packets are encapsulated in a CAPWAP tunnel, and then forwarded to the AC. The AC then forwards the packets to the upper-layer network or APs. Therefore, service packets and management packets can be normally forwarded as long as the network between the AC and APs is added to the management VLAN and the network between the AC and upper-layer network is added to the service VLAN.

       In direct forwarding mode, service packets are not encapsulated into a CAPWAP tunnel, but are directly forwarded to the upper-layer network or APs. Therefore, service packets and management packets can be normally forwarded only when the network between the AC and APs is added to the management VLAN and the network between the APs and upper-layer network is added to the service VLAN.

l   Configure the source interface:

       For switches of V200R005 and V200R006, run the wlan ac source interface { loopback loopback-number | vlanif vlan-id } command in the WLAN view to configure the source interface.

       For switches of V200R007, run the capwap source interface { loopback loopback-number | vlanif vlan-id } command in the system view to configure the source interface.

l   The following table lists applicable products and versions.

Table 1-1 Applicable products and versions

Software Version

Product Model

AP Model and Version

V200R005C00

S12700

V200R005C00:

AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, and AP7110SN-GN

V200R006C00

S12700

V200R005C00:

AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, and AP7110SN-GN

V200R007C00

S12700

V200R005C10:

AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, AP7110SN-GN, AP8030DN, and AP8130DN

V200R005C20:

AP7030DE and AP9330DN

 

Networking Requirements

As shown in Figure 1-1, the S12700 connects to the AP through an access switch. An ACU2 is installed on slot 1 of the S12700 to manage the AP.

To enable employees to access the company network anytime anywhere on their mobile terminals, an enterprise branch needs to deploy WLAN basic services to implement mobile office.

Figure 1-2 Networking of a small-scale WLAN

5551a07ad658a.png 

Data Planning

Table 1-2 Data planning

Item

Data

Description

Eth-Trunk 0

S12700: Add XGE1/0/1 and XGE1/0/2 to Eth-Trunk 0.

ACU2: Add XGE0/0/1 and XGE0/0/2 to Eth-Trunk 0.

Configure Eth-Trunk 0 between the ACU2 and S12700 to increase bandwidth and improve network reliability.

Eth-Trunk 1

S12700: Add GE2/0/2 and GE2/0/3 to Eth-Trunk 1.

Access switch: Add GE0/0/2 and GE0/0/3 to Eth-Trunk 1.

Configure Eth-Trunk 1 between the ACU2 and access switch to increase bandwidth and improve network reliability.

AC's source interface address

10.23.10.1/24

None

WMM profile

Name: wmm

None

Radio profile

Name: radio

None

Security profile

l  Name: security

l  Security and authentication policy: WPA2+PSK

l  Authentication key: huawei123

l  Encryption mode: CCMP

None

Traffic profile

Name: traffic

None

Service set

l  Name: huawei

l  SSID: huawei

l  WLAN virtual interface: WLAN-ESS 1

l  Data forwarding mode: tunnel forwarding

None

DHCP server

The ACU2 functions as the DHCP server to assign IP addresses to the AP and STAs.

None

AP gateway and IP address pool range

VLANIF 10: 10.23.10.1/24

10.23.10.2-10.23.10.254/24

None

STA gateway and IP address pool range

VLANIF 101: 10.23.11.1/24

10.23.11.2-10.23.11.254/24

None

 

Configuration Roadmap

A modular switch has been deployed on the current network. To simplify network deployment, ACU2 can be added to the modular switch to provide WLAN services.

2.         Configure the AP, access switch, ACU2, and upper-layer network devices to communicate at Layer 2. Add XGE interfaces on the ACU2 and S12700 that are connected to an Eth-Trunk to increase link bandwidth and reliability.

3.         Configure the ACU2 as a DHCP server to assign IP addresses to the STAs and AP from an IP address pool of an interface.

4.         Configure ACU2 system parameters, including the country code, AC ID, carrier ID, and source interface used by the ACU2 to communicate with the AP.

