Got it

Configuring WLAN Services on a Small-scale Network (V200R008) Highlighted

Latest reply: Jun 30, 2017 08:53:57 1452 1 0 0 0

Hello everyone,

Today I will share with you how to configure WLAN services on a Small-scale network.


This example applies to AR routers of V200R008C00 and later versions.

Networking Requirements

As shown in Figure 1-1, the AP is directly connected to the AC. An enterprise branch needs to deploy WLAN services for mobile office so that branch users can access the enterprise internal network from anywhere at any time.

The following requirements must be met:

  • A WLAN named wlan-net is available.

  • Branch users are assigned IP addresses on

Figure 1-1 Networking diagram of configuring WLAN services on a small-scale network




Step 1  Configure the AC.

 sysname AC
vlan batch 100 to 101     //Create VLAN 100 (management VLAN) and VLAN 101 (service VLAN). 
dhcp enable          //Enable DHCP.
interface Vlanif100                                                             
 ip address                                            
 dhcp select interface 
   //Enable DHCP on VLANIF 100 so that the AC can assign IP addresses to APs.
interface Vlanif101                                               
 ip address                                            
 dhcp select interface 
   //Enable DHCP on VLANIF 101 so that the AC can assign IP addresses to STAs associated with APs.
interface Ethernet2/0/0                                                         
 port link-type trunk                                                            
 port trunk pvid vlan 100 
                 //Configure VLAN 100 as the default VLAN ofEthernet2/0/0.                                                       
 port trunk allow-pass vlan 100 to 101
     //Add Ethernet2/0/0 to VLAN 100 and VLAN 101.                                           
 port-isolate enable group 1
capwap source interface vlanif100      //Specify the AC's source interface.
wlan ac
 security-profile name wlan-security 
//Create a security profile.
  security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes   //Configure PSK authentication and CCMP encryption, and display the user password in ciphertext.
 ssid-profile name wlan-ssid  //Create an SSID profile.
  ssid wlan-net               //Set the SSID to wlan-net.
 vap-profile name wlan-vap    //Create a VAP profile.
  service-vlan vlan-id 101    //Configure VLAN 101 as a service VLAN.
  ssid-profile wlan-ssid      //Bind the SSID profile to the VAP profile.
  security-profile wlan-security             //Bind the security profile to the VAP profile.
 regulatory-domain-profile name domain1      //Create a regulatory domain profile.
 ap-group name ap-group1                     //Create an AP group.                                                         
  regulatory-domain-profile domain1          //Bind the domain profile to the AP group.                                             
  radio 0                                                                       
   vap-profile wlan-vap wlan 1              //Bind the VAP profile to the radio.                                                 
  radio 1                                                                       
   vap-profile wlan-vap wlan 1   
           //Bind the VAP profile to the radio.                                                   
  radio 2                                                                       
   vap-profile wlan-vap wlan 1    
           //Bind the VAP profile to the radio.                                                    
 ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042       //Add an AP offline.            
  ap-name area_1           //Configure a name for the AP.                                                                 
  ap-group ap-group1       //Add the AP to the AP group.

Step 2  Verify the configuration.

# After the service configuration is complete, run the display vap ssid wlan-net command. If Status in the command output is displayed as ON, the VAPs have been successfully created on AP radios.

# Connect STAs to the WLAN with SSID wlan-net and enter the password a1234567. Run the display station ssid wlan-net command on the AC. The command output shows that the STAs are connected to the WLAN wlan-net.


Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce the impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.

  • Indirect forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.

  • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.

  • The management VLAN and service VLAN cannot be configured the same.

  • In V200R008C30 and later versions, when multiple VAP profiles are configured and share one service VLAN, enable inter-service VLAN proxy ARP if the data forwarding mode is set to the tunnel.


When serving as an AC, the device only in V200R008C30 and later versions support tunnel forwarding for data packets.

That is all I want to share with you! Thank you!



  • x
  • convention:

Created Jun 30, 2017 08:53:57

View more
  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.