No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a VAP

Configuring a VAP

Creating a VAP Profile

Context

After you create a VAP profile, configure parameters in the profile. After the profile is applied to a radio, VAPs are generated and can provide wireless access services for STAs. You can configure different parameters in the VAP profile to enable APs to provide different wireless services.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    A VAP profile is created, and the VAP profile view is displayed.

    By default, the system provides the VAP profile default.

Configuring Service VLANs

Context

Layer 2 data packets delivered from a VAP to an AP carry the service VLAN IDs.

Note the following when adding service VLANs to the VLAN pool:

  • After a VLAN pool is configured to provide service VLANs, VLANs in the VLAN pool cannot be deleted. To delete the VLAN pool, cancel the service VLAN configuration of the VLAN pool.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vlan batch vlan-id

    A VLAN is created.

  3. Run:

    wlan

    The WLAN view is displayed.

  4. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  5. Run:

    service-vlan vlan-id vlan-id

    A service VLAN is configured for a VAP.

    By default, VLAN 1 is the service VLAN of a VAP.

(Optional) Configuring the Scheduled VAP Auto-Off Function

Context

In actual WLAN applications, the network administrator wants to disable WLAN services in a specified period, ensuring security and reducing power consumption. You can disable the VAP as scheduled.

This configuration is applicable to enterprises that want to disable WLAN services in a specified period for security or at midnight when the user service traffic volume is low.

  • The scheduled VAP auto-off function enabled in a VAP profile view takes effect only on the APs using the profile.

  • The scheduled VAP auto-off function enabled in a radio profile takes effect only on the APs using the profile. For details on how to configure the scheduled VAP auto-off function in a VAP profile view, see (Optional) Adjusting Radio Parameters.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Run:

    undo service-mode disable

    The service mode of a VAP is enabled.

    By default, the service mode of a VAP is enabled.

    Enabling the service mode of a VAP is the prerequisite for normal VAP working.

  5. Run:

    auto-off service start-time start-time end-time end-time
    or
    auto-off service time-range time-range-name

    The scheduled VAP auto-off function is enabled and the time range when the VAP is disabled is set.

    By default, the scheduled VAP auto-off function is disabled.

    You can run the auto-off service time-range time-range-name command to set the time range when a VAP is disabled.

    The time range when a VAP is disabled has been configured using the time-range command in the system view before you run the auto-off service time-range time-range-name command.

(Optional) Adjusting VAP Parameters

Context

You can flexibly adjust VAP parameters to adapt to different network requirements.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Adjust VAP parameters.

    Procedure

    Command

    Description

    Enable the service mode of a VAP

    undo service-mode disable

    By default, the service mode of a VAP is enabled.

    Enabling the service mode of a VAP is the prerequisite for normal VAP working.

    Configure an AP to insert the Option 82 field in DHCP packets sent from a STA

    Enable an AP to insert the Option 82 field in DHCP packets sent from a STA

    dhcp option82 insert enable

    By default, the function of adding the Option 82 field to DHCP packets sent by STAs is disabled.

    A STA obtains an IP address through DHCP after going online. When the DHCP Request packet sent by the STA reaches an AP, the AP inserts the Option 82 field in the packet to send the AP's MAC address, SSID or name to the DHCP server. According to the Option 82 field, the DHCP server can determine the AP through which the STA goes online.

    Configure the format of the Option 82 field inserted in DHCP packets sent from a STA

    dhcp option82 { circuit-id | remote-id } format { ap-mac [ mac-format { normal | compact | hex } ] | ap-mac-ssid [ mac-format { normal | compact } ] | user-defined text | ap-name | ap-name-ssid }

    By default, the format of the Option 82 field inserted in DHCP packets sent by STAs is ap-mac.

(Optional) Configuring MU-MIMO

Context

Carrier sense multiple access with collision avoidance (CSMA-CA) allows an air interface channel to be occupied only by one STA, and other STAs cannot communicate with the AP. After MU-MIMO is enabled, STAs supporting MU-MIMO can form an MU group to simultaneously receive downlink data from the same air interface channel, improving channel efficiency and overall downlink throughput.

