Wireless Access Controller (AC and Fit AP) V200R023C00 Configuration Guide

Configuration Examples for Mesh

Example for Configuring Common the Mesh Service (CLI)
Example for Configuring Common the Mesh Service (Web)
Example for Configuring the Multi-hop Mesh Service (CLI)
Example for Configuring Multi-hop Mesh Services (Web)
Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (CLI)
Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (Web)
Example for Configuring Dual-MPP Mesh Services (CLI)
Example for Configuring Dual-MPP Mesh Services (Web)

Example for Configuring Common the Mesh Service (CLI)

Service Requirements

An enterprise needs to establish Mesh wireless backhaul links in different areas to expand wireless coverage and reduce wired deployment costs.

Networking Requirements

AC networking mode: Layer 2 networking in off-path mode
Wireless backhaul mode: Mesh portal-node
Backhaul radio: 5 GHz radio

Figure 15-17 Networking for configuring the Mesh service

Data Planning

Table 15-9 AP data planning

AP	MAC
area_1	00e0-fc76-e360
area_2	00e0-fc04-b500
area_3	00e0-fc74-9640

Table 15-10 AC data planning

Item	Data
Management VLAN for APs	VLAN 100
Service VLAN for wireless STAs	VLAN 101
Service VLAN for wired STAs	VLAN 102
DHCP server	The AC functions as the DHCP server for APs, wireless STAs, and wired STAs.
IP address pool for APs	10.23.100.2–10.23.100.254/24
IP address pool for STAs	For wireless STAs: 10.23.101.2–10.23.101.254/24 For wired STAs: 10.23.102.2–10.23.102.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh profile	Name: mesh-net
Mesh roles	area_1: Mesh-portal (MPP) area_2: Mesh-node (MP) area_3: Mesh-node (MP)
Mesh ID	Name: mesh-net
Mesh whitelist	Name: mesh-list
AP system profile	Name: mesh-sys
Radio used by the Mesh service	Radio 1: Bandwidth: 40 MHz-plus Channel: 157 Radio coverage distance parameter: 20 (unit: 100 m)
Security profiles	Mesh service: Name: mesh-sec Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022 Coverage service: Name: wlan-net Security policy: WPA-WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
VAP profile	Name: wlan-net Forwarding mode: tunnel forwarding Service VLAN: VLAN 101 Referenced profiles: SSID profile wlan-net and security profile wlan-net
SSID profile	Name: wlan-net SSID name: wlan-net
AP wired port profile	Name: wlan-wired Wired service VLAN: VLAN 102 Wired forwarding mode: tunnel forwarding Working mode of the wired interface: endpoint
AP groups	mesh-mpp: area_1 mesh-mp: area_2 and area_3

Configuration Roadmap

Configure network connectivity and enable the AP (MPP) in area A to go online on the AC in wired mode.
Configure the Mesh service to enable APs (MPs) in area B and area C to go online on the AC through Mesh links.
Configure the wireless coverage service so that wireless STAs in area C can access the Wi-Fi network through an SSID.
Configure wired services so that wired STAs in area C can access the network in wired mode.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
From V200R021C00, when the CAPWAP source interface or source address is configured, the system checks whether security-related configurations exist, including the PSK for DTLS encryption, PSK for DTLS encryption between ACs, user name and password for logging in to the AP, and password for logging in to the global offline management VAP, the configuration can be successful only when both of them exist. Otherwise, the system prompts you to complete the configuration first.
From V200R021C00, DTLS encryption is enabled for CAPWAP control tunnels on the AC by default. After this function is enabled, an AP will fail to go online when it is added. In this case, you need to enable CAPWAP DTLS non-authentication (capwap dtls no-auth enable) for the AP so that the AP can obtain a security credential. After the AP goes online, disable this function (undo capwap dtls no-auth enable) to prevent unauthorized APs from going online.
To ensure high backhaul reliability, it is recommended that the WLAN coverage service should not be configured on the radio used for backhaul.

Procedure

Configure the network devices.

# Add GE0/0/1 and GE0/0/2 on Switch_B to VLAN 100, and set the PVID of GE0/0/1 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] quit

# Add GE0/0/1 and GE0/0/2 on the aggregation switch Switch_A to VLAN 100 and VLANs 100, 101, and 102, respectively.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100 to 102
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 102
[Switch_A-GigabitEthernet0/0/2] quit

Configure the AC to communicate with other network devices.

If the AC and AP are directly connected, set the PVID of the interface connecting the AC to the AP to VLAN 100 (management VLAN).

# Add GE0/0/1 on the AC to VLANs 100, 101, and 102.

<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan batch 100 to 102
[AC] interface gigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 102
[AC-GigabitEthernet0/0/1] quit

Configure the DHCP server to assign IP addresses to APs, wireless STAs, and wired STAs.

# Enable the DHCP function on the AC to allow it to assign IP addresses to APs, wireless STAs, and wired STAs from interface address pools.

[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24  //Configure an address pool for APs.
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
[AC] interface vlanif 101
[AC-Vlanif101] ip address 10.23.101.1 24  //Configure an IP address pool for wireless STAs.
[AC-Vlanif101] dhcp select interface
[AC-Vlanif101] quit
[AC] interface vlanif 102
[AC-Vlanif102] ip address 10.23.102.1 24  //Configure an IP address pool for wired STAs.
[AC-Vlanif102] dhcp select interface
[AC-Vlanif102] quit

Configure the AP groups, country code, and AC's source interface.

# Create AP groups for MPPs and MPs respectively and add APs that require the same configuration to the same group.

[AC] wlan
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] quit

# Create a regulatory domain profile, configure the country code for the AC in the profile, and bind the profile to the AP groups.

[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit

# Configure the AC's source interface.

[AC] capwap source interface vlanif 100

# Add the AP area_1 to the AP group mesh-mpp, and add APs area_2 and area_3 to the AP group mesh-mp.

The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc76-e360
[AC-wlan-ap-1] ap-name area_1
[AC-wlan-ap-1] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc04-b500
[AC-wlan-ap-2] ap-name area_2
[AC-wlan-ap-2] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc74-9640
[AC-wlan-ap-3] ap-name area_3
[AC-wlan-ap-3] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-3] quit

Configure Mesh parameters.

# Configure radio parameters for Mesh nodes. Radio 1 is used in this example. The parameter coverage distance indicates the radio coverage distance parameter (unit: 100 m), which is 3 by default. This example uses the radio coverage distance parameter of 20 as an example. You can set this parameter based on site requirements.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 1
[AC-wlan-group-radio-mesh-mpp/1] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mpp/1] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mpp/1] channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mpp/1] coverage distance 20
[AC-wlan-group-radio-mesh-mpp/1] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mp/1] channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mp/1] coverage distance 20
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit

# Configure the security profile mesh-sec used by Mesh links, which support the security policy WPA2+PSK+AES.

[AC-wlan-view] security-profile name mesh-sec
[AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase YsH_2022 aes
[AC-wlan-sec-prof-mesh-sec] quit

# Configure a Mesh whitelist.

[AC-wlan-view] mesh-whitelist-profile name mesh-list
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc76-e360
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc04-b500
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc74-9640
[AC-wlan-mesh-whitelist-mesh-list] quit

# Configure Mesh roles. Set the Mesh role of area_1 to Mesh-portal. Retain the default Mesh role Mesh-node for area_2 and area_3. Mesh roles are configured through the AP system profile.

[AC-wlan-view] ap-system-profile name mesh-sys
[AC-wlan-ap-system-prof-mesh-sys] mesh-role Mesh-portal
[AC-wlan-ap-system-prof-mesh-sys] quit

# Configure a Mesh profile. Set the Mesh network ID to mesh-net, aging time of Mesh links to 30s, and bind the security profile and Mesh whitelist to the Mesh profile.

[AC-wlan-view] mesh-profile name mesh-net
[AC-wlan-mesh-prof-mesh-net] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-net] link-aging-time 30
[AC-wlan-mesh-prof-mesh-net] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-net] quit

# Bind the Mesh whitelist profile to AP radios.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 1
[AC-wlan-group-radio-mesh-mpp/1] mesh-whitelist-profile mesh-list
[AC-wlan-group-radio-mesh-mpp/1] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] mesh-whitelist-profile mesh-list
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit

Bind required profiles to the AP groups to make the Mesh service take effect.

# Bind the AP system profile mesh-sys to the AP group mesh-mpp to make the MPP role take effect on area_1.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] ap-system-profile mesh-sys
[AC-wlan-ap-group-mesh-mpp] quit

# Bind the Mesh profile mesh-net to AP groups mesh-mpp and mesh-mp to make the Mesh service take effect.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-net radio 1
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-net radio 1
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit

Configure the wireless coverage service.

# Create the security profile wlan-net and configure a security policy.

[AC] wlan
[AC-wlan-view] security-profile name wlan-net 
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase YsH_2022 aes 
[AC-wlan-sec-prof-wlan-net] quit

# Create the SSID profile wlan-net and set the SSID name to wlan-net.

[AC-wlan-view] ssid-profile name wlan-net 
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net 
[AC-wlan-ssid-prof-wlan-net] quit

# Create the VAP profile wlan-net, set the data forwarding mode and service VLAN, and bind the security profile and SSID profile to the VAP profile.

[AC-wlan-view] vap-profile name wlan-net 
[AC-wlan-vap-prof-wlan-net] forward-mode tunnel 
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-id 101 
[AC-wlan-vap-prof-wlan-net] security-profile wlan-net 
[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net 
[AC-wlan-vap-prof-wlan-net] quit

# Bind the VAP profile to AP radio 0.

[AC-wlan-view] ap-id 3 
[AC-wlan-ap-3] vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-3] quit
[AC-wlan-view] quit

Configure wired STA services.

# Create a wired port profile.

[AC] wlan 
[AC-wlan-view] wired-port-profile name wlan-wired
[AC-wlan-wired-port-wlan-wired] vlan pvid 102
[AC-wlan-wired-port-wlan-wired] vlan untagged 102 
[AC-wlan-wired-port-wlan-wired] forward-mode tunnel 
[AC-wlan-wired-port-wlan-wired] mode endpoint //After the AP's wired interface is configured, restart the AP to make the configuration take effect. However, restarting the AP will interrupt wireless services; therefore, perform this operation in off-peak hours.
[AC-wlan-wired-port-wlan-wired] quit

# Bind the AP wired port profile.

[AC-wlan-view] ap-id 3 
[AC-wlan-ap-3] wired-port-profile wlan-wired gigabitethernet 1
[AC-wlan-ap-3] quit

Allow packets from the STA service VLANs to pass through the MPP.

If the STA data forwarding mode is tunnel forwarding, skip this step. If the STA data forwarding mode is direct forwarding, perform this step to allow packets from the corresponding service VLANs to pass through.

In V200R022C00 and earlier versions:

[AC-wlan-view] wired-port-profile name mpp-wired
[AC-wlan-wired-port-mpp-net] vlan tagged 101 102  //Create service VLANs for STAs and allow packets in the service VLANs to pass on the MPP.
[AC-wlan-wired-port-mpp-net] quit
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] wired-port-profile mpp-wired gigabitethernet 0  //Bind the wired port profile to the MPP's uplink interface. Set the interface type and number as required.
[AC-wlan-ap-group-mesh-mpp] return

In V200R022C10 and later versions:

[AC-wlan-view] mesh-profile name mesh-net
[AC-wlan-mesh-prof-mesh-net] vlan tagged 101 102  //Create service VLANs for STAs and allow packets in the service VLANs to pass on the MPP.
[AC-wlan-mesh-prof-mesh-net] return

Verify the Mesh service configuration.

# After the configuration is complete, run the display ap all command to check whether Mesh nodes go online successfully. If State displays as nor, APs have gone online successfully.