5.         Set the AP authentication mode and add the AP to an AP region.

6.         Configure a VAP and deliver WLAN services to the AP to enable STAs to access the WLAN.

a.         Configure a WMM profile and radio profile for the AP, retain the default settings of the profiles, and bind the WMM profile to the radio profile to enable STAs to communicate with the AP.

b.         Configure a WLAN-ESS interface so that packets can be sent to the WLAN service processing module after reaching the ACU2.

c.         Configure a security profile and traffic profile for the AP, and retain the default settings of the profiles. Configure a service set, bind the WLAN-ESS interface, security profile, and traffic profile to the service set to apply security and QoS policies to STAs.

d.         Configure a VAP and deliver VAP parameters to the AP so that STAs can access the Internet through the WLAN.

Procedure

                               Step 2     Configure the access switch, ACU2, and S12700 to enable the AP and ACU2 to exchange CAPWAP packets.

# On the ACU2, create VLAN 100 (management VLAN), VLAN 101 (service VLAN), and Eth-Trunk 0, add Eth-Trunk 0 to VLAN 100 and VLAN 101 , and add interfaces XGigabitEthernet0/0/1 and XGigabitEthernet0/0/2 to Eth-Trunk 0.

<ACU2> system-view

[ACU2] sysname AC

[AC] vlan batch 100 101

[AC] interface eth-trunk 0 //Configure an Eth-Trunk to increase bandwidth and improve reliability.

[AC-Eth-Trunk0] port link-type trunk

[AC-Eth-Trunk0] port trunk allow-pass vlan 100 101

[AC-Eth-Trunk0] trunkport xgigabitethernet 0/0/1 0/0/2

[AC-Eth-Trunk0] quit

 

# On the S12700, create VLAN 100, VLAN 101, and Eth-Trunk 0, add Eth-Trunk 0 to VLAN 100 and VLAN 101, and add interfaces XGigabitEthernet1/0/1 and XGigabitEthernet1/0/2 to Eth-Trunk 0.

<HUAWEI> system-view

[HUAWEI] sysname S12700

[S12700] load-distribution mode slot 1 enhanced //Set the load balancing mode on the X1E card to enhanced mode. The default mode is normal.

[S12700] vlan batch 100 101

[S12700] interface eth-trunk 0

[S12700-Eth-Trunk0] port link-type trunk

[S12700-Eth-Trunk0] port trunk allow-pass vlan 100 101

[S12700-Eth-Trunk0] trunkport xgigabitethernet 1/0/1 1/0/2

[S12700-Eth-Trunk0] quit

 

# On the S12700, create Eth-Trunk 1, add Eth-Trunk 1 to VLAN 100, and add interfaces GigabitEthernet2/0/2 and GigabitEthernet2/0/3 to Eth-Trunk 1.

[S12700] interface eth-trunk 1

[S12700-Eth-Trunk1] port link-type trunk

[S12700-Eth-Trunk1] port trunk allow-pass vlan 100  

[S12700-Eth-Trunk1] trunkport gigabitethernet 2/0/2 2/0/3

[S12700-Eth-Trunk1] quit

 

# On the access switch, create VLAN 100 and Eth-Trunk 1, add Eth-Trunk 1 to VLAN 100, and add interfaces GigabitEthernet0/0/2 and GigabitEthernet0/0/3 to Eth-Trunk 1. Add GE0/0/1 to VLAN 100.

55519ff927a00.png

In this example, tunnel forwarding is used. If direct forwarding is used, configure port isolation on GE0/0/1 that connects the access switch to the AP. If port isolation is not configured, unnecessary broadcast packets will be transmitted in the VLANs or WLAN users on different APs can directly communicate at Layer 2.

In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same.

<HUAWEI> system-view

[HUAWEI] sysname Switch

[Switch] vlan batch 100

[Switch] interface eth-trunk 1

[Switch-Eth-Trunk1] port link-type trunk

[Switch-Eth-Trunk1] port trunk allow-pass vlan 100  

[Switch-Eth-Trunk1] trunkport gigabitethernet 0/0/2 0/0/3

[Switch-Eth-Trunk1] quit

[Switch] interface gigabitethernet 0/0/1

[Switch-GigabitEthernet0/0/1] port link-type trunk

[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 100 //A PVID must be configured for the interface connected to the AP.

[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100

[Switch-GigabitEthernet0/0/1] quit

 

                               Step 3     Configure the S12700 to communicate with upper-layer network devices.

