Example for Configuring Applications of a Mobile Internet Gateway at a Bus Stop

Procedure

1. Configure a DHCP address pool.

   # Enable DHCP.

   <Huawei> system-view
   [Huawei] sysname Router
   [Router] dhcp enable

   # Configure DNS Proxy.

   [Router] dns proxy enable
   [Router] dns resolve

   # Create a global address pool from which IP addresses are assigned to STAs.

   [Router] ip pool 4gpool1
   [Router-ip-pool-4gpool1] network 192.168.100.0 mask 255.255.255.0
   [Router-ip-pool-4gpool1] gateway-list 192.168.100.1
   [Router-ip-pool-4gpool1] dns-list 192.168.100.1
   [Router-ip-pool-4gpool1] quit
   [Router] ip pool 4gpool2
   [Router-ip-pool-4gpool2] network 192.168.101.0 mask 255.255.255.0
   [Router-ip-pool-4gpool2] gateway-list 192.168.101.1
   [Router-ip-pool-4gpool2] dns-list 192.168.101.1
   [Router-ip-pool-4gpool2] quit

   # Configure the interface to use the global address pool.

   [Router] vlan batch 100 101
   [Router] interface vlanif 100
   [Router-Vlanif100] ip address 192.168.100.1 255.255.255.0
   [Router-Vlanif100] dhcp select global
   [Router-Vlanif100] quit
   [Router] interface vlanif 101
   [Router-Vlanif101] ip address 192.168.101.1 255.255.255.0
   [Router-Vlanif101] dhcp select global
   [Router-Vlanif101] quit

2. Create and configure a RADIUS server template, an AAA authentication scheme, and an authentication domain.

   # Create and configure RADIUS server template rd1. The shared key configured in the template must be the same as that on the RADIUS server.

   [Router] radius-server template rd1
   [Router-radius-rd1] radius-server authentication 202.10.10.1 1812
   [Router-radius-rd1] radius-server accounting 202.10.10.1 1813
   [Router-radius-rd1] radius-server shared-key cipher hello
   [Router-radius-rd1] quit

   # Configure authentication scheme abc and use RADIUS authentication for Portal users.

   [Router] aaa
   [Router-aaa] authentication-scheme abc
   [Router-aaa-authen-abc] authentication-mode radius
   [Router-aaa-authen-abc] quit

   # Configure accounting scheme abc and use RADIUS accounting for Portal users.

   [Router-aaa] accounting-scheme abc
   [Router-aaa-accounting-abc] accounting-mode radius
   [Router-aaa-accounting-abc] quit

   # Create authentication domain isp1, and bind AAA authentication scheme abc, accounting scheme abc and RADIUS server template rd1 to it.

   [Router-aaa] domain isp1
   [Router-aaa-domain-isp1] authentication-scheme abc
   [Router-aaa-domain-isp1] accounting-scheme abc
   [Router-aaa-domain-isp1] radius-server rd1
   [Router-aaa-domain-isp1] quit
   [Router-aaa] quit

   # Configure global default domain isp1. During access authentication, enter a user name in the format user name@domain name, for example, user@isp1. The user is authenticated in the domain. If the user name does not carry the domain name or carries an invalid domain name, the user is authenticated in the default domain.

   [Router] domain isp1

   # Check whether a user can be authenticated using RADIUS authentication. A test user account has been configured on the RADIUS server, with the user name test@isp1 and password 123456.

   [Router] test-aaa test@isp1 123456 radius-template rd1
   Info: Account test succeed.

   # Configure STAs to be authenticated using configurations in domain isp1.

   [Router] interface wlan-bss 1
   [Router-Wlan-Bss1] permit-domain name isp1
   [Router-Wlan-Bss1] force-domain name isp1
   [Router-Wlan-Bss1] quit
   [Router] interface wlan-bss 2
   [Router-Wlan-Bss2] permit-domain name isp1
   [Router-Wlan-Bss2] force-domain name isp1
   [Router-Wlan-Bss2] quit

3. Configure a Portal server.

   # Set the IP address of the Portal server to 192.168.3.2, the port that the Portal server uses to receive notification packets from the device to 50100, and the HTTP redirection URL to http://192.168.3.2.