<AC> display ap all
Total AP information:       
nor  : normal          [3]  
Extra information: P  : insufficient power supply
--------------------------------------------------------------------------------------------------------------
ID   MAC            Name Group     IP              Type                 State STA Uptime      ExtraInfo
--------------------------------------------------------------------------------------------------------------
1    00e0-fc76-e360 area_1 mesh-mpp 10.23.100.254   AirEngine5761R-11E  nor   0  13M:45S     -
2    00e0-fc04-b500 area_2 mesh-mp  10.23.100.251   AirEngine5761R-11E  nor   0  5M:22S      -
3    00e0-fc74-9640 area_3 mesh-mp  10.23.100.253   AirEngine5761R-11E  nor   0  4M:14S      -
--------------------------------------------------------------------------------------------------------------
Total: 3

# After the Mesh service takes effect, run the display wlan mesh link all command to check Mesh link information.

<AC> display wlan mesh link all
Rf   : radio ID             Dis  : coverage distance(100m)
Ch   : channel              Per  : drop percent(%)
TSNR : total SNR(dB)        P-   : peer
Mesh : Mesh mode            Re   : retry ratio(%)
RSSI : RSSI(dBm)            MaxR : max RSSI(dBm)
----------------------------------------------------------------------------------------------------------------------------------
APName          P-APName        P-APMAC         Rf Dis   Ch      Mesh    P-Status        RSSI  MaxR  Per  Re   TSNR  SNR(Ch0~3:dB)
Tx(Mbps)    Rx(Mbps)
----------------------------------------------------------------------------------------------------------------------------------
area_1          area_2          00e0-fc04-b500  1  4     157     portal  normal          -30   -27   0    12   67    62/65/-/-
192         192  
area_1          area_3          00e0-fc74-9640  1  4     157     portal  normal          -26   -24   0    12   71    67/68/-/-
192         192  
area_3          area_2          00e0-fc04-b500  1  4     157     node    normal          -19   -3    0    5    77    66/76/-/-
192         192  
area_3          area_1          00e0-fc76-e360  1  4     157     node    normal          -32   -4    0    26   64    55/63/-/-
192         192  
area_2          area_1          00e0-fc76-e360  1  4     157     node    normal          -32   -4    0    12   64    62/61/-/-
192         192  
area_2          area_3          00e0-fc74-9640  1  4     157     node    normal          -14   -12   0    4    82    71/82/-/-
192         192  
----------------------------------------------------------------------------------------------------------------------------------
Total: 6

# After a STA detects and associates with the WLAN named wlan-net successfully, the STA is assigned an IP address. After the user enters the correct password, the STA can access the WLAN.

# The wired STA can obtain an IP address and connect to the network.

Configuration Files

Switch_A configuration file

#
sysname Switch_A
#
 vlan batch 100
#
dhcp enable 
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 102
#
return

Switch_B configuration file

#
sysname Switch_B
#
 vlan batch 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
 port-isolate enable group 1 
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

AC configuration file

#
 sysname AC
#
 vlan batch 100 to 102
#
dhcp enable
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select interface
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 102
#
capwap source interface vlanif100
#
wlan
 security-profile name mesh-sec
  security wpa2 psk pass-phrase %^%#n}5+DgC3wLB.hJ34j5;*QMv<8"9#{Bq@ghBI3L9K%^%# aes
 security-profile name wlan-net
  security wpa-wpa2 psk pass-phrase %^%#n}5+DgC3wLB.hJ34j5;*QMv<8"9#{Bq@ghBI3L9K%^%# aes
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name wlan-net
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
 mesh-whitelist-profile name mesh-list
  peer-ap mac 00e0-fc76-e360
  peer-ap mac 00e0-fc04-b500
  peer-ap mac 00e0-fc74-9640
 mesh-profile name mesh-net
  security-profile mesh-sec
  mesh-id mesh-net
  link-aging-time 30
  vlan tagged 101 102
 regulatory-domain-profile name domain1
 wired-port-profile name wlan-wired
  vlan pvid 102 
  vlan untagged 102
  forward-mode tunnel 
  mode endpoint 
 ap-system-profile name mesh-sys
  mesh-role Mesh-portal
 ap-group name mesh-mp
  regulatory-domain-profile domain1
  radio 1 
   mesh-profile mesh-net  
   mesh-whitelist-profile mesh-list   
   channel 40mhz-plus 157    
   coverage distance 20  
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
 ap-group name mesh-mpp
  ap-system-profile mesh-sys
  regulatory-domain-profile domain1
  radio 1   
   mesh-profile mesh-net  
   mesh-whitelist-profile mesh-list 
   channel 40mhz-plus 157  
   coverage distance 20 
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
 ap-id 1 type-id 39 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042            
  ap-name area_1                                                                  
  ap-group mesh-mpp 
 ap-id 2 type-id 39 ap-mac 00e0-fc04-b500 ap-sn 210235557610DB000046            
  ap-name area_2                                                                  
  ap-group mesh-mp 
 ap-id 3 type-id 39 ap-mac 00e0-fc74-9640 ap-sn 210235419610D2000097            
  ap-name area_3                                                                  
  ap-group mesh-mp
  radio 0                                                                       
   vap-profile wlan-net wlan 1 
  wired-port-profile wlan-wired gigabitethernet 0
#
return

Example for Configuring Common the Mesh Service (Web)

Service Requirements

An enterprise needs to establish Mesh wireless backhaul links in different areas to expand wireless coverage and reduce wired deployment costs.

Networking Requirements

AC networking mode: Layer 2 networking in off-path mode
Wireless backhaul mode: Mesh portal-node
Backhaul radio: 5 GHz radio

Figure 15-18 Networking for configuring the Mesh service

Data Planning

Table 15-11 AP data planning

AP	MAC
area_1	00e0-fc76-e360
area_2	00e0-fc04-b500
area_3	00e0-fc74-9640

Table 15-12 AC data planning

Item	Data
Management VLAN for APs	VLAN 100
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs.
IP address pool for APs	10.23.100.2–10.23.100.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh roles	area_1: Mesh-portal (MPP) area_2: Mesh-node (MP) area_3: Mesh-node (MP)
Mesh ID	Name: mesh-net
Radio used by the Mesh service	Radio 1: Bandwidth: 40 MHz-plus Channel: 157 Radio coverage distance parameter: 20 (unit: 100 m)
Security profile	Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
AP group	Name: ap-group1

Configuration Roadmap

Configure network connectivity and enable the AP (MPP) in area A to go online on the AC in wired mode.
Configure the Mesh service to enable APs (MPs) in area B and area C to go online on the AC through Mesh links.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure the network devices.

# Add GE0/0/1 and GE0/0/2 on Switch_B to VLAN 100, and set the PVID of GE0/0/1 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] quit

# Add GE0/0/1 and GE0/0/2 on the aggregation switch Switch_A to VLAN 100 and VLANs 100, 101, and 102, respectively.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100 to 102
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 to 102
[Switch_A-GigabitEthernet0/0/2] quit

Configure AC system parameters.
1. Perform basic AC configurations.
  # Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.
  
  # Set Country/Region based on actual situations. For example, set Country/Region to China. Set System time to Manual and Date and time to PC.
  
  # Click Next. The Port Configuration page is displayed.
2. Configure interfaces.
  # Select GigabitEthernet0/0/1 and expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN).
  
  If the AC and APs are directly connected, set the PVID of the interfaces connected to the APs to VLAN 100 (management VLAN).
  
  # Click Apply. In the dialog box that is displayed, click OK.
  
  # Click Next. The Network Interconnection Configuration page is displayed.
3. Configure network connectivity.
  # Set DHCP status to ON.
  
  # Click Create under Interface Configuration. The Create Interface Configuration dialog box is displayed.
  
  # Set the IP address of VLANIF 100 to 10.23.100.1/24.
  
  # Click Create under DHCPv4 Address Pool List. Select Interface address pool and select VLANIF 100.
  
  # Click OK.
  
  # Click Next.
  
  # Click Next. The AC Source Address page is displayed.
4. Configure the source address for AC.
  # Set AC source address to VLANIF, click the selection icon, select Vlanif100 in the dialog box that is displayed, and click the + icon to add the selected VLANIF interface to the list.
  
  From V200R021C00, DTLS encryption for CAPWAP control tunnels is enabled by default, and APs of earlier versions may fail to access the network. In this case, you can set AC-AP DTLS authentication mode to None authentication to allow APs to go online first. After the subsequent configurations are complete and the APs go online normally, disable this function. Specifically, choose Configuration > AC Config > Basic Config > AC Configuration > Advanced > CAPWAP Tunnel Setup Configuration, and deselect Allow APs to perform DTLS session with the AC in non-authentication mode.
  
  # Click Next. The Confirm Settings page is displayed.
5. Confirm the configuration.
  # Confirm the configuration and click Continue With AP Online.
Add APs and configure the Mesh roles for them.
1. Choose Configuration > Config Wizard > Mesh.
2. Create the AP group ap-group1.
  # In AP Group List, click Create. The Create AP Group page is displayed.
  
  # Set the AP group name to ap-group1 and click OK.
3. Add APs to the AP group ap-group1.
  # In AP Group List, select the AP group ap-group1.
  
  # On the AP Config tab page, click Add. The Add AP page is displayed.
  
  # Set Mode to Manually add and manually add APs.
  
  # Click OK. The APs are added.
  
  # Select the AP area_1 and click Modify Mesh Role. In the dialog box that is displayed, set Role in mesh networking to Mesh-portal.
  
  # Click OK. The Mesh role of the AP is changed.
Configure the Mesh service.
# Click the Service Settings tab and configure Mesh parameters.
- Select Radio 1 as the radio used by Mesh links.
- Set Mesh ID to mesh-net.
- If both wired and wireless STA services are configured, create service VLANs in tagged mode and allow packets from the service VLANs to pass through. This example uses VLAN 101 as an example. (This configuration is supported since V200R022C10.)
- For radio 1, set Bandwidth to 40+MHz, Channel to 157, and WDS/Mesh bridge distance to 20.
- In Security Settings set Key type to Pass-phrase and enter Key to YsH_2022.
- In the Mesh Whitelist area, click Add and add the MAC address of each Mesh node.
# Click Apply. In the dialog box that is displayed, click OK.
Verify the configuration.
1. Choose Configuration > Config Wizard > Mesh. In AP Group List, select ap-group1 and check the AP states. If the state of an AP is normal, the AP has gone online on the AC through a Mesh link.
2. Choose Monitoring > Mesh&WDS > Mesh Link Information to view Mesh link information. You can find detailed information about the Mesh links that are successfully established on this page. In V200R022C00 and later versions, the Mesh topology is displayed on this page.

Example for Configuring the Multi-hop Mesh Service (CLI)

Service Requirements

An enterprise needs to establish Mesh wireless backhaul links in different areas to expand wireless coverage and reduce wired deployment costs.

Networking Requirements

AC networking mode: Layer 2 networking in off-path mode
Wireless backhaul mode: Mesh portal-node
Backhaul radio: 5 GHz radio

Figure 15-19 Networking for configuring the Mesh service

Data Planning

Table 15-13 AP data planning

AP	MAC
area_1	00e0-fc76-e360
area_2	00e0-fc04-b500
area_3	00e0-fc74-9640
area_4	00e0-fc04-c600

Table 15-14 AC data planning

Item	Data
Management VLAN for APs	VLAN 100
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs.
IP address pool for APs	10.23.100.2–10.23.100.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh profiles	Names: mesh-radio0 and mesh-radio1
Mesh roles	area_1: Mesh-portal (MPP) area_2 to area_4: Mesh-node (MP)
Mesh ID	Name: mesh-net
Mesh whitelist	Name: mesh-list
AP system profile	Name: mesh-sys
Radios used by the Mesh service	Radio 0 Bandwidth: 80 MHz Channel: 36 Radio coverage distance parameter: 20 (unit: 100 m) Radio 1: Bandwidth: 80 MHz Channel: 149 Radio coverage distance parameter: 20 (unit: 100 m)
Security profile	Name: mesh-sec Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
AP groups	mesh-mpp: area_1 mesh-mp: area_2, area_3, and area_4

Configuration Roadmap

Configure network connectivity and enable the AP (MPP) in area A to go online on the AC in wired mode.
Configure the Mesh service to enable APs (MPs) in other areas to go online on the AC through Mesh links.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
From V200R021C00, when the CAPWAP source interface or source address is configured, the system checks whether security-related configurations exist, including the PSK for DTLS encryption, PSK for DTLS encryption between ACs, user name and password for logging in to the AP, and password for logging in to the global offline management VAP, the configuration can be successful only when both of them exist. Otherwise, the system prompts you to complete the configuration first.
From V200R021C00, DTLS encryption is enabled for CAPWAP control tunnels on the AC by default. After this function is enabled, an AP will fail to go online when it is added. In this case, you need to enable CAPWAP DTLS non-authentication (capwap dtls no-auth enable) for the AP so that the AP can obtain a security credential. After the AP goes online, disable this function (undo capwap dtls no-auth enable) to prevent unauthorized APs from going online.

Procedure

Configure the network devices.

# Add GE0/0/1 and GE0/0/2 on Switch_B to VLAN 100, and set the PVID of GE0/0/1 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] quit

# Add GE0/0/1 and GE0/0/2 on the aggregation switch Switch_A to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/2] quit

Configure the AC to communicate with other network devices.

If the AC and AP are directly connected, set the PVID of the interface connecting the AC to the AP to VLAN 100 (management VLAN).

# Add GE0/0/1 on the AC to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan batch 100
[AC] interface gigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1] quit

Configure a DHCP server to assign IP addresses to APs.
# Enable the DHCP function on the AC to allow it to assign IP addresses to APs from an interface address pool.
```
[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
```

Configure the AP groups, country code, and AC's source interface.

# Create AP groups for MPPs and MPs respectively and add APs that require the same configuration to the same group.

[AC] wlan
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp0] quit

# Create a regulatory domain profile, configure the country code for the AC in the profile, and bind the profile to the AP groups.

[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit

# Configure the AC's source interface.

[AC] capwap source interface vlanif 100

# Add area_1 to the AP group mesh-mpp, and add area_2, area_3, and area_4 to the AP group mesh-mp.

The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

In this example, the AP is AirEngine 5761R-11E, and radio 0 can be switched to the 5 GHz frequency band.

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc76-e360
[AC-wlan-ap-1] ap-name area_1
[AC-wlan-ap-1] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc04-b500
[AC-wlan-ap-2] ap-name area_2
[AC-wlan-ap-2] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc74-9640
[AC-wlan-ap-3] ap-name area_3
[AC-wlan-ap-3] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-view] ap-id 4 ap-mac 00e0-fc04-c600
[AC-wlan-ap-4] ap-name area_4
[AC-wlan-ap-4] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-4] quit

Configure Mesh parameters.

# Configure radio parameters for Mesh nodes. Radios 0 and 1 are used in this example. The parameter coverage distance indicates the radio coverage distance parameter (unit: 100 m), which is 3 by default. This example uses the radio coverage distance parameter of 20 as an example. You can set this parameter based on site requirements.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 0
[AC-wlan-group-radio-mesh-mpp/0] frequency 5g
Warning: Modifying the frequency band will delete the channel, power, and antenna gain configurations of the current radio in the AP group and reboot the AP. Continue?[Y/N]:y 
[AC-wlan-group-radio-mesh-mpp/0] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mpp/0] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mpp/0] calibrate auto-bandwidth-select disable
[AC-wlan-group-radio-mesh-mpp/0] channel 80mhz 36
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mpp/0] coverage distance 20
[AC-wlan-group-radio-mesh-mpp/0] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 0
[AC-wlan-group-radio-mesh-mp/0] frequency 5g
Warning: Modifying the frequency band will delete the channel, power, and antenna gain configurations of the current radio in the AP group and reboot the AP. Continue?[Y/N]:y 
[AC-wlan-group-radio-mesh-mp/0] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mp/0] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mp/0] calibrate auto-bandwidth-select disable
[AC-wlan-group-radio-mesh-mp/0] channel 80mhz 36
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mp/0] coverage distance 20
[AC-wlan-group-radio-mesh-mp/0] quit
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-bandwidth-select disable
[AC-wlan-group-radio-mesh-mp/1] channel 80mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mp/1] coverage distance 20
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit

# Configure the security profile mesh-sec used by Mesh links, which support the security policy WPA2+PSK+AES.

[AC-wlan-view] security-profile name mesh-sec
[AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase YsH_2022 aes
[AC-wlan-sec-prof-mesh-sec] quit

# Configure a Mesh whitelist.

[AC-wlan-view] mesh-whitelist-profile name mesh-list1-2
[AC-wlan-mesh-whitelist-mesh-list1-2] peer-ap mac 00e0-fc76-e360
[AC-wlan-mesh-whitelist-mesh-list1-2] peer-ap mac 00e0-fc04-b500
[AC-wlan-mesh-whitelist-mesh-list1-2] quit
[AC-wlan-view] mesh-whitelist-profile name mesh-list2-3
[AC-wlan-mesh-whitelist-mesh-list2-3] peer-ap mac 00e0-fc04-b500
[AC-wlan-mesh-whitelist-mesh-list2-3] peer-ap mac 00e0-fc74-9640
[AC-wlan-mesh-whitelist-mesh-list2-3] quit
[AC-wlan-view] mesh-whitelist-profile name mesh-list3-4
[AC-wlan-mesh-whitelist-mesh-list3-4] peer-ap mac 00e0-fc74-9640
[AC-wlan-mesh-whitelist-mesh-list3-4] peer-ap mac 00e0-fc04-c600
[AC-wlan-mesh-whitelist-mesh-list3-4] quit

# Configure Mesh roles. Set the Mesh role of area_1 to Mesh-portal. Retain the default Mesh role Mesh-node for area_2 to area_4. Mesh roles are configured through the AP system profile.

[AC-wlan-view] ap-system-profile name mesh-sys
[AC-wlan-ap-system-prof-mesh-sys] mesh-role mesh-portal
[AC-wlan-ap-system-prof-mesh-sys] quit

# Configure Mesh profiles. Set the Mesh network ID to mesh-net, aging time of Mesh links to 30s, and bind the security profile to the Mesh profiles.

[AC-wlan-view] mesh-profile name mesh-radio0
[AC-wlan-mesh-prof-mesh-radio0] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-radio0] link-aging-time 30
[AC-wlan-mesh-prof-mesh-radio0] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-radio0] quit
[AC-wlan-view] mesh-profile name mesh-radio1
[AC-wlan-mesh-prof-mesh-radio1] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-radio1] link-aging-time 30
[AC-wlan-mesh-prof-mesh-radio1] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-radio1] quit

# Bind the Mesh whitelist profile to AP radios.

[AC-wlan-view] ap-id 1
[AC-wlan-ap-1] radio 0
[AC-wlan-radio-1/0] mesh-whitelist-profile mesh-list1-2
[AC-wlan-radio-1/0] quit
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2
[AC-wlan-ap-2] radio 0
[AC-wlan-radio-2/0] mesh-whitelist-profile mesh-list1-2
[AC-wlan-radio-2/0] quit
[AC-wlan-ap-2] radio 1
[AC-wlan-radio-2/1] mesh-whitelist-profile mesh-list2-3
[AC-wlan-radio-2/1] quit
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3
[AC-wlan-ap-3] radio 1
[AC-wlan-radio-3/1] mesh-whitelist-profile mesh-list2-3
[AC-wlan-radio-3/1] quit
[AC-wlan-ap-3] radio 0
[AC-wlan-radio-3/0] mesh-whitelist-profile mesh-list3-4
[AC-wlan-radio-3/0] quit
[AC-wlan-ap-3] quit
[AC-wlan-view] ap-id 4
[AC-wlan-ap-4] radio 0
[AC-wlan-radio-4/0] mesh-whitelist-profile mesh-list3-4
[AC-wlan-radio-4/0] quit
[AC-wlan-ap-4] quit

Bind required profiles to the AP groups to make the Mesh service take effect.

# Bind the AP system profile mesh-sys to the AP group mesh-mpp to make the MPP role take effect on area_1.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] ap-system-profile mesh-sys
[AC-wlan-ap-group-mesh-mpp] quit

# Bind the Mesh profiles to AP groups mesh-mpp and mesh-mp to make the Mesh service take effect.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-radio0 radio 0
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-radio1 radio 1
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-radio0 radio 0
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-radio1 radio 1
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit
[AC] quit

Verify the Mesh service configuration.

# After the configuration is complete, run the display ap all command to check whether Mesh nodes go online successfully. If State displays as nor, APs have gone online successfully.

<AC> display ap all
Total AP information:       
nor  : normal          [4]  
Extra information: P  : insufficient power supply
------------------------------------------------------------------------------------------------------------
ID   MAC            Name   Group      IP              Type                State STA Uptime      ExtraInfo
------------------------------------------------------------------------------------------------------------
1    00e0-fc76-e360 area_1 mesh-mpp   10.23.100.254   AirEngine5761R-11E  nor   0  13M:45S     -
2    00e0-fc04-b500 area_2 mesh-mp    10.23.100.253   AirEngine5761R-11E  nor   0  5M:22S      -
3    00e0-fc74-9640 area_3 mesh-mp    10.23.100.252   AirEngine5761R-11E  nor   0  4M:14S      -
4    00e0-fc04-c600 area_4 mesh-mp    10.23.100.251   AirEngine5761R-11E  nor   0  5M:40S      -
------------------------------------------------------------------------------------------------------------
Total: 4

# After the Mesh service takes effect, run the display wlan mesh link all command to check Mesh link information.

<AC> display wlan mesh link all
Rf   : radio ID             Dis  : coverage distance(100m)
Ch   : channel              Per  : drop percent(%)
TSNR : total SNR(dB)        P-   : peer
Mesh : Mesh mode            Re   : retry ratio(%)
RSSI : RSSI(dBm)            MaxR : max RSSI(dBm)
----------------------------------------------------------------------------------------------------------------------------------
APName   P-APName   P-APMAC         Rf Dis   Ch      Mesh        P-Status        RSSI  MaxR  Per  Re   TSNR  SNR(Ch0~3:dB) 
Tx(Mbps) Rx(Mbps)
----------------------------------------------------------------------------------------------------------------------------------
area_4   area_3     00e0-fc74-9640  0  20    36      node        normal          -33   -31   0    0    63    60/61/-/-
1201     720      
area_3   area_4     00e0-fc04-c600  0  20    36      node        normal          -32   -31   0    0    57    49/47/-/-
648      960      
area_3   area_2     00e0-fc04-b500  1  20    149     node        normal          -64   -31   0    0    27    19/18/-/-
648      648      
area_2   area_1     00e0-fc76-e360  0  20    36      node        normal          -49   -41   0    0    40    33/27/-/-
1080     1080     
area_2   area_3     00e0-fc74-9640  1  20    149     node        normal          -63   -31   0    0    27    19/18/-/-
648      648      
area_1  area_2      00e0-fc04-b500  0  20    36      portal      normal          -48   -39   0    0    40    32/29/-/-
1201     1201
----------------------------------------------------------------------------------------------------------------------------------
Total: 6

Configuration Files

Switch_A configuration file

#
sysname Switch_A
#
 vlan batch 100
#
dhcp enable 
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

Switch_B configuration file

#
sysname Switch_B
#
 vlan batch 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
 port-isolate enable group 1 
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

AC configuration file

#
 sysname AC
#
 vlan batch 100
#
dhcp enable
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
capwap source interface vlanif100
#
wlan
 security-profile name mesh-sec
  security wpa2 psk pass-phrase %^%#n}5+DgC3wLB.hJ34j5;*QMv<8"9#{Bq@ghBI3L9K%^%# aes
 mesh-whitelist-profile name mesh-list1-2
  peer-ap mac 00e0-fc04-b500
  peer-ap mac 00e0-fc76-e360
 mesh-whitelist-profile name mesh-list2-3
  peer-ap mac 00e0-fc04-b500
  peer-ap mac 00e0-fc74-9640
 mesh-whitelist-profile name mesh-list3-4
  peer-ap mac 00e0-fc04-c600
  peer-ap mac 00e0-fc74-9640
 mesh-profile name mesh-radio0
  security-profile mesh-sec
  mesh-id mesh-net
  link-aging-time 30
 mesh-profile name mesh-radio1
  security-profile mesh-sec
  mesh-id mesh-net
  link-aging-time 30
 regulatory-domain-profile name domain1
 ap-system-profile name mesh-sys
  mesh-role mesh-portal
 ap-group name mesh-mp
  regulatory-domain-profile domain1
  radio 0
   mesh-profile mesh-radio0
   frequency 5g
   channel 80mhz 36
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
   coverage distance 20
  radio 1
   mesh-profile mesh-radio1
   channel 80mhz 149
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
   coverage distance 20
 ap-group name mesh-mpp
  ap-system-profile mesh-sys
  regulatory-domain-profile domain1
  radio 0
   mesh-profile mesh-radio0
   frequency 5g
   channel 80mhz 36
   coverage distance 20
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
  radio 1
   mesh-profile mesh-radio1
 ap-id 1 ap-mac 00e0-fc76-e360
  ap-name area_1
  ap-group mesh-mpp
  radio 0
   mesh-whitelist-profile mesh-list1-2
 ap-id 2 ap-mac 00e0-fc04-b500
  ap-group mesh-mp
  radio 0
   mesh-whitelist-profile mesh-list1-2
  radio 1
   mesh-whitelist-profile mesh-list2-3
 ap-id 3 ap-mac 00e0-fc74-9640
  ap-group mesh-mp
  radio 0
   mesh-whitelist-profile mesh-list3-4
  radio 1
   mesh-whitelist-profile mesh-list2-3
 ap-id 4 ap-mac 00e0-fc04-c600
  ap-group mesh-mp
  radio 0
   mesh-whitelist-profile mesh-list3-4 
#
return

Example for Configuring Multi-hop Mesh Services (Web)

Service Requirements

An enterprise needs to establish Mesh wireless backhaul links in different areas to expand wireless coverage and reduce wired deployment costs.

Networking Requirements

AC networking mode: Layer 2 networking in off-path mode
Wireless backhaul mode: Mesh portal-node
Backhaul radio: 5 GHz radio

Figure 15-20 Networking for configuring the Mesh service

Data Planning

Table 15-15 AP data planning

AP	MAC
area_1	00e0-fc76-e360
area_2	00e0-fc04-b500
area_3	00e0-fc74-9640
area_4	00e0-fc04-c600

Table 15-16 AC data planning

Item	Data
Management VLANs for APs	VLAN 100
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs.
IP address pool for APs	10.23.100.2–10.23.100.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh roles	area_1: Mesh-portal (MPP) area_2 to area_4: Mesh-node (MP)
Mesh ID	Name: mesh-net
Radios used by Mesh services	Radio 0 Switched to the 5 GHz radio Bandwidth: 80 MHz Channel: 35 Radio coverage distance parameter: 20 (unit: 100 m) Radio 1 Bandwidth: 80 MHz Channel: 149 Radio coverage distance parameter: 20 (unit: 100 m)
Security profile	Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
AP group	Name: ap-group1

Configuration Roadmap

Configure network connectivity and enable the AP (MPP) in area A to go online on the AC in wired mode.
Configure the Mesh service to enable APs (MPs) in other areas to go online on the AC through Mesh links.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure the network devices.

# Add GE0/0/1 and GE0/0/2 on Switch_B to VLAN 100, and set the PVID of GE0/0/1 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] quit

# Add GE0/0/1 and GE0/0/2 on the aggregation switch Switch_A to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/2] quit

Configure AC system parameters.
1. Perform basic AC configurations.
  # Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.
  
  # Set Country/Region based on actual situations. For example, set Country/Region to China. Set System time to Manual and Date and time to PC.
  
  # Click Next. The Port Configuration page is displayed.
2. Configure interfaces.
  # Select GigabitEthernet0/0/1 and expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN).
  
  If the AC and APs are directly connected, set the PVID of the interfaces connected to the APs to VLAN 100 (management VLAN).
  
  # Click Apply. In the dialog box that is displayed, click OK.
  
  # Click Next. The Network Interconnection Configuration page is displayed.
3. Configure network connectivity.
  # Set DHCP status to ON.
  
  # Click Create under Interface Configuration. The Create Interface Configuration dialog box is displayed.
  
  # Set the IP address of VLANIF 100 to 10.23.100.1/24.
  
  # Click Create under DHCPv4 Address Pool List. Select Interface address pool and select VLANIF 100.
  
  # Click OK.
  
  # Click Next.
  
  # Click Next. The AC Source Address page is displayed.
4. Configure the source address for AC.
  # Set AC source address to VLANIF, click the selection icon, select Vlanif100 in the dialog box that is displayed, and click the + icon to add the selected VLANIF interface to the list.
  
  From V200R021C00, DTLS encryption for CAPWAP control tunnels is enabled by default, and APs of earlier versions may fail to access the network. In this case, you can set AC-AP DTLS authentication mode to None authentication to allow APs to go online first. After the subsequent configurations are complete and the APs go online normally, disable this function. Specifically, choose Configuration > AC Config > Basic Config > AC Configuration > Advanced > CAPWAP Tunnel Setup Configuration, and deselect Allow APs to perform DTLS session with the AC in non-authentication mode.
  
  # Click Next. The Confirm Settings page is displayed.
5. Confirm the configuration.
  # Confirm the configuration and click Continue With AP Online.
Add APs and configure the Mesh roles for them.
1. Choose Configuration > Config Wizard > Mesh.
2. Create the AP group ap-group1.
  # In AP Group List, click Create. The Create AP Group page is displayed.
  
  # Set the AP group name to ap-group1 and click OK.
3. Add APs to the AP group ap-group1.
  # In AP Group List, select the AP group ap-group1.
  
  # On the AP Config tab page, click Add. The Add AP page is displayed.
  
  # Set Mode to Manually add and manually add APs. If there are a large number of APs, you can add APs in batches.
  
  # Click OK. The APs are added.
  
  # Select the AP area_1 and click Modify Mesh Role. In the dialog box that is displayed, set Role in mesh networking to Mesh-portal.
  
  # Click OK. The Mesh role of the AP is changed.
Switch AP radio 0 to the 5 GHz frequency band.
1. Choose Configuration > AP Config > AP Group. The AP Group page is displayed.
2. Click the AP group ap-group1. The AP group configuration page is displayed.
3. In the navigation tree on the left, choose Radio Management > Radio 0. The page for configuring radio 0 is displayed.
4. Switch radio 0 to the 5 GHz frequency band.
5. Click Apply.
Configure the Mesh service.
1. Choose Configuration > Config Wizard > Mesh.
2. Click the Service Settings tab and configure Mesh parameters.
  - Select Radio 0 and Radio 1 as the radios used by Mesh links.
  - Set Mesh ID to mesh-net.
  - For radio 0, set Bandwidth to 80 MHz, Channel to 36, and WDS/Mesh bridge distance to 20.
  - For radio 1, set Bandwidth to 80 MHz, Channel to 149, and WDS/Mesh bridge distance to 20.
  - In Security Settings set Key type to Pass-phrase and enter Key to YsH_2022.
  - In the Mesh Whitelist area of radio 0 and radio 1, click Add and add MAC addresses of Mesh nodes.
3. After configuring Mesh parameters, click Apply. In the dialog box that is displayed, click OK.
Verify the configuration.
1. Choose Configuration > Config Wizard > Mesh. In AP Group List, select ap-group1 and check whether the AP status is normal. If so, the AP has gone online on the AC through a Mesh link.
2. Choose Monitoring > Mesh&WDS > Mesh Link Information to view Mesh link information. Detailed information about the Mesh links that are successfully established is displayed on this page. In V200R022C00 and later versions, the Mesh topology is displayed on this page.

Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (CLI)

Service Requirements

An enterprise needs to establish Mesh wireless backhaul links in different areas to expand wireless coverage and reduce wired deployment costs.

Networking Requirements

AC networking mode: Layer 2 networking in off-path mode
Wireless backhaul mode: Mesh portal-node
Backhaul radio: 5 GHz radio
Service radio: 2.4 GHz radio

Figure 15-21 Networking for configuring Mesh services

Data Planning

Table 15-17 AP data planning

AP	MAC
area_1	00e0-fc76-e360
area_2	00e0-fc04-b500
area_3	00e0-fc74-9640
area_4	00e0-fc04-c600
area_5	00e0-fcf6-76a0
area_6	00e0-fcbb-c460

Table 15-18 AC data planning

Item	Data
Management VLAN for APs	VLAN 100
Service VLAN for STAs	VLAN 101
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs and STAs.
IP address pool for APs	10.23.100.2-10.23.100.254/24
IP address pool for STAs	10.23.101.2-10.23.101.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh profiles	Name: mesh-radio1 and mesh-radio2
Mesh roles	area_1 and area_5: Mesh-portal (MPP) area_2, area_3, area_4, and area_6: Mesh-node (MP)
Mesh ID	Name: mesh-net
Mesh whitelist	Name: mesh-list
AP system profile	MPP: Name: mpp-sys Radio mode: triple-radio Mesh role: Mesh-portal (MPP) MP: Name: mp-sys Radio mode: triple-radio Mesh role: Mesh-node (MP)
Radio used by Mesh services	Radio 1: Bandwidth: 80 MHz Channel: 149 Radio coverage distance parameter: 20 (unit: 100 m) Radio 2: Bandwidth: 80 MHz Channel: 36 Radio coverage distance parameter: 20 (unit: 100 m)
Security profiles	Mesh service: Name: mesh-sec Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022 Coverage service: Name: wlan-net Security policy: WPA-WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
VAP profile	Name: wlan-net Forwarding mode: tunnel forwarding Service VLAN: VLAN 101 Referenced profiles: SSID profile wlan-net and security profile wlan-net
SSID profile	Name: wlan-net SSID name: wlan-net
AP wired port profile	Name: wired Service VLAN: VLAN 101
AP group	mesh-mpp: area_1 and area_5 mesh-mp: area_2, area_3, area_4, and area_6

Configuration Roadmap

Configure network connectivity and enable MPPs to go online on the AC in wired mode.
Configure Mesh services to enable MPs in other areas to go online on the AC through Mesh links.
Configure the wireless coverage service so that STAs in area D can access the Wi-Fi network through an SSID.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
From V200R021C00, when the CAPWAP source interface or source address is configured, the system checks whether security-related configurations exist, including the PSK for DTLS encryption, PSK for DTLS encryption between ACs, user name and password for logging in to the AP, and password for logging in to the global offline management VAP, the configuration can be successful only when both of them exist. Otherwise, the system prompts you to complete the configuration first.
From V200R021C00, DTLS encryption is enabled for CAPWAP control tunnels on the AC by default. After this function is enabled, an AP will fail to go online when it is added. In this case, you need to enable CAPWAP DTLS non-authentication (capwap dtls no-auth enable) for the AP so that the AP can obtain a security credential. After the AP goes online, disable this function (undo capwap dtls no-auth enable) to prevent unauthorized APs from going online.

Procedure

Configure network devices.

# Add GE0/0/1 and GE0/0/2 on Switch_B to VLAN 100, and set the PVID of GE0/0/1 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] quit

# On Switch_A (aggregation switch), add GE0/0/1 to VLAN 100 and GE0/0/2 to VLAN 100 and VLAN 101.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100 101
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[Switch_A-GigabitEthernet0/0/2] quit

Configure the AC to communicate with other network devices.

If the AC and AP are directly connected, set the PVID of the interface connecting the AC to the AP to VLAN 100 (management VLAN).

# Add GE0/0/1 on the AC to VLAN 100 and VLAN 101.

<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan batch 100 101
[AC] interface gigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[AC-GigabitEthernet0/0/1] quit

Configure a DHCP server to assign IP addresses to APs and STAs.

# Enable the DHCP function on the AC, and configure interface address pools to assign IP addresses to APs and STAs.

[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24  //Configure an address pool for APs.
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
[AC] interface vlanif 101
[AC-Vlanif101] ip address 10.23.101.1 24  //Configure an IP address pool for STAs.
[AC-Vlanif101] dhcp select interface
[AC-Vlanif101] quit

Configure the AP groups, country code, and AC's source interface.

# Create AP groups for MPPs and MPs. You can add APs that require the same configuration to the same group.

[AC] wlan
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp0] quit

# Create a regulatory domain profile, configure the country code for the AC in the profile, and bind the profile to the AP groups.

[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit

# Configure the AC's source interface.

[AC] capwap source interface vlanif 100

# Add area_1 and area_5 to the AP group mesh-mpp and area_2, area_3, area_4, and area_6 to the AP group mesh-mp.

The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

In this example, the AirEngine 8760R-X1E is used and works in triple-radio mode. Radio 0 is used for wireless coverage, and radio 1 and radio 2 are used for dual-5G Mesh backhaul.