55519ff927a00.png

Configure the S12700’s uplink interfaces to transparently transmit packets of service VLANs as required and communicate with upper-layer network devices.

# Add GE2/0/1 of the S12700 to VLAN 101.

[S12700] interface gigabitethernet 2/0/1

[S12700-GigabitEthernet2/0/1] port link-type trunk

[S12700-GigabitEthernet2/0/1] port trunk allow-pass vlan 101

[S12700-GigabitEthernet2/0/1] quit

 

                               Step 4     Configure the ACU2 as a DHCP server to assign IP addresses to the STAs and AP.

# Configure the ACU2 as the DHCP server to allocate an IP address to the AP from the IP address pool on VLANIF 100, and allocate IP addresses to STAs from the IP address pool on VLANIF 101.

[AC] dhcp enable

[AC] interface vlanif 100

[AC-Vlanif100] ip address 10.23.10.1 24

[AC-Vlanif100] dhcp select interface

[AC-Vlanif100] quit

[AC] interface vlanif 101

[AC-Vlanif101] ip address 10.23.11.1 24

[AC-Vlanif101] dhcp select interface

[AC-Vlanif101] quit

 

                               Step 5     Configure system parameters of the ACU2.

# Configure the country code.

[AC] wlan ac-global country-code cn  //Configure the AC country code. Radio features of APs managed by the AC must conform to local laws and regulations. The default country code is CN.

Warning: Modifying the country code will clear channel configurations of the AP 

radio using the country code and reset the AP. If the new country code does not 

support the radio, all configurations of the radio are cleared. Continue?[Y/N]:y

 

# Configure the AC ID and carrier ID.

[AC] wlan ac-global ac id 1 carrier id other  //The default AC ID is 0. Set the AC ID to 1.

Warning: Modify the carrier ID or AC ID may cause all of the AP offline, continu

e?[Y/N]:y

 

# Configure the source interface of the ACU2.

[AC] capwap source interface vlanif 100

[AC] wlan

 

                               Step 6     Manage APs on the ACU2.

# Check the AP type ID after obtaining the AP’s MAC address.

[AC-wlan-view] display ap-type all

  All AP types information:     

  ------------------------------------------------------------------------------

  ID     Type                   

  ------------------------------------------------------------------------------

  17     AP6010SN-GN            

  19     AP6010DN-AGN           

  21     AP6310SN-GN            

  23     AP6510DN-AGN           

  25     AP6610DN-AGN           

  27     AP7110SN-GN            

  28     AP7110DN-AGN           

  29     AP5010SN-GN            

  30     AP5010DN-AGN           

  31     AP3010DN-AGN           

  33     AP6510DN-AGN-US        

  34     AP6610DN-AGN-US        

  35     AP5030DN                

  36     AP5130DN               

  37     AP7030DE

  38     AP2010DN 

  39     AP8130DN 

  40     AP8030DN

  42     AP9330DN

  43     AP4030DN                          

  44     AP4130DN                      

  45     AP3030DN                     

  46     AP2030DN

  ------------------------------------------------------------------------------

  Total number: 23  

 

 

# Add the AP offline according to the AP type ID. Assume that the AP type is AP6010DN-AGN and its MAC address is 60de-4476-e360.

[AC-wlan-view] ap-auth-mode mac-auth

[AC-wlan-view] ap id 0 type-id 19 mac 60de-4476-e360 //Add an AP offline.

[AC-wlan-ap-0] quit

55519ff927a00.png

The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the auth-mode mac-auth command.

# Configure an AP region and add the AP to the AP region.

[AC-wlan-view] ap-region id 10  //Create the AP region 10.

[AC-wlan-ap-region-10] quit

[AC-wlan-view] ap id 0

[AC-wlan-ap-0] region-id 10  //Add the AP with ID 1 to AP region 10. An AP joins region 0 by default.

[AC-wlan-ap-0] quit

# Power on the AP and run the display ap all command to check the AP running status. If the AP State field displays as normal, the AP is online on the AC.

