Got it

Configuring WLAN Services on a Medium-Scale Network (V200R008).

Latest reply: Jun 26, 2017 07:51:24 1628 1 0 0 0

Hello everyone,

Today I will share with you how to configure WLAN Services on a Medium-Scale Network.

Specifications

This example applies to AR routers of V200R008C00 and later versions.

Networking Requirements

As shown in Figure 1-1, an AC manages the AP connected to it through Switch_A.

A medium-sized enterprise needs to deploy a WLAN in office areas to meet mobile office service needs and requires that users be centrally controlled and managed on the AC.

Figure 1-1 Networking diagram of configuring WLAN services on a medium-scale network

20170626142807162001.png

 

Procedure

Step 1  Configure the switch.

#
sysname Switch
#
vlan batch 100 to 101        //Create VLAN 100 (management VLAN) and VLAN 101 (service VLAN).
#
interface GigabitEthernet0/0/1
 port link-type trunk       
 port trunk pvid vlan 100 
   //Configure VLAN 100 as the default VLAN of GE0/0/1.
 port trunk allow-pass VLAN 100 to 101    //Add GE0/0/1 to VLAN 100 and VLAN 101.
 port-isolate enable group 1              //Enable port isolation on GE0/0/1.
#
interface GigabitEthernet0/0/2
 port link-type trunk         
 port trunk allow-pass vlan 100 to 101 
   //Add GE0/0/2 to VLAN 100 and VLAN 101.
#
return

Step 2  Configure the AC.

#
 sysname AC
#
vlan batch 100 to 101        //Create VLAN 100 (management VLAN) and VLAN 101 (service VLAN).
#
dhcp enable                  //Enable DHCP.
#
interface Vlanif100
 ip address 10.10.10.1 255.255.255.0
 dhcp select interface   
   //Enable DHCP on VLANIF 100 so that the AC can assign IP addresses to APs.
#
interface Vlanif101                                                              
 ip address 10.10.11.1 255.255.255.0                                          
 dhcp select interface   
   //Enable DHCP on VLANIF 101 so that the AC can assign IP addresses to STAs associated with APs.
#
interface Ethernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 100 to 101 
    //Add Ethernet2/0/0 to VLAN 100 and VLAN 101.
 port-isolate enable group 1               //Enable port isolation on Ethernet2/0/0.
#
capwap source interface vlanif100      //Specify the AC's source interface.
#
wlan ac
 security-profile name wlan-security  
//Create a security profile.
  security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes  //Configure PSK authentication and CCMP encryption, and display the user password in ciphertext.
 ssid-profile name wlan-ssid  //Create an SSID profile.
  ssid wlan-net               //Set the SSID to wlan-net.
 vap-profile name wlan-vap    //Create a VAP profile.
  service-vlan vlan-id 101    //Configure VLAN 101 as a service VLAN.
  ssid-profile wlan-ssid      //Bind the SSID profile to the VAP profile.
  security-profile wlan-security             //Bind the security profile to the VAP profile.
 regulatory-domain-profile name domain1      //Create a regulatory domain profile.
 ap-group name ap-group1                     //Create an AP group.                                                        
  regulatory-domain-profile domain1          //Bind the domain profile to the AP group.                                              
  radio 0                                                                       
   vap-profile wlan-vap wlan 1        
       //Bind the VAP profile to the radio.                                                  
  radio 1                                                                        
   vap-profile wlan-vap wlan 1   
            //Bind the VAP profile to the radio.                                                  
  radio 2                                                                        
   vap-profile wlan-vap wlan 1   
            //Bind the VAP profile to the radio.                                                   
 ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042       //Add an AP offline.            
  ap-name area_1            //Configure a name for the AP.                                                               
  ap-group ap-group1        //Add the AP to the AP group.
#
return

Step 3  Verify the configuration.

# After the service configuration is complete, run the display vap ssid wlan-net command. If Status in the command output is displayed as ON, the VAPs have been successfully created on AP radios.

# Connect STAs to the WLAN with SSID wlan-net and enter the password a1234567. Run the display station ssid wlan-net command on the AC. The command output shows that the STAs are connected to the WLAN wlan-net.

----End

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce the impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.

  • Indirect forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.

  • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.

  • The management VLAN and service VLAN cannot be configured the same.

  • In V200R008C30 and later versions, when multiple VAP profiles are configured and share one service VLAN, enable inter-service VLAN proxy ARP if the data forwarding mode is set to the tunnel.

note

When serving as an AC, the device is only in V200R008C30 and later versions support tunnel forwarding for data packets.


That is all I want to share with you!


  • x
  • convention:

HWRouter
Created Jun 26, 2017 07:51:24

:)
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.