No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
NetEngine AR V300R019 CLI-based Configuration Guide - WLAN-FAT AP
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring WLAN Service VAPs

Configuring WLAN Service VAPs

After APs go online, you can configure service VAPs for the APs to provide differentiated WLAN services for users.

Pre-configuration Tasks

Before configuring WLAN service VAPs, complete the following tasks:

Procedure

When a WLAN is available for a user and the user starts to connect to the WLAN, the user actually connects to a virtual access point (VAP). A VAP is a functional entity on an AP. You can create different VAPs on an AP to provide wireless access services for different users so that these users can obtain different network resources. A VAP is also a binding between an AP radio and a service set. A VAP is generated when a service set is bound to an AP radio.

Figure 2-13 shows the WLAN service VAP configuration process.

Figure 2-13 WLAN service VAP configuration flowchart
Default WMM, radio, security, and traffic profiles exist on the device. You can use the default profiles directly but do not need to create new profiles. The default profiles are as follows:
  • WMM profile wmmf with ID 0
  • Radio profile radiof with ID 0 (The default radio profile is already bound to the default WMM profile.)
  • Security profile secf with ID 0
  • Traffic profile traf with ID 0
After a service set is created, the default traffic and security profiles are bound to the service set by default.

If wireless configurations in a service VAP are modified when online STAs exist, the WLAN is disconnected and reconnected, during which STAs go offline and online again. The involved wireless configurations include configurations of the WMM profile, radio profile, security profile, traffic profile, and radios. Exercise caution when modifying these configurations.

Creating a WMM Profile

Context

802.11 provides services of the same quality for all applications. Different applications, however, have different requirements for wireless networks. 802.11 cannot provide differentiated services for different applications.

To provide differentiated services for different applications, the Wi-Fi Alliance defines the Wi-Fi Multimedia (WMM) standard, which classifies data packets into four access categories (ACs) in descending order of priorities, that is, AC-voice (AC-VO), AC-video (AC-VI), AC-best effort (AC-BE), and AC-background (AC-BK). This standard ensures that high-priority packets preempt channels.

A WMM profile is created to implement the WMM protocol. After a WMM profile is created, packets with higher AP or STA priority preempt a wireless channel first, ensuring better quality for voice and video services on WLANs.

For details on how to configure parameters in a WMM profile, see Configuring WMM.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run wmm-profile { id profile-id | name profile-name } *

    A WMM profile is created and the WMM profile view is displayed.

    When creating a WMM profile, pay attention to the following:
    • After a WMM profile is created, the profile retains the default settings. The default settings are recommended. For details on how to configure a WMM profile, see Configuring WMM.
    • The profile name is mandatory when you create a WMM profile.

Configuring a Radio Profile

Context

A radio profile defines the following parameters: radio rate, channel mode, radio power mode, packet loss threshold, error packet threshold, collision rate threshold, packet fragmentation threshold, Request To Send/Clear To Send (RTS/CTS) threshold, whether short preamble is supported, delivery traffic indication message (DTIM) interval, Beacon frame interval, and WMM profile name or ID. If a radio is bound to a radio profile, the radio inherits all the parameters defined in the radio profile.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run radio-profile { id profile-id | name profile-name } *

    A radio profile is created and the radio profile view is displayed.

    When creating a radio profile, pay attention to the following:

    • After a radio profile is created, the profile retains the default settings.

    • The profile name is mandatory when you create a radio profile.

  4. (Optional) Configure optional parameters in the radio profile.

    Procedure

    Command

    Description

    Configure the channel mode.

    channel-mode { auto | fixed }

    By default, the channel mode is automatic mode.
    An AP supports two channel modes:
    • Automatic mode: An AP selects a channel for a radio based on the WLAN radio environment, so you do not need to specify channels for radios.
    • Fixed mode: A channel is manually configured for a radio to avoid frequent channel adjustment (this may cause intermittent service interruption).

    Configure the power mode.

    power-mode { auto | fixed }

    By default, the power mode is automatic mode.
    An AP supports two power modes:
    • Automatic mode: The AP selects the transmit power for a radio based on the WLAN radio environment.
    • Fixed mode: The transmit power is manually configured for a radio.

