Configure the service VLAN and management VLAN

8

Configure the service VLAN and management VLAN.
1. Service VLAN
- Command output on the AC:
[HUAWEI]wlan
[HUAWEI-wlan-view]service-set name test
[HUAWEI-wlan-service-set-test]service-vlan 100
Multiple service sets have access to different service VLANs.

2. Management VLAN
- Configure PVID and untag for the management VLAN on the switch connected to the AP. Allow packets from the management VLAN to pass through.
- On Fit APs, no configuration is required for the interfaces connected to the switch.
- On Fat APs, the configurations for wired-side interfaces are the same as the configurations for the interfaces on the switch.
Note:
1. It is recommended that you configure the service VLAN and management VLAN differently, and do not use VLAN 1 for both VLANs.
2. In normal cases, there is only one management VLAN, but multiple service VLANs can be configured as required.
3. A service set can contain only one service VLAN.
4. In tunnel forwarding, the switch between the AP and AC does not allow packets from service VLANs to pass through, but in direct forwarding, the switch must allow packets to pass through.
5. If the service VLAN or management VLAN is changed, VLAN configurations on the devices along the path must be modified.
If the network is newly deployed, you are advised to dial 400-822-9999 to seek assistance from Huawei's presale team to perform the network planning first.

Other related questions:
Configuring a management VLAN on a WLAN device
To use a remote network management system to centrally manage APs, create a VLANIF interface on each AP and configure a management IP address for the VLANIF interface. You can then log in to an AP through STelnet and manage it using its management IP address. If a user-side interface is added to the VLAN, users connected to the interface can also log in to the APs. This brings security risks to the AP. In this case, you can configure the VLAN as a management VLAN to prohibit access or dot1q-tunnel interfaces from being added to the VLAN. An access interface or a dot1q-tunnel interface is connected to users. The management VLAN forbids users connected to access and dot1q-tunnel interfaces from logging in to the AP, improving AP security. You can configure a management VLAN as follows: 1. Run the system-view command to enter the system view. 2. Run the vlan xx command to enter the VLAN view. 3. Run the management-vlan command to configure a management VLAN. After a management VLAN is configured, only trunk or hybrid interfaces can be added to the management VLAN. VLAN 1 cannot be configured as a management VLAN. 4. Run the quit command to exit from the VLAN view. 5. Run the interface vlanif xx command to enter the VLANIF interface view. 6. Run the ip address ip-address { mask | mask-length } [ sub ] command to configure an IP address for the VLANIF interface. After the configuration is complete, you can run the stelnet command to log in to the AC to manage APs. 7. Check the configuration. Run the display vlan command to view information about the management VLAN in the line starting with an asterisk sign (*).

FAQ: The ip source check user-bind enable command executed in a VLAN view causes service interruption
[Problem Description] 1. Symptom The ip source check user-bind enable command executed in a VLAN view causes service interruption. 2. Networking Terminal �?S2700 �?S5700 (Gateway) 3. Configuration # dhcp enable dhcp snooping enable user-bind static ip-address 192.168.34.10 mac-address 80fa-0367-db33 # vlan 34 dhcp snooping enable ip source check user-bind enable # interface Ethernet0/0/2 port link-type access port default vlan 34 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 2 to 4094 [Alarm] None. [Troubleshooting] Delete the ip source check user-bind enable command from the VLAN view and then run this command in an interface view to restore the services. [Root Cause] If a command is executed in the VLAN view, the command takes effect for all packets received by all interfaces in the VLAN, including the uplink interface GigabitEthernet0/0/1. Source IP addresses of Layer 3 packets received by the uplink interface are different, and the source MAC addresses are the MAC address of the S5700 switch. The packets that do not match any binding entry are discarded, causing service interruption. [Summary and Suggestions] 1. Using the ip source check user-bind enable command or other commands related to IPSG in the VLAN view causes service interruption. 2. Before using the commands in the VLAN view, run the user-bind static mac-address command to bind the MAC address and IP address of the Layer 3 interface of the uplink gateway.

WLAN service set
WLAN service set A wireless network consists of radio profiles and service sets. - A radio profile contains WMM (QoS) profiles. - A service set contains traffic and security profiles, SSIDs, and WLAN-ESS/WLAN-BSS interfaces (wireless air interfaces). Service VLANs must be configured on ACs. - The wireless air interface is the logical interface for APs to connect to a STA. Typically, the wireless air interface is configured to work in hybrid mode.

Configure a VLAN on the S1728GWR-4P switch
Configure a VLAN on an S1728GWR-4P switch as follows: 1. Create a VLAN. Choose VLAN > Static and select Add from the Action list box. Enter a VLAN ID, and click Apply. 2. Add VLAN members. Choose VLAN >Static. From the Action drop-down list box, select Modify, Edit/Show Member by Interface, Edit Member by Interface Range, or Edit/Show Member by VLAN to configure members for a specified VLAN, interface, or interface range. In the interface list displayed, configure the VLAN attributes of interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top