Beruflich Dokumente
Kultur Dokumente
Service Requirements
KPI information of APs is reported to CloudCampus@AC-Campus and CampusInsight
through the WMI report mechanism.
Networking Requirements
Figure 3-1 shows the information report mode.
Data Planning
Item Data
Configuration Roadmap
1. Configure basic WLAN services.
2. Configure parameters for interconnecting APs with the WMI server.
Configuration Notes
l Only some models of APs can report KPI information. For details, see Licensing
Requirements and Limitations for KPI Information Report in CLI-based
Configuration Guide.
l If the KPI information needs to be reported to only one WMI server, do not configure
multiple information report channels to avoid resource waste of the target server.
l Pre-configure network connectivity to ensure that APs can properly communicate with
the WMI server.
Procedure
Step 1 Configure parameters for interconnecting the AP with CampusInsight.
Choose Maintenance > WMI from the main menu on the AP web NMS, configure
parameters for interconnecting the AP with CampusInsight on the Channel 1 tab page, and
click Apply.
----End
Networking Requirements
As shown in Figure 3-2, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime.
Figure 3-2 Networking diagram for configuring basic Layer 2 WLAN services
Data planning
Item Data
Configuration Roadmap
1. Configure Router as a DHCP server to assign IP addresses to STAs.
2. Configure basic WLAN services using the WLAN configuration wizard.
3. Configure the AP channel and transmit power.
4. Associate STAs to the WLAN to verify services.
NOTE
You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the
Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the
upstream device after services are configured and saved.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce
Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Procedure
Step 1 Configure Router as a DHCP server to assign IP addresses to STAs.
# Configure Router as a DHCP server to assign IP addresses to STAs from the IP address pool
on GE1/0/0.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
[Router] dhcp enable
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ip address 10.23.101.1 24
[Router-GigabitEthernet1/0/0] dhcp select interface
[Router-GigabitEthernet1/0/0] dhcp server excluded-ip-address 10.23.101.2
[Router-GigabitEthernet1/0/0] quit
# Click Finish.
3. Configure Internet connection parameters.
If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network
interruption. In this case, you need to change the PC's IP address to 10.23.101.x and access the AP's
new IP address 10.23.101.2 to log in to the AP again for further operations.
If the uplink NE of the AP is assigned to a VLAN, it is recommended that the uplink interface of the AP
be configured in the same VLAN as the peer interface. In this case, you can configure a PVID on the
uplink interface of the AP so that this interface removes the VLAN tag from outgoing packets. You can
also configure the uplink interface as an access interface.
# Click Finish.
Step 3 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
----End
More Information
(Video) Example for Configuring Fat AP Layer 2 Networking
Networking Requirements
As shown in Figure 3-3, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime.
Figure 3-3 Networking diagram for configuring basic Layer 3 WLAN services
Data planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure Router to communicate with the AP.
2. Configure basic WLAN services using the WLAN configuration wizard.
3. Configure the AP channel and transmit power.
4. Associate STAs to the WLAN to verify services.
NOTE
You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the
Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the
upstream device after services are configured and saved.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce
Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Procedure
Step 1 Configure the network devices.
# Set the IP address of GE1/0/0 on Router to 10.23.200.2/24. Configure a static route from the
Router to the STAs.
<Huawei> system-view
[Huawei] sysname Router
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ip address 10.23.200.2 24
[Router-GigabitEthernet1/0/0] quit
[Router] ip route-static 10.23.101.0 255.255.255.0 10.23.200.1
NOTE
# Click Finish.
3. Configure Internet connections.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 200 in tagged mode.
NOTE
If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network
interruption. In this case, you need to change the PC's IP address to 10.23.200.x and access the AP' new
IP address 10.23.200.1 to log in to the AP again for further operations.
If the uplink NE of the AP is assigned to a VLAN, it is recommended that the uplink interface of the AP
be configured in the same VLAN as the peer interface. In this case, you can configure a PVID on the
uplink interface of the AP so that this interface removes the VLAN tag from outgoing packets. You can
also configure the uplink interface as an access interface.
# Click Finish.
Step 3 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
# Click OK.
Step 5 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
----End
More Information
(Video) Example for Configuring Fat AP Layer 3 Networking
Networking Requirements
As shown in Figure 3-4, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime. The administrator wants enterprise employees to access the public
network using public IP addresses.
Figure 3-4 Networking diagram for configuring STAs to access the public network through
NAT
Data planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic WLAN services using the WLAN configuration wizard.
