No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

STAs cannot manage the AP trough SSH or Telnet in WLAN.

Publication Date:  2016-02-27 Views:  131 Downloads:  0
Issue Description

Topology: 



AP6010SN-AGN Version:

AP6010SN-AGN  FAT   V200R005C10SPC200


Configuration: 

AP6010SN:

#

 sysname AP6010SN

 ftp server enable

 set default ftp-directory flash:

#

 http timeout 30

 http secure-server ssl-policy default_policy

 http server enable

#

 clock timezone Moxico_City,Monterrey minus 06:00:00

#

 dns resolve 

#

vlan batch 10 100

#

lldp enable

#

wlan global country-code MX

#

dhcp enable

#

pki realm default

 enrollment self-signed

#

ssl policy default_policy type server    

 pki-realm default

#

acl number 2001 

 rule 5 permit source 192.168.10.0 0.0.0.255

#

dhcp server group Motorola

 dhcp-server 192.168.0.1 0

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default 

 domain default_admin 

 local-user web password irreversible-cipher %@%@,f4pXCXD;P097$M9]u:NQ:SBrRvXLrus35<vR5'wq7(6:SEQ%@%@

 local-user web privilege level 15

 local-user web service-type telnet ftp http

 local-user admin password irreversible-cipher %@%@U$I"DSyCj7"!mn-T<{TKnRV16Dlv)Gn{s$!F$H7KZ&e-RV4n%@%@

 local-user admin privilege level 15

 local-user admin service-type telnet ssh http

 local-user user_test password irreversible-cipher %@%@WCV=BQ'Ms0z&k"WGQ@Y$\9!+F3)]BXZ'JSF6!Q&d%i<T9!.\%@%@

 local-user user_test privilege level 15

 local-user user_test service-type telnet ssh

#                                        

interface Vlanif1

#

interface Vlanif10

 ip address 192.168.10.254 255.255.255.0

 dhcp select interface

#

interface Vlanif100

 ip address 10.10.10.100 255.255.255.248

 nat outbound 2001

#

interface GigabitEthernet0/0/0

 port link-type access

 port default vlan 100

#

interface Wlan-Bss1

 port hybrid pvid vlan 10

 port hybrid untagged vlan 10

#

interface NULL0

#

 info-center timestamp log format-date

#

 snmp-agent local-engineid 800007DB03200BC78F25F0

 snmp-agent sys-info location Mexico, DF 

 snmp-agent

#

 ssh client first-time enable

 sftp server enable

 stelnet server enable

#

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

ip route-static 0.0.0.0 0.0.0.0 Vlanif100

ip route-static 0.0.0.0 0.0.0.0 10.10.10.101

#

user-interface con 0

 authentication-mode password

 set authentication password cipher %@%@S%1J:e)$w#!x;i*'aT8C,.M#ymfxOQmAB+VD92@|H5+=.M&,%@%@

user-interface vty 0 4

 authentication-mode aaa

 protocol inbound all

user-interface vty 16 20

 authentication-mode aaa

 protocol inbound all

#

wlan

  access priority normal

 wmm-profile name default id 0

 wmm-profile name wmm1 id 1              

 traffic-profile name default id 0

 traffic-profile name traffic1 id 1

 security-profile name security1 id 1

  security-policy wpa-wpa2

  wpa-wpa2 authentication-method psk pass-phrase cipher %@%@.Y)tDK82eWvQYq*WL=cDw|;J%@%@ encryption-method tkip

 service-set name service1 id 1

  Wlan-Bss 1

  ssid WLAN_TEST

  traffic-profile id 1

  security-profile id 1

 radio-profile name default id 0

  wmm-profile id 0

 radio-profile name radio1 id 1

  wmm-profile id 1

#

interface Wlan-Radio0/0/0

 radio-profile id 1

 service-set id 1 wlan 1

#

 ntp-service unicast-server 162.243.63.11

#

return

<AP6010SN>

Handling Process

STAs can get WLAN service and can get access to Internet, but cannot manage AP trough SSH or Telnet. 