   [Router] web-auth-server server_abc
   [Router-web-auth-server-server_abc] server-ip 192.168.3.2
   [Router-web-auth-server-server_abc] port 50100 
   [Router-web-auth-server-server_abc] url http://192.168.3.2 
   [Router-web-auth-server-server_abc] quit

   # Assign an IP address on the same network segment of the Portal server to Eth0/0/0 of the Router.

   [Router] interface ethernet0/0/0
   [Router-Ethernet0/0/0] ip address 192.168.3.1 24 
   [Router-Ethernet0/0/0] quit

   # Enable Portal authentication.

   [Router] interface vlanif 100
   [Router-Vlanif100] web-auth-server server_abc direct
   [Router-Vlanif100] quit
   [Router] interface vlanif 101
   [Router-Vlanif101] web-auth-server server_abc direct
   [Router-Vlanif101] quit
   [Router] interface wlan-bss 1
   [Router-Wlan-Bss1] web-authentication first-mac
   [Router-Wlan-Bss1] quit
   [Router] interface wlan-bss 2
   [Router-Wlan-Bss2] web-authentication first-mac
   [Router-Wlan-Bss2] quit

4. Set basic function parameters and service VAPs for the Fat AP.

   # Configure the country code.

   [Router] wlan global country-code cn 
    Warning: Modify the country code may delete all vap and stations will offline, 
   are you sure to continue?[Y/N]:y

   # Create WMM profile wmm-1 and use the default settings.

   [Router] wlan
   [Router-wlan-view] wmm-profile name wmm-1 id 1
   [Router-wlan-wmm-prof-wmm-1] quit

   # Create radio profiles radio-1 and radio-2, and bind WMM profile wmm-1 to them.

   [Router-wlan-view] radio-profile name radio-1 id 1 
   [Router-wlan-radio-prof-radio-1] wmm-profile name wmm-1 
   [Router-wlan-radio-prof-radio-1] quit
   [Router-wlan-view] radio-profile name radio-2 id 2 
   [Router-wlan-radio-prof-radio-2] wmm-profile name wmm-1 
   [Router-wlan-radio-prof-radio-2] quit
   [Router-wlan-view] quit

   # Bind radio profiles radio-1 and radio-2 to Radio0/0/0 and Radio0/0/1, respectively.

   [Router] interface wlan-radio 0/0/0
   [Router-Wlan-Radio0/0/0] radio-profile name radio-1
    Warning: Modify the Radio type may cause some parameters of Radio resume defaul
   t value, are you sure to continue?[Y/N]: y
   [Router-Wlan-Radio0/0/0] quit
   [Router] interface wlan-radio 0/0/1
   [Router-Wlan-Radio0/0/1] radio-profile name radio-2
    Warning: Modify the Radio type may cause some parameters of Radio resume defaul
   t value, are you sure to continue?[Y/N]: y
   [Router-Wlan-Radio0/0/1] quit

   # Configure a WLAN-BSS virtual interface so that the device can forward packets from STAs to the WLAN service processing module.

   [Router] interface wlan-bss 1
   [Router-Wlan-Bss1] port hybrid tagged vlan 100
   [Router-Wlan-Bss1] quit
   [Router] interface wlan-bss 2
   [Router-Wlan-Bss2] port hybrid tagged vlan 101
   [Router-Wlan-Bss2] quit

   # Create security profile security-1, and set the authentication mode to WEP open system authentication and the encryption mode to no encryption.

