Example for Configuring Fat AP Layer 3 Networking
Networking Requirements
As shown in Figure 4-9, a Fat AP is connected to the Internet in wired mode and connected to STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for mobile office so that enterprise employees can access the enterprise internal network anywhere, anytime.
- A WLAN named wlan-net is available.
- The Fat AP functions as a DHCP server to assign IP addresses to STAs.
Data planning
Item |
Data |
|---|---|
Service VLAN for STAs |
VLAN 101 |
DHCP server |
The AP functions as a DHCP server to assign IP addresses to STAs. |
IP address pool for STAs |
10.23.101.2 to 10.23.101.254/24 |
SSID profile |
|
Security profile |
|
VAP profile |
|
Configuration Roadmap
The configuration roadmap is as follows:
- Configure the AP and upper-layer devices to communicate with each other.
- Configure the AP as a DHCP server to assign IP addresses to STAs from an IP address pool on an interface.
- Configure the AP's system parameters, including the country code.
- Configure a VAP so that STAs can access the WLAN.
You are advised to log in to the Fat AP in wireless mode for service configuration. You can also log in to the Fat AP by directly connecting a PC to the Fat AP using network cables and then connect the Fat AP to the upstream device after services are configured and saved.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression on switch interfaces connected to APs to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected. For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Procedure
- Configure the network devices.# Set the IP address of GE1/0/0 on Router to 10.23.200.2/24. Configure a static route from the Router to the STAs.
<Huawei> system-view [Huawei] sysname Router [Router] interface gigabitethernet 1/0/0 [Router-GigabitEthernet1/0/0] ip address 10.23.200.2 24 [Router-GigabitEthernet1/0/0] quit [Router] ip route-static 10.23.101.0 255.255.255.0 10.23.200.1
- Configure the AP to communicate with the network devices.
# Add the AP's uplink interface GE0/0/1 to VLAN 200. Create VLANIF 200 and set its IP address to 10.23.200.1/24.
<Huawei> system-view [Huawei] sysname AP [AP] vlan batch 200 [AP] interface vlanif 200 [AP-Vlanif200] ip address 10.23.200.1 24 [AP-Vlanif200] quit [AP] interface gigabitethernet 0/0/0 [AP-GigabitEthernet0/0/0] port link-type trunk [AP-GigabitEthernet0/0/0] port trunk allow-pass vlan 200 [AP-GigabitEthernet0/0/0] port trunk pvid vlan 200 [AP-GigabitEthernet0/0/0] quit
If the PC connects to the AP through GE0/0/0, modifying the interface may cause a network interruption. In this case, you need to change the PC's IP address to 10.23.200.x and access the AP' new IP address 10.23.200.1 to log in to the AP again for further operations.
If the uplink NE of the AP is assigned to a VLAN, it is recommended that the uplink interface of the AP be configured in the same VLAN as the peer interface. In this case, you can configure a PVID on the uplink interface of the AP so that this interface removes the VLAN tag from outgoing packets. You can also configure the uplink interface as an access interface.
# Configure a default route with the next hop IP address 10.23.200.2/24 on the AP.[AP] ip route-static 0.0.0.0 0.0.0.0 10.23.200.2
- Configure the DHCP server to assign IP addresses to STAs.
# Configure the AP as a DHCP server to assign IP addresses to STAs from the IP address pool on VLANIF 101.
Configure the DNS server as required. The common methods are as follows:- In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
- In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
[AP] dhcp enable [AP] vlan batch 101 [AP] interface vlanif 101 [AP-Vlanif101] ip address 10.23.101.1 24 [AP-Vlanif101] dhcp select interface [AP-Vlanif101] quit - Configure the AP's system parameters.
# Configure the country code for the AP.
[AP] wlan [AP-wlan-view] country-code cn
- Configure WLAN service parameters.# Create security profile wlan-net and set the security policy in the profile.
In this example, the security policy is set to WPA-WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.
[AP-wlan-view] security-profile name wlan-net [AP-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes [AP-wlan-sec-prof-wlan-net] quit
# Create SSID profile wlan-net and set the SSID name to wlan-net.
[AP-wlan-view] ssid-profile name wlan-net [AP-wlan-ssid-prof-wlan-net] ssid wlan-net [AP-wlan-ssid-prof-wlan-net] quit
# Create VAP profile wlan-net, set the service VLAN, and apply the security profile and SSID profile to the VAP profile.
[AP-wlan-view] vap-profile name wlan-net [AP-wlan-vap-prof-wlan-net] service-vlan vlan-id 101 [AP-wlan-vap-prof-wlan-net] security-profile wlan-net [AP-wlan-vap-prof-wlan-net] ssid-profile wlan-net [AP-wlan-vap-prof-wlan-net] quit
- Configure radio parameters for the VAP and AP.
Automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these two functions are disabled. The settings of the AP channel and power in this example are for reference only. You need to configure the AP channel and power based on the actual country code and network planning.
# Disable automatic channel and power calibration functions of the radio, and configure the channel and power for the radio.[AP-wlan-view] quit [AP] interface wlan-radio0/0/0 [AP-Wlan-Radio0/0/0] vap-profile wlan-net wlan 2 [AP-Wlan-Radio0/0/0] calibrate auto-channel-select disable [AP-Wlan-Radio0/0/0] calibrate auto-txpower-select disable [AP-Wlan-Radio0/0/0] channel 20mhz 6 Warning: This action may cause service interruption. Continue?[Y/N]y [AP-Wlan-Radio0/0/0] eirp 127 [AP-Wlan-Radio0/0/0] quit [AP] interface wlan-radio0/0/1 [AP-Wlan-Radio0/0/1] vap-profile wlan-net wlan 2 [AP-Wlan-Radio0/0/1] calibrate auto-channel-select disable [AP-Wlan-Radio0/0/1] calibrate auto-txpower-select disable [AP-Wlan-Radio0/0/1] channel 20mhz 149 Warning: This action may cause service interruption. Continue?[Y/N]y [AP-Wlan-Radio0/0/1] eirp 127 [AP-Wlan-Radio0/0/1] quit
- Verify the configuration.
The configuration automatically takes effect after it is completed. Run the display vap ssid wlan-net command. If Status in the command output is displayed as ON, the VAP has been successfully created on the AP radios.
[AP] display vap ssid wlan-net WID : WLAN ID -------------------------------------------------------------------------------- AP MAC RfID WID BSSID Status Auth type STA SSID -------------------------------------------------------------------------------- 00bc-da3f-e900 0 2 00BC-DA3F-E901 ON WPA/WPA2-PSK 0 wlan-net 00bc-da3f-e900 1 2 00BC-DA3F-E911 ON WPA/WPA2-PSK 0 wlan-net ------------------------------------------------------------------------------- Total: 2
Connect STAs to the WLAN with SSID wlan-net and enter the password a1234567. Run the display station ssid wlan-net command on the AC. The command output shows that the STAs are connected to the WLAN wlan-net.
[AP] display station all Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) -------------------------------------------------------------------------------------------------- STA MAC Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address SSID -------------------------------------------------------------------------------------------------- 14cf-9202-13dc 00bc-da3f-e900 0/2 2.4G 11n 19/13 -63 101 10.23.101.254 wlan-net -------------------------------------------------------------------------------------------------- Total: 1 2.4G: 1 5G: 0
Configuration Files
Router configuration file
# sysname Router # interface GigabitEthernet1/0/0 ip address 10.23.200.2 24 # ip route-static 10.23.101.0 255.255.255.0 10.23.200.1 return
AP configuration file
# sysname AP # vlan batch 101 200 # dhcp enable # interface Vlanif101 ip address 10.23.101.1 255.255.255.0 dhcp select interface # interface Vlanif200 ip address 10.23.200.1 255.255.255.0 # interface GigabitEthernet0/0/0 port link-type trunk port trunk pvid vlan 200 port trunk allow-pass vlan 200 # ip route-static 0.0.0.0 0.0.0.0 10.23.200.2 # wlan security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#(yk#Q+M[\CMK]1)AWMX7MjZ)=e`fy@fA+.J\ht3Y%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net # interface Wlan-Radio0/0/0 vap-profile wlan-net wlan 2 channel 20mhz 6 calibrate auto-channel-select disable calibrate auto-txpower-select disable # interface Wlan-Radio0/0/1 vap-profile wlan-net wlan 2 channel 20mhz 149 calibrate auto-channel-select disable calibrate auto-txpower-select disable # return