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc76-e360
[AC-wlan-ap-1] ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y 
[AC-wlan-ap-1] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc04-b500
[AC-wlan-ap-2] ap-name area_2
Warning: This operation may cause AP reset. Continue? [Y/N]:y 
[AC-wlan-ap-2] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc74-9640
[AC-wlan-ap-3] ap-name area_3
Warning: This operation may cause AP reset. Continue? [Y/N]:y 
[AC-wlan-ap-3] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-3] quit
[AC-wlan-view] ap-id 4 ap-mac 00e0-fc04-c600
[AC-wlan-ap-4] ap-name area_4
Warning: This operation may cause AP reset. Continue? [Y/N]:y 
[AC-wlan-ap-4] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-4] quit
[AC-wlan-view] ap-id 5 ap-mac 00e0-fcf6-76a0
[AC-wlan-ap-5] ap-name area_5
Warning: This operation may cause AP reset. Continue? [Y/N]:y 
[AC-wlan-ap-5] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-5] quit
[AC-wlan-view] ap-id 6 ap-mac 00e0-fcbb-c460
[AC-wlan-ap-6] ap-name area_6
Warning: This operation may cause AP reset. Continue? [Y/N]:y 
[AC-wlan-ap-6] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-6] quit

Configure Mesh parameters.

# Configure the radio mode and Mesh role for APs. Set the radio mode of APs to triple-radio. Set the Mesh roles of area_1 and area_5 to Mesh-portal, and those of area_2, area_3, area_4, and area_6 to Mesh-node.

[AC-wlan-view] ap-system-profile name mpp-sys
[AC-wlan-ap-system-prof-mpp-sys] mesh-role mesh-portal
[AC-wlan-ap-system-prof-mpp-sys] radio-mode 3radio
[AC-wlan-ap-system-prof-mpp-sys] quit
[AC-wlan-view] ap-system-profile name mp-sys
[AC-wlan-ap-system-prof-mp-sys] mesh-role mesh-node
[AC-wlan-ap-system-prof-mp-sys] radio-mode 3radio
[AC-wlan-ap-system-prof-mp-sys] quit

# Configure radio parameters for Mesh nodes. Radios 1 and 2 are used for Mesh backhaul services in this example. The parameter coverage distance indicates the radio coverage distance parameter (unit: 100 m), which is 3 by default. This example uses the radio coverage distance parameter of 20. You can set this parameter based on site requirements.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 2
[AC-wlan-group-radio-mesh-mpp/2] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mpp/2] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mpp/2] calibrate auto-bandwidth-select disable
[AC-wlan-group-radio-mesh-mpp/2] channel 80mhz 36
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mpp/2] coverage distance 20
[AC-wlan-group-radio-mesh-mpp/2] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 2
[AC-wlan-group-radio-mesh-mp/2] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mp/2] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mp/2] calibrate auto-bandwidth-select disable
[AC-wlan-group-radio-mesh-mp/2] channel 80mhz 36
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mp/2] coverage distance 20
[AC-wlan-group-radio-mesh-mp/2] quit
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-bandwidth-select disable
[AC-wlan-group-radio-mesh-mp/1] channel 80mhz 149
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mp/1] coverage distance 20
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit

# Configure the security profile mesh-sec used by Mesh links. This profile supports the security policy WPA2+PSK+AES.

[AC-wlan-view] security-profile name mesh-sec
[AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase YsH_2022 aes
[AC-wlan-sec-prof-mesh-sec] quit

# Configure Mesh whitelists.

[AC-wlan-view] mesh-whitelist-profile name mesh-list1-2
[AC-wlan-mesh-whitelist-mesh-list1-2] peer-ap mac 00e0-fc76-e360
[AC-wlan-mesh-whitelist-mesh-list1-2] peer-ap mac 00e0-fc04-b500
[AC-wlan-mesh-whitelist-mesh-list1-2] quit
[AC-wlan-view] mesh-whitelist-profile name mesh-list2-3
[AC-wlan-mesh-whitelist-mesh-list2-3] peer-ap mac 00e0-fc04-b500
[AC-wlan-mesh-whitelist-mesh-list2-3] peer-ap mac 00e0-fc74-9640
[AC-wlan-mesh-whitelist-mesh-list2-3] quit
[AC-wlan-view] mesh-whitelist-profile name mesh-list3-4
[AC-wlan-mesh-whitelist-mesh-list3-4] peer-ap mac 00e0-fc74-9640
[AC-wlan-mesh-whitelist-mesh-list3-4] peer-ap mac 00e0-fc04-c600
[AC-wlan-mesh-whitelist-mesh-list3-4] quit
[AC-wlan-view] mesh-whitelist-profile name mesh-list5-6
[AC-wlan-mesh-whitelist-mesh-list5-6] peer-ap mac 00e0-fcf6-76a0
[AC-wlan-mesh-whitelist-mesh-list5-6] peer-ap mac 00e0-fcbb-c460
[AC-wlan-mesh-whitelist-mesh-list5-6] quit

# Configure Mesh profiles. Set the Mesh network ID to mesh-net, aging time of Mesh links to 30s, and bind the security profile to the Mesh profiles.

[AC-wlan-view] mesh-profile name mesh-radio2
[AC-wlan-mesh-prof-mesh-radio2] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-radio2] link-aging-time 30
[AC-wlan-mesh-prof-mesh-radio2] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-radio2] quit
[AC-wlan-view] mesh-profile name mesh-radio1
[AC-wlan-mesh-prof-mesh-radio1] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-radio1] link-aging-time 30
[AC-wlan-mesh-prof-mesh-radio1] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-radio1] quit

# Bind the Mesh whitelist profiles to AP radios.

[AC-wlan-view] ap-id 1
[AC-wlan-ap-1] radio 2
[AC-wlan-radio-1/2] mesh-whitelist-profile mesh-list1-2
[AC-wlan-radio-1/2] quit
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2
[AC-wlan-ap-2] radio 2
[AC-wlan-radio-2/2] mesh-whitelist-profile mesh-list1-2
[AC-wlan-radio-2/2] quit
[AC-wlan-ap-2] radio 1
[AC-wlan-radio-2/1] mesh-whitelist-profile mesh-list2-3
[AC-wlan-radio-2/1] quit
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3
[AC-wlan-ap-3] radio 1
[AC-wlan-radio-3/1] mesh-whitelist-profile mesh-list2-3
[AC-wlan-radio-3/1] quit
[AC-wlan-ap-3] radio 2
[AC-wlan-radio-3/2] mesh-whitelist-profile mesh-list3-4
[AC-wlan-radio-3/2] quit
[AC-wlan-ap-3] quit
[AC-wlan-view] ap-id 4
[AC-wlan-ap-4] radio 2
[AC-wlan-radio-4/2] mesh-whitelist-profile mesh-list3-4
[AC-wlan-radio-4/2] quit
[AC-wlan-ap-4] quit
[AC-wlan-view] ap-id 5
[AC-wlan-ap-5] radio 2
[AC-wlan-radio-5/2] mesh-whitelist-profile mesh-list5-6
[AC-wlan-radio-5/2] quit
[AC-wlan-ap-5] quit
[AC-wlan-view] ap-id 6
[AC-wlan-ap-6] radio 2
[AC-wlan-radio-6/2] mesh-whitelist-profile mesh-list5-6
[AC-wlan-radio-6/2] quit
[AC-wlan-ap-6] quit

Bind required profiles to the AP groups to make Mesh services take effect.

# Bind AP system profiles to AP groups mesh-mpp and mesh-mp to make the radio mode and Mesh role configurations take effect.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] ap-system-profile mpp-sys
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] ap-system-profile mp-sys
[AC-wlan-ap-group-mesh-mp] quit

# Bind the Mesh profiles to the AP groups mesh-mpp and mesh-mp to make Mesh services take effect.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-radio2 radio 2
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-radio1 radio 1
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-radio2 radio 2
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-radio1 radio 1
[AC-wlan-ap-group-mesh-mp] quit

Configure an AP's wired interface.

# Create an AP wired port profile.

[AC-wlan-view] wired-port-profile name wired
[AC-wlan-wired-port-wired] vlan tagged 101
[AC-wlan-wired-port-wired] quit

# Bind the AP wired port profile to the wired port connecting area_4 to area_5.

[AC-wlan-view] ap-id 4
[AC-wlan-ap-4] wired-port-profile wired gigabitethernet 1
[AC-wlan-ap-4] quit

Configure the wireless coverage service.

# Create the security profile wlan-net and configure a security policy.

[AC-wlan-view] security-profile name wlan-net 
[AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase YsH_2022 aes 
[AC-wlan-sec-prof-wlan-net] quit

# Create the SSID profile wlan-net and set the SSID name to wlan-net.

[AC-wlan-view] ssid-profile name wlan-net 
[AC-wlan-ssid-prof-wlan-net] ssid wlan-net 
[AC-wlan-ssid-prof-wlan-net] quit

# Create the VAP profile wlan-net, set the data forwarding mode and service VLAN, and bind the security profile and SSID profile to the VAP profile.

[AC-wlan-view] vap-profile name wlan-net 
[AC-wlan-vap-prof-wlan-net] forward-mode tunnel 
[AC-wlan-vap-prof-wlan-net] service-vlan vlan-id 101 
[AC-wlan-vap-prof-wlan-net] security-profile wlan-net 
[AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net 
[AC-wlan-vap-prof-wlan-net] quit

# Bind the VAP profile to AP radio 0.

[AC-wlan-view] ap-id 4 
[AC-wlan-ap-4] vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-4] quit
[AC-wlan-view] quit
[AC] quit

Verify the configuration.

# After the configuration is complete, run the display ap all command to check whether Mesh nodes go online successfully. If State displays as nor, APs have gone online successfully.

<AC> display ap all
Total AP information:       
nor  : normal          [4]  
Extra information: P  : insufficient power supply
------------------------------------------------------------------------------------------------------------
ID   MAC            Name   Group      IP              Type                State STA Uptime      ExtraInfo
------------------------------------------------------------------------------------------------------------
1    00e0-fc76-e360 area_1 mesh-mpp   10.23.100.256   AirEngine8760R-X1E  nor   0  13M:45S     -
2    00e0-fc04-b500 area_2 mesh-mp    10.23.100.255   AirEngine8760R-X1E  nor   0  5M:22S      -
3    00e0-fc74-9640 area_3 mesh-mp    10.23.100.254   AirEngine8760R-X1E  nor   0  4M:14S      -
4    00e0-fc04-c600 area_4 mesh-mp    10.23.100.253   AirEngine5761R-11E  nor   0  5M:40S      -
5    00e0-fcf6-76a0 area_5 mesh-mp    10.23.100.252   AirEngine5761R-11E  nor   0  3M:40S      -
6    00e0-fcbb-c460 area_6 mesh-mp    10.23.100.251   AirEngine5761R-11E  nor   0  2M:30S      -
------------------------------------------------------------------------------------------------------------
Total: 5

# After Mesh services take effect, run the display wlan mesh link all command to check Mesh link information.

<AC> display wlan mesh link all
Rf   : radio ID             Dis  : coverage distance(100m)
Ch   : channel              Per  : drop percent(%)
TSNR : total SNR(dB)        P-   : peer
Mesh : Mesh mode            Re   : retry ratio(%)
RSSI : RSSI(dBm)            MaxR : max RSSI(dBm)
----------------------------------------------------------------------------------------------------------------------------------
APName   P-APName   P-APMAC         Rf Dis   Ch      Mesh        P-Status        RSSI  MaxR  Per  Re   TSNR  SNR(Ch0~3:dB) 
Tx(Mbps) Rx(Mbps)
----------------------------------------------------------------------------------------------------------------------------------
area_6   area_5     00e0-fcf6-76a0  2  20    36      node        normal          -45   -31   0    0    63    55/56/-/-
470     720      
area_5   area_6     00e0-fcbb-c460  2  20    36      node        normal          -55   -31   0    0    57    45/44/-/-
648      960      
area_4   area_3     00e0-fc74-9640  2  20    36      node        normal          -33   -31   0    0    63    60/61/-/-
1201     720      
area_3   area_4     00e0-fc04-c600  2  20    36      node        normal          -32   -31   0    0    57    49/47/-/-
648      960      
area_3   area_2     00e0-fc04-b500  1  20    149     node        normal          -64   -31   0    0    27    19/18/-/-
648      648      
area_2   area_1     00e0-fc76-e360  2  20    36      node        normal          -49   -41   0    0    40    33/27/-/-
1080     1080     
area_2   area_3     00e0-fc74-9640  1  20    149     node        normal          -63   -31   0    0    27    19/18/-/-
648      648      
area_1  area_2      00e0-fc04-b500  2  20    36      portal      normal          -48   -39   0    0    40    32/29/-/-
1201     1201
----------------------------------------------------------------------------------------------------------------------------------
Total: 8

