No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - WLAN-AC

S5700 and S6720 V200R012C00

This document describes the configurations of WLAN, including WLAN Service Configuration, Radio Resource Management, Roaming, WLAN QoS, WLAN Security, WDS, Mesh, Location, Hotspot 2.0, Dual-Link Cold Backup, N+1 Backup.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AC Layer 2 Roaming

Example for Configuring Inter-AC Layer 2 Roaming

Configuration Process

You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile, WIDS profile, WDS profile, and Mesh profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. Then the configuration is automatically delivered to and takes effect on the APs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.

Networking Requirements

Enterprise users expect to access the Internet through a WLAN to meet the basic mobile office requirements. They also require that services be uninterrupted when roaming within the coverage area of the WLAN.

  • AC networking mode: AC_1 and AC_2 in the same mobility group
  • DHCP deployment mode: Configure AC_1 as a DHCP server to assign IP addresses to APs and STAs.
  • Service data forwarding mode: tunnel forwarding
Figure 8-14  Networking for configuring inter-AC Layer 2 roaming

Configuration Roadmap

  1. Configure network connectivity between APs, ACs, and other network devices.
  2. Configure the APs to go online.
  3. Configure WLAN service parameters for STAs to access the WLAN.
  4. Configure WLAN roaming on AC_1 and AC_2 to enable inter-AC Layer 2 roaming.
Table 8-11  Data planning

Item

Data

DHCP server

AC_1 functions as a DHCP server to assign IP addresses to APs and STAs.

IP address pool for APs

10.23.100.3 to 10.23.100.254/24

IP address pool for STAs

10.23.101.3 to 10.23.101.254/24

AC's source interface IP address

Source interface: VLANIF 100

  • AC_1: 10.23.100.1/24
  • AC_2: 10.23.100.2/24
AP group
  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-net and regulatory domain profile default
Regulatory domain profile
  • Name: default
  • Country code: CN
SSID profile
  • Name: wlan-net
  • SSID name: wlan-net
Security profile
  • Name: wlan-net
  • Security policy: WPA-WPA2+PSK+AES
  • Password: a1234567
VAP profile
  • Name: wlan-net
  • Forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 101
  • Referenced profiles: SSID profile wlan-net and security profile wlan-net

Roaming parameters

  • AC_1
    • IP address for establishing an inter-AC tunnel in the mobility group: 10.23.100.1
    • Mobility group name: mobility
    • Mobility group members: AC_1 and AC_2
  • AC_2
    • IP address for establishing an inter-AC tunnel in the mobility group: 10.23.100.2
    • Mobility group name: mobility
    • Mobility group members: AC_1 and AC_2

Configuration Precautions

  • Inter-AC roaming is supported only in distributed VXLAN gateway scenarios, and only Layer 2 inter-AC roaming is supported.
  • ACs in the same mobility group must run the same system software of the C version. Otherwise, inter-AC roaming may fail.
  • The mobility group name and IP address for establishing an inter-AC tunnel must be configured on each AC in the mobility group. ACs must be added to the mobility group.
  • The IP addresses used for establishing an inter-AC tunnel between ACs in a mobility group must be the CAPWAP source IP addresses of the ACs. When multiple CAPWAP source IP addresses are configured, only on CAPWAP source IP address can be used to establish an inter-AC tunnel.
  • The mobility group name must be the same on each AC.
  • A maximum of 16 ACs can be added to a mobility group, and one AC can be added only to one mobility group.

Procedure

  1. Set the NAC mode to unified on AC_1 and AC_2 so that STAs can connect to the WLAN.

    <HUAWEI> system-view
    [HUAWEI] authentication unified-mode
    
    NOTE:

    If the NAC mode is changed from traditional to unified, the unified mode takes effect after you save the configuration and restart the ACs.

  2. Configure the switches.

    # Add GE0/0/1 and GE0/0/2 on Switch_1 to VLAN 100 (default VLAN of GE0/0/1).
    <HUAWEI> system-view
    [HUAWEI] sysname Switch_1
    [Switch_1] vlan batch 100
    [Switch_1] interface gigabitethernet 0/0/1
    [Switch_1-GigabitEthernet0/0/1] port link-type trunk
    [Switch_1-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [Switch_1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [Switch_1-GigabitEthernet0/0/1] quit
    [Switch_1] interface gigabitethernet 0/0/2
    [Switch_1-GigabitEthernet0/0/2] port link-type trunk
    [Switch_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [Switch_1-GigabitEthernet0/0/2] quit
    # Add GE0/0/1 and GE0/0/2 on Switch_2 to VLAN 100 (default VLAN of GE0/0/1).
    <HUAWEI> system-view
    [HUAWEI] sysname Switch_2
    [Switch_2] vlan batch 100
    [Switch_2] interface gigabitethernet 0/0/1
    [Switch_2-GigabitEthernet0/0/1] port link-type trunk
    [Switch_2-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [Switch_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [Switch_2-GigabitEthernet0/0/1] quit
    [Switch_2] interface gigabitethernet 0/0/2
    [Switch_2-GigabitEthernet0/0/2] port link-type trunk
    [Switch_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [Switch_2-GigabitEthernet0/0/2] quit

  3. Configure the ACs to communicate with other network devices.

    # Add GE0/0/1 on AC_1 to VLAN 100, and GE0/0/2 to VLAN 100 and VLAN 101.
    [HUAWEI] sysname AC_1
    [AC_1] vlan batch 100 101
    [AC_1] interface gigabitethernet 0/0/1
    [AC_1-GigabitEthernet0/0/1] port link-type trunk
    [AC_1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AC_1-GigabitEthernet0/0/1] quit
    [AC_1] interface gigabitethernet 0/0/2
    [AC_1-GigabitEthernet0/0/2] port link-type trunk
    [AC_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
    [AC_1-GigabitEthernet0/0/2] quit
    [AC_1] interface vlanif 100
    [AC_1-Vlanif100] ip address 10.23.100.1 255.255.255.0
    [AC_1-Vlanif100] quit
    [AC_1] interface vlanif 101
    [AC_1-Vlanif101] ip address 10.23.101.1 255.255.255.0
    [AC_1-Vlanif101] quit
    # Add GE0/0/1 on AC_2 to VLAN 100, and GE0/0/2 to VLAN 100 and VLAN 101.
    [HUAWEI] sysname AC_2
    [AC_2] vlan batch 100 101
    [AC_2] interface gigabitethernet 0/0/1
    [AC_2-GigabitEthernet0/0/1] port link-type trunk
    [AC_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AC_2-GigabitEthernet0/0/1] quit
    [AC_2] interface gigabitethernet 0/0/2
    [AC_2-GigabitEthernet0/0/2] port link-type trunk
    [AC_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
    [AC_2-GigabitEthernet0/0/2] quit
    [AC_2] interface vlanif 100
    [AC_2-Vlanif100] ip address 10.23.100.2 255.255.255.0
    [AC_2-Vlanif100] quit
    [AC_2] interface vlanif 101
    [AC_2-Vlanif101] ip address 10.23.101.2 255.255.255.0
    [AC_2-Vlanif101] quit

  4. Configure a DHCP server to assign IP addresses to APs and STAs.

    # Configure VLANIF 100 on AC_1 to assign IP addresses to APs and VLANIF 101 to assign IP addresses to STAs.
    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    [AC_1] dhcp enable
    [AC_1] interface vlanif 100
    [AC_1-Vlanif100] dhcp select interface
    [AC_1-Vlanif100] dhcp server excluded-ip-address 10.23.100.2
    [AC_1-Vlanif100] quit
    [AC_1] interface vlanif 101
    [AC_1-Vlanif101] dhcp select interface
    [AC_1-Vlanif101] dhcp server excluded-ip-address 10.23.100.2
    [AC_1-Vlanif101] quit

  5. Configure APs to go online on AC_1.

    # Create an AP group to which APs with the same configuration are to be added.
    [AC_1] wlan
    [AC_1-wlan-view] ap-group name ap-group1
    [AC_1-wlan-ap-group-ap-group1] quit
    
    # Create a regulatory domain profile, configure the country code for AC_1 in the profile, and bind the profile to the AP group.
    [AC_1-wlan-view] regulatory-domain-profile name default
    [AC_1-wlan-regulate-domain-default] country-code cn
    [AC_1-wlan-regulate-domain-default] quit
    [AC_1-wlan-view] ap-group name ap-group1
    [AC_1-wlan-ap-group-ap-group1] regulatory-domain-profile default
    Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
    e?[Y/N]:y 
    [AC_1-wlan-ap-group-ap-group1] quit
    [AC_1-wlan-view] quit
    
    # Configure the source interface on AC_1.
    [AC_1] capwap source interface vlanif 100
    
    # Import an AP offline on AC_1 and add the AP to the AP group ap-group1. Assume that the AP's MAC address is 60de-4476-e360. Configure a name for the AP based on the AP's deployment location, so that you will know where the AP is deployed from its name. If the AP with MAC address 60de-4476-e360 is in area 1, name the AP area_1.
    NOTE:

    The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

    In this example, the AP5030DN is used and has two radios: radio 0 (2.4 GHz radio) and radio 1 (5 GHz radio).

    [AC_1] wlan
    [AC_1-wlan-view] ap auth-mode mac-auth
    [AC_1-wlan-view] ap-id 0 ap-mac 60de-4476-e360
    [AC_1-wlan-ap-0] ap-name area_1
    Warning: This operation may cause AP reset. Continue? [Y/N]:y 
    [AC_1-wlan-ap-0] ap-group ap-group1
    Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
    s of the radio, Whether to continue? [Y/N]:y 
    [AC_1-wlan-ap-0] quit
    
    # After the AP is powered on, run the display ap all command to check the AP state. If the State field displays nor, the AP has gone online.
    [AC_1-wlan-view] display ap all
    Total AP information:
    nor  : normal          [1]
    Extra information:
    P  : insufficient power supply
    --------------------------------------------------------------------------------------------------
    ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
    --------------------------------------------------------------------------------------------------
    0    60de-4476-e360 area_1 ap-group1 10.23.100.254 AP5030DN        nor   0   10S         -
    --------------------------------------------------------------------------------------------------
    Total: 1

  6. Configure WLAN service parameters.

    # Create security profile wlan-net and configure a security policy in the profile.
    NOTE:

    The following example sets the security policy to WPA-WPA2+PSK+AES and password to a1234567. In actual situations, configure the security policy based on service requirements.

    [AC_1-wlan-view] security-profile name wlan-net
    [AC_1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
    [AC_1-wlan-sec-prof-wlan-net] quit
    
    # Create SSID profile wlan-net and set the SSID name to wlan-net.
    [AC_1-wlan-view] ssid-profile name wlan-net
    [AC_1-wlan-ssid-prof-wlan-net] ssid wlan-net
    [AC_1-wlan-ssid-prof-wlan-net] quit
    
    # Create VAP profile wlan-net, set the data forwarding mode and service VLAN, and bind the security profile and SSID profile to the VAP profile.
    [AC_1-wlan-view] vap-profile name wlan-net
    [AC_1-wlan-vap-prof-wlan-net] forward-mode tunnel
    [AC_1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
    [AC_1-wlan-vap-prof-wlan-net] security-profile wlan-net
    [AC_1-wlan-vap-prof-wlan-net] ssid-profile wlan-net
    [AC_1-wlan-vap-prof-wlan-net] quit
    
    # Bind the VAP profile to the AP group, and apply configurations of VAP profile wlan-net to radios 0 and 1 of the AP.
    [AC_1-wlan-view] ap-group name ap-group1
    [AC_1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
    [AC_1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
    [AC_1-wlan-ap-group-ap-group1] quit
    

  7. Configure APs to go online on AC_2 and set WLAN service parameters.

    Configure APs on AC_2 to go online and set WLAN service parameters according to the configuration process on AC_1. For details about the configurations, see the configuration file of AC_2. The following lists configuration differences between AC_1 and AC_2:

    • An AP5030DN with MAC address dcd2-fc04-b500 is configured to go online on AC_2 and the AP name is set to area_2.

  8. Configure WLAN roaming on AC_1.

    # Configure IP addresses for establishing an inter-AC tunnel.

    [AC_1-wlan-view] mobility-server local 10.23.100.1
    [

    # Create a mobility group, and add AC_1 and AC_2 to the mobility group.

    [AC_1-wlan-view] mobility-group name mobility
    [AC_1-mc-mg-mobility] member ip-address 10.23.100.1
    [AC_1-mc-mg-mobility] member ip-address 10.23.100.2
    [AC_1-mc-mg-mobility] quit
    

  9. Configure WLAN roaming on AC_2.

    # Configure IP addresses for establishing an inter-AC tunnel.

    [AC_2-wlan-view] mobility-server local 10.23.100.2
    [

    # Create a mobility group, and add AC_1 and AC_2 to the mobility group.

    [AC_2-wlan-view] mobility-group name mobility
    [AC_2-mc-mg-mobility] member ip-address 10.23.100.1
    [AC_2-mc-mg-mobility] member ip-address 10.23.100.2
    [AC_2-mc-mg-mobility] quit
    

  10. Verify the configuration.

    # The ACs automatically deliver WLAN service configurations to the APs. After the configuration is complete, run the display vap ssid wlan-net command on AC_1 and AC_2 to check VAP information. If Status in the command output displays ON, the VAPs have been successfully created on AP radios.
    [AC_1-wlan-view] display vap ssid wlan-net
    WID : WLAN ID
    --------------------------------------------------------------------------------------
    AP ID AP name        RfID WID  BSSID          Status  Auth type         STA    SSID
    --------------------------------------------------------------------------------------
    0     area_1         0    1    60DE-4476-E360 ON      WPA/WPA2-PSK      0      wlan-net
    0     area_1         1    1    60DE-4476-E370 ON      WPA/WPA2-PSK      0      wlan-net
    ---------------------------------------------------------------------------------------
    Total: 2
    [AC_2-wlan-view] display vap ssid wlan-net
    WID : WLAN ID
    --------------------------------------------------------------------------------------
    AP ID AP name        RfID WID  BSSID          Status  Auth type         STA  SSID
    --------------------------------------------------------------------------------------
    1     area_2         0    1    DCD2-FC04-B500 ON      WPA/WPA2-PSK       0    wlan-net
    1     area_2         1    1    DCD2-FC04-B510 ON      WPA/WPA2-PSK       0    wlan-net
    -------------------------------------------------------------------------------------
    Total: 2

    # Run the display mobility-group name mobility command on AC_1 to check working states of AC_1 and AC_2. If State displays normal, AC_1 and AC_2 work properly.

