No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

This section provides an HTTPS configuration example.

Example for Configuring the Device as an HTTPS Server

Networking Requirements

As shown in Figure 26-34, users access the gateway AP through web.

To prevent data intercepting and tampering during data transmission, a network administrator requires that users use HTTPS to access the AP securely.

Figure 26-34  Networking diagram of HTTPS server configuration

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a VLAN and a VLANIF interface, and configure the interface to allow enterprise users to access the router.
  2. Configure a server SSL policy and apply the default PKI domain to the server SSL policy. The CA server is not required.
  3. Configure an HTTPS server to ensure confidentiality and integrity of data transmission between users and the AP.
Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression on switch interfaces connected to APs to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected. For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

Procedure

  1. Create a VLAN and configure the interface.

    # Create VLAN 11 on the AP.

    <Huawei> system-view
    [Huawei] vlan batch 11
    

    # Add GE0/0/1 connecting to users to VLAN 11.

    [Huawei] interface gigabitethernet 0/0/1
    [Huawei-GigabitEthernet0/0/1] port link-type access
    [Huawei-GigabitEthernet0/0/1] port default vlan 11
    [Huawei-GigabitEthernet0/0/1] quit

    # Create VLANIF 11 and assign IP address 12.1.1.1/24 to VLANIF 11.

    [Huawei] interface vlanif11
    [Huawei-Vlanif11] ip address 12.1.1.1 24
    [Huawei-Vlanif11] quit
    

  2. Configure a server SSL policy.

    # Apply the default PKI domain default to the server SSL policy.

    [Huawei] ssl policy userserver type server
    [Huawei-ssl-policy-userserver] pki-realm default
    

    # Set the maximum number of sessions that can be saved and the timeout period of a saved session are set.

    [Huawei-ssl-policy-userserver] session cachesize 20 timeout 7200
    [Huawei-ssl-policy-userserver] quit

  3. Configure the HTTPS server.

    # Bind the SSL policy userserver to the HTTPS server.

    [Huawei] http secure-server ssl-policy userserver

    # Configure the port number of the HTTPS service.

    [Huawei] http secure-server port 1278

    # Enable the HTTPS server function on the AP.

    [Huawei] http secure-server enable
      This operation will take several minutes, please wait...
    Info:HTTPS server has been started
    [Huawei] quit

  4. Verify the configuration.

    # Run the display ssl policy policy-name command to view the configuration of the SSL policy userserver.

    <Huawei> display ssl policy userserver
     ------------------------------------------------------------------------------
      Policy name                     :   userserver
      Policy ID                       :   0
      Policy type                     :   Server 
      Cache number                    :   20
      Time out(second)                :   7200
      Server certificate load status  :   loaded
      CA certificate chain load status:   loaded
      Bind number                     :   1
      SSL connection number           :   0
      -----------------------------------------------------------------------------

    # Start the web browser on a computer, and enter https://12.1.1.1:1278 in the address box. The web management system is displayed, and you can manage the AP on the web pages.

Configuration File

Configuration file of the AP

#
 http server enable
 http secure-server port 1278
 http secure-server ssl-policy userserver
 #
vlan batch 11
#
pki realm default
 enrollment self-signed
#
ssl policy userserver type server
 pki-realm default
 session cachesize 20 timeout 7200
#
interface Vlanif11
 ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 11
# 
return
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 116802

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next