No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN V200R008C10 Typical Configuration Examples

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring ACL-based Packet Filtering

Example for Configuring ACL-based Packet Filtering

Networking Requirements

Enterprise users can access the network through WLANs, which is the basic requirement of mobile office. Furthermore, users' services are not affected during roaming in the coverage area.

To control network traffic, the administrator requires that packets with source IP address 10.23.101.10 and destination IP address 10.23.101.11 be forbidden to pass.

Figure 5-65 Networking for configuring ACL-based packet filtering

Data Planning

Table 5-72 AC data planning

Item

Data

AP group
  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-net
VAP profile
  • Name: wlan-net
  • Referenced profiles: traffic profile wlan-traffic

Traffic profile

  • Name: wlan-traffic

  • Configuration of ACL-based IPv4 packet filtering

Configuration Roadmap

  1. Configure ACL-based packet filtering in a traffic profile.

Configuration Notes

  • No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
    • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
    • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
    For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
  • Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

  • In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

  1. Configure ACL-based packet filtering.
    1. Create ACL 3001 and forbid packets with source IP address 10.23.101.10 and destination IPv4 address 10.23.101.11 to pass.

      # Choose Configuration > Security > ACL > Advanced ACL Settings. The Advanced ACL Settings page is displayed.

      # Click Create. In the Create Advanced ACL dialog box that is displayed, set the ACL name to ACL3001 and ACL number to 3001. Click OK.

      # Click Add Rule in the new ACL.



      # Click OK.

    2. Create traffic profile wlan-traffic and apply the ACL to it.

      # Choose Configuration > AP Config > AP Group > AP Group.

      # In the AP group list, click ap-group1. Click in front of VAP Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic Profile page is displayed.

      # Click Create. The Create Traffic Profile page is displayed.

      # Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter setting page of the new traffic profile is displayed.

      # Expand Packet Filtering. In Inbound ACL, click Add. Set Packet Filtering Type to IPv4 and ACL used to filter incoming packets to ACL3001. Click to save the settings.



      # Click Apply. In the Info dialog box that is displayed, click OK.

  2. Verify the configuration.
    1. Packets with the source IP address of 10.23.101.10 and destination IP address of 10.23.101.11 are forbidden to pass, achieving network traffic control.
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000184389

Views: 90643

Downloads: 458

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next