WLAN V200R003&V200R005 Typical Configuration Examples-ACU2 Configuration Guide

3.3 ACU2 Configuration Guide

This section describes the configuration process and example for implementing data communication between ACU2 and a switch.
As shown in <a href="http://support.huawei.com/enterprise/pages/doc/subfile/docDetail.jsp?contentId=DOC1000043492&partNo=10062#dc_cfg_wlan_basic_0081_wlan_mMcCpPsS_pic1">Figure 3-6, ACU2 is installed in a chassis switch Switch_1. Interfaces XGE0/0/1 and XGE0/0/2 on ACU2 are connected to interfaces XGE1/0/2 and XGE1/0/1 on Switch_1 respectively. Switch_1 can be connected to an AP directly or through a network device, such as Switch_2 in this figure.
Run:
quitReturn to the system view.
Run:
interface interface-type interface-numberThe interface view is displayed.
Run:
eth-trunk trunk-idThe current interface is added to the Eth-Trunk.
</ol></ul>
</ol>Configuring a Switch
NOTE: The following configuration steps use a switch running V200R005C00 as an example.

Run:
system-viewThe system view is displayed.
Run:
vlan vlan-idA VLAN is created and the VLAN view is displayed.
Run:
quitReturn to the system view.
Run:
load-distribution mode slot slot-id enhancedThe maximum forwarding capacity is configured for ACU2.
slot-id specifies the slot number of ACU2.
Run:
interface eth-trunk trunk-idAn Eth-Trunk is created and the Eth-Trunk interface view is displayed.
Run:
port link-type trunkAttributes for the Eth-Trunk interface are configured.
Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }Interfaces are added to a specified VLAN.
Add XGE interfaces on the switch that are connected to ACU2 to an Eth-Trunk.
NOTE: When adding XGE interfaces to the same Eth-Trunk, retain the default configurations on the interfaces; otherwise, the interfaces cannot be added to the Eth-Trunk.
- Run:
  quitReturn to the system view.
- Run:
  interface interface-type interface-numberThe interface view is displayed.
- Run:
  eth-trunk trunk-idThe current interface is added to the Eth-Trunk.
- Add member interfaces to the Eth-Trunk in the Eth-Trunk interface view.
  Run:
  trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-8>Member interfaces are added to the Eth-Trunk.
- Add member interfaces to the Eth-Trunk in the member interface view.

</ul><a name="dc_cfg_wlan_basic_0078">Specifications

Applicable ACs: <a href=":window.parent.showDocSection('DOC1000043492','10052','acu2_description');">Introduction to ACU2
Applicable APs: [url=http://support.huawei.com/huaweiconnect/enterprise/:window.parent.showDocSection('DOC1000043492','10052','ap_description');]all APs[/url]
Applicable software version: V200R005C00

Networking Requirements

As shown in <a href="http://support.huawei.com/enterprise/pages/doc/subfile/docDetail.jsp?contentId=DOC1000043492&partNo=10062#dc_cfg_wlan_basic_0078_mMcCpPsS_pic1">Figure 3-7, a switch is directly connected to an AP and ACU2 is installed in slot 1 of the switch to manage the AP.
An enterprise branch wants to deploy WLAN basic services for mobile office so that its employees can connect to the enterprise network anywhere at any time using STAs.
Configuration Roadmap

A chassis switch has been deployed on the current network. To simplify network deployment, ACU2 can be installed to the chassis switch to provide WLAN services.

Configure the AP, ACU2, and upstream device to implement Layer 2 interconnection. Add XGE interfaces on ACU2 and the switch that are connected to an Eth-Trunk to increase link bandwidth and reliability.
Configure the ACU2 as a DHCP server to assign IP addresses to STAs and the AP from an IP address pool of an interface.
Configure ACU2 system parameters, including the country code, AC ID, carrier ID, and source interface used by the ACU2 to communicate with the AP.
Set the AP authentication mode and add the AP to an AP region.
Configure a VAP and deliver VAP parameters to the AP so that STAs can access the WLAN.
- Configure a WMM profile and radio profile on the AP, retain the default settings of the WMM profile and radio profile, bind the WMM profile to the radio profile to enable STAs to communicate with the AP.
- Configure a WLAN-ESS interface so that radio packets can be sent to the WLAN service module after reaching the ACU2.
- Configure a security profile and traffic profile on the AP, retain the default settings of the security profile and traffic profile, configure a service set, bind the WLAN-ESS interface, security profile, and traffic profile to apply security policies and QoS policies to STAs.
- Configure a VAP and deliver VAP parameters to the AP so that STAs can access the Internet through the WLAN.