    Configure the radio rate.

    Configure the basic rate set of the 802.11bg protocol in the radio profile.

    80211bg basic-rate { 80211bg-rate-value &<1-12> | all }

    By default, basic rates of the 802.11bg protocol in the radio profile include 1 Mbps and 2 Mbps.

    All rates specified in the basic rate set must be supported by both the AP and STA; otherwise, the STA cannot associate with the AP.

    Configure the supported rate set of the 802.11bg protocol in the radio profile.

    80211bg supported-rate { 80211bg-rate-value &<1-12> | all }

    By default, the rates supported by the 802.11bg protocol in the radio profile include 1 Mbps, 2 Mbps, 5.5 Mbps, 6 Mbps, 9 Mbps, 11 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps, and 54 Mbps.

    The supported rate set contains rates supported by the AP, except the basic rates. The AP and STA can transmit data at all rates specified by the supported rate set.

    Configure the radio multicast rate.

    multicast-rate { 2g 2g-multicast-rate | 5g 5g-multicast-rate }

    By default, the multicast rate of wireless packets is 11 Mbps for the 2.4 GHz radio and 6 Mbps for the 5 GHz radio.

    If the configured multicast rate is not in the basic rate set and the STA does not support this rate, the STA cannot receive multicast data.

    Restrict access of legacy terminals.

    legacy-station enable

    By default, access of legacy terminals is allowed.

    Legacy terminals support only 802.11a, 802.11b, or 802.11g and provide a rate far smaller than 802.11n and 802.11ac terminals. If the legacy terminals access the wireless network, data transmission rate of the 802.11n and 802.11ac terminals will be reduced. To prevent transmission rate of 802.11n and 802.11ac terminals from being affected, restrict access of legacy terminals.

    Configure the interval at which an AP sends Beacon frames.

    beacon-interval beacon-interval

    By default, the interval for sending Beacon frames is 100 ms.

    An AP broadcasts Beacon frames at intervals to notify STAs of an existing 802.11 network. After receiving a Beacon frame, a STA can modify parameters used to connect to the 802.11 network.

    A long interval for sending Beacon frames lengthens the dormancy time of STAs, while a short interval for sending Beacon frames increases air interface costs. Therefore, you are advised to set the interval for sending Beacon frames for an AP based on the VAP quantity. The following intervals for sending Beacon frames are recommended for APs with different VAP quantities on a single radio:
    • No more than 4 VAPs: about 100 ms
    • 5 to 8 VAPs: about 200 ms
    • 9 to 12 VAPs: about 300 ms
    • 13 to 16 VAPs: about 400 ms

    Configure the DTIM interval.

    dtim-interval dtim-interval

    By default, the DTIM interval is 1.

    The DTIM interval specifies how many Beacon frames are sent before the Beacon frame that contains the DTIM. An AP sends a Beacon frame to wake a STA in power-saving mode, indicating that the saved broadcast and multicast frames will be transmitted to the STA.

    • A short DTIM interval helps transmit data in a timely manner, but the STA is waken frequently, causing high power consumption.
    • A long DTIM interval lengthens the dormancy time of a STA and saves power, but degrades the transmission capability of the STA.

    Configure an AP to support the short preamble.

    short-preamble { enable | disable }

    By default, an AP supports the short preamble.

    The preamble is a section of bits in the header of a data frame. It synchronizes signals transmitted between the sender and receiver and can be a short or long preamble.

    • A short preamble ensures better network synchronization performance and is recommended.
    • A long preamble is usually used for compatibility with earlier network adapters of clients.

    Configure the collision rate threshold, packet loss threshold, and error packet threshold.

    Configure the collision rate threshold.

    conflict-rate-threshold conflict-rate-threshold

    By default, the collision rate threshold is 60.

    This configuration helps determine whether the radio environment is good. When the collision rate, packet loss ratio, or error packet ratio of a radio reaches the threshold, the system considers that the radio environment deteriorates. When this occurs, the system needs to improve the radio environment.

    Configure the packet loss threshold and error packet threshold.

    per-threshold per-threshold

    By default, the packet loss threshold and error packet threshold is 30%.

    Configure the RTS mechanism.

    Configure the RTS threshold.

    rts-cts-threshold rts-cts-threshold

    By default, the RTS threshold is 2347 bytes.

    If STAs perform RTS/CTS handshakes before sending data, many RTS frames consume high channel bandwidth. To prevent this problem, set the RTS threshold attempts for long/short frames. The RTS threshold specifies the length of frames to be sent. When the length of frames to be sent by a STA is smaller than the RTS threshold, no RST/CTS handshake is performed. The default RTS threshold is recommended.

    Configure 802.11n.

    Configure the guard interval (GI) mode.

    guard-interval-mode { short | normal }

    By default, the normal GI is used.

    The GI mode is classified into the short GI and normal GI. The normal GI is 800 ns, and the short GI is 400 ns. The short GI is applicable to 802.11n and 802.11ac standards, which can raise the transmission rate of 802.11n and 802.11ac packets.

    Configure the maximum length of an A-MPDU.

    80211n a-mpdu max-length-exponent length-capability-index

    By default, the index for the maximum length of an A-MPDU is 3. The maximum length of the A-MPDU is 65535 bytes.

    An 802.11 packet is sent as an MPDU, requiring channel competition and backoff and consuming channel resources. The 802.11n MPDU aggregation function aggregates multiple MPDUs into an aggregate MAC Protocol Data Unit (A-MPDU), so that N MPDUs can be transmitted through one channel competition and backoff. This function saves the channel resources to be consumed for sending N-1 MPDUs. The MPDU aggregation function improves channel efficiency and 802.11 network performance.

Binding a WMM Profile to a Radio Profile

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run radio-profile { id profile-id | name profile-name } *

    The radio profile view is displayed.

  4. Run wmm-profile { id profile-id | name profile-name }

    A WMM profile is bound to the radio profile.

    By default, the WMM profile named wmmf is bound to the radio profile named radiof.

    A radio profile can be applied to a radio only after a WMM profile is bound to the radio profile.

Creating a Security Profile

Context

As WLAN technology uses radio signals to transmit service data, service data can easily be intercepted or tampered by attackers when being transmitted on the open wireless channels. Security is critical to WLANs. You can create a security profile to configure security policies, which protect privacy of users and ensure data transmission security on WLANs.

A security profile provides four WLAN security policies: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WLAN Authentication and Privacy Infrastructure (WAPI). Each security policy has a series of security mechanisms, including the link authentication mechanism used to establish a wireless link, user authentication mechanism used when users attempt to connect to a wireless network, and data encryption mechanism used during data transmission.

If no security policy is configured during the creation of a security profile, the default authentication mode (open system authentication) is used. When a user searches for a wireless network, the user can connect to the wireless network without being authenticated.

The default security policy introduces potential security risks. By exploiting that, unauthorized users may log in to the device using Telnet to modify service configurations. To mitigate the security risks, configure a more secure security policy, such as WPA/WPA2. For details, see WLAN-Fat AP Security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run security-profile { id profile-id | name profile-name } *

    A security profile is created and the security profile view is displayed.

    By default, the security profile named secf exists in the system.

    After a security profile is created, the profile retains the default settings.

    The profile name is mandatory when you create a security profile.

Creating a Traffic Profile

Context

You can create a traffic profile to customize priority mapping and traffic policing functions for a WLAN.
  • Priority mapping: If Wi-Fi Multimedia (WMM) is enabled on both a STA and an AP, the STA sends packets carrying the priority. To ensure end-to-end QoS and retain the priorities of packets during transmission, configure the device to map priorities of different packets.
  • Traffic policing: To protect network resources, limit the rate of packets sent by a STA.

For details on how to configure parameters in a traffic profile, see Configuring Priority Mapping and Configuring Traffic Policing.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run traffic-profile { id profile-id | name profile-name } *

    A traffic profile is created.

    By default, the traffic profile named traf exists in the system.

    After a traffic profile is created, the profile retains the default settings.

    The profile name is mandatory when you create a traffic profile.

Configuring a WLAN-BSS Interface

Context

When an AP receives 802.11 radio packets, it uses a WLAN-BSS interface to send the packets to the WLAN service module. The WLAN-BSS interface is configured with parameters such as the interface priority and authentication mode.

A WLAN-BSS interface is a virtual Layer 2 interface. Similar to a hybrid Layer 2 Ethernet interface, a WLAN-BSS interface has Layer 2 attributes and supports multiple Layer 2 protocols.

After creating and configuring a WLAN-BSS interface, bind a service set to the interface.

This section describes how to configure basic attributes of a WLAN-BSS interface. For detailed security configuration of a WLAN-BSS interface, see NAC Configuration.

Procedure

  • Configure a VLAN for a WLAN-BSS interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface wlan-bss wlan-bss-number

      A WLAN-BSS interface is created.

    3. Run port hybrid tagged vlan vlan-id

      The hybrid interface is added to a VLAN and adds the specified VLAN ID to packets passing through the interface.

      By default, the hybrid WLAN-BSS interface is not added to a VLAN.

Configuring a WLAN Service Set

Context

The administrator needs to deliver service parameters to an AP so that the AP can provide network access service for wireless users. A service set is a group of service parameters, including the SSID, whether to hide the SSID, maximum number of access users, and user association timeout period.

After configuring a service set, bind the service set to an AP radio. Then all the service parameters in the service set are applied to a VAP. Subsequently, the AP provides differentiated wireless services for users based on these service parameters.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run service-set { name service-set-name | id service-set-id } *

    A service set is created.

    The service set name is mandatory when you create a service set.

  4. Configure mandatory parameters for the service set.

    Procedure

    Command

    Description

    Configure the SSID

    ssid ssid

    By default, no SSID is set for a service set.

  5. Configure optional parameters for the service set.

    Only basic parameters are listed. Other parameters are configured in corresponding features.

    Procedure

    Command

    Description

    Set the maximum number of access users for the service set

    max-user-number max-user-number

    By default, the maximum number of access users in a service set is 32.

    Configure the user association timeout period

    association-timeout association-timeout

    By default, the user association timeout period is 5 minutes.

    Configure the AP to hide the SSID in a Beacon frame

    ssid-hide

    By default, the SSID is not hidden in a Beacon frame.

    When creating a WLAN, configure an AP to hide the SSID of the WLAN to ensure security. Only the users that know the SSID can connect to the WLAN.

    Enable the function of converting IPv4 multicast packets to IPv4 unicast packets

    igmp-mode snooping

    By default, the function of converting IPv4 multicast packets to IPv4 unicast packets is disabled.

    After the function is enabled, an AP listens on Report and Leave packets to maintain multicast-to-unicast entries. When sending multicast packets to the client, the AP converts the multicast packets to unicast packets based on the multicast-to-unicast entries to improve multicast stream transmission efficiency.

Binding a Security Profile, a Traffic Profile, and a WLAN-BSS Interface to a Service Set

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run service-set { name service-set-name | id service-set-id } *

    The service set view is displayed.

  4. Run security-profile { name profile-name | id profile-id }

    A security profile is bound to the service set.

    By default, the security profile named secf is bound to a service set.

  5. Run traffic-profile { name profile-name | id profile-id }

    A traffic profile is bound to the service set.

    By default, the traffic profile named traf is bound to a service set.

  6. Run wlan-bss wlan-bss-number

    A WLAN-BSS interface is bound to the service set.

    By default, no WLAN-BSS is bound to a service set.

Configuring a Radio

Context

You can configure a radio to configure radio parameters on an AP radio module, including the antenna gain, power, channel, and number of available antennas.

After a VAP is created, the VAP inherits all the parameters configured in the radio bound to the VAP.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface wlan-radio wlan-radio-number

    The radio interface is created and the radio interface view is displayed.

    If wlan-radio-number is set to 0/0/0, the 2.4 GHz radio interface view is displayed; if wlan-radio-number is set to 0/0/1, the 5 GHz radio interface view is displayed.

  3. (Optional) Run radio enable

    The radio is enabled.

    By default, the radio is enabled.

  4. (Optional) Run available-antenna-number { all | available-antenna-number }

    The number of available antennas on a radio is set. Excess antennas will then be shut down to save power.

    By default, all antennas on a radio are available.

    The value of available-antenna-number must be equal to or smaller than the number of antennas on a radio.

  5. (Optional) Run power-level power-level

    The power level of the radio is specified.

    By default, the power level of a radio is 0, indicating full power. The actual power is determined by an AP type.

    In automatic power mode, the AP can automatically adjust the radio power level based on the radio environment.

    The radio power mode has been set to fixed using the power-mode fixed command.

    The power reduces by 1 dBm each time the AP power level increases by 1.

  6. (Optional) Run channel { 20mhz | 40mhz-minus | 40mhz-plus | 80mhz } channel

    A channel is configured for the radio.

    The default working channel of a radio is selected based on the country code and radio frequency band.
    • The radio frequency band varies according to AP models.
    • The default working channel of each AP radio varies according to different country codes.

    The channel mode has been set to fixed using the channel-mode fixed command.

    You can run the display actual channel-power interface wlan-radio wlan-radio-number command to check the channel in use on a radio.

    To avoid signal interference, ensure that adjacent APs work in non-overlapping channels.

    • 40mhz-minus and 40mhz-plus take effect only when the radio type is 802.11n.

    • The 2.4 GHz radio does not support the 40 MHz Minus and 40 MHz Plus bandwidth in FCC compliance regions (including America).

    • Different countries support different wireless channels. You can run the display ap configurable channel command to check the channels supported by all the APs.

Binding a Radio Profile to a Wlan-Radio interface

Context

After a radio profile is bound to a radio, parameters defined in the radio profile are applied to the radio.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface wlan-radio wlan-radio-number

    The radio interface view is displayed.

  3. Run radio-profile { id profile-id | name profile-name }

    A radio profile is bound to the radio.

    By default, no radio profile is bound to a radio.

Configuring a VAP

Context

A VAP is a functional entity on an AP. You can create a VAP on a radio by binding a service set to the radio.

When a VAP is delivered to an AP, the service set parameters in the VAP are delivered to the AP. The AP then provides services for users based on the service set parameters.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface wlan-radio wlan-radio-number

    The radio interface view is displayed.

  3. Run service-set { name service-set-name | id service-set-id } [ wlan wlan-id ]

    A service set is bound to the VAP.

    By default, no service set is bound to any wlan-radio interface.

Verifying the WLAN Service VAP Configuration

Procedure

  • Run the display wmm-profile { all | id profile-id | name profile-name } command to check information about all WMM profiles or a specified WMM profile.
  • Run the display radio-profile { all | id profile-id | name profile-name } command to check information about all radio profiles or a specified radio profile.
  • Run the display binding radio-profile { id profile-id | name profile-name } command to check the binding between an AP radio and a specified radio profile.
  • Run the display actual channel-power interface wlan-radio wlan-radio-number command to check the channel and power of a radio.
  • Run the display security-profile { all | { id profile-id | name profile-name } [ detail ] } command to check information about all security profiles or a specified security profile.
  • Run the display traffic-profile { all | id profile-id | name profile-name } command to check information about all traffic profiles or a specified traffic profile.
  • Run the display radio config interface wlan-radio wlan-radio-number command to check the configuration of a radio.
  • Run the display service-set { all | id service-set-id | name service-set-name | ssid ssid } command to check information about all service sets or a specified service set.
  • Run the display vap { all | service-set { id service-set-id | name service-set-name } } command to check VAP information.
  • Run the display ap configurable channel command to check the configurable channels supported by the AP.
Translation
简体中文
Download
Updated: 2021-11-30

Document ID: EDOC1100112363

Views: 45162

Downloads: 213

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :