Example for Configuring Applications of a Mobile Internet Gateway at a Bus Stop

Created: Mar 16, 2016 17:03:39Latest reply: Mar 16, 2016 17:11:21 1334 6 0 0

Networking Requirements

A bus company wants to provide the WLAN service for passengers at bus stops to improve passenger satisfaction. Deploying a wired network at bus stops is complex, and the network deployment and maintenance costs are high. However, the bus company wants to deploy a network with light cabling workload and low costs.

As shown in Figure 1-17, a mobile Internet gateway is deployed at a bus stop to connect to the Internet through the LTE network and provide WLAN access for passengers at bus stops. The AR510 series integrates the Portal server function.

Only the AR503GW-LM7, AR503GW-LcM7 and AR510 series can function as the mobile Internet gateway.

Passengers at bus stops access the Internet in on-demand dialup mode. The bus company obtains the following information from a carrier:

  • Access point name (APN) LTENET
  • Dial string *99#
Figure 1-17  Networking diagram of access from passengers at a bus stop to the Internet through the LTE network

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a DHCP server to assign IP addresses to mobile terminals of passengers.
  2. Configure a RADIUS server to implement Portal authentication on mobile terminals.
  3. Configure WLAN services to allow two radios of the device to connect to mobile terminals.
  4. Configure an LTE interface to connect mobile terminals of passengers to the Internet wirelessly.
  5. Verify the configuration.


This article contains more resources

You need to log in to download or view. No account?Register

  • x
  • convention:

Nana00     Created Mar 16, 2016 17:07:04 Helpful(0) Helpful(0)


  1. Configure a DHCP address pool.

# Enable DHCP.

<Huawei> system-view

[Huawei] sysname Router

[Router] dhcp enable

# Configure DNS Proxy.

[Router] dns proxy enable

[Router] dns resolve

# Create a global address pool from which IP addresses are assigned to STAs.

[Router] ip pool 4gpool1

[Router-ip-pool-4gpool1] network mask

[Router-ip-pool-4gpool1] gateway-list

[Router-ip-pool-4gpool1] dns-list

[Router-ip-pool-4gpool1] quit

[Router] ip pool 4gpool2

[Router-ip-pool-4gpool2] network mask

[Router-ip-pool-4gpool2] gateway-list

[Router-ip-pool-4gpool2] dns-list

[Router-ip-pool-4gpool2] quit

# Configure the interface to use the global address pool.

[Router] vlan batch 100 101

[Router] interface vlanif 100

[Router-Vlanif100] ip address

[Router-Vlanif100] dhcp select global

[Router-Vlanif100] quit

[Router] interface vlanif 101

[Router-Vlanif101] ip address

[Router-Vlanif101] dhcp select global

[Router-Vlanif101] quit

  • x
  • convention:

Nana00     Created Mar 16, 2016 17:08:02 Helpful(0) Helpful(0)

  2、  Create and configure a RADIUS server template, an AAA authentication scheme, and an    authentication domain.

# Create and configure RADIUS server template rd1. The shared key configured in the template must be the same as that on the RADIUS server.

[Router] radius-server template rd1

[Router-radius-rd1] radius-server authentication 1812

[Router-radius-rd1] radius-server accounting 1813

[Router-radius-rd1] radius-server shared-key cipher hello

[Router-radius-rd1] quit

# Configure authentication scheme abc and use RADIUS authentication for Portal users.

[Router] aaa

[Router-aaa] authentication-scheme abc

[Router-aaa-authen-abc] authentication-mode radius

[Router-aaa-authen-abc] quit

# Configure accounting scheme abc and use RADIUS accounting for Portal users.

[Router-aaa] accounting-scheme abc

[Router-aaa-accounting-abc] accounting-mode radius

[Router-aaa-accounting-abc] quit

# Create authentication domain isp1, and bind AAA authentication scheme abc, accounting scheme abc and RADIUS server template rd1 to it.

[Router-aaa] domain isp1

[Router-aaa-domain-isp1] authentication-scheme abc

[Router-aaa-domain-isp1] accounting-scheme abc

[Router-aaa-domain-isp1] radius-server rd1

[Router-aaa-domain-isp1] quit

[Router-aaa] quit

# Configure global default domain isp1. During access authentication, enter a user name in the format user name@domain name, for example, user@isp1. The user is authenticated in the domain. If the user name does not carry the domain name or carries an invalid domain name, the user is authenticated in the default domain.

