Wireless Network Deployment and Configuration Suggestions
This document provides brief suggestions for deploying and configuring a wireless network, covering the best practices. The suggestions aim to detail precautions for wireless network implementation in most scenarios.
Network Design Suggestion
Enabling STP Edge Ports Connected to APs
To improve network stability and prevent network loops caused by incorrect connections, the Spanning Tree Protocol (STP) is enabled on the device by default. When an STP-enabled port on the device is connected to another device that does not support STP, the port is blocked for 30 seconds. It is recommended that switch ports connected to APs be configured as STP edge ports, so that the APs can rapidly connect to the network.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] stp edged-port enable
Enabling LLDP on the PoE Ports Connected to APs
After the Link Layer Discovery Protocol (LLDP) is configured, the device can analyze powered devices (PDs). When LLDP is disabled, the device can detect and classify PDs only by analyzing the current and resistance between the device and PDs. Compared with current and resistance analysis, the LLDP function provides more comprehensive and accurate analysis.
Enable LLDP globally. After LLDP is enabled globally, the LLDP function is enabled on all ports by default.
<HUAWEI> system-view [HUAWEI] lldp enable
Configuring VLANs
In practice, the management VLAN and service VLAN must be configured for management packets and service data packets.
- Management VLAN: transmits packets that are forwarded through CAPWAP tunnels, including management packets and service data packets forwarded through CAPWAP tunnels.
- Service VLAN: transmits service data packets.
It is recommended that you use different VLANs for the management VLAN and service VLAN.
You are not advised to use VLAN 1 as the management VLAN or service VLAN.
In tunnel forwarding mode, the management VLAN and service VLAN must be different. The network between the AC and AP can only permit packets with management VLAN tags to pass through, and cannot permit packets with service VLAN tags to pass through.
When a downlink GE interface of an AD9431DN-24X works in middle mode, the interface allows packets from all VLANs but no VLAN is created by default. VLANs are automatically created or deleted based on the VLAN list on the connected RU.
- When an AP connects to an AC through a Layer 2 network, VLAN m is the same as VLAN m', and VLAN s is the same as VLAN s'.
- When an AP connects to an AC through a Layer 3 network, VLAN m is different from VLAN m', and VLAN s is different from VLAN s'.
Figure 3-155 shows the process of forwarding management packets through CAPWAP tunnels.
In Figure 3-155:
- In the uplink direction (from the AP to the AC): When receiving management packets, the AP encapsulates the packets in CAPWAP packets. The switch tags the packets with VLAN m. The AC decapsulates the CAPWAP packets and removes the tag VLAN m'.
- In the downlink direction (from the AC to the AP): When receiving downstream management packets, the AC encapsulates the packets in CAPWAP packets and tags them with VLAN m'. The switch removes VLAN m from the packets. The AP decapsulates the CAPWAP packets.
Figure 3-156 shows the process of directly forwarding service data packets.
In Figure 3-156, service data packets are not encapsulated in CAPWAP packets.
- In the uplink direction (from the STA to the Internet): When upstream service data packets in 802.11 format are sent from the STA to the AP, the AP converts the packets into 802.3 packets, tags the packets with VLAN s, and forwards the packets to the destination.
- In the downlink direction (from the Internet to the STA): When downstream service data packets in 802.3 format reach the AP (the packets are tagged with VLAN s' by upstream devices), the AP converts the 802.3 packets into 802.11 packets and forwards them to the STA.
Figure 3-157 shows the process of forwarding service data packets through CAPWAP tunnels.
In Figure 3-157, service data packets are encapsulated in CAPWAP packets and transmitted through CAPWAP data tunnels.
- In the uplink direction (from the STA to the Internet): When upstream service data packets in 802.11 format are sent from the STA to the AP, the AP converts the packets into 802.3 packets, tags the packets with VLAN s, and encapsulates them in CAPWAP packets. The upstream switch tags the packets with VLAN m. The AC decapsulates the CAPWAP packets and removes the tag VLAN m' from the packets.
- In the downlink direction (from the Internet to the STA): When downstream service data packets reach the AC, the AC encapsulates the packets in CAPWAP packets, allows the packets carrying VLAN s to pass through, and tags the packets with VLAN m'. The switch removes VLAN m from the packets. The AP decapsulates the CAPWAP packets, removes VLAN s, converts the 802.3 packets into 802.11 packets, and forwards them to the STA.
