No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

S7700 and S9700 V200R011C10

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Unified Access for Wired and Wireless Users

Example for Configuring Unified Access for Wired and Wireless Users

Overview of Unified Access for Wired and Wireless Users

In practice, both wired and wireless users need to access one network. For example, the PCs and printers of a company connect to the network in wired mode, and laptops and mobile phones connect wirelessly. After unified access for wired and wireless users is configured on a network, users of both types can access the network and be managed in a unified manner.

Networking Requirements

A hospital needs to deploy both a wired and a wireless network. To simplify management and maintenance, the administrator requires that wired and wireless users be centrally managed on the AC, non-authentication and Portal authentication be configured for the wired and wireless users respectively, and wireless users roam under the same AC.

As shown in Figure 10-60, the AC connects to the egress gateway Router in the uplink direction. In the downlink direction, the AC connects to and manages APs through S5700-1 and S5700-2 access switches. The S5700-1 and S5700-2 are deployed in the first and second floors, respectively. An AP2010DN is deployed in each room to provide both wired and wireless access. The AP5030DN is deployed in the corridor to provide wireless network coverage. The S5700-1 and S5700-2 are PoE switches directly providing power to connected APs.

To facilitate network planning and management, the access switches are only used to transparently transmit data at Layer 2, and all gateways are configured on the AC

The AC functions as a DHCP server to assign IP addresses to APs, STAs, and PCs.

Figure 10-60  Networking for unified wired and wireless access

Data Planning

Table 10-3  Network data planning

Item

Interface

VLAN

Description

AC

GE1/0/1

100, 201

Connected to the S5700-1

GE1/0/2

100, 202

Connected to the S5700-2

GE1/0/3

200

Connected to the Agile Controller

GE1/0/4

300

Connected to the egress gateway

S5700-1

GE0/0/1

100, 201

Connected to the AC

GE0/0/2

100, 201

Connected to AP101

GE0/0/3

100, 201

Connected to AP102

GE0/0/4

100, 201

Connected to AP103

S5700-2

GE0/0/1

100, 202

Connected to the AC

GE0/0/2

100, 202

Connected to AP201

GE0/0/3

100, 202

Connected to AP202

GE0/0/4

100, 202

Connected to AP203

AP101 and AP102

Eth0/0/0

Eth0/0/1

GE0/0/0

201

GE0/0/0 connects to the S5700-1.

Eth0/0/0 and Eth0/0/1 connects to wired users.

AP101 and AP102 are AP2010DNs and are deployed in rooms on the first floor to provide wired and wireless access.

AP103

GE0/0/0

201

GE0/0/0 connects to the S5700-1.

AP103 is an AP5030DN and is deployed in the corridor on the first floor to provide wireless access.

AP201 and AP202

Eth0/0/0

Eth0/0/1

GE0/0/0

202

GE0/0/0 connects to the S5700-2.

Eth0/0/0 and Eth0/0/1 connects to wired users.

AP201 and AP202 are AP2010DNs and are deployed in rooms on the second floor to provide wired and wireless access.

AP203

GE0/0/0

202

GE0/0/0 connects to the S5700-2.

AP203 is an AP5030DN and is deployed in the corridor on the second floor to provide wireless access.

Table 10-4  Service data planning

Item

Data

Description

AC's source interface address

10.23.100.1/24

-

AP group

  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-vap1, regulatory domain profile domain1, and radio profiles radio-2g and radio-5g

-

  • Name: ap-group2
  • Referenced profiles: VAP profile wlan-vap2, regulatory domain profile domain1, and radio profiles radio-2g and radio-5g

Portal access profile

  • Name: portal1

  • Referenced profile: Portal server profile portal1

-

Authentication profile

  • Name: portal1

  • Referenced profile: Portal access profile portal1

-

Regulatory domain profile

  • Name: domain1
  • Country code: CN

-

AP wired port profile

Name: wired1, wired2, wired3, or wired4

-

RRM profile

Name: rrm1

-

Radio profile

  • Name: radio-2g and radio-5g

  • Referenced profile: RRM profile rrm1

-

Security profile

  • Name: wlan-security
  • Security and authentication policy: OPEN

-

SSID profile

  • Name: wlan-ssid
  • SSID: hospital-wlan

-

Traffic profile

Name: traffic1

-

VAP profile

  • Name: wlan-vap1
  • SSID: hospital-wlan
  • Data forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 101
  • Referenced profiles: security profile wlan-security, SSID profile wlan-ssid, authentication profile portal1, and traffic profile traffic1

Provides WLAN network coverage for the first floor of the building.