[Router] domain isp1

# Check whether a user can be authenticated using RADIUS authentication. A test user account has been configured on the RADIUS server, with the user name test@isp1 and password 123456.

[Router] test-aaa test@isp1 123456 radius-template rd1

Info: Account test succeed.

# Configure STAs to be authenticated using configurations in domain isp1.

[Router] interface wlan-bss 1

[Router-Wlan-Bss1] permit-domain name isp1

[Router-Wlan-Bss1] force-domain name isp1

[Router-Wlan-Bss1] quit

[Router] interface wlan-bss 2

[Router-Wlan-Bss2] permit-domain name isp1

[Router-Wlan-Bss2] force-domain name isp1

[Router-Wlan-Bss2] quit

  • x
  • convention:

Nana00     Created Mar 16, 2016 17:08:42 Helpful(0) Helpful(0)

3、           Configure a Portal server.

# Enable the Nginx server.

[Router] nginx enable

Info: Nginx has been started.

# Set the IP address of the Portal server to, the port that the Portal server uses to receive notification packets from the device to 50100, and the HTTP redirection URL to

[Router] web-auth-server server_abc

[Router-web-auth-server-server_abc] server-ip

[Router-web-auth-server-server_abc] port 50100

[Router-web-auth-server-server_abc] url

[Router-web-auth-server-server_abc] quit

# Assign an IP address on the same network segment of the Portal server to Eth0/0/0 of the Router.

[Router] interface ethernet0/0/0

[Router-Ethernet0/0/0] ip address 24

[Router-Ethernet0/0/0] quit

# Enable Portal authentication.

[Router] interface vlanif 100

[Router-Vlanif100] web-auth-server server_abc direct

[Router-Vlanif100] quit

[Router] interface vlanif 101

[Router-Vlanif101] web-auth-server server_abc direct

[Router-Vlanif101] quit

[Router] interface wlan-bss 1

[Router-Wlan-Bss1] web-authentication first-mac

[Router-Wlan-Bss1] quit

[Router] interface wlan-bss 2

[Router-Wlan-Bss2] web-authentication first-mac

[Router-Wlan-Bss2] quit

  • x
  • convention:

Nana00     Created Mar 16, 2016 17:10:15 Helpful(0) Helpful(0)

         4、Set basic function parameters and service VAPs for the Fat AP.

# Configure the country code.

[Router] wlan global country-code cn

 Warning: Modify the country code may delete all vap and stations will offline,

are you sure to continue?[Y/N]:y

# Create WMM profile wmm-1 and use the default settings.

[Router] wlan

[Router-wlan-view] wmm-profile name wmm-1 id 1

[Router-wlan-wmm-prof-wmm-1] quit

# Create radio profiles radio-1 and radio-2, and bind WMM profile wmm-1 to them.

[Router-wlan-view] radio-profile name radio-1 id 1

[Router-wlan-radio-prof-radio-1] wmm-profile name wmm-1

[Router-wlan-radio-prof-radio-1] quit

[Router-wlan-view] radio-profile name radio-2 id 2

[Router-wlan-radio-prof-radio-2] wmm-profile name wmm-1

[Router-wlan-radio-prof-radio-2] quit

[Router-wlan-view] quit

# Bind radio profiles radio-1 and radio-2 to Radio0/0/0 and Radio0/0/1 respectively.

[Router] interface wlan-radio 0/0/0

[Router-Wlan-Radio0/0/0] radio-profile name radio-1

 Warning: Modify the Radio type may cause some parameters of Radio resume defaul

t value, are you sure to continue?[Y/N]: y

[Router-Wlan-Radio0/0/0] quit

[Router] interface wlan-radio 0/0/1

[Router-Wlan-Radio0/0/1] radio-profile name radio-2

 Warning: Modify the Radio type may cause some parameters of Radio resume defaul

t value, are you sure to continue?[Y/N]: y

[Router-Wlan-Radio0/0/1] quit

# Configure a WLAN-BSS virtual interface so that the device can forward packets from STAs to the WLAN service processing module.

