No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - WLAN-AC

This document describes native AC (hereinafter referred to as WLAN AC) configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VAP

Configuring a VAP

Creating a VAP Profile

Context

After you create a VAP profile, configure parameters in the profile. After the profile is applied in the AP group view, AP view, AP radio view, or AP group radio view, VAPs are generated and can provide wireless access services for STAs. You can configure different parameters in the VAP profile to enable APs to provide different wireless services.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    A VAP profile is created, and the VAP profile view is displayed.

    By default, the system provides the VAP profile default.

Configuring a Data Forwarding Mode

Context

Data on a WLAN involves control packets (management packets) and data packets. Control packets are forwarded through CAPWAP control tunnels. Data packets are forwarded in tunnel forwarding (centralized forwarding) or direct forwarding (local forwarding) mode according to whether data packets are forwarded through CAPWAP data tunnels.

Table 5-9 compares tunnel forwarding and direct forwarding.
Table 5-9  Comparison of tunnel forwarding and direct forwarding
Data Forwarding Mode Advantage Disadvantage
Tunnel forwarding

An AC forwards data packets in a centralized manner, ensuring security and facilitating centralized management and control.

Service data must be forwarded by an AC, reducing packet forwarding efficiency and burdening the AC.

Direct forwarding

Service data packets do not need to be forwarded by an AC, improving packet forwarding efficiency and reducing the burden on the AC.

Service data packets cannot be centrally managed or controlled.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Run:

    forward-mode { direct-forward | tunnel }

    A data forwarding mode is configured in a VAP profile.

    By default, the forwarding mode is direct-forward in the VAP profile.

Configuring Service VLANs

Context

Layer 2 data packets delivered from a VAP to an AP carry the service VLAN IDs.

Since WLANs provide flexible access modes, STAs may connect to the same WLAN at the office entrance or stadium entrance, and then roam to different APs.
  • If a single VLAN is configured as the service VLAN, IP address resources may become insufficient in areas where many STAs access the WLAN, and IP addresses in the other areas are wasted.

  • After a VLAN pool is created, add multiple VLANs to the VLAN pool and configure the VLANs as service VLANs. In this way, an SSID can use multiple service VLANs to provide wireless access services. STAs are dynamically assigned to VLANs in the VLAN pool, which reduces the number of STAs in each VLAN and also the size of the broadcast domain. Additionally, IP addresses are evenly allocated, preventing IP address waste.

    VLAN assignment algorithms include even and hash.

    • When the VLAN assignment algorithm is set to even, service VLANs are assigned to STAs from the VLAN pool based on the order in which STAs go online. Address pools mapping the service VLANs evenly assign IP addresses to STAs. If a STA goes online many times, it obtains different IP addresses.

    • When the VLAN assignment algorithm is set to hash, VLANs are assigned to STAs from the VLAN pool based on the harsh result of their MAC addresses. As long as the VLANs in the VLAN pool do not change, the STAs obtain fixed service VLANs. A STA is preferentially assigned the same IP address when going online at different times.

Note the following when adding service VLANs to the VLAN pool:

  • After a VLAN pool is configured to provide service VLANs, VLANs in the VLAN pool cannot be deleted. To delete the VLAN pool, cancel the service VLAN configuration of the VLAN pool.

  • In scenarios where a dual-stack address pool is configured, a STA successfully obtains an IP address if the VLAN pool has assigned an IPv4 or IPv6 address to it. In this case, the VLAN pool will not assign a new VLAN to the STA.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Configure a VLAN pool.

    This step is required when VLANs in a VLAN pool are used as service VLANs.

    1. Run the vlan batch { vlan-id1 [ to vlan-id2 ] } &<1-10> command to create VLANs in a batch.
    2. Run the vlan pool pool-name command to create a VLAN pool and enter the VLAN pool view.

      By default, no VLAN pool is created.

    3. Run the vlan { start-vlan [ to end-vlan ] } &<1-10> command to add VLANs to the VLAN pool.

      By default, no VLAN is available in a VLAN pool.

    4. (Optional) Run the assignment { even | hash } command to configure a VLAN assignment algorithm in the VLAN pool.