  • Name: wlan-vap2
  • SSID: hospital-wlan
  • Data forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 102
  • Referenced profiles: security profile wlan-security, SSID profile wlan-ssid, authentication profile portal1, and traffic profile traffic1

Provides WLAN network coverage for the second floor of the building.

DHCP server

The AC functions as a DHCP server to assign IP addresses to APs, STAs, and PCs.

-

AP gateway and IP address pool range

VLANIF 100: 10.23.100.1/24

10.23.100.2-10.23.100.254/24

-

Gateway and IP address pool range of the wireless users

VLANIF 101: 10.23.101.1/24

10.23.101.2-10.23.101.254/24

-

VLANIF 102: 10.23.102.1/24

10.23.102.2-10.23.102.254/24

-

Gateway and IP address pool range of the wired users

VLANIF 201: 10.23.201.1/24

10.23.201.2-10.23.201.254/24

-

VLANIF 202: 10.23.202.1/24

10.23.202.2-10.23.202.254/24

-

Server parameters

Authentication server:
  • IP address: 10.23.200.1
  • Port number: 1812
  • RADIUS shared key: Admin@123
  • The Service Controller (SC) of the Agile Controller provides RADIUS server and Portal server functions; therefore, the IP address of the SC is used for the authentication server, accounting server, authorization server, and Portal server.
  • Configure a RADIUS accounting server to collect user login and logout information. The port numbers of the authentication server and accounting server must be the same as those of the RADIUS server.
  • Configure an authorization server to enable the RADIUS server to deliver authorization rules to the AC. The shared key of the authorization server must be the same as that of the authentication server and accounting server.
Accounting server:
  • IP address: 10.23.200.1
  • Port number: 1813
  • RADIUS shared key: Admin@123
Authorization server:
  • IP address: 10.23.200.1
  • RADIUS shared key: Admin@123
Portal server:
  • IP address: 10.23.200.1
  • Port number that the AC uses to listen on Portal protocol packets: 2000
  • Destination port number in the packets that the AC sends to the Portal server: 50100
  • Portal shared key: Admin@123
  • Encryption key for the URL parameters that the AC sends to the Portal server: Admin@123
Table 10-5  Radio channel data planning

Item

Data

Description

AP101

Radio 0: channel 1 and power level 10

Use the WLAN Planner to plan AP installation locations, and the working channel and power of the AP radio. Set the channel mode and power mode to fixed, and configure the channel and power for each AP.

AP102

Radio 0: channel 6 and power level 10

AP103

Radio 0: channel 11 and power level 10

Radio 1: channel 153 and power level 10

AP201

Radio 0: channel 1 and power level 10

AP202

Radio 0: channel 6 and power level 10

AP203

Radio 0: channel 11 and power level 10

Radio 1: channel 157 and power level 10

Configuration Roadmap

  1. Configure network interworking of the AC, APs, S5700-1, S5700-2, and other network devices.
  2. Configure the AC as a DHCP server to assign IP addresses to APs, wired users, and wireless users.
  3. Configure a RADIUS server template, configure authentication, accounting, and authorization in the template, and configure Portal authentication.
  4. Configure basic WLAN services, including AC system parameters, AP management, and WLAN service parameters.
  5. Configure VAPs and deliver VAP parameters to APs.
  6. Verify the configuration to ensure that both wired and wireless users can access the Internet.

Procedure

  1. Configure the VLANs to which interfaces of S5700-1 and S5700-2 belong.

    NOTE:
    The S5700-1 is used as an example here. The configuration on the S5700-2 is similar.

    1. Choose Configuration > Fast WLAN Config > AC to access the Ethernet interface configuration page.
    2. Click interface data under Interface Name. In the Modify Ethernet Interface dialog box, set Default VLAN and Link type, enter VLAN IDs in the Added VLAN ID text box, and click to add interfaces in tagged mode, as shown in Figure 10-61, Figure 10-62, Figure 10-63, and Figure 10-64. Click OK.

      Figure 10-61  Configuring GE0/0/1

      Figure 10-62  Configuring GE0/0/2

      Figure 10-63  Configuring GE0/0/3

      Figure 10-64  Configuring GE0/0/4

  2. Configure the VLANs to which interfaces of an AC belong.
    1. Choose Configuration > Fast WLAN Config > AC to access the Ethernet interface configuration page.
    2. Click interface data under Interface Name. In the Modify Ethernet Interface dialog box, set Link type, enter VLAN IDs in the Added VLAN ID text box, and click to add interfaces in tagged mode, as shown in Figure 10-65, Figure 10-66, Figure 10-67, and Figure 10-68. Click OK.

      Figure 10-65  Configuring GE1/0/1

      Figure 10-66  Configuring GE1/0/2

      Figure 10-67  Configuring GE1/0/3

      Figure 10-68  Configuring GE1/0/4

  3. Configure VLANIF 200 on the AC for communicating with the Agile Controller.
    1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
    2. Click 200 under VLAN ID. In the Modify VLAN dialog box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-69. Click OK.

      Figure 10-69  Configuring VLANIF 200

  4. Configure the AC as a DHCP server to assign IP addresses to PCs, APs, and STAs.

    • Configure an IP address pool for the AC to assign IP addresses to APs.
      1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
      2. Click 100 under VLAN ID. In the Modify VLAN dialog box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-70. Click OK.
        Figure 10-70  Configuring VLANIF 100

      3. Choose Configuration > Basic Services > DHCP to access the DHCP configuration page.
      4. Set DHCP status to ON to enable the DHCP function.
      5. Click Create. In the Create IP Pool dialog box, set VLANIF interface to Vlanif100 and DHCP mode to Local allocation, as shown in Figure 10-71. Click OK.
        Figure 10-71  Configuring an IP address pool

    • Configure an IP address pool for the AC to assign IP addresses to STAs.
      1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
      2. Click Create. In the Create VLAN dialog box, enter VLAN IDs in the VLAN ID text box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-72 and Figure 10-73. Click OK.
        Figure 10-72  Configuring VLANIF 101

        Figure 10-73  Configuring VLANIF 102

      3. Choose Configuration > Basic Services > DHCP to access the DHCP configuration page.
      4. Set DHCP status to ON to enable the DHCP function.
      5. Click Create. In the Create IP Pool dialog box, set VLANIF interface to Vlanif101 and Vlanif102 respectively, and set DHCP mode to Local allocation, as shown in Figure 10-74 and Figure 10-75. Click OK.
        Figure 10-74  Configuring an IP address pool on VLANIF 101

        Figure 10-75  Configuring an IP address pool on VLANIF 102

    • Configure an IP address pool for the AC to assign IP addresses to PCs.
      1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
      2. Click 201 under VLAN ID. In the Modify VLAN dialog box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-76 and Figure 10-77. Click OK.
        Figure 10-76  Configuring VLANIF 201

        Figure 10-77  Configuring VLANIF 202

      3. Choose Configuration > Basic Services > DHCP to access the DHCP configuration page.
      4. Set DHCP status to ON to enable the DHCP function.
      5. Click Create. In the Create IP Pool dialog box, set VLANIF interface to Vlanif201 and DHCP mode to Local allocation, as shown in Figure 10-78 and Figure 10-79. Click OK.
        Figure 10-78  Configuring an IP address pool on VLANIF 201

        Figure 10-79  Configuring an IP address pool on VLANIF 202

  5. Configure a RADIUS server template, configure authentication, accounting, and authorization in the template, and configure Portal authentication on the AC.

    • Configure a RADIUS server template, and configure authentication, accounting, and authorization in the template on the AC.
      1. Choose Configuration > Security Services > AAA, click the RADIUS tab, and click Create. Create and configure RADIUS server template radius1, as shown in Figure 10-80. Click OK.
        Figure 10-80  Configuring a RADIUS server

      2. Choose Configuration > Security Services > AAA, click the RADIUS tab, and click Create to create and configure the authentication server, as shown in Figure 10-81. Click OK.
        Figure 10-81  Configuring an authorization server

      3. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > Domain Profile to access the Domain Profile List page. Click Create to access the Create Domain Profile page. Set Profile name to portal1, click OK, create the authentication domain portal1, and bind the RADIUS server template radius1 to the domain, as shown in Figure 10-82. Click Apply.
        Figure 10-82  Configuring an authentication domain

    • Configure a Portal server.
      Choose Configuration > Security Services > AAA, click the External Portal Server tab, and click Create to create and configure the Portal authentication server, as shown in Figure 10-83. Click OK.
      Figure 10-83  Configuring a Portal server

    • Enable Portal authentication for STAs. Non-authentication is adopted for wired users.
      1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > Portal Profile to access the Portal Profile List page. Click Create to access the Create Portal Profile page. Set Profile name to portal1 and click OK. On the Portal profile portal1 configuration page that is displayed, bind the Portal server portal1 to the Portal profile, and click Apply, as shown in Figure 10-84.
        Figure 10-84  Configuring a Portal profile

      2. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile to access the Authentication Profile List page. Click Create to access the Create Authentication Profile page. Set Profile name to portal1 and click OK, as shown in Figure 10-85.
        Figure 10-85  Creating an authentication profile

      3. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > portal1 > Portal Profile and select portal1 from the Portal Profile drop-down list box. Click Apply and bind the Portal profile portal1, as shown in Figure 10-86.
        Figure 10-86  Binding a Portal profile

      4. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > portal1 > Domain Profile and select portal1 from the Domain Profile drop-down list box. Click Apply and bind the domain profile portal1, as shown in Figure 10-87.
        Figure 10-87  Binding a domain profile

  6. Configure APs to go online.

    • Create a regulatory domain profile, configure the AC's country code in the profile, and apply the profile to the AP group.
      1. Choose Configuration > Wireless Services > AP Group > AP Group, click Create, and enter names in the AP group name text box, as shown in Figure 10-88. Click OK.
        Figure 10-88  Creating an AP group



      2. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP group configuration page. Choose Radio Management > Regulatory Domain Profile, click Create, set Profile name to domain1 to create a regulatory domain profile, and bind the profile to the AP group ap-group1, as shown in Figure 10-89. Click Apply. Use the same method to bind the profile to ap-group2.
        Figure 10-89  Binding a domain profile

    • Configure the source interface and authentication method.

      Choose Configuration > Wireless Services > AC Config to access the AC Configuration page. Set AC source address to Vlanif100 and AP authentication mode to MAC address authentication, as shown in Figure 10-90. Click Apply.

      Figure 10-90  Configuring the source interface and authentication method

    • Import APs offline.
      1. Choose Configuration > Fast WLAN Config > AP, and click ap-group1 in the AP group list. Click the AP Manage tab on the right, and click Add to access the page for adding APs.
      2. Set Mode to Manually add, enter values in the AP MAC, AP ID, AP type text boxes, and click OK, as shown in Figure 10-91. Use the same method to add APs to ap-group2, as shown in Figure 10-92.
        Figure 10-91  Adding an AP to ap-group1

        Figure 10-92  Adding an AP to ap-group2

    • Configure the uplink interface GE0/0/0, and downlink interfaces Eth0/0/0 and Eth0/0/1 on the AP2010DN to allow wired packets to pass.
      1. Choose Configuration > Wireless Services > Profile > AP > AP Wired Port Profile to access the AP Wired Port Profile List page. Click Create to access the Create AP Wired Port Profile page. Set Profile name to wired1 and click OK. Click the created AP wired interface profile, set parameters, and click Apply, as shown in Figure 10-93. Use the same method to configure wired2, wired3, and wired4, as shown in Figure 10-94, Figure 10-95, and Figure 10-96.
        Figure 10-93  Configuring wired1

        Figure 10-94  Configuring wired2

        Figure 10-95  Configuring wired3

        Figure 10-96  Configuring wired4

      2. Choose Configuration > Wireless Services > AP Config > AP Info, and click an AP ID to access the AP Customized Settings page. Choose AP > AP Wired Port Settings, click an interface in AP Wired Port Configuration List to access the page for binding an AP wired port profile. Select the wired port profile to bind and click OK. Figure 10-97, Figure 10-98, Figure 10-99, and Figure 10-100 show the configuration results.
        Figure 10-97  Binding an AP wired port profile to ap-id 101

        Figure 10-98  Binding an AP wired port profile to ap-id 102

        Figure 10-99  Binding an AP wired port profile to ap-id 201

        Figure 10-100  Binding an AP wired port profile to ap-id 202

  7. Configure WLAN service parameters.

    • Create an RRM profile rrm1.
      Choose Configuration > Wireless Services > Profile > Radio Management > RRM Profile to access the RRM Profile List page. Click Create to access the Create RRM Profile page. Set Profile name to rrm1 and click OK. On the RRM profile rrm1 configuration page that is displayed, click Apply, as shown in Figure 10-101.
      Figure 10-101  Creating an RRM profile rrm1

    • Create a radio profile and bind it to the RRM profile rrm1.
      1. Choose Configuration > Wireless Services > Profile > Radio Management > 2G Radio Profile to access the 2G Radio Profile List page. Click Create to access the Create 2G Radio Profile page. Set Profile name to radio-2g and click OK, as shown in Figure 10-102.
        Figure 10-102  Creating radio profile radio-2g

      2. Choose Configuration > Wireless Services > Profile > Radio Management > 5G Radio Profile to access the 5G Radio Profile List page. Click Create to access the Create 5G Radio Profile page. Set Profile name to radio-5g and click OK, as shown in Figure 10-103.
        Figure 10-103  Creating radio profile radio-5g

      3. Choose Configuration > Wireless Services > Profile > Radio Management > 2G Radio Profile > radio-2g > RRM Profile, and set RRM Profile to rrm1, as shown in Figure 10-104. Click Apply. Use the same method to bind the RRM profile rrm1 to the 5G radio profile radio-5g, as shown in Figure 10-105.
        Figure 10-104  Binding the RRM profile rrm1 to the 2G radio profile radio-2g

        Figure 10-105  Binding the RRM profile rrm1 to the 5G radio profile radio-5g

    • Creating a security profile
      Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile, click Create, set Profile name to wlan-security, and configure this security profile, as shown in Figure 10-106. Click Apply.
      Figure 10-106  Creating security profile wlan-security

    • Create an SSID profile.
      Choose Configuration > Wireless Services > Profile > Wireless Service > SSID Profile, click Create, set Profile name to wlan-ssid, and configure this SSID profile, as shown in Figure 10-107. Click Apply.
      Figure 10-107  Creating SSID profile wlan-ssid

    • Create a traffic profile.
      Choose Configuration > Wireless Services > Profile > Wireless Service > Traffic Profile, click Create, set Profile name to traffic1, and configure this traffic profile, as shown in Figure 10-108. Click Apply.
      Figure 10-108  Creating traffic profile traffic1

    • Create a VAP profile.
      1. Choose Configuration > Wireless Services > Profile > Wireless Service > VAP Profile, click Create, set Profile name to wlan-vap1, and configure this VAP profile, as shown in Figure 10-109. Click Apply. Use the same method to create a VAP profile wlan-vap2, as shown in Figure 10-110.
        Figure 10-109  Creating VAP profile wlan-vap1

        Figure 10-110  Creating VAP profile wlan-vap2

      2. Choose Configuration > Wireless Services > Profile > Wireless Service > VAP Profile > wlan-vap1 > SSID Profile, set SSID Profile to wlan-ssid, and click Apply, as shown in Figure 10-111. The SSID profile is bound successfully.
        Figure 10-111  Binding an SSID profile

      3. Use the same method to bind the security profile, traffic profile, and authentication profile to VAP profiles, as shown in Figure 10-112.
        Figure 10-112  Configuration of VAP profiles

    • Bind VAP profiles and a radio profile to AP groups.
      1. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP Customized Settings page. Click VAP Configuration, click Add on the right, set parameters, and click Apply, as shown in Figure 10-113. Use the same method to bind VAP profiles to ap-group2, as shown in Figure 10-114.
        Figure 10-113  Binding a VAP profile to ap-group1

        Figure 10-114  Binding a VAP profile to ap-group2

      2. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP Customized Settings page. Choose Radio Management > Radio 0 > 2G Radio Profile, and select profiles in the 2G Radio Profile text box, as shown in Figure 10-115. Click Apply to complete the configuration of the 2G radio profile.
        Figure 10-115  Binding a 2G radio profile to ap-group1

      3. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP Customized Settings page. Choose Radio Management > Radio 1 > 5G Radio Profile, and select profiles in the 5G Radio Profile text box, as shown in Figure 10-116. Click Apply to complete the configuration of the 5G radio profile.
        Figure 10-116  Binding a 5G radio profile to ap-group1

      4. Use the same method to bind 2G and 5G radio profiles to ap-group2, as shown in Figure 10-117.
        Figure 10-117  Binding radio profiles to ap-group2

  8. Configure a VAP.

    1. Choose Configuration > Wireless Services > AP Config > AP Info, and click 101 to access the AP Customized Settings page. Choose Radio Management > Radio 0, set parameters, and click Apply, as shown in Figure 10-118. The VAP configuration is complete.
      Figure 10-118  Configuring a VAP

    2. Use the same method to configure VAPs for APs 102, 103, 201, 202, and 203, as shown in Figure 10-119.
      Figure 10-119  Configuring VAPs













Operation Result

  1. Choose Monitoring > Wireless Service > SSID > VAP, and view VAP information, as shown in Figure 10-120.
    Figure 10-120  VAP list

  2. When a STA detects and associates with the wireless network hospital-wlan successfully, the STA is assigned an IP address. Enter the password to access the wireless network. Choose Monitoring > User > Wireless User Statistics, and view STA information, as shown in Figure 10-121.
    Figure 10-121  STA list

  3. STAs and PCs obtain IP addresses and connect to the network properly.
Translation
Download
Updated: 2019-10-17

Document ID: EDOC1000178323

Views: 84200

Downloads: 112

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next