[Router] interface wlan-bss 1

[Router-Wlan-Bss1] port hybrid tagged vlan 100

[Router-Wlan-Bss1] quit

[Router] interface wlan-bss 2

[Router-Wlan-Bss2] port hybrid tagged vlan 101

[Router-Wlan-Bss2] quit

# Create security profile security-1, and set the authentication mode to WEP open system authentication and the encryption mode to no encryption.

[Router] wlan

[Router-wlan-view] security-profile name security-1 id 1

[Router-wlan-sec-prof-security-1] security-policy wep

[Router-wlan-sec-prof-security-1] wep authentication-method open-system

[Router-wlan-sec-prof-security-1] quit

# Configure a QoS policy. Create traffic profile traffic-1 and use the default settings.

[Router-wlan-view] traffic-profile name traffic-1 id 1

[Router-wlan-traffic-prof-traffic-1] quit

# Create service sets, set SSIDs to station-wlan1 and station-wlan2, and bind the traffic profile, security profile, and WLAN-BSS interface to the service sets.

[Router-wlan-view] service-set name station-wlan1 id 1

[Router-wlan-service-set-station-wlan1] ssid station-wlan1

[Router-wlan-service-set-station-wlan1] traffic-profile name traffic-1

[Router-wlan-service-set-station-wlan1] security-profile name security-1

[Router-wlan-service-set-station-wlan1] wlan-bss 1

[Router-wlan-service-set-station-wlan1] quit

[Router-wlan-view] service-set name station-wlan2 id 2

[Router-wlan-service-set-station-wlan2] ssid station-wlan2

[Router-wlan-service-set-station-wlan2] traffic-profile name traffic-1

[Router-wlan-service-set-station-wlan2] security-profile name security-1

[Router-wlan-service-set-station-wlan2] wlan-bss 2

[Router-wlan-service-set-station-wlan2] quit

[Router-wlan-view] quit

# Bind service sets station-wlan1 and station-wlan2 to Radio0/0/0 and Radio0/0/1 respectively.

[Router] interface wlan-radio 0/0/0

[Router-Wlan-Radio0/0/0] service-set name station-wlan1  

[Router-Wlan-Radio0/0/0] quit 

[Router] interface wlan-radio 0/0/1

[Router-Wlan-Radio0/0/1] service-set name station-wlan2  

[Router-Wlan-Radio0/0/1] quit 

  • x
  • convention:

Nana00     Created Mar 16, 2016 17:10:50 Helpful(0) Helpful(0)

           5、Configure an LTE interface.

# Configure the dialer control list.

[Router] dialer-rule

[Router-dialer-rule] dialer-rule 1 ip permit

[Router-dialer-rule] quit

# Enable circular DCC.

[Router] interface cellular 0/0/0

[Router-Cellular0/0/0] dialer enable-circular

# Configure the LTE interface to obtain IP addresses dynamically.

[Router-Cellular0/0/0] ip address negotiate

# Associate the dialer control list with Cellular0/0/0.


The numbers in the dialer-group and dialer-rule commands must be the same.

[Router-Cellular0/0/0] dialer-group 1

# Set the dial string to *99#.

[Router-Cellular0/0/0] dialer number *99#

# Configure the network connection mode.

[Router-Cellular0/0/0] mode lte auto

[Router-Cellular0/0/0] quit

# Create an APN profile and set the APN name to LTENET that is obtained from a carrier.

[Router] apn profile lteprofile

[Router-apn-profile-lteprofile] apn LTENET

# Configure the user name, password, and authentication mode for accessing the public data network (PDN).

[Router-apn-profile-lteprofile] user name lteuser password cipher Password@123 authentication-mode auto

[Router-apn-profile-lteprofile] quit

# Bind the APN profile to the LTE cellular interface.

[Router] interface cellular 0/0/0

[Router-Cellular0/0/0] apn-profile lteprofile

[Router-Cellular0/0/0] shutdown

[Router-Cellular0/0/0] undo shutdown

[Router-Cellular0/0/0] quit

# Configure NAT.

[Router] acl number 3002

[Router-acl-adv-3002] rule 5 permit ip source

[Router-acl-adv-3002] rule 10 permit ip source

[Router-acl-adv-3002] quit

[Router] interface cellular 0/0/0

[Router-Cellular0/0/0] nat outbound 3002

[Router-Cellular0/0/0] quit

# Configure a default route and specify Cellular0/0/0 as the outbound interface.

[Router] ip route-static 0 cellular 0/0/0

  • x
  • convention:

Nana00     Created Mar 16, 2016 17:11:21 Helpful(0) Helpful(0)

             6、Verify the configuration.

