No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - WLAN-AC

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the concepts, configuration procedures, and configuration examples of WLAN-AC features.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring AP System Management

Configuring AP System Management

Configuring AP Indicators

Context

Different states of AP indicators reflect different meanings, thereby facilitating installation and management. Configuring meanings reflected by blinking of the Wireless indicator on APs helps installation personnel to know the current signal strength or traffic status in real time. However, blinking indicators of indoor APs deployed in hospitals and hotels may affect people's nighttime rest. Therefore, you can turn off AP indicators after APs are installed and run properly.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan ac

    The WLAN view is displayed.

  3. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  4. Run led off

    The AP indicators are turned off.

    By default, the AP indicators are allowed to turn on.

  5. Run quit

    Return to the WLAN view.

  6. Run radio-2g-profile name profile-name or radio-5g-profile name profile-name

    A 2G or 5G radio profile is created and the radio profile view is displayed.

    By default, the system provides the 2G radio profile default and 5G radio profile default.

  7. Run wifi-light { signal-strength | traffic }

    The information reflected by the blinking frequency of the Wireless indicator on an AP is configured.

    By default,
    • If WDS is enabled on an AP, the blinking frequency of the Wireless LED reflects the strength of signals received from a WDS AP.
      • If the AP works in leaf mode, the blinking frequency of the Wireless LED reflects the strength of signals received from a middle AP.
      • If the AP works in middle mode, the blinking frequency of the Wireless LED reflects the strength of signals received from a root AP.
      • If the AP works in root mode, the blinking frequency of the Wireless LED reflects the weakest signal strength of middle APs.
    • If the WDS functions are disabled on an AP, the blinking frequency of the Wireless LED reflects the service traffic volume on the radio.

    On a WDS network, you need to adjust AP locations and antenna directions to obtain strong signals between WDS-capable APs. The blinking frequency of the Wireless LED shows the signal strength.

    NOTE:

    This command takes effect only when the AP has the WDS function enabled. If the WDS functions are disabled on the AP, the Wireless LED always shows service traffic volume.

    Only APs having Wireless LEDs support this command.

  8. Run quit

    Return to the WLAN view.

  9. Bind an AP system profile and a radio profile to an AP group or AP.

    • Binding an AP system profile and a radio profile to an AP group
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

      3. Run the radio-2g-profile profile-name { radio { radio-id | all } } or radio-5g-profile profile-name { radio { id | all } } command to bind the radio profile to the radio.

        By default, the 2G radio profile default is bound to the 2G radio, and the 5G radio profile default is bound to the 5G radio.

    • Bind an AP system profile and a radio profile to an AP
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

      3. Run the radio-2g-profile profile-name { radio { radio-id | all } } or radio-5g-profile profile-name { radio { id | all } } command to bind the radio profile to the radio.

        By default, the 2G radio profile default is bound to the 2G radio, and the 5G radio profile default is bound to the 5G radio.

  10. Run quit

    Return to the WLAN view.

  11. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Configuring a Management VLAN on an AP

Context

Generally, the PVID of the access device interface to which an AP directly connects is configured as the management VLAN ID. For details, see Configuration Precautions for Basic WLAN Services. Management packets sent by the AP are then transmitted on CAPWAP tunnels. When the packets arrive at the access device, the access device adds the PVID to the packets as their VLAN tags. If the PVID of the access device has been used as the default VLAN tag of wired users, the PVID cannot be configured as the management VLAN ID on the access device interface. In this case, configure a management VLAN on the AP. The AP then encapsulates the control packets sent to the AC in CAPWAP packets and adds the management VLAN ID to the packets as their VLAN tags. You only need to configure the access device to allow only the packets carrying the management VLAN ID to pass.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan ac

    The WLAN view is displayed.

  3. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  4. Run management-vlan vlan-id

    A management VLAN is configured for an AP.

    By default, no management VLAN is configured for an AP.

    NOTE:

    The configuration takes effect only after the AP is restarted.

  5. Run quit

    Return to the WLAN view.

  6. Bind an AP system profile to an AP group or AP.

    • Binding an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

    • Binding an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

  7. Run quit

    Return to the WLAN view.

