No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN V200R008C10 Typical Configuration Examples

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring STAs on the Fat AP to Access the Public Network Through NAT

Example for Configuring STAs on the Fat AP to Access the Public Network Through NAT

Networking Requirements

As shown in Figure 4-10, a Fat AP is connected to the Internet in wired mode and connected to STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for mobile office so that enterprise employees can access the enterprise internal network anywhere, anytime. The administrator wants enterprise employees to access the public network using public IP addresses.

The requirements are as follows:
  • A WLAN named wlan-net is available.
  • Enterprise employees are assigned IP addresses on 10.23.101.0/24. These IP addresses are translated to the IP address of the Fat AP outbound interface using Easy-IP for employees to access the public network.
Figure 4-10 Networking diagram for configuring STAs to access the public network through NAT

Data planning

Item Data

Service VLAN for STAs

VLAN 101

DHCP server

The AP functions as a DHCP server to assign IP addresses to STAs.

IP address pool for STAs

10.23.101.2 to 10.23.101.254/24

SSID profile

  • Name: wlan-net

  • SSID name: wlan-net

Security profile

  • Name: wlan-net

  • Security policy: WPA-WPA2+PSK+AES

  • Password: a1234567

VAP profile

  • Name: wlan-net

  • Service VLAN: VLAN 101

  • Referenced profiles: SSID profile wlan-net and security profile wlan-net

NAT Outbound

The private IP address segment 10.23.101.0/24 is mapped to the public IP address 1.1.1.1.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the AP as a DHCP server to assign IP addresses to STAs from an IP address pool on an interface.
  2. Configure the AP's system parameters, including the country code.
  3. Configure a VAP so that STAs can access the WLAN.
  4. Configure NAT so that STAs can access the public network using public IP addresses.
NOTE:

You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the upstream device after services are configured and saved.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression on switch interfaces connected to APs to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected. For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.

Procedure

  1. Configure the AP to communicate with the network devices.

    # On the AP, create VLANIF 200, set its IP address to 1.1.1.1/24, and add GE0/0/0 to VLAN 200.
    <Huawei> system-view
    [Huawei] sysname AP
    [AP] vlan batch 200
    [AP] interface vlanif 200
    [AP-Vlanif200] ip address 1.1.1.1 24
    [AP-Vlanif200] quit
    [AP] interface gigabitethernet 0/0/0
    [AP-GigabitEthernet0/0/0] port link-type trunk
    [AP-GigabitEthernet0/0/0] port trunk allow-pass vlan 200
    [AP-GigabitEthernet0/0/0] port trunk pvid vlan 200
    [AP-GigabitEthernet0/0/0] quit
    
    NOTE:

    If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network interruption. In this case, you need to change the PC's IP address to 1.1.1.x and access the AP's new IP address 1.1.1.1 to log in to the AP again for further operations.

    # Configure a default route. The following assumes that the public IP address of the peer end is 1.1.1.2/24.
    [AP] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
    

  2. Configure the DHCP server to assign IP addresses to STAs.

    # Configure the AP as a DHCP server to assign IP addresses to STAs from the IP address pool on VLANIF 101.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    [AP] dhcp enable
    [AP] vlan batch 101
    [AP] interface vlanif 101
    [AP-Vlanif101] ip address 10.23.101.1 24
    [AP-Vlanif101] dhcp select interface
    [AP-Vlanif101] quit
    

  3. Configure the AP's system parameters.

    # Configure the country code for the AP.

    [AP] wlan
    [AP-wlan-view] country-code cn
    

  4. Configure WLAN service parameters.

    # Create security profile wlan-net and set the security policy in the profile.
    NOTE:

    In this example, the security policy is set to WPA-WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

    [AP-wlan-view] security-profile name wlan-net
    [AP-wlan-sec-prof-wlan-net] security wpa2 psk pass-phrase a1234567 aes
    [AP-wlan-sec-prof-wlan-net] quit
    

    # Create SSID profile wlan-net and set the SSID name to wlan-net.

    [AP-wlan-view] ssid-profile name wlan-net
    [AP-wlan-ssid-prof-wlan-net] ssid wlan-net
    [AP-wlan-ssid-prof-wlan-net] quit
    

    # Create VAP profile wlan-net, set the service VLAN, and apply the security profile and SSID profile to the VAP profile.

    [AP-wlan-view] vap-profile name wlan-net
    [AP-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
    [AP-wlan-vap-prof-wlan-net] security-profile wlan-net
    [AP-wlan-vap-prof-wlan-net] ssid-profile wlan-net
    [AP-wlan-vap-prof-wlan-net] quit
    

  5. Configure radio parameters for the VAP and AP.

    NOTE:

    Automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these two functions are disabled. The settings of the AP channel and power in this example are for reference only. You need to configure the AP channel and power based on the actual country code and network planning.

    # Disable automatic channel and power calibration functions of the radio, and configure the channel and power for the radio.
    [AP-wlan-view] quit
    [AP] interface wlan-radio0/0/0
    [AP-Wlan-Radio0/0/0] vap-profile wlan-net wlan 2
    [AP-Wlan-Radio0/0/0] calibrate auto-channel-select disable
    [AP-Wlan-Radio0/0/0] calibrate auto-txpower-select disable
    [AP-Wlan-Radio0/0/0] channel 20mhz 6
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-Wlan-Radio0/0/0] eirp 127
    [AP-Wlan-Radio0/0/0] quit
    [AP] interface wlan-radio0/0/1
    [AP-Wlan-Radio0/0/1] vap-profile wlan-net wlan 2
    [AP-Wlan-Radio0/0/1] calibrate auto-channel-select disable
    [AP-Wlan-Radio0/0/1] calibrate auto-txpower-select disable
    [AP-Wlan-Radio0/0/1] channel 20mhz 149
    Warning: This action may cause service interruption. Continue?[Y/N]y
    [AP-Wlan-Radio0/0/1] eirp 127
    [AP-Wlan-Radio0/0/1] quit
    

  6. Configure the NAT function.

    # Configure NAT outbound on the AP.
    [AP] acl 2000
    [AP-acl-basic-2000] rule 5 permit source 10.23.101.0 0.0.0.255
    [AP-acl-basic-2000] quit
    [AP] interface vlanif 200
    [AP-Vlanif200] nat outbound 2000
    [AP-Vlanif200] quit
    [AP] quit
    

  7. Verify the configuration.

    # The configuration automatically takes effect after it is completed. Run the display vap ssid wlan-net command. If Status in the command output is displayed as ON, the VAP has been successfully created on the AP radios.

    <AP> display vap ssid wlan-net
    WID : WLAN ID
    -----------------------------------------------------------------------------------------
    AP MAC         RfID WID    BSSID          Status  Auth type        STA   SSID
    -----------------------------------------------------------------------------------------
    00bc-da3f-e900 0    2      00BC-DA3F-E901 ON      WPA/WPA2-PSK     0     wlan-net
    00bc-da3f-e900 1    2      00BC-DA3F-E911 ON      WPA/WPA2-PSK     0     wlan-net
    -----------------------------------------------------------------------------------------
    Total: 2

    Connect STAs to the WLAN with SSID wlan-net and enter the password a1234567. Run the display station ssid wlan-net command on the AC. The command output shows that the STAs are connected to the WLAN wlan-net.

    <AP> display station all
    Rf/WLAN: Radio ID/WLAN ID
    Rx/Tx: link receive rate/link transmit rate(Mbps)
    -----------------------------------------------------------------------------------------------------
    STA MAC          Ap name        Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address    SSID
    -----------------------------------------------------------------------------------------------------
    14cf-9202-13dc   00bc-da3f-e900 0/2      2.4G  11n   19/13      -63   101   10.23.101.254 wlan-net
    -----------------------------------------------------------------------------------------------------
    Total: 1 2.4G: 1 5G: 0
    # Run the display nat outbound command on the AP to check the IP address translation result.
    <AP> display nat outbound
     NAT Outbound Information:                                                      
     --------------------------------------------------------------------------------
     Interface                     Acl     Address-group/IP/Interface      Type     
     --------------------------------------------------------------------------------
     Vlanif200                    2000                              1      no-pat 
     --------------------------------------------------------------------------------
      Total : 1     
    # Run the ping command on the AP to verify that STAs on the private network can access the public network.
    <AP> ping -a 10.23.101.1 1.1.1.2
      PING 1.1.1.2: 56 data bytes, press CTRL_C to break                         
        Reply from 1.1.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms                
        Reply from 1.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms                
        Reply from 1.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms                
        Reply from 1.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms                
        Reply from 1.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms                
    -- 1.1.1.2 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/2 ms 

Configuration Files

  • AP configuration file

    #
     sysname AP
    #
    vlan batch 101 200
    #
    dhcp enable
    #
    acl number 2000
     rule 5 permit source 10.23.101.0 0.0.0.255
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
    #
    interface Vlanif200
     ip address 1.1.1.1 255.255.255.0
     nat outbound 2000
    #
    interface GigabitEthernet0/0/0
     port link-type trunk
     port trunk pvid vlan 200
     port trunk allow-pass vlan 200
    #
    ip route-static 0.0.0.0 0.0.0.0 1.1.1.2
    #
    wlan
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#(yk#Q+M[\CMK]1)AWMX7MjZ)=e`fy@fA+.J\ht3Y%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
    #
    interface Wlan-Radio0/0/0
     vap-profile wlan-net wlan 2
     channel 20mhz 6
     calibrate auto-channel-select disable
     calibrate auto-txpower-select disable
    #
    interface Wlan-Radio0/0/1
     vap-profile wlan-net wlan 2
     channel 20mhz 149
     calibrate auto-channel-select disable
     calibrate auto-txpower-select disable
    #
    return
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000184389

Views: 94331

Downloads: 544

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next