# View detailed information about Cellular0/0/0. The following command output shows that when traffic is transmitted on the interface, the physical status and link layer protocol status of the interface are both Up, and the interface dynamically obtains IP address

[Router] display interface Cellular 0/0/0

Cellular0/0/0 current state : UP

Line protocol current state : UP

Last line protocol up time : 2014-05-19 00:45

Description:HUAWEI, AR Series, Cellular0/0/0 Interface

Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)

Internet Address is negotiated,

Link layer protocol is PPP

LCP opened, IPCP opened

Last physical up time   : 2014-05-19 00:45

Last physical down time : 2014-05-19 00:45

Current system time: 2014-05-19 00:45

Modem State: Present

Last 300 seconds input rate 3 bytes/sec 24 bits/sec 0 packets/sec

Last 300 seconds output rate 0 bytes/sec 0 bits/sec 0 packets/sec

Input: 121082 packets, 112644324 bytes

  Unicast:             110160,    Ununicast:              10922


Output: 134960 packets, 11718497 bytes

  Unicast:             124053,    Ununicast:              10907

    Input bandwidth utilization  : 0.01%

    Output bandwidth utilization :    0%

# View information about all call sessions on the LTE data card. The following command output shows that the APN is LTENET, the network type is Automatic, and the network connection mode is LTE(LTE).

[Router] display Cellular 0/0/0 all

Modem State:                                                                   

Hardware Information.                                                          


Model = MU609                                                                  

Modem Firmware Version =                           

Hardware Version = MD1MU609M01                                                  

Integrate circuit card identity (ICCID) = 98681011274300909893               

International Mobile Subscriber Identity (IMSI) = 460016002731442              

International Mobile Equipment Identity (IMEI) = 861230010006485               

Factory Serial Number (FSN) = T2Y01A9211900298                                 

Modem Status = Online                                                          

Profile Information.                                                            


Profile 1 = ACTIVE                                                             


PDP Type = IPv4, Header Compression = OFF                                      

Data Compression = OFF                                                         

Access Point Name (APN) = LTENET                                               

Packet Session Status = Active                                               

* - Default profile                                                            

Network Information.                                                           


Current Service Status = Service available                                     

Current Service = Combined                                                     

Packet Service = Attached                                                       

Packet Session Status = Active                                               

Current Roaming Status = Home                                                  

Network Selection Mode = Automatic                                              

Network Connection Mode = Automatic                                            

Current Network Connection = LTE(LTE)                                      

Mobile Country Code (MCC) = 460                                                 

Mobile Network Code (MNC) = 01                                                 

Mobile Operator Information = "CHN-CULTE"                                      

Cell ID = 55924                                                                

Upstream Bandwidth = 50mbps                                                   

Downstream Bandwidth = 100mbps                                                 

Radio Information.                                                             


Current Band = AUTO                                                            

Current RSSI = -55 dBm                                                         

Modem Security Information.                                                    


PIN Verification = Disabled                                                    

PIN Status = Ready                                                             

Number of Retries remaining = 3                                                

SIM Status = OK            

# The WLANs with SSIDs station-wlan1 and station-wlan2 are available for STAs connected to the Fat AP. After associated with the WLANs, the user can enter the correct user name and password on the Portal authentication page. After the authentication is complete, the user can access the Internet.