2. Configure the AP channel and transmit power.
3. Configure NAT so that STAs can access the public network using public IP addresses.
4. Associate STAs to the WLAN to verify services.
NOTE
You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the
Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the
upstream device after services are configured and saved.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce
Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
NOTE
# Click Finish.
3. Configure Internet connections.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 200 in tagged mode.
NOTE
If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network
interruption. In this case, you need to change the PC's IP address to 1.1.1.x and access the AP's new IP
address 1.1.1.1 to log in to the AP again for further operations.
# Click Finish.
Step 2 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
# Click OK.
Step 4 Configure an ACL.
1. Choose Configuration > Security > ACL. The Basic ACL Settings page is displayed.
2. Click Create. On the Create Basic ACL page that is displayed, set ACL parameters.
3. Click OK.
4. In the new ACL, click Add Rule. On the Add Rule page, set ACL parameters.
5. Click OK.
Step 5 Configure NAT.
1. Choose Configuration > IP Service > NAT. The NAT page is displayed.
2. Click Create in NAT Mapping and create a NAT mapping.
3. Click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. STAs can access the public network successfully.
----End
More Information
(Video) Example for Configuring Users on the Fat AP to Access the Public Network
Through NAT
Service Requirements
Because the WLAN is open to users, there are potential security risks if no security policy is
configured for the WLAN. Users do not require high WLAN security, so no authentication
server is required. A WEP or WPA/WPA2 (pre-shared key) security policy can be configured.
STAs support WPA/WPA2, TKIP encryption, and AES encryption, so pre-shared key
authentication and AES encryption are used to secure data transmission.
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Set the security
policy to WPA-WPA2 PSK and AES.
2. Configure radio calibration.
3. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Finish.
3. Configure Internet connection parameters.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 2 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. The STA can access the WLAN after the wireless user enters the password.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1X
and RADIUS authentication and set RADIUS server parameters.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure Portal and
RADIUS authentication and set parameters of the external Portal server and RADIUS
server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Specify network resources accessible to authentication-free users.
5. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
# Configure a Portal server and set the port number and shared key to provide the web
authentication page.
Step 2 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
Step 5 Configure network resources accessible to authentication-free users.
1. Choose Configuration > WLAN Service > Profile.The Profile Management page is
displayed.
2. Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile >
Authentication-free Rule Profile. The Authentication-free Rule Profile page is
displayed.
3. Set Authentication-free Rule Profile to default_free_rule.
4. Click Create. On the Create Authentication-free Rule page that is displayed, set Rule
ID to 1 and the authentication-free resource to the IP address of the DNS server.
5. Click OK.
6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that
is displayed, click OK.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. When you open the browser on the STA, you are redirected to the Portal authentication
page. After you enter the correct user name and password and are successfully
authenticated, you can access the Internet.
----End
Service Requirements
The WLAN authentication client cannot be installed on wireless devices providing public
services, such as wireless printers and phones, so use MAC address authentication. The
RADIUS server authenticates wireless devices using their MAC addresses. No authentication
is required when STAs access the WLAN, facilitating the use of WLAN services.
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure MAC
address and RADIUS authentication and set parameters of the RADIUS server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
Step 2 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
Step 5 Configure MAC authentication.
1. Create the authentication profile wlan-net.
# Choose Configuration > WLAN Service > WLAN Config > Radio 0. The Radio 0
page is displayed.
# Choose VAP Configuration > wlan-net > Authentication Profile. The
Authentication Profile page is displayed.
# Click Create. On the Create Authentication Profile page that is displayed, enter the
profile name wlan-net and click OK. The authentication profile configuration page is
displayed.
# Set Access mode to MAC authentication and Authentication mode to RADIUS
authentication.
# Click Apply. In the dialog box that is displayed, click OK.
# Click under RADIUS Server Profile. The RADIUS Server Profile page is
displayed.
# Click Create. On the Create RADIUS Server Profile page that is displayed, set
Profile name to wlan-net and Profile default shared key to huawei@123.
# Click Create Server. In the Create Server Configuration dialog box that is
displayed, configure the RADIUS server parameters.
# Click OK. On the Create RADIUS Server Profile page that is displayed, select the
created RADIUS server and click OK. On the RADIUS Server Profile page that is
displayed, select the created RADIUS server profile wlan-net and click OK.
# Click Apply. In the dialog box that is displayed, click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Figure 3-9 Configuring the RADIUS server and AP to deliver user group rights to users
Data Planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1X
and RADIUS authentication and set RADIUS server parameters.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Configure the user group.
5. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
Step 5 Configure user group rights.