<a name="dc_cfg_wlan_basic_0078__1.6.8.7.4.4">Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
For details on how to configure traffic suppression, see <a href=":window.parent.showDocSection('DOC1000043492','10072','dc_wlan_ycpz_0027');">4.20.1.4 Multicast Packet Suppression Is Not Configured, and A Large Number of Low-Rate Multicast Packets Affect the Wireless Network.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression on WLAN-ESS interfaces of the AC.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted betweeen the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure ACU2 and the switch so that the AP and ACU2 can transmit CAPWAP packets.
# On ACU2, create a management VLAN 100, a service VLAN 101, and Eth-Trunk 0, add interfaces XGigabitEthernet0/0/1 and XGigabitEthernet0/0/2 to Eth-Trunk 0, and add Eth-Trunk 0 to VLANs 100 and 101.
<ACU2> system-view[ACU2] sysname AC[AC] vlan batch 100 101[AC] interface eth-trunk 0[AC-Eth-Trunk0] port link-type trunk[AC-Eth-Trunk0] port trunk allow-pass vlan 100 101[AC-Eth-Trunk0] trunkport xgigabitethernet 0/0/1 0/0/2[AC-Eth-Trunk0] quit# On the switch, create VLAN 100, VLAN 101, and Eth-Trunk 0, add interfaces XGigabitEthernet1/0/1 and GigabitEthernet1/0/2 to Eth-Trunk 0, and add Eth-Trunk 0 to VLANs 100 and 101.
<HUAWEI> system-view[HUAWEI] sysname Switch[Switch] load-distribution mode slot 1 enhanced[Switch] vlan batch 100 101[Switch] interface eth-trunk 0[Switch-Eth-Trunk0] port link-type trunk[Switch-Eth-Trunk0] port trunk allow-pass vlan 100 101[Switch-Eth-Trunk0] trunkport xgigabitethernet 1/0/1 1/0/2[Switch-Eth-Trunk0] quit# On the switch, add interface GE0/0/1 to VLAN 100.
[Switch] interface gigabitethernet 2/0/1[Switch-GigabitEthernet2/0/1] port link-type trunk[Switch-GigabitEthernet2/0/1] port trunk pvid vlan 100[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 100[Switch-GigabitEthernet2/0/1] quit
Configure the switch to communicate with the upstream device.
NOTE: Configure switch uplink interfaces to transparently transmit packets of service VLANs as required and communicate with the upstream device.
# Add switch uplink interface GE2/0/2 to VLAN 101.
[Switch] interface gigabitethernet 2/0/2[Switch-GigabitEthernet2/0/2] port link-type trunk[Switch-GigabitEthernet2/0/2] port trunk allow-pass vlan 101[Switch-GigabitEthernet2/0/2] quit
Configure ACU2 as a DHCP server to allocate IP addresses to STAs and the AP.
# Configure ACU2 as the DHCP server to allocate an IP address to the AP from the IP address pool on VLANIF 100, and allocate IP addresses to STAs from the IP address pool on VLANIF 101.
[AC] dhcp enable[AC] interface vlanif 100[AC-Vlanif100] ip address 192.168.10.1 24[AC-Vlanif100] dhcp select interface[AC-Vlanif100] quit[AC] interface vlanif 101[AC-Vlanif101] ip address 192.168.11.1 24[AC-Vlanif101] dhcp select interface[AC-Vlanif101] quit
Configure ACU2 system parameters.
# Configure the country code.
[AC] wlan ac-global country-code cnWarning: Modify the country code may delete configuration on those AP which use the global country code and reset them, continue?[Y/N]:y# Configure the AC ID and carrier ID.
[AC] wlan ac-global ac id 1 carrier id otherWarning: Modify the carrier ID or AC ID may cause all of the AP offline, continue?[Y/N]:y# Configure the source interface.
[AC] wlan[AC-wlan-view] wlan ac source interface vlanif 100
Manage the AP on ACU2.
# Check the AP type ID after obtaining the MAC address of the AP.
[AC-wlan-view] display ap-type all All AP types information: ------------------------------------------------------------------------------ ID Type ------------------------------------------------------------------------------ 17 AP6010SN-GN 19 AP6010DN-AGN 21 AP6310SN-GN 23 AP6510DN-AGN 25 AP6610DN-AGN 27 AP7110SN-GN 28 AP7110DN-AGN 29 AP5010SN-GN 30 AP5010DN-AGN 31 AP3010DN-AGN 33 AP6510DN-AGN-US 34 AP6610DN-AGN-US 35 AP5030DN 36 AP5130DN 38 AP2010DN ------------------------------------------------------------------------------ Total number: 15 # Add the AP offline based on the AP type ID. Assume that the AP type is AP6010DN-AGN, and the MAC address of the AP is 60de-4476-e360.