Management VLAN tag VLAN m is the outer tag of CAPWAP-encapsulated packets. The intermediate devices between the AC and AP can only transparently transmit packets carrying VLAN m and cannot be configured with VLAN s encapsulated in the CAPWAP packets.
Enabling the STP TC Protection Function
The STP function is enabled on an AC by default. STP can prevent network loops caused by incorrect connections or required by link backup.
When the STP topology changes, the device sends Topology Change (TC) packets to instruct other devices to update their forwarding tables. If network flapping occurs, the devices will receive a large number of TC packets in a short period of time, and update MAC address or ARP entries frequently. As a result, the devices are heavily burdened, threatening network stability.
The STP TC protection function is enabled by default. After enabling the TC protection function, you can set the number of times a switching device processes TC packets within a given time. If the number of TC packets received by the switching device within the given time exceeds the specified threshold, the switching device processes TC packets only for the specified number of times. For the TC packets exceeding the threshold, the switching device processes them together after the timer expires. In this way, the switching device is prevented from frequently deleting its MAC address and ARP entries, and therefore relieved from the ensuing burdens.
<HUAWEI> system-view [HUAWEI] stp tc-protection
Disabling an AC from Responding to TC Packets, Enabling MAC-ARP Association, and Disabling IP Traffic Forwarding at Layer 2 During Link Switching on a Ring Network When the AC Functions As a Gateway
In normal cases, when STP detects network topology changes, the device sends TC packets to instruct its ARP module to age out or delete ARP entries. In this case, the device needs to learn ARP entries again to obtain the latest ARP entry information. However, if the network topology changes frequently or network devices on the network have a large number of ARP entries, ARP learning will increase the number of ARP packets. These ARP packets will occupy excessive system resources and affect running of other services.
To prevent this situation, you can disable APR tables from responding to TC packets. In this way, ARP entries of network devices on the network are not aged out or deleted even if the network topology changes. In addition, you can enable MAC address-triggered ARP entry update to prevent user service interruption even if ARP entries are not updated in a timely manner. In wireless scenarios, IP traffic forwarding at Layer 2 is not supported when links are switched on a ring network. Therefore, it is recommended that this function be disabled.
<HUAWEI> system-view [HUAWEI] arp topology-change disable
<HUAWEI> system-view [HUAWEI] mac-address update arp
<HUAWEI> system-view [HUAWEI] ip forwarding converge normal
Configuring Port Isolation on Ports Connected to APs
In wireless application scenarios, APs typically do not need to access each other at Layer 2 or exchange broadcast packets. Therefore, you can configure port isolation on switch ports connected to APs. This function improves user communication security and prevents invalid broadcast packet data from being sent to the APs, ensuring the APs' forwarding performance and user services. In addition, port isolation needs to be configured for Layer 2 network devices connected to the AP gateway. For example, port isolation needs to be configured on the ports of aggregation switches connected to APs on the same Layer 2 network.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] port-isolate enable group 1
User Isolation Is Recommended in Accounting Scenarios
In a traffic profile, user isolation prevents Layer 2 packets of all users from being forwarded to each other. That is, the users cannot communicate with each other after user isolation is enabled. This improves user communication security and enables the gateway to centrally forward user traffic, facilitating user accounting and management.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] traffic-profile name traffic1 [HUAWEI-wlan-traffic-prof-traffic1] user-isolate l2 Warning: This action may cause service interruption. Continue?[Y/N]y
Enabling Optimized ARP Reply
A gateway may receive a large number of ARP Request packets that request the device to reply with its local interface MAC address. If all these ARP Request packets are sent to the control board for processing, the gateway's CPU is busy with these ARP Request packets and cannot process other services.
- When receiving an ARP Request packet of which the destination IP address is the local interface address, the LPU directly returns an ARP Reply packet.
- When a switch receives an ARP Request packet of which the destination IP address is not the local interface address and intra-VLAN proxy ARP is enabled on the switch, the LPU checks whether the ARP Request packet meets the proxy condition. If so, the LPU returns an ARP Reply packet. If not, the LPU discards the packet.
- If the corresponding ARP entry exists, the switch performs optimized ARP reply to this ARP Request packet.
- If the corresponding ARP entry does not exist, the switch does not perform optimized ARP reply to this ARP Request packet.
