No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S7700 V200R019C10 Web-based Configuration Guide

This document describes how to configure and maintain devices through the web NMS client, including device status statistics, SVF, interface, Ethernet switching, IP service, IP routing, security, ACL, AAA, system management, QoS, WLAN, diagnosis service, and EasyDeploy.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Unified Access for Wired and Wireless Users

Example for Configuring Unified Access for Wired and Wireless Users

Overview of Unified Access for Wired and Wireless Users

In practice, both wired and wireless users need to access one network. For example, the PCs and printers of a company connect to the network in wired mode, and laptops and mobile phones connect wirelessly. After unified access for wired and wireless users is configured on a network, users of both types can access the network and be managed in a unified manner.

Networking Requirements

A hospital needs to deploy both a wired and a wireless network. To simplify management and maintenance, the administrator requires that wired and wireless users be centrally managed on the AC, non-authentication and Portal authentication be configured for the wired and wireless users respectively, and wireless users roam under the same AC.

As shown in Figure 10-99, the AC connects to the egress gateway Router in the uplink direction. In the downlink direction, the AC connects to and manages APs through S5720-1 and S5720-2 access switches. The S5720-1 and S5720-2 are deployed in the first and second floors, respectively. An AP2010DN is deployed in each room to provide both wired and wireless access. The AP5030DN is deployed in the corridor to provide wireless network coverage. The S5720-1 and S5720-2 are PoE switches directly providing power to connected APs.

To facilitate network planning and management, the access switches are only used to transparently transmit data at Layer 2, and all gateways are configured on the AC

The AC functions as a DHCP server to assign IP addresses to APs, STAs, and PCs.

Figure 10-99 Networking for unified wired and wireless access

Data Planning

Table 10-4 Network data planning

Item

Interface

VLAN

Description

AC

GE1/0/1

100, 201

Connected to the S5720-1

GE1/0/2

100, 202

Connected to the S5720-2

GE1/0/3

200

Connected to the Agile Controller

GE1/0/4

300

Connected to the egress gateway

S5720-1

GE0/0/1

100, 201

Connected to the AC

GE0/0/2

100, 201

Connected to AP101

GE0/0/3

100, 201

Connected to AP102

GE0/0/4

100, 201

Connected to AP103

S5720-2

GE0/0/1

100, 202

Connected to the AC

GE0/0/2

100, 202

Connected to AP201

GE0/0/3

100, 202

Connected to AP202

GE0/0/4

100, 202

Connected to AP203

AP101 and AP102

Eth0/0/0

Eth0/0/1

GE0/0/0

201

GE0/0/0 connects to the S5720-1.

Eth0/0/0 and Eth0/0/1 connects to wired users.

AP101 and AP102 are AP2010DNs and are deployed in rooms on the first floor to provide wired and wireless access.

AP103

GE0/0/0

201

GE0/0/0 connects to the S5720-1.

AP103 is an AP5030DN and is deployed in the corridor on the first floor to provide wireless access.

AP201 and AP202

Eth0/0/0

Eth0/0/1

GE0/0/0

202

GE0/0/0 connects to the S5720-2.

Eth0/0/0 and Eth0/0/1 connects to wired users.

AP201 and AP202 are AP2010DNs and are deployed in rooms on the second floor to provide wired and wireless access.

AP203

GE0/0/0

202

GE0/0/0 connects to the S5720-2.