1. Create ACL 3002 that denies access to the FTP server 10.23.103.1/24.
# Choose Configuration > Security > ACL > Advanced ACL Settings. The
Advanced ACL Settings page is displayed.
# Click Create. In the Create Advanced ACL page that is displayed, set the ACL name
to ACL3002 and number to 3002, and click OK.
# Click Add Rule and add a rule.
# Click OK.
2. Create the QoS profile huawei, and set the rate limits of uplink and downlink traffic to 3
Mbit/s and 5 Mbit/s respectively.
# Choose Configuration > Security > User Group > QoS Profile. The QoS Profile
page is displayed.
# Click Create. On the Create QoS Profile page that is displayed, set parameters.
# Click OK.
3. Create the user group huawei, and bind ACL 3002 and QoS profile huawei to the user
group, and enable intra-group and inter-group isolation.
# Choose Configuration > Security > User Group > User Group. The User Group
page is displayed.
# Click Create. On the Create User Group page that is displayed, set parameters.
# Click OK.
4. Bind the user group huawei to the authentication profile wlan-net.
# Choose Configuration > Security > AAA > Authentication Profile. The
Authentication Profile page is displayed.
# Click wlan-net, select the user group huawei on the parameter setting page of the
authentication profile
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Two users go online and they cannot ping each other.
----End
Service Requirements
WLAN is open to users and therefore has potential security risks. To manage access users in a
centralized manner, Portal authentication is configured on the FAT AP. Any user that attempts
to access the WLAN is redirected to the Portal authentication page. Users are authorized to
access the WLAN after entering the correct user names and passwords. If the enterprise has a
few number of users, the FAT AP can function as the Portal server to authenticate users
locally to reduce costs. Built-in Portal authentication requires no additional Portal server,
allowing for easy and flexible deployment. However, as the Portal server, the FAT AP
provides only basic web functions (such as user login and logout) but cannot replace an
independent Portal server or provide extended functions of an external Portal server.
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Select WLAN Wizard to configure WLAN services on the FAT AP. On the web
platform, the HTTPS service is enabled and an SSL policy is applied. When configuring
a built-in Portal server, configure the same SSL policy for the built-in Portal server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Specify network resources accessible to authentication-free users.
4. Complete service verification.
Procedure
Step 1 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID. Set Security settings to Portal
(applicable to enterprise networks) and Portal server to Built-in Portal server.
Under Built-in Portal Server Configuration, configure the server IP address and port
number.
# Click Manage next to Local user. The Local User page is displayed
# Set Creation mode to Manually add and configure the local user name and password.
# Click OK.
# On the Create Local User page, select the new user and click OK.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 2 Configure DNS.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
5. Click OK.
6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that
is displayed, click OK.
3. When a user browses a web page, the browser automatically redirects the user to the
Portal authentication page. After entering the correct user name and password, the user
passes the authentication and can access the web page.
4. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
# Choose Configuration > Security > AAA > Local User. Click a user name to modify the
password of the user. Click Delete to delete the selected user. Click Create to add a local user.
The following image shows adding a user.
----End
Service Requirements
To improve user experience and reduce burden on the 2.4 GHz frequency band, customers
require that STAs preferentially connect to the 5 GHz frequency band.
For the WLAN access configuration, see Related Topics.
Networking Requirements
As shown in Figure 3-11, 2.4 GHz and 5 GHz wireless networks are deployed in the
conference hall. The AP works on dual frequency bands. STAs connected to the APs support
both 2.4 GHz and 5 GHz frequency bands.
Data preparation
Item Data
Item Data
Configuration Roadmap
Configure the band steering function and proper band steering parameters so that users can
preferentially access the 5 GHz frequency band.
Configuration Notes
l Use AP that supports both 5 GHz and 2.4 GHz frequency bands and configure the same
SSID and security policy on the 5 GHz and 2.4 GHz radios.
l To allow a STA to preferentially associate with the 5 GHz radio and achieve a better
access effect, configure larger power for the 5 GHz radio than the 2.4 GHz radio.
l No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets,
they are usually sent at low rates. If a large number of such multicast packets are sent
from the network side, the air interfaces may be congested. You are advised to configure
multicast packet suppression on switch interfaces connected to APs to reduce impact of a
large number of low-rate multicast packets on the wireless network. Exercise caution
when configuring the rate limit; otherwise, the multicast services may be affected. For
details on how to configure traffic suppression, see How Do I Configure Multicast
Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast
Packets on the Wireless Network?.
Procedure
Step 1 Configure the band steering function.