[AC-wlan-view] display ap all

  All AP information:           

  Normal[1],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0]       

  Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]         

  ------------------------------------------------------------------------------

  AP    AP               AP              Profile   AP              AP           

                                         /Region                                

  ID    Type             MAC             ID        State           Sysname      

  ------------------------------------------------------------------------------

  0     AP6010DN-AGN     60de-4476-e360  0/10      normal          ap-0         

  ------------------------------------------------------------------------------

  Total number: 1,printed: 1   

 

                               Step 7     Configure WLAN service parameters.

# Create the WMM profile wmm.

[AC-wlan-view] wmm-profile name wmm id 1

[AC-wlan-wmm-prof-wmm] quit

 

# Create the radio profile radio and bind the WMM profile wmm to the radio profile.

[AC-wlan-view] radio-profile name radio id 1 

[AC-wlan-radio-prof-radio] wmm-profile name wmm 

[AC-wlan-radio-prof-radio] quit

[AC-wlan-view] quit

 

# Create WLAN-ESS interface 1.

[AC] interface wlan-ess 1

[AC-Wlan-Ess1] port hybrid pvid vlan 101

[AC-Wlan-Ess1] port hybrid untagged vlan 101

[AC-Wlan-Ess1] quit

 

# Create the security profile security.

[AC] wlan

[AC-wlan-view] security-profile name security id 1

[AC-wlan-sec-prof-security] security-policy wpa2 //Set the security policy to WPA2.

[AC-wlan-sec-prof-security] wpa2 authentication-method psk pass-phrase cipher huawei123 encryption-method ccmp //Set the encryption mode to PSK+CCMP.

[AC-wlan-sec-prof-security] quit

 

# Create the traffic profile traffic.

[AC-wlan-view] traffic-profile name traffic id 1

[AC-wlan-traffic-prof-traffic] quit

 

# Create the service set huawei and bind the WLAN-ESS interface, security profile, and traffic profile to the service set.

[AC-wlan-view] service-set name huawei id 1

[AC-wlan-service-set-huawei] ssid huawei  //Set the SSID name.

[AC-wlan-service-set-huawei] wlan-ess 1 //Bind the WLAN-ESS interface to the service set.

[AC-wlan-service-set-huawei] security-profile name security //Bind the security profile to the service set.

[AC-wlan-service-set-huawei] traffic-profile name traffic //Bind the traffic profile to the service set.

[AC-wlan-service-set-huawei] service-vlan 101 //Bind the service VLAN to the service set.

[AC-wlan-service-set-huawei] forward-mode tunnel //Set the forwarding mode to tunnel forwarding. The default forwarding mode is direct forwarding.

[AC-wlan-service-set-huawei] quit

 

                               Step 8     Configure a VAP and deliver the VAP configuration to the AP.

# Configure a VAP.

[AC-wlan-view] ap 0 radio 0

[AC-wlan-radio-0/0] radio-profile name radio //Bind the radio profile to the radio.

[AC-wlan-radio-0/0] service-set name huawei //Bind the service set to the radio. A VAP is generated after the binding.

[AC-wlan-radio-0/0] quit

# Deliver the configuration.

[AC-wlan-view] commit ap 0 //After the WLAN service configuration is complete on the AC, the configuration takes effect after you deliver it to the AP.

Warning: Committing configuration may cause service interruption, continue?[Y/N]

:y

 

                               Step 9     Verify the configuration.

After the configuration is complete, run the display vap ap 0 radio 0 command. The command output shows that the VAP has been created.

[AC-wlan-view] display vap ap 0 radio 0

  All VAP Information(Total-1):                                                 

  SS: Service-set     BP: Bridge-profile     MP: Mesh-profile                   

  ----------------------------------------------------------------------        

  AP ID  Radio ID  SS ID  BP ID  MP ID  WLAN ID  BSSID           Type           

  ----------------------------------------------------------------------

  0      0         1      -      -      1        60DE-4476-E360  service        

  ----------------------------------------------------------------------

  Total: 1

STAs discover the WLAN with SSID huawei and associate with the WLAN. You can run the display station assoc-info command on the ACU2. The command output shows that the STAs have connected to the WLAN huawei.

