Example for Configuring Static Load Balancing
Configuration Process
You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile, WIDS profile, and WDS profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. After that, the configuration is delivered to and takes effect on the APs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.
Networking Requirements
As shown in Figure 5-10, the AC connects to the upper layer network and manages the APs through the access and aggregation switches.
AP area_1 and AP area_2 are deployed in the same conference room. The customer requires that data traffic be balanced on AP radios to prevent one AP radio from being heavily loaded.
Configuration Roadmap
- Configure the APs, AC, and upper-layer devices to communicate with each other.
- Configure the AC as a DHCP server to assign IP addresses to the APs and STAs.
- Configure the APs to go online.
- Create an AP group and add APs that require the same configuration to the group for unified configuration.
- Configure AC system parameters, including the country code and source interface used by the AC to communicate with the APs.
- Configure the AP authentication mode and import the APs offline to allow the APs to go online.
- Configure WLAN service parameters for STAs to access the WLAN.
- Configure static load balancing to prevent one AP from being heavily loaded.
Item |
Data |
|---|---|
| DHCP server | The AC functions as the DHCP server to assign IP addresses to the APs and STAs. |
| IP address pool for the APs | 10.10.10.2-10.10.10.254/24 |
| IP address pool for the STAs | 10.10.11.2–10.10.11.254/24 10.10.12.2–10.10.12.254/24 |
| IP address of the AC's source interface | VLANIF 100: 10.10.10.1/24 |
| AP group | Name: guest Referenced profile: VAP profile guest and regulatory domain profile domain1 |
Name: employee Referenced profile: VAP profile employee and regulatory domain profile domain1 |
|
| Regulatory domain profile | Name: domain1 Country code: CN |
| SSID profile | Name: guest SSID name: guest |
Name: employee SSID name: employee |
|
| Security profile | Name: guest
|
Name: employee
|
|
| VAP profile | Name: guest
|
Name: employee
|
|
| Static load balancing group |
|
Configuration Notes
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
- The management VLAN and service VLAN cannot be configured the same.
When multiple VAP profiles are configured and share one service VLAN, enable inter-service VLAN proxy ARP if the data forwarding mode is set to tunnel.
Procedure
- Configure
the APs to communicate with the AC.
# Add Eth2/0/0 and Eth2/0/1 to management VLAN 100, service VLAN 101 and service VLAN 102.
You are advised to configure port isolation on Eth2/0/0 and Eth2/0/1 that connect the AC to the APs. If port isolation is not configured, many broadcast packets will be transmitted in the VLANs or WLAN users on different APs can directly communicate at Layer 2.
<Huawei> system-view [Huawei] sysname AC [AC] vlan batch 100 to 102 [AC] interface ethernet 2/0/0 [AC-Ethernet2/0/0] port link-type trunk [AC-Ethernet2/0/0] port trunk pvid vlan 100 [AC-Ethernet2/0/0] port trunk allow-pass vlan 100 to 102 [AC-Ethernet2/0/0] port-isolate enable [AC-Ethernet2/0/0] quit [AC] interface ethernet 2/0/1 [AC-Ethernet2/0/1] port link-type trunk [AC-Ethernet2/0/1] port trunk pvid vlan 100 [AC-Ethernet2/0/1] port trunk allow-pass vlan 100 to 102 [AC-Ethernet2/0/1] port-isolate enable [AC-Ethernet2/0/1] quit
- Configure the AC as a DHCP
server to assign IP addresses to APs and STAs.
[AC] dhcp enable [AC] interface vlanif 100 [AC-Vlanif100] ip address 10.10.10.1 255.255.255.0 [AC-Vlanif100] dhcp select interface [AC-Vlanif100] quit [AC] interface vlanif 101 [AC-Vlanif101] ip address 10.10.11.1 255.255.255.0 [AC-Vlanif101] dhcp select interface [AC-Vlanif101] quit [AC] interface vlanif 102 [AC-Vlanif102] ip address 10.10.12.1 255.255.255.0 [AC-Vlanif102] dhcp select interface [AC-Vlanif102] quit
- Configure the APs to go online.
# Create AP groups guest and employee.
[AC] wlan ac [AC-wlan-view] ap-group name guest Info: This operation may take a few seconds. Please wait for a moment..done. [AC-wlan-ap-group-guest] quit [AC-wlan-view] ap-group name employee Info: This operation may take a few seconds. Please wait for a moment..done. [AC-wlan-ap-group-employee] quit
# Create a regulatory domain profile, configure the AC country code in the profile, and apply the profile to the AP groups.