Configuration Files

  • Configuration file of the Router

·         #     

·          sysname Router

·         #                                                                              

·          dns resolve                                                                   

·          dns proxy enable

·         #                                                                              

·         vlan batch 100 to 101                                                          

·         #                                                                              

·         domain isp1                                                                     

·         #                                                                              

·         dhcp enable                                                                    

·         #

·         nginx enable    

·         #                                                                               

·         radius-server template rd1                                                     

·          radius-server shared-key cipher %^%#9T`|L}K(4#J3k=+I8SiJrsM:RO[iy@Uuc:LTQJ,1%^%#              

·          radius-server authentication 1812 weight 80                       

·          radius-server accounting 1813 weight 80

·         #                                                                              

·         acl number 3002                                                                 

·          rule 5 permit ip source                               

·          rule 10 permit ip source

·         #                                                                              

·         web-auth-server server_abc                                                           

·          server-ip                                                         

·          port 50100                                                                    

·          url

·         #                                                                              

·         ip pool 4gpool1                                                                

·          gateway-list                                                    

·          network mask                                      

·          dns-list

·         #                                                                              

·         ip pool 4gpool2                                                                 

·          gateway-list                                                    

·          network mask 

·          dns-list

·         #                                                                              

·         aaa                                                                             

·          authentication-scheme abc                                                     

·           authentication-mode radius                                                   

·          accounting-scheme abc

·           accounting-mode radius

·          domain isp1                                                                   

·           authentication-scheme abc                                                    

·           accounting-scheme abc

·           radius-server rd1                                                             

·         #                                                                              

·         interface Vlanif100                                                            

·          ip address                                         

·          web-auth-server server_abc direct                                                   

·          dhcp select global                                                            

·         #                                                                               

·         interface Vlanif101                                                            

·          ip address                                        

·          web-auth-server server_abc direct                                                   

·          dhcp select global       

·         #                                                                              

·         interface Ethernet0/0/0                                                        

·          ip address                                          

·         #                                                                              

·         interface Wlan-Bss1                                                            

·          port hybrid tagged vlan 100                                                   

·          web-authentication first-mac                                                  

·          permit-domain name isp1                                                       

·          force-domain name isp1

·         #                                                                               

·         interface Wlan-Bss2                                                            

·          port hybrid tagged vlan 101                                                   

·          web-authentication first-mac                                                  

·          permit-domain name isp1                                                       

·          force-domain name isp1

·         #                                                                              

·         interface Cellular0/0/0                                                        

·          dialer enable-circular

·          dialer-group 1

·          apn-profile lteprofile

·          dialer number *99#

·          nat outbound 3002 

·          ip address negotiate

·         #                                                                              

·         dialer-rule                                                                    

·          dialer-rule 1 ip permit                                                       

·         #                                                                               

·         apn profile lteprofile     

·          user name lteuser password cipher %@%@i8c,AX_*~%M<"L*0b5%0,0b2%@%@ authenticati

·         on-mode auto                                                                    

·          apn LTENET

·         #                                                                              

·         ip route-static Cellular0/0/0                                  

·         #                                                                               

·         wlan                                                                           

·          wmm-profile name wmmf id 0                                                    

·          wmm-profile name wmm-1 id 1                                                   

·          traffic-profile name traf id 0                                                

·          traffic-profile name traffic-1 id 1                                           

·          security-profile name secf id 0                                               

·          security-profile name security-1 id 1                                         

·          service-set name station-wlan1 id 1                                           

·           Wlan-Bss 1                                                                   

·           ssid station-wlan1                                                            

·           traffic-profile id 1                                                         

·           security-profile id 1                                                        

·          service-set name station-wlan2 id 2                                           

·           Wlan-Bss 2                                                                   

·           ssid station-wlan2                                                           

·           traffic-profile id 1                                                         

·           security-profile id 1                                                        

·          radio-profile name radiof id 0                                                

·           wmm-profile id 0                                                              

·          radio-profile name radio-1 id 1                                               

·           wmm-profile id 1                                                             

·          radio-profile name radio-2 id 2                                                

·           wmm-profile id 1

·         #                                                                              

·         interface Wlan-Radio0/0/0                                                      

·          radio-profile id 1                                                             

·          service-set id 1 wlan 1                                                       

·         #                                                                              

·         interface Wlan-Radio0/0/1                                                       

·          radio-profile id 2                                                            

·          service-set id 2 wlan 1

·         #                                                                              



  • x
  • convention:


You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top