4.2.12 Example for Deploying a WLAN Using Mesh Technology
Specifications
-
Applicable ACs: AC6605 and AC6005
- Applicable APs: all APs
- Applicable software version: V200R005C00
Networking Requirements
An enterprise has three office areas: Area A, Area B, and Area C. Restricted by geographical locations, AP1 in Area A can connect to the access switch (SwitchA) through a wired link, but AP2 in Area B and AP3 in Area C cannot connect to SwitchA through wired links. A WMN needs to be constructed in the three areas so that AP2 and AP3 can access the enterprise network, as shown in Figure 4-13.
Configuration Roadmap
The configuration roadmap is as follows:- Configure the mesh function so that AP2 and AP3 can wirelessly connect to the AC.
- Configure the WLAN service to provide Internet access service for WLAN users in Area B and Area C.
NOTE:
In this example, SwitchA and SwitchB are Huawei switches.
|
Item |
Data |
|---|---|
|
VLAN |
Management VLAN: 100 |
|
Service VLAN:
| |
|
AP service data forwarding mode |
Direct forwarding |
|
AC's source interface address |
VLANIF 100: 192.168.10.1/24 |
|
AP region |
|
|
WMM profile |
Name: wp01 |
|
Radio profile |
Name: rp01 and rp02 |
|
Security profile |
|
|
Traffic profile |
Name: tp01 |
|
Mesh profile |
|
|
Service set |
|
| |
|
Mesh whitelist |
Name: mesh01 |
Configuration Notes
-
No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression on WLAN-ESS interfaces of the AC.
-
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
-
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted betweeen the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
Procedure
- Connect AP1 to the AC.
# Configure SwitchA. Add GE0/0/1 of SwitchA to management VLAN 100, set the PVID to VLAN 100, and configure GE0/0/1 and GE0/0/2 to allow packets from VLAN 100 and VLANs 102 to 106 to pass through.
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 100 102 to 106 [SwitchA] interface gigabitEthernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port link-type trunk [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100 [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 102 to 106 [SwitchA-GigabitEthernet0/0/1] port-isolate enable [SwitchA-GigabitEthernet0/0/1] quit [SwitchA] interface gigabitEthernet 0/0/2 [SwitchA-GigabitEthernet0/0/2] port link-type trunk [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 102 to 106 [SwitchA-GigabitEthernet0/0/2] quit
# Configure SwitchB. Configure GE0/0/1 to allow packets from VLAN 100 and VLANs 102 to 106 to pass through and GE0/0/2 to allow packets from VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] vlan batch 100 102 to 106 [SwitchB] interface gigabitEthernet 0/0/1 [SwitchB-GigabitEthernet0/0/1] port link-type trunk [SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 102 to 106 [SwitchB-GigabitEthernet0/0/1] quit [SwitchB] interface gigabitEthernet 0/0/2 [SwitchB-GigabitEthernet0/0/2] port link-type trunk [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [SwitchB-GigabitEthernet0/0/2] quit
# Configure GE0/0/1 that connects the AC to SwitchB to allow packets from VLAN 100 to pass through.
<AC6605> system-view [AC6605] sysname AC [AC] vlan batch 100 102 to 103 [AC] interface gigabitEthernet 0/0/1 [AC-GigabitEthernet0/0/1] port link-type trunk [AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AC-GigabitEthernet0/0/1] quit
- Configure SwitchB to assign IP addresses to STAs and the AC to assign IP addresses to APs.
# Configure SwitchB as a DHCP server to assign IP addresses to STAs from IP address pools on VLANIF interfaces.
[SwitchB] dhcp enable [SwitchB] interface vlanif 102 [SwitchB-Vlanif102] ip address 192.168.2.1 24 [SwitchB-Vlanif102] dhcp select interface [SwitchB-Vlanif102] quit [SwitchB] interface vlanif 103 [SwitchB-Vlanif103] ip address 192.168.3.1 24 [SwitchB-Vlanif103] dhcp select interface [SwitchB-Vlanif103] quit
# Enable DHCP on the AC and configure the AC to assign IP addresses to APs from an IP address pool on a VLANIF interface.