- arp anti-attack gateway-duplicate enable: enables the ARP gateway anti-collision function.
- arp ip-conflict-detect enable: enables IP address conflict detection.
- arp anti-attack check user-bind enable: enables dynamic ARP inspection.
- dhcp snooping arp security enable: enables egress ARP inspection.
- arp over-vpls enable: enables ARP proxy on the device located on a VPLS network.
- arp-proxy enable: configures the routed ARP proxy function.
- ARP rate limiting based on source MAC addresses (configured using the arp speed-limit source-mac command)
- ARP rate limiting based on source IP addresses (configured using the arp speed-limit source-ip command)
- Global ARP rate limiting, ARP rate limiting in VLANs, as well as ARP rate limiting on interfaces (configured using the arp anti-attack rate-limit enable command)
Reliability Configuration
ACs use cluster switch system (CSS) technology for networking, and access switches are connected to different members in the CSS through Eth-Trunks. If one AC is faulty, the network can be restored rapidly.
ARP Proxy Is Not Recommended When the AC Serves as a Gateway
The ARP proxy function increases the burden on the gateway, reducing the number of wireless users supported by the AC. It is recommended that the ARP proxy function be disabled when the AC serves as the gateway, unless otherwise required.
The AC Is Not Recommended as a DHCP Server
Wireless users roam, causing DHCP lease renewal (a short lease). This poses high requirements for the performance of the DHCP server. When the AC serves as a DHCP server, AC system performance is consumed, reducing the number of wireless users supported by the AC. Therefore, it is not recommended that the AC serve as both the gateway and DHCP server, unless otherwise required.
Properly Deploying eSight
If eSight is deployed, it periodically collects system data from the AC. In this case, you need to deploy Performance Management (PM) and set the collection interval to 30 minutes or longer.
<HUAWEI> system-view [HUAWEI] pm [HUAWEI-pm] statistics-task task1 [HUAWEI-pm-statistics-task1] sample-interval 30
PM technology periodically collects system data and consumes system resources. If eSight is not deployed, it is recommended that PM be disabled.
WLAN Service Configuration Suggestion
Configuring WPA2 + 802.1X Authentication
In commercial use environments, secure authentication and encryption modes are required. WPA2-AES encryption is recommended. High-security 802.1X authentication together with AES encryption is more suitable for closed enterprise networks.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] security-profile name p1 [HUAWEI-wlan-sec-prof-p1] security wpa2 dot1x aes
If STAs of multiple types exist, you can configure different authentication and encryption modes. Hybrid encryption is recommended.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] security-profile name p1 [HUAWEI-wlan-sec-prof-p1] security wpa-wpa2 dot1x aes-tkip
Configuring the Retransmission Timeout Interval for RADIUS Request Packets
For a large-scale or busy network, configure the shortest retransmission timeout interval for RADIUS request packets. When a long retransmission timeout interval is set, retransmission occupies system resources. A short retransmission timeout interval can improve the AC's packet processing capability.
The default retransmission timeout interval for wireless users is 5 seconds, which is suitable for most wireless user authentication scenarios. When IP addresses of more than eight authentication servers are configured in a RADIUS server template, or 802.1X authentication is used, it is recommended that the retransmission timeout interval be set to 1 second to improve network processing efficiency.
<HUAWEI> system-view [HUAWEI] radius-server template test1 [HUAWEI-radius-test1] radius-server timeout 1
Configuring the Timeout Interval for Sending 802.1X Authentication Requests
By default, the timeout interval for an AC to send 802.1X authentication requests is 30 seconds, and the maximum number of retransmission times is 2. In some scenarios, you can adjust these values properly to optimize network deployment.
If one-time passwords (OTPs) are used, for example, access passwords are sent by network maintenance departments to STAs through short messages, users send requests for applying for passwords, and receive the applied passwords, and enter the passwords for authentication. This process may take more than 30 seconds. In this case, set a longer timeout interval for sending 802.1X authentication requests.
If the network environment is poor (for example, wireless interference is severe) and many packets are lost, you are advised to set a short timeout interval for sending 802.1X authentication requests and a large number of retransmission times to improve network convergence performance.
<HUAWEI> system-view [HUAWEI] dot1x timer tx-period 20 [HUAWEI] dot1x-access-profile name d1 [HUAWEI-dot1x-access-profile-d1] dot1x retry 4
Reducing the Number of SSIDs
SSIDs identify different wireless networks. When you search for available wireless networks on a STA, the displayed wireless network names are SSIDs.
