Hello everyone,
Today I will share with you how to configure WLAN services on a Small-scale network.
Specifications
This example applies to AR routers of V200R008C00 and later versions.
Networking Requirements
As shown in Figure 1-1, the AP is directly connected to the AC. An enterprise branch needs to deploy WLAN services for mobile office so that branch users can access the enterprise internal network from anywhere at any time.
The following requirements must be met:
A WLAN named wlan-net is available.
Branch users are assigned IP addresses on 10.10.11.0/24.
Figure 1-1 Networking diagram of configuring WLAN services on a small-scale network
Procedure
Step 1 Configure the AC.
#
sysname AC
#
vlan batch 100 to 101 //Create VLAN 100 (management VLAN)
and VLAN 101 (service VLAN).
#
dhcp enable //Enable
DHCP.
#
interface
Vlanif100
ip address 10.10.10.1
255.255.255.0
dhcp select interface //Enable DHCP on VLANIF 100 so
that the AC can assign IP addresses to APs.
#
interface
Vlanif101
ip address 10.10.11.1
255.255.255.0
dhcp select interface //Enable DHCP on VLANIF 101 so
that the AC can assign IP addresses to STAs associated with APs.
#
interface
Ethernet2/0/0
port link-type
trunk
port trunk pvid vlan
100
//Configure VLAN 100 as the default VLAN ofEthernet2/0/0.
port trunk allow-pass vlan 100 to 101 //Add
Ethernet2/0/0 to VLAN 100 and VLAN
101.
port-isolate enable group 1
#
capwap source interface vlanif100 //Specify the
AC's source interface.
#
wlan ac
security-profile name wlan-security //Create a security profile.
security wpa2 psk pass-phrase
%^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
//Configure PSK authentication and CCMP encryption, and display the user
password in ciphertext.
ssid-profile name wlan-ssid //Create an SSID profile.
ssid wlan-net //Set
the SSID to wlan-net.
vap-profile name wlan-vap //Create a VAP profile.
service-vlan vlan-id 101 //Configure VLAN 101 as a
service VLAN.
ssid-profile wlan-ssid //Bind the SSID
profile to the VAP profile.
security-profile wlan-security
//Bind the security profile to the VAP profile.
regulatory-domain-profile name domain1
//Create a regulatory domain profile.
ap-group name
ap-group1
//Create an AP
group.
regulatory-domain-profile
domain1 //Bind the domain
profile to the AP
group.
radio
0
vap-profile wlan-vap wlan
1
//Bind the VAP profile to the
radio.
radio
1
vap-profile wlan-vap wlan
1
//Bind the VAP profile to the
radio.
radio
2
vap-profile wlan-vap wlan
1
//Bind the VAP profile to the
radio.
ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn
210235554710CB000042 //Add an AP
offline.
ap-name
area_1 //Configure
a name for the
AP.
ap-group ap-group1 //Add the AP to
the AP group.
#
return
Step 2 Verify the configuration.
# After the service configuration is complete, run the display vap ssid wlan-net command. If Status in the command output is displayed as ON, the VAPs have been successfully created on AP radios.
# Connect STAs to the WLAN with SSID wlan-net and enter the password a1234567. Run the display station ssid wlan-net command on the AC. The command output shows that the STAs are connected to the WLAN wlan-net.
----End
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce the impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
Indirect forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
The management VLAN and service VLAN cannot be configured the same.
In V200R008C30 and later versions, when multiple VAP profiles are configured and share one service VLAN, enable inter-service VLAN proxy ARP if the data forwarding mode is set to the tunnel.
When serving as an AC, the device only in V200R008C30 and later versions support tunnel forwarding for data packets.
That is all I want to share with you! Thank you!