No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

Example for Configuring WMM and Priority Mapping

Configuration Process

You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile,and WIDS profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. After that, the configuration is automatically delivered to and takes effect on the RUs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.

Networking Requirements

As shown in Figure 27-33, the RU is directly connected to the central AP. An enterprise branch needs to deploy basic WLAN services for mobile office so that branch users can access internal network resources anywhere at any time.

Voice, video, and data services are transmitted within the coverage of the RU. Users expect that video services are preferentially forwarded by the RU and central AP and have the highest priority to use wireless network resources.

Figure 27-33  Networking diagram for configuring priority mapping
Configuration Roadmap
The configuration roadmap is as follows:
  1. Configure basic WLAN services so that users can connect to the wireless network.
  2. Configure parameters used by the RU so that video services have higher priorities over voice and data services and preferentially use the bandwidth.
  3. Configure priority mapping in the traffic profile so that video services have higher priorities over voice and data services and preferentially use the bandwidth.
Table 27-25  Data planning

Item

Data

DHCP server The central AP functions as a DHCP server to assign IP addresses to the STAs and RU.
IP address pool for the RU 10.23.100.2-10.23.100.254/24
IP address pool for STAs 10.23.101.2-10.23.101.254/24
AP group
  • Name: ap-group1
  • Referenced profile: VAP profile wlan-vap, regulatory domain profile domain1 and 2G radio profile wlan-radio2g
Regulatory domain profile
  • Name: domain1
  • Country code: CN
SSID profile
  • Name: wlan-ssid
  • SSID name: wlan-net
Security profile
  • Name: wlan-security
  • Security policy: WPA2+PSK+AES
  • Password: a1234567
VAP profile
  • Name: wlan-vap
  • Service VLAN: VLAN 101
  • Referenced profile: SSID profile wlan-ssid, security profile wlan-security and traffic profile traffic
2G radio profile
  • Name: wlan-radio2g
  • Configuring WMM.

Traffic profile
  • Name: traffic
  • Configuring priority mapping.

Configuration Notes

Configure port isolation on the interfaces of the device directly connected to RUs. If port isolation is not configured, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

Procedure

  1. Configure the central AP so that the RU and central AP can transmit CAPWAP packets.

    # Configure the central AP: add interface GE0/0/1 to management VLAN 100.

    <Huawei> system-view
    [Huawei] sysname AP
    [AP] vlan batch 100 101
    [AP] interface gigabitethernet 0/0/1
    [AP-GigabitEthernet0/0/1] port link-type trunk
    [AP-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [AP-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AP-GigabitEthernet0/0/1] quit
    

  2. Configure the central AP to communicate with the upstream device.

    NOTE:

    Configure central AP uplink interfaces to transparently transmit packets of service VLANs as required and communicate with the upstream device.

    # Add central AP uplink interface GE0/0/24 to service VLAN 101.

    [AP] interface gigabitethernet 0/0/24
    [AP-GigabitEthernet0/0/24] port link-type trunk
    [AP-GigabitEthernet0/0/24] port trunk allow-pass vlan 101
    [AP-GigabitEthernet0/0/24] quit
    

  3. Configure the central AP as a DHCP server to allocate IP addresses to STAs and the RU.

    # Configure the central AP as the DHCP server to allocate an IP address to the RU from the IP address pool on VLANIF 100, and allocate IP addresses to STAs from the IP address pool on VLANIF 101.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    [AP] dhcp enable
    [AP] interface vlanif 100
    [AP-Vlanif100] ip address 10.23.100.1 24
    [AP-Vlanif100] dhcp select interface
    [AP-Vlanif100] quit
    [AP] interface vlanif 101
    [AP-Vlanif101] ip address 10.23.101.1 24
    [AP-Vlanif101] dhcp select interface
    [AP-Vlanif101] quit
    

  4. Configure the RU to go online.

    # Create an AP group and add the RU to the AP group.

    [AP] wlan
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] quit
    

    # Create a regulatory domain profile, configure the central AP country code in the profile, and apply the profile to the AP group.

    [AP-wlan-view] regulatory-domain-profile name domain1
    [AP-wlan-regulate-domain-domain1] country-code cn
    [AP-wlan-regulate-domain-domain1] quit
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
    Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
    e?[Y/N]:y 
    [AP-wlan-ap-group-ap-group1] quit
    [AP-wlan-view] quit
    

    # Configure the management VLAN for RUs connected to the central AP.

    [AP] management-vlan 100
    
    # Import the RU offline on the central AP and add the RU to AP group ap-group1. Assume that the RU's MAC address is 60de-4476-e360. Configure a name for the RU based on the RU's deployment location, so that you can know where the RU is deployed from its name. For example, name the RU area_1 if it is deployed in Area 1.
    NOTE:

    The default RU authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

    In this example, the R240D is used and has two radios: radio 0 (2.4 GHz radio) and radio 1 (5 GHz radio).

    [AP] wlan
    [AP-wlan-view] ap auth-mode mac-auth
    [AP-wlan-view] ap-id 1 ap-mac 60de-4476-e360
    [AP-wlan-ap-1] ap-name area_1
    [AP-wlan-ap-1] ap-group ap-group1
    Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
    s of the radio, Whether to continue? [Y/N]:y 
    [AP-wlan-ap-1] quit
    

    # After the RU is powered on, run the display ap all command to check the RU state. If the State field is displayed as nor, the RU goes online normally.

    [AP-wlan-view] display ap all
    Total AP information:
    nor  : normal          [1]
    -------------------------------------------------------------------------------------
    ID   MAC            Name   Group     IP            Type            State STA Uptime
    -------------------------------------------------------------------------------------
    1    60de-4476-e360 area_1 ap-group1 10.23.100.254 R240D           nor   0   10S
    -------------------------------------------------------------------------------------
    Total: 1

  5. Configure WLAN service parameters.

    # Create security profile wlan-security and set the security policy in the profile.
    NOTE:

    In this example, the security policy is set to WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

    [AP-wlan-view] security-profile name wlan-security
    [AP-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes
    [AP-wlan-sec-prof-wlan-security] quit
    

    # Create SSID profile wlan-ssid and set the SSID name to wlan-net.

    [AP-wlan-view] ssid-profile name wlan-ssid
    [AP-wlan-ssid-prof-wlan-ssid] ssid wlan-net
    [AP-wlan-ssid-prof-wlan-ssid] quit
    

    # Create VAP profile wlan-vap, set the service VLAN, and apply the security profile and SSID profile to the VAP profile.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] service-vlan vlan-id 101
    [AP-wlan-vap-prof-wlan-vap] security-profile wlan-security
    [AP-wlan-vap-prof-wlan-vap] ssid-profile wlan-ssid
    [AP-wlan-vap-prof-wlan-vap] quit
    

    # Bind VAP profile wlan-vap to the AP group and apply the profile to radio 0 and radio 1 of the RU.

    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 0
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 1
    [AP-wlan-ap-group-ap-group1] quit
    

  6. Set channels and power for the RU radios.

    NOTE:

    Automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these two functions are disabled. The channel and power configuration for the RU radios in this example is for reference only. In actual scenarios, configure channels and power for RU radios based on country codes of RUs and network planning results.

