No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN V200R019C00 Typical Configuration Examples
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring AD to Perform Authentication and Authorization

Example for Configuring AD to Perform Authentication and Authorization

Networking Requirements

As shown in Figure 5-43, an enterprise AC connects to an AP and an AD server. The AC functions as the DHCP server to assign IP addresses on the network segment 10.23.101.0/24 to STAs.

STAs in an enterprise are authenticated in the following modes:

  • The AC authenticates access STAs in MAC+AD mode.

  • # Set the IP address of an AD server to 10.23.200.1 and port number to 88.

Figure 5-43 Networking diagram for configuring AD to perform user authentication and authorization

Data Planning

Configuration Item

Data

AD authentication parameters

Authentication scheme name: wlan-net

Authorization scheme name: wlan-net

AD server template name: template1

  • IP address: 10.23.200.1
  • Port number: 88
  • Base DN: dc=test1,dc=com
  • Administrator DN: cn=Administrator,cn=users
  • Administrator password: Admin@123

MAC access profile
  • Name: wlan-net
  • User name and password for MAC address authentication: MAC addresses without hyphens (-)

Authentication profile
  • Name: wlan-net
  • Bound profiles and authentication scheme: MAC access profile wlan-net, AD server template template1, authentication scheme wlan-net, and authorization scheme wlan-net

DHCP server

The AC functions as a DHCP server to assign IP addresses to APs and STAs.

IP address pool for APs

10.23.100.2-10.23.100.254/24

IP address pool for STAs

10.23.101.2-10.23.101.254/24

IP address of the AC's source interface

VLANIF 100: 10.23.100.1/24

AP group
  • Name: ap-group1
  • Bound profiles: VAP profile wlan-net and regulatory domain profile default

Regulatory domain profile
  • Name: default
  • Country code: CN

SSID profile
  • Name: wlan-net
  • SSID name: wlan-net

Security profile
  • Name: wlan-net
  • Security policy: open system authentication

VAP profile
  • Name: wlan-net
  • Forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 101
  • Bound profiles: SSID profile wlan-net, security profile wlan-net, and authentication profile wlan-net

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure network interworking of the AC, APs, and other network devices.
  2. Select Config Wizard to configure system parameters for the AC.
  3. Select Config Wizard to configure the APs to go online on the AC.
  4. Select Config Wizard to configure WLAN services on the AC. Configure MAC address authentication and AD authentication to authenticate users.
  5. Complete user service verification.

Procedure

  1. Configure AC system parameters.
    1. Configure AC basic parameters.

      Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.

      # Set Country/Region as required (China as an example). Set System Time to Manual and Date and time to PC Time.



      # Click Next. The Port Configuration page is displayed.

    2. Configure ports.

      # Select GigabitEthernet0/0/1. Expand Batch Modify. Set Interface type to Trunk and Default VLAN to 100, and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN).



      # Click Apply.

      # Select GigabitEthernet0/0/2. Expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/2 to VLAN 101 (service VLAN).



      # Click Apply.

      # Click Next. The Network Interconnection page is displayed.

    3. Configure network interconnection.

      # Under Interface Configuration, click Create. The Create Interface Configuration page is displayed.

      # Set the IP address of VLANIF 100 to 10.23.100.1/24, DHCP status to ON, and DHCP type to Interface address pool.

      # Click OK.

      # Configure the address pool for VLANIF 101 in the similar way. Set the IP address of VLANIF 101 to 10.23.101.1/24, DHCP status to ON, and DHCP type to Interface address pool.

      # Under Static Route Table, click Create. The Create Static Route Table page is displayed.

      # Set the destination IP address to 10.23.200.0/24 and Next hop address to 10.23.101.2 (assuming that the IP address of the uplink device is 10.23.101.2).