  8. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Configuring the Alarm Function on an AP

Context

  • You can configure alarm thresholds on an AP to monitor the AP in real time. When the configured thresholds are exceeded, the AP generates alarms or logs to notify the AC of AP status.

    The default alarm thresholds are recommended.

  • If a STA cannot go online due to security type mismatch, UAC, or access user upper limit exceeding, the STA will automatically re-connect to the AP. During this period, the AP sends a large number of STA association failure alarms to the AC, which degrades the system performance.

    To solve this problem, enable alarm suppression for the AP. The AP then does not report alarms repeatedly in the alarm suppression period, preventing alarm storms.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan ac

    The WLAN view is displayed.

  3. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  4. Run cpu-usage threshold threshold

    A CPU usage alarm threshold is configured for an AP.

    By default, the CPU usage alarm threshold of APs is 90.

  5. Run memory-usage threshold threshold

    A memory usage alarm threshold is configured for an AP.

    By default, the memory usage alarm threshold on an AP is 80.

  6. Run high-temperature threshold threshold-value

    A high temperature alarm threshold is configured for an AP.

    Table 4-7  Default upper temperature alarm threshold for APs

    AP Model

    Default Value (°C)

    AP5030DN/AP5130DN

    87

    AP6010SN-GN

    85

    AP6010DN-AGN

    102

    AP6310SN-GN

    94

    AP6510DN-AGN

    88

    AP6510DN-AGN-US

    81

    AP6610DN-AGN

    104

    AP6610DN-AGN-US

    100

    AP7110SN

    76

    AP7110DN

    89

    AP7030DE/AP8030DN/AP8130DN/AP9330DN

    83

    AP9131DN

    84

    NOTE:

    The AP2010DN, AP2030DN, AP3010DN-AGN, AP5010SN-GN, AP5010DN-AGN, AP4030DN and AP4130DN do not support this command.

  7. Run low-temperature threshold threshold-value

    A low temperature alarm threshold is configured for an AP.

    Table 4-8  Default lower temperature alarm threshold for APs

    AP Model

    Default Value (°C)

    AP6010SN-GN/AP6010DN-AGN/AP6310SN-GN/AP7110DN-AGN/AP7110SN-GN/AP9330DN

    -13

    AP6510DN-AGN/AP6610DN-AGN/AP6510DN-AGN-US/AP6610DN-AGN-US/AP8030DN/AP8130DN/AP9131DN

    -43

    AP5030DN/AP5130DN

    -28

    AP7030DE

    -23

    NOTE:

    The AP2010DN, AP2030DN, AP3010DN-AGN, AP5010SN-GN, AP5010DN-AGN, AP4030DN and AP4130DN do not support this command.

  8. Configure the alarm suppression function on an AP.
    1. Run the alarm-restriction period period command to configure the alarm suppression period on the AP.

      The default alarm suppression period is 60 seconds on an AP.

    2. Run the undo alarm-restriction disable command to enable the alarm suppression function on an AP.

      By default, alarm suppression is enabled for an AP.

  9. Run quit

    Return to the WLAN view.

  10. Bind an AP system profile to an AP group or AP.

    • Binding an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

    • Binding an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

  11. Run quit

    Return to the WLAN view.

  12. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Configuring the Log Backup and Log Suppression Functions on an AP

Context

  • Logs record user operations and system running information. After logs are backed up to a server, network administrators can summarize and analyze AP logs to learn about the operations performed on APs for fault location.

    The device supports automatic log backup. After automatic log backup is configured, logs generated by an AP are automatically sent to the log server.

  • If a STA keeps attempting to connect to an AP because of signal interference or instability, the AP sends a large number of duplicate login and logoff logs to the AC in a short period, causing a huge waste of resources.

    To address this problem, enable log suppression. The AP sends only one log about a user to the AC within the log suppression period.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run access-user syslog-restrain period period

    The period of system log suppression is configured.

    By default, the period of system log suppression is 300s.

  3. Run access-user syslog-restrain enable

    The system log suppression function is enabled.

    By default, system log suppression is enabled.

  4. Run wlan ac

    The WLAN view is displayed.

  5. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  6. Run log-server ip-address server-ip-address

    A log server IP address is configured, and log backup is enabled.

    By default, the log server IP address is not configured in an AP system profile and log backup is disabled on an AP.

  7. Run quit

    Return to the WLAN view.

  8. Bind an AP system profile to an AP group or AP.

    • Binding an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

    • Binding an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

  9. Run quit

    Return to the WLAN view.

  10. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Configuring LLDP on an AP

Context

The Link Layer Discovery Protocol (LLDP) helps the NMS obtain detailed Layer 2 information, such as the network topology, device interface status, and management address.

After LLDP is configured on an AP, the AP can send LLDP packets carrying local system status information to directly connected neighbors and parse LLDP packets received from neighbors. After the AP discovers a neighbor, the AP sends neighbor information to the AC. The NMS then obtains AP's LLDP information from the AC to learn about the network topology.

To enable an AP to discover neighbors, enable LLDP on the AP and access device to which the AP directly connects.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan ac

    The WLAN view is displayed.

  3. Run ap lldp enable

    LLDP is enabled in the WLAN view.

    By default, LLDP is disabled in the WLAN view.

    NOTE:

    An AP can send and receive LLDP packets only after LLDP is enabled in both the WLAN view and the AP wired port link profile view.

  4. (Optional) Configure LLDP in the AP wired port link profile view.
    1. Run the port-link-profile name profile-name command to create an AP wired port link profile and enter the AP wired port link profile view.

      By default, the system provides the AP wired port link profile default.

    2. Run the lldp enable command to enable LLDP on an AP wired port.

      By default, LLDP is enabled on AP wired interfaces.

      NOTE:

      An AP can send and receive LLDP packets only after LLDP is enabled in both the WLAN view and the AP wired port link profile view.

    3. Run the lldp tlv-enable basic-tlv { all | management-address | port-description | system-capability | system-description | system-name } command to specify the types of TLVs that can be advertised from an AP's wired port.

      By default, an AP wired interface advertises all types of TLVs.

    4. Run the quit to return to the WLAN view.
    5. Run the wired-port-profile name profile-name command to create an AP wired port profile and enter the AP wired port profile view.

      By default, the system provides the AP wired port profile default.

    6. Run the port-link-profile profile-name command to bind the AP wired port link profile to an AP wired port profile.

      By default, the AP wired port link profile default is bound to an AP wired port profile.

    7. Run the quit to return to the WLAN view.
  5. Configure LLDP in the WLAN view.
    1. Run the ap-system-profile name profile-name command to create an AP system profile and enter the AP system profile view.

      By default, the system provides the AP system profile default.

    2. Run the lldp admin-status { rx | tx | txrx } command to configure the LLDP mode on the AP.

      By default, the LLDP operation mode of an AP is TxRx.

    3. (Optional) Run lldp report-interval interval-time

      The interval at which the AP reports neighbor information to an AC is configured.

      By default, an AP reports LLDP neighbor information to an AC at an interval of 30 seconds.

    4. (Optional) Run lldp restart-delay delay-time

      The delay in re-enabling LLDP on the AP is configured.

      By default, the delay in re-enabling LLDP on an AP is 2 seconds.

    5. (Optional) Run lldp message-transmission interval interval

      The interval at which the AP sends LLDP packets to neighbors is configured.

      The default LLDP packet transmission interval is 30 seconds.

    6. (Optional) Run lldp message-transmission delay delay

      The delay in sending LLDP packets to neighbors on the AP is configured.

      The default LLDP packet transmission delay is 2 seconds.

    7. (Optional) Run lldp message-transmission hold-multiplier hold

      The hold time multiplier of AP information on neighbors is configured.

      The default hold time multiplier is 4.

    8. Run the quit to return to the WLAN view.
  6. Bind the AP system profile and AP wired port profile to an AP group or AP.

    • Binding the AP system profile and AP wired port profile to an AP group
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

      3. Run the wired-port-profile profile-name interface-type interface-number command to bind the AP wired port profile to the AP group.

        By default, the AP wired port profile default is bound to an AP group.

    • Binding the AP system profile and AP wired port profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

      3. Run the wired-port-profile profile-name interface-type interface-number command to bind the AP wired port profile to the AP.

        By default, no AP wired port profile is bound to an AP.

  7. Run quit

    Return to the WLAN view.

  8. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Configuring Service Holding upon CAPWAP Link Disconnection

Context

To mitigate impact of link disconnections on users in direct forwarding mode and improve service reliability, you can configure the function of service holding upon CAPWAP link disconnection. After the disconnected CAPWAP link is restored, the AP forces all online STAs to go offline and reassociate with the AP and reports information about the STAs through logs.

NOTE:
  • Service holding upon CAPWAP link disconnection is only applicable to the direct forwarding mode.

  • WDS networks do not support service holding upon CAPWAP link disconnection.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan ac

    The WLAN view is displayed.

  3. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  4. Run keep-service enable

    Service holding upon CAPWAP link disconnection is enabled. After that, the AP can still provide data services when the CAPWAP link is disconnected.

    By default, all services on the AP are interrupted after the CAPWAP link between the AP and AC is disconnected.

  5. Run keep-service enable allow new-access

    User access upon CAPWAP link disconnection is enabled. After that, the AP can still allow new users to access when the CAPWAP link is disconnected.

    By default, the APs in fault state are disabled from allowing access of new STAs.

  6. Run quit

    Return to the WLAN view.

  7. Bind an AP system profile to an AP group or AP.

    • Binding an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

    • Binding an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

  8. Run quit

    Return to the WLAN view.

  9. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Optimizing AP System Profile Parameters

Context

This task is to configure an AP to directly respond to association requests of STAs and configure the MTU of Ethernet port in the AP system profile and the Extensible Authentication Protocol (EAP) packet conversion function.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan ac

    The WLAN view is displayed.

  3. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  4. Run mtu mtu-value

    The MTU of Ethernet ports is configured in an AP system profile.

    The default the MTU of Ethernet ports in an AP system profile is 1500 bytes.

    The size of data packets is limited at the network layer. When a network layer device receives an IP packet, it determines the outbound interface and obtains the MTU configured on the interface. The device then compares the MTU with the IP packet length. If the IP packet length is longer than the MTU, the device fragments the IP packet. Each fragment has the smaller or equal size as the MTU.

    NOTE:

    If the MTU value is smaller than the DHCP packet length, the AP may be disconnected. In this case, restart the AP.

  5. Configure EAP packet conversion.

    Different vendors use different methods to encapsulate EAP packets in broadcast, multicast, or unicast packets. In 802.1X authentication, when an AP sends EAPOL-Start and EAPOL-Response packets to an AC, the method that the AP uses to encapsulate the two types of packets must be the same as the method that the access device directly connected to the AC uses. Otherwise, the two types of packets cannot be processed by the access device directly connected to the AP. Consequently, the user cannot pass 802.1X authentication.

    1. Run the eapol-start dest-address transform-condition { always | equal-bssid } command to specify EAPOL-Start packets to be encapsulated.

      By default, an AP encapsulates only the EAPOL-Start packets with the destination MAC addresses being the AP's BSSID.

    2. Run the eapol-start dest-address transform-to { broadcast | multicast | mac mac-address } command to configure the AP to encapsulate EAPOL-Start packets into broadcast, multicast, or unicast packets.

      By default, an AP encapsulates EAPOL-Start packets into multicast packets.

    3. Run the eapol-response dest-address transform-condition { always | equal-bssid } command to specify EAPOL-Response packets to be encapsulated.

      By default, an AP encapsulates only the EAPOL-Response packets with the destination MAC addresses being the AP's BSSID.

    4. Run the eapol-response dest-address transform-to { broadcast | multicast | mac mac-address | learning } command to configure the AP to encapsulate EAPOL-Response packets into broadcast, multicast, or unicast packets.

      By default, an AP encapsulates EAPOL-Response packets into unicast packets and actively learn the destination MAC address.

  6. Run quit

    Return to the WLAN view.

  7. Bind an AP system profile to an AP group or AP.

    • Binding an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

    • Binding an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

  8. Run quit

    Return to the WLAN view.

  9. Run commit { all | ap-name ap-name | ap-id { ap-id1 [ to ap-id2 ] } &<1-10> }

    Configurations are delivered to APs.

Verifying the AP System Management Configuration

Procedure

  • Run the display ap-system-profile { all | name profile-name } command to check configuration and reference information about an AP system profile.
  • Run the display references ap-system-profile name profile-name command to check reference information about an AP system profile.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033726

Views: 38870

Downloads: 229

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next