Configuration Files

Switch_A configuration file

#
sysname Switch_A
#
 vlan batch 100
#
dhcp enable 
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

Switch_B configuration file

#
sysname Switch_B
#
 vlan batch 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
 port-isolate enable group 1 
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

AC configuration file

#
 sysname AC
#
 vlan batch 100 101
#
dhcp enable
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select interface
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 101
#
capwap source interface vlanif100
#
wlan
 security-profile name mesh-sec
  security wpa2 psk pass-phrase %^%#n}5+DgC3wLB.hJ34j5;*QMv<8"9#{Bq@ghBI3L9K%^%# aes
 security-profile name wlan-net
  security wpa-wpa2 psk pass-phrase %^%#H@{4#h%1*Eh}<J#bpa}KSW30R:(77BieX'2"!uH2%^%# aes
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name wlan-net
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
 mesh-whitelist-profile name mesh-list1-2
  peer-ap mac 00e0-fc04-b500
  peer-ap mac 00e0-fc76-e360
 mesh-whitelist-profile name mesh-list2-3
  peer-ap mac 00e0-fc04-b500
  peer-ap mac 00e0-fc74-9640
 mesh-whitelist-profile name mesh-list3-4
  peer-ap mac 00e0-fc04-c600
  peer-ap mac 00e0-fc74-9640
 mesh-whitelist-profile name mesh-list5-6
  peer-ap mac 00e0-fcbb-c460
  peer-ap mac 00e0-fcf6-76a0
 mesh-profile name mesh-radio1
  security-profile mesh-sec
  mesh-id mesh-net
  link-aging-time 30
 mesh-profile name mesh-radio2
  security-profile mesh-sec
  mesh-id mesh-net
  link-aging-time 30
 regulatory-domain-profile name domain1
 ap-system-profile name mp-sys
  radio-mode 3radio
 ap-system-profile name mpp-sys
  mesh-role mesh-portal
  radio-mode 3radio
 wired-port-profile name wired
  vlan tagged 101
 ap-group name mesh-mp
  regulatory-domain-profile domain1
  radio 1
   mesh-profile mesh-radio1
   channel 80mhz 149
   coverage distance 20
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
  radio 2
   mesh-profile mesh-radio2
   mesh-whitelist-profile Radio2mesh-mp
   frequency 5g
   channel 80mhz 36
   coverage distance 20
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
 ap-group name mesh-mpp
  ap-system-profile mesh-sys
  regulatory-domain-profile domain1
  radio 1
   mesh-profile mesh-radio1
   channel 80mhz 149
   coverage distance 20
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
  radio 2
   mesh-profile mesh-radio2
   channel 80mhz 36
   coverage distance 20
   calibrate auto-bandwidth-select disable
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
 ap-id 1 ap-mac 00e0-fc76-e360
  ap-name area_1
  ap-group mesh-mpp
  radio 2
   mesh-whitelist-profile mesh-list1-2
 ap-id 2 ap-mac 00e0-fc04-b500
  ap-name area_2
  ap-group mesh-mp
  radio 1
   mesh-whitelist-profile mesh-list2-3
  radio 2
   mesh-whitelist-profile mesh-list1-2
 ap-id 3 ap-mac 00e0-fc74-9640
  ap-name area_3
  ap-group mesh-mp
  radio 1
   mesh-whitelist-profile mesh-list2-3
  radio 2
   mesh-whitelist-profile mesh-list3-4
 ap-id 4 ap-mac 00e0-fc04-c600
  ap-name area_4
  ap-group mesh-mp
  wired-port-profile wired gigabitethernet 1
  radio 0
   vap-profile wlan-net wlan 1
  radio 2
   mesh-whitelist-profile mesh-list3-4
 ap-id 5 ap-mac 00e0-fcf6-76a0
  ap-name area_5
  ap-group mesh-mpp
  radio 2
   mesh-whitelist-profile mesh-list5-6
 ap-id 6 ap-mac 00e0-fcbb-c460
  ap-name area_6
  ap-group mesh-mp
  radio 2
   mesh-whitelist-profile mesh-list5-6
#
return

Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (Web)

Service Requirements

An enterprise needs to establish Mesh wireless backhaul links in different areas to expand wireless coverage and reduce wired deployment costs.

Networking Requirements

AC networking mode: Layer 2 networking in off-path mode
Wireless backhaul mode: Mesh portal-node
Backhaul radio: 5 GHz radio
Service radio: 2.4 GHz radio

Figure 15-22 Networking for configuring Mesh services

Data Planning

Table 15-19 AP data planning

AP	MAC
area_1	00e0-fc76-e360
area_2	00e0-fc04-b500
area_3	00e0-fc74-9640
area_4	00e0-fc04-c600
area_5	00e0-fcf6-76a0
area_6	00e0-fcbb-c460

Table 15-20 AC data planning

Item	Data
Management VLANs for APs	VLAN 100
Service VLAN for STAs	VLAN 101
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs and STAs.
IP address pool for APs	10.23.100.2–10.23.100.254/24
IP address pool for STAs	10.23.101.2–10.23.101.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh profiles	Names: mesh-radio1 and mesh-radio2
Mesh roles	area_1 and area_5: Mesh-portal (MPP) area_2, area_3, area_4, and area_6: Mesh-node (MP)
Mesh ID	Name: mesh-net
AP system profile	MPP: Name: mpp-sys Radio mode: triple-radio Mesh role: Mesh-portal (MPP) MP: Name: mp-sys Radio mode: triple-radio Mesh role: Mesh-node (MP)
Radios used by Mesh services	Radio 1: Bandwidth: 80 MHz Channel: 149 Radio coverage distance parameter: 20 (unit: 100 m) Radio 2: Bandwidth: 80 MHz Channel: 36 Radio coverage distance parameter: 20 (unit: 100 m)
Security profile	Mesh service: Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022 Coverage service: Security policy: WPA-WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
VAP profile	Forwarding mode: tunnel forwarding Service VLAN: VLAN 101 Referenced profiles: SSID profile wlan-net and security profile wlan-net
SSID profile	SSID name: wlan-net
AP wired port profile	Name: wired Service VLAN: VLAN 101
AP groups	mesh-mpp: area_1 and area_5 mesh-mp: area_2, area_3, area_4, and area_6

Configuration Roadmap

Configure network connectivity and enable MPPs to go online on the AC in wired mode.
Configure Mesh services to enable MPs in other areas to go online on the AC through Mesh links.
Configure the wireless coverage service so that STAs in area D can access the Wi-Fi network through an SSID.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure network devices.

# Add GE0/0/1 and GE0/0/2 on Switch_B to VLAN 100, and set the PVID of GE0/0/1 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] quit

# On Switch_A (aggregation switch), add GE0/0/1 to VLAN 100 and GE0/0/2 to VLAN 100 and VLAN 101.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100 101
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[Switch_A-GigabitEthernet0/0/2] quit

Configure AC system parameters.
1. Perform basic AC configurations.
  # Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.
  
  # Set Country/Region based on actual situations. For example, set Country/Region to China. Set System time to Manual and Date and time to PC.
  
  # Click Next. The Port Configuration page is displayed.
2. Configure interfaces.
  # Select GigabitEthernet0/0/1 and expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN).
  
  If the AC and APs are directly connected, set the PVID of the interfaces connected to the APs to VLAN 100 (management VLAN).
  
  # Click Apply. In the dialog box that is displayed, click OK.
  
  # Click Next. The Network Interconnection Configuration page is displayed.
3. Configure network connectivity.
  # Set DHCP status to ON.
  
  # Click Create under Interface Configuration. The Create Interface Configuration dialog box is displayed.
  
  # Set the IP address of VLANIF 100 to 10.23.100.1/24.
  
  # Click Create under DHCPv4 Address Pool List. Select Interface address pool and select VLANIF 100.
  
  # Click OK.
  
  # Click Next.
  
  # Click Next. The AC Source Address page is displayed.
4. Configure the source address for AC.
  # Set AC source address to VLANIF, click the selection icon, select Vlanif100 in the dialog box that is displayed, and click the + icon to add the selected VLANIF interface to the list.
  
  From V200R021C00, DTLS encryption for CAPWAP control tunnels is enabled by default, and APs of earlier versions may fail to access the network. In this case, you can set AC-AP DTLS authentication mode to None authentication to allow APs to go online first. After the subsequent configurations are complete and the APs go online normally, disable this function. Specifically, choose Configuration > AC Config > Basic Config > AC Configuration > Advanced > CAPWAP Tunnel Setup Configuration, and deselect Allow APs to perform DTLS session with the AC in non-authentication mode.
  
  # Click Next. The Confirm Settings page is displayed.
5. Confirm the configuration.
  # Confirm the configuration and click Continue With AP Online.
Create an AP group and add APs to the group.
1. Choose Configuration > Config Wizard > Mesh.
2. Create the AP group mesh-mpp.
  # In AP Group List, click Create. The Create AP Group page is displayed.
  
  # Set the AP group name to mesh-mpp and click OK.
3. Add APs to the AP group mesh-mpp.
  # In AP Group List, select the AP group mesh-mpp.
  
  # On the AP Config tab page, click Add. The Add AP page is displayed.
  
  # Set Mode to Manually add and manually add APs. If there are a large number of APs, you can add APs in batches.
  
  # Click OK. The APs are added.
4. Create the AP group mesh-mp.
  # In AP Group List, click Create. The Create AP Group page is displayed.
  
  # Set the AP group name to mesh-mp and click OK.
5. Add APs to the AP group mesh-mp.
  # In AP Group List, select the AP group mesh-mp.
  
  # On the AP Config tab page, click Add. The Add AP page is displayed.
  
  # Set Mode to Manually add and manually add APs. If there are a large number of APs, you can add APs in batches.
  
  # Click OK. The APs are added.
Create an AP system profile, set the AP radio mode to triple-radio, and specify the Mesh roles of the APs.
1. Choose Configuration > AP Config > AP Group. The AP Group page is displayed.
2. Click the AP group mesh-mp. The AP group configuration page is displayed.
3. Choose AP > AP System Profile from the navigation tree on the left. The AP system profile configuration page is displayed.
4. Click Create. On the Create AP System Profile page that is displayed, enter the profile name mp-sys and click to confirm the.
5. Click Advanced Configuration. In the Radio Mode Management area, enable Mode switching and set Radio mode to Three-radio.
6. Click Apply. In the dialog box that is displayed, click OK.
7. Select mesh-mpp from the AP group configuration drop-down list box on the left pane of AP Group, create the AP system profile mpp-sys in the same way, and set Radio mode to Three-radio. Set Role in mesh networking to Mesh-portal in the Mesh area.
8. Click Apply. In the dialog box that is displayed, click OK.
Configure the Mesh service.
1. Choose Configuration > Config Wizard > Mesh.
2. Select the AP group mesh-mpp from the AP group list on the left.
3. Click the Service Settings tab and configure Mesh parameters.
  # Select Radio 1 and Radio 2 as the radios used by Mesh links.
  
  # Set Mesh ID to mesh-net.
  
  # For radio 1, set Bandwidth to 80 MHz, Channel to 149, and WDS/Mesh bridge distance to 20.
  
  # For radio 2, set Bandwidth to 80 MHz, Channel to 36, and WDS/Mesh bridge distance to 20.
  
  # In the Security Settings area, set Key type to Pass-phrase and Key to YsH_2022.
  
  # In the Mesh Whitelist area of radio 1 and radio 2, click Add and add MAC addresses of Mesh nodes.
4. After configuring Mesh parameters, click Apply. In the dialog box that is displayed, click OK.
5. Select the AP group mesh-mp from the AP group list on the left and configure Mesh parameters in the same way.
Configure an AP's wired interface.
1. Choose Configuration > AP Config > AP Config. The AP List page is displayed.
2. Select the AP area_5. The AP Customized Settings page is displayed.
3. In the navigation tree on the left, choose AP > AP Wired Port Settings. The AP Wired Port Configuration List page is displayed.
4. Select the interface named GE1. The GE1 profile page is displayed.
5. Create an AP wired port profile and set parameters.
  # Click Create. In the dialog box that is displayed, set the profile name to wired, and click OK.
  
