AP Authentication and WLAN Configuration Roadmap
Hello everyone,
Today I would like to present a practical method of how to perform authentication, profile and roadmap settings on a Huawei access controller using the eNSP simulator.
Learning Objectives:
• Configure AP authentcation;
• Undestand WLAN configuration profile;
• Undestand WLAN configuration roadmap;
• Configure open system authentication.
Topology:
Experiment Task:
Let's carry out the configurations in stages:
Step 1 Configuring a Switch and AC.
For the next step it is necessary that the switch and AC settings are ready, you will find in this other topic:
https://forum.huawei.com/enterprise/en/ac-configuration-initialization/thread/783703-869
Step 2 Creating an AP Group
Below is the AP Group configuration for the example:
[AC1] wlan
[AC1-wlan-view] ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1] quit
Step 3 Configuring AP Online Parameters
Enable DHCP on the AC. Assign IP addresses to the STA and AP, configure the Option 43 parameters.
Below is the DHCP and IP Pool configuration:
Enable DHCP over all VLAINF interfaces on the AC.
Configure regulatory domain profile domain1.
Configure the AC source interface.
Getting information from APs:
For our example we will perform authentication via MAC.
AP1:
O AP1 tem o MAC Address: 00e0-fc78-4b80
AP2:
O AP1 tem o MAC Address: 00e0-fc3e-2170
Configure AP authentication.
AP authentication has three modes. By default, MAC authentication is used. Manually add APs based on MAC addresses.
[AC1] wlan
[AC1-wlan-view] ap auth-mode mac-auth
Import the AP offline to the AC and two APs to AP group ap-group1. Name the two APs AP1 and AP2.
[AC1-wlan-view] ap-mac 00e0-fc78-4b80 ap-id 0
[AC1-wlan-view-ap-0] ap-group ap-group1
[AC1-wlan-view-ap-0] ap-name ap1
[AC1-wlan-view] ap-mac 00e0-fc3e-2170 ap-id 1
[AC1-wlan-view-ap-1] ap-group ap-group1
[AC1-wlan-view-ap-1] ap-name ap2
Below the AP import configuration
After APs are added, their status will change from fault to config, and then to normal. If the AP status does not change to normal serveral minutes after the AP is added, check the configuration of VLAN, DHCP, and AP authenticatin.
Step 4 Configuring WLAN Service Parameters
Configure SSID Profile.
Create SSID profiles employee1, voice1 and guest1, and set SSIDs to employee1, voice1 and guest1, respectively.
Create VAP profiles employee1, voice1 and guest1. Set the data forwarding mode for employee1 and voice1 to direct forwarding, and that for guest1 to tunnel forwarding. Configure the service VLAN and bind the profile to the SSID profile.
Configure AP groups to use the regulatory domain profile and VAP profile. When AP group ap-group1 uses VAP profile employee1, set VAP ID to 1. When AP group ap-group1 uses VAP profile voice1, set VAP ID to 2. When AP group ap-group1 uses VAP profile guest1, set VAP ID to 3. Radios 0 and 1 on the AP use the configuration of the VAP profile.
Verification
Checking the VAP Status
The AC automatically delivers WLAN service configurations to APs. After the service configuration is complete, run the display vap ssid guest1 and display vap ssid employee1 commands. If the value of Status in the command output is ON, the have been created on AP radios.
Terminal Connection Test
In the example we are going to connect to SSID voice1 in order to exemplify.
Connect STAs to the WLANs with SSIDs employee1, voice1 and guest1. Run the display station all commands on the AC. The command output shows that the STAs are connected to the WLANs.
On the wireless terminal, ping the IP address of the simulated public network interface on the switch.
-END-
Reference:
HCIA-WLAN_V2.0_Experiment_Guide(CLI-based)
