Hcna-Wlan Experiment Guide Cli Issue v1.6

The privilege of HCNA/HCNP/HCIE:
With any Huawei Career Certification, you have the privilege on http://learning.huawei.com/en to enjoy:
n
1e-Learning Courses Logon http://learning.huawei.com/en and enter Huawei Training/e-Learning
/e

o m
If you have the HCNA/HCNP certificateYou can access Huawei Career Certification and Basic Technology e-Learning
courses.
e i .c
If you have the HCIE certificate: You can access all the e-Learning courses which marked for HCIE Certification Users.
aw

Methods to get the HCIE e-Learning privilege : Please associate HCIE certificate information with your Huawei account, and
hu

email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

g .
2 Training Material Download
i n

arn
Content: Huawei product training material and Huawei career certification training material.

//le
MethodLogon http://learning.huawei.com/en and enter Huawei Training/Classroom Training ,then you can download
training material in the specific training introduction page.
p :
3 Priority to participate in Huawei Online Open Class (LVC)
t t

s :h
The Huawei career certification training and product training covering all ICT technical domains like R&S, UC&C, Security,
4Learning Tools: rc e
Storage and so on, which are conducted by Huawei professional instructors.
s o
eNSP Simulate single Router&Switch device and large network.

R e
WLAN Planner Network planning tools for WLAN AP products.
n g
In addition, Huawei has built up Huawei Technical Forum which allows candidates to discuss technical issues with Huawei experts ,
ni
share exam experiences with others or be acquainted with Huawei Products.
a r
Statement:
L e
r e
This material is for personal use only, and can not be used by any individual or organization for any commercial purposes.
o
M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1
e n
/
o m
ei.c
aw
u
g.h
ni n
r
//lea
p :
t t
: h
e s
HCNA-WALN Courseur
c
Experiment Guidesfor o WLAN Engineers(CLI)
Re
i n g
a rn
Le
r e
o
Issue 1.60
M Date 2014-12-20
HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
e n
/
Notice
o m
e i.c
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
aw
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
u
.h
representations of any kind, either express or implied.
g
The information in this document is subject to change without notice. Every effort has been made in the
i n
preparation of this document to ensure accuracy of the contents, but all statements, information, and
n
recommendations in this document do not constitute a warranty of any kind, express or implied.
r
//lea
p :
t t
: h
e s
r c
Huawei Technologiesso
u
Co., Ltd.
Re
Address:
i n g
Huawei Industrial Base
rn
Bantian, Longgang
e a Shenzhen 518129
L
People's Republic of China
r e
Website: http://support.huawei.com/learning/Index!toTrainIndex
o
Email: certification@huawei.com
M
(2014-12-20) Huawei Proprietary and Confidential i

Copyright Huawei Technologies C., Ltd.
HCNA-WLAN Huawei Certificate System
Huawei Certificate System
e n
/
m
Relying on the strong technical strength and professional training system, Huawei provides a
o
practical and professional four-level certificate system to meet various customer requirements
i.c
on different WLAN technologies.
w e
Huawei Certified Network Associate-Wireless Local Area Network (HCNA-WLAN) is
designed for Huawei local offices, online engineers in representative offices, and readers who
u a
want to understand Huawei WLAN products and technology. HCNA-WLAN covers WLAN
.h
basics, Control and Provisioning of Wireless Access Points (CAPWAP) protocol, WLAN
g
networking, Huawei WLAN product features, security configuration, WLAN advanced
n
technology, antennas, WLAN network planning and optimization, and WLAN fault
troubleshooting.
ni
r
lea
The HCNA-WLAN certificate system introduces you to the industry and market, helps you in
//
innovation, and enables you to stand atop the WLAN frontiers.
p :
t t
: h
e s
r c
o u
es
R
i n g
r n
e a
e L
or
M
(2014-12-20) Huawei Proprietary and Confidential ii

About This Document
e n
Overview /
o m
e i.c
This document is applicable to the candidates who are preparing for the HCNA-WLAN exam
and the readers who want to understand the WLAN basics, the CAPWAP protocol, WLAN
aw
networking, Huawei WLAN product features, security configuration, WLAN advanced
technology, antennas, WLAN network planning and optimization, and WLAN fault
u
.h
troubleshooting.
i n g
Description
r n
//lea
This experiment guide introduces the following seven experiments, covering basic
:
configurations, and configurations and implementation of Layer 2 networking, security, Layer
p
t
3 networking, and the network management software eSight:

h t
Experiment 1: Experiment environment preparations
s :
This experiment includes checking whether all required devices are ready, connecting
r ce
devices on the network, and clearing AC configurations. This experiment helps you
know about HCNA-WLAN devices and network construction.

o u
Experiment 2: AC configuration initialization
es
This experiment involves basis operations and configurations on an AC, helping you
R
know the AC6605 and its basic functions.

i n g
Experiment 3: AP authentication and WLAN configuration process
This experiment lets you know basic WLAN network capabilities through basic WLAN
r n configurations.
e a Experiment 4: WLAN security configuration
e L This experiment mainly introduces 802.1x authentication, helping you know WLAN
or
security and the configuration process.
Experiment 5: Bypass Layer 3 networking
M This experiment uses the AC6605 and Layer 3 networking. The Layer 3 network
configuration helps you comprehensively know WLAN networking modes.
Experiment 6: WLAN configuration on eSight
This experiment involves how to add WLAN devices to the eSight and deliver WLAN
services using the configuration wizard.
Experiment 7: Configuration file backup and AC configuration clearance
This experiment describes how to back up configuration files through File Transfer
Protocol (FTP).
(2014-12-20) Huawei Proprietary and Confidential iii

Background Knowledge Required

The intended audience should know basic WLAN knowledge, Huawei switching devices, and
basic datacom knowledge.
e n
/
o m
e i.c
aw
u
g .h
ni n
r
//lea
p :
t t
: h
e s
r c
o u
es
R
i n g
r n
e a
e L
or
M
(2014-12-20) Huawei Proprietary and Confidential iv

Common Icons
e n
/
o m
e i.c
aw
Switch hu
AC AP
g .
nin
ar
//le
p :
t t
: h
s
eSight Server eRADIUS Server
r c STA
o u
e s
R
ning
a r
Le
e
or
M
(2014-12-20) Huawei Proprietary and Confidential v

Experiment Environment Overview
e n
Networking Introduction /
o m
i .c
This experiment environment is prepared for WLAN engineers who are preparing for the
HCNA-WLAN exam.
e
aw
Each suite of experiment environment includes 2-9 ACs, 2-9 APs, 1 core switch, and 1
u
Remote Authentication Dial In User Service (RADIUS) or eSight server. Each suite of
experiment environment is applicable to 4 to 16 candidates.
g .h
ni n
Device Introduction r
// lea
:
The following table lists devices recommended for HCNA-WLAN experiments and the
p
mappings between the device name, model, and software version.
t t
:h
Device Model Software Version
Name
e s
c
Version 5.70 (S3700 V100R005C01SPC100)
r
Core switch S3700-28TP-PWR-EI
ou
AC AC6605-26-PWR AC6605 V200R005C00SPC200
AP
es AP6010DN-AGN AP6010DN-AGN:V200R005C00SPC600
R
i n g
r n
e a
e L
or
M
HCNA-WLAN Contents
Contents
Huawei Certificate System ....................................................................................................... /ii e n

o miii
i .c v
About This Document ..............................................................................................................
e
Common Icons .............................................................................................................................
w
a
Experiment Environment Overview ......................................................................................... 1
. hu
1 Practice 1: Preparing the Lab Environment ........................................................................... 5
i n g
1.1 About This Course ..................................................................................................................................... 5
r n
1.2 Confirming the Readiness of the Devices ................................................................................................... 5
e a
1.2.1 Confirming the Readiness of the Devices .......................................................................................... 5
l
//
1.3 Network Topology Description 1: Chain Networking ................................................................................. 6
:
tp
1.4 Network Topology Description 2: Branched Networking ............................................................................ 7
h t
1.5 Description the Connection of Console Cable............................................................................................. 8
:
1.6 Reset the Configuration of AC .................................................................................................................. 11
s
r c e
2 Basic Configuration of AC .................................................................................................... 12
u
2.1 Objectives ................................................................................................................................................12
o
s
2.2 Networking Deployment Description ........................................................................................................12
Re
2.3 Configuration Procedure ...........................................................................................................................13
g
2.3.1 Configuring Initialization Password .................................................................................................13
i n
2.3.2 Configuring the Basic Information of AC .........................................................................................13
a rn
2.3.3 Confirming and Testing the Telnet/SSH Service (AAA Authentication) .............................................16
L e 2.3.4 Save the Configuration.....................................................................................................................17

2.4 Configuration Reference ...........................................................................................................................17
e
3 APrAuthentication
o and WLAN Configuration Roadmap ................................................. 20
M 3.1 Objectives ................................................................................................................................................20

3.3.1 Configuring Roadmap ......................................................................................................................21
3.3.2 Configuring the Switch ....................................................................................................................21
3.3.3 Configuring the Basic Information of AC .........................................................................................22
3.3.4 Configuring AP Authentication and Connection with AC ..................................................................22
3.3.5 Configuring AP Radio ......................................................................................................................24
04/20/2014 Huawei Proprietary and Confidential ii

Copyright Huawei Technologies Co., Ltd.
Hands-on Exercise Guide to WLAN Product Basic
Operation and Maintenance Contents
3.3.6 Configuring WLAN-ESS Interface ...................................................................................................24

3.3.7 Configuring Security Profile/Traffic Profile/WLAN Service-set .......................................................24
3.3.8 Configuring Service-set to AP ..........................................................................................................25
3.3.9 Verify the Configuration ..................................................................................................................26
3.4.1 Configuration of AC ........................................................................................................................29
4 WLAN Security Configuration ............................................................................................. 33

4.1 Objectives ................................................................................................................................................33
e n
/
o m
.c
4.3.1 Configuring WEP Authentication .....................................................................................................34
e i
4.3.2 Configuring WPA PSK Authentication .............................................................................................36
aw
4.3.3 Configuring WPA EAP Authentication .............................................................................................39
u
4.3.4 Configuring EAP Client ...................................................................................................................41
.h
4.4 Security Policies Configuration Precautions ..............................................................................................44
g
i n
n
4.5.1 ACs configuration ...........................................................................................................................45
a r
e
5 eSight Management for WLAN (Optional) ........................................................................ 49
/: /l
5.1 Objectives ................................................................................................................................................49
tp
ht
s :
5.3.1 Configuring AC SNMP Community .................................................................................................49
c e
5.3.2 Configuring AC Discover AP ...........................................................................................................50
r
u
5.3.3 Configuring Service-set by eSight Wizard ........................................................................................51
s o
5.3.4 Checking the Configuration by eSight ..............................................................................................57
e
6 Branched NetworkingR
i n g + Layer 3 Networking Practice ...................................................... 59

6.1 Objectives ................................................................................................................................................59
arn
L e
e
6.3.1 Re-connecting AP to Switch .............................................................................................................60
o r 6.3.2 Re-configuring VLAN and Trunk .....................................................................................................60
M
6.3.3 AP Online Configuration ..................................................................................................................61
6.3.4 Changing the Forwarding Mode to Tunnel Forwarding .....................................................................61
7 Backup the Configuration and Reset the Device ............................................................... 67

7.1 Objectives ................................................................................................................................................67
7.2 Network Deployment Description .............................................................................................................67
7.3.1 Save the Configuration.....................................................................................................................67
Hands-on Exercise Guide to WLAN Product Basic
Operation and Maintenance Contents
7.3.2 Configuring FTP Service onAC........................................................................................................68

7.3.3 Backup the Configuration to PC .......................................................................................................68
7.3.4 Reset the Configuration ...................................................................................................................69
7.4.1 Configuration of AC ........................................................................................................................69
8 Appendix: Configuration of the SW .................................................................................... 70