    # Disable automatic channel and power calibration functions of radio 0, and configure the channel and power for radio 0.
    [AP-wlan-view] ap-id 1
    [AP-wlan-ap-1] radio 0
    [AP-wlan-radio-1/0] calibrate auto-channel-select disable
    [AP-wlan-radio-1/0] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/0] channel 20mhz 6
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/0] eirp 127
    [AP-wlan-radio-1/0] quit
    # Disable automatic channel and power calibration functions of radio 1, and configure the channel and power for radio 1.
    [AP-wlan-ap-1] radio 1
    [AP-wlan-radio-1/1] calibrate auto-channel-select disable
    [AP-wlan-radio-1/1] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/1] channel 20mhz 149
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/1] eirp 127
    [AP-wlan-radio-1/1] quit
    [AP-wlan-ap-1] quit

  7. Configure the WMM function.

    # Create the 2G radio profile wlan-radio2g and configure the WMM function to enable video services to preferentially use network bandwidth.

    NOTE:
    The following example configures a 2G radio profile. The configuration of the 5G radio profile is similar.
    [AP-wlan-view] radio-2g-profile name wlan-radio2g
    [AP-wlan-radio-2g-prof-wlan-radio2g] wmm edca-ap ac-vo ecw ecwmin 3 ecwmax 4 txoplimit 94
    [AP-wlan-radio-2g-prof-wlan-radio2g] wmm edca-ap ac-vi ecw ecwmin 2 ecwmax 3 txoplimit 47
    [AP-wlan-radio-2g-prof-wlan-radio2g] quit

    # Bind the 2G radio profile wlan-radio2g to the AP group ap-group1.

    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] radio-2g-profile wlan-radio2g
    [AP-wlan-ap-group-ap-group1] quit

    # In the SSID profile wlan-ssid, configure the WMM function to enable video services to preferentially use network bandwidth.

    [AP-wlan-view] ssid-profile name wlan-ssid
    [AP-wlan-ssid-prof-wlan-ssid] wmm edca-client ac-vo ecw ecwmin 3 ecwmax 4 txoplimit 94
    [AP-wlan-ssid-prof-wlan-ssid] wmm edca-client ac-vi ecw ecwmin 2 ecwmax 3 txoplimit 47
    [AP-wlan-ssid-prof-wlan-ssid] quit

  8. Configure priority mapping.

    # Create the traffic profile traffic and configure priority mapping in the profile.

    NOTE:
    By default, the user priority of voice packets is set to 6 or 7 on the terminal, and that of the video packets is set to 4 or 5.
    [AP-wlan-view] traffic-profile name traffic
    [AP-wlan-traffic-prof-traffic] priority-map downstream trust dscp
    [AP-wlan-traffic-prof-traffic] priority-map downstream dscp 48 to 55 dot11e 4
    [AP-wlan-traffic-prof-traffic] priority-map downstream dscp 56 to 63 dot11e 5
    [AP-wlan-traffic-prof-traffic] priority-map downstream dscp 32 to 39 dot11e 6
    [AP-wlan-traffic-prof-traffic] priority-map downstream dscp 40 to 47 dot11e 7
    [AP-wlan-traffic-prof-traffic] quit

    # Bind the traffic profile traffic to the VAP profile wlan-vap.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] traffic-profile traffic
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-vap-prof-wlan-vap] quit

  9. Verify the configuration.

    Run the display radio-2g-profile command on the central AP to check the configuration of the 2G radio profile.

    [AP-wlan-view] display radio-2g-profile name wlan-radio2g
    ------------------------------------------------------------                    
    Radio type                             : 802.11n                                
    Power auto adjust                      : disable                                
    Beacon interval(TUs)                    : 100                                    
    Beamforming switch                     : disable                                
    Support short preamble                 : support                                
    Fragmentation threshold(Byte)          : 2346                                   
    Channel switch announcement            : enable                                 
    Channel switch mode                    : continue                               
    Guard interval mode                    : normal                                 
    HT A-MPDU switch                       : enable                                 
    HT A-MPDU length limit                 : 3                                      
    RTS-CTS-mode                           : cts-to-self                            
    RTS-CTS-threshold                      : 2347                                   
    802.11bg basic rate                    : 1 2                                    
    802.11bg support rate                  : 1 2 5 6 9 11 12 18 24 36 48 54         
    Multicast rate 2.4G                    : auto adapt 
    Interference detect switch             : disable                                
    Co-channel frequency interference threshold(%)        : 50                      
    Adjacent-channel frequency interference threshold(%)  : 50                      
    Station interference threshold         : 32                                     
    WMM switch                             : enable                                 
    Mandatory switch                       : disable                                
    Auto-off start time                    : -
    Auto-off end time                      : -
    Auto-off time-range                    : - 
    Wifi-light mode                        : -                                      
    Utmost power switch                    : enable                                 
    Rrm-profile                            : default                                   
    Air-scan-profile                       : default 
    Smart-antenna                          : disable  
    ------------------------------------------------------------                    
    AP EDCA parameters:                                                             
    ---------------------------------------------------                             
           ECWmax  ECWmin  AIFSN  TXOPLimit  Ack-Policy                        
    AC_VO  4       3       1      94         normal                                 
    AC_VI  3       2       1      47         normal                                 
    AC_BE  6       4       3      0          normal                                 
    AC_BK  10      4       7      0          normal                            
    --------------------------------------------------- 

    Run the display ssid-profile command on the central AP to check the configuration of the SSID profile.

    [AP-wlan-view] display ssid-profile name wlan-ssid
    -------------------------------------------------------------------             
    Profile ID                  : 0 
    SSID hide                   : disable                                           
    Association timeout(min)    : 5                                                 
    Max STA number              : 64                                                
    Reach max STA SSID hide     : enable                                            
    Legacy station              : enable                                            
    DTIM interval               : 1                                                 
    Beacon 2.4G rate(Mbps)      : 1                                                 
    Beacon 5G rate(Mbps)        : 6                                                 
    Deny-broadcast-probe        : disable                                           
    Probe-response-retry num    : 1                                                 
    802.11r                     : disable                                           
      802.11r authentication    : -                                                 
      Reassociation timeout (s) : -                                                 
    QOS CAR inbound CIR(kbit/s) : -                                                 
    QOS CAR inbound PIR(kbit/s) : -                                                 
    QOS CAR inbound CBS(byte)   : -                                                 
    QOS CAR inbound PBS(byte)   : -                                                 
    QOS CAR outbound CIR(kbit/s): -                                                 
    QOS CAR outbound PIR(kbit/s): -                                                 
    QOS CAR outbound CBS(byte)  : -                                                 
    QOS CAR outbound PBS(byte)  : -                                                 
    U-APSD                      : disable                                           
    Active dull client          : disable                                           
    MU-MIMO                     : disable                                           
    -------------------------------------------------------------------             
    WMM EDCA client parameters:             
           ECWmax  ECWmin  AIFSN  TXOPLimit                                    
    AC_VO  4       3       2      94                                                
    AC_VI  3       2       2      47                                                
    AC_BE  10      4       3      0                                                 
    AC_BK  10      4       7      0                                            
    ------------------------------------------------------------------- 

    Run the display traffic-profile command on the central AP to check the configuration of the traffic profile.