It is recommended that a limited number of SSIDs be configured on an AC. A maximum of 16 SSIDs can be configured for each AP. Too many SSIDs occupy AC system resources.
Reducing the Association Aging Time of STAs
STAs in stadiums move frequently, and a large number of STAs associate with APs deployed at stadium entrances in a short period of time. As a result, no new STA can associate with the APs after the number of associated STAs reaches the upper limit.
Many STAs will leave the coverage area of the APs. Therefore, you are advised to set the association aging time of STAs to 1 minute.
In wireless city scenarios, you are advised to reduce the association aging time of STAs. One minute is recommended.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] ssid-profile name ssid1 [HUAWEI-wlan-ssid-prof-ssid1] association-timeout 1 Warning: This action may cause service interruption. Continue?[Y/N]y
STA Blacklist and Whitelist Are Not Recommended
On a WLAN, the blacklist or whitelist can be configured to filter access from STAs based on specified rules. The blacklist or whitelist allows authorized STAs to connect to the WLAN and rejects access from unauthorized STAs.
The STA blacklist and whitelist increase the burden on the AC and degrade AC performance. Therefore, the blacklist and whitelist are not recommended, unless otherwise required.
802.11r Is Not Recommended
802.11r is an IEEE protocol that defines fast roaming. Before associating with target APs, STAs complete handshakes for initial identity authentication. By default, 802.11r is disabled.
Only iOS 6 and later versions support 802.11r. STAs that do not support 802.11r cannot associate with 802.11r-enabled WLANs. It is recommended that 802.11r be disabled when multiple types of STAs exist on a WLAN.
AP Load Balancing Is Not Recommended
After AP load balancing is configured, APs in the load balancing group forward received Probe packets to the AC. The AC then determines the APs from which STAs can access the WLAN. Too many Probe packets may degrade AC performance. Therefore, it is recommended that the AP load balancing function be disabled, unless otherwise required.
The Function of Recording Successful STA Associations in the Log Is Not Recommended
After the function of recording successful STA associations in the log is enabled, information about successfully associated STAs is recorded in the log, so that the administrator can view information about successful STA associations. Recording successful STA associations in the log degrades AC performance, especially in scenarios with a large number of STAs. Therefore, it is recommended that this function be disabled. This function is disabled by default.
# Disable the function of recording successful STA associations in the log.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] undo report-sta-assoc enable
Reporting Information about STA Traffic and Online Duration on APs Is Not Recommended
You can enable an AC to report information about STA traffic and online duration on APs to eSight. After this function is enabled, the AC collects and reports the information to eSight through Syslog when STAs get offline or roam within the AC, which facilitates data query on eSight.
Frequent information reporting degrades AC performance, especially in scenarios with a large number of STAs. Therefore, it is recommended that this function be disabled no matter whether eSight is deployed on a WLAN. This function is disabled by default.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] undo report-sta-info enable
Enabling the Function of Disconnecting Weak-Signal STAs
This function is recommended in high-density stadium and higher education scenarios, but not recommended in wireless city scenarios.
Security Configuration Suggestion
Network Security Suggestion
To protect network devices' CPU against attacks and ensure that users can use network resources properly, user control traffic and data traffic need to be limited. It is recommended that the traffic be limited on network edges, that is, on APs.
Control traffic limiting: ARP, ND, and IGMP flood attack detection is enabled on an AP by default. The rate thresholds for ARP, ND, and IGMP flood attack detection are 5 pps, 16 pps, and 4 pps, respectively. You are not advised to change the default values. When service traffic is heavy on a network, the values can be increased properly. However, it is recommended that the values be increased by no more than 100%.
# Set the rate threshold for ARP flood attack detection to 10 pps. (This function is supported only by V200R010.)<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] vap-profile name profile1 [HUAWEI-wlan-vap-prof-profile1] anti-attack arp-flood sta-rate-threshold 10
Data traffic limiting: The rate limit of upstream and downstream packets for each STA or all STAs associated with a VAP is configured in a traffic profile on an AP.