      By default, the VLAN assignment algorithm is hash in a VLAN pool.

      The VLAN assignment algorithm configuration affects only newly connected STAs, but not those that have been connected to the network.

    5. Run the quit command to return to the system view.
  3. Run:

    wlan

    The WLAN view is displayed.

  4. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  5. Run:

    service-vlan { vlan-id vlan-id | vlan-pool pool-name }

    A service VLAN is configured for a VAP.

    By default, VLAN 1 is the service VLAN of a VAP.

(Optional) Improving VAP Security

Context

You can perform the following configurations to improve VAP security: enable STA address learning, strict STA IP address learning through DHCP, IP source guard on an AP, and dynamic ARP probing, and disable DHCP trusted port functions on an AP.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Improve VAP security.

    Procedure

    Command

    Description

    Enable STA address learning

    undo learn-client-address disable

    By default, STA address learning is enabled.

    If a STA associates with an AP that has STA address learning enabled and obtains an IP address, the AP automatically reports the STA IP address to the AC to maintain the STA' IP address and MAC address binding entry

    Enabling STA address learning is a prerequisite for enabling strict STA IP address learning through DHCP.

    In offline management VAP scenarios, STA address learning does not take effect.

    Enable strict STA IP address learning through DHCP

    learn-client-address dhcp-strict [ blacklist enable ]

    By default, strict STA IP address learning through DHCP is disabled.

    When a STA associates with an AP, the following situation occurs after strict STA IP address learning through DHCP is enabled:
    • If the STA obtains an IP address through DHCP, the AP will automatically report the IP address to the AC. The STA IP address can be used to maintain the mapping between STA IP addresses and MAC addresses.
    • For a STA using a static IP address:
      • If blacklist enable is specified, the STA will be added to a dynamic blacklist of the AP and cannot associate with the AP before the blacklist entry ages.
      • If blacklist enable is not specified, the STA can associate with the AP but the AP does not learn the IP address of the STA.

    After strict STA IP address learning is enabled, it is recommended that you run the ip source check user-bind enable and arp anti-attack check user-bind enable commands to enable IP source guard and dynamic ARP inspection so that STAs cannot communicate with the network before obtaining an IP address through DHCP.

    Enable IP source guard on an AP.

    ip source check user-bind enable

    By default, IP source guard is disabled on APs.

    IP source guard checks IP packets against the binding table to defend against source IP address spoofing attacks.

    IP source guard takes effect only when both the undo learn-client-address disable and ip source check user-bind enable commands are executed.

    If an offline STA goes online again on the AC enabled with STA address learning, you may not view the IP address of the STA. To solve this problem, enable IP source guard.

    Enable dynamic ARP probing.

    arp anti-attack check user-bind enable

    By default, DAI is disabled.

    DAI allows an AP to detect the ARP Request and Reply packets transmitted on the VAPs, to discard invalid and attack ARP packets, and to send an alarm to the connected AC. This function prevents ARP packets of unauthorized users from accessing the external network through the AP, protecting authorized users against interference or spoofing, and protecting the AP.

    Disable DHCP trusted port on an AP.

    undo dhcp trust port

    By default, the DHCP trusted interface is disabled in the VAP profile view and enabled on the AP's uplink interface in the AP wired port profile view.

    If a bogus DHCP server is deployed at the user side, STAs may obtain incorrect IP addresses and network configuration parameters and cannot communicate properly. After the undo dhcp trust port command is executed in the VAP profile view, an AP discards the DHCP OFFER, ACK, and NAK packets sent by the bogus DHCP server and reports to the AC about the IP address of the unauthorized DHCP server.

    Usually, you need to run the dhcp trust port command in an AP wired port profile to enable a DHCP trusted port on an AP. After that, the AP receives the DHCP OFFER, ACK, and NAK packets sent by authorized DHCP servers and forwards the packets to STAs so that the STAs can obtain valid IP addresses and go online. For the detailed configuration, see Managing an AP's Wired Interface.

    Enable broadcast flood attack detection and defense.

    undo anti-attack broadcast-flood disable

    By default, the broadcast flood detection function is enabled.

    (Optional)anti-attack broadcast-flood sta-rate-threshold sta-rate-threshold

    By default, the broadcast flood threshold is 10 pps.

    (Optional)anti-attack broadcast-flood blacklist enable

    By default, the broadcast flood blacklist function is disabled.

    If a large number of broadcast packets are sent to a device in a short time, the device becomes busy processing the packets and cannot process normal services. To prevent broadcast flood attacks, you can configure broadcast flood detection.

    After broadcast flood detection is enabled, you can run the anti-attack broadcast-flood sta-rate-threshold sta-rate-threshold command to set a broadcast flood threshold.
    • When the traffic rate exceeds the threshold, the device considers a broadcast flood attack from the STA and discards the broadcast traffic. This prevents the upper-layer network from being affected by the broadcast flood.
    • If you enable the broadcast flood blacklist function the anti-attack broadcast-flood blacklist enable command, the device adds broadcast flood STAs to the blacklist.

    Enable ARP/ND/IGMP flood attack detection and defense.

    undo anti-attack { arp-flood | nd-flood | igmp-flood } disable

    By default, ARP/ND/IGMP flood attack detection is enabled.

    (Optional)anti-attack { arp-flood | nd-flood | igmp-flood } sta-rate-threshold sta-rate-threshold

    By default, the rate thresholds for ARP flood attack detection, ND flood attack detection, and IGMP flood attack detection are 5 pps, 16 pps, and 4 pps, respectively.

    (Optional)anti-attack { arp-flood | nd-flood | igmp-flood } blacklist enable

    By default, the ARP/ND/IGMP flood blacklist function is disabled.

    If a large number of ARP/ND/IGMP packets are sent to a device within a short period of time, the device becomes busy processing these packets and cannot process normal service packets. To prevent ARP/ND/IGMP flood attacks, configure ARP/ND/IGMP flood attack detection on the device.

    After ARP/ND/IGMP flood attack detection is enabled, you can run the anti-attack { arp-flood | nd-flood | igmp-flood } sta-rate-threshold sta-rate-threshold command to set the rate threshold for ARP/ND/IGMP flood attack detection.
    • If the traffic rate of an STA exceeds the threshold, the device considers the STA is launching an ARP/ND/IGMP flood attack and discards the ARP/ND/IGMP traffic accordingly. This prevents the upper-layer network from being affected by the ARP/ND/IGMP flood.
    • If the ARP/ND/IGMP flood blacklist function is enabled using the anti-attack { arp-flood | nd-flood | igmp-flood } blacklist enable command, the device adds STAs that launch ARP/ND/IGMP flood attacks to the blacklist.

    Set the rate threshold for user-defined protocol flood attack detection and defense.

    anti-attack user-defined-flood index index { ipv4-protocol ipv4-protocol | ipv6-protocol ipv6-protocol | l2-protocol l2-protocol | tcp dport tcp-dport | udp dport udp-dport } sta-rate-threshold sta-rate-threshold [ blacklist enable ]

    By default, the rate threshold for user-defined protocol flood attack detection is not configured.

    To set the rate threshold for user-defined protocol flood attack detection, run the anti-attack user-defined-flood sta-rate-threshold command. If the traffic rate of an STA exceeds the threshold, the device considers the STA is launching the specified protocol flood attack and discards the traffic. This prevents the upper-layer network from being affected by the flood.

    If the flood blacklist function is enabled using the blacklist enable parameter, the device adds STAs that launch flood attacks to the blacklist.

(Optional) Configuring the Scheduled VAP Auto-Off Function

Context

In actual WLAN applications, the network administrator wants to disable WLAN services in a specified period, ensuring security and reducing power consumption. You can disable the VAP as scheduled.

This configuration is applicable to enterprises that want to disable WLAN services in a specified period for security or at midnight when the user service traffic volume is low.

  • The scheduled VAP auto-off function enabled in a VAP profile view takes effect only on the APs using the profile.

  • The scheduled VAP auto-off function enabled in a radio profile takes effect only on the APs using the profile. For details on how to configure the scheduled VAP auto-off function in a VAP profile view, see (Optional) Adjusting Radio Parameters.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Run:

    undo service-mode disable

    The service mode of a VAP is enabled.

    By default, the service mode of a VAP is enabled.

    Enabling the service mode of a VAP is the prerequisite for normal VAP working.

  5. Run:

    auto-off service start-time start-time end-time end-time

    The scheduled VAP auto-off function is enabled and the time range when the VAP is disabled is set.

    By default, the scheduled VAP auto-off function is disabled.

(Optional) Adjusting VAP Parameters

Context

You can flexibly adjust VAP parameters to adapt to different network requirements.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Adjust VAP parameters.

    Procedure

    Command

    Description

    Enable the service mode of a VAP

    undo service-mode disable

    By default, the service mode of a VAP is enabled.

    Enabling the service mode of a VAP is the prerequisite for normal VAP working.

    Set the VAP type

    type { ap-management | service }

    By default, the type of a VAP is service.

    • If the type of a VAP is set to ap-management, STAs connected to the VAP can only access APs but not network resources. AP management VAPs are used in STA access and AP management scenarios.
    • If the type of a VAP is set to service, STAs connected to the VAP can only access network resources but not APs. Service VAPs are used in regular WLAN deployment scenarios.

    If the type of a VAP is AP management, the VAP does not support portal, MAC address and 802.1x authentication using an external server.

    The VAP profile in which the VAP type is set to management AP can only be applied to one radio of an AP.

    Configure an AP to insert the Option 82 field in DHCP packets sent from a STA

    Enable an AP to insert the Option 82 field in DHCP packets sent from a STA

    dhcp option82 insert enable

    By default, the function of adding the Option 82 field to DHCP packets sent by STAs is disabled.

    A STA obtains an IP address through DHCP after going online. When the DHCP Request packet sent by the STA reaches an AP, the AP inserts the Option 82 field in the packet to send the AP's MAC address, SSID or name to the DHCP server. According to the Option 82 field, the DHCP server can determine the AP through which the STA goes online.

    Configure the format of the Option 82 field inserted in DHCP packets sent from a STA

    dhcp option82 { circuit-id | remote-id } format { ap-mac [ mac-format { normal | compact } ] | ap-mac-ssid [ mac-format { normal | compact } ] | user-defined text | ap-name | ap-name-ssid }

    By default, the format of the Option 82 field inserted in DHCP packets sent by STAs is ap-mac.

Configuring a Security Profile

Context

As WLAN technology uses radio signals to transmit service data, service data can easily be intercepted or tampered by attackers when being transmitted on the open wireless channels. Security is critical to WLANs. You can create a security profile to configure security policies, which protect privacy of users and ensure data transmission security on WLANs.

A security profile provides four WLAN security policies: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WLAN Authentication and Privacy Infrastructure (WAPI). Each security policy has a series of security mechanisms, including the link authentication mechanism used to establish a wireless link, user authentication mechanism used when users attempt to connect to a wireless network, and data encryption mechanism used during data transmission.

If no security policy is configured during the creation of a security profile, the default authentication mode (open system authentication) is used. When a user searches for a wireless network, the user can connect to the wireless network without being authenticated.

The default security policy has low security. You are advised to configure a proper security policy. For details on how to configure security policies, see Security Policy Configuration.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    security-profile name profile-name

    A security profile is created, and the security profile view is displayed.

    By default, security profiles default, default-wds, and default-mesh are available in the system.

    After a security profile is created, you need to configure a proper security policy according to service requirements because the default security policy has security risks. For the detailed configuration, see Security Policy Configuration.

  4. Run:

    quit

    Return to the WLAN view.

  5. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  6. Run:

    security-profile profile-name

    The security profile is bound to a VAP profile.

    By default, the security profile default is bound to a VAP profile.

Configuring an SSID Profile

Context

SSIDs identify different wireless networks. When you search for available wireless networks on your laptop, the displayed wireless network names are SSIDs. In an SSID profile, you can define an SSID name and configure related parameters. After the SSID profile configuration is complete, bind the SSID profile to a VAP profile.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    ssid-profile name profile-name

    An SSID profile is created, and the SSID profile view is displayed.

    By default, the system provides the SSID profile default.

  4. Run:

    ssid ssid

    An SSID name is configured.

    By default, the SSID HUAWEI-WLAN is configured in an SSID profile.

    The value is a string of 1 to 32 case-sensitive characters. It supports Chinese characters or Chinese + English characters.

  5. (Optional) Run:

    ssid-hide enable

    SSID hiding in Beacon frames is enabled.

    By default, SSID hiding in Beacon frames is disabled in an SSID profile.

    When creating a WLAN, configure an AP to hide the SSID of the WLAN to ensure security. Only the users who know the SSID can connect to the WLAN.

  6. (Optional) Run:

    max-sta-number max-sta-number

    The maximum number of successfully associated STAs on a VAP is configured.

    By default, a VAP allows for a maximum of 64 successfully associated STAs.

    More access users on a VAP indicate fewer network resources that each user can occupy. To ensure Internet experience of users, you can configure a proper maximum number of access users on a VAP according to actual network situations.

  7. (Optional) Run:

    reach-max-sta hide-ssid disable

    APs are disabled from automatically hiding SSIDs when the number of users reaches the maximum.

    By default, automatic SSID hiding is enabled when the number of users reaches the maximum.

    After automatic SSID hiding is enabled, SSIDs are automatically hidden when the number of users connected to the WLAN reaches the maximum, and SSIDs are unavailable for new users.

  8. (Optional) Run:

    legacy-station [ only-dot11b ] disable

    Access of non-HT STAs is denied.

    By default, access of non-HT STAs is permitted.

    Non-HT STAs support only 802.11a/b/g and provide a data transmission rate far smaller than the rate of 802.11n/ac STAs. If the non-HT STAs access the wireless network, the data transmission rate of 802.11n/ac STAs will be reduced. To prevent the transmission rate of 802.11n/ac STAs from being affected, you can run the legacy-station [ only-dot11b ] disable command to deny access of all or only 802.11b-compliant non-HT STAs.

    After the legacy-station disable command is run, the access of non-HT STAs supporting only 802.11a/b/g fails to be denied if any of the following functions is configured on the non-HT STAs:
    • WMM function in a 2G or 5G radio profile disabled using the wmm disable command
    • Pre-shared key authentication and TKIP encryption for WPA/WPA2 configured using the security { wpa | wpa2 | wpa-wpa2 } psk { pass-phrase | hex } key-value tkip command when the security profile is used
    • 802.1X authentication and TKIP encryption for WPA/WPA2 configured using the security { wpa | wpa2 | wpa-wpa2 } dot1x tkip command when the security profile is used
    • WEP shared key authentication mode configured using the security wep [ share-key ] command when the security profile is used
    • 802.11b/g radio type in the 2G radio profile configured using the radio-type { dot11b | dot11g } command
    • 802.11a radio type in the 5G radio profile configured using radio-type dot11a command

    After the legacy-station only-dot11b disable command is run, the access of non-HT STAs supporting only 802.11b is denied. If 802.11b radio type in the 2G radio profile has been configured using the radio-type dot11b command, the access of non-HT STAs supporting only 802.11b fails to be denied.

  9. (Optional) Run:

    association-timeout association-timeout

    The association aging time of STAs is configured.

    By default, the association aging time is 5 minutes.

    After the association aging time of STAs is configured, if the AP receives no data packet from a STA in a specified time, the STA goes offline after the association aging time expires.

  10. (Optional) Run:

    dtim-interval dtim-interval

    A DTIM interval is configured.

    By default, the DTIM interval is 1.

    The DTIM interval specifies how many Beacon frames are sent before the Beacon frame that contains the DTIM. An AP sends a Beacon fame to wake a STA in power-saving mode, indicating that the saved broadcast and multicast frames will be transmitted to the STA.

    • A short DTIM interval helps transmit data in a timely manner, but the STA is wakened frequently, causing high power consumption.
    • A long DTIM interval lengthens the dormancy time of a STA and saves power, but degrades the transmission capability of the STA.

  11. (Optional) Run:

    u-apsd enable

    The U-APSD function is enabled.

    By default, the U-APSD function is disabled.

    If some STAs on the network do not support the U-APSD function, disable the U-APSD function.

  12. (Optional) Run:

    active-dull-client enable

    The function of preventing terminals from entering energy-saving mode is enabled.

    By default, the function of preventing terminals from entering energy-saving mode is disabled.

    Due to individual reasons, some terminals may not run services normally when entering energy-saving mode. You can run the active-dull-client enable command to enable the function of preventing terminals from entering energy-saving mode. After that, an AP frequently sends null data frames to these terminals to prevent them from entering energy-saving mode, ensuring normal services.

  13. Run:

    quit

    Return to the WLAN view.

  14. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  15. Run:

    ssid-profile profile-name

    The SSID profile is bound to a VAP profile.

    By default, the SSID profile default is bound to a VAP profile.

Binding VAP Profiles

Context

After the configuration in a VAP profile is complete, you need to bind the VAP profile to an AP group, AP, AP radio, or AP group radio.After being delivered to APs, the configuration in a VAP profile can take effect on the APs.

After a VAP profile is applied to an AP group or AP, the parameter settings in the profile take effect on all radios of the AP group or AP. After a radio profile is applied in the AP group radio or AP radio view, the parameter settings in the profile take effect on the specified AP radio or radios in the AP group.

Procedure

  • Bind a VAP profile to an AP group.
    1. Run the system-view command to enter the system view.
    2. Run the wlan command to enter the WLAN view.
    3. Run the ap-group name group-name command to enter the AP group view.
    4. Run the vap-profile profile-name wlan wlan-id { radio { radio-id | all } } command to bind the VAP profile to the radio.

      By default, no VAP profile is bound to a radio.

  • Bind a VAP profile to an AP.
    1. Run the system-view command to enter the system view.
    2. Run the wlan command to enter the WLAN view.
    3. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
    4. Run the vap-profile profile-name wlan wlan-id { radio { radio-id | all } } command to bind the VAP profile to the radio.

      By default, no VAP profile is bound to a radio.

  • Apply a VAP profile in the AP group radio view.
    1. Run the system-view command to enter the system view.
    2. Run the wlan command to enter the WLAN view.
    3. Run the ap-group name group-name command to enter the AP group view.
    4. Run the radio radio-id command to enter the radio view.
    5. Run the vap-profile profile-name wlan wlan-id command to bind the VAP profile to the radio.

      By default, no VAP profile is bound to a radio.

  • Apply a VAP profile in the AP radio view.
    1. Run the system-view command to enter the system view.
    2. Run the wlan command to enter the WLAN view.
    3. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
    4. Run the radio radio-id command to enter the radio view.
    5. Run the vap-profile profile-name wlan wlan-id command to bind the VAP profile to the radio.

      By default, no VAP profile is bound to a radio.

Verifying the VAP, Security, and SSID Profile Configuration

Prerequisites

The configuration of the VAP, security, and SSID profiles is complete.

Procedure

  • Run the display vap { all | ssid ssid } or display vap { ap-group ap-group-name | { ap-name ap-name | ap-id ap-id } [ radio radio-id ] } [ ssid ssid ] command to check service VAP information.
  • Run the display vap-profile { all | name profile-name } command to check configuration and reference information about a VAP profile.
  • Run the display references vap-profile name profile-name command to check reference information about a VAP profile.
  • Run the display security-profile { all | name profile-name } command to check configuration and reference information about a security profile.
  • Run the display references security-profile name profile-name command to check reference information about a security profile.
  • Run the display ssid-profile { all | name profile-name } command to check configuration and reference information about an SSID profile.
  • Run the display references ssid-profile name profile-name command to check reference information about an SSID profile.
  • Run the display vlan pool { name pool-name | all [ verbose ] } command to check configurations in a VLAN pool.
  • Run the display references vlan pool pool-name command to check reference information about a VLAN pool.
  • Run the display vap create-fail-record all command to check records about VAP creation failures.
  • Run the display wlan config-errors command to check WLAN configuration errors.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142094

Views: 151147

Downloads: 128

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next