[AC] dhcp enable [AC] interface vlanif 100 [AC-Vlanif100] ip address 192.168.10.1 24 [AC-Vlanif100] dhcp select interface [AC-Vlanif100] quit
- Configure AC system parameters.
# Configure the country code.
[AC] wlan ac-global country-code cn Warning: Modify the country code may delete configuration on those AP which use the global country code and reset them, continue?[Y/N]:y# Configure the AC ID and carrier ID.
[AC] wlan ac-global ac id 1 carrier id other Warning: Modify the carrier ID or AC ID may cause all of the AP offline, continu e?[Y/N]:y# Configure the source interface.
- Manage APs on the AC.
# Set AP authentication mode to MAC address authentication.
[AC-wlan-view] ap-auth-mode mac-auth
# Add APs offline.
[AC-wlan-view] ap id 1 ap-type AP6010DN-AGN mac 0046-4b59-1ee0 [AC-wlan-ap-1] quit [AC-wlan-view] ap id 2 ap-type AP6010DN-AGN mac 0046-4b59-1d20 [AC-wlan-ap-2] quit [AC-wlan-view] ap id 3 ap-type AP6010DN-AGN mac 0046-4b59-1d40 [AC-wlan-ap-3] quit
# Configure the Ethernet interfaces that connect APs to SwitchA to allow packets from VLAN102 to VLAN106 to pass through.
NOTE:
If MPP Ethernet interfaces are not configured to allow packets carrying service VLAN tags to pass through, communication fails.[AC-wlan-view] ap id 1 [AC-wlan-ap-1] lineate-port gigabitethernet 0 vlan tagged 101 to 106 [AC-wlan-ap-1] quit# Create AP regions 101, 102, and 103.
[AC-wlan-view] ap-region id 101 [AC-wlan-ap-region-101] quit [AC-wlan-view] ap-region id 102 [AC-wlan-ap-region-102] quit [AC-wlan-view] ap-region id 103 [AC-wlan-ap-region-103] quit
# Add AP1 to AP region 101, AP2 to AP region 102, and AP3 to AP region 103.
[AC-wlan-view] ap id 1 [AC-wlan-ap-1] region-id 101 [AC-wlan-ap-1] quit [AC-wlan-view] ap id 2 [AC-wlan-ap-2] region-id 102 [AC-wlan-ap-2] quit [AC-wlan-view] ap id 3 [AC-wlan-ap-3] region-id 103 [AC-wlan-ap-3] quit
- Configure mesh parameters.
# Create a WMM profile named wp01 and retain the default settings in the profile.
[AC-wlan-view] wmm-profile name wp01 id 1 [AC-wlan-wmm-prof-wp01] quit
# Create a radio profile named rp02. Set the GI mode to short GI, the channel mode to manual, and the DTIM interval to 1, and retain the default settings of the other parameters in the profile. Bind the radio profile to WMM profile wp01.
[AC-wlan-view] radio-profile name rp02 id 1 [AC-wlan-radio-prof-rp02] wmm-profile name wp01 [AC-wlan-radio-prof-rp02] 80211n guard-interval-mode short [AC-wlan-radio-prof-rp02] channel-mode fixed [AC-wlan-radio-prof-rp02] dtim-interval 1 [AC-wlan-radio-prof-rp02] quit
# Create a mesh whitelist named mesh01.
[AC-wlan-view] mesh-whitelist name mesh01 [AC-wlan-mesh-whitelist-mesh01] peer ap mac 0046-4b59-1d20 [AC-wlan-mesh-whitelist-mesh01] peer ap mac 0046-4b59-1d40 [AC-wlan-mesh-whitelist-mesh01] peer ap mac 0046-4b59-1ee0 [AC-wlan-mesh-whitelist-mesh01] quit
# Create a security profile sp01, set the security and authentication policy to WPA2-PSK, set the authentication key to 12345678, and set the encryption mode to CCMP. NOTE:
On a WMN, the APs that connect to each other wirelessly support only security policy WPA2+PSK+CCMP.[AC-wlan-view] security-profile name sp01 [AC-wlan-sec-prof-sp01] security-policy wpa2 [AC-wlan-sec-prof-sp01] wpa2 authentication-method psk pass-phrase cipher 12345678 encryption-method ccmp [AC-wlan-sec-prof-sp01] quit
# Create a mesh profile named mesh01.
[AC-wlan-view] mesh-profile name mesh01 [AC-wlan-mesh-prof-mesh01] mesh-id ChinaNet01 [AC-wlan-mesh-prof-mesh01] mesh-link-rssi threshold -70 [AC-wlan-mesh-prof-mesh01] mesh-max-link 3 [AC-wlan-mesh-prof-mesh01] link report-interval 30 [AC-wlan-mesh-prof-mesh01] security-profile name sp01 [AC-wlan-mesh-prof-mesh01] quit
- Configure a WLAN radio profile and WLAN-ESS interfaces.
# Create a radio profile rp01, retain the default settings in the profile, and bind it to the WMM profile wp01.
[AC-wlan-view] radio-profile name rp01 id 0 [AC-wlan-radio-prof-rp01] wmm-profile name wp01 [AC-wlan-radio-prof-rp01] quit [AC-wlan-view] quit
# Create WLAN-ESS interfaces.
[AC] interface wlan-ess 2 [AC-Wlan-Ess2] port hybrid pvid vlan 102 [AC-Wlan-Ess2] port hybrid untagged vlan 102 [AC-Wlan-Ess2] quit [AC] interface wlan-ess 3 [AC-Wlan-Ess3] port hybrid pvid vlan 103 [AC-Wlan-Ess3] port hybrid untagged vlan 103 [AC-Wlan-Ess3] quit
- Configure a mesh profile and service sets.
# Create a traffic profile tp01 and retain the default settings in the profile.
[AC] wlan [AC-wlan-view] traffic-profile name tp01 [AC-wlan-traffic-prof-tp01] quit
# Create and configure a service set with the name ss02 and SSID ChinaSer02.
[AC-wlan-view] service-set name ss02 [AC-wlan-service-set-ss02] traffic-profile name tp01 [AC-wlan-service-set-ss02] security-profile name sp01 [AC-wlan-service-set-ss02] ssid ChinaSer02 [AC-wlan-service-set-ss02] service-vlan 102 [AC-wlan-service-set-ss02] wlan-ess 2 [AC-wlan-service-set-ss02] forward-mode direct-forward [AC-wlan-service-set-ss02] quit
# Create and configure a service set with the name ss03 and SSID ChinaSer03.
[AC-wlan-view] service-set name ss03 [AC-wlan-service-set-ss03] traffic-profile name tp01 [AC-wlan-service-set-ss03] security-profile name sp01 [AC-wlan-service-set-ss03] ssid ChinaSer03 [AC-wlan-service-set-ss03] service-vlan 103 [AC-wlan-service-set-ss03] wlan-ess 3 [AC-wlan-service-set-ss03] forward-mode direct-forward [AC-wlan-service-set-ss03] quit
# Create a mesh VAP on radio 1 of AP1 and set the role of radio 1 to mesh-portal (MPP), and bind the mesh whitelist mesh01 and mesh profile mesh01 to the radio.
[AC-wlan-view] ap 1 radio 1 [AC-wlan-radio-1/1] radio-profile name rp02 [AC-wlan-radio-1/1] mesh-role mesh-portal [AC-wlan-radio-1/1] mesh-whitelist name mesh01 [AC-wlan-radio-1/1] mesh-profile name mesh01 [AC-wlan-radio-1/1] channel 40mhz-plus 157 [AC-wlan-radio-1/1] quit
# Create a mesh VAP on radio 1 of AP2 and set the role of radio 1 to mesh-node (MP), and bind the mesh whitelist mesh01 and mesh profile mesh01 to the radio. Create a service VAP on radio 0 of AP2 and bind radio profile rp01 and service set ss02 to radio 0.
[AC-wlan-view] ap 2 radio 0 [AC-wlan-radio-2/0] radio-profile name rp01 [AC-wlan-radio-2/0] service-set name ss02 [AC-wlan-radio-2/0] quit [AC-wlan-view] ap 2 radio 1 [AC-wlan-radio-2/1] radio-profile name rp02 [AC-wlan-radio-2/1] mesh-role mesh-node [AC-wlan-radio-2/1] mesh-whitelist name mesh01 [AC-wlan-radio-2/1] mesh-profile name mesh01 [AC-wlan-radio-2/1] channel 40mhz-plus 157 [AC-wlan-radio-2/1] quit
# Create a mesh VAP on radio 1 of AP3 and set the role of radio 1 to mesh-node (MP), and bind the mesh whitelist mesh01 and mesh profile mesh01 to the radio. Create a service VAP on radio 0 of AP3 and bind radio profile rp01 and service set ss03 to radio 0.
[AC-wlan-view] ap 3 radio 0 [AC-wlan-radio-3/0] radio-profile name rp01 [AC-wlan-radio-3/0] service-set name ss03 [AC-wlan-radio-3/0] quit [AC-wlan-view] ap 3 radio 1 [AC-wlan-radio-3/1] radio-profile name rp02 [AC-wlan-radio-3/1] mesh-role mesh-node [AC-wlan-radio-3/1] mesh-whitelist name mesh01 [AC-wlan-radio-3/1] mesh-profile name mesh01 [AC-wlan-radio-3/1] channel 40mhz-plus 157 [AC-wlan-radio-3/1] quit
- Configure AP wired interfaces.
# Set parameters for the AP3 wired interface.
[AC-wlan-view] ap id 3 [AC-wlan-ap-3] lineate-port gigabitethernet 0 vlan tagged 104 to 106 [AC-wlan-ap-3] lineate-port gigabitethernet 0 stp enable [AC-wlan-ap-3] lineate-port gigabitethernet 0 mode endpoint [AC-wlan-ap-3] lineate-port gigabitethernet 0 user-isolate enable [AC-wlan-ap-3] quit
NOTE:
After changing the working mode of AP wired interfaces, reset the APs to make the configurations take effect.
- Deliver parameters to MPP.
# The AP parameters configured on the AC take effect only after they are delivered to APs.
[AC-wlan-view] commit ap 1 Warning: Committing configuration may cause service interruption, continue?[Y/N] :y# Run the display ap all command on the AC to check whether the status of APs is normal and run the display mesh-link all command on the AC to check whether mesh links have been established. If the command output shows that APs are in normal state and displays mesh link information, APs have established mesh links.
[AC-wlan-view] display ap all All AP information: Normal[3],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0] Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0] ------------------------------------------------------------------------------ AP AP AP Profile AP AP /Region ID Type MAC ID State Sysname ------------------------------------------------------------------------------ 1 AP6010DN-AGN 0046-4b59-1ee0 0/101 normal ap-1 2 AP6010DN-AGN 0046-4b59-1d20 0/102 normal ap-2 3 AP6010DN-AGN 0046-4b59-1d40 0/103 normal ap-3 ------------------------------------------------------------------------------ Total number: 3,printed: 3[AC-wlan-view] display mesh-link all ---------------------------------------------------------------------- AP ID Radio ID Mesh-link ID WLAN ID Peer AP ID Mesh Role ---------------------------------------------------------------------- 1 1 0 16 3 mesh-portal 1 1 1 16 2 mesh-portal 2 1 0 16 3 mesh-node 2 1 1 16 1 mesh-node 3 1 0 16 1 mesh-node 3 1 1 16 2 mesh-node ---------------------------------------------------------------------- Total: 6
