No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


WLAN V200R008C10 Typical Configuration Examples

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Built-in Portal WeChat Authentication

Example for Configuring Built-in Portal WeChat Authentication

Networking Requirements

As shown in Figure 5-37, the AC of a shop directly connects to an AP. The shop deploys a WLAN wlan-net to provide wireless network access for consumers. The AC functions as a DHCP server to assign IP addresses on the network segment to wireless users.

To improve its brand popularity and image, the shop allows consumers to connect to the open Wi-Fi network using WeChat. Users can obtain access to the Internet by WeChat authentication, without the need to enter a user name or password.

Figure 5-37 Networking diagram for configuring WeChat authentication using a built-in Portal server

Data Planning



Portal access profile
  • Name: wlan-net
  • The built-in Portal server is used.
    • IP address of the built-in portal server:
    • HTTP port number: 1025
WeChat authentication profile
  • WeChat public account ID: wxappid123
  • WeChat public account key: huawei@123
  • The AC automatically obtains shop information from the WeChat server. Parameter settings of the WeChat server are:
    • Default domain name:
    • SSL policy name : default_policy
    • Default port number: 443
DNS server IP address:
Authentication-free rule profile
  • Name:default_free_rule
  • Authentication-free resource: IP address of the DNS server (
Authentication profile
  • Name: wlan-net
  • Bound profile and authentication scheme: Portal access profile wlan-net and authentication scheme wlan-net
DHCP server The central AP functions as a DHCP server to assign IP addresses to the RU and STAs.
IP address pool for the AP to
IP address pool for STAs to
AC's source interface VLANIF100:
AP group
  • Name: ap-group1
  • Bound profiles: VAP profile wlan-net and regulatory domain profile wlan-net
Regulatory domain profile
  • Name: wlan-net
  • Country code: CN
SSID profile
  • Name: wlan-net
  • SSID name: wlan-net
Security profile
  • Name: wlan-net
  • Security policy: open system authentication
VAP profile
  • Name: wlan-net
  • Forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 101
  • Bound profiles: SSID profile wlan-net, security profile wlan-net, and authentication profile wlan-net

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure network interworking of the AC, APs, and other network devices.
  2. Select Config Wizard to configure system parameters for the AC.
  3. Select Config Wizard to configure the APs to go online on the AC.
  4. Select Config Wizard to configure WLAN services on the AC. Configure WeChat authentication to authenticate WeChat users.
  5. Complete user service verification.


  1. Configure AC system parameters.
    1. Configure AC basic parameters.

      Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.

      # Set Country/Region as required (China as an example). Set System Time to Manual and Date and time to PC Time.

      # Click Next. The Port Configuration page is displayed.

    2. Configure ports.

      # Select GigabitEthernet0/0/1. Expand Batch Modify. Set Interface type to Trunk and Default VLAN to 100, and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN).

      # Click Apply.

      # Select GigabitEthernet0/0/2. Expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/2 to VLAN 101 (service VLAN).

      # Click Apply.

      # Click Next. The Network Interconnection page is displayed.

    3. Configure network interconnection.

      # Under Interface Configuration, click Create. The Create Interface Configuration page is displayed.

      # Set the IP address of VLANIF 100 to, DHCP status to ON, and DHCP type to Interface address pool.

      # Click OK.

      # Configure the address pool for VLANIF 101 in the similar way. Set the IP address of VLANIF 101 to, DHCP status to ON, DHCP type to Interface address pool, and Primary DNS serve to

      # Under Static Route Table, click Create. The Create Static Route Table page is displayed.

      # Set the destination IP address to and Next hop address to (assuming that the IP address of the uplink device is

      # Click OK.

      # Click Next.

      # Click Next. The AC Source Address page is displayed.

    4. Configure the AC source address.

      # Set AC source address to VLANIF. Click the button and select Vlanif100.

      # Click Next. The Confirm Settings page is displayed.

    5. Confirm the configuration.

      # Confirm the configuration and click Continue With AP Online.

  2. Configure an AP to go online.
    1. Configure the AP to go online.

      # Click Batch Import. The Batch Import page is displayed. Click and download the AP template file to your local PC.

      # Fill in the AP template file with AP information according to the following example. To add multiple APs, fill in the file with information about the APs.
      • AP MAC address: 60de-4476-e360
      • AP SN: 210235419610CB002287
      • AP name: area_1
      • AP group: ap-group1
      • If you set AP authentication to MAC address authentication, the AP MAC address is mandatory but the AP SN is optional.
      • If you set AP authentication to SN authentication, the AP SN is mandatory but the AP MAC address is optional.

      You are advised to export the radio ID, AP channel, frequency bandwidth, and power planned on WLAN Planner to a .csv file, and then enter them in the AP template file. Set the longitude and latitude as required.

      # Click next to Import AP file, select the AP template file, and click Import.

      # On the page that displays the template import result, click OK.

      # Click Next. The Group APs page is displayed.

      # AP group information has been added in the AP template file. Click Next. The Confirm Configuration page is displayed.

    2. Confirm the configuration.

      # Confirm the configuration and click Continue With Wireless Service Configuration.

  3. Configure wireless services.

    # Click Create. The Basic Information page is displayed.

    # Set the SSID name, forwarding mode, and service VLAN ID.

    # Click Next. The Security Authentication page is displayed.

    # Select WeChat. Set Server IP address to and Port number to 1025. Configure the WeChat official account as follows:
    • APP ID: wxappid123
    • APP key: huawei@123

    # Click Next. The Access Control page is displayed.

    # Set Binding the AP group to ap-group1.

    # Click Finish.

  4. Configure the social media authentication server. For details, see Agile Controller-Campus Product Documentation - Example for Configuring Guest Access Using Social Media Accounts (GooglePlus, Facebook, or Twitter Accounts).
  5. Configure network resources accessible to authentication-free users.

    1. Choose Configuration > AP Config > Profile.The Profile Management page is displayed.
    2. Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile > Authentication-free Rule Profile. The Authentication-free Rule Profile page is displayed.
    3. Set Authentication-free Rule Profile to default_free_rule.
    4. Select Authentication-free Rule in Control mode.
    5. Click Create. On the Create Authentication-free Rule page that is displayed, set Rule ID to 1 and the authentication-free resource to the IP address of the DNS server.

    6. Click OK.
    7. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that is displayed, click OK.

  6. Verify the configuration.

    • After the configuration is complete, STAs can discover the wireless network with the SSID wlan-net.

    • STAs can be assigned IP addresses after they associate with the wireless network.

    • When a user opens WeChat, the Portal authentication page is displayed automatically on the STA. After the user can be authenticated, the user can connect to the Internet.

Updated: 2019-03-30

Document ID: EDOC1000184389

Views: 90712

Downloads: 460

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next