      # Click OK.

      # Click Next.

      # Click Next. The AC Source Address page is displayed.

    4. Configure the source address for AC.

      # Set AC source address to VLANIF. Click the browse button and select Vlanif100.



      # Click Next. The Confirm Settings page is displayed.

    5. Confirm the configuration.

      # Confirm the configuration and click Continue With AP Online.

  2. Configure APs to go online.
    1. Configure APs to go online.

      # Click Batch Import. The Batch Import page is displayed. Click to download an AP template file to your local computer.



      # Fill in the AP template file with AP information according to the following example. To add multiple APs, fill in the file with information of the APs.
      • AP MAC: 60de-4476-e360
      • AP SN: 210235419610CB002287
      • AP Name: area_1
      • AP Group: ap-group1
      • If you set AP authentication mode to MAC address authentication, the AP's MAC address is mandatory and the AP's SN is optional.
      • If you set AP authentication mode to SN authentication, the AP's SN is mandatory and the AP's MAC address is optional.

      You are advised to export the radio ID, AP channel, frequency bandwidth, and power planned on WLAN Planner to a .csv file, and then enter them in the AP template file. Set the longitude and latitude as required.

      # Click next to Import AP File, select the AP template file, and click Import.

      # On the page that displays the template import result, click OK.

      # Click Next. The Group APs page is displayed.

      # AP group information has been added in the AP template file. Click Next. The Confirm Configurations page is displayed.

    2. Confirm the configuration.

      # Confirm the configuration and click Continue With Wireless Service Configuration.

  3. Configure WLAN services.

    # Click Create. The Basic Information page is displayed.

    # Configure the SSID name, forwarding mode, and service VLAN ID.



    # Click Next. The Security Authentication page is displayed.

    # Set Security settings to Open (applicable to personal networks).

    # Click Next. The Access Control page is displayed.

    # Set Binding the AP group to ap-group1.

    # Click Finish.

  4. Configure MAC address authentication and AD authentication.
    1. Create the authentication profile wlan-net.

      # Choose Configuration > AP Config > AP Group. The AP Group page is displayed.

      # Click AP group ap-group1. The AP group configuration page is displayed.

      # Choose VAP Configuration > wlan-net > Authentication Profile. The Authentication Profile page is displayed.

      # Set Access mode to MAC authentication and Authentication mode to AD authentication.

      # Click Apply. In the dialog box that is displayed, click OK.

    2. Configure the MAC access profile wlan-net.

      # Click in front of Authentication Profile. Under it, click MAC Authentication. The MAC Authentication Profile page is displayed.

      # Click Apply. In the dialog box that is displayed, click OK.

    3. Configure an AD authentication scheme.

      # Click in front of Authentication Profile and select AD Server. The Authentication Profile page is displayed.

      # Click next to AD Server Template. The AD Server Template page is displayed.

      # Click Create. The Create AD Server Template page is displayed. Set the parameters as follows:
      • Template Name: template1
      • Primary server IP address/port number: 10.23.200.1/88
      • Base DN: dc=test1,dc=com
      • Administrator DN: cn=Administrator,cn=users
      • Administrator password: Admin@123

      # Click OK. Select the created AD server template, and click OK.

      # Click Apply. In the dialog box that is displayed, click OK.

    4. Configure an AD authorization scheme.

      # Choose Configuration > AP Config > Profile. On the Profile Management page, choose AAA > Authorization Scheme. The Authorization Scheme List page is displayed.

      # Click Create. On the Create Authorization Scheme page that is displayed, set Profile name to wlan-net and click OK.

      # Set First authorization to AD authorization and click Apply. In the dialog box that is displayed, click OK.

      # Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile > Authorization Scheme. The Authorization Scheme page is displayed.

      # Set Authorization Scheme to wlan-net.

      # Click Apply. In the dialog box that is displayed, click OK.

  5. Verify the configuration.
    1. STAs automatically connect to the WLAN with the SSID wlan-net.
    2. Choose Monitoring > User > User List. In User List, set the search criteria to SSID, enter wlan-net, and click . STAs go online successfully and obtain IP addresses.
Translation
简体中文
Download
Updated: 2021-11-18

Document ID: EDOC1100096116

Views: 367736

Downloads: 2542

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :