No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

This section describes how to configure URL filtering.

Configuring Whitelist-based URL Filtering

Networking Requirements

As shown in Figure 26-40, a company deploys a WLAN and wants to enable the Central AP to filter HTTP requests from wireless users to access URLs on the Internet.

The company requires that a URL whitelist be configured to allow employees to access only work-related URL and domain name in wireless mode.

Figure 26-40  Whitelist-based URL filtering
Configuration Roadmap
  1. Configure basic WLAN services.
  2. Create a URL filtering configuration file, add URL and domain name to the whitelist, and set the default filtering action to block.
  3. Configure a defence profile and bind it to a URL filtering profile to control users' access to URLs.
  4. Configure a WLAN service VAP and bind it to the defence profile to make the URL filtering function take effect.


  1. Configure basic WLAN services. For details, see Example for Configuring an Agile Distributed WLAN.
  2. Enable the security engine and configure a URL filtering profile.

    # Enable the security engine.

    <Huawei> system-view
    [Huawei] sysname AP
    [AP] defence engine enable
           It will take several minutes to initialize engine, please wait.          
    Info: Load the IPS signature database if IPS detection is required after license
    Info: Load the AV signature database if AV detection is required after license a
    Info:Engine has been initialized successfully. 

    # Create defence profile defence_wlan.

    [AP] defence-profile name defence_wlan
    [AP-defence-profile-defence_wlan] quit

    # Configure URL filtering profile url_wlan and add URLs to the whitelist.

    [AP] profile type url-filter name url_wlan
    [AP-profile-url-filter-url_wlan] description URL filter profile of web access control for wlan.
    [AP-profile-url-filter-url_wlan] default action block
    [AP-profile-url-filter-url_wlan] add whitelist url
    [AP-profile-url-filter-url_wlan] add whitelist host
    [AP-profile-url-filter-url_wlan] quit

    # The configuration is committed.

    [AP] engine configuration commit

    # Configure defence profile defence_wlan and reference URL filtering profile url_wlan.

    [AP] defence-profile name defence_wlan
    [AP-defence-profile-defence_wlan] profile type url-filter url_wlan
    [AP-defence-profile-defence_wlan] quit

  3. Configure the URL filtering function for a VAP.

    # Configure VAP profile wlan-vap and bind it to defence profile defence_wlan to implement URL filtering for wireless users.

    [AP] wlan
    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] defence-profile defence_wlan

  4. Verifying the Configuration

    After the configuration, wireless users associated with the VAP can access and, but cannot access other websites or domain names.

Configuration Files
  • Central AP Configuration Files

     defence engine enable
     sysname AP
    profile type url-filter name url_wlan                                           
     description URL filter profile of web access control for wlan                  
     add whitelist url                                      
     add whitelist host                                             
     default action block 
    vlan batch 100 to 101
    dhcp enable
    defence-profile name defence_wlan                                               
      profile type url-filter url_wlan                                                    
    interface Vlanif100
     ip address
     dhcp select interface
    interface Vlanif101
     ip address
     dhcp select interface
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    interface GigabitEthernet0/0/24
     port link-type trunk
     port trunk allow-pass vlan 101
    management-vlan 100
     security-profile name wlan-security
      security wpa2 psk pass-phrase %^%#m"tz0f>~7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
     ssid-profile name wlan-ssid
      ssid wlan-net
     vap-profile name wlan-vap
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
      defence-profile defence_wlan 
     regulatory-domain-profile name domain1
     ap-group name ap-group1
      regulatory-domain-profile domain1
      radio 0
       vap-profile wlan-vap wlan 1
      radio 1
       vap-profile wlan-vap wlan 1
     ap-id 1 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
      radio 0
       channel 20mhz 6
       eirp 127
      radio 1
       channel 20mhz 149
       eirp 127
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 114935

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next