SupportDocumentationWLANAPAirEngine 5700&6700&8700&9700DConfiguration & CommissioningConfiguration Guide

Fat AP and Cloud AP V200R021C00,C01 Web-based Configuration Guide

Example for Configuring Wi-Fi Internet Access Through a Leader AP in Bridge Mode (Using the Web Platform)

Example for Configuring Wi-Fi Internet Access Through a Leader AP in Bridge Mode (Using the Web Platform)

Prerequisites

One AP has been selected as the leader AP.

WLAN network planning and design have been completed.

The APs have been connected and powered on according to the networking diagram.

The Windows operating system has been installed on a laptop, and the Internet Explorer, Firefox, or Chrome browser is available.

Context

As shown in Figure 3-15, the router is a gateway connected to the Internet, and the switch is a Layer 2 switch that supports PoE+ power supply. The switch can connect to wired users and APs to provide access for STAs. The scale of the WLAN is small, and the number of APs is small. However, wireless users need to roam between APs. Therefore, the leader AP solution is used. In this solution, one AP is selected as the leader AP to manage other Fit APs in a unified manner and construct a WLAN.

Figure 3-15 Networking diagram for configuring the leader AP to work in bridge mode

Configuration Roadmap

  1. Configure the router. In the uplink direction, configure Internet access parameters to connect to the Internet. In the downlink direction, configure VLANs and DHCP for APs and STAs to obtain IP addresses.
  2. Configure the switch. Allow packets from the management VLAN (from Fit APs to the leader AP) and service VLANs (from STAs to the user gateway) to pass through.
  3. Before selecting an AP as the leader AP, switch the AP's working mode to Fat.
  4. Configure the leader AP to work in bridge mode and configure Internet access parameters for STAs.

Procedure

  1. Configure the router.

    1. Log in to the router. A Huawei AR router is used as an example. Connect a laptop to the management interface of the AR. Configure an IP address for the laptop to connect to the wired network. Ensure that the IP address is on the same network segment as that of the management interface of the router. On the laptop with SSH client software installed, log in to the router through STelnet.
    2. Configure the uplink network. The PPPoE dialup interface is used as an example.
      #
vlan batch 2  //Create VLAN 2.
#
 acl number 2001  //Create an ACL rule to match all packets.
 rule 5 permit
#
interface Dialer1  //Create a dialup interface.
 ppp chap user 1234567
 ppp chap password cipher %^%#|6(i7IW=fVlcTUM)c>\J{Jy.)i+4PM>|B#/.QmC4%^%#
 ppp pap local-user 1234567 password cipher %^%#`$8CA=r@Q4L^@K&Jxq+"|MdEUmK'O/OuD<Dp0.31%^%#
 ip address ppp-negotiate
 dialer-rule ip permit
 nat outbound 2001 
 management-interface
#
interface Vlanif2  //Bind the dialup interface to the uplink interface.
 pppoe-client dial-bundle-number 1 
 management-interface
#
interface GE0/0/1  //Add the uplink physical interface to VLAN 2.
 port hybrid pvid vlan 2
 port hybrid untagged vlan 2
 dhcp snooping trusted
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1  //Configure a static route and set the next hop to the dialup interface.
    3. Configure the gateway address and DHCP service for downlink APs and STAs.
      #
vlan batch 1 101  //Create management VLAN 1 (default) and service VLAN 101.
#
dns resolve //Enable DNS resolution and proxy.
dns proxy enable
#
dhcp enable //Enable the DHCP service.
#
interface Vlanif1  //Create an interface to connect to APs. The interface functions as the gateway of the APs and assigns IP addresses to them.
 ip address 192.168.10.1 255.255.255.0
 dhcp select interface
 dhcp server dns-list 192.168.200.1 
#
interface Vlanif101  //Create an interface to connect to STAs. The interface functions as the gateway of the STAs and assigns IP addresses to them.
 ip address 192.168.20.1 255.255.255.0
 dhcp select interface
 dhcp server dns-list 192.168.20.1
#
interface GE0/0/2  //Add the downlink physical interface to VLAN 1 (default) and VLAN 101.
 port hybrid tagged vlan 101

  2. Configure the switch. A Huawei S series switch is used as an example. Connect a laptop to the management interface of the switch. Configure an IP address for the laptop to connect to the wired network. Ensure that the IP address is on the same network segment as that of the management interface of the switch. On the laptop with SSH client software installed, log in to the switch through STelnet.