    [AP-wlan-view] display traffic-profile name traffic
    ----------------------------------------------------                            
    Profile ID                    : 1                                               
    Priority map downstream trust : DSCP                                            
    User isolate mode             : disable                                         
    Rate limit client up(Kbps)    : 4294967295                                      
    Rate limit client down(Kbps)  : 4294967295                                      
    Rate limit VAP up(Kbps)       : 4294967295                                      
    Rate limit VAP down(Kbps)     : 4294967295                                      
    Traffic optimize ARP proxy    : disable                                         
    Traffic optimize ARP unicast send : enable
    Traffic optimize DHCP unicast send : disable                                    
    Traffic optimize multicast send deny : disable                                  
    Traffic optimize TCP adjust MSS(bytes): -
    Traffic optimize bcmc unicast send mismatch action : traverse                   
    MLD snooping                  : -                                               
    IGMP snooping                 : disable                                         
    IGMP snooping report suppress : -                                               
    IGMP snooping max bandwith(kbps) : -                                            
    IGMP snooping max user : -                                                      
    Traffic optimize sta bridge forward : enable                                    
    Traffic optimize broadcast suppression(pps): -                                  
    Traffic optimize multicast suppression(pps): -                                  
    Traffic optimize unicast suppression(pps): -                                    
    Traffic optimize multicast to unicast: disable                                  
      Dynamic adaptive                   : enable                                   
    Traffic remark inbound IPv4 ACL : -                                             
      Traffic remark inbound IPv4 type  : -                                         
      Traffic remark inbound IPv4 value : -                                         
    Traffic remark outbound IPv4 ACL: -                                             
      Traffic remark outbound IPv4 type : -                                         
      Traffic remark outbound IPv4 value: -                                         
    Traffic remark inbound L2 ACL   : -                                             
      Traffic remark inbound L2 type    : -                                         
      Traffic remark inbound L2 value   : -                                         
    Traffic remark outbound L2 ACL  : -                                             
      Traffic remark outbound L2 type   : -                                         
      Traffic remark outbound L2 value  : -                                         
    User IPSEC-ACL                      : -                                         
    WMM priority downstream map mode: DSCP map 802.11e                              
                                      0-7 map 0                                    
                                      8-15 map 1                                    
                                      16-23 map 2                                   
                                      24-31 map 3                                   
                                      48-55 map 4                                   
                                      56-63 map 5                                   
                                      32-39 map 6                                   
                                      40-47 map 7
    WMM priority downstream map mode: 802.1p map 802.11e                            
                                      0 map 0                                       
                                      1 map 1                                       
                                      2 map 2                                       
                                      3 map 3                                       
                                      4 map 4                                       
                                      5 map 5                                       
                                      6 map 6                                       
                                      7 map 7                                       
    ---------------------------------------------------------------------------------------------
    Traffic Type                        Direction  AppliedRecord                    
    ---------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------
    ----------------------------------------------------  

Configuration Files
  • Central AP configuration file

    #
     sysname AP
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/24
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    management-vlan 100
    #
    wlan
     traffic-profile name traffic
      priority-map downstream dscp 48 to 55 dot11e 4
      priority-map downstream dscp 56 to 63 dot11e 5
      priority-map downstream dscp 32 to 39 dot11e 6
      priority-map downstream dscp 40 to 47 dot11e 7
     security-profile name wlan-security
      security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
     ssid-profile name wlan-ssid
      ssid wlan-net
      wmm edca-client ac-vi aifsn 2 ecw ecwmin 2 ecwmax 3 txoplimit 47
      wmm edca-client ac-vo aifsn 2 ecw ecwmin 3 ecwmax 4 txoplimit 94
     vap-profile name wlan-vap
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
      traffic-profile traffic
     regulatory-domain-profile name domain1
     radio-2g-profile name wlan-radio2g
      wmm edca-ap ac-vi aifsn 1 ecw ecwmin 2 ecwmax 3 txoplimit 47 ack-policy normal
      wmm edca-ap ac-vo aifsn 1 ecw ecwmin 3 ecwmax 4 txoplimit 94 ack-policy normal
     ap-group name ap-group1
      regulatory-domain-profile domain1
      radio 0
       radio-2g-profile wlan-radio2g
       vap-profile wlan-vap wlan 1
      radio 1
       vap-profile wlan-vap wlan 1
     ap-id 1 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
      radio 0
       channel 20mhz 6
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
      radio 1
       channel 20mhz 149
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
    #
    return

Example for Configuring Traffic Policing

Configuration Process

You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile,and WIDS profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. After that, the configuration is automatically delivered to and takes effect on the RUs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.

Networking Requirements

As shown in Figure 27-34, the RU is directly connected to the central AP. An enterprise branch needs to deploy basic WLAN services for mobile office so that branch users can access internal network resources anywhere at any time.

The enterprise network administrator needs to set the rate limit of upstream traffic on each STA associated with the RU to 2 Mbit/s and the limit of total rates of upstream traffic on all STAs associated with the VAP to 30 Mbit/s.

Figure 27-34  Networking diagram for configuring traffic policing
Configuration Roadmap
The configuration roadmap is as follows:
  1. Configure basic WLAN services so that users can connect to the wireless network.
  2. Set the rate for upstream packets in the traffic profile used by the RU to implement traffic policing on upstream packets on a specified STA and on all STAs associated with the VAP.
Table 27-26  Data planning

Item

Data

DHCP server The central AP functions as a DHCP server to assign IP addresses to the STAs and RU.
IP address pool for the RU 10.23.100.2-10.23.100.254/24
IP address pool for STAs 10.23.101.2-10.23.101.254/24
AP group
  • Name: ap-group1
  • Referenced profile: VAP profile wlan-vap and regulatory domain profile domain1
Regulatory domain profile
  • Name: domain1
  • Country code: CN
SSID profile
  • Name: wlan-ssid
  • SSID name: wlan-net
Security profile
  • Name: wlan-security
  • Security policy: WPA2+PSK+AES
  • Password: a1234567
VAP profile
  • Name: wlan-vap
  • Service VLAN: VLAN 101
  • Referenced profile: SSID profile wlan-ssid, security profile wlan-security and traffic profile traffic
Traffic profile
  • Name: traffic
  • Configuring traffic policing.

Configuration Notes

Configure port isolation on the interfaces of the device directly connected to RUs. If port isolation is not configured, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

Procedure

  1. Configure the central AP so that the RU and central AP can transmit CAPWAP packets.

    # Configure the central AP: add interface GE0/0/1 to management VLAN 100.

    <Huawei> system-view
    [Huawei] sysname AP
    [AP] vlan batch 100 101
    [AP] interface gigabitethernet 0/0/1
    [AP-GigabitEthernet0/0/1] port link-type trunk
    [AP-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [AP-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AP-GigabitEthernet0/0/1] quit
    

  2. Configure the central AP to communicate with the upstream device.

    NOTE:

    Configure central AP uplink interfaces to transparently transmit packets of service VLANs as required and communicate with the upstream device.