In Figure 9-16, before MU-MIMO is enabled, when the AP is communicating with STA_1, other STAs such as STA_2 cannot communicate with the AP. After MU-MIMO is enabled, the AP can communicate with multiple STAs simultaneously, improving air interface efficiency.

Figure 9-16  Communication before and after MU-MIMO is enabled

VAPs of only the AP1050DN-S, AP2050DN, AP2050DN-E, AP4050DN, AP4050DN-S, AP4051DN, AP4151DN, AP8050DN, AP8050DN-S, AP8150DN, AP4050DN-E, AP4050DN-HD, AP6050DN, AP6150DN, AP7050DE, and AP7050DN-E support MU-MIMO on 5 GHz radios.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    ssid-profile name profile-name

    An SSID radio profile is created and the SSID profile view is displayed.

    By default, the system provides the SSID profile default.

  4. Run:

    mu-mimo enable

    MU-MIMO is enabled.

    By default, the MU-MIMO function is disabled.

  5. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  6. Run:

    ssid-profile profile-name

    The SSID profile is bound to a VAP profile.

    By default, the SSID profile default is bound to a VAP profile.

(Optional) Configuring the Device to Forcibly Disconnect STAs Without Traffic

Context

After the device is enabled to monitor user traffic and forcibly disconnect STAs without traffic, a STA meeting all the following conditions is forcibly disconnected after reassociation and going online:
  • The STA does not send DHCP Request messages or receive ARP Reply packets within 5s after going online.
  • The IP address of the STA changes after roaming.
  • The STA has only uplink traffic but no downlink traffic.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  4. Run:

    undo sta-network-detect disable

    The device is enabled to monitor user traffic and forcibly disconnect STAs without traffic.

    By default, the device is enabled to monitor user traffic and forcibly disconnect STAs without traffic.

Configuring a Security Profile

Context

As WLAN technology uses radio signals to transmit service data, service data can easily be intercepted or tampered by attackers when being transmitted on the open wireless channels. Security is critical to WLANs. You can create a security profile to configure security policies, which protect privacy of users and ensure data transmission security on WLANs.

A security profile provides four WLAN security policies: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WLAN Authentication and Privacy Infrastructure (WAPI). Each security policy has a series of security mechanisms, including the link authentication mechanism used to establish a wireless link, user authentication mechanism used when users attempt to connect to a wireless network, and data encryption mechanism used during data transmission.

If no security policy is configured during the creation of a security profile, the default authentication mode (open system authentication) is used. When a user searches for a wireless network, the user can connect to the wireless network without being authenticated.

The default security policy has low security. You are advised to configure a proper security policy. For details on how to configure security policies, see Security Policy Configuration.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    security-profile name profile-name

    A security profile is created, and the security profile view is displayed.

    By default, security profiles default, and default-mesh are available in the system.

    After a security profile is created, you need to configure a proper security policy according to service requirements because the default security policy has security risks. For the detailed configuration, see Security Policy Configuration.

  4. Run:

    quit

    Return to the WLAN view.

  5. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  6. Run:

    security-profile profile-name

    The security profile is bound to a VAP profile.

    By default, the security profile default is bound to a VAP profile.

Configuring an SSID Profile

Context

SSIDs identify different wireless networks. When you search for available wireless networks on your laptop, the displayed wireless network names are SSIDs. In an SSID profile, you can define an SSID name and configure related parameters. After the SSID profile configuration is complete, bind the SSID profile to a VAP profile.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    wlan

    The WLAN view is displayed.

  3. Run:

    ssid-profile name profile-name

    An SSID profile is created, and the SSID profile view is displayed.

    By default, the system provides the SSID profile default.

  4. Run:

    ssid ssid

    An SSID name is configured.

    By default, the SSID HUAWEI-WLAN is configured in an SSID profile.

    The value is a string of 1 to 32 case-sensitive characters. It supports Chinese characters or Chinese + English characters, without tab characters.

    To start an SSID with a space, you need to encompass the SSID with double quotation marks (" "), for example, " hello". The double quotation marks occupy two characters. To start an SSID with a double quotation mark, you need to add a backslash (\) before the double quotation mark, for example, \"hello. The backslash occupies one character.

  5. (Optional) Run:

    ssid-hide enable

    SSID hiding in Beacon frames is enabled.

    By default, SSID hiding in Beacon frames is disabled in an SSID profile.

    When creating a WLAN, configure an AP to hide the SSID of the WLAN to ensure security. Only the users who know the SSID can connect to the WLAN.

  6. (Optional) Run:

    max-sta-number max-sta-number

    The maximum number of successfully associated STAs on a VAP is configured.

    By default, a VAP allows for a maximum of 64 successfully associated STAs.

    More access users on a VAP indicate fewer network resources that each user can occupy. To ensure Internet experience of users, you can configure a proper maximum number of access users on a VAP according to actual network situations.

  7. (Optional) Run:

    reach-max-sta hide-ssid disable

    APs are disabled from automatically hiding SSIDs when the number of users reaches the maximum.

    By default, automatic SSID hiding is enabled when the number of users reaches the maximum.

    After automatic SSID hiding is enabled, SSIDs are automatically hidden when the number of users connected to the WLAN reaches the maximum, and SSIDs are unavailable for new users.

  8. (Optional) Run:

    legacy-station [ only-dot11b ] disable

    Access of non-HT STAs is denied.

    By default, access of non-HT STAs is permitted.

    Non-HT STAs support only 802.11a/b/g and provide a data transmission rate far smaller than the rate of 802.11n/ac STAs. If the non-HT STAs access the wireless network, the data transmission rate of 802.11n/ac STAs will be reduced. To prevent the transmission rate of 802.11n/ac STAs from being affected, you can run the legacy-station [ only-dot11b ] disable command to deny access of all or only 802.11b-compliant non-HT STAs.

    After the legacy-station disable command is run, the access of non-HT STAs supporting only 802.11a/b/g fails to be denied if any of the following functions is configured on the non-HT STAs:
    • WMM function in a 2G or 5G radio profile enabled using the wmm disable command
    • Pre-shared key authentication and TKIP encryption for WPA/WPA2 configured using the security { wpa | wpa2 | wpa-wpa2 } psk { pass-phrase | hex } key-value tkip command
    • 802.1x authentication and TKIP encryption for WPA/WPA2 configured using the security { wpa | wpa2 | wpa-wpa2 } dot1x tkip command
    • WEP shared key authentication mode configured using the security wep [ share-key ] command
    • 802.11b/g radio type in the 2G radio profile configured using the radio-type { dot11b | dot11g } command
    • 802.11a radio type in the 5G radio profile configured using radio-type dot11a command

    After the legacy-station only-dot11b disable command is run, the access of non-HT STAs supporting only 802.11b is denied. If 802.11b radio type in the 2G radio profile has been configured using the radio-type dot11b command, the access of non-HT STAs supporting only 802.11b fails to be denied.

  9. (Optional) Run:

    single-txchain enable

    The single-antenna transmission mode is enabled.

    By default, the single-antenna transmission mode is disabled.

    The single-antenna transmission mode is supported by the AP1050DN-S, AP2050DN, AP2050DN-E, AP4050DN, AP4050DN-S, AP4050DN-E, AP4050DN-HD, AP4051DN, AP4151DN, AP6050DN, AP6150DN, AP7050DE, AP7050DN-E, AP8050DN, AP8050DN-S, and AP8150DN.

  10. (Optional) Run:

    association-timeout association-timeout

    The association aging time of STAs is configured.

    By default, the association aging time is 5 minutes.

    After the association aging time of STAs is configured, if the AP receives no data packet from a STA in a specified time, the STA goes offline after the association aging time expires.

  11. (Optional) Run:

    dtim-interval dtim-interval

    A DTIM interval is configured.

    By default, the DTIM interval is 1.

    The DTIM interval specifies how many Beacon frames are sent before the Beacon frame that contains the DTIM. An AP sends a Beacon fame to wake a STA in power-saving mode, indicating that the saved broadcast and multicast frames will be transmitted to the STA.

    • A short DTIM interval helps transmit data in a timely manner, but the STA is wakened frequently, causing high power consumption.
    • A long DTIM interval lengthens the dormancy time of a STA and saves power, but degrades the transmission capability of the STA.

  12. (Optional) Run:

    u-apsd enable

    The U-APSD function is enabled.

    By default, the U-APSD function is disabled.

    If some STAs on the network do not support the U-APSD function, disable the U-APSD function.

  13. (Optional) Run:

    active-dull-client enable

    The function of preventing terminals from entering energy-saving mode is enabled.

    By default, the function of preventing terminals from entering energy-saving mode is disabled.

    Due to individual reasons, some terminals may not run services normally when entering energy-saving mode. You can run the active-dull-client enable command to enable the function of preventing terminals from entering energy-saving mode. After that, an AP frequently sends null data frames to these terminals to prevent them from entering energy-saving mode, ensuring normal services.

  14. (Optional) Reduce wireless resource occupation in high-density wireless scenarios.

    In high-density wireless scenarios, too many Beacon and Probe Response frames occupy a large number of wireless resources. To improve channel usage efficiency, you can run the following commands to reduce wireless resource occupation of the frames.

    1. Run the beacon-2g-rate beacon-2g-rate command to set the transmit rate of 2.4 GHz Beacon frames.

      By default, the transmit rate of 2.4 GHz Beacon frames is 1 Mbit/s.

    2. Run the beacon-5g-rate beacon-5g-rate command to set the transmit rate of 5 GHz Beacon frames.

      By default, the transmit rate of 5 GHz Beacon frames is 6 Mbit/s.

    3. Run the deny-broadcast-probe enable command to configure an AP not to respond to Probe Request frames.

      By default, an AP responds to broadcast Probe Request frames.

    4. Run the probe-response-retry retry-time command to set the number of times Probe Response packets are retransmitted.

      By default, the number of Probe Response retransmissions is 1.

  15. (Optional) Run:

    qbss-load enable

    APs are enabled to notify STAs of their load.

    By default, the function of notifying STA of the AP load is disabled.

  16. Run:

    quit

    Return to the WLAN view.

  17. Run:

    vap-profile name profile-name

    The VAP profile view is displayed.

  18. Run:

    ssid-profile profile-name

    The SSID profile is bound to a VAP profile.

    By default, the SSID profile default is bound to a VAP profile.

Binding a VAP Profile to an AP Radio

Context

After the configuration in a VAP profile is complete, bind the VAP profile to a radio to make the configuration take effect on the radio.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface wlan-radio wlan-radio-number

    The radio interface view is displayed.

  3. Run:

    vap-profile profile-name wlan wlan-id

    A VAP profile is bound to the radio.

    By default, no VAP profile is bound to a radio.

Verifying the VAP, Security, and SSID Profile Configuration

Prerequisites

The configuration of the VAP, security, and SSID profiles is complete.

Procedure

  • Run the display vap { all | ssid ssid } command to check service VAP information.
  • Run the display vap-profile { all | name profile-name } command to check configuration and reference information about a VAP profile.
  • Run the display references vap-profile name profile-name command to check reference information about a VAP profile.
  • Run the display security-profile { all | name profile-name } command to check configuration and reference information about a security profile.
  • Run the display references security-profile name profile-name command to check reference information about a security profile.
  • Run the display ssid-profile { all | name profile-name } command to check configuration and reference information about an SSID profile.
  • Run the display references ssid-profile name profile-name command to check reference information about an SSID profile.
  • Run the display vap create-fail-record all command to check records about VAP creation failures.
  • Run the display wlan config-errors command to check WLAN configuration errors.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 114528

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next