AP203 is an AP5030DN and is deployed in the corridor on the second floor to provide wireless access.
Table 10-5 Service data planning

Item

Data

Description

AC's source interface address

10.23.100.1/24

-

AP group
  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-vap1, regulatory domain profile domain1, and radio profiles radio-2g and radio-5g

-
  • Name: ap-group2
  • Referenced profiles: VAP profile wlan-vap2, regulatory domain profile domain1, and radio profiles radio-2g and radio-5g

Portal access profile

  • Name: portal1

  • Referenced template: Portal server template portal1

-

Authentication profile

  • Name: portal1

  • Referenced profile: Portal access profile portal1

-

Regulatory domain profile
  • Name: domain1
  • Country code: CN

-

AP wired port profile

Name: wired1, wired2, wired3, or wired4

-

RRM profile

Name: rrm1

-

Radio profile

  • Name: radio-2g and radio-5g

  • Referenced profile: RRM profile rrm1

-

Security profile
  • Name: wlan-security
  • Security and authentication policy: OPEN

-

SSID profile
  • Name: wlan-ssid
  • SSID: hospital-wlan

-

Traffic profile

Name: traffic1

-

VAP profile
  • Name: wlan-vap1
  • SSID: hospital-wlan
  • Data forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 101
  • Referenced profiles: security profile wlan-security, SSID profile wlan-ssid, authentication profile portal1, and traffic profile traffic1

Provides WLAN network coverage for the first floor of the building.
  • Name: wlan-vap2
  • SSID: hospital-wlan
  • Data forwarding mode: tunnel forwarding
  • Service VLAN: VLAN 102
  • Referenced profiles: security profile wlan-security, SSID profile wlan-ssid, authentication profile portal1, and traffic profile traffic1

Provides WLAN network coverage for the second floor of the building.

DHCP server

The AC functions as a DHCP server to assign IP addresses to APs, STAs, and PCs.

-

AP gateway and IP address pool range

VLANIF 100: 10.23.100.1/24

10.23.100.2-10.23.100.254/24

-

Gateway and IP address pool range of the wireless users

VLANIF 101: 10.23.101.1/24

10.23.101.2-10.23.101.254/24

-

VLANIF 102: 10.23.102.1/24

10.23.102.2-10.23.102.254/24

-

Gateway and IP address pool range of the wired users

VLANIF 201: 10.23.201.1/24

10.23.201.2-10.23.201.254/24

-

VLANIF 202: 10.23.202.1/24

10.23.202.2-10.23.202.254/24

-

Server parameters
Authentication server:
  • IP address: 10.23.200.1
  • Port number: 1812
  • RADIUS shared key: Admin@123
  • The Service Controller (SC) of the Agile Controller provides RADIUS server and Portal server functions; therefore, the IP address of the SC is used for the authentication server, accounting server, authorization server, and Portal server.
  • Configure a RADIUS accounting server to collect user login and logout information. The port numbers of the authentication server and accounting server must be the same as those of the RADIUS server.
  • Configure an authorization server to enable the RADIUS server to deliver authorization rules to the AC. The shared key of the authorization server must be the same as that of the authentication server and accounting server.
Accounting server:
  • IP address: 10.23.200.1
  • Port number: 1813
  • RADIUS shared key: Admin@123
Authorization server:
  • IP address: 10.23.200.1
  • RADIUS shared key: Admin@123
Portal server:
  • IP address: 10.23.200.1
  • Port number that the AC uses to listen on Portal protocol packets: 2000
  • Destination port number in the packets that the AC sends to the Portal server: 50100
  • Portal shared key: Admin@123
  • Encryption key for the URL parameters that the AC sends to the Portal server: Admin@123
Table 10-6 Radio channel data planning

Item

Data

Description

AP101

Radio 0: channel 1 and power level 10

Use the WLAN Planner to plan AP installation locations, and the working channel and power of the AP radio. Set the channel mode and power mode to fixed, and configure the channel and power for each AP.

AP102

Radio 0: channel 6 and power level 10

AP103

Radio 0: channel 11 and power level 10

Radio 1: channel 153 and power level 10

AP201

Radio 0: channel 1 and power level 10

AP202

Radio 0: channel 6 and power level 10

AP203

Radio 0: channel 11 and power level 10

Radio 1: channel 157 and power level 10

Configuration Roadmap

  1. Configure network interworking of the AC, APs, S5720-1, S5720-2, and other network devices.
  2. Configure the AC as a DHCP server to assign IP addresses to APs, wired users, and wireless users.
  3. Configure a RADIUS server template, configure authentication, accounting, and authorization in the template, and configure Portal authentication.
  4. Configure basic WLAN services, including AC system parameters, AP management, and WLAN service parameters.
  5. Configure VAPs and deliver VAP parameters to APs.
  6. Verify the configuration to ensure that both wired and wireless users can access the Internet.

Procedure

  1. Configure the VLANs to which interfaces of S5720-1 and S5720-2 belong.

    The S5720-1 is used as an example here. The configuration on the S5720-2 is similar.

    1. Choose Configuration > Fast WLAN Config > AC to access the Ethernet interface configuration page.
    2. Click interface data under Interface Name. In the Modify Ethernet Interface dialog box, set Default VLAN and Link type, enter VLAN IDs in the Added VLAN ID text box, and click to add interfaces in tagged mode, as shown in Figure 10-100, Figure 10-101, Figure 10-102, and Figure 10-103. Click OK.

      Figure 10-100 Configuring GE0/0/1

      Figure 10-101 Configuring GE0/0/2

      Figure 10-102 Configuring GE0/0/3

      Figure 10-103 Configuring GE0/0/4

  2. Configure the VLANs to which interfaces of an AC belong.
    1. Choose Configuration > Fast WLAN Config > AC to access the Ethernet interface configuration page.
    2. Click interface data under Interface Name. In the Modify Ethernet Interface dialog box, set Link type, enter VLAN IDs in the Added VLAN ID text box, and click to add interfaces in tagged mode, as shown in Figure 10-104, Figure 10-105, Figure 10-106, and Figure 10-107. Click OK.

      Figure 10-104 Configuring GE1/0/1

      Figure 10-105 Configuring GE1/0/2

      Figure 10-106 Configuring GE1/0/3

      Figure 10-107 Configuring GE1/0/4

  3. Configure VLANIF 200 on the AC for communicating with the Agile Controller.
    1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
    2. Click 200 under VLAN ID. In the Modify VLAN dialog box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-108. Click OK.

      Figure 10-108 Configuring VLANIF 200

  4. Configure the AC as a DHCP server to assign IP addresses to PCs, APs, and STAs.

    • Configure an IP address pool for the AC to assign IP addresses to APs.
      1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
      2. Click 100 under VLAN ID. In the Modify VLAN dialog box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-109. Click OK.
        Figure 10-109 Configuring VLANIF 100

      3. Choose Configuration > Basic Services > DHCP > DHCP Address Pool. Set DHCP status to ON to enable the DHCP function.
      4. Click Create. On the Create DHCP Address Pool page, set Address pool type to Interface address pool, select Vlanif100 for Select Interface, and click OK, as shown in Figure 10-110.
        Figure 10-110 Configuring an IP address pool

    • Configure an IP address pool for the AC to assign IP addresses to STAs.
      1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
      2. Click Create. In the Create VLAN dialog box, enter VLAN IDs in the VLAN ID text box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-111 and Figure 10-112. Click OK.
        Figure 10-111 Configuring VLANIF 101

        Figure 10-112 Configuring VLANIF 102

      3. Choose Configuration > Basic Services > DHCP > DHCP Address Pool. Set DHCP status to ON to enable the DHCP function.
      4. Click Create. On the Create DHCP Address Pool page, set Address pool type to Interface address pool, select Vlanif101 for Select Interface, and click OK, as shown in Figure 10-113. Repeat the preceding operations for Vlanif102, as shown in Figure 10-114.
        Figure 10-113 Configuring an IP address pool on VLANIF 101

        Figure 10-114 Configuring an IP address pool on VLANIF 102

    • Configure an IP address pool for the AC to assign IP addresses to PCs.
      1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.
      2. Click 201 under VLAN ID. In the Modify VLAN dialog box, select Create VLANIF, and set IPv4 address and Mask, as shown in Figure 10-115 and Figure 10-116. Click OK.
        Figure 10-115 Configuring VLANIF 201

        Figure 10-116 Configuring VLANIF 202

      3. Choose Configuration > Basic Services > DHCP > DHCP Address Pool. Set DHCP status to ON to enable the DHCP function.
      4. Click Create. On the Create DHCP Address Pool page, set Address pool type to Interface address pool, select Vlanif201 for Select Interface, and click OK, as shown in Figure 10-117. Repeat the preceding operations for Vlanif202, as shown in Figure 10-118.
        Figure 10-117 Configuring an IP address pool on VLANIF 201

        Figure 10-118 Configuring an IP address pool on VLANIF 202

  5. Configure a RADIUS server template, configure authentication, accounting, and authorization in the template, and configure Portal authentication on the AC.

    • Configure a RADIUS server template, and configure authentication, accounting, and authorization in the template on the AC.
      1. Choose Configuration > Security Services > AAA, click the RADIUS tab, and click Create. Create and configure RADIUS server template radius1, as shown in Figure 10-119. Click OK.
        Figure 10-119 Configuring a RADIUS server

      2. Choose Configuration > Security Services > AAA, click the RADIUS tab, and click Create to create and configure the authentication server, as shown in Figure 10-120. Click OK.
        Figure 10-120 Configuring an authorization server

      3. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > Domain Profile to access the Domain Profile List page. Click Create to access the Create Domain Profile page. Set Profile name to portal1, click OK, create the authentication domain portal1, and bind the RADIUS server template radius1 to the domain, as shown in Figure 10-121. Click Apply.
        Figure 10-121 Configuring an authentication domain

    • Configure a Portal server.
      Choose Configuration > Security Services > AAA, click the External Portal Server tab, and click Create to create and configure the Portal authentication server, as shown in Figure 10-122. Click OK.
      Figure 10-122 Configuring a Portal server

    • Enable Portal authentication for STAs. Non-authentication is adopted for wired users.
      1. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > Portal Profile to access the Portal Profile List page. Click Create to access the Create Portal Profile page. Set Profile name to portal1 and click OK. On the Portal profile portal1 configuration page that is displayed, bind the Portal server portal1 to the Portal profile, and click Apply, as shown in Figure 10-123.
        Figure 10-123 Configuring a Portal profile

      2. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile to access the Authentication Profile List page. Click Create to access the Create Authentication Profile page. Set Profile name to portal1 and click OK, as shown in Figure 10-124.
        Figure 10-124 Creating an authentication profile

      3. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > portal1 > Portal Profile and select portal1 from the Portal Profile drop-down list box. Click Apply and bind the Portal profile portal1, as shown in Figure 10-125.
        Figure 10-125 Binding a Portal profile

      4. Choose Configuration > Security Services > AAA Profile Mgmt > Authentication Profile > portal1 > Domain Profile and select portal1 from the Domain Profile drop-down list box. Click Apply and bind the domain profile portal1, as shown in Figure 10-126.
        Figure 10-126 Binding a domain profile

  6. Configure APs to go online.

    • Create a regulatory domain profile, configure the AC's country code in the profile, and apply the profile to the AP group.
      1. Choose Configuration > Wireless Services > AP Group > AP Group, click Create, and enter names in the AP group name text box, as shown in Figure 10-127. Click OK.
        Figure 10-127 Creating an AP group



      2. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP group configuration page. Choose Radio Management > Regulatory Domain Profile, click Create, set Profile name to domain1 to create a regulatory domain profile, and bind the profile to the AP group ap-group1, as shown in Figure 10-128. Click Apply. Use the same method to bind the profile to ap-group2.
        Figure 10-128 Binding a domain profile

    • Configure the source interface and authentication method.

      Choose Configuration > Wireless Services > AC Config to access the AC Configuration page. Set AC source address to Vlanif100 and AP authentication mode to MAC address authentication, as shown in Figure 10-129. Click Apply.

      Figure 10-129 Configuring the source interface and authentication method

    • Import APs offline.
      1. Choose Configuration > Fast WLAN Config > AP, and click ap-group1 in the AP group list. Click the AP Manage tab on the right, and click Add to access the page for adding APs.
      2. Set Mode to Manually add, enter values in the AP MAC, AP ID, AP type text boxes, and click OK, as shown in Figure 10-130. Use the same method to add APs to ap-group2, as shown in Figure 10-131.
        Figure 10-130 Adding an AP to ap-group1

        Figure 10-131 Adding an AP to ap-group2

    • Configure the uplink interface GE0/0/0, and downlink interfaces Eth0/0/0 and Eth0/0/1 on the AP2010DN to allow wired packets to pass.
      1. Choose Configuration > Wireless Services > Profile > AP > AP Wired Port Profile to access the AP Wired Port Profile List page. Click Create to access the Create AP Wired Port Profile page. Set Profile name to wired1 and click OK. Click the created AP wired interface profile, set parameters, and click Apply, as shown in Figure 10-132. Use the same method to configure wired2, wired3, and wired4, as shown in Figure 10-133, Figure 10-134, and Figure 10-135.
        Figure 10-132 Configuring wired1

        Figure 10-133 Configuring wired2

        Figure 10-134 Configuring wired3

        Figure 10-135 Configuring wired4

      2. Choose Configuration > Wireless Services > AP Config > AP Info, and click an AP ID to access the AP Customized Settings page. Choose AP > AP Wired Port Settings, click an interface in AP Wired Port Configuration List to access the page for binding an AP wired port profile. Select the wired port profile to bind and click OK. Figure 10-136, Figure 10-137, Figure 10-138, and Figure 10-139 show the configuration results.
        Figure 10-136 Binding an AP wired port profile to ap-id 101

        Figure 10-137 Binding an AP wired port profile to ap-id 102

        Figure 10-138 Binding an AP wired port profile to ap-id 201

        Figure 10-139 Binding an AP wired port profile to ap-id 202

  7. Configure WLAN service parameters.

    • Create an RRM profile rrm1.
      Choose Configuration > Wireless Services > Profile > Radio Management > RRM Profile to access the RRM Profile List page. Click Create to access the Create RRM Profile page. Set Profile name to rrm1 and click OK. On the RRM profile rrm1 configuration page that is displayed, click Apply, as shown in Figure 10-140.
      Figure 10-140 Creating an RRM profile rrm1

    • Create a radio profile and bind it to the RRM profile rrm1.
      1. Choose Configuration > Wireless Services > Profile > Radio Management > 2G Radio Profile to access the 2G Radio Profile List page. Click Create to access the Create 2G Radio Profile page. Set Profile name to radio-2g and click OK, as shown in Figure 10-141.
        Figure 10-141 Creating radio profile radio-2g

      2. Choose Configuration > Wireless Services > Profile > Radio Management > 5G Radio Profile to access the 5G Radio Profile List page. Click Create to access the Create 5G Radio Profile page. Set Profile name to radio-5g and click OK, as shown in Figure 10-142.
        Figure 10-142 Creating radio profile radio-5g

      3. Choose Configuration > Wireless Services > Profile > Radio Management > 2G Radio Profile > radio-2g > RRM Profile, and set RRM Profile to rrm1, as shown in Figure 10-143. Click Apply. Use the same method to bind the RRM profile rrm1 to the 5G radio profile radio-5g, as shown in Figure 10-144.
        Figure 10-143 Binding the RRM profile rrm1 to the 2G radio profile radio-2g

        Figure 10-144 Binding the RRM profile rrm1 to the 5G radio profile radio-5g

    • Creating a security profile
      Choose Configuration > Wireless Services > Profile > Wireless Service > Security Profile, click Create, set Profile name to wlan-security, and configure this security profile, as shown in Figure 10-145. Click Apply.
      Figure 10-145 Creating security profile wlan-security

    • Create an SSID profile.
      Choose Configuration > Wireless Services > Profile > Wireless Service > SSID Profile, click Create, set Profile name to wlan-ssid, and configure this SSID profile, as shown in Figure 10-146. Click Apply.
      Figure 10-146 Creating SSID profile wlan-ssid

    • Create a traffic profile.
      Choose Configuration > Wireless Services > Profile > Wireless Service > Traffic Profile, click Create, set Profile name to traffic1, and configure this traffic profile, as shown in Figure 10-147. Click Apply.
      Figure 10-147 Creating traffic profile traffic1

    • Create a VAP profile.
      1. Choose Configuration > Wireless Services > Profile > Wireless Service > VAP Profile, click Create, set Profile name to wlan-vap1, and configure this VAP profile, as shown in Figure 10-148. Click Apply. Use the same method to create a VAP profile wlan-vap2, as shown in Figure 10-149.
        Figure 10-148 Creating VAP profile wlan-vap1

        Figure 10-149 Creating VAP profile wlan-vap2

      2. Choose Configuration > Wireless Services > Profile > Wireless Service > VAP Profile > wlan-vap1 > SSID Profile, set SSID Profile to wlan-ssid, and click Apply, as shown in Figure 10-150. The SSID profile is bound successfully.
        Figure 10-150 Binding an SSID profile

      3. Use the same method to bind the security profile, traffic profile, and authentication profile to VAP profiles, as shown in Figure 10-151.
        Figure 10-151 Configuration of VAP profiles

    • Bind VAP profiles and a radio profile to AP groups.
      1. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP Customized Settings page. Click VAP Configuration, click Add on the right, set parameters, and click Apply, as shown in Figure 10-152. Use the same method to bind VAP profiles to ap-group2, as shown in Figure 10-153.
        Figure 10-152 Binding a VAP profile to ap-group1

        Figure 10-153 Binding a VAP profile to ap-group2

      2. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP Customized Settings page. Choose Radio Management > Radio 0 > 2G Radio Profile, and select profiles in the 2G Radio Profile text box, as shown in Figure 10-154. Click Apply to complete the configuration of the 2G radio profile.
        Figure 10-154 Binding a 2G radio profile to ap-group1

      3. Choose Configuration > Wireless Services > AP Group > AP Group, and click ap-group1 to access the AP Customized Settings page. Choose Radio Management > Radio 1 > 5G Radio Profile, and select profiles in the 5G Radio Profile text box, as shown in Figure 10-155. Click Apply to complete the configuration of the 5G radio profile.
        Figure 10-155 Binding a 5G radio profile to ap-group1

      4. Use the same method to bind 2G and 5G radio profiles to ap-group2, as shown in Figure 10-156.
        Figure 10-156 Binding radio profiles to ap-group2

  8. Configure a VAP.

    1. Choose Configuration > Wireless Services > AP Config > AP Info, and click 101 to access the AP Customized Settings page. Choose Radio Management > Radio 0, set parameters, and click Apply, as shown in Figure 10-157. The VAP configuration is complete.
      Figure 10-157 Configuring a VAP

    2. Use the same method to configure VAPs for APs 102, 103, 201, 202, and 203, as shown in Figure 10-158.
      Figure 10-158 Configuring VAPs













Operation Result

  1. Choose Monitoring > Wireless Service > SSID > VAP, and view VAP information, as shown in Figure 10-159.
    Figure 10-159 VAP list

  2. When a STA detects and associates with the wireless network hospital-wlan successfully, the STA is assigned an IP address. Enter the password to access the wireless network. Choose Monitoring > User > Wireless User Statistics, and view STA information, as shown in Figure 10-160.
    Figure 10-160 STA list

  3. STAs and PCs obtain IP addresses and connect to the network properly.
Translation
简体中文
Download
Updated: 2022-05-20

Document ID: EDOC1100126882

Views: 156873

Downloads: 138

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :