No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Non-Fast Roaming Between APs in the Same Service VLAN

Example for Configuring Non-Fast Roaming Between APs in the Same Service VLAN

Roaming Between APs in the Same Service VLAN Overview

WLAN roaming allows a STA to move from the coverage area of an AP to that of another AP with nonstop service transmission. Roaming between APs in the same service VLAN allows a STA to move between two APs that connect to the same AC without service interruption.

Roaming between APs in the same service VLAN is classified into fast roaming and non-fast roaming. Non-fast roaming technology is used when a STA uses a non-WPA2-802.1X security policy. If a STA uses WPA2-802.1X but does not support fast roaming, the STA still needs to complete 802.1X authentication before roaming between two APs. When the user uses the WPA2-802.1X security policy and supports fast roaming, the user does not need to perform 802.1X authentication again during roaming and only needs to perform key negotiation. Fast roaming reduces roaming delay and improves service experience.

Configuration Notes

  • The APs on which WLAN roaming is implemented must use the same SSID and security profiles, and the security profiles must have the same configurations.
  • In direct forwarding mode, if the ARP entry of a user is not aged out in time on the access device connected to the AP after the user roams, services of the user will be temporarily interrupted. You are advised to enable STA address learning on the AC. After the function is enabled, the AP will send a gratuitous ARP packet to the access device so that the access device can update ARP entries in a timely manner. This ensures nonstop service transmission during user roaming.

    You can use either of the following methods to enable STA address learning according to the version of your product:
    • Versions earlier than V200R007C20 and V200R008: run the learn client ip-address enable command in the service set view.
    • V200R007C20: run the undo learn-client-address disable command in the VAP profile view.
  • In direct forwarding mode, configure port isolation on the interface directly connected to APs. If port isolation is not configured, many broadcast packets will be transmitted in the VLANs or WLAN users on different APs can directly communicate at Layer 2.

  • How to configure the source interface:
    • In V200R005 and V200R006, run the wlan ac source interface { loopback loopback-number | vlanif vlan-id } command in the WLAN view.
    • In V200R007 and V200R008, run the capwap source interface { loopback loopback-number | vlanif vlan-id } command in the system view.
  • No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
    • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
    • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
    For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
  • The following table lists applicable products and versions.
    Table 11-23  Applicable products and versions

    Software Version

    Product Model

    AP Model and Version

    V200R005C00

    S7700, S9700

    V200R005C00:

    AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, AP7110SN-GN

    V200R006C00

    S5720HI, S7700, S9700

    V200R005C00:

    AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, AP7110SN-GN

    V200R007C00

    S5720HI, S7700, S9700

    V200R005C10:

    AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, AP7110SN-GN, AP8030DN, AP8130DN

    V200R005C20:

    AP7030DE, AP9330DN

    V200R008C00

    S5720HI, S7700, S9700

    V200R005C10:

    AP2010DN, AP3010DN-AGN, AP5010DN-AGN, AP5010SN-GN, AP5030DN, AP5130DN, AP6010SN-GN, AP6010DN-AGN, AP6310SN-GN, AP6510DN-AGN, AP6610DN-AGN, AP7110DN-AGN, AP7110SN-GN, AP8030DN, AP8130DN

    V200R005C20:

    AP7030DE, AP9330DN

    V200R005C30:

    AP2030DN, AP4030DN, AP4130DN

    NOTE:

    For S7700, you are advised to deploy S7712 or S7706 switches for WLAN services. S7703 switches are not recommended.

    For S9700, you are advised to deploy S9712 or S9706 switches for WLAN services. S9703 switches are not recommended.

Networking Requirements

As shown in Figure 11-10, a department on a campus network deploys two APs that are managed and controlled by an AC, which dynamically assigns IP addresses to the APs and STAs. All users in the department belong to the same VLAN, that is, AP1 and AP2 use the same service VLAN. The default security policy (WEP open system authentication) is used. User data is forwarded through tunnels.

The department requires services to be uninterrupted when a STA moves from AP1 to AP2.

Figure 11-10  Networking diagram for configuring non-fast roaming between APs in the same service VLAN

Data Planning

Table 11-24  Data planning

Item

Data

Description

IP address of the AC's source interface

192.168.10.1/24

None

WMM profile

Name: wmm

None

Radio profile

Name: radio

None

Security profile

  • Name: security
  • Security and authentication policy: WPA2+PSK
  • Authentication key: huawei123
  • Encryption mode: CCMP

None

Traffic profile

Name: traffic

None

Service set

  • Name: test
  • SSID: test
  • WLAN virtual interface: WLAN-ESS 1
  • Data forwarding mode: tunnel forwarding

None

DHCP server

The AC functions as a DHCP server to assign IP addresses to APs and STAs.

None

AP gateway and IP address pool range

VLANIF 100: 192.168.10.1/24

192.168.10.2 to 192.168.10.254/24

None

STA gateway and IP address pool range

VLANIF 101: 192.168.11.1/24

192.168.11.2 to 192.168.11.254/24

None

Configuration Roadmap

The configuration roadmap is as follows:
  1. The default security policy is used and access authentication is not required, which shortens the roaming switchover time. Configure non-fast roaming between APs in the same service VLAN to ensure nonstop service transmission during roaming.
  2. Configure parameters used for communication between the AC and APs to transmit CAPWAP packets.
  3. Configure the AC to function as a DHCP server to assign IP addresses to APs and STAs.
  4. Configure basic WLAN services to enable the STAs to connect to the WLAN.

Procedure

  1. Set the NAC mode on AC to unified mode (default setting). Configure SwitchA and the AC to allow the APs and AC to transmit CAPWAP packets.

    # Configure the SwitchA: add interfaces GE0/0/1, GE0/0/2, and GE0/0/3 to the management VLAN 100.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] vlan batch 100
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type trunk
    [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/1] quit
    [SwitchA] interface gigabitethernet 0/0/2
    [SwitchA-GigabitEthernet0/0/2] port link-type trunk
    [SwitchA-GigabitEthernet0/0/2] port trunk pvid vlan 100
    [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/2] quit
    [SwitchA] interface gigabitethernet 0/0/3
    [SwitchA-GigabitEthernet0/0/3] port link-type trunk
    [SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/3] quit
    

    # Add GE1/0/1 that connects the AC to SwitchA to VLAN 100.

    <HUAWEI> system-view
    [HUAWEI] sysname AC
    [AC] vlan batch 100
    [AC] interface gigabitethernet 1/0/1
    [AC-GigabitEthernet1/0/1] port link-type trunk
    [AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
    [AC-GigabitEthernet1/0/1] quit
    

  2. Configure the AC to communicate with the upstream device.

    # Add AC uplink interface GE1/0/3 to VLAN 101 (service VLAN).

    [AC] vlan batch 101
    [AC] interface gigabitethernet 1/0/3
    [AC-GigabitEthernet1/0/3] port link-type trunk
    [AC-GigabitEthernet1/0/3] port trunk allow-pass vlan 101
    [AC-GigabitEthernet1/0/3] quit
    

  3. Configure the AC as a DHCP server to assign IP addresses to STAs and the AP.

    # Configure the AC as the DHCP server to assign an IP address to the AP from the IP address pool on VLANIF 100, and assign IP addresses to STAs from the IP address pool on VLANIF 101.

    [AC] dhcp enable //Enable the DHCP function.
    [AC] interface vlanif 100
    [AC-Vlanif100] ip address 192.168.10.1 24
    [AC-Vlanif100] dhcp select interface  //Configure an interface-based address pool.
    [AC-Vlanif100] quit
    [AC] interface vlanif 101
    [AC-Vlanif101] ip address 192.168.11.1 24
    [AC-Vlanif101] dhcp select interface
    [AC-Vlanif101] quit
    

  4. Configure AC system parameters.

    # Configure the country code.

    [AC] wlan ac-global country-code cn
    Warning: Modify the country code may delete configuration on those AP which use 
    the global country code and reset them, continue?[Y/N]:y

    # Configure the AC ID and carrier ID.

    [AC] wlan ac-global ac id 1 carrier id other  //The default AC ID is 0. Set the AC ID to 1.

    # Configure the source interface.

    [AC] wlan
    [AC-wlan-view] wlan ac source interface vlanif 100
    

  5. Manage APs on the AC.

    # Check the AP type IDs after obtaining the MAC addresses of the APs.

    [AC-wlan-view] display ap-type all
      All AP types information:     
      ------------------------------------------------------------------------------
      ID     Type                   
      ------------------------------------------------------------------------------
      17     AP6010SN-GN            
      19     AP6010DN-AGN           
      21     AP6310SN-GN            
      23     AP6510DN-AGN           
      25     AP6610DN-AGN           
      27     AP7110SN-GN            
      28     AP7110DN-AGN           
      29     AP5010SN-GN            
      30     AP5010DN-AGN           
      31     AP3010DN-AGN           
      33     AP6510DN-AGN-US        
      34     AP6610DN-AGN-US        
      35     AP5030DN               
      36     AP5130DN               
      37     AP7030DE                                                               
      38     AP2010DN                                                               
      39     AP8130DN                                                               
      40     AP8030DN                                                               
      42     AP9330DN                                                               
      43     AP4030DN                                                               
      44     AP4130DN                                                               
      45     AP3030DN                                                               
      46     AP2030DN                                                               
      ------------------------------------------------------------------------------
      Total number: 23

    # Set the AP authentication mode to MAC address authentication (default setting). Add the APs offline based on the AP type ID. Assume that the type of AP1 and AP2 is AP6010DN-AGN, and their MAC addresses are 60de-4476-e360 and dcd2-fc04-b500, respectively.

    [AC-wlan-view] ap id 1 type-id 19 mac 60de-4476-e360
    [AC-wlan-ap-1] quit
    [AC-wlan-view] ap id 2 type-id 19 mac dcd2-fc04-b500
    [AC-wlan-ap-2] quit

    # Configure an AP region and add the APs to the AP region.

    [AC-wlan-view] ap-region id 10  //Create AP region 10
    [AC-wlan-ap-region-10] quit
    [AC-wlan-view] ap id 1
    [AC-wlan-ap-1] region-id 10  //Add AP1 to region 10
    [AC-wlan-ap-1] quit
    [AC-wlan-view] ap id 2
    [AC-wlan-ap-2] region-id 10  //Add AP2 to region 10
    [AC-wlan-ap-2] quit
    

    # Power on AP1 and AP2 and run the display ap all command on the AC to check the AP state. The command output shows that the APs are in normal state.

    [AC-wlan-view] display ap all
      All AP information:           
      Normal[2],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0]       
      Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]            
      ------------------------------------------------------------------------------
      AP    AP               AP              Profile   AP              AP           
                                             /Region                                
      ID    Type             MAC             ID        State           Sysname      
      ------------------------------------------------------------------------------
      1     AP6010DN-AGN     60de-4476-e360  0/10      normal          ap-1         
      2     AP6010DN-AGN     dcd2-fc04-b500  0/10      normal          ap-2         
      ------------------------------------------------------------------------------
      Total number: 2,printed: 2

  6. Configure WLAN service parameters.

    # Create a WMM profile named wmm.

    [AC-wlan-view] wmm-profile name wmm id 1
    [AC-wlan-wmm-prof-wmm] quit
    

    # Create a radio profile named radio and bind the WMM profile wmm to the radio profile.

    [AC-wlan-view] radio-profile name radio id 1 
    [AC-wlan-radio-prof-radio] wmm-profile name wmm 
    [AC-wlan-radio-prof-radio] quit
    [AC-wlan-view] quit
    

    # Create WLAN-ESS interface 1.

    [AC] interface wlan-ess 1
    [AC-Wlan-Ess1] port trunk allow-pass vlan 101
    [AC-Wlan-Ess1] quit
    

    # Create a security profile named security.

    [AC] wlan
    [AC-wlan-view] security-profile name security id 1
    [AC-wlan-sec-prof-security] security-policy wpa2  //Configure security policy WPA2.
    [AC-wlan-sec-prof-security] wpa2 authentication-method psk pass-phrase cipher huawei123 encryption-method ccmp  //Set the encryption method to PSK+CCMP.
    [AC-wlan-sec-prof-security] quit
    

    # Create a traffic profile named traffic.

    [AC-wlan-view] traffic-profile name traffic id 1
    [AC-wlan-traffic-prof-traffic] quit
    

    # Create a service set named test and bind the WLAN-ESS interface, security profile, and traffic profile to the service set.

    [AC-wlan-view] service-set name test id 1
    [AC-wlan-service-set-test] ssid test  //Set the SSID to test.
    [AC-wlan-service-set-test] wlan-ess 1 
    [AC-wlan-service-set-test] security-profile name security
    [AC-wlan-service-set-test] traffic-profile name traffic
    [AC-wlan-service-set-test] service-vlan 101  //Set the VLAN ID to 101. The default VLAN ID is 1.
    [AC-wlan-service-set-test] forward-mode tunnel  //Set the service forwarding mode to tunnel.
    [AC-wlan-service-set-test] quit
    

  7. Verify the configuration.

    After the configuration is complete, the STA can connect to the WLAN with the SSID test in the coverage area of AP1.

    Assume that the STA MAC address is 0025-86aa-0d1c. When the STA connects to the WLAN with the SSID test in the coverage area of AP1, run the display station assoc-info ap 1 command on the AC to check the STA access information.
    <HUAWEI> display station assoc-info ap 1
     ------------------------------------------------------------------------------
      STA MAC          AP ID   RADIO ID  SS ID   SSID
      ------------------------------------------------------------------------------
      0025-86aa-0d1c   1       0         0       test
      ------------------------------------------------------------------------------
    Total stations: 1
    When the STA moves from the coverage of AP1 to that of AP2, run the display station assoc-info ap 2 command on the AC to check the STA access information. The STA is associated with AP2.
    <HUAWEI> display station assoc-info ap 2
     ------------------------------------------------------------------------------
      STA MAC          AP ID   RADIO ID  SS ID   SSID
      ------------------------------------------------------------------------------
      0025-86aa-0d1c   2       0         1       test
      ------------------------------------------------------------------------------
    Total stations: 1
    Run the display station roam-track sta 0025-86aa-0d1c command on the AC to check the STA roaming track.
    <HUAWEI> display station roam-track sta 0025-86aa-0d1c
      ------------------------------------------------------------------------------
      AP ID  Radio ID  BSSID            TIME                                        
      ------------------------------------------------------------------------------
      1      0        60de-4476-e360   2012/12/23 14:40:37                          
      2      0        dcd2-fc04-b500   2012/12/23 14:40:39                          
      ------------------------------------------------------------------------------
      Number of roam track: 1

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 100
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/3
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    return
  • AC configuration file

    #
    sysname AC
    #
    vlan batch 100 to 101
    #
    wlan ac-global carrier id other ac id 1
    #
    dhcp enable
    #
    interface Vlanif100
     ip address 192.168.10.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif101
     ip address 192.168.11.1 255.255.255.0
     dhcp select interface
    #
    interface GigabitEthernet1/0/1
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet1/0/3
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    interface Wlan-Ess1
     port trunk allow-pass vlan 101 
    #
    wlan
     wlan ac source interface vlanif100
     ap-region id 10
     ap id 1 type-id 19 mac 60de-4476-e360 sn 190901007618
      region-id 10
     ap id 2 type-id 19 mac dcd2-fc04-b500 sn 190901007619
      region-id 10
     wmm-profile name wmm id 1
     traffic-profile name traffic id 1
     security-profile name security id 1
      security-policy wpa2                      
      wpa2 authentication-method psk pass-phrase cipher %@%@}PSoXN{buC{{i+L![@/I<|C"%@%@ encryption-method ccmp
     service-set name test id 1
      forward-mode tunnel
      wlan-ess 1
      ssid test
      traffic-profile id 1
      security-profile id 1
      service-vlan 101
     radio-profile name radio id 1
      channel-mode fixed  
      wmm-profile id 1
     ap 1 radio 0
      radio-profile id 1
      service-set id 1 wlan 1
     ap 2 radio 0
      radio-profile id 1
      channel 20MHz 6  
      service-set id 1 wlan 1
    #
    return
Download
Updated: 2019-04-20

Document ID: EDOC1000069520

Views: 693861

Downloads: 30178

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next