[AC-wlan-view] ap-auth-mode mac-auth[AC-wlan-view] ap id 0 type-id 19 mac 60de-4476-e360[AC-wlan-ap-0] quit NOTE: The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap-auth-mode mac-auth command.
# Configure an AP region and add the AP to the AP region.
[AC-wlan-view] ap-region id 10[AC-wlan-ap-region-10] quit[AC-wlan-view] ap id 0[AC-wlan-ap-0] region-id 10[AC-wlan-ap-0] quit# After powering on the AP, run the display ap all command on the AC to check the AP running status. The command output shows that the AP status is normal.
[AC-wlan-view] display ap all All AP information: Normal[1],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0] Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0] ------------------------------------------------------------------------------ AP AP AP Profile AP AP /Region ID Type MAC ID State Sysname ------------------------------------------------------------------------------ 0 AP6010DN-AGN 60de-4476-e360 0/10 normal ap-0 ------------------------------------------------------------------------------ Total number: 1,printed: 1
Configure WLAN service parameters.
# Create a WMM profile named wmm.
[AC-wlan-view] wmm-profile name wmm id 1[AC-wlan-wmm-prof-wmm] quit# Create a radio profile named radio and bind the WMM profile wmm to the radio profile.
[AC-wlan-view] radio-profile name radio id 1 [AC-wlan-radio-prof-radio] wmm-profile name wmm [AC-wlan-radio-prof-radio] quit[AC-wlan-view] quit# Create WLAN-ESS interface 1.
[AC] interface wlan-ess 1[AC-Wlan-Ess1] port hybrid pvid vlan 101[AC-Wlan-Ess1] port hybrid untagged vlan 101[AC-Wlan-Ess1] quit# Create a security profile named security.
[AC] wlan[AC-wlan-view] security-profile name security id 1[AC-wlan-sec-prof-security] quit# Create a traffic profile named traffic.
[AC-wlan-view] traffic-profile name traffic id 1[AC-wlan-traffic-prof-traffic] quit# Create a service set named huawei and bind the WLAN-ESS interface, security profile, and traffic profile to the service set.
[AC-wlan-view] service-set name huawei id 1[AC-wlan-service-set-huawei] ssid huawei[AC-wlan-service-set-huawei] wlan-ess 1[AC-wlan-service-set-huawei] security-profile name security[AC-wlan-service-set-huawei] traffic-profile name traffic[AC-wlan-service-set-huawei] service-vlan 101[AC-wlan-service-set-huawei] forward-mode tunnel[AC-wlan-service-set-huawei] quit
Configure a VAP and deliver VAP parameters to the AP.
# Configure a VAP.
[AC-wlan-view] ap 0 radio 0[AC-wlan-radio-0/0] radio-profile name radio[AC-wlan-radio-0/0] service-set name huawei[AC-wlan-radio-0/0] quit# Commit the configuration.
[AC-wlan-view] commit ap 0Warning: Committing configuration may cause service interruption, continue?[Y/N]:y
Verify the configuration.
After the configuration is complete, run the display vap ap 0 radio 0 command. The command output shows that the VAP has been created.
[AC-wlan-view] display vap ap 0 radio 0 All VAP Information(Total-1): SS: Service-set BP: Bridge-profile MP: Mesh-profile ---------------------------------------------------------------------- AP ID Radio ID SS ID BP ID MP ID WLAN ID BSSID Type ---------------------------------------------------------------------- 0 0 1 - - 1 60DE-4476-E360 service ---------------------------------------------------------------------- Total: 1 STAs discover the WLAN with SSID huawei and attempt to associate with the WLAN. You can run the display station assoc-info command on ACU2. The command output shows that the STAs associate with the WLAN huawei.
[AC-wlan-view] display station assoc-info ap 0 radio 0 ------------------------------------------------------------------------------ STA MAC AP ID RADIO ID SS ID SSID ------------------------------------------------------------------------------ 9021-55dc-3e17 0 0 1 huawei ------------------------------------------------------------------------------ Total stations: 1