[AC-wlan-view] regulatory-domain-profile name domain1 [AC-wlan-regulate-domain-domain1] country-code cn Info: The current country code is same with the input country code. [AC-wlan-regulate-domain-domain1] quit [AC-wlan-view] ap-group name guest [AC-wlan-ap-group-guest] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AC-wlan-ap-group-guest] quit [AC-wlan-view] ap-group name employee [AC-wlan-ap-group-employee] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AC-wlan-ap-group-employee] quit [AC-wlan-view] quit
# Configure the AC's source interface.
# Import the APs offline on the AC. Add APs deployed in the lobby to AP group guest and APs in office areas to AP group employee. Configure names for the APs based on the APs' deployment locations, so that you can know where the APs are deployed from their names. For example, if the AP with MAC address 60de-4476-e360 is deployed in room 1 of the office building, name the AP area_1.The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.
[AC] wlan ac [AC-wlan-view] ap auth-mode mac-auth [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360 [AC-wlan-ap-0] ap-name area_1 [AC-wlan-ap-0] ap-group guest Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-0] quit [AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640 [AC-wlan-ap-1] ap-name area_2 [AC-wlan-ap-1] ap-group employee Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-1] quit
# After the APs are powered on, run the display ap all command to check the AP state. If the State field is displayed as nor, the APs have gone online.
[AC-wlan-view] display ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: nor : normal [2] -------------------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime -------------------------------------------------------------------------------------------- 0 60de-4476-e360 area_1 guest 10.10.10.253 AP6010DN-AGN nor 0 1M:22S 1 60de-4474-9640 area_2 employee 10.10.10.254 AP6010DN-AGN nor 0 5S -------------------------------------------------------------------------------------------- Total: 2 - Configure
WLAN service parameters.# Create security profiles guest and employee and configure the security policy in the profile.
In this example, the security policy is set to WEP-40 and WPA2+PSK+AES and passwords to a1234 and b1234567, respectively. In actual situations, the security policy must be configured according to service requirements.
[AC-wlan-view] security-profile name guest [AC-wlan-sec-prof-guest] security wep share-key [AC-wlan-sec-prof-guest] wep key 0 wep-40 pass-phrase a1234 Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-sec-prof-guest]wep default-key 0 Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-sec-prof-guest] quit [AC-wlan-view] security-profile name employee [AC-wlan-sec-prof-employee] security wpa2 psk pass-phrase b1234567 aes [AC-wlan-sec-prof-employee] quit
# Create SSID profiles guest and employee, and set the SSID names to guest and employee, respectively.
[AC-wlan-view] ssid-profile name guest [AC-wlan-ssid-prof-guest] ssid guest Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-ssid-prof-guest] quit [AC-wlan-view] ssid-profile name employee [AC-wlan-ssid-prof-employee] ssid employee Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-ssid-prof-employee] quit
# Create VAP profiles guest and employee, set the service VLANs, and apply the security profiles and SSID profiles to the VAP profiles.
[AC-wlan-view] vap-profile name guest [AC-wlan-vap-prof-guest] service-vlan vlan-id 101 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-guest] security-profile guest Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-guest] ssid-profile guest Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-guest] quit [AC-wlan-view] vap-profile name employee [AC-wlan-vap-prof-employee] service-vlan vlan-id 102 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-employee] security-profile employee Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-employee] ssid-profile employee Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-employee] quit
# Bind VAP profiles to the AP groups and apply the VAP profiles to radio of the APs.
[AC-wlan-view] ap-group name guest [AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio all Info: This operation may take a few seconds, please wait..done. [AC-wlan-ap-group-guest] quit [AC-wlan-view] ap-group name employee [AC-wlan-ap-group-employee] vap-profile employee wlan 1 radio all Info: This operation may take a few seconds, please wait..done. [AC-wlan-ap-group-employee] quit
- Configure static load balancing.
# Create the static load balancing group and set the start threshold for static load balancing to 15 and load difference threshold to 5%.