Figures
e n
/
Figure 1-1 Devices List................................................................................................................................... 5
m
Figure 1-2 Chain networking Topology ........................................................................................................... 6
o
i .c
Figure 1-3 Branched networking topology ...................................................................................................... 7
e
Figure 1-4 Network connection of console cable ............................................................................................. 8
aw
Figure 1-5 Creating a connection .................................................................................................................... 9
u
.h
Figure 1-6 Configuring the connection port ....................................................................................................10
g
i n
Figure 1-7 Setting the communication parameters ..........................................................................................10
n
r
Figure 2-1 Networking deployment information .............................................................................................12
lea
Figure 3-1 AP Authentication and WLAN configuration roadmap parameters description ...............................20
: //
Figure 3-2 WLAN configuration roadmap......................................................................................................21
t t p
Figure 4-1 WLAN security configuration parameters description ....................................................................33
s :h
Figure 5-1 eSight network deployment ...........................................................................................................49
c e
Figure 6-1 Branched networking topology .....................................................................................................59
r
s ou
Re
i n g
r n
e a
e L
o r
M
HCNA-WLAN Contents
1 Practice 1: Preparing the Lab Environmen

/
om
ent
.c
e i
aw
1.1 About This Course u
g .h
n
This course helps you set up the lab environment of WLAN. This course covers the following
contents:
ni
r
lea
Confirming the readiness of the devices
//
Understanding the topology of the practice
Reset the configuration of the devices
p :
t t
: h of the Devices
1.2 Confirming the Readiness
e s
r
1.2.1 Confirming the Readiness c of the Devices
o u
es
The following figure shows the devices which need to be used in this practice, please confirm
R
it before the practice begin.
i n g Figure 1-1 Devices List
arn Name Count Description
L e
e
Huawei Quidway S3700 1 SW for all groups All practice groups share the
o r PoE switch or SW and the pre-configuration

was ready
M Huawei Quidway S5700

PoE swithch
AC6605 1 AC per group AC with PoE power module
AP6010DN 1 AP per group
Laptop or desktop PC 1 PC per group PC with wireless network

card
04/20/2014 Huawei Proprietary and Confidential 5

Copyright Huawei Technologies Co., Ltd.
HCNA-WLAN 1Practice 1: Preparing the Lab Environment
RJ-45 cables 4 cables for each group
Console Cable 1 cable per group
Each group please confirms the devices in advance:

One AC6605 device
One AP6010DN

e n
/
One laptop or desktop PC
Three RJ-45 cables
o m
Console cable
e i .c
1.3 Network Topology Description 1: Chain Networking aw
. hu
Figure 1-2 Chain networking Topology
i n g
r n
l e a
Radius Server
: // eSight Server
10.254.1.100
t tp 10.254.1.200
: h
e s
r c GE0/0/23 GE0/0/24
o u
es Core Switch
R GE0/0/1 GE0/0/10
i n g GE0/0/24 GE0/0/2 GE0/0/24
arn AC1
GE0/0/24
L e AC2
AC10 GE0/0/1
r e GE0/0/1
o
M AP1
GE0/0/1
AP10

AP2
Description of the chain networking:

The required practices of this exercise are based on the chain networking topology
The chain networking deployment suit to the small and medium-sized WLAN network
For group 1: The 24th port of AC1 connect to switch port 1, the 1st port of AC connect to
the AP1
the AP2
the AP3
And so on
For group 10: The 24th port of AC10 connect to switch port 10, the 1st port of AC connect
e n
/
to the AP10
The configuration of the switch was ready and the students no need to configure it (You
o m
.c
can reference it in the reference configuration part)

e i
The radius server and eSight server was ready for using, no need to configure it
aw
1.4 Network Topology Description 2: Branched
. hu
Networking
i n g
r n
e a
Figure 1-3 Branched networking topology
l
: //
t tp
: h
Radius Server eSight Server
e s
10.254.1.100 10.254.1.200
r c
o u
es GE0/0/23 GE0/0/24
R
i n g AC1 GE0/0/24 GE0/0/1
Core Switch
GE0/0/20 GE0/0/24
rn
AP10
a
GE0/0/11 GE0/0/10
L e
r e AP1
GE0/0/2 GE0/0/12
o AC10
M GE0/0/24
AC2 AP2
Description of the branched networking:

The branched networking deployment suit to the large-scale WLAN network, the
optional practice of this exercise is based on this topology
For group 1: The 24th port of AC1 connect to switch port 1, the 11th port of SW connect
to the AP1
to the AP2
e n
/
to the AP3
And so on
o m

connect to the AP10
e i .c
For group 10: The 24th port of AC10 connect to switch port 10, the 20th port of SW

aw
The configuration of the switch was ready and the students no need to configure it (You
can reference it in the reference configuration part)
u

g .h
The radius server and eSight server was ready for using, no need to configure it
i n
n Cable
1.5 Description the Connection of Console ar
l e
: //
tp
Figure 1-4 Network connection of console cable
ht
s :
r c e
o u
es
R
i n g
arn
L e
r e
o
M
As show in figure 1-4, please connect the console cable to the AC, and power on the devices,
plug in the console cable to the laptop.
This course takes the HyperTerminal of Windows XP as an example to explain how to log in
to the AC6605 command line interface through the HyperTerminal. If other similar software
such as the PuTTy and SecureCRT is used, refer to the user guide of related software.
1. Enable the HyperTerminal on the PC
Choose Start > Programs > Accessories > Communications > HyperTerminal to start the
HyperTerminal in Windows XP.
e n
/
2. Create a connection
As shown in Figure 1-5, enter the name of the new connection in the Name text box and
o m
.c
choose a nicon, then click OK.
Figure 1-5 Creating a connection e i

aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
n g
3. Set the connection port
i
r n
In the Connection to dialog box as shown in Figure 1-6, choose the COM port of the
e a computer, then click OK.
e L
o r
M
Figure 1-6 Configuring the connection port
e n
/
o m
e i .c
aw
u
g .h
4. Set the communication parameter
ni n
r
lea
After the COM1 Properties dialog box displayed, set the COM1 properties as shown in
Figure 1-7, or use the default settings by clicking Restore Defaults.
: //
p
Figure 1-7 Setting the communication parameters
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
After the preceding settings are complete, press Enter. Wait until the following message is
displayed prompting you to set a login password. The system automatically saves the
password setting.
An initial password is required for the first login via the console.
Set a password and keep it safe! Otherwise you will not be able to login via the
console.
Please configure the login password (6-16)

Enter Password:
e n
/
1.6 Reset the Configuration of AC
o m
i .c
We need to reset the configuration of the devices before the practice, so as to avoid the
e
impacting to the practice, please following below procedures to reset the configuration and
reboot the device.
aw
u
.h
The login password is huawei123 in this exercise:
Login authentication
Password:huawei123
i n g
<AC6605>reset saved-configuration
r n
lea
This will delete the configuration in the flash memory.
//
The device configurations will be erased to reconfigure.
:
Are you sure? (y/n)[n]:y
t t p
Clear the configuration in the device successfully.
Reboot the device:

s :h
<AC6605>reboot
r c e
ou
Info: The system is comparing the configuration, please wait.
s
Warning: All the configuration will be saved to the next startup configuration.
Re
Continue ? [y/n]:n
System will reboot! Continue ? [y/n]:y
g
Info: system is rebooting ,please wait...
n i n
ar You have finished practice 1!
Le
r e
o
M
HCNA-WLAN 2Basic Configuration of AC
2 Basic Configuration of AC
2.1 Objectives
e n
/
Upon completion of this task, you will be able to:
o m
.c
Configure the initialization password
Configure VLAN and routing in the AC
e i
Configure telnet service of the AC
aw
u
.h
Save the configuration in the AC
i n g
2.2 Networking Deployment Description r n
l e a
//
We need to configure the devices vlan, trunk and ip address in this exercise, after the students
:
tp
get the group number, please following below network development requires to configure the
t
device.
: h
Suppose the student belongs to group X (X=0, 1, 2, 3 10), please get the information as
s
shown in Figure 2-1.
e
r c
u
Figure 2-1 Networking deployment information
s o
e
Student belongs to Group X (X=1, 2, AC Parameters
R 3 10)
i n g Name ACX
arn
e
Initialization Password huawei123
e L
r
AP Management VLAN VLAN: X0
o IP: 10.1.X0.100
M Service VLAN (Employee) VLAN: X1

IP: 10.1.X1.100
Service VLAN (Voice VLAN) VLAN: X2

IP: 10.1.X2.100
Service VLAN (Guest VLAN) VLAN: X3

IP: 192.168.X.1
AC Interface (Link to Management PC) MEth 0/0/1

IP: 192.168.100.200
AC Interface (Link to AP) GE0/0/1

Allow-pass VLAN in the Trunk: X0 to X3
e n
/
AC Interface (Link to Switch) GE0/0/24
o m
i .c
Allow-pass VLAN in the Trunk: X0 to X2
e
aw
Network topology: Chain Networking + Layer 2 Networking
u
.h
In this practice, PC configured with IP 192.168.100.10, and test the telnet function of AC.
g
ni n
r
lea
2.3 Configuration Procedure
2.3.1 Configuring Initialization Password : //
t t p
:h
Press Enter and Wait until the following message is displayed prompting you to set a login
s
password.
NOTE:
r c e
The password value is a string of 6 to 16 case-sensitive characters. It must contain at
ou
least two types of characters, including upper-case and lower-case letters, digits, and
s
e
special characters. The special characters cannot contain space or question mark (?).
R
Password entered in interactive mode is not displayed on the terminal screen.
When you log in to the AC using the password, you must enter the password set during
i n g
your first login.
r n
e a Please configure the login password (maximum length 16)
eL
Enter password:huawei123
or
Confirm password:huawei123
<AC6605>
M2.3.2 Configuring the Basic Information of AC

<AC6605>system-view
[AC6605]sysname AC1
Create management VLAN 10, service VLAN 11, 12, 13.

[AC1]vlan batch 10 to 13
Configure the interface g0/0/1 which used to link the AP.

[AC1]interface g0/0/1
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk pvid vlan 10
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 13
[AC1-GigabitEthernet0/0/1]quit
Configure the interface g0/0/24 which used to link the switch.

[AC1]interface g0/0/24
[AC1-GigabitEthernet0/0/24]port link-type trunk
n
[AC1-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 to 12
[AC1-GigabitEthernet0/0/24]quit
/ e
Use command dis port vlan to check configure result.
o m
.c
[AC1]dis port vlan
Port Link Type PVID Trunk VLAN List
e i
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 10 1 10-13
aw
GigabitEthernet0/0/2 hybrid 1 -
u
.h
GigabitEthernet0/0/4
hybrid
hybrid
1
1
-
-
i n g
r n
lea
//
GigabitEthernet0/0/10 hybrid
p
1
: -
GigabitEthernet0/0/11 hybrid
t t 1 -
:h
es
r c hybrid 1 -
ou
es
R
i n g
n
ar GigabitEthernet0/0/23 hybrid 1 -
e
GigabitEthernet0/0/24 trunk 1 1 10-12
eL
XGigabitEthernet0/0/1 hybrid 1 -
XGigabitEthernet0/0/2 hybrid 1 -
or Configure the vlanif interface of the VLANs
M [AC1]interface vlan 10
[AC1-Vlanif10]ip address 10.1.10.100 24
[AC1-Vlanif10]quit
[AC1]interface vlan 11
[AC1-Vlanif11]quit
[AC1-Vlanif11]quit
Enable the DHCP service, and configure the DHCP pool for WLAN guest VLAN (Notice: If
you configure the AC as the service VLAN gateway, WLAN service-set must be configured
to tunnel forwarding mode, but in direct forwarding mode, the gateway of the service VLAN
can be configured in external switch).
[AC1]dhcp enable
[AC1]interface Vlanif 13
[AC1-Vlanif12]dhcp select interface
[AC1-Vlanif13]dhcp server dns-list 8.8.8.8
e n
Conform the status of the interfaces:
/
[AC1]display ip interface brief
o m

Interface IP Address/Mask Physical
e i
Protocol .c
w
MEth0/0/1 192.168.100.200/24 down down
NULL0
Vlanif10
unassigned
10.1.10.100/24
up
up
u a
up(s)
up
Vlanif11
Vlanif12
10.1.11.100/24
10.1.12.100/24
up
up
g .h up
up
Vlanif13 192.168.1.1/24
ni n
up up
r
lea
Checking the reachablility from AC to the Layer 3 switch, the IP address 100.100.100.100 is a
loopback interface IP address, simulated to the public network, the destination should be
//
unreachable right now.
p :
t
[AC1]ping -a 192.168.1.1 10.1.10.1
PING 10.1.10.1: 56
t
data bytes, press CTRL_C to break
:h
Reply from 10.1.10.1: bytes=56 Sequence=1 ttl=255 time=11 ms
s
e
c
r
ou
es
--- 10.1.10.1 ping statistics ---
R
5 packet(s) transmitted
i n g
5 packet(s) received
0.00% packet loss
r n round-trip min/avg/max = 10/12/20 ms
e a
eL
[AC1]ping -a 192.168.1.1 100.100.100.100
PING 100.100.100.100: 56 data bytes, press CTRL_C to break
or
Request time out
Request time out
M Request time out

Request time out
Request time out
Configure the static default route point to the switch in AC.