 

1. STAs can get connection with the AP


<AP6010SN>display station assoc-info all

  AP/Rf/WLAN: AP ID/Radio ID/WLAN ID                                           

  Rx/Tx: link receive rate/link transmit rate(Mbps)                            

  ------------------------------------------------------------------------------

  STA MAC         AP/Rf/WLAN Rx/Tx     Mode  RSSI   IP address                 

  SSID                                                                         

  ------------------------------------------------------------------------------

  fcc2-de8d-f640  0/0/1      36/36     11g   -44    192.168.10.253

  WLAN_TEST

  ------------------------------------------------------------------------------

  Total stations: 1

<AP6010SN>


2. STAs can ping Gateway, Interface G 0/0/0 and Internet


Ping to WLAN Gateway (192.168.10.254)

 

--- IP (wlan0) fe80::fec2:deff:fe8d:f640%wlan0
--- IP (wlan0) 192.168.10.253
--- Connection: WIFI

PING 192.168.10.254 (192.168.10.254) 56(84) bytes of data.
64 bytes from 192.168.10.254: icmp_seq=1 ttl=255 time=3.26 ms
64 bytes from 192.168.10.254: icmp_seq=2 ttl=255 time=13.2 ms
64 bytes from 192.168.10.254: icmp_seq=3 ttl=255 time=12.3 ms

--- 192.168.10.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
min = 3.260 ms
avg = 9.605 ms
max = 13.218 ms
mdev = 4.502 ms

Ping to interface G 0/0/0 (10.10.10.100)

 

--- IP (wlan0) fe80::fec2:deff:fe8d:f640%wlan0
--- IP (wlan0) 192.168.10.253
--- Connection: WIFI

PING 10.10.10.100 (10.10.10.100) 56(84) bytes of data.
64 bytes from 10.10.10.100: icmp_seq=1 ttl=255 time=12.3 ms
64 bytes from 10.10.10.100: icmp_seq=2 ttl=255 time=14.7 ms
64 bytes from 10.10.10.100: icmp_seq=3 ttl=255 time=14.2 ms

--- 10.10.10.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
min = 12.303 ms
avg = 13.757 ms
max = 14.728 ms
mdev = 1.047 ms

 

Ping to (10.10.10.100)

 

--- IP (wlan0) fe80::fec2:deff:fe8d:f640%wlan0
--- IP (wlan0) 192.168.10.253
--- Connection: WIFI

PING 10.10.10.101 (10.10.10.101) 56(84) bytes of data.
64 bytes from 10.10.10.101: icmp_seq=1 ttl=127 time=5.48 ms
64 bytes from 10.10.10.101: icmp_seq=2 ttl=127 time=8.47 ms
64 bytes from 10.10.10.101: icmp_seq=3 ttl=127 time=10.0 ms

--- 10.10.10.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
min = 5.484 ms
avg = 7.998 ms
max = 10.035 ms
mdev = 1.891 ms

 

1. STAs cannot get connection trough Telent



Root Cause

APs use the service-set which by default work in service set type and it does not allow managing. 

Solution

Change the working mode of service-set, setting the type to AP management, and save the configuration to commit the changes.

<AP6010SN>system-view

Enter system view, return user view with Ctrl+Z.

[AP6010SN]wlan

[AP6010SN-wlan-view]service-set id 1

[AP6010SN-wlan-service-set-service1]type ap-management

[AP6010SN-wlan-service-set-service1]q

[AP6010SN-wlan-view]

<AP6010SN>save all

  The current configuration will be written to the device.

  Are you sure to continue? (y/n)[n]:y

  It will take several minutes to save configuration file, please wait..........................................................

  Configuration file has been saved successfully

  Note: The configuration file will take effect after being activated

<AP6010SN>

 

Suggestions

Is recommended to use one VLAN to provide WLAN service and another VLAN to manage the AP due to allowing this functionality (type ap-management), does not allow getting WLAN service. In this example after to configure this functionality, STAs cannot get access to Internet they just can manage the AP trough Telnet or SSH.

END