    # Add central AP uplink interface GE0/0/24 to service VLAN 101.

    [AP] interface gigabitethernet 0/0/24
    [AP-GigabitEthernet0/0/24] port link-type trunk
    [AP-GigabitEthernet0/0/24] port trunk allow-pass vlan 101
    [AP-GigabitEthernet0/0/24] quit
    

  3. Configure the central AP as a DHCP server to allocate IP addresses to STAs and the RU.

    # Configure the central AP as the DHCP server to allocate an IP address to the RU from the IP address pool on VLANIF 100, and allocate IP addresses to STAs from the IP address pool on VLANIF 101.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    [AP] dhcp enable
    [AP] interface vlanif 100
    [AP-Vlanif100] ip address 10.23.100.1 24
    [AP-Vlanif100] dhcp select interface
    [AP-Vlanif100] quit
    [AP] interface vlanif 101
    [AP-Vlanif101] ip address 10.23.101.1 24
    [AP-Vlanif101] dhcp select interface
    [AP-Vlanif101] quit
    

  4. Configure the RU to go online.

    # Create an AP group and add the RU to the AP group.

    [AP] wlan
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] quit
    

    # Create a regulatory domain profile, configure the central AP country code in the profile, and apply the profile to the AP group.

    [AP-wlan-view] regulatory-domain-profile name domain1
    [AP-wlan-regulate-domain-domain1] country-code cn
    [AP-wlan-regulate-domain-domain1] quit
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
    Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
    e?[Y/N]:y 
    [AP-wlan-ap-group-ap-group1] quit
    [AP-wlan-view] quit
    

    # Configure the management VLAN for RUs connected to the central AP.

    [AP] management-vlan 100
    
    # Import the RU offline on the central AP and add the RU to AP group ap-group1. Assume that the RU's MAC address is 60de-4476-e360. Configure a name for the RU based on the RU's deployment location, so that you can know where the RU is deployed from its name. For example, name the RU area_1 if it is deployed in Area 1.
    NOTE:

    The default RU authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

    In this example, the R240D is used and has two radios: radio 0 (2.4 GHz radio) and radio 1 (5 GHz radio).

    [AP] wlan
    [AP-wlan-view] ap auth-mode mac-auth
    [AP-wlan-view] ap-id 1 ap-mac 60de-4476-e360
    [AP-wlan-ap-1] ap-name area_1
    [AP-wlan-ap-1] ap-group ap-group1
    Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
    s of the radio, Whether to continue? [Y/N]:y 
    [AP-wlan-ap-1] quit
    

    # After the RU is powered on, run the display ap all command to check the RU state. If the State field is displayed as nor, the RU goes online normally.

    [AP-wlan-view] display ap all
    Total AP information:
    nor  : normal          [1]
    -------------------------------------------------------------------------------------
    ID   MAC            Name   Group     IP            Type            State STA Uptime
    -------------------------------------------------------------------------------------
    1    60de-4476-e360 area_1 ap-group1 10.23.100.254 R240D           nor   0   10S
    -------------------------------------------------------------------------------------
    Total: 1

  5. Configure WLAN service parameters.

    # Create security profile wlan-security and set the security policy in the profile.
    NOTE:

    In this example, the security policy is set to WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

    [AP-wlan-view] security-profile name wlan-security
    [AP-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes
    [AP-wlan-sec-prof-wlan-security] quit
    

    # Create SSID profile wlan-ssid and set the SSID name to wlan-net.

    [AP-wlan-view] ssid-profile name wlan-ssid
    [AP-wlan-ssid-prof-wlan-ssid] ssid wlan-net
    [AP-wlan-ssid-prof-wlan-ssid] quit
    

    # Create VAP profile wlan-vap, set the service VLAN, and apply the security profile and SSID profile to the VAP profile.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] service-vlan vlan-id 101
    [AP-wlan-vap-prof-wlan-vap] security-profile wlan-security
    [AP-wlan-vap-prof-wlan-vap] ssid-profile wlan-ssid
    [AP-wlan-vap-prof-wlan-vap] quit
    

    # Bind VAP profile wlan-vap to the AP group and apply the profile to radio 0 and radio 1 of the RU.

    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 0
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 1
    [AP-wlan-ap-group-ap-group1] quit
    

  6. Set channels and power for the RU radios.

    NOTE:

    Automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these two functions are disabled. The channel and power configuration for the RU radios in this example is for reference only. In actual scenarios, configure channels and power for RU radios based on country codes of RUs and network planning results.

    # Disable automatic channel and power calibration functions of radio 0, and configure the channel and power for radio 0.
    [AP-wlan-view] ap-id 1
    [AP-wlan-ap-1] radio 0
    [AP-wlan-radio-1/0] calibrate auto-channel-select disable
    [AP-wlan-radio-1/0] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/0] channel 20mhz 6
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/0] eirp 127
    [AP-wlan-radio-1/0] quit
    # Disable automatic channel and power calibration functions of radio 1, and configure the channel and power for radio 1.
    [AP-wlan-ap-1] radio 1
    [AP-wlan-radio-1/1] calibrate auto-channel-select disable
    [AP-wlan-radio-1/1] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/1] channel 20mhz 149
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/1] eirp 127
    [AP-wlan-radio-1/1] quit
    [AP-wlan-ap-1] quit

  7. Configure traffic policing.

    # Create the traffic profile traffic and set traffic policing parameters in the profile.

    [AP-wlan-view] traffic-profile name traffic
    [AP-wlan-traffic-prof-traffic] rate-limit client up 2048
    [AP-wlan-traffic-prof-traffic] rate-limit vap up 30720
    [AP-wlan-traffic-prof-traffic] quit

    # Bind the traffic profile traffic to the VAP profile wlan-vap.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] traffic-profile traffic
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-vap-prof-wlan-vap] quit

  8. Verify the configuration.

    Run the display traffic-profile name traffic command on the central AP to check the traffic profile configuration. The command output shows that the uplink rate limit of a single STA is 2048 kbit/s (2 Mbit/s) and the total uplink rate limit of all STAs on a VAP is 30720 kbit/s (30 Mbit/s).

    [AP-wlan-view] display traffic-profile name traffic
    ----------------------------------------------------                            
    Profile ID                    : 1                                               
    Priority map downstream trust : DSCP                                            
    User isolate mode             : disable                                         
    Rate limit client up(Kbps)    : 2048                                      
    Rate limit client down(Kbps)  : 4294967295                                      
    Rate limit VAP up(Kbps)       : 30720                                      
    Rate limit VAP down(Kbps)     : 4294967295                                      
    Traffic optimize ARP proxy    : disable                                         
    Traffic optimize ARP unicast send : enable
    Traffic optimize DHCP unicast send : disable                                    
    Traffic optimize multicast send deny : disable                                  
    Traffic optimize TCP adjust MSS(bytes): -                                    
    Traffic optimize bcmc unicast send mismatch action : traverse                   
    MLD snooping                  : -                                               
    IGMP snooping                 : disable                                         
    IGMP snooping report suppress : -                                               
    IGMP snooping max bandwith(kbps) : -                                            
    IGMP snooping max user : -                                                      
    Traffic optimize sta bridge forward : enable                                    
    Traffic optimize broadcast suppression(pps): -                                  
    Traffic optimize multicast suppression(pps): -                                  
    Traffic optimize unicast suppression(pps): -                                    
    Traffic optimize multicast to unicast: disable                                  
      Dynamic adaptive                   : enable                                   
    Traffic remark inbound IPv4 ACL : -                                             
      Traffic remark inbound IPv4 type  : -                                         
      Traffic remark inbound IPv4 value : -                                         
    Traffic remark outbound IPv4 ACL: -                                             
      Traffic remark outbound IPv4 type : -                                         
      Traffic remark outbound IPv4 value: -                                         
    Traffic remark inbound L2 ACL   : -                                             
      Traffic remark inbound L2 type    : -                                         
      Traffic remark inbound L2 value   : -                                         
    Traffic remark outbound L2 ACL  : -                                             
      Traffic remark outbound L2 type   : -                                         
      Traffic remark outbound L2 value  : -                                         
    User IPSEC-ACL                      : -                                         
    Priority map upstream trust   : 8021e                                           
    CAPWAP priority upstream map mode: 802.11e map DSCP                             
                                       0 map 0                                      
                                       1 map 8                                      
                                       2 map 16                                     
                                       3 map 24                                     
                                       4 map 32                                     
                                       5 map 40                                     
                                       6 map 48                                     
                                       7 map 56                                     
    CAPWAP priority upstream map mode: 802.11e map 802.1p                           
                                       0 map 0                                      
                                       1 map 1                                      
                                       2 map 2                                      
                                       3 map 3                                      
                                       4 map 4                                      
                                       5 map 5                                      
                                       6 map 6                                      
                                       7 map 7                                      
    WMM priority downstream map mode: DSCP map 802.11e                              
                                      0-7 map 0                                     
                                      8-15 map 1                                    
                                      16-23 map 2                                   
                                      24-31 map 3                                   
                                      32-39 map 4                                   
                                      40-47 map 5                                   
                                      48-55 map 6                                   
                                      56-63 map 7                                   
    WMM priority downstream map mode: 802.1p map 802.11e                            
                                      0 map 0                                       
                                      1 map 1                                       
                                      2 map 2                                       
                                      3 map 3                                       
                                      4 map 4                                       
                                      5 map 5                                       
                                      6 map 6                                       
                                      7 map 7 
    --------------------------------------------------------------------------------------------- 
    Traffic Type                        Direction  AppliedRecord                    
    ---------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------
    ---------------------------------------------------- 

Configuration Files
  • Central AP configuration file

    #
     sysname AP
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/24
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    management-vlan 100
    #
    wlan
     traffic-profile name traffic
      rate-limit client up 2048
      rate-limit vap up 30720 
     security-profile name wlan-security
      security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
     ssid-profile name wlan-ssid
      ssid wlan-net
     vap-profile name wlan-vap
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
      traffic-profile traffic
     regulatory-domain-profile name domain1
     ap-group name ap-group1
      regulatory-domain-profile domain1
      radio 0
       vap-profile wlan-vap wlan 1
      radio 1
       vap-profile wlan-vap wlan 1
     ap-id 1 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
      radio 0
       channel 20mhz 6
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
      radio 1
       channel 20mhz 149
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
    #
    return

Example for Configuring Airtime Fair Scheduling

Configuration Process

You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile,and WIDS profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. After that, the configuration is automatically delivered to and takes effect on the RUs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.

Networking Requirements

As shown in Figure 27-35, the RU is directly connected to the central AP. An enterprise branch needs to deploy basic WLAN services for mobile office so that branch users can access internal network resources anywhere, anytime.

The enterprise network administrator expects that users can be assigned equal bandwidth occupation time so that the overall user experience can be improved.

Figure 27-35  Networking for configuring airtime fair scheduling
Configuration Roadmap
  1. Configure basic WLAN services so that users can connect to the wireless network.
  2. Enable airtime fair scheduling to ensure that users on the same radio have equal bandwidth occupation time to improve user experience.
Table 27-27  Data planning

Item

Data

DHCP server The central AP functions as a DHCP server to assign IP addresses to the STAs and RU.
IP address pool for the RU 10.23.100.2-10.23.100.254/24
IP address pool for STAs 10.23.101.2-10.23.101.254/24
AP group
  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-vap, regulatory domain profile domain1, and 2G radio profile wlan-radio2g
Regulatory domain profile
  • Name: domain1
  • Country code: CN
SSID profile
  • Name: wlan-ssid
  • SSID name: wlan-net
Security profile
  • Name: wlan-security
  • Security policy: WPA2+PSK+AES
  • Password: a1234567
VAP profile
  • Name: wlan-vap
  • Service VLAN: VLAN 101
  • Referenced profiles: SSID profile wlan-ssid and security profile wlan-security
2G radio profile
  • Name: wlan-radio2g
  • Referenced profile: RRM profile rrm
RRM profile
  • Name: rrm
  • Airtime fair scheduling: enabled

Configuration Notes

Configure port isolation on the interfaces of the device directly connected to RUs. If port isolation is not configured, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

Procedure

  1. Configure the central AP so that the RU and central AP can transmit CAPWAP packets.

    # Configure the central AP: add interface GE0/0/1 to management VLAN 100.

    <Huawei> system-view
    [Huawei] sysname AP
    [AP] vlan batch 100 101
    [AP] interface gigabitethernet 0/0/1
    [AP-GigabitEthernet0/0/1] port link-type trunk
    [AP-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [AP-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AP-GigabitEthernet0/0/1] quit
    

  2. Configure the central AP to communicate with the upstream device.

    NOTE:

    Configure central AP uplink interfaces to transparently transmit packets of service VLANs as required and communicate with the upstream device.

    # Add central AP uplink interface GE0/0/24 to service VLAN 101.

    [AP] interface gigabitethernet 0/0/24
    [AP-GigabitEthernet0/0/24] port link-type trunk
    [AP-GigabitEthernet0/0/24] port trunk allow-pass vlan 101
    [AP-GigabitEthernet0/0/24] quit
    

  3. Configure the central AP as a DHCP server to allocate IP addresses to STAs and the RU.

    # Configure the central AP as the DHCP server to allocate an IP address to the RU from the IP address pool on VLANIF 100, and allocate IP addresses to STAs from the IP address pool on VLANIF 101.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    [AP] dhcp enable
    [AP] interface vlanif 100
    [AP-Vlanif100] ip address 10.23.100.1 24
    [AP-Vlanif100] dhcp select interface
    [AP-Vlanif100] quit
    [AP] interface vlanif 101
    [AP-Vlanif101] ip address 10.23.101.1 24
    [AP-Vlanif101] dhcp select interface
    [AP-Vlanif101] quit
    

  4. Configure the RU to go online.

    # Create an AP group and add the RU to the AP group.

    [AP] wlan
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] quit
    

    # Create a regulatory domain profile, configure the central AP country code in the profile, and apply the profile to the AP group.

    [AP-wlan-view] regulatory-domain-profile name domain1
    [AP-wlan-regulate-domain-domain1] country-code cn
    [AP-wlan-regulate-domain-domain1] quit
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
    Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
    e?[Y/N]:y 
    [AP-wlan-ap-group-ap-group1] quit
    [AP-wlan-view] quit
    

    # Configure the management VLAN for RUs connected to the central AP.

    [AP] management-vlan 100
    
    # Import the RU offline on the central AP and add the RU to AP group ap-group1. Assume that the RU's MAC address is 60de-4476-e360. Configure a name for the RU based on the RU's deployment location, so that you can know where the RU is deployed from its name. For example, name the RU area_1 if it is deployed in Area 1.
    NOTE:

    The default RU authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

    In this example, the R240D is used and has two radios: radio 0 (2.4 GHz radio) and radio 1 (5 GHz radio).

    [AP] wlan
    [AP-wlan-view] ap auth-mode mac-auth
    [AP-wlan-view] ap-id 1 ap-mac 60de-4476-e360
    [AP-wlan-ap-1] ap-name area_1
    [AP-wlan-ap-1] ap-group ap-group1
    Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
    s of the radio, Whether to continue? [Y/N]:y 
    [AP-wlan-ap-1] quit
    

    # After the RU is powered on, run the display ap all command to check the RU state. If the State field is displayed as nor, the RU goes online normally.

    [AP-wlan-view] display ap all
    Total AP information:
    nor  : normal          [1]
    -------------------------------------------------------------------------------------
    ID   MAC            Name   Group     IP            Type            State STA Uptime
    -------------------------------------------------------------------------------------
    1    60de-4476-e360 area_1 ap-group1 10.23.100.254 R240D           nor   0   10S
    -------------------------------------------------------------------------------------
    Total: 1

  5. Configure WLAN service parameters.

    # Create security profile wlan-security and set the security policy in the profile.
    NOTE:

    In this example, the security policy is set to WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

    [AP-wlan-view] security-profile name wlan-security
    [AP-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes
    [AP-wlan-sec-prof-wlan-security] quit
    

    # Create SSID profile wlan-ssid and set the SSID name to wlan-net.

    [AP-wlan-view] ssid-profile name wlan-ssid
    [AP-wlan-ssid-prof-wlan-ssid] ssid wlan-net
    [AP-wlan-ssid-prof-wlan-ssid] quit
    

    # Create VAP profile wlan-vap, set the service VLAN, and apply the security profile and SSID profile to the VAP profile.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] service-vlan vlan-id 101
    [AP-wlan-vap-prof-wlan-vap] security-profile wlan-security
    [AP-wlan-vap-prof-wlan-vap] ssid-profile wlan-ssid
    [AP-wlan-vap-prof-wlan-vap] quit
    

    # Bind VAP profile wlan-vap to the AP group and apply the profile to radio 0 and radio 1 of the RU.

    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 0
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 1
    [AP-wlan-ap-group-ap-group1] quit
    

  6. Configure airtime fair scheduling.

    # Create 2G radio profile wlan-radio2g.

    NOTE:
    The following example configures a 2G radio profile. The configuration of a 5G radio profile is similar.
    [AP-wlan-view] radio-2g-profile name wlan-radio2g
    [AP-wlan-radio-2g-prof-wlan-radio2g] quit

    # Bind 2G radio profile wlan-radio2g to AP group ap-group1.

    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] radio-2g-profile wlan-radio2g
    [AP-wlan-ap-group-ap-group1] quit

    # Create RRM profile rrm and enable airtime fair scheduling.

    [AP-wlan-view] rrm-profile name rrm
    [AP-wlan-rrm-prof-rrm] airtime-fair-schedule enable
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-rrm-prof-rrm] quit
    

    # Bind RRM profile rrm to 2G radio profile wlan-radio2g.

    [AP-wlan-view] radio-2g-profile name wlan-radio2g
    [AP-wlan-radio-2g-prof-wlan-radio2g] rrm-profile rrm
    [AP-wlan-radio-2g-prof-wlan-radio2g] quit

  7. Set channels and power for the RU radios.

    NOTE:

    The channel and power configuration for the RU radios in this example is for reference only. In actual scenarios, configure channels and power for RU radios based on country codes of RUs and network planning results.

    # Disable automatic channel and power calibration of radio 0 of the RU, and set the channel and power for radio 0 of the RU.
    [AP-wlan-view] ap-id 1
    [AP-wlan-ap-1] radio 0
    [AP-wlan-radio-1/0] calibrate auto-channel-select disable
    [AP-wlan-radio-1/0] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/0] channel 20mhz 6
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/0] eirp 127
    [AP-wlan-radio-1/0] quit
    # Disable automatic channel and power calibration of radio 1 of the RU, and set the channel and power for radio 1 of the RU.
    [AP-wlan-ap-1] radio 1
    [AP-wlan-radio-1/1] calibrate auto-channel-select disable
    [AP-wlan-radio-1/1] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/1] channel 20mhz 149
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/1] eirp 127
    [AP-wlan-radio-1/1] quit
    [AP-wlan-ap-1] quit

  8. Verify the configuration.

    Run the display rrm-profile command on the central AP to check the configuration of the RRM profile. The command output shows that airtime fair scheduling has been enabled. Therefore, users on the network can fairly use the network bandwidth.

    [AP-wlan-view] display rrm-profile name rrm
    ------------------------------------------------------------                    
    Auto channel select                                    : disable                 
    Auto transmit power select                             : disable                 
    PER threshold for trigger channel/power select(%)      : 60                     
    Airtime fairness schedule                              : enable
    Dynamic adjust EDCA parameter                          : disable                
    UAC check client's SNR                                 : disable                
    UAC client's SNR threshold(dB)                         : 20                     
    UAC check client number                                : disable                
    UAC client number access threshold                     : 64                     
    UAC client number roam threshold                       : 64                     
    UAC check channel utilization                          : disable                
    UAC channel utilization access threshold               : 80                     
    UAC channel utilization roam threshold                 : 80                     
    UAC hide SSID                                          : disable                
    Band steer deny threshold                              : 2                      
    Band balance start threshold                           : 15                     
    Band balance gap threshold(%)                          : 25                     
    Client's band expire based on continuous probe counts  : 35                     
    Smart-roam                                             : enable                 
    Smart-roam check SNR                                   : enable                 
    Smart-roam standing SNR threshold(dB)                  : 30                     
    Smart-roam SNR quick-kickoff-threshold(dB)             : 15                     
    Smart-roam check rate                                  : disable                
    AMC policy                                             : auto-balance           
    Smart-roam rate threshold(%)                           : 20                     
    Smart-roam rate quick-kickoff-threshold(%)             : 20                     
    Smart-roam high level SNR margin(dB)                   : 15                     
    Smart-roam low level SNR margin(dB)                    : 6                      
    Smart-roam SNR check interval(s)                       : 3                      
    Smart-roam unable roam client expire time(m)           : 120
    ------------------------------------------------------------

Configuration Files
  • Central AP configuration file

    #
     sysname AP
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/24
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    management-vlan 100
    #
    wlan
     security-profile name wlan-security
      security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
     ssid-profile name wlan-ssid
      ssid wlan-net
     vap-profile name wlan-vap
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
     regulatory-domain-profile name domain1
     rrm-profile name rrm
      airtime-fair-schedule enable  
     radio-2g-profile name wlan-radio2g
      rrm-profile rrm
     ap-group name ap-group1
      regulatory-domain-profile domain1
      radio 0
       radio-2g-profile wlan-radio2g
       vap-profile wlan-vap wlan 1
      radio 1
       vap-profile wlan-vap wlan 1
     ap-id 1 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
      radio 0
       channel 20mhz 6
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
      radio 1
       channel 20mhz 149
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
    #
    return

Example for Configuring ACL-based Packet Filtering

Configuration Process

You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile,and WIDS profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. After that, the configuration is automatically delivered to and takes effect on the RUs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.

Networking Requirements

As shown in Figure 27-36, the RU is directly connected to the central AP. An enterprise branch needs to deploy basic WLAN services for mobile office so that branch users can access internal network resources anywhere at any time.

The enterprise network administrator expects that an ACL can be configured to prohibit packets with the source IP address 10.23.100.10 and destination IP address 10.23.100.11.

Figure 27-36  Networking diagram for configuring ACL-based packet filtering
Configuration Roadmap
The configuration roadmap is as follows:
  1. Configure basic WLAN services so that users can connect to the wireless network.
  2. Configure an ACL to filter packets.
Table 27-28  Data planning

Item

Data

DHCP server The central AP functions as a DHCP server to assign IP addresses to the STAs and RU.
IP address pool for the RU 10.23.100.2-10.23.100.254/24
IP address pool for STAs 10.23.101.2-10.23.101.254/24
AP group
  • Name: ap-group1
  • Referenced profile: VAP profile wlan-vap and regulatory domain profile domain1
Regulatory domain profile
  • Name: domain1
  • Country code: CN
SSID profile
  • Name: wlan-ssid
  • SSID name: wlan-net
Security profile
  • Name: wlan-security
  • Security policy: WPA2+PSK+AES
  • Password: a1234567
VAP profile
  • Name: wlan-vap
  • Service VLAN: VLAN 101
  • Referenced profile: SSID profile wlan-ssid, security profile wlan-security and traffic profile traffic
Traffic profile
  • Name: traffic
  • Configuring ACL-based packet filtering.

Configuration Notes

Configure port isolation on the interfaces of the device directly connected to RUs. If port isolation is not configured, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

Procedure

  1. Configure the central AP so that the RU and central AP can transmit CAPWAP packets.

    # Configure the central AP: add interface GE0/0/1 to management VLAN 100.

    <Huawei> system-view
    [Huawei] sysname AP
    [AP] vlan batch 100 101
    [AP] interface gigabitethernet 0/0/1
    [AP-GigabitEthernet0/0/1] port link-type trunk
    [AP-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [AP-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AP-GigabitEthernet0/0/1] quit
    

  2. Configure the central AP to communicate with the upstream device.

    NOTE:

    Configure central AP uplink interfaces to transparently transmit packets of service VLANs as required and communicate with the upstream device.

    # Add central AP uplink interface GE0/0/24 to service VLAN 101.

    [AP] interface gigabitethernet 0/0/24
    [AP-GigabitEthernet0/0/24] port link-type trunk
    [AP-GigabitEthernet0/0/24] port trunk allow-pass vlan 101
    [AP-GigabitEthernet0/0/24] quit
    

  3. Configure the central AP as a DHCP server to allocate IP addresses to STAs and the RU.

    # Configure the central AP as the DHCP server to allocate an IP address to the RU from the IP address pool on VLANIF 100, and allocate IP addresses to STAs from the IP address pool on VLANIF 101.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    [AP] dhcp enable
    [AP] interface vlanif 100
    [AP-Vlanif100] ip address 10.23.100.1 24
    [AP-Vlanif100] dhcp select interface
    [AP-Vlanif100] quit
    [AP] interface vlanif 101
    [AP-Vlanif101] ip address 10.23.101.1 24
    [AP-Vlanif101] dhcp select interface
    [AP-Vlanif101] quit
    

  4. Configure the RU to go online.

    # Create an AP group and add the RU to the AP group.

    [AP] wlan
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] quit
    

    # Create a regulatory domain profile, configure the central AP country code in the profile, and apply the profile to the AP group.

    [AP-wlan-view] regulatory-domain-profile name domain1
    [AP-wlan-regulate-domain-domain1] country-code cn
    [AP-wlan-regulate-domain-domain1] quit
    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
    Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
    e?[Y/N]:y 
    [AP-wlan-ap-group-ap-group1] quit
    [AP-wlan-view] quit
    

    # Configure the management VLAN for RUs connected to the central AP.

    [AP] management-vlan 100
    
    # Import the RU offline on the central AP and add the RU to AP group ap-group1. Assume that the RU's MAC address is 60de-4476-e360. Configure a name for the RU based on the RU's deployment location, so that you can know where the RU is deployed from its name. For example, name the RU area_1 if it is deployed in Area 1.
    NOTE:

    The default RU authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

    In this example, the R240D is used and has two radios: radio 0 (2.4 GHz radio) and radio 1 (5 GHz radio).

    [AP] wlan
    [AP-wlan-view] ap auth-mode mac-auth
    [AP-wlan-view] ap-id 1 ap-mac 60de-4476-e360
    [AP-wlan-ap-1] ap-name area_1
    [AP-wlan-ap-1] ap-group ap-group1
    Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
    s of the radio, Whether to continue? [Y/N]:y 
    [AP-wlan-ap-1] quit
    

    # After the RU is powered on, run the display ap all command to check the RU state. If the State field is displayed as nor, the RU goes online normally.

    [AP-wlan-view] display ap all
    Total AP information:
    nor  : normal          [1]
    -------------------------------------------------------------------------------------
    ID   MAC            Name   Group     IP            Type            State STA Uptime
    -------------------------------------------------------------------------------------
    1    60de-4476-e360 area_1 ap-group1 10.23.100.254 R240D           nor   0   10S
    -------------------------------------------------------------------------------------
    Total: 1

  5. Configure WLAN service parameters.

    # Create security profile wlan-security and set the security policy in the profile.
    NOTE:

    In this example, the security policy is set to WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

    [AP-wlan-view] security-profile name wlan-security
    [AP-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes
    [AP-wlan-sec-prof-wlan-security] quit
    

    # Create SSID profile wlan-ssid and set the SSID name to wlan-net.

    [AP-wlan-view] ssid-profile name wlan-ssid
    [AP-wlan-ssid-prof-wlan-ssid] ssid wlan-net
    [AP-wlan-ssid-prof-wlan-ssid] quit
    

    # Create VAP profile wlan-vap, set the service VLAN, and apply the security profile and SSID profile to the VAP profile.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] service-vlan vlan-id 101
    [AP-wlan-vap-prof-wlan-vap] security-profile wlan-security
    [AP-wlan-vap-prof-wlan-vap] ssid-profile wlan-ssid
    [AP-wlan-vap-prof-wlan-vap] quit
    

    # Bind VAP profile wlan-vap to the AP group and apply the profile to radio 0 and radio 1 of the RU.

    [AP-wlan-view] ap-group name ap-group1
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 0
    [AP-wlan-ap-group-ap-group1] vap-profile wlan-vap wlan 1 radio 1
    [AP-wlan-ap-group-ap-group1] quit
    

  6. Set channels and power for the RU radios.

    NOTE:

    Automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these two functions are disabled. The channel and power configuration for the RU radios in this example is for reference only. In actual scenarios, configure channels and power for RU radios based on country codes of RUs and network planning results.

    # Disable automatic channel and power calibration functions of radio 0, and configure the channel and power for radio 0.
    [AP-wlan-view] ap-id 1
    [AP-wlan-ap-1] radio 0
    [AP-wlan-radio-1/0] calibrate auto-channel-select disable
    [AP-wlan-radio-1/0] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/0] channel 20mhz 6
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/0] eirp 127
    [AP-wlan-radio-1/0] quit
    # Disable automatic channel and power calibration functions of radio 1, and configure the channel and power for radio 1.
    [AP-wlan-ap-1] radio 1
    [AP-wlan-radio-1/1] calibrate auto-channel-select disable
    [AP-wlan-radio-1/1] calibrate auto-txpower-select disable
    [AP-wlan-radio-1/1] channel 20mhz 149
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-radio-1/1] eirp 127
    [AP-wlan-radio-1/1] quit
    [AP-wlan-ap-1] quit

  7. Configure ACL-based packet filtering.

    # Configure an advanced ACL that meet requirements.
    [AP-wlan-view] quit
    [AP] acl 3001
    [AP-acl-adv-3001] rule deny ip source 10.23.100.10 0 destination 10.23.100.11 0
    [AP-acl-adv-3001] quit
    [AP] wlan
    [AP-wlan-view] traffic-profile name traffic
    [AP-wlan-traffic-prof-traffic] traffic-filter inbound ipv4 acl 3001
    [AP-wlan-traffic-prof-traffic] quit

    # Bind the traffic profile traffic to the VAP profile wlan-vap.

    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] traffic-profile traffic
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-wlan-vap-prof-wlan-vap] quit

  8. Verify the configuration.

    Run the display traffic-profile command on the central AP to check applications of ACL-based packet filtering. The command output shows that the ACL has been applied to the traffic profile.

    [AP-wlan-view] display traffic-profile name traffic
    ----------------------------------------------------                            
    Profile ID                    : 1                                               
    Priority map downstream trust : DSCP                                            
    User isolate mode             : disable                                         
    Rate limit client up(Kbps)    : 4294967295                                      
    Rate limit client down(Kbps)  : 4294967295                                      
    Rate limit VAP up(Kbps)       : 4294967295                                      
    Rate limit VAP down(Kbps)     : 4294967295                                      
    Traffic optimize ARP proxy    : disable                                         
    Traffic optimize ARP unicast send : enable
    Traffic optimize DHCP unicast send : disable                                    
    Traffic optimize multicast send deny : disable                                  
    Traffic optimize TCP adjust MSS(bytes): -
    Traffic optimize bcmc unicast send mismatch action : traverse                   
    MLD snooping                  : -                                               
    IGMP snooping                 : disable                                         
    IGMP snooping report suppress : -                                               
    IGMP snooping max bandwith(kbps) : -                                            
    IGMP snooping max user : -                                                      
    Traffic optimize sta bridge forward : enable                                    
    Traffic optimize broadcast suppression(pps): -                                  
    Traffic optimize multicast suppression(pps): -                                  
    Traffic optimize unicast suppression(pps): -                                    
    Traffic optimize multicast to unicast: disable                                  
      Dynamic adaptive                   : enable                                   
    Traffic remark inbound IPv4 ACL : -                                             
      Traffic remark inbound IPv4 type  : -                                         
      Traffic remark inbound IPv4 value : -                                         
    Traffic remark outbound IPv4 ACL: -                                             
      Traffic remark outbound IPv4 type : -                                         
      Traffic remark outbound IPv4 value: -                                         
    Traffic remark inbound L2 ACL   : -                                             
      Traffic remark inbound L2 type    : -                                         
      Traffic remark inbound L2 value   : -                                         
    Traffic remark outbound L2 ACL  : -                                             
      Traffic remark outbound L2 type   : -                                         
      Traffic remark outbound L2 value  : -                                         
    User IPSEC-ACL                      : -                                         
    Priority map upstream trust   : 8021e                                           
    CAPWAP priority upstream map mode: 802.11e map DSCP                             
                                       0 map 0                                      
                                       1 map 8                                      
                                       2 map 16                                     
                                       3 map 24                                     
                                       4 map 32                                     
                                       5 map 40                                     
                                       6 map 48                                     
                                       7 map 56                                     
    CAPWAP priority upstream map mode: 802.11e map 802.1p                           
                                       0 map 0                                      
                                       1 map 1                                      
                                       2 map 2                                      
                                       3 map 3                                      
                                       4 map 4                                      
                                       5 map 5                                      
                                       6 map 6                                      
                                       7 map 7                                      
    WMM priority downstream map mode: DSCP map 802.11e                              
                                      0-7 map 0                                     
                                      8-15 map 1                                    
                                      16-23 map 2                                   
                                      24-31 map 3                                   
                                      32-39 map 4                                   
                                      40-47 map 5                                   
                                      48-55 map 6                                   
                                      56-63 map 7                                   
    WMM priority downstream map mode: 802.1p map 802.11e                            
                                      0 map 0                                       
                                      1 map 1                                       
                                      2 map 2                                       
                                      3 map 3                                       
                                      4 map 4                                       
                                      5 map 5                                       
                                      6 map 6                                       
                                      7 map 7                                       
    ---------------------------------------------------------------------------------------------
    Traffic Type                        Direction  AppliedRecord 
    ---------------------------------------------------------------------------------------------
    traffic-filter                      inbound    IPv4 ACL 3001
    ---------------------------------------------------------------------------------------------
    ----------------------------------------------------    

Configuration Files
  • Central AP configuration file

    #
     sysname AP
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    acl number 3001
     rule 5 deny ip source 10.23.100.10 0 destination 10.23.100.11 0
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/24
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    management-vlan 100
    #
    wlan
     traffic-profile name traffic   
      traffic-filter inbound ipv4 acl 3001  
     security-profile name wlan-security
      security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
     ssid-profile name wlan-ssid
      ssid wlan-net
     vap-profile name wlan-vap
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
      traffic-profile traffic
     regulatory-domain-profile name domain1
     ap-group name ap-group1
      regulatory-domain-profile domain1
      radio 0
       vap-profile wlan-vap wlan 1
      radio 1
       vap-profile wlan-vap wlan 1
     ap-id 1 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
      radio 0
       channel 20mhz 6
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
      radio 1
       channel 20mhz 149
       eirp 127
       calibrate auto-channel-select disable
       calibrate auto-txpower-select disable
    #
    return
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 117687

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next