[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.10.1
Ping to the destination IP address 100.100.100.100 again:

[AC1]ping -a 192.168.1.1 100.100.100.100

--- 100.100.100.100 ping statistics ---

0.00% packet loss
round-trip min/avg/max = 7/9/10 ms
e n
2.3.3 Confirming and Testing the Telnet/SSH Service (AAA /
Authentication) o m
e i .c
Enable and configure telnet service in the AC, add account huawei for AAA authentication.
[AC1]telnet server enable
aw
Info: TELNET server has been enabled.
u
[AC1]stelnet server enable
Info: Succeeded in starting the STELNET server.
g .h
[AC1]aaa
ni n
r
[AC1-aaa] local-user huawei password cipher huawei123
lea
[AC1-aaa] local-user huawei service-type telnet ssh
//
[AC1-aaa]local-user huawei privilege level 15
:
[AC1-aaa]quit
[AC1]user-interface vty 0 4
t t
[AC1-ui-vty0-4]authentication-mode aaa p
:h
Configure the management interface MEth0/0/1:
s
c e
[AC1]interface MEth 0/0/1
r
[AC1-MEth0/0/1]ip address 192.168.100.200 24
s ou
Connect the interface from PC to the AC management port(in left of the console port),
e
configure PCs IP address 192.168.100.10 255.255.255.0 and test the telnet service.
R
g
C:\Users\zWX>ping 192.168.100.200
n i n
Pinging 192.168.100.200 with 32 bytes of data:
ar Reply from 192.168.100.200:bytes=32 time=23ms TTL=255
e
Reply from 192.168.100.200:bytes=32 time=1ms TTL=255
eL
or Ping statistics for 192.168.100.200:
M Packets: Sent = 4Received = 4Lost = 0 (0% loss)

Approximate round trip times in milli-seconds:
Minimum = 1msMaximum = 23msAverage = 8ms
C:\Users\zWX>telnet 192.168.100.200
Login authentication
Username:huawei
Password:huawei123
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
<AC1>sys
Enter system view, return user view with Ctrl+Z.

[AC1]display access-user
------------------------------------------------------------------------------
UserID Username IP address MAC
------------------------------------------------------------------------------
132 huawei 192.168.100.10 -
------------------------------------------------------------------------------
2.3.4 Save the Configuration

Save the configuration of AC:
e n
<AC1>save
/
The current configuration will be written to the device.
o m
.c
Are you sure to continue? (y/n)[n]:y
.
e i
It will take several minutes to save configuration file, please wait..........
Configuration file had been saved successfully
aw
u
Note: The configuration file will take effect after being activated
g .h
2.4 Configuration Reference
ni n
r
lea
Take group 1 for example:
#
: //
sysname AC1
#
t t p
:h
snmp-agent local-engineid 800007DB03FC48EFC76DB7
s
undo snmp-agent community complexity-check disable
snmp-agent
#
r c e
ou
http server enable
s
http secure-server ssl-policy default_policy
#
Re
http secure-server enable
#
i n g
vlan batch 10 to 13
r n
dhcp enable
a
#
e diffserv domain default
eL
#
or
pki realm default
enrollment self-signed
M
#
ssl policy default_policy type server
pki-realm default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher admin@huawei.com
local-user admin privilege level 15

local-user admin service-type telnet http
local-user huawei password cipher huawei123
local-user huawei privilege level 15
local-user huawei service-type telnet ssh
#
interface Vlanif10
ip address 10.1.10.100 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
e n
#
/
interface Vlanif12
ip address 10.1.12.100 255.255.255.0
o m
#
interface Vlanif13
e i .c
w
ip address 192.168.1.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
u a
#
interface MEth0/0/1
g .h
ip address 192.168.100.200 255.255.255.0
ni n
r
#
lea
interface GigabitEthernet0/0/1
//
port link-type trunk
:
port trunk pvid vlan 10
port trunk allow-pass vlan 10 to 13
#
t t p
:h
s
#
#
r c e
ou

s
#
e
R
g
#
n i n
interface XGigabitEthernet0/0/1
ar #
e interface XGigabitEthernet0/0/2
eL
#
or
interface NULL0
#
stelnet server enable
M #
ip route-static 0.0.0.0 0.0.0.0 10.1.10.1
#
user-interface con 0
authentication-mode password
set authentication password cipher huawei123
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
#
wlan
#
return
You have finshed practice 2!
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
HCNA-WLAN 3AP Authentication and WLAN Configuration Roadmap
3 AP Authentication and WLAN Configu

ration Roadmap
e n
/
3.1 Objectives
o m
e i .c
w
Configure AP authentication
Understand WLAN configuration profile
u a
Understand WLAN configuration roadmap
g .h
Configure open system authentication
ni n
ar
l e
3.2 Networking Deployment Description
: //
t tp
h
Figure 3-1 AP Authentication and WLAN configuration roadmap parameters description
s :
Suppose the student belongs to group X (X=1, 2, 3 10), for example the WMM
c e
profile name of group 1 is wmm-prof-guest1
r
o u
Network topology Chain Network + Layer 2 networking
es
R
AC Global Information Country code: CN
i n g Carrier ID: other
arn
e
WLAN source: VLAN X0
e L
r
AP Authentication AP authentication mode: mac-auth
o
M AP MAC address
WMM Profile WMM profile: wmm-prof-X
Radio Profile 2.4G radio profile: radio0-prof-X

5G radio profile: radio1-prof-X
Service-set SSID: huawei-guestX

Service VLAN:vlan13
Forwarding mode: direct-forward
Traffic profile: traffic-prof-X
Security profile: security-prof-X
Wlan-ess interface 0
e n
/
User isolation: closed
o m
e i .c
3.3 Configuration Procedure aw
u
3.3.1 Configuring Roadmap
g .h
ni n
Figure 3-2 WLAN configuration roadmap
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
3.3.2 Configuring the Switch

Continue the configuration from practice 2, the configuration of the switch has been ready.
3.3.3 Configuring the Basic Information of AC

Configure the global information of AC:
[AC1]wlan ac-global country-code CN
[AC1]wlan ac-global ac id 0 carrier id other
By default, the country-code parameter is CN, carrier IDs have four types and for enterprise is
other:
cmcc China Mobile
e n
ctc China Telecom
/
cuc China Unicom
o m
other other service provider (default value)
e i .c
3.3.4 Configuring AP Authentication and Connection with AC
aw
u
.h
Configure the DHCP pool of AP and the AP authtication mode, address discoverying use
option 43 method.
[AC1]ip pool vlan10
i n g
[AC1-ip-pool-vlan10]network 10.1.10.0 mask 255.255.255.0
r n
lea
[AC1-ip-pool-vlan10]excluded-ip-address 10.1.10.100
[AC1-ip-pool-vlan10]gateway-list 10.1.10.1
[AC1-ip-pool-vlan10]dns-list 10.254.1.100
: //
p
[AC1-ip-pool-vlan10]option 43 sub-option 3 ascii 10.1.10.100
t t
:h
s
[AC1-Vlanif10]dhcp select global
[AC1-Vlanif10]quit
r c e
ou
Then the AP will get the ip address: 10.1.X0.254, run ping command to test the connection
between AP and AC.
es
[AC1]ping 10.1.10.254
R
i n g
r n Reply from 10.1.10.254: bytes=56 Sequence=3 ttl=64 time=11 ms
e a Reply from 10.1.10.254: bytes=56 Sequence=4 ttl=64 time=11 ms
L
r e But we have not configured the AP authentication list yet, so run command display ap all
o
there will be no AP displayed.
M [AC1-wlan-view]display ap all
All AP information(Normal-0,UnNormal-0):
------------------------------------------------------------------------------
AP AP AP Profile Region AP
ID Type MAC ID ID State
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Total number: 0
Configure the WLAN source interface and AP authentication:

[AC1]wlan
[AC1-wlan-view]wlan ac source interface Vlanif 10
[AC1-wlan-view]ap-auth-mode ?
mac-auth MAC authenticated mode, default authenticated mode
no-auth No authenticated mode
sn-auth SN authenticated mode
AP support three types authentication mode, by default, the AP authentication mode is MAC
n
address authentication. But before we add the AP to the authentication list manually, we need
to know the AP type and MAC address of the AP, V2R5 can support 12 types of AP currently,
we can run command display ap-type all to view it:
/ e
[AC1-wlan-view]dis ap-type all
o m
All AP types information:
e i
------------------------------------------------------------------------------ .c
w
ID Type
a
------------------------------------------------------------------------------
u
.h
17 AP6010SN-GN
g
19 AP6010DN-AGN
21 AP6310SN-GN
ni n
r
23 AP6510DN-AGN
lea
25 AP6610DN-AGN
//
27 AP7110SN-GN
28 AP7110DN-AGN
p :
29 AP5010SN-GN
t t
:h
30 AP5010DN-AGN
31 AP3010DN-AGN
e s
33
r c
AP6510DN-AGN-US
ou
34 AP6610DN-AGN-US
35
s
AP5030DN
e
R
36 AP5130DN
g
38 AP2010DN
n i n
------------------------------------------------------------------------------
r
Total number: 15
e a
eL
For our practice, the AP type is 6010DN, type ID is 19, the MAC address of AP for group 1 is
or
cccc-8110-2260, so the command should be:
[AC1-wlan-view]ap id 0 type-id 19 mac cccc-8110-2260
M After we add the AP to the MAC address authentication list, the status of the AP will change
from fault to config and final to the normal status, we need to wait for several minutes, if the
status could not change to normal status, pls re-check your configuration.
[AC1]dis ap all
------------------------------------------------------------------------------
AP AP AP Profile AP AP
/Region
ID Type MAC ID State Sysname
------------------------------------------------------------------------------
0 AP6010DN-AGN cccc-8110-2260 0/0 normal ap-0
------------------------------------------------------------------------------
3.3.5 Configuring AP Radio

Configure the WMM profile:
[AC1-wlan-view]wmm-profile name wmm-prof-1
Configure 2.4G radio profile, binding to the WMM profile.
e n
[AC1-wlan-view]radio-profile name radio2-prof-1
/
m
[AC1-wlan-radio-prof-radio2-prof-1]wmm-profile name wmm-prof-1
Configure 5G radio profile, binding to the WMM profile.