# Set the rate limit of upstream packets to 1 Mbit/s for each STA associated with the VAP that has the traffic profile p1.<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] traffic-profile name p1 [HUAWEI-wlan-traffic-prof-p1] rate-limit client up 1024
The user-level rate limiting function is recommended for X series cards and is enabled by default. Supported packet types include ARP Request, ARP Reply, ND, DHCP Request, DHCPv6 Request, and 802.1X. By default, the user-level rate limit is 10 pps. You can adjust the rate limit for a specified STA.
# Set the rate limit threshold for the STA with MAC address 000a-000b-000c to 20 pps.<HUAWEI> system-view [HUAWEI] cpu-defend host-car mac-address 000a-000b-000c pps 20
The attack source tracing function is recommended for non-X series cards and is enabled by default. If the number of protocol packets of normal services exceeds the specified checking threshold and an attack source punishment action is configured, the attack source tracing function may affect these normal services. You can attempt to disable the attack source tracing function or disable this function for corresponding protocols to restore the services.
# Configure the device to discard packets from the identified source every 10 seconds.<HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] auto-defend enable [HUAWEI-cpu-defend-policy-test] auto-defend action deny timer 10
# Delete IGMP and TTL-expired packets from the list of traced packets.<HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] auto-defend enable [HUAWEI-cpu-defend-policy-test] undo auto-defend protocol igmp ttl-expired
ICMP Fast Reply Is Recommended
Ping is a common method for checking network connectivity. However, a large number of ICMP packets affect device performance, reducing the number of wireless users supported by the AC. The ICMP fast reply function is enabled on a switch by default. Keep this function enabled, unless otherwise required.
CAPWAP Tunnel Encryption Is Not Recommended
The parent and an AS transmit management packets through a Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. To ensure tunnel confidentiality and security, you can use Datagram Transport Layer Security (DTLS) to encrypt packets transmitted in the CAPWAP tunnel. DTLS encryption, however, degrades AC performance. It is recommended that DTLS encryption be disabled in scenarios without high security requirements or special customer requirements.
Radio Configuration Suggestion
WIDS Is Not Recommended
Wireless Intrusion Detection System (WIDS) enables monitoring APs to periodically detect wireless signals. In this manner, the AC can obtain information about devices on the wireless network and take measures to prevent access from unauthorized devices. Frequent monitoring and data reporting, however, degrade AC performance. Therefore, it is recommended that WIDS be disabled, unless otherwise required.
Scanning Channels of Unauthorized Devices
If the WIDS function is enabled, an AP scans all channels supported by the corresponding country code by default. Frequent channel scanning degrades AC performance. It is recommended that only calibration channels be scanned.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] air-scan-profile name myprofile [HUAWEI-wlan-air-scan-prof-myprofile] scan-channel-set dca-channel
Configuring a Proper Interval for Reporting Information About Unauthorized Devices
If WIDS is enabled, a monitoring AP caches information about detected wireless devices at the interval at which an AP incrementally reports wireless device information. When the interval is reached, the monitoring AP reports the information to the AC and then clears the reported information.
By default, an AP incrementally reports wireless device information to an AC at an interval of 300 seconds. You are not advised to change the default value. When a short interval is set, suspicious devices can be rapidly detected. If the interval is too short, however, information about unauthorized devices that exist instantaneously may be incorrectly reported. As a result, the reported information may be incorrect, and information reporting occupies unnecessary AC and AP resources.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] air-scan-profile name myprofile [HUAWEI-wlan-air-scan-prof-myprofile] quit [HUAWEI-wlan-view] ap-group name office [HUAWEI-wlan-ap-group-office] radio 0 [HUAWEI-wlan-group-radio-office/0] wids device detect enable [HUAWEI-wlan-group-radio-office/0] quit [HUAWEI-wlan-ap-group-office] quit [HUAWEI-wlan-view] wids-profile name office [HUAWEI-wlan-wids-prof-office] device report-interval 120
Properly Configuring Radio Calibration
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] calibrate enable manual
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] calibrate enable schedule time 20:30:00
Properly Configuring Band Steering
Compared with the 2.4 GHz frequency band, the 5 GHz frequency band has fewer interference sources and more available channels, and provides higher access capability.
Most STAs support both the 5 GHz and 2.4 GHz frequency bands, and usually associate with the 2.4 GHz frequency band by default when connecting to the Internet through APs. To associate STAs with the 5 GHz frequency band, you need to manually select the 5 GHz frequency band. The band steering function addresses this issue.
After the band steering function is enabled for a specified SSID on the AC, the AP preferentially associates the STAs connected to the SSID with the 5 GHz frequency band. After the 5 GHz frequency band is fully loaded, the AP steers the STAs to the 2.4 GHz frequency band.
If both radios of an AP use the same VAP profile, the band steering function takes effect on both the radios as long as the function is enabled for an SSID on one radio of the AP. For example, if the band steering function is enabled for the SSID huawei on the 2.4 GHz radio but not on the 5 GHz radio, the AP preferentially steers STAs associated with the SSID to the 5 GHz radio.
The band steering function is enabled by default. Single-radio APs do not support the band steering function.
Enabling Smart Roaming Based on Scenarios
On a traditional WLAN, when a STA is moving away from an AP, the STA's access rate becomes lower, but the STA still associates with the AP instead of re-initiating a connection with the AP or roaming to another AP. This degrades user experience. The smart roaming function can address this issue. When detecting that the signal-to-noise ratio (SNR) or access rate of a STA is lower than the specified threshold, the AP sends a Disassociation packet to the STA so that the STA can reconnect to the AP or roam to another AP.
This function applies to high-density static scenarios, for example, lecture halls. This function is not recommended in scenarios where STAs move frequently, such as wireless cities. If this function is enabled, you are advised to retain the default roaming threshold.
If a high roaming threshold is configured, STAs may go offline frequently. If a small roaming threshold is configured, STAs cannot roam to APs with better signals in a timely manner.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] rrm-profile name myprofile [HUAWEI-wlan-rrm-prof-myprofile] smart-roam enable
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] rrm-profile name myprofile [HUAWEI-wlan-rrm-prof-myprofile] undo smart-roam disable
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] rrm-profile name myprofile [HUAWEI-wlan-rrm-prof-myprofile] smart-roam enable
Dynamic EDCA Parameter Adjustment Is Recommended
A WLAN has only three non-overlapping channels on the 2.4 GHz frequency band. When APs are densely deployed in high-density indoor scenarios of universities, multiple APs have to work on the same channel. As a result, co-channel interference is caused and degrades network performance.
The dynamic EDCA parameter adjustment function allows APs to adjust EDCA parameters flexibly by detecting the number of STAs to reduce the possibility of collision, improve the throughput, and enhance user experience.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] rrm-profile name myprofile [HUAWEI-wlan-rrm-prof-myprofile] dynamic-edca enable
Enabling the Short GI
In high-density indoor scenarios of universities, you are advised to enable the short GI to improve the transmission rate of 802.11n and 802.11ac packets.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] radio-2g-profile name default [HUAWEI-wlan-radio-2g-prof-default] guard-interval-mode short
Setting the RTS-CTS Operation Mode in a Radio Profile
The Request To Send/Clear To Send (RTS/CTS) handshake protocol prevents data transmission failures caused by channel conflicts. If STAs perform RTS/CTS handshakes before sending data each time, RTS frames consume high channel bandwidth. In high-density indoor scenarios of universities, you are advised to use the RTS/CTS mode.
# Set the RTS-CTS operation mode to rts-cts in a radio profile.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] radio-2g-profile name default [HUAWEI-wlan-radio-2g-prof-default] rts-cts-mode rts-cts [HUAWEI-wlan-radio-2g-prof-default] rts-cts-threshold 1400 [HUAWEI-wlan-radio-2g-prof-default] quit [HUAWEI-wlan-view] radio-5g-profile name default [HUAWEI-wlan-radio-5g-prof-default] rts-cts-mode rts-cts [HUAWEI-wlan-radio-5g-prof-default] rts-cts-threshold 1400 [HUAWEI-wlan-radio-5g-prof-default] quit
Disconnecting Weak-Signal STAs
If a large signal strength threshold is set, STAs may go offline easily. Set a proper threshold based on the actual situation.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] rrm-profile name default [HUAWEI-wlan-rrm-prof-default] smart-roam enable [HUAWEI-wlan-rrm-prof-default] smart-roam roam-threshold check-snr [HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-threshold snr 20
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] rrm-profile name default [HUAWEI-wlan-rrm-prof-default] undo smart-roam quick-kickoff-threshold disable [HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-threshold check-snr [HUAWEI-wlan-rrm-prof-default] smart-roam quick-kickoff-threshold snr 20