    #
vlan batch 1 101  //Create management VLAN 1 (default) and service VLAN 101.
#
interface GE0/0/1  //Configure the uplink physical interface to allow packets from VLAN 1 (default) and VLAN 101 to pass through.
 port hybrid tagged vlan 101
#
interface GE0/0/2  //Configure the downlink physical interface to connect to the AP, and allow packets from VLAN 1 and VLAN 101 to pass through. This VLAN configuration shall prevail for other interfaces connected to the AP.
 port hybrid tagged vlan 101
#
interface GE0/0/5  //Configure the downlink physical interface to wired users, and allow only packets from VLAN 101 to pass through. Packets sent to wired users do not carry VLAN information. Disable the PoE function on the interface.
 port hybrid pvid vlan 101
 port hybrid untagged vlan 101
 undo poe enable

  3. Switch the working mode of the leader AP to Fat.

    1. Place the laptop near the selected AP and search for the SSID named hw_manage_xxxx. xxxx in the SSID indicates the last 4 digits of the AP's MAC address. Connect the laptop to the SSID.
    2. On the laptop, set the IP address for wireless network connection to a fixed IP address, which is in the same network segment (169.254.2.0) as the default IP address of the AP, for example, 169.254.2.100. Specify the gateway IP address to the IP address of the AP, that is, 169.254.2.1.
    3. Open the browser on the laptop, enter 169.254.2.1 in the address box, and press Enter to access the web system. When you log in to the AP for the first time, set the user name and password.
    4. After the AP mode is switched to Fat, the AP restarts and restores the factory settings.

  4. Connect the laptop to the management SSID of the leader AP in wireless mode and log in to the web system of the leader AP.

    1. On the laptop, configure DHCP IP address allocation for wireless network connection.
    2. Search for the SSID named HUAWEI-LeaderAP-XXXX (XXXX specifies the last 4 digits of the AP's MAC address) and connect to the management SSID. No password is required. The laptop obtains an IP address.
    3. Open the browser on the laptop, enter 192.168.1.1 (for V200R021C00)169.254.2.1 (for V200R021C01) in the address box, and press Enter to access the web system. (V200R021C00) When you log in to the AP for the first time, set the user name and password. To improve security, you are advised to set the PSK for DTLS encryption, the user name and password for logging in to Fit APs, and the PSK for the global offline management VAP.(V200R021C01) Upon the first login to the web system, you are prompted to set the user name and password for subsequent login through the web system or STelnet, which will be delivered to managed Fit APs for logging in to them. Additionally, the specified password is used as the password for console port login and the PSK for the offline management VAP, allowing you to connect to the offline management SSID in wireless mode.

  5. Configure basic information about the AP.

  6. Access the configuration wizard page and select Multi-AP Configuration.

  7. Configure WLAN services.

  8. Verify the configuration.

    STAs can detect and connect to the SSID wlan-net. After the correct password is entered, the STAs can access the Internet.

Appendix: CLI-based Configuration on Leader AP in Fat Mode

#
dhcp enable
#
interface GigabitEthernet0/0/0  //Configure VLANs for the physical port.
 port hybrid tagged vlan 2 to 4094
 dhcp snooping trusted
#
capwap dtls control-link encrypt off  //Disable DTLS.
#
wlan
 temporary-management psk %^%#2.~d~N8LC-(a=a!4N:ANgo(~BZ*NX5/v<hCWrNYR%^%#  //Configure the PSK of the offline management VAP for Fit APs.
 ap username admin password cipher %^%#zWO92GK{n~W-9]DNc3YRQ=)o2sIC65xM|u(Kx]U2%^%#  //Configure the user name and password of Fit APs.
 traffic-profile name example  //Configure the traffic profile. By default, the rate is not limited.
 security-profile name example  //Configure the encryption mode.
  security wpa-wpa2 psk pass-phrase %^%#AugBV){ec<nh6.L_][r,&=|AH!}F\@[6;,Q042t~%^%# aes
 ssid-profile name example  //Configure an SSID name.
  ssid wlan-net
 vap-profile name example  //Configure a VAP profile.
  ssid-profile example
  security-profile example
  traffic-profile example
  ap-zone default  //Set the name of the AP zone, indicating the APs to which the VAP profile takes effect. The default AP zone is default.
  radio 0 1 2
 ap-group name default
 uplink gigabitethernet 0  //Configure GE0 as the uplink port.
#
return
Translation
Favorite
Download
Update Date:2022-09-06
Document ID:EDOC1100222158
Views:74645
Downloads:1847
Average rating:0.0Points

Related Documents

Digital Signature File

digtal sigature tool