No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 Series Agile Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Guest Access Using Social Media Accounts (GooglePlus, Facebook, or Twitter Accounts)

Configuring Guest Access Using Social Media Accounts (GooglePlus, Facebook, or Twitter Accounts)

Overview

An enterprise has deployed an authentication system to implement access control for all the wireless users who attempt to connect to the enterprise network. Only authenticated users can connect to the enterprise network. Enterprise employees connect to the network through PCs and guests connect to the network through mobile phones. The administrator has created local accounts for the employees so that they can use the local accounts to pass authentication. For guest accounts, the administrator needs to configure the Service Manager to enable guests to complete authentication using GooglePlus, Facebook or Twitter accounts.

Networking Requirements

In Figure 14-36, a switch functions as the AC and connects to the AP through a PoE switch. The PoE switch provides power for the AP. You can configure WLAN services on the AC to provide wireless access services for users.

Figure 14-36  Networking of a small-scale WLAN

Configuration Logic

Figure 14-37  Configuration logic of Huawei switch

Configuration Notes

  • This configuration example applies to all switches running V200R009C00 or a later version.
  • For details about the matching model and version of AP, see Example for Configuring WLAN Services on a Small-Scale Network in "Typical WLAN-AC Configuration (Applicable to V200R009 and Later Versions)" in the Typical Configuration Examples.

  • Huawei Agile Controller-Campus functions as the RADIUS server in this example. For the Agile Controller-Campus, the version required is V100R002 or V100R003.
  • The RADIUS authentication and accounting shared keys and Portal shared key on the switch must be the same as those on the Agile Controller-Campus.
  • By default, the switch allows the packets sent to RADIUS and Portal servers to pass through. You do not need to configure an authentication-free rule for the packets on the switch.
  • Service data forwarding modes are classified into tunnel forwarding mode and direct forwarding mode. The tunnel forwarding mode is used in this example.
    • In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same.
    • In direct forwarding mode, do not configure the management VLAN and service VLAN to be the same. You are advised to configure port isolation on the switch interface directly connected to the AP. If port isolation is not configured, many broadcast packets will be transmitted in VLANs or WLAN users on different APs can directly communicate at Layer 2.
  • No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
    • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
    • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
    For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

Data Plan

Table 14-18  Network data plan

Item

Data

Description

AC DHCP server

192.168.10.1-192.168.10.254/24

IP address pool for APs.

IP address of VLANIF 100: 192.168.10.1

Gateway connected to the AP.

192.168.20.1-192.168.20.254/24

IP address pool for mobile phone users.

IP address of VLANIF 101: 192.168.20.1

Gateway for mobile phone users.

IP address of VLANIF 102: 192.168.30.1

Gateway connected to the Agile Controller-Campus.

Portal server:

  • IP address: 192.168.30.2
  • Port number that the switch uses to process Portal packets: 2000
  • Destination port number in the packets that the switch sends to the Portal server: 50200
  • Portal shared key: Admin@123
  • The service controller (SC) of the Agile Controller-Campus integrates the RADIUS server and Portal server. Therefore, IP addresses of the authentication server, accounting server, and Portal server are the IP address of the Agile Controller-Campus.
  • Configure a RADIUS accounting server to obtain user login and logout information. The port numbers of the authentication server and accounting server must be the same as the authentication and accounting port numbers of the RADIUS server.

RADIUS authentication server:

  • IP address: 192.168.30.2
  • Port number: 1812
  • RADIUS shared key: Admin@123

RADIUS accounting server:

  • IP address: 192.168.30.2
  • Port number: 1813
  • RADIUS shared key: Admin@123
  • Accounting interval: 15 minutes

Agile Controller-Campus

Domain name: access.example.com

Users can also use the domain name to access the Portal server.

IP address: 192.168.30.2

-

Authentication port number: 1812

-

Accounting port number: 1813

-

RADIUS shared key: Admin@123

It must be the same as that configured on the switch.

Port number in the packets received by the Portal server: 50200

-

Portal shared key: Admin@123

It must be the same as that configured on the switch.

AP group

  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-vap and regulatory domain profile domain1

-

Regulatory domain profile

  • Name: domain1
  • Country code: CN

-

SSID profile

  • Name: wlan-ssid
  • SSID name: wlan-net

-

Security profile

  • Name: wlan-security
  • Security policy: open system authentication

-

VAP profile

  • Name: wlan-vap
  • Forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 101
  • Referenced profiles: SSID profile wlan-ssid, security profile wlan-security, and authentication profile p1

-

Procedure

  1. Configure network connectivity.

    # On SwitchA, add GE0/0/1 connected to the AP and GE0/0/2 connected to the AC to management VLAN 100.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] vlan batch 100
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type trunk
    [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/1] quit
    [SwitchA] interface gigabitethernet 0/0/2
    [SwitchA-GigabitEthernet0/0/2] port link-type trunk
    [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/2] quit

    # On the AC, add GE1/0/1 connected to SwitchA to VLAN 100, add GE1/0/3 connected to the Agile Controller-Campus to VLAN 102, and add GE1/0/2 connected to the Internet to VLAN 101.

    <HUAWEI> system-view
    [HUAWEI] sysname AC
    [AC] vlan batch 100 101 102
    [AC] interface gigabitethernet 1/0/1
    [AC-GigabitEthernet1/0/1] port link-type trunk
    [AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
    [AC-GigabitEthernet1/0/1] quit
    [AC] interface gigabitethernet 1/0/3
    [AC-GigabitEthernet1/0/3] port link-type trunk
    [AC-GigabitEthernet1/0/3] port trunk allow-pass vlan 102
    [AC-GigabitEthernet1/0/3] quit
    [AC] interface gigabitethernet 1/0/2   //Configure AC uplink interfaces to transparently transmit service VLAN packets as required and communicate with the upstream device.
    [AC-GigabitEthernet1/0/2] port link-type trunk
    [AC-GigabitEthernet1/0/2] port trunk allow-pass vlan 101
    [AC-GigabitEthernet1/0/2] quit

    # Configure the AC as a DHCP server based on interface address pools. VLANIF 100 assigns IP addresses to the AP and VLANIF 101 assigns IP addresses to STAs.

    [AC] dhcp enable      //Enable DHCP.
    [AC] interface vlanif 100
    [AC-Vlanif100] ip address 192.168.10.1 24
    [AC-Vlanif100] dhcp select interface      //Configure an address pool on VLANIF 100 to assign IP addresses to the AP.
    [AC-Vlanif100] quit
    [AC] interface vlanif 101
    [AC-Vlanif101] ip address 192.168.20.1 24      //Configure an address pool on VLANIF 101 to assign IP addresses to STAs.
    [AC-Vlanif101] dhcp select interface
    [AC-Vlanif101] quit

    # Configure the gateway address of the Agile Controller-Campus.

    [AC] interface vlanif 102
    [AC-Vlanif102] ip address 192.168.30.1 24
    [AC-Vlanif102] quit

    # Configure network access rights for users after successful authentication.

    NOTE:

    The Controller authorizes ACL 3001 to authenticated users to control the resources that the users can access. The following example does not configure any access restrictions for authenticated users.

    [AC] acl 3001   //Configure the post-authentication domain for mobile terminals.
    [AC-acl-adv-3001] rule 1 permit ip   //Allow authenticated users to access all network resources.
    [AC-acl-adv-3001] quit

  2. Set the NAC mode of the AC to unified.

    [AC] authentication unified-mode    //Set the NAC mode to unified. By default, the switch works in unified mode. If the switch works in common mode, the following information is displayed when this command is run to change the NAC mode. The administrator must enter y. The switch will save the configuration and restart immediately. Functions of the newly configured mode then take effect.
    Warning: Switching the authentication mode will take effect after system restart
    . Some configurations are invalid after the mode is switched. For the invalid co
    mmands, see the user manual. Save the configuration file and reboot now? [Y/N]y

  3. Configure parameters for the AC to communicate with the Agile Controller-Campus (RADIUS server).

    [AC] radius-server template policy   //Create the RADIUS server template policy.
    [AC-radius-policy] radius-server authentication 192.168.30.2 1812 source ip-address 192.168.30.1   //Configure the IP address and port number of the RADIUS authentication server.
    [AC-radius-policy] radius-server accounting 192.168.30.2 1813 source ip-address 192.168.30.1   //Configure the IP address and port number of the RADIUS accounting server.
    [AC-radius-policy] radius-server shared-key cipher Admin@123   //Set the authentication key and accounting key to Admin@123.
    [AC-radius-policy] quit
    [AC] aaa   //Enter the AAA view.
    [AC-aaa] authentication-scheme auth   //Create the authentication scheme auth.
    [AC-aaa-authen-auth] authentication-mode radius   //Set the authentication mode to RADIUS.
    [AC-aaa-authen-auth] quit
    [AC-aaa] accounting-scheme acco   // Create the accounting scheme acco.
    [AC-aaa-accounting-acco] accounting-mode radius   //Set the accounting mode to RADIUS.
    [AC-aaa-accounting-acco] accounting realtime 15   //Set the real-time accounting interval to 15 minutes.
    [AC-aaa-accounting-acco] quit
    [AC-aaa] domain portal   //Create the domain portal.
    [AC-aaa-domain-portal] authentication-scheme auth   //Bind the authentication scheme auth to the domain.
    [AC-aaa-domain-portal] accounting-scheme acco   //Bind the accounting scheme acco to the domain.
    [AC-aaa-domain-portal] radius-server policy   //Bind the RADIUS server template policy to the domain.
    [AC-aaa-domain-portal] quit
    [AC-aaa] quit
    [AC] domain portal  //Set the domain portal as the global default domain.

  4. Configure Portal authentication.

    # Configure parameters for the AC to communicate with the Agile Controller-Campus (Portal server).

    [AC] web-auth-server portal_huawei   //Configure the Portal server template portal_huawei.
    [AC-web-auth-server-portal_huawei] server-ip 192.168.30.2   //Configure the IP address of the Portal server.
    [AC-web-auth-server-portal_huawei] source-ip 192.168.30.1   //Configure the IP address for the device to communicate with the Portal server.
    [AC-web-auth-server-portal_huawei] port 50200   //Set the destination port number in the packets sent by the AC to the Portal server to 50200, which is the same as the port number in the packets received by the Portal server. The default port number in the packets sent by the switch is 50100. You must manually change the port number to 50200 for adaptation to the Portal server.
    [AC-web-auth-server-portal_huawei] shared-key cipher Admin@123   //Configure the shared key for communication with the Portal server. The shared key must be the same as that configured on the Portal server.
    [AC-web-auth-server-portal_huawei] url http://access.example.com:8080/portal   //Configure the URL of the Portal authentication page. access.example.com is the host name of the Portal server. To ensure more secure and quick authentication page push, you are advised to use the domain name mode. However, you need to configure the mapping between the domain name access.example.com and the IP address of the DNS server on the DNS server in advance.
    [AC-web-auth-server-portal_huawei] quit
    [AC] web-auth-server listening-port 2000   //Configure the port number used to process Portal packets on the device. The default port number is 2000. If this port number is changed on the server, you must also change the port number on the switch accordingly.
    [AC] portal quiet-period   //Enable the quiet function for Portal authentication. If the number of times that an authentication user fails to be authenticated within 60 seconds exceeds the configured value, the device discards packets from the user for a period of time to prevent impact on the system caused by frequent authentication failures.
    [AC] portal quiet-times 5   //Configure the maximum number of authentication failures within 60 seconds before the device quiets a Portal authentication user.
    [AC] portal timer quiet-period 240   //Set the quiet period for Portal authentication to 240 seconds.

    # Configure a Portal access profile.

    [AC] portal-access-profile name web1
    [AC-portal-acces-profile-web1] web-auth-server portal_huawei direct
    [AC-portal-acces-profile-web1] quit

    # Configure an authentication-free rule profile.

    [AC] acl 6000
    [AC-acl-ucl-6000] rule 1 permit ip destination fqdn www.googleapis.com   //Configure the switch to allow packets sent to the Google server to pass through before authentication.
    [AC-acl-ucl-6000] rule 2 permit ip destination fqdn apis.google.com   //Configure the switch to allow packets sent to the Google server to pass through before authentication.
    [AC-acl-ucl-6000] rule 3 permit ip destination fqdn connect.facebook.net   //Configure the switch to allow packets sent to the Facebook server to pass through before authentication.
    [AC-acl-ucl-6000] rule 4 permit ip destination fqdn api.twitter.com   //Configure the switch to allow packets sent to the Twitter server to pass through before authentication.
    [AC-acl-ucl-6000] rule 5 permit ip destination fqdn abs.twimg.com   //Configure the switch to allow packets sent to the Twitter server to pass through before authentication.
    [AC-acl-ucl-6000] rule 6 permit ip destination fqdn mobile.twitter.com   //Configure the switch to allow packets sent to the Twitter server to pass through before authentication.
    [AC-acl-ucl-6000] rule 7 permit ip destination fqdn twitter.com   //Configure the switch to allow packets sent to the Twitter server to pass through before authentication.
    [AC] free-rule-template name default_free_rule
    [AC-free-rule-default_free_rule] free-rule acl 6000   //Bind ACL 6000 to the authentication-free rule profile.
    [AC-free-rule-default_free_rule] quit

    # Configure an authentication profile.

    [AC] authentication-profile name p1
    [AC-authen-profile-p1] portal-access-profile web1   //Bind the Portal access profile web1.
    [AC-authen-profile-p1] free-rule-template default_free_rule   //Bind an authentication-free rule profile.
    [AC-authen-profile-p1] quit

    # Enable Portal authentication.

    [AC] interface vlanif 101
    [AC-Vlanif101] authentication-profile p1   //Enable Portal authentication on the interface to which mobile terminals connect.
    [AC-Vlanif101] quit

  5. Configure the AP to go online.

    # Create an AP group to which the APs with the same configuration can be added.

    [AC] wlan
    [AC-wlan-view] ap-group name ap-group1
    [AC-wlan-ap-group-ap-group1] quit

    # Create a regulatory domain profile, configure the AC country code in the profile, and apply the profile to the AP group.

    [AC-wlan-view] regulatory-domain-profile name domain1
    [AC-wlan-regulate-domain-domain1] country-code cn
    [AC-wlan-regulate-domain-domain1] quit
    [AC-wlan-view] ap-group name ap-group1
    [AC-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
    Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
    e?[Y/N]:y 
    [AC-wlan-ap-group-ap-group1] quit
    [AC-wlan-view] quit

    # Configure the AC's source interface.

    [AC] capwap source interface vlanif 100
    # Import the AP offline on the AC and add the AP to the AP group ap-group1. In this example, the AP's MAC address is 60de-4476-e360. Configure a name for the AP based on the AP's deployment location, so that you can know where the AP is located. For example, if the AP with MAC address 60de-4476-e360 is deployed in area 1, name the AP area_1.
    NOTE:

    The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

    In this example, the AP6010DN-AGN is used and has two radios: radio 0 and radio 1. Radio 0 of the AP6010DN-AGN works on the 2.4 GHz frequency band and radio 1 works on the 5 GHz frequency band.

    [AC] wlan
    [AC-wlan-view] ap auth-mode mac-auth
    [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
    [AC-wlan-ap-0] ap-name area_1
    [AC-wlan-ap-0] ap-group ap-group1
    Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
    s of the radio, Whether to continue? [Y/N]:y 
    [AC-wlan-ap-0] quit

    # After the AP is powered on, run the display ap all command to check the AP state. If the State field displays nor, the AP has gone online.

    [AC-wlan-view] display ap all
    Total AP information:
    nor  : normal          [1]
    Extra information:
    P  : insufficient power supply
    --------------------------------------------------------------------------------------------------
    ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
    --------------------------------------------------------------------------------------------------
    0    60de-4476-e360 area_1 ap-group1 10.23.100.254 AP5030DN        nor   0   10S         -
    --------------------------------------------------------------------------------------------------
    Total: 1

  6. Configure STAs to go online.

    # Create the security profile wlan-security and set the security policy to open system authentication.

    [AC-wlan-view] security-profile name wlan-security
    [AC-wlan-sec-prof-wlan-security] security open   //Set the security policy to open.
    [AC-wlan-sec-prof-wlan-security] quit

    # Create the SSID profile wlan-ssid and set the SSID name to wlan-net.

    [AC-wlan-view] ssid-profile name wlan-ssid
    [AC-wlan-ssid-prof-wlan-ssid] ssid wlan-net   //Set the SSID name to wlan-net.
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AC-wlan-ssid-prof-wlan-ssid] quit

    # Create the VAP profile wlan-vap, configure the service data forwarding mode and service VLANs, and apply the security profile, SSID profile, and authentication profile to the VAP profile.

    [AC-wlan-view] vap-profile name wlan-vap
    [AC-wlan-vap-prof-wlan-vap] forward-mode tunnel   //Set the service forwarding mode to tunnel forwarding.
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AC-wlan-vap-prof-wlan-vap] service-vlan vlan-id 101   //By default, the VLAN ID is 1. Set the VLAN ID to 101.
    [AC-wlan-vap-prof-wlan-vap] security-profile wlan-security
    [AC-wlan-vap-prof-wlan-vap] ssid-profile wlan-ssid
    [AC-wlan-vap-prof-wlan-vap] authentication-profile p1
    [AC-wlan-vap-prof-wlan-vap] quit

    # Bind the VAP profile wlan-vap to the AP group and apply the profile to radio 0 and radio 1 of the AP.

    [AC-wlan-view] ap-group name ap-group1
    [AC-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 0
    [AC-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 1
    [AC-wlan-ap-group-ap-group1] quit

    # Commit the configuration.

    [AC-wlan-view] commit all
    Warning: Committing configuration may cause service interruption, continue?[Y/N]:y
    NOTE:

    For wireless users, you can configure attributes for APs when the switch works as an AC. In versions earlier than V200R011C10, the configurations are not delivered to APs in real time, and are delivered to APs only after you run the commit command in the WLAN view. In V200R011C10 and later versions, the commit command is deleted, the switch delivers the configurations to APs every 5 seconds.

  7. Configure the Agile Controller-Campus and social media authentication server. For details, see Agile Controller-Campus Product Documentation - Example for Configuring Guest Access Using Social Media Accounts (GooglePlus, Facebook, or Twitter Accounts).
  8. Verify the configuration.

    After completing the configuration, run the display vap ssid wlan-net command. If the Status field displays ON, the VAP has been successfully created on the AP radios.

    [AC-wlan-view] display vap ssid wlan-net
    WID : WLAN ID
    --------------------------------------------------------------------------------
    AP ID AP name RfID WID     BSSID          Status  Auth type     STA   SSID
    --------------------------------------------------------------------------------
    0     area_1  1    1       60DE-4476-E360 ON      WPA2-PSK      0     wlan-net
    -------------------------------------------------------------------------------
    Total: 2

    Manually search for the WLAN with the SSID wlan-net. After completing the WeChat authentication process as prompted, run the display station ssid wlan-net command on the AC. The command output shows that the user has successfully connected to the WLAN wlan-net.

    [AC-wlan-view] display station ssid wlan-net
    Rf/WLAN: Radio ID/WLAN ID
    Rx/Tx: link receive rate/link transmit rate(Mbps)
    ---------------------------------------------------------------------------------
    STA MAC         AP ID Ap name   Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address
    ---------------------------------------------------------------------------------
    e019-1dc7-1e08  0     area_1    1/1      5G    11n   46/59      -68   101   192.168.20.254
    ---------------------------------------------------------------------------------
    Total: 1 2.4G: 0 5G: 1

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 100
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    return
  • AC configuration file

    #
    sysname AC
    #
    vlan batch 100 to 102
    #
    authentication-profile name p1
     portal-access-profile web1
     free-rule-template default_free_rule
    #
    domain portal
    #
    dhcp enable
    #
    radius-server template policy
     radius-server shared-key cipher %^%#v@)#XkYybF19}~4&3(rDX%va0:#G>0MDrOF^B;D+%^%#
     radius-server authentication 192.168.30.2 1812 source ip-address 192.168.30.1 weight 80
     radius-server accounting 192.168.30.2 1813 source ip-address 192.168.30.1 weight 80
    #
    acl number 3001
     rule 1 permit ip
    #
    acl number 6000
     rule 1 permit ip destination fqdn www.googleapis.com
     rule 2 permit ip destination fqdn apis.google.com
     rule 3 permit ip destination fqdn connect.facebook.net
     rule 4 permit ip destination fqdn api.twitter.com
     rule 5 permit ip destination fqdn abs.twimg.com
     rule 6 permit ip destination fqdn mobile.twitter.com
     rule 7 permit ip destination fqdn twitter.com
    #
    free-rule-template name default_free_rule
     free-rule acl 6000
    #
    web-auth-server portal_huawei
     server-ip 192.168.30.2
     port 50200
     shared-key cipher %^%#vB3l&dt|S!59SdGIdcT"mwAQ!4[#Y-#{IBGbI[l:%^%#
     url http://access.example.com:8080/portal
     source-ip 192.168.30.1
    #
    portal-access-profile name web1
     web-auth-server portal_huawei direct
    #
    aaa
     authentication-scheme auth
      authentication-mode radius
     accounting-scheme acco
      accounting-mode radius
      accounting realtime 15
     domain portal
      authentication-scheme auth
      accounting-scheme acco
      radius-server policy
    #
    interface Vlanif100
     ip address 192.168.10.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif101
     ip address 192.168.20.1 255.255.255.0
     authentication-profile p1
     dhcp select interface
    #
    interface Vlanif102
     ip address 192.168.30.1 255.255.255.0
    #
    interface GigabitEthernet1/0/1
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet1/0/2
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    interface GigabitEthernet1/0/3
     port link-type trunk
     port trunk allow-pass vlan 102
    #
    portal timer quiet-period 240
    portal quiet-times 5
    #
    capwap source interface vlanif100
    #
    wlan
     security-profile name wlan-security
     ssid-profile name wlan-ssid
      ssid wlan-net
     vap-profile name wlan-vap
      forward-mode tunnel
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
      authentication-profile p1
     regulatory-domain-profile name domain1
     ap-group name ap-group1
      regulatory-domain-profile domain1
      radio 0
       vap-profile wlan-vap wlan 1
      radio 1
       vap-profile wlan-vap wlan 1
     ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return
Download
Updated: 2019-05-16

Document ID: EDOC1000069466

Views: 161996

Downloads: 1808

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next