  # Enter 101 in Added VLAN ID, and click .
  
  # In the dialog box that is displayed, set Mode to Tagged and click OK.
  
  # Click OK. The AP wired port profile configuration is complete.
Configure WLAN services.
# Choose Configuration > Config Wizard > Wireless Service. The Wireless Service Configuration page is displayed.

# In SSID List, click Create. The Create SSID page is displayed.

# Configure the SSID name, forwarding mode, and service VLAN.

# Click Next. The Security Authentication page is displayed.

# Set Security settings to Key (applicable to personnel networks), select the AES mode, and set the key.

# Click Next. The Access Control page is displayed.

# Set Binding the AP group to mesh-mpp and mesh-mp, and set Valid radio to 0.

# Click Finish.
Verify the configuration.
1. Choose Configuration > Config Wizard > Mesh. In AP Group List, select ap-group1 and check whether the AP status is normal. If so, the AP has gone online on the AC through a Mesh link.
2. Choose Monitoring > Mesh&WDS > Mesh Link Information to view Mesh link information. Detailed information about the Mesh links that are successfully established is displayed on this page. In V200R022C00 and later versions, the Mesh topology is displayed on this page.

Example for Configuring Dual-MPP Mesh Services (CLI)

Service Requirements

If an enterprise needs to provide wireless network access services for different areas, multiple Mesh Portal Points (MPPs) can be configured to work on different channels. This can reduce MP contention for wireless channels, thus improving coverage performance.

Networking Requirements

AC networking mode: Layer 2 bypass mode
Wireless backhaul node: dual Mesh portal-nodes
Backhaul radio: 5 GHz radio

Figure 15-23 Networking for configuring dual-MPP Mesh services

Data Planning

Table 15-21 AP data planning

AP Name	MAC
AP_1	00e0-fc74-9640
AP_2	00e0-fc04-b500
AP_3	00e0-fc96-e4c0
AP_4	00e0-fcac-cc60

Table 15-22 AC data planning

Item	Data
Management VLAN for APs	VLAN100
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs.
IP address pool for APs	10.23.100.2-10.23.100.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh profile	Name: mesh-net Aging time of Mesh links: 30 (unit: s)
Mesh role	AP_1: Mesh-portal (MPP) AP_2: Mesh-portal (MPP) AP_3: Mesh-node (MP) AP_4: Mesh-node (MP)
Mesh ID	Name: mesh-net
Mesh whitelist	Name: mesh-list
Regulatory domain profile	Name: default Country code: CN
AP system profile	Name: mesh-sys
Radio used by Mesh services	Radio 1: Bandwidth: 40 MHz-plus Channel: 157 Radio coverage distance parameter: 4 (unit: 100 m)
Security profile	Name: mesh-sec Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: YsH_2022
AP group	mesh-mpp: AP_1 and AP_2 mesh-mp: AP_3 and AP_4

Configuration Roadmap

Configure network connectivity and enable APs (MPPs) in Area A to go online on the AC in wired mode.
Configure Mesh services to enable APs (MPs) in Area B to go online on the AC through Mesh links.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
From V200R021C00, when the CAPWAP source interface or source address is configured, the system checks whether security-related configurations exist, including the PSK for DTLS encryption, PSK for DTLS encryption between ACs, user name and password for logging in to the AP, and password for logging in to the global offline management VAP, the configuration can be successful only when both of them exist. Otherwise, the system prompts you to complete the configuration first.
From V200R021C00, DTLS encryption is enabled for CAPWAP control tunnels on the AC by default. After this function is enabled, an AP will fail to go online when it is added. In this case, you need to enable CAPWAP DTLS non-authentication (capwap dtls no-auth enable) for the AP so that the AP can obtain a security credential. After the AP goes online, disable this function (undo capwap dtls no-auth enable) to prevent unauthorized APs from going online.
To enable an MP to establish wireless links with multiple MPPs, configure the same channel for these MPPs.

Procedure

Configure the network devices.

# Add GE0/0/1 and GE0/0/2 on the aggregation switch Switch_A to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/2] quit

# Add GE0/0/1, GE0/0/2, and GE0/0/3 on the access switch Switch_B to VLAN 100, and set the PVID of GE0/0/1 and GE0/0/2 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] port-isolate enable
[Switch_B-GigabitEthernet0/0/2] quit
[Switch_B] interface gigabitEthernet 0/0/3
[Switch_B-GigabitEthernet0/0/3] port link-type trunk
[Switch_B-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/3] quit

Configure the AC to communicate with the network devices.

If the AC and AP are directly connected, set the PVID of the interface connecting the AC to the AP to VLAN 100 (management VLAN).

# Add GE0/0/1 on the AC to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan batch 100
[AC] interface gigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] port link-type trunk
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1] quit

Configure the DHCP server to assign IP addresses to APs, wireless STAs, and wired STAs.

# Enable the DHCP function on the AC to allow it to assign IP addresses to APs, wireless STAs, and wired STAs from interface address pools.

[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24  //Configure an address pool for APs.
[AC-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
[AC] interface vlanif 101
[AC-Vlanif101] ip address 10.23.101.1 24  //Configure an IP address pool for wireless STAs.
[AC-Vlanif101] dhcp select interface
[AC-Vlanif101] quit
[AC] interface vlanif 102
[AC-Vlanif102] ip address 10.23.102.1 24  //Configure an IP address pool for wired STAs.
[AC-Vlanif102] dhcp select interface
[AC-Vlanif102] quit

Configure the AP groups, country code, and AC's source interface.

# Create AP groups for MPPs and MPs respectively. You can add APs that require the same configuration to the same group.

[AC] wlan
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] quit

# Create a regulatory domain profile, configure the country code for the AC in the profile, and bind the profile to the AP groups.

[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y  
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit

# Configure the AC's source interface.

[AC] capwap source interface vlanif 100

# Add AP_1 and AP_2 to the AP group mesh-mpp and AP_3 and AP_4 to the AP group mesh-mp.

The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.

In this example, the AirEngine 5761R-11E is used and has two radios: radio 0 and radio 1.

[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc74-9640
[AC-wlan-ap-1] ap-name AP_1
[AC-wlan-ap-1] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc04-b500
[AC-wlan-ap-2] ap-name AP_2
[AC-wlan-ap-2] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc96-e4c0
[AC-wlan-ap-3] ap-name AP_3
[AC-wlan-ap-3] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-3] quit
[AC-wlan-view] ap-id 4 ap-mac 00e0-fcac-cc60
[AC-wlan-ap-4] ap-name AP_4
[AC-wlan-ap-4] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y  
[AC-wlan-ap-4] quit

Configure Mesh parameters.

# Configure radio parameters for Mesh nodes. Radio 1 is used in this example. The default radio coverage distance parameter is 3 (unit: 100 m). This example uses the radio coverage distance parameter of 4 as an example. You can set this parameter based on site requirements.

To enable an MP to establish wireless links with multiple MPPs, configure the same channel for these MPPs.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 1
[AC-wlan-group-radio-mesh-mpp/1] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mpp/1] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mpp/1] channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mpp/1] coverage distance 4
[AC-wlan-group-radio-mesh-mpp/1] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-channel-select disable
[AC-wlan-group-radio-mesh-mp/1] calibrate auto-txpower-select disable
[AC-wlan-group-radio-mesh-mp/1] channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y 
[AC-wlan-group-radio-mesh-mp/1] coverage distance 4
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit

# Configure the security profile mesh-sec used by Mesh links. The profile mesh-sec supports the security policy WPA2+PSK+AES.

[AC-wlan-view] security-profile name mesh-sec
[AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase YsH_2022 aes
[AC-wlan-sec-prof-mesh-sec] quit

# Configure a Mesh whitelist.

[AC-wlan-view] mesh-whitelist-profile name mesh-list
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc74-9640
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc04-b500
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc96-e4c0
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fcac-cc60
[AC-wlan-mesh-whitelist-mesh-list] quit

# Configure Mesh roles. Set Mesh roles of AP_1 and AP_2 to Mesh-portal. AP_3 and AP_4 use the default Mesh role Mesh-node. Mesh roles are configured through the AP system profile.

[AC-wlan-view] ap-system-profile name mesh-sys
[AC-wlan-ap-system-prof-mesh-sys] mesh-role Mesh-portal
[AC-wlan-ap-system-prof-mesh-sys] quit

# Configure a Mesh profile. Set the Mesh network ID to mesh-net, aging time of Mesh links to 30s, and bind the security profile to the Mesh profile.

[AC-wlan-view] mesh-profile name mesh-net
[AC-wlan-mesh-prof-mesh-net] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-net] link-aging-time 30
[AC-wlan-mesh-prof-mesh-net] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-net] quit

# Bind the Mesh whitelist profile to AP radios.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 1
[AC-wlan-group-radio-mesh-mpp/1] mesh-whitelist-profile mesh-list
[AC-wlan-group-radio-mesh-mpp/1] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] mesh-whitelist-profile mesh-list
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit

Bind required profiles to the AP groups to make Mesh services take effect.

# Bind the AP system profile mesh-sys to the AP group mesh-mpp to make the MPP role take effect on AP_1 and AP_2.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] ap-system-profile mesh-sys
[AC-wlan-ap-group-mesh-mpp] quit

# Bind the Mesh profile mesh-net to AP groups mesh-mpp and mesh-mp to make Mesh services take effect.

[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-net radio 1
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-net radio 1
[AC-wlan-ap-group-mesh-mp] quit

Verify the configuration.

# After the configuration is complete, run the display ap all command to check whether Mesh nodes go online successfully. If State displays as nor, APs have gone online successfully.

[AC-wlan-view] display ap all
Total AP information:
nor  : normal          [4]
Extra information: P  : insufficient power supply
--------------------------------------------------------------------------------------------------
ID   MAC            Name   Group    IP            Type                State   STA Uptime      ExtraInfo
--------------------------------------------------------------------------------------------------
1    00e0-fc74-9640 AP_1   mesh-mpp 10.23.100.254 AirEngine5761R-11E  nor 0   5M:44S          -
2    00e0-fc04-b500 AP_2   mesh-mpp 10.23.100.253 AirEngine5761R-11E  nor 0   6M:15S          -
3    00e0-fc96-e4c0 AP_3   mesh-mp  10.23.100.252 AirEngine5761R-11E  nor 0   1M:35S          -
4    00e0-fcac-cc60 AP_4   mesh-mp  10.23.100.251 AirEngine5761R-11E  nor 0   3M:56S          -
--------------------------------------------------------------------------------------------------
Total: 4

# After dual-MPP Mesh services take effect, run the display wlan mesh link all command to check Mesh link information.

[AC-wlan-view] display wlan mesh link all
Rf   : radio ID             Dis  : coverage distance(100m)
Ch   : channel              Per  : drop percent(%)
TSNR : total SNR(dB)        P-   : peer
Mesh : Mesh mode            Re   : retry ratio(%)
RSSI : RSSI(dBm)            MaxR : max RSSI(dBm)
----------------------------------------------------------------------------------------------------------------------------------
APName          P-APName        P-APMAC         Rf Dis   Ch      Mesh    P-Status        RSSI  MaxR  Per  Re   TSNR  SNR(Ch0~3:dB)
Tx(Mbps)    Rx(Mbps)
----------------------------------------------------------------------------------------------------------------------------------
AP_1            AP_4            00e0-fcac-cc60  1  4     157     portal  normal          -28   -27   0    25   70    62/69/-/-
192         192  
AP_1            AP_3            00e0-fc96-e4c0  1  4     157     portal  normal          -18   -2    0    0    78    73/77/-/-
192         192  
AP_2            AP_4            00e0-fcac-cc60  1  4     157     portal  normal          -17   -16   0    52   80    57/49/80/-
192         192  
AP_2            AP_3            00e0-fc96-e4c0  1  4     157     portal  normal          -24   -21   0    0    72    58/54/72/-
192         192  
AP_4            AP_1            00e0-fc74-9640  1  4     157     node    normal          -29   -29   0    0    65    64/58/-/-
192         192  
AP_4            AP_2            00e0-fc04-b500  1  4     157     node    normal          -21   -19   0    10   76    76/64/-/-
192         192  
AP_4            AP_3            00e0-fc96-e4c0  1  4     157     node    normal          -7    -1    0    0    89    88/82/-/-
192         192  
AP_3            AP_2            00e0-fc04-b500  1  4     157     node    normal          -35   -32   0    35   61    51/60/-/-
192         192  
AP_3            AP_1            00e0-fc74-9640  1  4     157     node    normal          -27   -23   0    0    70    68/66/-/-
192         192  
AP_3            AP_4            00e0-fcac-cc60  1  4     157     node    normal          -13   -11   0    23   83    80/81/-/-
192         192  
----------------------------------------------------------------------------------------------------------------------------------
Total: 10

# Run the display wlan mesh route all command to check Mesh routes on the Mesh network.

[AC-wlan-view] display wlan mesh route all
--------------------------------------------------------------------------
AP name/MAC/Mesh role/Radio            Next-hop name/MAC/Mesh role/Radio
--------------------------------------------------------------------------
AP_4   /00e0-fcac-cc60/MP /1            AP_2         /00e0-fc04-b500/MPP/1
AP_3   /00e0-fc96-e4c0/MP /1            AP_4         /00e0-fcac-cc60/MP /1
--------------------------------------------------------------------------
Total: 2

# When the link between AP_2 and AC is faulty, AP_2 automatically changes to an MP and goes online through Mesh links. Run the display wlan mesh route all command. The command output shows that AP_2, AP_3, and AP_4 go online on AP_1.

[AC-wlan-view] display wlan mesh route all
--------------------------------------------------------------------------
AP name/MAC/Mesh role/Radio            Next-hop name/MAC/Mesh role/Radio
--------------------------------------------------------------------------
AP_4   /00e0-fcac-cc60/MP /1            AP_1         /00e0-fc74-9640/MPP/1
AP_2   /00e0-fc04-b500/MP /1            AP_4         /00e0-fcac-cc60/MP /1
AP_3   /00e0-fc96-e4c0/MP /1            AP_1         /00e0-fc74-9640/MPP/1
--------------------------------------------------------------------------
Total: 3

Configuration Files

Switch_A configuration file

#
sysname Switch_A
#
 vlan batch 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

Switch_B configuration file

#
sysname Switch_B
#
 vlan batch 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
 port-isolate enable group 1
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
 port-isolate enable group 1
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

AC configuration file

#
 sysname AC
#
 vlan batch 100
#
dhcp enable
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
capwap source interface vlanif100
#
wlan
 security-profile name mesh-sec
  security wpa2 psk pass-phrase %^%#WXq~51G1^G;~|`C\G$v-`XoiIe4z$CNAM#@TeN^+%^%# aes
 mesh-whitelist-profile name mesh-list
  peer-ap mac 00e0-fc74-9640
  peer-ap mac 00e0-fc04-b500
  peer-ap mac 00e0-fc96-e4c0
  peer-ap mac 00e0-fcac-cc60
 mesh-profile name mesh-net
  security-profile mesh-sec
  mesh-id mesh-net
  link-aging-time 30
 regulatory-domain-profile name domain1
 ap-system-profile name mesh-sys
  mesh-role Mesh-portal
 ap-group name mesh-mp
  regulatory-domain-profile domain1
  radio 1 
   mesh-profile mesh-net  
   mesh-whitelist-profile mesh-list   
   channel 40mhz-plus 157    
   coverage distance 4  
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
 ap-group name mesh-mpp
  ap-system-profile mesh-sys
  regulatory-domain-profile domain1
  radio 1   
   mesh-profile mesh-net  
   mesh-whitelist-profile mesh-list 
   channel 40mhz-plus 157  
   coverage distance 4 
   calibrate auto-channel-select disable
   calibrate auto-txpower-select disable
 ap-id 1 ap-mac 00e0-fc74-9640            
  ap-name AP_1                                                                  
  ap-group mesh-mpp 
 ap-id 2 ap-mac 00e0-fc04-b500           
  ap-name AP_2                                                                  
  ap-group mesh-mpp 
 ap-id 3 ap-mac 00e0-fc96-e4c0            
  ap-name AP_3                                                                  
  ap-group mesh-mp 
 ap-id 4 ap-mac 00e0-fcac-cc60            
  ap-name AP_4                                                                  
  ap-group mesh-mp 
#
return

Example for Configuring Dual-MPP Mesh Services (Web)

Service Requirements

Networking Requirements

AC networking mode: Layer 2 bypass mode
Wireless backhaul node: dual Mesh portal-nodes
Backhaul radio: 5 GHz radio

Figure 15-24 Networking for configuring dual-MPP Mesh services

Data Planning

Table 15-23 AP data planning

AP Name	MAC Address
AP_1	60de-4474-9640
AP_2	dcd2-fc04-b500
AP_3	dcd2-fc96-e4c0
AP_4	1047-80ac-cc60

Table 15-24 AC data planning

Item	Data
Management VLAN for APs	VLAN 100
DHCP server	The AC functions as a DHCP server to assign IP addresses to APs.
IP address pool for APs	10.23.100.2-10.23.100.254/24
AC's source interface	VLANIF 100: 10.23.100.1/24
Mesh role	AP_1: Mesh-portal (MPP) AP_2: Mesh-portal (MPP) AP_3: Mesh-node (MP) AP_4: Mesh-node (MP)
Mesh ID	Name: mesh-net
Regulatory domain profile	Name: default Country code: CN
Radio used by Mesh services	Radio 1: Bandwidth: 40 MHz-plus Channel: 157 WDS/Mesh bridge distance: 20 (unit: 100 m)
Security profile	Security policy: WPA2+PSK+AES Password type: PASS-PHRASE Password: a1234567
AP group	Name: ap-group1

Configuration Roadmap

Configure network connectivity and enable APs (MPPs) in Area A to go online on the AC in wired mode.
Configure Mesh services to enable APs (MPs) in Area B to go online on the AC through Mesh links.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
During the configuration of a Mesh network with multiple MPPs, to enable MPs to set up wireless links with multiple MPPs simultaneously, configure the MPPs to work on the same channel.

Procedure

Configure the network devices.

# Add GE0/0/1 and GE0/0/2 on the aggregation switch Switch_A to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_A
[Switch_A] vlan batch 100
[Switch_A] interface gigabitEthernet 0/0/1
[Switch_A-GigabitEthernet0/0/1] port link-type trunk
[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/1] quit
[Switch_A] interface gigabitEthernet 0/0/2
[Switch_A-GigabitEthernet0/0/2] port link-type trunk
[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_A-GigabitEthernet0/0/2] quit

# Add GE0/0/1, GE0/0/2, and GE0/0/3 on the access switch Switch_B to VLAN 100, and set the PVID of GE0/0/1 and GE0/0/2 to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname Switch_B
[Switch_B] vlan batch 100
[Switch_B] interface gigabitEthernet 0/0/1
[Switch_B-GigabitEthernet0/0/1] port link-type trunk
[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/1] port-isolate enable
[Switch_B-GigabitEthernet0/0/1] quit
[Switch_B] interface gigabitEthernet 0/0/2
[Switch_B-GigabitEthernet0/0/2] port link-type trunk
[Switch_B-GigabitEthernet0/0/2] port trunk pvid vlan 100
[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/2] port-isolate enable
[Switch_B-GigabitEthernet0/0/2] quit
[Switch_B] interface gigabitEthernet 0/0/3
[Switch_B-GigabitEthernet0/0/3] port link-type trunk
[Switch_B-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[Switch_B-GigabitEthernet0/0/3] quit

Configure AC system parameters.
1. Perform basic AC configurations.
  # Choose Configuration > Config Wizard > AC. The Basic AC Configuration page is displayed.
  
  # Set Country/Region based on actual situations. For example, set Country/Region to China. Set System time to Manual and Date and time to PC.
  
  # Click Next. The Port Configuration page is displayed.
2. Configure interfaces.
  # Select GigabitEthernet0/0/1 and expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/1 to VLAN 100 (management VLAN).
  
  If the AC and APs are directly connected, set the PVID of the interfaces connected to the APs to VLAN 100 (management VLAN).
  
  # Click Apply. In the dialog box that is displayed, click OK.
  
  # Click Next. The Network Interconnection Configuration page is displayed.
3. Configure network connectivity.
  # Set DHCP status to ON.
  
  # Click Create under Interface Configuration. The Create Interface Configuration dialog box is displayed.
  
  # Set the IP address of VLANIF 100 to 10.23.100.1/24.
  
  # Click Create under DHCPv4 Address Pool List. Select Interface address pool and select VLANIF 100.
  
  # Click OK.
  
  # Click Next.
  
  # Click Next. The AC Source Address page is displayed.
4. Configure the source address for AC.
  # Set AC source address to VLANIF, click the selection icon, select Vlanif100 in the dialog box that is displayed, and click the + icon to add the selected VLANIF interface to the list.
  
  From V200R021C00, DTLS encryption for CAPWAP control tunnels is enabled by default, and APs of earlier versions may fail to access the network. In this case, you can set AC-AP DTLS authentication mode to None authentication to allow APs to go online first. After the subsequent configurations are complete and the APs go online normally, disable this function. Specifically, choose Configuration > AC Config > Basic Config > AC Configuration > Advanced > CAPWAP Tunnel Setup Configuration, and deselect Allow APs to perform DTLS session with the AC in non-authentication mode.
  
  # Click Next. The Confirm Settings page is displayed.
5. Confirm the configuration.
  # Confirm the configuration and click Continue With AP Online.
Add APs and configure the Mesh roles for them.
1. Choose Configuration > Config Wizard > Mesh.
2. Create the AP group ap-group1 for the APs.
  # In AP Group List, click Create. The Create AP Group page is displayed.
  
  # Enter the AP group name ap-group1 and click OK.
3. Add APs to the AP group ap-group1.
  # In AP Group List, select the AP group ap-group1.
  
  # On the AP Config tab page, click Add. The Add AP page is displayed.
  
  # Set the Mode to Manually add and manually add the APs.
  
  # Click OK. The APs are added.
  
  # Select an AP, click Modify Mesh Role, and change the Mesh role of the AP to Mesh-Portal.
  
  # Click OK. The Mesh role of the AP is changed.
Configure the Mesh service.
# Click the Service Settings tab and configure Mesh parameters.
- Set the Mesh ID to mesh-net.
- Select Radio 1 as the radio used by Mesh links. Set the bandwidth of radio 1 to 40+MHz, channel to 157, and WDS/Mesh bridge distance to 20.
- In Security Settings, set the key type to PASS-PHRASE, and enter the key a1234567.
- Click Add in the Mesh whitelist area to add MAC addresses of Mesh nodes.
# Click Apply. In the dialog box that is displayed, click OK.
Verify the configuration.
1. Choose Configuration > Config Wizard > Mesh. In AP Group List, select ap-group1 to check whether the status of APs in the AP list is normal. If the AP status is normal, the APs have gone online on the AC through Mesh links.
2. Choose Monitoring > Mesh&WDS > Mesh Link Information and check information about Mesh links. After the Mesh links are successfully established, you can view details about the Mesh links on the following page. In V200R022C00 and later versions, the Mesh topology is displayed on this page.

Example for Configuring Common the Mesh Service (CLI)
Example for Configuring Common the Mesh Service (Web)
Example for Configuring the Multi-hop Mesh Service (CLI)
Example for Configuring Multi-hop Mesh Services (Web)
Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (CLI)
Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (Web)
Example for Configuring Dual-MPP Mesh Services (CLI)
Example for Configuring Dual-MPP Mesh Services (Web)

Translation

Favorite

Download

Update Date：2024-10-10

Document ID：EDOC1100333475

Downloads：1832

Average rating：0.0Points

Related Version

Digital Signature File

digtal sigature tool

Wireless Access Controller (AC and Fit AP) V200R023C00 Configuration Guide

Configuration Examples for Mesh

Example for Configuring Common the Mesh Service (CLI)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Configuration Files

Example for Configuring Common the Mesh Service (Web)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Example for Configuring the Multi-hop Mesh Service (CLI)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Configuration Files

Example for Configuring Multi-hop Mesh Services (Web)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (CLI)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Configuration Files

Example for Configuring Multi-hop Mesh Services (Triple-Radio APs) (Web)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Example for Configuring Dual-MPP Mesh Services (CLI)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Configuration Files

Example for Configuring Dual-MPP Mesh Services (Web)

Service Requirements

Networking Requirements

Data Planning

Configuration Roadmap

Configuration Notes

Procedure

Related Version

Related Documents

Digital Signature File

Share