Example for Configuring the Education IoT Solution - Student Health and Safety - Wireless Access Controller (AC and Fit AP) V200R019C10 Web-based Configuration Guide

Wireless Access Controller (AC and Fit AP) V200R019C10 Web-based Configuration Guide

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Example for Configuring the Education IoT Solution - Student Health and Safety

Service Requirements

A school pays much attention to health and safety of its students, and desires to use technical methods to monitor and query students' health and safety information.

To meet these requirements, Huawei provides the Student Health and Safety IoT Solution that reuses the existing WLAN.

Networking Requirements

AC networking mode: Layer 2 in bypass mode
DHCP deployment mode: Configure an AC as a DHCP server to assign IP addresses to APs and STAs.
Service data forwarding mode: direct forwarding

Figure 3-75 Networking for configuring the Student Health and Safety IoT Solution

Data Planning

Table 3-75 AC data planning

Item	Data
Management VLAN	VLAN100
Service VLAN	VLAN101
AC's source interface	VLANIF100
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs and STAs.
IP address pool for STAs	10.23.101.2 to 10.23.101.254/24
AP group	Name: ap-group1 Referenced profiles: VAP profile wlan-net and regulatory domain profile default Local TCP port mapping the IoT card interface: 50200
Regulatory domain profile	Name: default Country code: CN
SSID profile	Name: wlan-net SSID name: wlan-net
Security profile	Name: wlan-net Security policy: WPA-WPA2+PSK+AES Password: a1234567
VAP profile	Name: wlan-net Forwarding mode: direct forwarding Service VLAN: VLAN 101 Referenced profiles: SSID profile wlan-net and security profile wlan-net
IoT profile	Name: wlan-iot IP address of the host computer: 10.23.200.1 Port number of the host computer: 3000 Trusted host: 10.23.102.253/255.255.255.0 Shared key: aabb0011@11

Configuration Roadmap

Configure network interworking of the APs, switch, AC, and host computer.
Configure the AC as a DHCP server to assign IP addresses to APs and STAs.
Configure the APs to go online.
Configure WLAN services.
Configure communication parameters between the APs and host computer.
Add IP addresses of the APs to the host computer and configure the same shared key as that on the APs.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure the network devices.

# Configure the access switch. Add GE0/0/1 through GE0/0/4 to VLAN 100 (management VLAN) and VLAN 101 (service VLANs).

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 to 101
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 101
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk pvid vlan 100
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 101
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk pvid vlan 100
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 to 101
[Switch-GigabitEthernet0/0/3] quit
[Switch] interface gigabitethernet 0/0/4
[Switch-GigabitEthernet0/0/4] port link-type trunk
[Switch-GigabitEthernet0/0/4] port trunk pvid vlan 100
[Switch-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 to 101
[Switch-GigabitEthernet0/0/4] quit

Configure AC system parameters.
1. Perform basic AC configurations.
  # Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.
  
  # Set Country/Region based on actual situations. For example, set Country/Region to China. Set System time to Manual and Date and time to PC.
  
  # Click Next. The Port Configuration page is displayed.
2. Configure interfaces.
  # Select GigabitEthernet0/0/1 and expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN) and VLAN 101 (service VLAN).
  
  If the AC and APs are directly connected, set the default VLAN of the interfaces connected to the APs to management VLAN 100.
  
  # Click Apply. In the dialog box that is displayed, click OK.
  
  # Click Next. The Network Interconnection Configuration page is displayed.
3. Configure network interconnections.
  # Set DHCP status to ON.
  
  # Click Create under Interface Configuration. The Create Interface Configuration page is displayed.
  
  # Set the IP address of VLANIF 100 to 10.23.100.1/24.
  
  # Click Create under DHCPv4 Address Pool List. Select Interface address pool and select VLANIF 100.
  
  # Click OK.
  
  # Set the IP address of VLANIF 101 to 10.23.101.1/24 and configure the interface address pool on VLANIF 101 in the same way.
  
  Configure the DNS server address as required.
  
  # Click Next.
  
  # Click Next. The AC Source Address page is displayed.
4. Configure the source address for AC.
  # Set AC source address to VLANIF. Click the browse button and select Vlanif100.
  
  # Click Next. The Confirm Settings page is displayed.
5. Confirm the configuration.
  # Confirm the configuration and click Continue With AP Online.
Configure APs to go online.
1. Configure APs to go online.
  # Click Batch Import. The Batch Import page is displayed. Click to download an AP template file to your local computer.
  
  # Fill in the AP template file with AP information according to the following example. To add multiple APs, fill in the file with information of the APs.
  If you set AP authentication mode to MAC address authentication, the AP's MAC address is mandatory and the AP's SN is optional.
  If you set AP authentication mode to SN authentication, the AP's SN is mandatory and the AP's MAC address is optional.
  
  You are advised to export the radio ID, AP channel, frequency bandwidth, and power planned on WLAN Planner to a .csv file, and then enter them in the AP template file. Set the longitude and latitude as required.
  # Click next to Import AP File, select the AP template file, and click Import.
  
  # On the page that displays the template import result, click OK.
  
  # Click Next. The Group APs page is displayed.
  
  # AP group information has been added in the AP template file. Click Next. The Confirm Configurations page is displayed.
2. Confirm the configuration.
  # Confirm the configuration and click Continue With Wireless Service Configuration.
Configure WLAN services.
# Click Create. The Basic Information page is displayed.

# Configure the SSID name, forwarding mode, and service VLAN.

# Click Next. The Security Authentication page is displayed.

# Set Security settings to Key (applicable to personnel networks), select the AES mode, and set the key.

# Click Next. The Access Control page is displayed.

# Set Binding the AP group to ap-group1, and Valid radio to 0 and 1.

# Click Finish.

# Choose Configuration > AP Config > AP Group. In the AP group list, click ap-group1 and select Display all profiles. Choose IoT > Card1 > IoT Profile. Click Create to create an IoT profile named wlan-iot.

# Click OK. The IoT profile configuration page is displayed.

# Set parameters as follows:
- Protocol: TCP
- Port number: 50200
- Communication key: aabb0011@11
- IP address of a trusted host computer: 10.23.102.253
- Mask of a trusted host computer: 255.255.255.0
- Host Computer Address: 10.23.200.1
- Host Computer Port Number: 3000
# Click Apply.
Configure network interworking between the APs and server.
Configure routes based on the actual networking situation to ensure network interworking between the APs and host computer.
Add IP addresses of the APs to the host computer and configure the same shared key as that on the APs.
Verify the configuration.
1. Choose Monitoring > SSID > VAP. In VAP List, check VAP status. You can see that the status of the VAP in wlan-net is normal.
2. The WLAN with the SSID wlan-net is available.
3. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24, and its gateway address is 10.23.101.1.
4. Choose Monitoring > User > User List. All online users are displayed in User List. You can use the filtering function to filter the display results. For example, click next to SSID. Set the filtering condition, enter wlan-net, and click OK. Users connected to the SSID wlan-net are displayed. Multi-column filtering is supported to accurately query online users.