Got it

Configuring WLAN Services on a Large-Scale Network (V200R008) Highlighted

Latest reply: Jun 24, 2017 00:52:19 1927 1 0 0 1

Hello everyone,

Today I will share with you how to configure WLAN services on a large-scale network.

Specifications

This example applies to AR routers of V200R008C00 and later versions.

Networking Requirements

On a network of a large enterprise in Figure 1-1, an aggregation switch Switch_B connects to an access switch Switch_A and an upstream Router. The enterprise needs to deploy a WLAN, with as few changes to the current network structure as possible.

The enterprise requirements are as follows:

  • A WLAN with the SSID guest is deployed in the lobby of the office building to provide wireless access services for visitors.

  • A WLAN with the SSID employee is deployed in office areas to provide wireless access services for employees.

Figure 1-1 Networking diagram of configuring WLAN services on a large-scale network

20170623102909816001.png

 

Procedure

Step 1  Configure Switch_A.

#
sysname Switch_A
#
vlan batch 100 to 102             //Create VLAN 100 (management VLAN), VLAN 101 (service VLAN), and VLAN 102 (service VLAN).
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100       
  //Configure VLAN 100 as the default VLAN of GE0/0/1.
 port trunk allow-pass vlan 100 to 101    //Add GE0/0/1 to VLAN 100 and VLAN 101.
 port-isolate enable group 1              //Enable port isolation on GE0/0/1.
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 102   
    //Add GE0/0/2 to VLAN 100 and VLAN 102.
 port-isolate enable group 1
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 to 102   
//Add GE0/0/3 to VLANs 100, 101, and 102.
#
return

Step 2  Configure Switch_B.

#
sysname Switch_B
#
vlan batch 100 to 102    
         //Create VLAN 100 (management VLAN), VLAN 101 (service VLAN), and VLAN 102 (service VLAN).
#                                                                             
interface GigabitEthernet0/0/1                                                          
 port link-type trunk                                                           
 port trunk allow-pass vlan 100 to 102   
//Add GE0/0/1 to VLANs 100, 101, and 102.                                          
#                                                                                
interface GigabitEthernet0/0/2                                                         
 port link-type trunk                                                           
 port trunk allow-pass vlan 100 to 102   
//Add GE0/0/2 to VLANs 100, 101, and 102.
          
#
return

Step 3  Configure the AC.

#
 sysname AC
#
vlan batch 101 to 102   
  //Create VLAN 100 (management VLAN), VLAN 101 (service VLAN), and VLAN 102 (service VLAN). 
#
dhcp enable               
//Enable DHCP.
#                                                                               
interface Vlanif100                                                              
 ip address 10.10.10.1 255.255.255.0
 dhcp select interface   
//Enable DHCP on VLANIF 100 so that the AC can assign IP addresses to APs.                                    
#                                                                               
interface Vlanif101                                                              
 ip address 10.10.11.1 255.255.255.0
 dhcp select interface   
//Enable DHCP on VLANIF 101 so that the AC can assign IP addresses to STAs associated with APs.       
#                                                                                
interface Vlanif102                                                             
 ip address 10.10.12.1 255.255.255.0
 dhcp select interface   
//Enable DHCP on VLANIF 102 so that the AC can assign IP addresses to STAs associated with APs.                                                
#                                                                               
interface Ethernet2/0/0                                                         
 port link-type trunk                                                            
 port trunk allow-pass vlan 100 to 102     
//Add Ethernet2/0/0 to VLANs 100, 101, and 102. 
#
capwap source interface vlanif100     
//Specify the AC's source interface.
#
wlan ac
 security-profile name guest       
//Create a security profile.
  security wep share-key           //Configure the shared-key WEP authentication method.
  wep key 0 wep-40 pass-phrase %^%#z*z]6]#!|%n:n}Xz'mhKE{PfN|cIj*eU$jJYH48S%^%#       //Configure a WEP key.
 security-profile name employee     //Create a security profile.
  security wpa2 psk pass-phrase %^%#H{1<-b]4~"*+Y:4-'/URy;$+,33UgQf)@9I(Yl]V%^%# aes  //Configure PSK authentication and CCMP encryption, and display the user password in ciphertext.
 ssid-profile name guest  //Create an SSID profile.
  ssid guest             //Set the SSID to guest.
 ssid-profile name employee  //Create an SSID profile.
  ssid employee             //Set the SSID to employee.
 vap-profile name guest      //Create a VAP profile named guest.
  service-vlan vlan-id 101   //Configure VLAN 101 as a service VLAN.
  ssid-profile guest        //Bind the SSID profile guest to the VAP profile guest.
  security-profile guest     //Bind the security profile guest to the VAP profile guest.
 vap-profile name employee      //Create a VAP profile named employee.
  service-vlan vlan-id 102      //Configure VLAN 102 as a service VLAN.
  ssid-profile employee        //Bind the SSID profile employee to the VAP profile employee.
  security-profile employee     //Bind the security profile employee to the VAP profile employee.
 regulatory-domain-profile name domain1     //Create a regulatory domain profile.
 ap-group name guest                        //Create an AP group.
  regulatory-domain-profile domain1         //Bind the domain profile to the AP group.
  radio 0
   vap-profile guest wlan 1             
//Bind the VAP profile guest to the radio.
  radio 1
   vap-profile guest wlan 1             
//Bind the VAP profile guest to the radio.
  radio 2
   vap-profile guest wlan 1             
//Bind the VAP profile guest to the radio.
 ap-group name default                        //Create an AP group named default.
 ap-group name employee                       //Create an AP group named employee.
  regulatory-domain-profile domain1           //Bind the domain profile to the AP group.
  radio 0
   vap-profile employee wlan 1             
//Bind the VAP profile employee to the radio.
  radio 1
   vap-profile employee wlan 1             
//Bind the VAP profile employee to the radio.
  radio 2
   vap-profile employee wlan 1             
//Bind the VAP profile employee to the radio.
 ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042       //Add an AP offline.
  ap-name area_1           //Configure a name for the AP.
  ap-group guest           //Add the AP to the AP group guest.
 ap-id 1 type-id 19 ap-mac 60de-4474-9640 ap-sn 210235554710CB000075       //Add an AP offline.
  ap-name area_2           //Configure a name for the AP.
  ap-group employee        //Add the AP to the AP group employee.
#
return

Step 4  Verify the configuration.

# After the service configuration is complete, run the display vap ssid guest and display vap ssid employee commands. If Status in the command output is displayed as ON, the VAPs have been successfully created on AP radios.

# Connect STAs to the WLANs with SSIDs guest and employee and enter the passwords a1234 and b1234567 respectively. Run the display station ssid guest and display station ssid employee commands on the AC. The command output shows that the STAs are connected to the WLANs guest and employee.

----End

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.

  • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.

  • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.

  • The management VLAN and service VLAN cannot be configured the same.

  • In V200R008C30 and later versions, when multiple VAP profiles are configured and share one service VLAN, enable inter-service VLAN proxy ARP if the data forwarding mode is set to tunnel.

note

When serving as an AC, the device only in V200R008C30 and later versions supports tunnel forwarding for data packets.

That is all I want to share with you! Thank you!

 

 


  • x
  • convention:

gululu
Created Jun 24, 2017 00:52:19

thanks!
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.