    # In the coverage area of AP_1, connect a STA to the WLAN with SSID wlan-net and enter the password a1234567. After the STA successfully associates with the WLAN, run the display station ssid wlan-net command on AC_1 to check STA information. The command output shows that the STA with MAC address e019-1dc7-1e08 is associated with AP_1.
    [AC_1-wlan-view] display station ssid wlan-net
    Rf/WLAN: Radio ID/WLAN ID
    Rx/Tx: link receive rate/link transmit rate(Mbps)
    ------------------------------------------------------------------------------------
    STA MAC          AP ID Ap name   Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address
    ------------------------------------------------------------------------------------
    e019-1dc7-1e08   0     area_1    1/1      5G    11n   46/59      -57   101   10.23.101.254
    ------------------------------------------------------------------------------------
    Total: 1 2.4G: 0 5G: 1
    # After the STA moves from the coverage area of AP_1 to that of AP_2, run the display station assoc-info sta all command on AC_2 to check the STA's access information. The command output shows that the STA is associated with AP_2.
    [AC_2-wlan-view] display station ssid wlan-net
    Rf/WLAN: Radio ID/WLAN ID
    Rx/Tx: link receive rate/link transmit rate(Mbps)
    ------------------------------------------------------------------------------------
    STA MAC          AP ID Ap name   Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address
    ------------------------------------------------------------------------------------
    e019-1dc7-1e08   1     area_2    1/1      5G    11n   46/59      -58   101   10.23.101.254
    ------------------------------------------------------------------------------------
    Total: 1 2.4G: 0 5G: 1
    # Run the display station roam-track sta-mac e019-1dc7-1e08 command on AC_2 to check the STA roaming track.
    [AC_2-wlan-view] display station roam-track sta-mac e019-1dc7-1e08
    Access SSID:wlan-net
    Rx/Tx: link receive rate/link transmit rate(Mbps)   
    c:PMK Cache Roam r:802.11r Roam s:Same Frequency Network
    ------------------------------------------------------------------------------  
    L2/L3           AC IP                  AP name              Radio ID
    BSSID           TIME                   In/Out RSSI          Out Rx/Tx
    ------------------------------------------------------------------------------  
    --              10.23.100.1            area_1               1             
    60de-4476-e360  2015/02/09 16:11:51    -57/-57              22/3
    L2              10.23.100.2            area_2               1             
    dcd2-fc04-b500  2015/02/09 16:13:53    -58/-                -/-
    ------------------------------------------------------------------------------  
    Number: 1

Configuration Files

  • Switch_1 configuration file

    #
     sysname Switch_1
    #
     vlan batch 100
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100
     #
    return
  • Switch_2 configuration file

    #
     sysname Switch_2
    #
     vlan batch 100
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100
     #
    return
  • AC_1 configuration file

    #
    sysname AC_1
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select interface
     dhcp server excluded-ip-address 10.23.100.2
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
     dhcp server excluded-ip-address 10.23.101.2
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    capwap source interface vlanif100
    #
    wlan
     security-profile name wlan-net
      security wpa2 psk pass-phrase %^%#]:krYrz_r<ee}|Cq@9V(W{ZD$"\-R-HD_y.4#U4,%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      forward-mode tunnel
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     mobility-server local ip-address 10.23.100.1
     mobility-group name mobility
      member ip-address 10.23.100.1
      member ip-address 10.23.100.2
     ap-group name ap-group1
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return
  • AC_2 configuration file

    #
    sysname AC_2
    #
    vlan batch 100 to 101
    #
    interface Vlanif100
     ip address 10.23.100.2 255.255.255.0
    #
    interface Vlanif101
     ip address 10.23.101.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100 101
    #
    capwap source interface vlanif100
    #
    wlan
     security-profile name wlan-net
      security wpa2 psk pass-phrase %^%#]:krYrz_r<ee}|Cq@9V(W{ZD$"\-R-HD_y.4#U4,%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      forward-mode tunnel
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
      dca-channel 5g channel-set 149,153,157,161
     mobility-server local ip-address 10.23.100.2
     mobility-group name mobility
      member ip-address 10.23.100.1
      member ip-address 10.23.100.2
     ap-group name ap-group1
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 1 type-id 35 ap-mac dcd2-fc04-b500 ap-sn 210235554710CB000078
      ap-name area_2
      ap-group ap-group1
    #
    return
Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038361

Views: 149311

Downloads: 427

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next