Configuring WLAN Services
Context
Currently, in the distributed gateway solution, if VXLAN is deployed across core and aggregation layers for the fabric and the edge node functions as the native WAC, wired and wireless authentication control points reside on the edge node. The template resources planned in Configuring Authentication Templates for User Access can be delivered to the edge node when wireless access for access management is configured in Configuring Access Management.
This section describes how to configure WLAN services for APs. Assume that three wireless SSIDs are planned, one each for employees, dumb terminals, and guests, the mapping between SSIDs and authentication profiles have been configured during access management configuration for the fabric, and the required authentication profiles and their bound authentication server templates have been delivered to edge nodes. After logging in to the web system of the edge node, configure basic wireless services for APs as follows.
Data Plan
VAP Profile |
SSID Profile |
Security Profile |
Authentication Profile |
Wireless Service VLAN |
|---|---|---|---|---|
area1-rd-employee |
employee
|
employee
|
Authen1 |
3002 |
area1-rd-dumb |
dumb
|
default |
Authen1 |
3004 |
area1-guest |
guest
|
default |
Authen2 |
3009 |
Procedure
- Choose . On the Device Management tab page, click the device to which you want to log in.
- Enter the management account and password, and click GO to enter the device's web system.
- Create an AP group and add APs to the AP group.
- Choose Configuration > Wireless Services > AP Group. On the AP Group tab page, click Create. Set AP group parameters and click OK.
- On the AP Group tab page, click Member List in the default column, select the corresponding AP, and click Move AP. On the displayed page, select Area-1 and click OK to add the AP to Area-1.
- Choose Configuration > Wireless Services > AP Group. On the AP Group tab page, click Create. Set AP group parameters and click OK.
- Configure VAP profile parameters for wireless services. The following example describes how to configure wireless service access profiles for R&D employees.
- Choose Configuration > Wireless Services > AP Group. The AP Group tab page is displayed. Click the AP group Area-1 and click VAP Configuration. On the VAP Profile List tab page, click Create and create the VAP profile area1-rd-employee for R&D employees.
- Click
before VAP Configuration to expand the VAP profile list. Then click
before area1-rd-employee to expand the referenced profile list of the VAP profile.
- Click SSID Profile. On the SSID Profile tab page, click Create to create an SSID profile named employee. On the profile parameter configuration page that is displayed, set SSID to campus-employee and click Apply.
- Click Security Profile. On the Security Profile tab page, click Create to create a security profile named employee. On the profile parameter configuration page, set Security policy to WPA and Authentication type to Dot1x. Then click Apply.
- Click Authentication Profile, and then click ... on the right to display a list of authentication profiles. Select Authen1, click OK, and then click Apply.
- Choose VAP Configuration > area1-rd-employee to access the VAP profile area1-rd-employee. Set the service VLAN ID to 3002 and set other access parameters, and click Apply.
- Choose Configuration > Wireless Services > AP Group. The AP Group tab page is displayed. Click the AP group Area-1 and click VAP Configuration. On the VAP Profile List tab page, click Create and create the VAP profile area1-rd-employee for R&D employees.
before VAP Configuration to expand the VAP profile list. Then click 
before area1-rd-employee to expand the referenced profile list of the VAP profile.