[AC-wlan-view] sta-load-balance static-group name wlan-static [AC-wlan-sta-lb-static-wlan-static] start-threshold 15 [AC-wlan-sta-lb-static-wlan-static] gap-threshold 5
# Add AP area_1 and AP area_2 to the static load balancing group.
[AC-wlan-sta-lb-static-wlan-static] member ap-name area_1 [AC-wlan-sta-lb-static-wlan-static] member ap-name area_2 [AC-wlan-sta-lb-static-wlan-static] quit
# Commit the configuration.
[AC-wlan-view] commit all Warning: Committing configuration may cause service interruption, continue?[Y/N]:y
- Verify the configuration.
# Connect STAs to the WLANs with SSIDs guest and employee and enter the passwords a1234 and b1234567 respectively. Run the display station ssid guest and display station ssid employee commands on the AC. The command output shows that the STAs are connected to the WLANs guest and employee.
[AC-wlan-view] display station ssid guest Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ------------------------------------------------------------------------------------------ cc3a-61cf-6344 0 area_1 0/1 2.4G 11g 26/18 -54 101 10.10.11.254 ------------------------------------------------------------------------------------------ Total: 1 2.4G: 1 5G: 0 [AC-wlan-view] display station ssid employee Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ------------------------------------------------------------------------------------------ 8071-7a64-656f 1 area_2 1/1 5G 11n 65/56 -53 102 10.10.12.254 ------------------------------------------------------------------------------------------ Total: 1 2.4G: 0 5G: 1
# Run the display sta-load-balance static-group name wlan-static command on the AC to check the static load balancing configuration.
[AC-wlan-view]display sta-load-balance static-group name wlan-static ------------------------------------------------------------ Group name : wlan-static Load-balance status : balance Start threshold : 15 Gap threshold(%) : 5 Deny threshold : 3 ------------------------------------------------------------ RfID: Radio ID CurEIRP: Current EIRP (dBm) Act CH: Actual channel, Cfg CH: Config channel ------------------------------------------------------------- AP ID AP Name RfID Act CH/Cfg CH CurEIRP/MaxEIRP Client ------------------------------------------------------------- 0 area_1 0 1/- 27/27 1 0 area_1 1 165/- 28/28 0 1 area_2 0 11/- 27/27 0 1 area_2 1 153/- 28/28 1 ------------------------------------------------------------- Total: 4
# When a new STA requests to connect to AP area_1, the AC uses a static load balancing algorithm to redirect the STA to the AP with a light load based on the configured load balancing group.
Configuration Files
AC configuration file
# sysname AC # vlan batch 100 to 102 # dhcp enable # interface Vlanif100 ip address 10.10.10.1 255.255.255.0 dhcp select interface # interface Vlanif101 ip address 10.10.11.1 255.255.255.0 dhcp select interface # interface Vlanif102 ip address 10.10.12.1 255.255.255.0 dhcp select interface # interface Ethernet2/0/0 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 to 102 port-isolate enable group 1 # interface Ethernet2/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 to 102 port-isolate enable group 1 # capwap source interface vlanif100 # wlan ac security-profile name guest security wep share-key wep key 0 wep-40 pass-phrase %^%#z*z]6]#!|%n:n}Xz'mhKE{PfN|cIj*eU$jJYH48S%^%# security-profile name employee security wpa2 psk pass-phrase %^%#H{1<-b]4~"*+Y:4-'/URy;$+,33UgQf)@9I(Yl]V%^%# aes ssid-profile name guest ssid guest ssid-profile name employee ssid employee vap-profile name guest service-vlan vlan-id 101 ssid-profile guest security-profile guest vap-profile name employee service-vlan vlan-id 102 ssid-profile employee security-profile employee regulatory-domain-profile name domain1 ap-group name guest regulatory-domain-profile domain1 radio 0 vap-profile guest wlan 1 radio 1 vap-profile guest wlan 1 radio 2 vap-profile guest wlan 1 ap-group name employee regulatory-domain-profile domain1 radio 0 vap-profile employee wlan 1 radio 1 vap-profile employee wlan 1 radio 2 vap-profile employee wlan 1 ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group guest ap-id 1 type-id 19 ap-mac 60de-4474-9640 ap-sn 210235554710CB000075 ap-name area_2 ap-group employee sta-load-balance static-group name wlan-static gap-threshold 5 member ap-name area_1 radio 0 member ap-name area_1 radio 1 member ap-name area_2 radio 0 member ap-name area_2 radio 1 start-threshold 15 # return