[AC-wlan-view] display station assoc-info ap 0 radio 0

  AP/Rf/WLAN: AP ID/Radio ID/WLAN ID                                             

  Rx/Tx: link receive rate/link transmit rate(Mbps)                             

  ------------------------------------------------------------------------------

  STA MAC         AP/Rf/WLAN Rx/Tx     Mode  RSSI   IP address                   

  SSID                                                                          

  ------------------------------------------------------------------------------

  9021-55dc-3e17  0/0/1      27/58     11n   -45    10.23.11.254              

  huawei                                                                  

  ------------------------------------------------------------------------------

  Total stations: 1  

----End

Summary

l   The interface directly connected to the AP, such as GE0/0/1 of the access switch must be configured with a PVID.

l   If the AP cannot go online, first check whether the server assigning an IP address to the AP is correctly configured.

This post was last edited by 交换机在江湖 at 2017-05-26 17:57.
  • x
  • convention:

All_About_Switch Moderator Official Created May 12, 2015 14:42:07 Helpful(0) Helpful(0)

Configuration Files

l   Configuration file of the ACU2

#

 sysname AC

#

vlan batch 100 to 101

#

wlan ac-global carrier id other ac id 1

#

dhcp enable

#

interface Vlanif100

 ip address 10.23.10.1 255.255.255.0

 dhcp select interface

#

interface Vlanif101

 ip address 10.23.11.1 255.255.255.0

 dhcp select interface

# 

interface Eth-Trunk0             

 port link-type trunk   

 port trunk allow-pass vlan 100 101

#

interface XGigabitEthernet0/0/1

 eth-trunk 0 

#

interface XGigabitEthernet0/0/2

 eth-trunk 0 

#

interface Wlan-Ess1

 port hybrid pvid vlan 101

 port hybrid untagged vlan 101

#

capwap source interface vlanif100

#

wlan

 ap-region id 10

 ap id 0 type-id 19 mac 60de-4476-e360 sn 210235419610CB002287

  region-id 10

 wmm-profile name wmm id 1

 traffic-profile name traffic id 1

 security-profile name security id 1 

  security-policy wpa2                      

  wpa2 authentication-method psk pass-phrase cipher %@%@}PSoXN{buC{{i+L![@/I<|C"%@%@ encryption-method ccmp

 service-set name huawei id 1

  forward-mode tunnel

  wlan-ess 1

  ssid huawei

  traffic-profile id 1

  security-profile id 1

  service-vlan 101

 radio-profile name radio id 1

  wmm-profile id 1

 ap 0 radio 0

  radio-profile id 1

  service-set id 1 wlan 1

#

return    

l   Configuration file of the S12700

#

 sysname S12700

#

load-distribution mode slot 1 enhanced

#

vlan batch 100 to 101

# 

interface Eth-Trunk0             

 port link-type trunk   

 port trunk allow-pass vlan 100 101

# 

interface Eth-Trunk1             

 port link-type trunk   

 port trunk allow-pass vlan 100

#

interface GigabitEthernet2/0/1

 port link-type trunk

 port trunk allow-pass vlan 101

#

interface GigabitEthernet2/0/2

 eth-trunk 1 

#

interface GigabitEthernet2/0/3

 eth-trunk 1 

#

interface XGigabitEthernet1/0/1

 eth-trunk 0 

#

interface XGigabitEthernet1/0/2

 eth-trunk 0 

#

return    

l   Configuration file of the access switch

#

 sysname Switch

#

vlan batch 100

# 

interface Eth-Trunk1             

 port link-type trunk   

 port trunk allow-pass vlan 100

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100

#

interface GigabitEthernet0/0/2

 eth-trunk 1

#

interface GigabitEthernet0/0/3

 eth-trunk 1

#

return    



★★★Summary★★★ All About Huawei Switch Features and Configurations

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

user_2790689 Created May 14, 2015 17:59:09 Helpful(0) Helpful(0)

Thank you.
  • x
  • convention:

AdilShafat Created Nov 7, 2016 14:37:00 Helpful(0) Helpful(0)

Dear
• Wired and Wireless Access Point are in same VLAN on switch
• Through the LAN we are getting perfect bandwidth but through the Access Point we’re getting maximum 25 Mbps. Kindly check the access point configuration and assist.

Network Diagram are mentioned below;

This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top