Hello everyone,
Today I will share with you how to configure WLAN Services on a Medium-Scale Network.
Specifications
This example applies to AR routers of V200R008C00 and later versions.
Networking Requirements
As shown in Figure 1-1, an AC manages the AP connected to it through Switch_A.
A medium-sized enterprise needs to deploy a WLAN in office areas to meet mobile office service needs and requires that users be centrally controlled and managed on the AC.
Figure 1-1 Networking diagram of configuring WLAN services on a medium-scale network
Procedure
Step 1 Configure
the switch.
#
sysname Switch
#
vlan batch 100 to 101 //Create VLAN
100 (management VLAN) and VLAN 101 (service VLAN).
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100 //Configure VLAN 100 as the
default VLAN of GE0/0/1.
port trunk allow-pass VLAN 100 to 101 //Add GE0/0/1 to
VLAN 100 and VLAN 101.
port-isolate enable group
1
//Enable port isolation on GE0/0/1.
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101 //Add GE0/0/2 to
VLAN 100 and VLAN 101.
#
return
Step 2 Configure the AC.
#
sysname AC
#
vlan batch 100 to 101 //Create VLAN
100 (management VLAN) and VLAN 101 (service VLAN).
#
dhcp enable //Enable
DHCP.
#
interface Vlanif100
ip address 10.10.10.1 255.255.255.0
dhcp select interface //Enable DHCP on
VLANIF 100 so that the AC can assign IP addresses to APs.
#
interface
Vlanif101
ip address 10.10.11.1
255.255.255.0
dhcp select interface //Enable DHCP on
VLANIF 101 so that the AC can assign IP addresses to STAs associated with APs.
#
interface Ethernet2/0/0
port link-type trunk
port trunk allow-pass vlan 100 to 101 //Add
Ethernet2/0/0 to VLAN 100 and VLAN 101.
port-isolate enable group
1
//Enable port isolation on Ethernet2/0/0.
#
capwap source interface vlanif100 //Specify the
AC's source interface.
#
wlan ac
security-profile name wlan-security //Create a security
profile.
security wpa2 psk pass-phrase
%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes //Configure PSK authentication and CCMP encryption, and display the user
password in ciphertext.
ssid-profile name wlan-ssid //Create an SSID profile.
ssid
wlan-net
//Set the SSID to wlan-net.
vap-profile name wlan-vap //Create a VAP profile.
service-vlan vlan-id 101 //Configure VLAN 101 as a service
VLAN.
ssid-profile wlan-ssid //Bind the SSID
profile to the VAP profile.
security-profile
wlan-security
//Bind the security profile to the VAP profile.
regulatory-domain-profile name domain1
//Create a regulatory domain profile.
ap-group name
ap-group1
//Create an AP
group.
regulatory-domain-profile
domain1 //Bind the domain
profile to the AP
group.
radio
0
vap-profile wlan-vap wlan
1
//Bind the VAP profile to the
radio.
radio
1
vap-profile wlan-vap wlan
1
//Bind the VAP profile to the
radio.
radio
2
vap-profile wlan-vap wlan
1
//Bind the VAP profile to the
radio.
ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn
210235554710CB000042 //Add an AP
offline.
ap-name
area_1
//Configure a name for the
AP.
ap-group ap-group1 //Add the
AP to the AP group.
#
return
Step 3 Verify the configuration.
# After the service configuration is complete, run the display vap ssid wlan-net command. If Status in the command output is displayed as ON, the VAPs have been successfully created on AP radios.
# Connect STAs to the WLAN with SSID wlan-net and enter the password a1234567. Run the display station ssid wlan-net command on the AC. The command output shows that the STAs are connected to the WLAN wlan-net.
----End
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce the impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
Indirect forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
The management VLAN and service VLAN cannot be configured the same.
In V200R008C30 and later versions, when multiple VAP profiles are configured and share one service VLAN, enable inter-service VLAN proxy ARP if the data forwarding mode is set to the tunnel.
When serving as an AC, the device is only in V200R008C30 and later versions support tunnel forwarding for data packets.
That is all I want to share with you!