Sie sind auf Seite 1von 86

Fat AP and Cloud AP

Web-based Configuration Guide 3 Configuration Examples (Common AP)

3 Configuration Examples (Common AP)

About This Chapter

3.1 WLAN Enhanced Services Configuration Examples


3.2 Example for Configuring Fat AP Layer 2 Networking
3.3 Example for Configuring Fat AP Layer 3 Networking
3.4 Example for Configuring STAs on the Fat AP to Access the Public Network Through
NAT
3.5 Security Policy Configuration Examples
3.6 Example for Configuring Band Steering
3.7 Example for Configuring WIDS/WIPS
3.8 Example for Configuring the Passenger Flow Analysis Function
3.9 WLAN QoS Configuration Examples

3.1 WLAN Enhanced Services Configuration Examples

3.1.1 Example for Configuring APs to Report KPI Information

Service Requirements
KPI information of APs is reported to CloudCampus@AC-Campus and CampusInsight
through the WMI report mechanism.

Networking Requirements
Figure 3-1 shows the information report mode.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 14


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-1 APs report KPI information

Data Planning
Item Data

KPI l Destination IP address: 10.2.3.4


information l Port number: 27371
reported by
an AP

Configuration Roadmap
1. Configure basic WLAN services.
2. Configure parameters for interconnecting APs with the WMI server.

Configuration Notes
l Only some models of APs can report KPI information. For details, see Licensing
Requirements and Limitations for KPI Information Report in CLI-based
Configuration Guide.
l If the KPI information needs to be reported to only one WMI server, do not configure
multiple information report channels to avoid resource waste of the target server.
l Pre-configure network connectivity to ensure that APs can properly communicate with
the WMI server.

Procedure
Step 1 Configure parameters for interconnecting the AP with CampusInsight.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 15


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Choose Maintenance > WMI from the main menu on the AP web NMS, configure
parameters for interconnecting the AP with CampusInsight on the Channel 1 tab page, and
click Apply.

Typically, the port number of CampusInsight is 27371.

----End

3.2 Example for Configuring Fat AP Layer 2 Networking

Networking Requirements
As shown in Figure 3-2, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime.

The requirements are as follows:


l A WLAN named wlan-net is available.
l Router functions as a DHCP server to assign IP addresses to STAs. The Fat AP
transparently transmits DHCP messages at Layer 2.

Figure 3-2 Networking diagram for configuring basic Layer 2 WLAN services

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 16


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Data planning
Item Data

Service VLAN for STAs VLAN 101

DHCP server Router functions as a DHCP server to assign


IP addresses to STAs.

IP address pool for STAs 10.23.101.3 to 10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net and security profile wlan-net

Configuration Roadmap
1. Configure Router as a DHCP server to assign IP addresses to STAs.
2. Configure basic WLAN services using the WLAN configuration wizard.
3. Configure the AP channel and transmit power.
4. Associate STAs to the WLAN to verify services.

NOTE

You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the
Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the
upstream device after services are configured and saved.

Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce
Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 17


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Procedure
Step 1 Configure Router as a DHCP server to assign IP addresses to STAs.
# Configure Router as a DHCP server to assign IP addresses to STAs from the IP address pool
on GE1/0/0.

NOTE

Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
[Router] dhcp enable
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ip address 10.23.101.1 24
[Router-GigabitEthernet1/0/0] dhcp select interface
[Router-GigabitEthernet1/0/0] dhcp server excluded-ip-address 10.23.101.2
[Router-GigabitEthernet1/0/0] quit

Step 2 Configure basic WLAN services.


1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.


# Set IP address parameters.

# Click Finish.
3. Configure Internet connection parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 18


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Next. The Configure Internet Connection page is displayed.


# Add an interface to VLAN 101 in tagged mode.
NOTE

If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network
interruption. In this case, you need to change the PC's IP address to 10.23.101.x and access the AP's
new IP address 10.23.101.2 to log in to the AP again for further operations.
If the uplink NE of the AP is assigned to a VLAN, it is recommended that the uplink interface of the AP
be configured in the same VLAN as the peer interface. In this case, you can configure a PVID on the
uplink interface of the AP so that this interface removes the VLAN tag from outgoing packets. You can
also configure the uplink interface as an access interface.

# Click Finish.
Step 3 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE

Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.

# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 19


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.

# The configuration of Radio 1 is similar to that of Radio0. Disable automatic channel


and power calibration functions of Radio 1, and set the AP channel to 20-MHz channel
149 and transmit power to 127 dBm.
# Click Apply. In the dialog box that is displayed, click OK.
Step 4 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. STAs can associate with the WLAN and obtain IP addresses on the network segment
10.23.101.x/24.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 20


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.

----End

More Information
(Video) Example for Configuring Fat AP Layer 2 Networking

3.3 Example for Configuring Fat AP Layer 3 Networking

Networking Requirements
As shown in Figure 3-3, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime.

The requirements are as follows:


l A WLAN named wlan-net is available.
l The Fat AP functions as a DHCP server to assign IP addresses to STAs.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 21


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-3 Networking diagram for configuring basic Layer 3 WLAN services

Data planning
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2 to 10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net and security profile wlan-net

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure Router to communicate with the AP.
2. Configure basic WLAN services using the WLAN configuration wizard.
3. Configure the AP channel and transmit power.
4. Associate STAs to the WLAN to verify services.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 22


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the
Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the
upstream device after services are configured and saved.

Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce
Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

Procedure
Step 1 Configure the network devices.

# Set the IP address of GE1/0/0 on Router to 10.23.200.2/24. Configure a static route from the
Router to the STAs.
<Huawei> system-view
[Huawei] sysname Router
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ip address 10.23.200.2 24
[Router-GigabitEthernet1/0/0] quit
[Router] ip route-static 10.23.101.0 255.255.255.0 10.23.200.1

Step 2 Configure basic WLAN services.


1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.

# Click Create. The Basic Information page is displayed.

# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 23


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

Configure the DNS server address as required.

# Click Finish.
3. Configure Internet connections.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 200 in tagged mode.
NOTE

If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network
interruption. In this case, you need to change the PC's IP address to 10.23.200.x and access the AP' new
IP address 10.23.200.1 to log in to the AP again for further operations.
If the uplink NE of the AP is assigned to a VLAN, it is recommended that the uplink interface of the AP
be configured in the same VLAN as the peer interface. In this case, you can configure a PVID on the
uplink interface of the AP so that this interface removes the VLAN tag from outgoing packets. You can
also configure the uplink interface as an access interface.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 24


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Finish.
Step 3 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE

Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.

# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 25


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# The configuration of Radio 1 is similar to that of Radio0. Disable automatic channel


and power calibration functions of Radio 1, and set the AP channel to 20-MHz channel
149 and transmit power to 127 dBm.
# Click Apply. In the dialog box that is displayed, click OK.
Step 4 Configure a default route.
# Choose Configuration > IP Service > Route. The Route page is displayed.
# Click Create in Static Route Configuration Table and create a static route.

# Click OK.
Step 5 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 26


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.

----End

More Information
(Video) Example for Configuring Fat AP Layer 3 Networking

3.4 Example for Configuring STAs on the Fat AP to Access


the Public Network Through NAT

Networking Requirements
As shown in Figure 3-4, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime. The administrator wants enterprise employees to access the public
network using public IP addresses.

The requirements are as follows:


l A WLAN named wlan-net is available.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 27


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

l Enterprise employees are assigned IP addresses on 10.23.101.0/24. These IP addresses


are translated to the IP address of the Fat AP outbound interface using Easy-IP for
employees to access the public network.

Figure 3-4 Networking diagram for configuring STAs to access the public network through
NAT

Data planning
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2 to 10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net and security profile wlan-net

NAT Outbound The private IP address segment


10.23.101.0/24 is mapped to the public IP
address 1.1.1.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 28


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic WLAN services using the WLAN configuration wizard.
2. Configure the AP channel and transmit power.
3. Configure NAT so that STAs can access the public network using public IP addresses.
4. Associate STAs to the WLAN to verify services.

NOTE

You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the
Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the
upstream device after services are configured and saved.

Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce
Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.

# Click Create. The Basic Information page is displayed.

# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 29


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

Configure the DNS server address as required.

# Click Finish.
3. Configure Internet connections.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 200 in tagged mode.
NOTE

If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network
interruption. In this case, you need to change the PC's IP address to 1.1.1.x and access the AP's new IP
address 1.1.1.1 to log in to the AP again for further operations.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 30


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Finish.
Step 2 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE

Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.

# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 31


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# The configuration of Radio 1 is similar to that of Radio0. Disable automatic channel


and power calibration functions of Radio 1, and set the AP channel to 20-MHz channel
149 and transmit power to 127 dBm.
# Click Apply. In the dialog box that is displayed, click OK.
Step 3 Configure a default route.
# Choose Configuration > IP Service > Route. The Route page is displayed.
# Click Create in Static Route Configuration Table and create a static route.

# Click OK.
Step 4 Configure an ACL.
1. Choose Configuration > Security > ACL. The Basic ACL Settings page is displayed.
2. Click Create. On the Create Basic ACL page that is displayed, set ACL parameters.

3. Click OK.
4. In the new ACL, click Add Rule. On the Add Rule page, set ACL parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 32


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

5. Click OK.
Step 5 Configure NAT.
1. Choose Configuration > IP Service > NAT. The NAT page is displayed.
2. Click Create in NAT Mapping and create a NAT mapping.

3. Click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 33


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. STAs can access the public network successfully.

----End

More Information
(Video) Example for Configuring Users on the Fat AP to Access the Public Network
Through NAT

3.5 Security Policy Configuration Examples

3.5.1 Example for Configuring a WPA2-PSK-AES Security Policy

Service Requirements
Because the WLAN is open to users, there are potential security risks if no security policy is
configured for the WLAN. Users do not require high WLAN security, so no authentication
server is required. A WEP or WPA/WPA2 (pre-shared key) security policy can be configured.
STAs support WPA/WPA2, TKIP encryption, and AES encryption, so pre-shared key
authentication and AES encryption are used to secure data transmission.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 34


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Figure 3-5 Networking diagram for configuring a WPA2-PSK-AES security policy

Data preparation
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net and security profile wlan-net

Configuration Roadmap
The configuration roadmap is as follows:

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 35


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

1. Use the WLAN configuration wizard to configure WLAN services. Set the security
policy to WPA-WPA2 PSK and AES.
2. Configure radio calibration.
3. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.

# Click Create. The Basic Information page is displayed.

# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.


NOTE

Configure the DNS server address as required.

# Click Finish.
3. Configure Internet connection parameters.

# Click Next. The Configure Internet Connection page is displayed.

# Add an interface to VLAN 101 in tagged mode.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 36


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.
Step 2 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE

Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.

# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 37


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# The configuration of Radio 1 is similar to that of Radio0. Disable automatic channel


and power calibration functions of Radio 1, and set the AP channel to 20-MHz channel
149 and transmit power to 127 dBm.
# Click Apply. In the dialog box that is displayed, click OK.
Step 3 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 38


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. The STA can access the WLAN after the wireless user enters the password.

----End

3.5.2 Example for Configuring 802.1X Authentication


Service Requirements
Due to openness of the WLAN, there are security risks. To meet requirements for high
security, 802.1X authentication is used and the RADIUS server authenticates identities of
STAs.

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Figure 3-6 Networking for configuring 802.1X authentication

Data Planning

Table 3-1 AP data planning


Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.3-10.23.101.254/24


DNS: 8.8.8.8
Address that cannot be assigned:
10.23.101.2 (IP address of the router)

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 39


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2 802.X
+AES
l Password: a1234567

Authentication profile l Name: wlan-net


l Referenced profile: 802.1X profile wlan-
net, RADIUS Server profile wlan-net
and authentication scheme wlan-net

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profile: SSID profile wlan-
net and security profile wlan-net

STA's gateway VLANIF101: 10.23.101.1

STA user name and password l User name: huawei


l Password: huawei123

RADIUS server l IP address: 10.23.102.1


l Port number: 1812
l Shared key: huawei123

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1X
and RADIUS authentication and set RADIUS server parameters.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure the switches and router.

# Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.

# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 40


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.

Step 2 Configure WLAN services.


1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.

# Click Create. The Basic Information page is displayed.

# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.

# Click Finish.
3. Configure Internet connection parameters.

# Click Next. The Configure Internet Connection page is displayed.

# Add an interface to VLAN 101 in tagged mode.


NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 41


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Finish.
Step 3 Configure DNS.
NOTE

Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 42


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Step 4 Configure a static route.


1. Choose Configuration > IP Service > Route. The Route page is displayed.
2. Click Create in Static Route Configuration Table.

3. Click OK.

Step 5 Verify the configuration.


l The WLAN with SSID wlan-net is available for STAs connected to the AP.
l The wireless PC obtains an IP address after it associates with the WLAN.
l Use the 802.1X authentication client on a STA and enter the correct user name and
password. The STA is authenticated and can access the WLAN. You must configure the
client for PEAP authentication.
– Configuration on the Windows XP operating system:
i. On the Association tab page of the Wireless network properties dialog box,
add SSID wlan-net, set the authentication mode to WPA2, and encryption
algorithm to AES.
ii. On the Authentication tab page, set EAP type to PEAP and click Properties.
In the Protected EAP Properties dialog box, deselect Validate server

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 43


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

certificate and click Configure. In the displayed dialog box, deselect


Automatically use my Windows logon name and password and click OK.
– Configuration on the Windows 7 operating system:
i. Access the Manage wireless networks page, click Add, and select Manually
create a network profile. Add SSID wlan-net. Set the authentication mode to
WPA2-Enterprise, and encryption algorithm to AES. Click Next.
ii. Click Change connection settings. On the Wireless Network Properties
page that is displayed, select the Security tab page and click Settings. In the
Protected EAP Properties dialog box, deselect Validate server certificate
and click Configure. In the displayed dialog box, deselect Automatically use
my Windows logon name and password and click OK.
iii. On the Wireless Network Properties page, click Advanced settings. On the
Advanced settings page that is displayed, select Specify authentication
mode, set the identity authentication mode to User authentication, and click
OK.
l After wireless users connect to the network, run the display access-user access-type
dot1x command on the AP to view users in 802.1X authentication mode. The user
huawei has gone online successfully.
<Huawei> display access-user access-type dot1x
------------------------------------------------------------------------------
UserID Username IP address MAC
Status
------------------------------------------------------------------------------
460 huawei 10.23.101.254 8000-6e74-e78a Success
------------------------------------------------------------------------------
Total: 1, printed: 1

----End

3.5.3 Example for Configuring External Portal Authentication


Service Requirements
Because a WLAN is open to users, there are potential security risks. To enable users to easily
associate with a WLAN, an AP uses the default security policy, that is, no authentication and
no encryption. Portal authentication is configured on APs to centrally manage access users.
Any user who accesses a WLAN is redirected to the Portal authentication web page. After
entering the correct user name and password, the user is authenticated by the RADIUS server.
The user can access the WLAN after the authentication succeeds.

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 44


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-7 Networking for configuring Portal authentication

Data Planning

Table 3-2 AP data planning


Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.3-10.23.101.254/24


DNS: 8.8.8.8
Address that cannot be assigned:
10.23.101.2 (IP address of the router)

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: OPEN

Authentication profile l Name: wlan-net


l Referenced profile: portal profile wlan-
net, RADIUS Server profile wlan-net,
authentication scheme wlan-net and
authentication-free rule profile
default_free_rule

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 45


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profile: SSID profile wlan-
net and security profile wlan-net

STA's gateway VLANIF 101: 10.23.101.1

STA user name and password l User name: huawei


l Password: huawei123

RADIUS server l Name: wlan-net


l IP address: 10.23.102.1
l Port number: 1812
l Shared key: huawei123

Portal server l Server template: huawei


l IP address: 10.23.103.1
l URL: http://10.23.103.1:8080/webauth
l Port number: 50100
l Shared key: huawei123

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure Portal and
RADIUS authentication and set parameters of the external Portal server and RADIUS
server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Specify network resources accessible to authentication-free users.
5. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure the switches and router.

# Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.

# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.

# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 46


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Configure a Portal server and set the port number and shared key to provide the web
authentication page.
Step 2 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.


# Set IP address parameters.

# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 47


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.
Step 3 Configure DNS.
NOTE

Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 48


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Step 4 Configure a static route.


1. Choose Configuration > IP Service > Route. The Route page is displayed.
2. Click Create in Static Route Configuration Table.

3. Click OK.
Step 5 Configure network resources accessible to authentication-free users.
1. Choose Configuration > WLAN Service > Profile.The Profile Management page is
displayed.
2. Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile >
Authentication-free Rule Profile. The Authentication-free Rule Profile page is
displayed.
3. Set Authentication-free Rule Profile to default_free_rule.
4. Click Create. On the Create Authentication-free Rule page that is displayed, set Rule
ID to 1 and the authentication-free resource to the IP address of the DNS server.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 49


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

5. Click OK.
6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that
is displayed, click OK.

Step 6 Verify the configuration.


1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. When you open the browser on the STA, you are redirected to the Portal authentication
page. After you enter the correct user name and password and are successfully
authenticated, you can access the Internet.

----End

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 50


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3.5.4 Example for Configuring MAC Address Authentication

Service Requirements
The WLAN authentication client cannot be installed on wireless devices providing public
services, such as wireless printers and phones, so use MAC address authentication. The
RADIUS server authenticates wireless devices using their MAC addresses. No authentication
is required when STAs access the WLAN, facilitating the use of WLAN services.

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Figure 3-8 Networking for configuring MAC address authentication

Data Planning

Table 3-3 AP data planning

Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.3-10.23.101.254/24


DNS: 8.8.8.8
Excluded IP address: 10.23.101.2 (IP
address of the router)

SSID profile l Name: wlan-net


l SSID name: wlan-net

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 51


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

Security profile l Name: wlan-net


l Security policy: OPEN

MAC access profile l Name: wlan-net


l User name and password for MAC
address authentication:
– User name: wlan-net
– Password: huawei@123

Authentication profile l Name: wlan-net


l Referenced profiles: MAC
authentication profile wlan-net,
RADIUS Server profile wlan-net, and
authentication scheme wlan-net

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net and security profile wlan-net

STA's gateway VLANIF 101: 10.23.101.1

RADIUS server l Name: wlan-net


l IP address: 10.23.102.1
l Port number: 1812
l Shared key: huawei@123

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure MAC
address and RADIUS authentication and set parameters of the RADIUS server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure the switches and router.

# Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.

# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 52


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
Step 2 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.


# Set IP address parameters.

# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 53


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Finish.
Step 3 Configure DNS.
NOTE

Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 54


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Step 4 Configure a static route.


1. Choose Configuration > IP Service > Route. The Route page is displayed.
2. Click Create in Static Route Configuration Table.

3. Click OK.
Step 5 Configure MAC authentication.
1. Create the authentication profile wlan-net.
# Choose Configuration > WLAN Service > WLAN Config > Radio 0. The Radio 0
page is displayed.
# Choose VAP Configuration > wlan-net > Authentication Profile. The
Authentication Profile page is displayed.
# Click Create. On the Create Authentication Profile page that is displayed, enter the
profile name wlan-net and click OK. The authentication profile configuration page is
displayed.
# Set Access mode to MAC authentication and Authentication mode to RADIUS
authentication.
# Click Apply. In the dialog box that is displayed, click OK.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 55


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

2. Configure the MAC access profile wlan-net.

# Click in front of Authentication Profile. Under it, click MAC Authentication.


The MAC Authentication Profile page is displayed.
# Click Create. On the Create MAC Authentication Profile page that is displayed,
enter the profile name wlan-net and click OK. On the MAC authentication profile
configuration page that is displayed, configure the user name format for MAC address
authentication.

# Click Apply. In the dialog box that is displayed, click OK.


3. Configure a RADIUS server profile.
# Click RADIUS Server in Authentication Profile. The RADIUS Server page is
displayed.

# Click under RADIUS Server Profile. The RADIUS Server Profile page is
displayed.
# Click Create. On the Create RADIUS Server Profile page that is displayed, set
Profile name to wlan-net and Profile default shared key to huawei@123.
# Click Create Server. In the Create Server Configuration dialog box that is
displayed, configure the RADIUS server parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 56


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click OK. On the Create RADIUS Server Profile page that is displayed, select the
created RADIUS server and click OK. On the RADIUS Server Profile page that is
displayed, select the created RADIUS server profile wlan-net and click OK.
# Click Apply. In the dialog box that is displayed, click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 57


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.

----End

3.5.5 Example for Configuring the RADIUS Server and AP to


Deliver User Group Rights to Users
Service Requirements
If enterprise employees can access the Internet without restriction, enterprise information is
threatened. To disable STA1 in department A from accessing the RADIUS server and
employees in department A from communicating with each other, users can configure the
RADIUS server and AP to deliver user group rights to users.

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 58


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-9 Configuring the RADIUS server and AP to deliver user group rights to users

Data Planning

Table 3-4 AP data planning


Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.3-10.23.101.254/24


DNS: 8.8.8.8
Address that cannot be assigned:
10.23.101.2 (IP address of the router)

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2 802.1X
+AES
l Password: a1234567

Authentication profile l Name: wlan-net


l Referenced profile: 802.1X profile wlan-
net, RADIUS Server profile wlan-net
and authentication scheme wlan-net

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 59


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profile: SSID profile wlan-
net and security profile wlan-net

STA's gateway VLANIF 101: 10.23.101.1

STA user name and password l User name: huawei


l Password: huawei123

RADIUS server l IP address: 10.23.102.1


l Port number: 1812
l Shared key: huawei123

FTP server IP address: 10.23.103.1

QoS profile Name: huawei

User group l Name: huawei


l Bound ACL number: 3002
l Bound QoS profile: huawei

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1X
and RADIUS authentication and set RADIUS server parameters.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Configure the user group.
5. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure the switches and router.

# Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.

# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.

# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.

Step 2 Configure WLAN services.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 60


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.


# Set IP address parameters.

# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 61


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Finish.
Step 3 Configure DNS.
NOTE

Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 62


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Step 4 Configure a static route.


1. Choose Configuration > IP Service > Route. The Route page is displayed.
2. Click Create in Static Route Configuration Table.

3. Click OK.
Step 5 Configure user group rights.
1. Create ACL 3002 that denies access to the FTP server 10.23.103.1/24.
# Choose Configuration > Security > ACL > Advanced ACL Settings. The
Advanced ACL Settings page is displayed.
# Click Create. In the Create Advanced ACL page that is displayed, set the ACL name
to ACL3002 and number to 3002, and click OK.
# Click Add Rule and add a rule.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 63


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click OK.
2. Create the QoS profile huawei, and set the rate limits of uplink and downlink traffic to 3
Mbit/s and 5 Mbit/s respectively.
# Choose Configuration > Security > User Group > QoS Profile. The QoS Profile
page is displayed.
# Click Create. On the Create QoS Profile page that is displayed, set parameters.

# Click OK.
3. Create the user group huawei, and bind ACL 3002 and QoS profile huawei to the user
group, and enable intra-group and inter-group isolation.
# Choose Configuration > Security > User Group > User Group. The User Group
page is displayed.
# Click Create. On the Create User Group page that is displayed, set parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 64


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click OK.
4. Bind the user group huawei to the authentication profile wlan-net.

# Choose Configuration > Security > AAA > Authentication Profile. The
Authentication Profile page is displayed.

# Click wlan-net, select the user group huawei on the parameter setting page of the
authentication profile

# Click Apply. In the dialog box that is displayed, click OK.

Step 6 Verify the configuration.


1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Two users go online and they cannot ping each other.

----End

3.5.6 Example for Configuring Built-in Portal Authentication for


Local Users

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 65


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Service Requirements
WLAN is open to users and therefore has potential security risks. To manage access users in a
centralized manner, Portal authentication is configured on the FAT AP. Any user that attempts
to access the WLAN is redirected to the Portal authentication page. Users are authorized to
access the WLAN after entering the correct user names and passwords. If the enterprise has a
few number of users, the FAT AP can function as the Portal server to authenticate users
locally to reduce costs. Built-in Portal authentication requires no additional Portal server,
allowing for easy and flexible deployment. However, as the Portal server, the FAT AP
provides only basic web functions (such as user login and logout) but cannot replace an
independent Portal server or provide extended functions of an external Portal server.

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Figure 3-10 Networking for configuring built-in Portal authentication

Data Planning

Table 3-5 AP data planning

Item Data

Service VLAN for STAs VLAN 101

DHCP server The FAT AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24


DNS: 8.8.8.8

STA's gateway VLANIF 101: 10.23.101.1

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 66


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

Built-in portal server l Server IP: 10.23.101.1


l SSL policy: default_policy
l Port number: 20000

Local user l User name: guest


l Password: guest@123

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: open (no authentication,
no encryption)

Authentication Profile l Name: wlan-net


l Referenced profile: Authentication-free
rule profile default_free_rule

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profile: SSID profile wlan-
net, security profile wlan-net and
Authentication profile wlan-net

Configuration Roadmap
The configuration roadmap is as follows:
1. Select WLAN Wizard to configure WLAN services on the FAT AP. On the web
platform, the HTTPS service is enabled and an SSL policy is applied. When configuring
a built-in Portal server, configure the same SSL policy for the built-in Portal server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Specify network resources accessible to authentication-free users.
4. Complete service verification.

Procedure
Step 1 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID. Set Security settings to Portal
(applicable to enterprise networks) and Portal server to Built-in Portal server.
Under Built-in Portal Server Configuration, configure the server IP address and port
number.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 67


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Manage next to Local user. The Local User page is displayed

# Click Create. The Create Local User page is displayed.

# Set Creation mode to Manually add and configure the local user name and password.

# Click OK.

# On the Create Local User page, select the new user and click OK.

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.

# Click Finish.
3. Configure Internet connection parameters.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 68


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Next. The Configure Internet Connection page is displayed.


# Add an interface to VLAN 101 in tagged mode.
NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.
Step 2 Configure DNS.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 69


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Step 3 Configure network resources accessible to authentication-free users.


1. Choose Configuration > WLAN Service > Profile.The Profile Management page is
displayed.
2. Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile >
Authentication-free Rule Profile. The Authentication-free Rule Profile page is
displayed.
3. Set Authentication-free Rule Profile to default_free_rule.
4. Click Create. On the Create Authentication-free Rule page that is displayed, set Rule
ID to 1 and the authentication-free resource to the IP address of the DNS server.

5. Click OK.
6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that
is displayed, click OK.

Step 4 Verify the configuration.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 70


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

1. The WLAN with the SSID wlan-net is available.


2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

3. When a user browses a web page, the browser automatically redirects the user to the
Portal authentication page. After entering the correct user name and password, the user
passes the authentication and can access the web page.
4. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.

Step 5 Maintain local user information.

# Choose Configuration > Security > AAA > Local User. Click a user name to modify the
password of the user. Click Delete to delete the selected user. Click Create to add a local user.
The following image shows adding a user.

----End

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 71


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3.6 Example for Configuring Band Steering

Service Requirements
To improve user experience and reduce burden on the 2.4 GHz frequency band, customers
require that STAs preferentially connect to the 5 GHz frequency band.
For the WLAN access configuration, see Related Topics.

Networking Requirements
As shown in Figure 3-11, 2.4 GHz and 5 GHz wireless networks are deployed in the
conference hall. The AP works on dual frequency bands. STAs connected to the APs support
both 2.4 GHz and 5 GHz frequency bands.

Figure 3-11 Networking diagram

Data preparation
Item Data

VAP profile l Name: wlan-net


l Band steering function: enabled
l Referenced profile: SSID profile wlan-
net and security profile wlan-net

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 72


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

RRM profile l Name: default


l Start threshold for load balancing
between radios: 15
l Load difference threshold for load
balancing between radios: 25

Configuration Roadmap
Configure the band steering function and proper band steering parameters so that users can
preferentially access the 5 GHz frequency band.

Configuration Notes
l Use AP that supports both 5 GHz and 2.4 GHz frequency bands and configure the same
SSID and security policy on the 5 GHz and 2.4 GHz radios.
l To allow a STA to preferentially associate with the 5 GHz radio and achieve a better
access effect, configure larger power for the 5 GHz radio than the 2.4 GHz radio.
l No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets,
they are usually sent at low rates. If a large number of such multicast packets are sent
from the network side, the air interfaces may be congested. You are advised to configure
multicast packet suppression on switch interfaces connected to APs to reduce impact of a
large number of low-rate multicast packets on the wireless network. Exercise caution
when configuring the rate limit; otherwise, the multicast services may be affected. For
details on how to configure traffic suppression, see How Do I Configure Multicast
Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast
Packets on the Wireless Network?.

Procedure
Step 1 Configure the band steering function.
1. Enable the band steering function in the VAP profile wlan-net. By default, the band
steering function is enabled.
# Choose Configuration > WLAN Service > Profile.
# Choose Wireless Service > VAP Profile in Profile Management. The VAP Profile
List page is displayed.
# Click wlan-net. The VAP profile page is displayed.
# On the Advanced Configuration tab, enable the band steering function on the VAP
profile page.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 73


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

2. # In the RRM profile, configure load balancing between radios to prevent heavy load on
a single radio. Set the start threshold for load balancing between radios to 15, and the
load difference threshold to 25%.
# Choose Configuration > WLAN Service > Profile Management.
# Choose Radio Management > RRM Profile in Profile Management. The RRM
Profile List page is displayed.
# Click the RRM profile default. The RRM profile configuration page is displayed.
# On the Advanced Configuration tab, set the start threshold for load balancing
between radios to 15, and the load difference threshold to 25%.

# Click Apply. In the dialog box that is displayed, click OK.


Step 2 Verify the configuration.
Choose Monitoring > Terminal Manage > STA Statistics. Most STAs can connect to the 5
GHz frequency band, and users enjoy good service experience.

----End

Related Topics
l 3.2 Example for Configuring Fat AP Layer 2 Networking
l 3.3 Example for Configuring Fat AP Layer 3 Networking
l 3.4 Example for Configuring STAs on the Fat AP to Access the Public Network
Through NAT

3.7 Example for Configuring WIDS/WIPS


Service Requirements
Due to openness of the WLAN, there are security risks. If attackers deploy an AP with the
SSID huawei on the network to forge an authorized AP, STAs may associate with the rogue
AP. If wireless terminals attack the WLAN network, for example, the terminals try to crack
the WAP2-PSK key or initiate flood attacks to the authorized AP, there are security risks on
the network. WIDS and WIPS need to be configured on the AP to detect attacks of rogue APs
and terminals.

Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 74


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-12 WIDS/WIPS networking

Data Preparation
Item Data

Radio 0 l Device detection and rogue device


containment on radio 0: enabled.
l Attack detection type on radio 0: Flood
and WPA2-PSK

WIDS and WIPS parameters l Rogue device containment mode:


containing rogue APs using spoofing
SSIDs
l Flood attack: More than 300
management packets of the same type
are received within 60 seconds.
l WPA2-PSK brute force password
cracking: An incorrect key is entered
more than 20 times during WPA2-PSK
authentication within 60 seconds.
l Dynamic blacklist: enabled

Dynamic blacklist aging time 200 seconds

Configuration Roadmap
The configuration roadmap is as follows:

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 75


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

1. Configure wireless services on the AP. For details, see 3.2 Example for Configuring
Fat AP Layer 2 Networking.
2. Configure WIDS and WIPS to detect and contain rogue APs and prevent STAs from
associating with the rogue APs. Add attacking devices to the dynamic blacklist so that
the APs discard packets from the attacking devices.
3. Verify the configuration.

NOTE

In this example, the authorized APs work in normal mode and have the detection function enabled. In
addition to transmitting WLAN service data, AP radios need to perform the monitoring function.A transient
increase in the WLAN service latency may occur, which does not affect network access. However, if any
latency-sensitive service (such as videoconferencing) is running, it is recommended that a separate radio be
used for air scan.
The following example configures WIDS and WIPS on radio 0. The configuration on radio 1 is similar.

Procedure
Step 1 Enable WIDS and WIPS.
1. Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
2. Click Radio Management. The configuration page of radio 0 is displayed.
3. Enable device detection, rogue device containment, flood attack detection, and WPA2-
PSK attack detection.

4. Click Apply. In the Info dialog box that is displayed, click OK.

Step 2 Set parameters related to WIDS and WIPS.


1. Choose Configuration > Security > WIDS > Global Settings. The Global Settings
page is displayed.
2. Set the rogue device containment mode and parameters for detection of brute force key
cracking attacks and flood attacks, and enable the dynamic blacklist function.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 76


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Click Apply. In the Info dialog box that is displayed, click OK.
Step 3 Set the aging time of the dynamic blacklist.
1. Choose Configuration > WLAN Service > Basic Config > STA Blacklist And
Whitelist.
2. Set Dynamic blacklist aging time to 200 seconds.
3. Click Apply. In the Info dialog box that is displayed, click OK.
Step 4 Verify the configuration.
1. Choose Configuration > Security > WIDS.
2. Check information about detected rogue devices on the Rogue Device tab page.
3. Check statistics on all detected attacks on the Attack Statistics tab page.
4. Check detailed information about attacks on the Attack Records tab page.
5. Check information about attack devices in the blacklist on the Dynamic Blacklist tab
page.

----End

3.8 Example for Configuring the Passenger Flow Analysis


Function

Networking Requirements
On the network of a shopping mall shown in Figure 3-13, a Fat AP interconnects with a
location server through a switch. It is required that the Fat AP provide Wi-Fi access for STAs
while implementing the passenger flow analysis function with the help of the location server.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 77


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-13 Configuring the passenger flow analysis function

Data preparation
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profile: SSID profile wlan-
net and security profile wlan-net

Air scan profile l Name: wlan-air-scan


l Probe channel set: calibration channels

2G radio profile l Name: default


l Referenced profile: air scan profile
wlan-air-scan

5G radio profile l Name: default


l Referenced profile: air scan profile
wlan-air-scan

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 78


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

Location profile l Name: wlan-location


l Destination IP address/Port number used
by the AP to report channel scan
information: 10.23.100.2/32180

Configuration Roadmap
1. Configure basic WLAN services so that users can connect to the internal network
through the WLAN.
2. Configure the passenger flow analysis function so that APs can periodically scan
channels to collect radio signals and report the collected information to the location
server.

Procedure
Step 1 Configure the location server (details are not provided here).

Step 2 Configure basic WLAN services based on data planning. For details, see 3.2 Example for
Configuring Fat AP Layer 2 Networking.

Step 3 Configure the WLAN air scan function.


1. Create an air scan profile.

# Choose Configuration > WLAN Service > Profile > Radio Management > Air
Scan Profile. The Air Scan Profile List page is displayed.

# Click Create to create the air scan profile wlan-air-scan and click OK.

# Set Probe channel set to Country code channels.

# Click Apply.
2. Configure the 2G radio profile and bind the air scan profile to the 2G radio profile.

# Choose Configuration > WLAN Service > Profile > Radio Management > 2G
Radio Profile.

# Click next to the 2G radio profile default in Profile Management. The profiles
referenced by the 2G radio profile are displayed. Click Air Scan Profile.

# Set Air Scan Profile to wlan-air-scan.

# Click Apply.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 79


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Configure the 5G radio profile and bind the air scan profile to the 5G radio profile.

# Choose Configuration > WLAN Service > Profile > Radio Management > 5G
Radio Profile.

# Click next to the 5G radio profile default in Profile Management. The profiles
referenced by the 5G radio profile are displayed. Click Air Scan Profile.

# Set Air Scan Profile to wlan-air-scan.

# Click Apply.

Step 4 Configure the passenger flow analysis function.


1. Create a location profile.

# Choose Configuration > WLAN Service > Profile > WLAN Location > WLAN
Location Profile. The WLAN Location Profile List page is displayed.

# Click Create to create the location profile wlan-location and click OK.

# Configure terminal location parameters.

# Click Apply.
2. Apply the location profile to radio 0.

# Choose Configuration > WLAN Service > WLAN Config > Radio0 > WLAN
Location > WLAN Location Profile, select wlan-location, and click Apply.
3. Apply the location profile to radio 1.

# Choose Configuration > WLAN Service > WLAN Config > Radio1 > WLAN
Location > WLAN Location Profile, select wlan-location, and click Apply.

Step 5 Verify the configuration.

Check and collect statistics about STA online duration through the location server.

----End

3.9 WLAN QoS Configuration Examples

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 80


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3.9.1 Example for Configuring WMM and Priority Mapping


Networking Requirements
As shown in Figure 3-14, an enterprise deploys an AP to provide a WLAN with the SSID
wlan-net so that users can access the network anywhere at any time. Voice, video, and data
services are transmitted within the coverage area of the AP. The enterprise requires that voice
and video services be assigned high priorities and preferentially guaranteed with sufficient
network resources and bandwidth.

Figure 3-14 Networking diagram for configuring WMM and priority mapping

Data Preparation
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 81


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

Traffic profile l Name: wlan-traffic


l Downlink priority mapping on air
interface: trusted priority DSCP and
default mapping value.

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net, security profile wlan-net, and traffic
profile wlan-traffic.

2G radio profile l Name: default


l WMM: enabled
l Area: Voice and video
l EDCA parameters: default value

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Enable WMM in the radio profile and configure voice and video services to
preferentially use bandwidth on the wireless side.
3. Retain the default priority mapping in the traffic profile to ensure that voice and video
services can be preferentially forwarded on the wired side.
4. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 82


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.


NOTE

Configure the DNS server address as required.

# Click Finish.
3. Configure Internet connection parameters.

# Click Next. The Configure Internet Connection page is displayed.

# Add an interface to VLAN 101 in tagged mode.


NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.

Step 2 Configure the WMM function.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 83


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

The following example configures a 2G radio profile. The configuration of the 5G radio profile is similar.

# Choose Configuration > WLAN Service > WLAN Config.


# Choose Radio0 > Radio Management > Radio Profile in WLAN Config. The Radio
Profile page is displayed.
# On the Advanced Configuration tab in the radio profile, enable the WMM function.

# Click Apply. In the dialog box that is displayed, click OK.


Step 3 Configure priority mapping.
In this example, you must set the highest DSCP priority for video and voice packets to ensure
that the video and voice packets can be preferentially forwarded. By default, the voice and
video packets already have the highest DSCP priorities in the traffic profile. You only need to
set the trusted priority of downstream packets to DSCP on the air interface but does not need
to change the mapping value.
If you want to change the default priority mapping, for example, to make the priority of the
video packets higher than that of the voice packets, perform the following configuration.
# Choose Configuration > WLAN Service > WLAN Config.

# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic
Profile page is displayed.
# Click Create. The Create Traffic Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter
setting page is displayed.
# On the Advanced Configuration tab, configure priority mapping and set the mapped
priority of video packets higher than that of the voice packets.

NOTE

By default, the user priority of voice packets is set to 6 or 7 on the terminal, and that of the video packets is
set to 4 or 5.
In the following figure, the DSCP priorities of video packets are 48 and 56, and those of the voice packets are
32 and 40. Based on the settings, video packets will be preferentially transmitted.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 84


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Apply. In the Info dialog box that is displayed, click OK.

Step 4 Verify the configuration.


1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Normal voice and video communication improves user experience in voice and video
services.

----End

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 85


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3.9.2 Example for Configuring Traffic Policing


Networking Requirements
As shown in Figure 3-15, an enterprise deploys an AP to provide a WLAN with the SSID
wlan-net so that users can access the network anywhere at any time.
The enterprise network administrator needs to set the rate limit of upstream traffic on each
STA associated with the AP to 2 Mbps and the limit of total rates of upstream traffic on all
STAs associated with the VAP to 30 Mbps.

Figure 3-15 Networking diagram for configuring traffic policing

Data Preparation
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 86


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

Traffic profile l Name: wlan-traffic


l Uplink rate limit for STAs: 2 Mbit/s
l Uplink rate limit for VAPs: 30 Mbit/s

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net, security profile wlan-net, and traffic
profile wlan-traffic.

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Configure the traffic profile and set the uplink rate limit of each STA associated with the
AP to 2 Mbit/s and the total uplink rate limit of all STAs on a VAP to 30 Mbit/s.
3. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.


# Set IP address parameters.
NOTE

Configure the DNS server address as required.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 87


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Finish.
3. Configure Internet connection parameters.

# Click Next. The Configure Internet Connection page is displayed.

# Add an interface to VLAN 101 in tagged mode.


NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.

Step 2 Configure rate limits.

# Choose Configuration > WLAN Service > WLAN Config.

# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic
Profile page is displayed.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 88


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Create. The Create Traffic Profile page is displayed.

# Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter
setting page is displayed.

# On the Advanced Configuration tab, set the uplink rate limit to 2 Mbit/s (2048 kbit/s) for
STAs and to 30 Mbit/s (30720 kbit/s) for VAPs.

# Click Apply. In the Info dialog box that is displayed, click OK.

Step 3 Verify the configuration.


1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 89


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

4. Run the display traffic-profile name wlan-traffic command on the AP to check the
traffic profile configuration. The command output shows that the uplink rate limit of a
single STA is 2048 kbit/s (2 Mbit/s) and the total uplink rate limit of all STAs on a VAP
is 30720 kbit/s (30 Mbit/s).

----End

3.9.3 Example for Configuring Airtime Fair Scheduling

Networking Requirements
As shown in Figure 3-16, an enterprise deploys an AP to provide a WLAN with the SSID
wlan-net so that users can access the network anywhere at any time.

The enterprise network administrator expects that users can be assigned equal bandwidth
occupation time so that the overall user experience can be improved.

Figure 3-16 Networking diagram for configuring airtime fair scheduling

Data Preparation
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 90


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Item Data

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profile: SSID profile wlan-
net and security profile wlan-net

RRM profile l Name: default


l Airtime fair scheduling: enabled

2G radio profile l Name: default


l Referenced profile: RRM profile default

Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Configure airtime fair scheduling to enable all users on a radio to occupy the network
bandwidth for equal time, improving the overall user experience.
3. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 91


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.


NOTE

Configure the DNS server address as required.

# Click Finish.
3. Configure Internet connection parameters.

# Click Next. The Configure Internet Connection page is displayed.

# Add an interface to VLAN 101 in tagged mode.


NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.

Step 2 Configure airtime fair scheduling.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 92


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

1. Configure a radio profile.


NOTE

The following example configures a 2G radio profile. The configuration of the 5G radio profile is
similar.

# Choose Configuration > WLAN Service > WLAN Config.


# Choose Radio0 > Radio Management > Radio Profile in WLAN Config. The Radio
Profile page is displayed. Retain the default settings of the radio profile parameters.

# Click next to Radio Profile. The profiles referenced by the radio profile are
displayed.
2. Configure the RRM profile and enable airtime fair scheduling in the RRM profile.
# Click RRM Profile in Radio Management. The RRM profile configuration page is
displayed.
# Enable airtime fair scheduling.

# Click Apply. In the dialog box that is displayed, click OK.


Step 3 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 93


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display rrm-profile name default command on the AP to check the
configuration of the RRM profile. The command output shows that airtime fair
scheduling has been enabled. Therefore, users on the network can fairly use the channel
resources.

----End

3.9.4 Example for Configuring ACL-based Packet Filtering


Networking Requirements
As shown in Figure 3-17, an enterprise deploys an AP to provide a WLAN with the SSID
wlan-net so that users can access the network anywhere at any time.
The enterprise network administrator expects that an ACL can be configured to prohibit
packets with the source IP address 10.23.101.10 and destination IP address 10.23.101.11.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 94


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

Figure 3-17 Networking diagram for configuring ACL-based packet filtering

Data Preparation
Item Data

Service VLAN for STAs VLAN 101

DHCP server The AP functions as a DHCP server to


assign IP addresses to STAs.

IP address pool for STAs 10.23.101.2-10.23.101.254/24

SSID profile l Name: wlan-net


l SSID name: wlan-net

Security profile l Name: wlan-net


l Security policy: WPA-WPA2+PSK
+AES
l Password: a1234567

Traffic profile l Name: wlan-traffic


l Referenced ACL: 3001

VAP profile l Name: wlan-net


l Service VLAN: VLAN 101
l Referenced profiles: SSID profile wlan-
net, security profile wlan-net, and traffic
profile wlan-traffic.

Configuration Roadmap
The configuration roadmap is as follows:

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 95


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

1. Use the WLAN configuration wizard to configure WLAN services.


2. Configure ACL rules to filter packets.
3. Connect STAs to the WLAN to verify the configuration.

Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.

# Click Create. The Basic Information page is displayed.

# Configure basic information about an SSID.

# Click Next. The IP and Rate page is displayed.

# Set IP address parameters.


NOTE

Configure the DNS server address as required.

# Click Finish.
3. Configure Internet connection parameters.

# Click Next. The Configure Internet Connection page is displayed.

# Add an interface to VLAN 101 in tagged mode.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 96


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

NOTE

If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.

# Click Finish.
Step 2 Configure an ACL.
1. Configure ACL 3001 that rejects packets with the source IP address 10.23.101.10 and
destination IP address 10.23.101.11.
# Choose Configuration > Security > ACL > Advanced ACL Settings. The
Advanced ACL Settings page is displayed.
# Click Create. In the Create Advanced ACL page that is displayed, set the ACL name
to ACL3001 and number to 3001, and click OK.
# Click Add Rule to add ACL rules.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 97


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

# Click OK.
2. Create a traffic profile and apply the ACL to the profile.

# Choose Configuration > WLAN Service > WLAN Config.

# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The
Traffic Profile page is displayed.

# Click Create. The Create Traffic Profile page is displayed.

# Enter the traffic profile name wlan-traffic in Profile name and click OK. The
parameter setting page of the new traffic profile is displayed.

# On the Advanced Configuration tab, expand Packet Filtering. In Inbound ACL,


click Add, and set Packet Filtering Type to IPv4 and the packet filtering ACL to ACL
3001. Click to save the settings.

# Click Apply. In the Info dialog box that is displayed, click OK.

Step 3 Verify the configuration.


1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 98


Fat AP and Cloud AP
Web-based Configuration Guide 3 Configuration Examples (Common AP)

3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display traffic-profile name wlan-traffic command on the AP to check
applications of ACL-based packet filtering. The command output shows that the ACL
has been applied to the traffic profile, and packets with the source and destination IP
addresses 10.23.101.10 and 10.23.101.11 cannot pass through.

----End

Issue 02 (2019-08-15) Copyright © Huawei Technologies Co., Ltd. 99