   [Router] wlan
   [Router-wlan-view] security-profile name security-1 id 1
   [Router-wlan-sec-prof-security-1] security-policy wep
   [Router-wlan-sec-prof-security-1] wep authentication-method open-system
   [Router-wlan-sec-prof-security-1] quit

   # Configure a QoS policy. Create traffic profile traffic-1 and use the default settings.

   [Router-wlan-view] traffic-profile name traffic-1 id 1
   [Router-wlan-traffic-prof-traffic-1] quit

   # Create service sets, set SSIDs to station-wlan1 and station-wlan2, and bind the traffic profile, security profile, and WLAN-BSS interface to the service sets.

   [Router-wlan-view] service-set name station-wlan1 id 1
   [Router-wlan-service-set-station-wlan1] ssid station-wlan1
   [Router-wlan-service-set-station-wlan1] traffic-profile name traffic-1
   [Router-wlan-service-set-station-wlan1] security-profile name security-1
   [Router-wlan-service-set-station-wlan1] wlan-bss 1
   [Router-wlan-service-set-station-wlan1] quit
   [Router-wlan-view] service-set name station-wlan2 id 2
   [Router-wlan-service-set-station-wlan2] ssid station-wlan2
   [Router-wlan-service-set-station-wlan2] traffic-profile name traffic-1
   [Router-wlan-service-set-station-wlan2] security-profile name security-1
   [Router-wlan-service-set-station-wlan2] wlan-bss 2
   [Router-wlan-service-set-station-wlan2] quit
   [Router-wlan-view] quit

   # Bind service sets station-wlan1 and station-wlan2 to Radio0/0/0 and Radio0/0/1, respectively.

   [Router] interface wlan-radio 0/0/0
   [Router-Wlan-Radio0/0/0] service-set name station-wlan1   
   [Router-Wlan-Radio0/0/0] quit  
   [Router] interface wlan-radio 0/0/1
   [Router-Wlan-Radio0/0/1] service-set name station-wlan2   
   [Router-Wlan-Radio0/0/1] quit  
   

5. Configure an LTE interface.

   # Configure the dialer control list.

   [Router] dialer-rule
   [Router-dialer-rule] dialer-rule 1 ip permit
   [Router-dialer-rule] quit

   # Enable circular DCC.

   [Router] interface cellular 0/0/0
   [Router-Cellular0/0/0] dialer enable-circular

   # Configure the LTE interface to obtain IP addresses dynamically.

   [Router-Cellular0/0/0] ip address negotiate

   # Associate the dialer control list with Cellular0/0/0.

   The numbers in the dialer-group and dialer-rule commands must be the same.

   [Router-Cellular0/0/0] dialer-group 1

   # Set the dial string to *99#.

   [Router-Cellular0/0/0] dialer number *99#

   # Configure the network connection mode.

   [Router-Cellular0/0/0] mode lte auto
   [Router-Cellular0/0/0] quit

   # Create an APN profile and set the APN name to LTENET that is obtained from a carrier.

   [Router] apn profile lteprofile
   [Router-apn-profile-lteprofile] apn LTENET

   # Configure the user name, password, and authentication mode for accessing the public data network (PDN).

   [Router-apn-profile-lteprofile] user name lteuser password cipher Password@123 authentication-mode auto
   [Router-apn-profile-lteprofile] quit

   # Bind the APN profile to the LTE cellular interface.

   [Router] interface cellular 0/0/0
   [Router-Cellular0/0/0] apn-profile lteprofile
   [Router-Cellular0/0/0] shutdown
   [Router-Cellular0/0/0] undo shutdown
   [Router-Cellular0/0/0] quit

   # Configure NAT.

   [Router] acl number 3002
   [Router-acl-adv-3002] rule 5 permit ip source 192.168.100.0 0.0.0.255
   [Router-acl-adv-3002] rule 10 permit ip source 192.168.101.0 0.0.0.255
   [Router-acl-adv-3002] quit
   [Router] interface cellular 0/0/0
   [Router-Cellular0/0/0] nat outbound 3002
   [Router-Cellular0/0/0] quit

   # Configure a default route and specify Cellular0/0/0 as the outbound interface.

   [Router] ip route-static 0.0.0.0 0 cellular 0/0/0

6. Verify the configuration.

   # View detailed information about Cellular0/0/0. The following command output shows that when traffic is transmitted on the interface, the physical status and link layer protocol status of the interface are both Up, and the interface dynamically obtains IP address 10.1.1.2/24.