1. Enable the band steering function in the VAP profile wlan-net. By default, the band
steering function is enabled.
# Choose Configuration > WLAN Service > Profile.
# Choose Wireless Service > VAP Profile in Profile Management. The VAP Profile
List page is displayed.
# Click wlan-net. The VAP profile page is displayed.
# On the Advanced Configuration tab, enable the band steering function on the VAP
profile page.
2. # In the RRM profile, configure load balancing between radios to prevent heavy load on
a single radio. Set the start threshold for load balancing between radios to 15, and the
load difference threshold to 25%.
# Choose Configuration > WLAN Service > Profile Management.
# Choose Radio Management > RRM Profile in Profile Management. The RRM
Profile List page is displayed.
# Click the RRM profile default. The RRM profile configuration page is displayed.
# On the Advanced Configuration tab, set the start threshold for load balancing
between radios to 15, and the load difference threshold to 25%.
----End
Related Topics
l 3.2 Example for Configuring Fat AP Layer 2 Networking
l 3.3 Example for Configuring Fat AP Layer 3 Networking
l 3.4 Example for Configuring STAs on the Fat AP to Access the Public Network
Through NAT
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure wireless services on the AP. For details, see 3.2 Example for Configuring
Fat AP Layer 2 Networking.
2. Configure WIDS and WIPS to detect and contain rogue APs and prevent STAs from
associating with the rogue APs. Add attacking devices to the dynamic blacklist so that
the APs discard packets from the attacking devices.
3. Verify the configuration.
NOTE
In this example, the authorized APs work in normal mode and have the detection function enabled. In
addition to transmitting WLAN service data, AP radios need to perform the monitoring function.A transient
increase in the WLAN service latency may occur, which does not affect network access. However, if any
latency-sensitive service (such as videoconferencing) is running, it is recommended that a separate radio be
used for air scan.
The following example configures WIDS and WIPS on radio 0. The configuration on radio 1 is similar.
Procedure
Step 1 Enable WIDS and WIPS.
1. Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
2. Click Radio Management. The configuration page of radio 0 is displayed.
3. Enable device detection, rogue device containment, flood attack detection, and WPA2-
PSK attack detection.
4. Click Apply. In the Info dialog box that is displayed, click OK.
3. Click Apply. In the Info dialog box that is displayed, click OK.
Step 3 Set the aging time of the dynamic blacklist.
1. Choose Configuration > WLAN Service > Basic Config > STA Blacklist And
Whitelist.
2. Set Dynamic blacklist aging time to 200 seconds.
3. Click Apply. In the Info dialog box that is displayed, click OK.
Step 4 Verify the configuration.
1. Choose Configuration > Security > WIDS.
2. Check information about detected rogue devices on the Rogue Device tab page.
3. Check statistics on all detected attacks on the Attack Statistics tab page.
4. Check detailed information about attacks on the Attack Records tab page.
5. Check information about attack devices in the blacklist on the Dynamic Blacklist tab
page.
----End
Networking Requirements
On the network of a shopping mall shown in Figure 3-13, a Fat AP interconnects with a
location server through a switch. It is required that the Fat AP provide Wi-Fi access for STAs
while implementing the passenger flow analysis function with the help of the location server.
Data preparation
Item Data
Item Data
Configuration Roadmap
1. Configure basic WLAN services so that users can connect to the internal network
through the WLAN.
2. Configure the passenger flow analysis function so that APs can periodically scan
channels to collect radio signals and report the collected information to the location
server.
Procedure
Step 1 Configure the location server (details are not provided here).
Step 2 Configure basic WLAN services based on data planning. For details, see 3.2 Example for
Configuring Fat AP Layer 2 Networking.
# Choose Configuration > WLAN Service > Profile > Radio Management > Air
Scan Profile. The Air Scan Profile List page is displayed.
# Click Create to create the air scan profile wlan-air-scan and click OK.
# Click Apply.
2. Configure the 2G radio profile and bind the air scan profile to the 2G radio profile.
# Choose Configuration > WLAN Service > Profile > Radio Management > 2G
Radio Profile.
# Click next to the 2G radio profile default in Profile Management. The profiles
referenced by the 2G radio profile are displayed. Click Air Scan Profile.
# Click Apply.
3. Configure the 5G radio profile and bind the air scan profile to the 5G radio profile.
# Choose Configuration > WLAN Service > Profile > Radio Management > 5G
Radio Profile.
# Click next to the 5G radio profile default in Profile Management. The profiles
referenced by the 5G radio profile are displayed. Click Air Scan Profile.
# Click Apply.
# Choose Configuration > WLAN Service > Profile > WLAN Location > WLAN
Location Profile. The WLAN Location Profile List page is displayed.
# Click Create to create the location profile wlan-location and click OK.
# Click Apply.
2. Apply the location profile to radio 0.
# Choose Configuration > WLAN Service > WLAN Config > Radio0 > WLAN
Location > WLAN Location Profile, select wlan-location, and click Apply.
3. Apply the location profile to radio 1.
# Choose Configuration > WLAN Service > WLAN Config > Radio1 > WLAN
Location > WLAN Location Profile, select wlan-location, and click Apply.
Check and collect statistics about STA online duration through the location server.
----End
Figure 3-14 Networking diagram for configuring WMM and priority mapping
Data Preparation
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Enable WMM in the radio profile and configure voice and video services to
preferentially use bandwidth on the wireless side.
3. Retain the default priority mapping in the traffic profile to ensure that voice and video
services can be preferentially forwarded on the wired side.
4. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
NOTE
The following example configures a 2G radio profile. The configuration of the 5G radio profile is similar.
# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic
Profile page is displayed.
# Click Create. The Create Traffic Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter
setting page is displayed.
# On the Advanced Configuration tab, configure priority mapping and set the mapped
priority of video packets higher than that of the voice packets.
NOTE
By default, the user priority of voice packets is set to 6 or 7 on the terminal, and that of the video packets is
set to 4 or 5.
In the following figure, the DSCP priorities of video packets are 48 and 56, and those of the voice packets are
32 and 40. Based on the settings, video packets will be preferentially transmitted.
# Click Apply. In the Info dialog box that is displayed, click OK.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Normal voice and video communication improves user experience in voice and video
services.
----End
Data Preparation
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Configure the traffic profile and set the uplink rate limit of each STA associated with the
AP to 2 Mbit/s and the total uplink rate limit of all STAs on a VAP to 30 Mbit/s.
3. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic
Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter
setting page is displayed.
# On the Advanced Configuration tab, set the uplink rate limit to 2 Mbit/s (2048 kbit/s) for
STAs and to 30 Mbit/s (30720 kbit/s) for VAPs.
# Click Apply. In the Info dialog box that is displayed, click OK.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display traffic-profile name wlan-traffic command on the AP to check the
traffic profile configuration. The command output shows that the uplink rate limit of a
single STA is 2048 kbit/s (2 Mbit/s) and the total uplink rate limit of all STAs on a VAP
is 30720 kbit/s (30 Mbit/s).
----End
Networking Requirements
As shown in Figure 3-16, an enterprise deploys an AP to provide a WLAN with the SSID
wlan-net so that users can access the network anywhere at any time.
The enterprise network administrator expects that users can be assigned equal bandwidth
occupation time so that the overall user experience can be improved.
Data Preparation
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Configure airtime fair scheduling to enable all users on a radio to occupy the network
bandwidth for equal time, improving the overall user experience.
3. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
The following example configures a 2G radio profile. The configuration of the 5G radio profile is
similar.
# Click next to Radio Profile. The profiles referenced by the radio profile are
displayed.
2. Configure the RRM profile and enable airtime fair scheduling in the RRM profile.
# Click RRM Profile in Radio Management. The RRM profile configuration page is
displayed.
# Enable airtime fair scheduling.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display rrm-profile name default command on the AP to check the
configuration of the RRM profile. The command output shows that airtime fair
scheduling has been enabled. Therefore, users on the network can fairly use the channel
resources.
----End
Data Preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Finish.
3. Configure Internet connection parameters.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 2 Configure an ACL.
1. Configure ACL 3001 that rejects packets with the source IP address 10.23.101.10 and
destination IP address 10.23.101.11.
# Choose Configuration > Security > ACL > Advanced ACL Settings. The
Advanced ACL Settings page is displayed.
# Click Create. In the Create Advanced ACL page that is displayed, set the ACL name
to ACL3001 and number to 3001, and click OK.
# Click Add Rule to add ACL rules.
# Click OK.
2. Create a traffic profile and apply the ACL to the profile.
# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The
Traffic Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The
parameter setting page of the new traffic profile is displayed.
# Click Apply. In the Info dialog box that is displayed, click OK.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display traffic-profile name wlan-traffic command on the AP to check
applications of ACL-based packet filtering. The command output shows that the ACL
has been applied to the traffic profile, and packets with the source and destination IP
addresses 10.23.101.10 and 10.23.101.11 cannot pass through.
----End