.c o
[AC1-wlan-view]radio-profile name radio5-prof-1
e i
[AC1-wlan-radio-prof-radio5-prof-1]wmm-profile name wmm-prof-1
aw
Run command display radio-profile all to check the radio ID:
u
[AC1]display radio-profile all
g .h
----------------------------------------------------
ID Name
ni n
r
lea
----------------------------------------------------
0 radio2-prof-1
//
1 radio5-prof-1
:
----------------------------------------------------
p
Total: 2
t t
:h
Binding the radio profile to the AP:
e s
[AC1-wlan-view]ap 0 radio 0
r c
[AC1-wlan-radio-0/0]radio-profile id 0
ou
s
e
[AC1-wlan-radio-0/1]radio-profile id 1
R
3.3.6 Configuring WLAN-ESS Interface
i n g
The WLAN-ESS interface cant be configured to trunk mode:
r n
e a [AC1]interface Wlan-Ess 0
[AC1-Wlan-Ess0]port hybrid pvid vlan 13
eL
[AC1-Wlan-Ess0]port hybrid untagged vlan 13
or
3.3.7 Configuring Security Profile/Traffic Profile/WLAN
M
Service-set
[AC1-wlan-view]traffic-profile id 0 name traffic-prof-1
[AC1-wlan-traffic-prof-traffic-prof-1]quit
[AC1-wlan-view]security-profile id 0 name security-prof-1
[AC1-wlan-sec-prof-security-prof-1]quit
[AC1-wlan-view]service-set name Huawei-guest1

[AC1-wlan-service-set-huawei-wlan1]ssid Huawei-guest1
[AC1-wlan-service-set-huawei-wlan1]service-vlan 13
[AC1-wlan-service-set-Huawei-guest1]wlan-ess 0
[AC1-wlan-service-set-Huawei-guest1]security-profile id 0
[AC1-wlan-service-set-Huawei-guest1]traffic-profile id 0
[AC1-wlan-service-set-Huawei-guest1]forward-mode direct
[AC1-wlan-service-set-Huawei-guest1]undo user-isolate
[AC1-wlan-service-set-Huawei-guest1]quit
3.3.8 Configuring Service-set to AP

[AC1-wlan-radio-0/0]service-set id 0
[AC1-wlan-radio-0/0]ap 0 radio 1
e n
[AC1-wlan-radio-0/1]service-set id 0
/
m
[AC1-wlan-radio-0/1]quit
[AC1-wlan-view]commit ap 0
.c o
e i
Warning: Committing configuration may cause service interruption,continue?[Y/N
w
]Y
u a
After commit the AP, AP will emit singal for service-set huawei-guestX, the authentication
.h
mode is open system authentication, the wireless station, for example PC and mobile phone,
g
will detect the signal and get IP address 192.168.X.0/24, and can ping to the AC and Switch.
Take laptop for example to connect to the AP:
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
:h
C:\Users\zWX>ping 100.100.100.100
e s
c
r
Reply from 100.100.100.100: bytes=32 time=57ms TTL=255
ou
es
R
i n g
Ping statistics for 100.100.100.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
rn
a Minimum = 7ms, Maximum = 169ms, Average = 60ms
e the Configuration
L
3.3.9 Verify
e
o r Checking the service-set:
M <AC1>dis service-set all

----------------------------------------------------------------------------
ID Name SSID
0 Huawei-guest1 Huawei-guest1
----------------------------------------------------------------------------
Total: 1
[AC1]dis service-set id 0
----------------------------------------------------------------------------
Service-set ID : 0
Service-Set name : Huawei-guest1
SSID : Huawei-guest1
Hide SSID : disable

User isolate : disable
Type : service
Maximum number of user : 32
Association timeout(min) : 5
Traffic profile name : traffic-prof-1
Security profile name : security-prof-1
User profile name : -
Wlan-ess interface : Wlan-ess0
Igmp mode : off
Forward mode : direct-forward
e n
Service-vlan : 13
/
DHCP snooping
IPSG switch
: disable
: disable
o m
DHCP trust port
DAI switch
: disable
: disable
e i .c
w
ARP attack threshold(pps) : 15
Protocol flag
Offline-management switch
: all
: disable
u a
Sta access-mode
Sta blacklist profile
: disable
: -
g .h
Sta whitelist profile : -
ni n
r
Dhcp option82 Insert : Disable
lea
Dhcp option82 Format : Insert Ap-mac
//
Broadcast suppression(pps) : -
:
Multicast suppression(pps) : -
Unicast suppression(pps)
Traffic-filter inbound
: -
acl : -
t t p
:h
Traffic-filter outbound acl : -
s
Service mode status : enable
r c e
AutoOff service ess status
AutoOff service starttime
: disable
: 00:00:00
ou
AutoOff service endtime : 00:00:00
s
----------------------------------------------------------------------------
Re
Run command display ap all to view the information of APs:
i n g
<AC1>dis ap all
r n------------------------------------------------------------------------------
e a
L
/Region
r e ID Type MAC ID State Sysname
o ------------------------------------------------------------------------------
M 0 AP6010DN-AGN cccc-8110-2260 0/0 normal

-----------------------------------------------------------------------------
ap-0
[AC1]dis ap-run-info id 0
AP 0 run information:
------------------------------------------------------------------------------
Software version: V200R003C00SPC200
Hardware version: Ver.C
BIOS version: 078
Domain: CN
CPU type: AR9344
CPU frequency: 500 MHZ

Memory type: H5PS5162GFR-S6C&1
AP System software description: AP6010DN-AGN:Ver.C
AP System hardware description: AP6010DN-AGN:Ver.C
AP manufacture: Huawei Technologies Co., Ltd.
AP software name: Huawei Access Point Software
AP software vendor: Huawei Technologies Co., Ltd.
AP online time: 2948 S
AP bom code: 000
Ip address: 10.1.10.254
Ip mask: 255.255.255.0
e n
Gateway ip: 0.0.0.0
/
DNS server: 10.254.1.100
Memory size: 128 MB
o m
Flash size: 32 MB
Run time: 22606 S
e i .c
w
Up ethernet port speed: 1000 Mbps
Up ethernet port speed mode: auto
Up ethernet port duplex: full
u a
Up ethernet port duplex mode: auto
g .h
------------------------------------------------------------------------------
ni n
Using the display access-user command, you can view information about the sessions that
r
lea
meet the specified conditions:
//
<AC1>display access-user
:
------------------------------------------------------------------------------
p
t
t
------------------------------------------------------------------------------
:h
1171 74e50bd553b4 192.168.1.254 74e5-0bd5-53b4
e s
c
1172 f83dffb5a4f2 192.168.1.248 f83d-ffb5-a4f2
r
ou
------------------------------------------------------------------------------
s
Total 2,2 printed
e
R
<AC1>display station assoc-info ap 0
i n g
------------------------------------------------------------------------------
r nSTA MAC AP-ID RADIO-ID SS-ID SSID
e a ------------------------------------------------------------------------------
eL
f83d-ffb5-a4f2 0 0 0 Huawei-guest1
or
74e5-0bd5-53b4 0 0 0 Huawei-guest1
------------------------------------------------------------------------------
M Total stations: 2
The display station assoc-info command displays status of an STA, including the SSID of the
WLAN to which the STA connects, online duration, uplink signal noise ratio, and uplink
receiving power of the STA.
[AC1]dis station assoc-info sta 5c0a-5b36-4a71
------------------------------------------------------------------------------
Station mac-address : 5c0a-5b36-4a71

Station ip-address : 0.0.0.0
Station gateway : 0.0.0.0

Associated SSID : Huawei-guest1
Station online time(ddd:hh:mm:ss) : 000:00:01:30
The upstream SNR(dB) : 51.0
The upstream aggregate receive power(dBm) : -62.0
Station connect rate(Mbps) : 44
Station connect channel : 153
Station inactivity time(ddd:hh:mm:ss) : 000:00:00:00
Station current state
Authorized for data transfer : YES
Qos enabled : YES
e n
ERP enabled : No
/
HT rates enabled
Power save mode enabled
: YES
: YES
o m
Auth reference held
uAPSD enabled
: No
: No
e i .c
w
uAPSD triggerable : No
uAPSD SP in progress
This is an ATH node
: No
: No
u a
WDS workaround req
WDS link
: No
: No
g .h
Station's HT capability : AWP
ni n
r
Station ERP element(dBm) : 0
lea
Station capabilities : E
://
Station's RSSI(dB) : 33
Station's Noise(dBm) : -113
tp
Station's radio mode : 11n
Station's AP ID
t : 0
:h
Station's Radio ID : 1
s
Station's Authentication Method : OPEN
Station's Cipher Type
r
Station's User Name
c e : NO CIPHER
: 5c0a5b364a71
ou
Station's Vlan ID : 13
s
Station's Channel Band-width : 20MHz
e
Station's asso BSSID : cccc-8110-2270
R
Station's state : Asso with auth
g
Station's Qos Mode : NULL
n i n
Station's HT Mode
Station's MCS value
: HT40
: 7
ar Station's Short GI : nonsupport
Le Station's roam state : No

------------------------------------------------------------------------------
r e
o
M3.4 Configuration Reference
3.4.1 Configuration of AC
#
sysname AC1
#
http server enable
#
vlan batch 10 to 13
#
dhcp enable
#
diffserv domain default
#
pki realm default
#
e n
pki-realm default
/
#
ip pool vlan10
o m
gateway-list 10.1.10.1
network 10.1.10.0 mask 255.255.255.0
e i .c
w
excluded-ip-address 10.1.10.100
dns-list 10.254.1.100
option 43 sub-option 3 ascii 10.1.10.100
u a
#
aaa
g .h
ni n
r
lea
//
domain default
:
t t
local-user admin privilege level 15 p
:h
s
r c e
ou
#
s
interface Vlanif10
e
ip address 10.1.10.100 255.255.255.0
R
dhcp select global
g
#
i n
interface Vlanif11
n
ip address 10.1.11.100 255.255.255.0
ar #
e interface Vlanif12
eL
ip address 10.1.12.100 255.255.255.0
or
#
interface Vlanif13
ip address 192.168.1.1 255.255.255.0
M dhcp select interface

#
interface MEth0/0/1
ip address 192.168.100.200 255.255.255.0
#
#
#
#

#
e n
#
/
#
o m
#
e i .c
w
interface Wlan-Ess0
port hybrid pvid vlan 13
port hybrid untagged vlan 13
u a
#
interface NULL0
g .h
#
ni n
r
lea
#
//
ip route-static 0.0.0.0 0.0.0.0 10.1.10.1
:
#
t t p
:h
s
r c
user privilege level 15 e
ou
s
e
#
wlan
R
g
wlan ac source interface vlanif10
i n
ap id 0 type-id 19 mac cccc-8110-2260 sn 210235448310C9000012
n
wmm-profile name radio-prof-1 id 0
ar traffic-profile name traffic-prof-1 id 0
e security-profile name security-prof-1 id 0
eL
service-set name Huawei-guest1 id 0
or
wlan-ess 0
ssid Huawei-guest1
traffic-profile id 0
M security-profile id 0
service-vlan 13
radio-profile name radio2-prof-1 id 0
wmm-profile id 0
radio-type 80211an
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
service-set id 0 wlan 1
ap 0 radio 1
radio-profile id 1
#
return
You have finished practice 3!
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
HCNA-WLAN 4WLAN Security Configuration
4 WLAN Security Configuration
4.1 Objectives
e n
/
o m
.c
Configure WLAN security profile
Configure WEP authentication
e i
Configure WPA/WPA2 PSK authentication
aw
u
.h
Configure WPA/WPA2 EAP authentication
Configure VAP
i n g
r n
4.2 Networking Deployment Description l e a
: //
t tp
Figure 4-1 WLAN security configuration parameters description
: h
Suppose the student belongs to group X (X=1, 2, 3 10)
e s
Network
r c Chain Networking + Layer 2 Networking
Topology
o u
es
Security Security-prof-wepX ID:1 WEP password: guest
R
Profile
i n g Security-prof-wpapskX ID:2 WPA PSK password: Huaweipsk
rn
Security-prof-wpaeapX ID:3 Account: huawei, password: huawei
e a
L
Service-set Huawei-guestX Security profile: Security-prof-wepX
r e Huawei-voiceX SSIDHuawei-voiceX
o
M Service VLAN:vlan12
Forwarding mode: direct forwarding
Traffic profile: traffic-prof-X
Security profile: Security-prof-wpapskX
User isolate: closed
Huawei-employeeX SSIDHuawei-employeeX
Service VLAN:vlan11
Forwarding mode: direct forwarding
Traffice profile: traffic-prof-X
e n
Security profile: Security-prof-wpaeapX
/
o m
e i
User isolate: closed .c
aw
u
g .h
4.3.1 Configuring WEP Authentication ni n
ar
l e
The AC6605 supports five access security policies: Wired Equivalent Privacy (WEP), Wi-Fi
: //
Protected Access (WPA), WPA2,WPA-WPA2, and WLAN Authentication and Privacy
tp
Infrastructure (WAPI).
ht
[AC1-wlan-view]security-profile id 5 name test
:
[AC1-wlan-sec-prof-security-prof-1]security-policy ?
s
e
wapi WLAN authentication and privacy infrastructure
wep
c
Wired equivalent privacy
r
u
wpa Wi-Fi protected access
o
wpa-wpa2 Wi-Fi protected access version 1&2
wpa2
es Wi-Fi protected access version 2
R
The service-set Huawei-guestX used open system authentication, in this practice will change
i n g
the authentication type to WEP share-key, set WEP key to WEP-40, password: guest.
rn
Create security profile Security-prof-wep1, encrypt key: guest.
e a We can set a WEP key with three types: WEP-40, WEP-104,WEP-128.
e L If WEP-40 is used, the WEP key is 10 hexadecimal characters or 5 ASCII characters.
o r If WEP-104 is used, the WEP key is 26 hexadecimal characters or 13 ASCII characters.
M If WEP-128 is used, the WEP key is 32 hexadecimal characters or 16 ASCII characters.

[AC1]wlan
[AC1-wlan-view]security-profile id 1 name Security-prof-wep1
[AC1-wlan-sec-prof-Security-prof-wep1]security-policy wep
[AC1-wlan-sec-prof-Security-prof-wep1]wep authentication-method share-key
[AC1-wlan-sec-prof-Security-prof-wep1]wep key wep-40 pass-phrase 0 cipher guest
[AC1-wlan-sec-prof-Security-prof-wep1]quit
Configure security profile Huawei-guest1, and reset in the AP:

[AC1-wlan-view]dis security-profile all
------------------------------------------------------------
ID Name
0 security-prof-1
1 Security-prof-wep1
------------------------------------------------------------
[AC1-wlan-view]dis service-set all
----------------------------------------------------------------------------
ID Name SSID
----------------------------------------------------------------------------
Total: 1
e n
/
[AC1-wlan-view]service-set id 0
[AC1-wlan-service-set-Huawei-guest1]security-profile id 1
o m
[AC1-wlan-service-set-Huawei-guest1]quit
e i .c
w
[AC1-wlan-view]commit ap 0
]Y
u a
g .h
Using the display security-profile command, you can view configurations of security
profiles.
ni n
[AC1]display security-profile id 1
r
lea
------------------------------------------------------------
//
Profile name : Security-prof-wep1
Profile ID : 1
p :
t
Authentication : Share key
Encryption
t : WEP-40
:h
------------------------------------------------------------
es
Service-set ID SSID
c
0 Huawei-guest1
r
------------------------------------------------------------
ou
Bridge-profile ID Bridge Name
s
------------------------------------------------------------
e
R
Run command display access-user ssid xxxx to check the users with specified SSID.
ing
[AC1]display access-user ssid Huawei-guest1
rn
------------------------------------------------------------------------------
e a ------------------------------------------------------------------------------
e L 1188 5c0a5b364a71 192.168.1.252 5c0a-5b36-4a71
o r ------------------------------------------------------------------------------
Total 1,1 printed
M The display station assoc-info command displays status of an STA, including the SSID of the
WLAN to which the STA connects, online duration, uplink signal noise ratio, and uplink
receiving power of the STA.
Below display result shows the STA 5c0a-5b36-4a71 cipher type is WEP-40:
[AC1-wlan-view]dis station assoc-info sta 5c0a-5b36-4a71
------------------------------------------------------------------------------
Station mac-address : 5c0a-5b36-4a71
Station gateway : 0.0.0.0
Associated SSID : Huawei-guest1

Qos enabled : YES
ERP enabled : No
e n
HT rates enabled : No
/
Power save mode enabled
Auth reference held
: YES
: No
o m
uAPSD enabled
uAPSD triggerable
: No
: No
e i .c
w
uAPSD SP in progress : No
This is an ATH node
WDS workaround req
: No
: No
u a
WDS link
Station's HT capability
: No
: Q
g .h
Station ERP element(dBm) : 0
ni n
r
Station capabilities : EP
lea
Station's RSSI(dB) : 36
://
Station's Noise(dBm) : -113
Station's radio mode : 11a
tp
Station's AP ID : 0
Station's Radio ID
t : 1
:h
Station's Authentication Method : SHARE-KEY
s
Station's Cipher Type : WEP-40
Station's User Name
Station's Vlan ID
r c e : 5c0a5b364a71
: 13
ou
s
Station's asso BSSID : cccc-8110-2270
e
Station's state : Asso with auth
R
Station's Qos Mode : NULL
g
Station's HT Mode : -
n i n
Station's MCS value
Station's Short GI
: 0
: nonsupport
ar Station's roam state : No
Le ------------------------------------------------------------------------------
r e
4.3.2 Configuring WPA PSK Authentication
o
M Configure the authentication type for service-set Huawei-voiceX to WPA1-PSK. Huawei AC
supports below WPA configuration option:
WPA Type Encryption Method Authentication Method
WPA/WPA2/WPA1-2 Personal CCMP or TKIP PSK(password 8-64 characters)
WPA/WPA2/WPA1-2 Enterprise CCMP or TKIP Dot1x

Configure security profile Security-prof-wpapsk1, encryption mode TKIP, password of PSK

is huawei.
[AC1-wlan-view]security-profile id 2 name Security-prof-wpapsk1
[AC1-wlan-sec-prof-Security-prof-wpapsk1]security-policy wpa
[AC1-wlan-sec-prof-Security-prof-wpapsk1]wpa authentication-method psk pass-phra
se cipher Huaweipsk encryption-method tkip
[AC1-wlan-sec-prof-Security-prof-wpapsk1]quit
[AC1-wlan-view]quit
n
Configure WLAN-ESS interface which need to be used by service-set Huawei-voiceX:
[AC1]interface Wlan-Ess 1
/ e
o m
[AC1-Wlan-Ess1]quit
e i
Create service-set Huawei-voiceX, set the parameters and binding the profiles:
.c
aw
u
[AC1]wlan
.h
[AC1-wlan-view]service-set id 1 name Huawei-voice1
g
[AC1-wlan-service-set-Huawei-voice1]ssid Huawei-voice1
n
[AC1-wlan-service-set-Huawei-voice1]service-vlan 12
[AC1-wlan-service-set-Huawei-voice1]wlan-ess 1
ni
r
[AC1-wlan-service-set-Huawei-voice1]security-profile id 2
lea
[AC1-wlan-service-set-Huawei-voice1]traffic-profile id 0
//
[AC1-wlan-service-set-Huawei-voice1]forward-mode direct-forward
:
[AC1-wlan-service-set-Huawei-voice1]undo user-isolate
p
t
[AC1-wlan-service-set-Huawei-voice1]quit
t
:h
Using the batch command, you can create multiple virtual access points (VAPs) at a time.
e s
[AC1-wlan-view]batch ap 0 to 0 radio 0 to 1 service-set 1
c
Info: Command is being executed, please wait.
r
ou
Success: 2
Failure: 0
es
Using the commit command, you can commit configurations of one or all access points (APs).
R
g
[AC1-wlan-view]commit all
n i n
]Y
ar
e
Then the configuration of WPA-PSK has been finished, we can test the connection:
e L
o r
M
e n
/
o m
e i .c
aw
u
g .h
n
C:\Users\zWX>ipconfig
ni
r
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix
//
. :
lea
:
Link-local IPv6 Address . . . . . : fe80::2c32:9714:1276:b45b%14
p
t
IPv4 Address. . . . . . . . . . . : 10.1.12.253
t
Subnet Mask . . . . . . . . . . . : 255.255.255.0
:h
Default Gateway . . . . . . . . . : 10.1.12.1
e s
C:\Users\zWX>ping 100.100.100.100
r c
ou
s
Re
i n g
r n Ping statistics for 100.100.100.100:
a
e Approximate round trip times in milli-seconds:
eL
Minimum = 6ms, Maximum = 36ms, Average = 13ms
or
Run command display station assoc-info sta to check the STA status:
M <AC1>display station assoc-info sta 74e5-0bd5-53b4

------------------------------------------------------------------------------
Station mac-address : 74e5-0bd5-53b4

Associated SSID : Huawei-voice1


Station's Authentication Method : WPA1-PSK
Station's Cipher Type : TKIP
Station's User Name : 74e50bd553b4
Station's Vlan ID : 12
4.3.3 Configuring WPA EAP Authentication

e n
/
m
The authentication architecture of EAP consists of three parts: clients, authenticator and
o
authentication server.
e i .c
aw
u
g .h
ni n
r
// lea
p :
The authentication server of this practice had set an IP address 10.254.1.100, password:
t t
huawei, the authentication server was ready and test account: huawei, password: huawei.
s :h
c e
Configure radius service in the AC:
r
ou
[AC] radius-server template radius_huawei
s
[AC-radius-radius_huawei] radius-server authentication 10.254.1.100 1812
Re
[AC-radius-radius_huawei] radius-server shared-key cipher huawei
[AC1-radius-radius_huawei]undo radius-server user-name domain-included
i n g
[AC-radius-radius_huawei] quit
n
Configure AAA:
ar [AC] aaa
e
eL
[AC-aaa] authentication-scheme radius_huawei
[AC-aaa-authen-radius_huawei] authentication-mode radius local
or
[AC-aaa-authen-radius_huawei] quit
M [AC1-aaa]domain default
[AC1-aaa-domain-default]authentication-scheme radius_huawei
[AC1-aaa-domain-default]radius-server radius_huawei
[AC] test-aaa huawei huawei radius-template radius_huawei

Info: Account test succeed.
If the account test failed please ignore it first, and keep on configuring it.
Configure security profile Security-prof-wpaeap1, encryption mode CCMP, authentication
mode Dot1x PEAP:
[AC1-wlan-view]security-profile id 3 name Security-prof-wpaeap1

[AC1-wlan-sec-prof-Security-prof-wpaeap1]security-policy wpa2
[AC1-wlan-sec-prof-Security-prof-wpaeap1]wpa2 authentication-method dot1x e
ncryption-method ccmp
[AC1-wlan-sec-prof-Security-prof-wpaeap1]quit
Create WLAN-ESS interface, and enable Dot1x authentication:

[AC1]interface Wlan-Ess 2
n
[AC1-Wlan-Ess2]dot1x enable
[AC1-Wlan-Ess2]dot1x authentication-method eap
/ e
[AC1-Wlan-Ess2]quit
o m
i .c
Create service-set Huawei-employeeX, set the parameters and binding the profiles.
[AC1-wlan-view]service-set id 2 name Huawei-employee1
e
[AC1-wlan-service-set-Huawei-employee1]ssid Huawei-employee1
aw
[AC1-wlan-service-set-Huawei-employee1]service-vlan 11
u
.h
[AC1-wlan-service-set-Huawei-employee1]wlan-ess 2
i n g
[AC1-wlan-service-set-Huawei-employee1]security-profile id 3
[AC1-wlan-service-set-Huawei-employee1]traffic-profile id 0
n
[AC1-wlan-service-set-Huawei-employee1]forward-mode direct-forward
r
lea
[AC1-wlan-service-set-Huawei-employee1]tunnel-forward protocol dot1x
[AC1-wlan-service-set-Huawei-employee1]undo user-isolate
//
[AC1-wlan-service-set-Huawei-employee1]quit
p :
t
Using the batch command, you can create multiple virtual access points (VAPs) at a time.
t
:h
[AC1-wlan-view]batch ap 0 to 0 radio 0 to 1 service-set 2
s
Info: Command is being executed, please wait.
Success: 2
Failure: 0
r c e
ou
Using the commit command, you can commit configurations of one or all access points (APs).
es
[AC1-wlan-view]commit all
R
]Y
i n g
n
Right now, the WPA-PSK configuration has been finshed, run command display
ar current-configuration interface Wlan-Ess 2 to verify the configuration:
e
eL
[AC1]display current-configuration interface Wlan-Ess 2
#
or
interface Wlan-Ess2
M port hybrid untagged vlan 11

dot1x enable
dot1x authentication-method eap
#
[AC1]display security-profile id 2
------------------------------------------------------------
Profile name : Security-prof-wpapsk1
Profile ID : 2
Authentication : WPA PSK
Encryption : TKIP
------------------------------------------------------------
Service-set ID SSID
1 Huawei-voice1
------------------------------------------------------------
Bridge-profile ID Bridge Name
------------------------------------------------------------
Mesh-profile ID Mesh Id
------------------------------------------------------------
[AC1]dis service-set all

----------------------------------------------------------------------------
ID Name SSID
e n
/
1
2
Huawei-voice1
Huawei-employee1
Huawei-voice1
Huawei-employee1
o m
i
----------------------------------------------------------------------------
e .c
w
[AC1]display access-user
UserID Username IP address MAC a

------------------------------------------------------------------------------
u
1593 huawei 10.1.11.254 5c0a-5b36-4a71 .h
------------------------------------------------------------------------------
g
ni n
r
------------------------------------------------------------------------------
lea
Total 1,1 printed
4.3.4 Configuring EAP Client

: //
t t p
Set the wireless configuration in the PC manually, no need to download CA certificate.
1. Click the icon

:h
in the lower right corner of the PC and openopen network and
s
e
sharing center
2.
r c
Clickmanage wireless network
3. Clickadd
s ou
4.
5. Re
Clickmanually create a network proflie
Set the parameters as shown in below figure, and click next:
i n g
r n
e a
e L
o r
M
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
6.
:
Then clickchange connection settings, change the setting.
p
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
7. Then the authentication window will popup, enter account: huawei and password:
huawei.
e n
/
o m
e i .c
aw
u
g .h
ni n
r
lea
8. Then the user authenticate is successed, and will obtain the IP address.
: //
t t p
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
9. Then the PC can get the IP address, can ping to the switch
C:\Users\zWX> ipconfig
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::2c32:9714:1276:b45b%14

IPv4 Address. . . . . . . . . . . : 10.1.11.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.11.1
C:\Users\mWX64837>ping 100.100.100.100

e n
/
Ping statistics for 100.100.100.100:
o m
e i .c
w
Minimum = 10ms, Maximum = 177ms, Average = 59ms
u a
.h
ng
4.4 Security Policies Configuration Precautions
ni
ar
The following lists precautions for configuring security policies:

// le
If the security policy uses 802.1x authentication, run the dot1x enable and dot1x
:
authentication-method { chap | pap | eap } commands to enable 802.1x authentication
p
t
on the WLAN-ESS interface and set the 802.1x authentication method for WLAN users.
t
:h
If the security policy uses MAC address authentication, run the mac-authentication
s
enable command in the WLAN-ESS interface view to set the authentication method on
e
c
the WLAN-ESS interface to MAC address authentication.
r
ou
If the security policy uses Portal authentication, run the web-authentication enable
s
command in the WLAN-ESS interface view to set the authentication method on the
e
WLAN-ESS interface to Portal authentication.
R
When 802.1x authentication and direct forwarding is used on a network, use either of the
i n g
following methods to configure the switch between an AC and AP to transparently
transmit Layer 2 protocol packets.
r n
e a If a chassis switch is deployed between the AC and AP, run the bpdu bridge enable
L
command in the interface view.
r e If a case-shaped switch is deployed between the AC and AP, run the
o
l2protocol-tunnel user-defined-protocol protocol-name protocol-mac
protocol-mac group-mac group-mac command in the system view. Then run the
M l2protocol-tunnel user-defined-protocol protocol-name enable and bpdu enable
commands in the interface view.
In a Layer 3 networking where traffic is directly forwarded and 802.1 authentication is
configured, traffic cannot be forwarded at Layer 3 because EAP packets used in 802.1x
authentication are Layer 3 packets. Run the tunnel-forward protocol dot1x command
to forward EAP packets tunnels, and the AP forwards EAP packets over tunnels to the
AC, implementing authentication packet exchange with the AC.
Pay attention to the following points when configuring direct forwarding and tunnel
forwarding mode:
When tunnel forwarding is used and the AC allocates IP addresses to users, run the
dhcp enable command in the WLAN-ESS interface view to enable DHCP on the
WLAN-ESS interface.
When tunnel forwarding is used, run the port hybrid pvid vlan vlan-id command
in the WLAN-ESS interface view to configure the PVID.
When tunnel forwarding is used, the switch interface that directly connects to the
AP cannot be added to the service VLAN, which prevents MAC address flapping.
When direct forwarding is used, add the switch interface that directly connects to
the AP to the service VLAN.
e n
/
o m
e i .c
4.5.1 ACs configuration
aw
u
.h
#
g
sysname AC1
n
#
ni
r
lea
snmp-agent
//
#
http server enable
p :
t
t
:h
#
vlan batch 10 to 13
e s
c
#
dot1x enable
r
ou
#
dhcp enable
#
es
R
#
i n g
radius-server template radius_huawei
r n
radius-server authentication 10.254.1.100 1812 weight 80
e a undo radius-server user-name domain-included
eL
#
pki realm default
or
#
M
pki-realm default
#
ip pool vlan10
network 10.1.10.0 mask 255.255.255.0
dns-list 10.254.1.100
#
aaa
authentication-scheme radius_huawei
authentication-mode radius local
domain default
radius-server radius_huawei
e n
/
o m
#
e i .c
w
interface Vlanif10
ip address 10.1.10.100 255.255.255.0
dhcp select global
u a
#
interface Vlanif11
g .h
ip address 10.1.11.100 255.255.255.0
ni n
r
#
lea
interface Vlanif12
//
ip address 10.1.12.100 255.255.255.0
:
#
interface Vlanif13
t t
ip address 192.168.1.1 255.255.255.0 p
:h
s
#
interface MEth0/0/1
r c e
ou
ip address 192.168.100.200 255.255.255.0
s
#
e
R
g
i n
n
#
ar interface GigabitEthernet0/0/2
e #
eL
or
#

#
M interface GigabitEthernet0/0/23
#
#
#
#
interface Wlan-Ess0
#
interface Wlan-Ess1
#
interface Wlan-Ess2
e n
dot1x enable
/
#
o m
interface NULL0
#
e i .c
w
#
ip route-static 0.0.0.0 0.0.0.0 10.1.10.1
u a
#
g .h
ni n
r
lea
//
:
t t p
:h
#
s
wlan
r c e
ou
s
traffic-profile name traffic-prof-1 id 0
e
security-profile name security-prof-1 id 0
R
security-profile name Security-prof-wep1 id 1
g
wep authentication-method share-key
n i n
wep key wep-40 pass-phrase 0 cipher guest
security-profile name Security-prof-wpapsk1 id 2
ar security-policy wpa
Le wpa authentication-method psk pass-phrase cipher Huaweipsk encryption-method tkip

security-profile name Security-prof-wpaeap1 id 3
r e security-policy wpa2
o
wlan-ess 0
M ssid Huawei-guest1
security-profile id 1
service-vlan 13
service-set name Huawei-voice1 id 1
wlan-ess 1
ssid Huawei-voice1
service-vlan 12
service-set name Huawei-employee1 id 2

wlan-ess 2
ssid Huawei-employee1
service-vlan 11
wmm-profile id 0
radio-type 80211an
wmm-profile id 0
e n
ap 0 radio 0
/
radio-profile id 0
o m
e i .c
w
ap 0 radio 1
radio-profile id 1
u a
g .h
#
ni n
r
return

// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
HCNA-WLAN 5eSight Management for WLAN (Optional)
5 eSight Management for WLAN (Optional)
5.1 Objectives
e n
/
o m
.c
Configure SNMP in AC
Understand the method of eSight discover AC
e i
Configure WLAN with eSight wizard
aw
u
.h
Check the WLAN status by eSight
i n g
l e a
: //
Figure 5-1 eSight network deployment
eSight Server IP
t tp 10.254.1.100
: h
e s
eSight Server password User name: huawei Password: Abcd@1234
r c
SNMP read only community huaweiRO
o u
es
SNMP read and write
community
huaweiRW
R
i n g
Configure service-set by
wizard
huawei-esithtX, PSK password: Huaweipsk
arn
L e
r e
o
M5.3.1 Configuring AC SNMP Community
[AC1]snmp-agent community read huaweiRO
[AC1]snmp-agent community write huaweiRW
[AC1]snmp-agent sys-info version v2c
5.3.2 Configuring AC Discover AP

After the PC connect to the WLAN, enter URL http://10.254.1.100:8080 to access eSight
Server, user name: admin, password: Abcd@1234 (The initialized user name and password
are: admin/changeme123, you need change the initial password when you first login eSight).
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r and click Add Device,
After login in to eSight, select the pull-down menuResource
reference below parameters:
M IP Address 10.1.X0.100
Name ACX
SNMP Version V2C
Read Only Community huaweiRO
Write Community huaweiRW

e n
/
o m
e i .c
w
ClickOK when you finished, if displayed Successthen means the configuring is
a
u
successed.
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
e
RService-set by eSight Wizard
5.3.3 Configuring
i n g
arn
SelectBusinessand clickWLAN Management, as shown in below figure, select
L e Configuration Wizard:
e
1. Selecting AC
o r First finish ssh client first-time enable configuration in AC, and click synchronize,
synchronize all information about AC:
M [AC1]ssh client first-time enable
e n
/
o m
e i .c
to select a certain AC which needs to be configured, and click Next
w
Click the icon
u a
g .h
ni n
r
// lea
p :
2.
t t
Configuring the attributes of AC
:h
The attributes of the AC had been configured in the past practices, so no need to configure it
and click Next:
e s
r c
s ou
Re
i n g
r n
e a
e L
o r
M
3. Selecting AP
Click Add AP and select the AP you want to configure it, then click OK:
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
:h
If the AP is online, click Next:
e s
r c
s ou
Re
i n g
r n
4. Configuring the profiles
e a RF profile choose radio2-prof-1(this profile is for 2.4GHz), and click OK.
e L
o r
M
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s:h
r c e
s ou
Re
i n g
r n
e a
eL
Then Bind ESS profile:
or
M
e n
/
o m
e i .c
aw
u
g .h
ni n
Click Create, to create an ESS service-set, configure it as below (The password of WPA:
r
lea
Huaweipsk), and click OK:
: //
t t p
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
Select all ESS templates, then click OK:
e n
/
o m
e i .c
Configure the parameters as below, and click Next:
aw
u
g .h
ni n
r
// lea
p :
t t
s:h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
5. Apply to AP
Click Deploy:
If theDeploy StatusdisplayedSuccessthen the wizard configuring finished.
e n
/
o m
e i .c
aw
u
5.3.4 Checking the Configuration by eSight
g .h
1.
i n
Click Overview you can view all WLAN devices information:
n
r
// lea
p :
t t
s :h
r c e
s ou
2.
Re
Click Resource Management and click SSID, can check the service-set and VAP:
i n g
r n
e a
e L
o r
M 3. Click Local topologyto view the topology:
4. Click Resource Management and select Client can view the connected user
e n
information, click to see the details of the STA:
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
g
in Reference
5.4 Configuration
arn
e
eL
snmp-agent
snmp-agent community read huaweiRO
or
snmp-agent community write huaweiRW
snmp-agent sys-info version v2c v3
M
ssh client first-time enable

HCNA-WLAN 6Branched Networking + Layer 3 Networking Practice
6 Branched Networking + Layer 3 Networking Practice
6.1 Objectives
e n
/
o m
.c
Understand the branched networking structure
Configure branched networking device
e i
Configure tunnel forwarding
aw
u
.h
Verify the configuration
i n g
l e a
: //
Figure 6-1 Branched networking topology
t tp
: h
e s
Radius Server eSight Server
r c
10.25 4.1.100 10.254.1.200
o u
es
R GE0/0/23 GE0/0/24
i n g Core Switch
rn
AC1 GE0/0/24 GE0/0/1 GE0/0/20 GE0/0/24
AP10
a
GE0/0/11 GE0/0/10
L e
e
GE0/0/2 GE0/0/12
o r AP1
AC10
M
GE0/0/24
AC2 AP2
X is the group number of student (X= 1, 2, 3 10)
Networking topology Branched networking + Layer 3 networking + Tunnel

forwarding
AP APX connect with interface G0/0/1X of switch
AC Add vlan 80X and trunk IP:10.1.201.1/24
Reconfigure WLAN source to vlan 80X

e n
/
m
Configure DHCP pool of AP vlan 1X to option 43
.c o
e i
aw
u
6.3.1 Re-connecting AP to Switch
g .h
i n
Connect APX to number 1X interface in the switch, the configuration of switch was ready.
n
r
<CoreSW3700>dis current-configuration interface Ethernet 0/0/11
lea
#
//
interface Ethernet0/0/11
port link-type access
p :
t
port default vlan 10
t
:h
stp edged-port enable
#
6.3.2 Re-configuring VLAN and Trunk

e s
r c
ou
[AC1]vlan 801
s
[AC1]interface GigabitEthernet 0/0/24
Re
[AC1-XGigabitEthernet0/0/1]port trunk allow-pass vlan 801
[AC1-XGigabitEthernet0/0/1]quit
i n g
[AC1]interface Vlanif 801
r n
a
[AC1-Vlanif801]quit
Le
r e Change the next-hop of default route:
o [AC1]undo ip route-static 0.0.0.0 0.0.0.0
M [AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1
Ping test from APX to vlan 80X:

[AC1]ping 10.1.201.1
--- 10.1.201.1 ping statistics ---

0.00% packet loss
round-trip min/avg/max = 10/10/14 ms
6.3.3 AP Online Configuration

e n
/
Change the configuration of DHCP and WLAN source:
[AC1]ip pool vlan10
o m
.c
[AC1-ip-pool-vlan10]dis this
#
ip pool vlan10
e i
aw
u
network 10.1.10.0 mask 255.255.255.0
.h
g
dns-list 10.254.1.100
#
ni n
return
r
[AC1-ip-pool-vlan10]undo option 43
// lea
:
[AC1-ip-pool-vlan10]option 43 sub-option 3 ascii 10.1.201.100
p
t
[AC1-ip-pool-vlan10]quit
t
:h
[AC1]wlan
s
[AC1]undo wlan ac source interface
e
c Mode to Tunnel Forwarding
[AC1-wlan-view]wlan ac source interface Vlanif 801
u
6.3.4 Changing the Forwardingr
s o
[AC1]wlan
Re
i n g
[AC1-wlan-service-set-Huawei-voice1]forward-mode tunnel
rn
[AC1-wlan-service-set-Huawei-voice1]forward-mode tunnel
e a[AC1-wlan-service-set-Huawei-voice1]quit
e L [AC1-wlan-service-set-Huawei-employee1]forward-mode tunnel
r
[AC1-wlan-service-set-Huawei-employee1]quit
o [AC1-wlan-view]commit all
M
]Y
Right now, the configuration has been finished, wait for the status changing to normal:
[AC1]dis ap all
------------------------------------------------------------------------------
/Region
ID Type MAC ID State Sysname
------------------------------------------------------------------------------
0 AP6010DN-AGN cccc-8110-2260 0/0 normal ap-0

------------------------------------------------------------------------------
Total number: 1
[AC1]display station assoc-info ap 0

------------------------------------------------------------------------------
STA MAC AP-ID RADIO-ID SS-ID SSID

------------------------------------------------------------------------------
74e5-0bd5-53b4 0 0 2 Huawei-employee1
e n
5c0a-5b36-4a71 0 0 0 huawei-guest1
/
-----------------------------------------------------------------------------
o m
[AC1]dis service-set id 2
e i
---------------------------------------------------------------------------- .c
w
Service-set ID : 2
Service-Set name
SSID
: Huawei-employee1
: Huawei-employee1
u a
Hide SSID
User isolate
: disable
: disable
g .h
Type : service
ni n
r
Maximum number of user : 32
lea
Association timeout(min) : 5
//
Traffic profile name : traffic-prof-1
:
Security profile name : Security-prof-wpaeap1
User profile name
Wlan-ess interface
: -
t t
: Wlan-ess2 p
:h
Igmp mode : off
s
Forward mode : tunnel
Service-vlan
DHCP snooping
r c e : 11
: disable
ou
IPSG switch : disable
s
DHCP trust port : disable
e
DAI switch : disable
R
ARP attack threshold(pps) : 15
g
Protocol flag : all
n i n
Offline-management switch
Sta access-mode
: disable
: disable
ar Sta blacklist profile : -
Le Sta whitelist profile

Dhcp option82 Insert
: -
: Disable
r e Dhcp option82 Format : Insert Ap-mac
o
Broadcast suppression(pps) : -
Multicast suppression(pps) : -
M Unicast suppression(pps)
Traffic-filter inbound
: -
acl : -
Traffic-filter outbound acl : -
Service mode status : enable
AutoOff service ess status : disable
AutoOff service starttime : 00:00:00
AutoOff service endtime : 00:00:00
-----------------------------------------------------------------------------

#
sysname AC1
#
snmp-agent community read publicRO
snmp-agent community write publicRW
n
snmp-agent sys-info version v2c v3
snmp-agent
#
/ e
http server enable
o m
.c
#
e i
vlan batch 10 to 13 801
aw
u
#
.h
dot1x enable
g
#
dhcp enable
#
ni n
r
lea
#
//
radius-server template radius_huawei
:
radius-server authentication 10.254.1.100 1812 weight 80
p
t
undo radius-server user-name domain-included
t
:h
#
pki realm default
e s
c
#
r
ou
pki-realm default
#
es
R
ip pool vlan10
i n g
network 10.1.10.0 mask 255.255.255.0
dns-list 10.254.1.100
r n
e a #
eL
aaa
or
authentication-mode radius local
M authorization-scheme default
domain default
radius-server radius_huawei

#
interface Vlanif10
ip address 10.1.10.100 255.255.255.0
dhcp select global
#
interface Vlanif11
ip address 10.1.11.100 255.255.255.0
#
interface Vlanif12
ip address 10.1.12.100 255.255.255.0
e n
#
/
interface Vlanif13
ip address 192.168.1.1 255.255.255.0
o m
e i .c
w
#
interface Vlanif801
ip address 10.1.201.100 255.255.255.0
u a
#
interface MEth0/0/1
g .h
ip address 192.168.100.200 255.255.255.0
ni n
r
#
lea
//
:
#
t t p
:h
s
#

#
r c e
ou
s
#
e
R
g
port trunk allow-pass vlan 10 to 12 801
#
n i n
ar #
e interface XGigabitEthernet0/0/2
eL
#
or
interface Wlan-Ess0
M #
interface Wlan-Ess1
#
interface Wlan-Ess2
dot1x enable
#
interface NULL0
#
#
ip route-static 0.0.0.0 0.0.0.0 10.1.201.1
#
e n
/
o m
#
e i .c
w
wlan
u a
traffic-profile name traffic-prof-1 id 0
g .h
security-profile name security-prof-1 id 0
ni n
r
security-profile name Security-prof-wep1 id 1
lea
wep authentication-method share-key
//
wep key wep-40 pass-phrase 0 cipher guest
:
security-profile name Security-prof-wpapsk1 id 2
security-policy wpa
t t p
wpa authentication-method psk pass-phrase cipher Huaweipsk encryption-method tkip
:h
security-profile name Security-prof-wpaeap1 id 3
s
security-policy wpa2
r c
forward-mode tunnel e
ou
wlan-ess 0
s
ssid Huawei-guest1
e
R
g
service-vlan 13
i n
service-set name Huawei-voice1 id 1
n forward-mode tunnel
ar wlan-ess 1
e ssid Huawei-voice1
eL
or
service-vlan 12
service-set name Huawei-employee1 id 2
M forward-mode tunnel
wlan-ess 2
ssid Huawei-employee1
service-vlan 11
wmm-profile id 0
radio-type 80211an
wmm-profile id 0
ap 0 radio 0
radio-profile id 0
ap 0 radio 1
radio-profile id 1
e n
#
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
HCNA-WLAN 7Backup the Configuration and Reset the Device
7 Backup the Configuration and Reset th

e Device
e n
/
7.1 Objectives
o m
e i .c
w
Save the configuration of AC
Configure FTP service in AC
u a
Backup the configuration of AC
g .h
Reset the configuration of AC
ni n
ar
l e
7.2 Network Deployment Description
: //
t tp
h
Ietm Parameter
s :
e
IP of management interface 192.168.100.200
r c
u
File name of backup configuration acvrpcfg.zip
s o
e
FTP account Account: ftp Password: huawei123
R
g
FTP path Flash:/
n i n
ar
e
L the Configuration
e
or
7.3.1 Save
M We can use save command to save the current configuration to the storage device.
<AC1>save acvrpcfg.zip
Are you sure to save the configuration to flash:/acvrpcfg.zip?[Y/N]:Y
Info: Save the configuration successfully.
Using the dir command, you can view information about the files and directories on the
storage device.
<AC1>dir
Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName

0 -rw- 159 Oct 21 2013 10:02:34 portal_policy.txt
1 -rw- 11,650,584 Oct 14 2013 11:04:48 FitAP6X10XN_V200R003C00SPC200.bin
2 drw- - Sep 18 2013 15:26:09 dhcp
3 -rw- 4,364,287 Sep 18 2013 17:57:32 AC6605V200R003C00SPC200.001.web.zip
4 drw- - Aug 31 2013 15:40:37 corefile
5 -rw- 540 Sep 18 2013 15:26:51 rsa_server_key.efs
6 drw- - Sep 18 2013 15:26:17 security
7 -rw- 2,110 Oct 25 2013 05:40:48 daemon.log.bak
8 drw- - Sep 18 2013 19:10:51 logfile
9 -rw- 1,891 Oct 29 2013 07:52:55 vrpcfg.zip
e n
10 -rw- 1,314 Oct 29 2013 07:52:55 private-data.txt
/
11
12
-rw-
-rw-
633 Oct 29 2013 05:02:21
146 Oct 21 2013 10:02:34
daemon.log
portal_page.txt
o m
13
14
-rw-
-rw-
1,970 Oct 29 2013 08:31:09
45,075,085 Sep 18 2013 17:58:36
acvrpcfg.zip
e i
AC6605V200R003C00SPC200.cc .c
w
15 -rw- 1,260 Sep 18 2013 15:26:50 rsa_host_key.efs
16 -rw- 259,755 Oct 29 2013 05:03:15 mon_file.txt
u a
206,324 KB total (144,204 KB free)
g .h
7.3.2 Configuring FTP Service onAC
ni n
r
lea
[AC1]ftp server enable
[AC1]aaa
//
[AC1-aaa]local-user ftp password cipher huawei123 directory flash:/
:
p
[AC1-aaa]local-user ftp service-type ftp
t t
[AC1-aaa]local-user ftp privilege level 15
7.3.3 Backup the Configuration to PC

s :h
c e
Connect the cable to the management interface of AC.
r
ou
C:\Users\zWX>d:
s
D:\>ftp 192.168.100.200
Re
connect 192.168.100.200
220 FTP service ready.
i n g
User(192.168.100.200:(none)): ftp
331 Password required for ftp.
r n
password:ftp001
e a 230 User logged in.

ftp> get acvrpcfg.zip
eL
200 Port command okay.
or
150 Opening ASCII mode data connection for acvrpcfg.zip.
226 Transfer complete.
M
ftp: 1373 bytes received in 0.00Seconds 1373000.00Kbytes/sec.
ftp>
Then the configuration file is backuped in the PC, find the file in D:/ and then can opent it by
notepad or wordpad:
e n
/
o m
e i .c
aw
u
g .h
7.3.4 Reset the Configuration ni n
r
// lea
After your practice finished, below steps helps you to reset the configuration of the device:
<AC>reset saved-configuration
p :
t t
The configuration will be erased to reconfigure. Continue? [Y/N]:Y
<AC>reboot
s :h
e
<AC>Otherwise, unsaved configuration will be lost. Continue?[Y/N]:Y
r c
<AC>Warning: All the configuration will be saved to the configuration file for the n
ou
ext startup:, Continue?[Y/N]:N
<AC>System will reboot! Continue?[Y/N]:Y
es
R Reference
7.4 Configuration
i n g
arn
7.4.1 Configuration of AC
L e ftp server enable
r e aaa
o local-user ftp password simple ftp
M
local-user ftp ftp-directory flash:/
local-user ftp service-type ftp
local-user ftp privilege level 15
Here, you have finshed all the practices of this exercise guide. Congratulation!
HCNA-WLAN 8Appendix: Configuration of the SW
8 Appendix: Configuration of the SW
<CoreSW3700>dis current-configuration
e n
/
#
m
!Software Version V100R005C01SPC100
o
sysname CoreSW3700
.c
#
e i
vlan batch 10 to 12 20 to 22 30 to 32 40 to 42 50 to 52 60 to 62 70 to 72 80 to
82 90 to 92 100 to 102
vlan batch 800 to 810 900
aw
#
u
.h
dhcp enable
#
undo http server enable
i n g
#
r n
lea
drop illegal-mac alarm
#
//
aaa
p :
t t
:h
domain default
e s
c
local-user admin password simple admin
r
ou
local-user admin service-type http
#
es
interface Vlanif10
R
ip address 10.1.10.1 255.255.255.0
#
n g
interface Vlanif11
i
n
ip address 10.1.11.1 255.255.255.0
ar dhcp select interface
e
#
eL
interface Vlanif12
ip address 10.1.12.1 255.255.255.0
or
#
M interface Vlanif20
ip address 10.1.20.1 255.255.255.0
#
interface Vlanif21
ip address 10.1.21.1 255.255.255.0
#
interface Vlanif22
ip address 10.1.22.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.30.1 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.1 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.1 255.255.255.0
#
e n
interface Vlanif40
/
ip address 10.1.40.1 255.255.255.0
#
o m
interface Vlanif41
ip address 10.1.41.1 255.255.255.0
e i .c
w
#
interface Vlanif42
u a
ip address 10.1.42.1 255.255.255.0
g .h
#
ni n
r
interface Vlanif50
lea
ip address 10.1.50.1 255.255.255.0
//
#
:
interface Vlanif51
ip address 10.1.51.1 255.255.255.0
t t p
:h
#
s
interface Vlanif52
r c
dhcp select interfacee
ip address 10.1.52.1 255.255.255.0
ou
#
s
interface Vlanif60
e
ip address 10.1.60.1 255.255.255.0
#
R
g
interface Vlanif61
i n
ip address 10.1.61.1 255.255.255.0
n
ar #
e interface Vlanif62
eL
ip address 10.1.62.1 255.255.255.0
or
#
interface Vlanif70
M ip address 10.1.70.1 255.255.255.0

#
interface Vlanif71
ip address 10.1.71.1 255.255.255.0
#
interface Vlanif72
ip address 10.1.72.1 255.255.255.0
#
interface Vlanif80
ip address 10.1.80.1 255.255.255.0
#
interface Vlanif81
ip address 10.1.81.1 255.255.255.0
#
interface Vlanif82
ip address 10.1.82.1 255.255.255.0
#
e n
interface Vlanif90
/
ip address 10.1.90.1 255.255.255.0
#
o m
interface Vlanif91
ip address 10.1.91.1 255.255.255.0
e i .c
w
#
interface Vlanif92
u a
ip address 10.1.92.1 255.255.255.0
g .h
#
ni n
r
interface Vlanif100
lea
ip address 10.1.100.1 255.255.255.0
//
#
:
interface Vlanif101
ip address 10.1.101.1 255.255.255.0
t t p
:h
#
s
interface Vlanif102
r c
dhcp select interfacee
ip address 10.1.102.1 255.255.255.0
ou
#
s
interface Vlanif801
e
ip address 10.1.201.1 255.255.255.0
#
R
g
interface Vlanif802
i n
ip address 10.1.202.1 255.255.255.0
n
#
ar interface Vlanif803
Le ip address 10.1.203.1 255.255.255.0

#
r e interface Vlanif804
o
ip address 10.1.204.1 255.255.255.0
#
M interface Vlanif805
ip address 10.1.205.1 255.255.255.0
#
interface Vlanif806
ip address 10.1.206.1 255.255.255.0
#
interface Vlanif807
ip address 10.1.207.1 255.255.255.0
#
interface Vlanif808
ip address 10.1.208.1 255.255.255.0

#
interface Vlanif809
ip address 10.1.209.1 255.255.255.0
#
interface Vlanif810
ip address 10.1.210.1 255.255.255.0
#
interface Vlanif900
ip address 10.254.1.1 255.255.255.0
#
e n
/
o m
#
e i .c
w
port trunk allow-pass vlan 10 20 to 22 801 to 802
#
u a
g .h
ni n
r
#
lea
//
:
#
t t p
:h
s
#
r c e
ou
s
e
#
R
g
i n
n
#
ar interface Ethernet0/0/8
e port link-type trunk
eL
or
#
M port trunk allow-pass vlan 90 to 92 809

#
#
#
#
#
e n
/
o m
#
e i .c
w
u a
#
g .h
ni n
r
lea
//
:
#
t t p
:h
s
#
r c e
ou
s
e
#
R
g
i n
n
ar stp edged-port enable
e #
eL
or
M #
#
#
#
#
e n
/
#
o m
#
e i .c
w
#
#
u a
interface NULL0
#
g .h
interface LoopBack100
ni n
r
ip address 100.100.100.100 255.255.255.255
lea
#
//
interface LoopBack200
:
ip address 200.200.200.200 255.255.255.255
#
t t p
ip route-static 172.16.1.0 255.255.255.0 10.1.201.100
:h
ip route-static 172.16.2.0 255.255.255.0 10.1.202.100
s
ip route-static 172.16.3.0 255.255.255.0 10.1.203.100
r c e
ip route-static 172.16.4.0 255.255.255.0 10.1.204.100
ip route-static 172.16.5.0 255.255.255.0 10.1.205.100
ou
ip route-static 172.16.6.0 255.255.255.0 10.1.206.100
s
ip route-static 172.16.7.0 255.255.255.0 10.1.207.100
e
ip route-static 172.16.8.0 255.255.255.0 10.1.208.100
R
ip route-static 172.16.9.0 255.255.255.0 10.1.209.100
g
ip route-static 172.16.10.0 255.255.255.0 10.1.210.100
i n
ip route-static 192.168.1.0 255.255.255.0 10.1.10.100
n
ip route-static 192.168.2.0 255.255.255.0 10.1.20.100
ar ip route-static 192.168.3.0 255.255.255.0 10.1.30.100
e ip route-static 192.168.4.0 255.255.255.0 10.1.40.100
eL
ip route-static 192.168.5.0 255.255.255.0 10.1.50.100
or
ip route-static 192.168.6.0 255.255.255.0 10.1.60.100
ip route-static 192.168.7.0 255.255.255.0 10.1.70.100
ip route-static 192.168.8.0 255.255.255.0 10.1.80.100
M ip route-static 192.168.9.0 255.255.255.0 10.1.90.100

ip route-static 192.168.10.0 255.255.255.0 10.1.100.100
#
snmp-agent
snmp-agent local-engineid 000007DB7F00000100004E58
snmp-agent sys-info version v3
#
idle-timeout 0 0

set authentication password simple huawei
#
return
e n
/
o m
e i .c
aw
u
g .h
ni n
r
// lea
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
o r
M
The privilege of HCNA/HCNP/HCIE:
With any Huawei Career Certification, you have the privilege on http://learning.huawei.com/en to enjoy:
n
1e-Learning Courses Logon http://learning.huawei.com/en and enter Huawei Training/e-Learning
/e

o m
If you have the HCNA/HCNP certificateYou can access Huawei Career Certification and Basic Technology e-Learning
courses.
e i .c
If you have the HCIE certificate: You can access all the e-Learning courses which marked for HCIE Certification Users.
aw

Methods to get the HCIE e-Learning privilege : Please associate HCIE certificate information with your Huawei account, and
hu

email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

g .
2 Training Material Download
i n

arn
Content: Huawei product training material and Huawei career certification training material.

//le
MethodLogon http://learning.huawei.com/en and enter Huawei Training/Classroom Training ,then you can download
training material in the specific training introduction page.
p :
3 Priority to participate in Huawei Online Open Class (LVC)
t t

s :h
The Huawei career certification training and product training covering all ICT technical domains like R&S, UC&C, Security,
4Learning Tools: rc e
Storage and so on, which are conducted by Huawei professional instructors.
s o
eNSP Simulate single Router&Switch device and large network.

R e
WLAN Planner Network planning tools for WLAN AP products.
n g
In addition, Huawei has built up Huawei Technical Forum which allows candidates to discuss technical issues with Huawei experts ,
ni
share exam experiences with others or be acquainted with Huawei Products.
a r
Statement:
L e
r e
This material is for personal use only, and can not be used by any individual or organization for any commercial purposes.
o
M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1

Hcna-Wlan Experiment Guide Cli Issue v1.6

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Hcna-Wlan Experiment Guide Cli Issue v1.6

Hochgeladen von

Copyright:

Verfügbare Formate

The privilege of HCNA/HCNP/HCIE:

email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

(2014-12-20) Huawei Proprietary and Confidential i

Huawei Certificate System

(2014-12-20) Huawei Proprietary and Confidential ii

About This Document

e a Experiment 4: WLAN security configuration

(2014-12-20) Huawei Proprietary and Confidential iii

Background Knowledge Required

(2014-12-20) Huawei Proprietary and Confidential iv

(2014-12-20) Huawei Proprietary and Confidential v

Huawei Certificate System ....................................................................................................... /ii e n

L e 2.3.4 Save the Configuration.....................................................................................................................17

M 3.1 Objectives ................................................................................................................................................20

04/20/2014 Huawei Proprietary and Confidential ii

3.3.6 Configuring WLAN-ESS Interface ...................................................................................................24

4 WLAN Security Configuration ............................................................................................. 33

i n g + Layer 3 Networking Practice ...................................................... 59

o r 6.3.2 Re-configuring VLAN and Trunk .....................................................................................................60

7 Backup the Configuration and Reset the Device ............................................................... 67

7.3.2 Configuring FTP Service onAC........................................................................................................68

8 Appendix: Configuration of the SW .................................................................................... 70

1 Practice 1: Preparing the Lab Environmen

i n g Figure 1-1 Devices List

arn Name Count Description

o r PoE switch or SW and the pre-configuration

M Huawei Quidway S5700

AC6605 1 AC per group AC with PoE power module

AP6010DN 1 AP per group

Laptop or desktop PC 1 PC per group PC with wireless network

04/20/2014 Huawei Proprietary and Confidential 5

RJ-45 cables 4 cables for each group

Console Cable 1 cable per group

Each group please confirms the devices in advance:

i n g GE0/0/24 GE0/0/2 GE0/0/24

Description of the chain networking:

Description of the branched networking:

Figure 1-5 Creating a connection e i

e a computer, then click OK.

Figure 1-6 Configuring the connection port

Please configure the login password (6-16)

Reboot the device:

M Service VLAN (Employee) VLAN: X1

Service VLAN (Voice VLAN) VLAN: X2

Service VLAN (Guest VLAN) VLAN: X3

AC Interface (Link to Management PC) MEth 0/0/1

AC Interface (Link to AP) GE0/0/1

M2.3.2 Configuring the Basic Information of AC

Create management VLAN 10, service VLAN 11, 12, 13.

Configure the interface g0/0/1 which used to link the AP.

Configure the interface g0/0/24 which used to link the switch.

or Configure the vlanif interface of the VLANs

r n round-trip min/avg/max = 10/12/20 ms

M Request time out

Configure the static default route point to the switch in AC.

Ping to the destination IP address 100.100.100.100 again:

Reply from 100.100.100.100: bytes=56 Sequence=1 ttl=255 time=7 ms

--- 100.100.100.100 ping statistics ---

ar Reply from 192.168.100.200:bytes=32 time=23ms TTL=255

or Ping statistics for 192.168.100.200:

M Packets: Sent = 4Received = 4Lost = 0 (0% loss)