   [Router] display interface Cellular 0/0/0
   Cellular0/0/0 current state : UP
   Line protocol current state : UP
   Last line protocol up time : 2014-05-19 00:45:49
   Description:HUAWEI, AR Series, Cellular0/0/0 Interface
   Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
   Internet Address is negotiated, 10.1.1.2/32
   Link layer protocol is PPP
   LCP opened, IPCP opened
   Last physical up time   : 2014-05-19 00:45:26
   Last physical down time : 2014-05-19 00:45:16
   Current system time: 2014-05-19 03:07:08
   Modem State: Present
   Last 300 seconds input rate 3 bytes/sec 24 bits/sec 0 packets/sec
   Last 300 seconds output rate 0 bytes/sec 0 bits/sec 0 packets/sec
   Input: 121082 packets, 112644324 bytes
     Unicast:             110160,    Ununicast:              10922
   
   Output: 134960 packets, 11718497 bytes
     Unicast:             124053,    Ununicast:              10907
       Input bandwidth utilization  : 0.01%
       Output bandwidth utilization :    0%

   # View information about all call sessions on the LTE data card. The following command output shows that the APN is LTENET, the network type is Automatic, and the network connection mode is LTE(LTE).

   [Router] display Cellular 0/0/0 all
   Modem State:                                                                    
   Hardware Information.                                                           
   =====================                                                           
   Model = MU609                                                                   
   Modem Firmware Version =  12.105.29.00.00                            
   Hardware Version = MD1MU609M01                                                  
   Integrate circuit card identity (ICCID) = 98681011274300909893                
   International Mobile Subscriber Identity (IMSI) = 460016002731442               
   International Mobile Equipment Identity (IMEI) = 861230010006485                
   Factory Serial Number (FSN) = T2Y01A9211900298                                  
   Modem Status = Online                                                           
   Profile Information.                                                            
   ====================                                                            
   Profile 1 = ACTIVE                                                              
   --------                                                                        
   PDP Type = IPv4, Header Compression = OFF                                       
   Data Compression = OFF                                                          
   Access Point Name (APN) = LTENET                                                
   Packet Session Status = Active                                                
   * - Default profile                                                             
   Network Information.                                                            
   ====================                                                            
   Current Service Status = Service available                                      
   Current Service = Combined                                                      
   Packet Service = Attached                                                       
   Packet Session Status = Active                                                
   Current Roaming Status = Home                                                   
   Network Selection Mode = Automatic                                              
   Network Connection Mode = Automatic                                             
   Current Network Connection = LTE(LTE)                                       
   Mobile Country Code (MCC) = 460                                                 
   Mobile Network Code (MNC) = 01                                                  
   Mobile Operator Information = "CHN-CULTE"                                       
   Cell ID = 55924                                                                 
   Upstream Bandwidth = 50mbps                                                    
   Downstream Bandwidth = 100mbps                                                  
   Radio Information.                                                              
   ==================                                                              
   Current Band = AUTO                                                             
   Current RSSI = -55 dBm                                                          
   Modem Security Information.                                                     
   ===========================                                                     
   PIN Verification = Disabled                                                     
   PIN Status = Ready                                                              
   Number of Retries remaining = 3                                                 
   SIM Status = OK             
   

   # The WLANs with SSIDs station-wlan1 and station-wlan2 are available for STAs connected to the Fat AP. After associated with the WLANs, the user can enter the correct user name and password on the Portal authentication page. After the authentication is complete, the user can access the Internet.