Note: This article mainly masters the basic configuration methods and precautions of DCN self-developed wireless products, and can carry out general project implementation, debugging and operation and maintenance
AP Basic Configuration Commands
AP login user name and password are: admin
The default IP address of the AP is: 192.168.1.10
DHCP is enabled by default on the AP
AP static address configuration:
set management static-ip 192.168.10.1AP enable/disable DHCP function:
set management dhcp-status up/downAP set default gateway:
set static-ip-route geteway 192.168.10.254View AP basic information:
get system
get management
get managed-ap
get routeAP configuration management
AP registration management
The wireless controller turns on the wireless function
Layer 2 mode
three-tier model
AC common function configuration method
configuration schema
SSID setting
user vlan settings
Wireless Encryption Settings
Forwarding mode settings
radio frequency management
Enable the wireless function on the AC (required)
The wireless function on the AC is disabled by default. The prerequisite for the AC to be able to manage the AP is to enable the AC.
The wireless function of
Conditions for enabling the wireless function: There is a legal wireless IP address on the AC
The source of the wireless ip address: the IP address of the loopback interface on the AC or the Layer 3 interface of the UP
Configuration method of wireless IP address: dynamic selection and static designation
The dynamically selected priority is higher than the statically specified ip priority (statically specified is recommended in actual projects)
Dynamically select wireless IP address (optional)
The principle of dynamically selecting the wireless ip address:
The address of the loopback interface with the smaller interface ID is preferentially selected.
When no loopback interface is configured, the IP address of the Layer 3 interface with the smaller interface ID is preferred (not the interface with the smaller IP address)
Statically specify the wireless IP address (required)
Set a static wireless IP address:
6028(config-wireless)#static-ip 192.168.1.254Turn off the automatic selection function of the wireless ip address:
6028(config-wireless)#no auto-ip-assignView the wireless ip address selected by the AC:
6028#show wireless
WS IP Address.................................. 192.168.1.254
WS Auto IP Assign Mode ........................ Disable
WS Switch Static IP ........................... 192.168.1.254
建议项目实施时采用静态指定无线IP地址的方式,防止动态选取时IP地址变化导致无线网络中断
AP registration method
When an AP works in thin mode, it needs to register with the AC. Only after successful registration can it accept the unified management of the AC.
There are two registration methods: AC finds AP, AP finds AC
There are two modes for AC to discover APs: Layer 2 discovery mode and Layer 3 discovery mode
There are two ways for the AP to discover the AC: statically specify the AC list on the AP, and the AP obtains the AC list through DHCP (using option 43)
#When implementing the project, it is recommended to use the AC to discover the AP at the second layer (the AC and the AP are connected at the second layer) or use the DHCP Option 43 method to let the AP discover the AC (the AC and the AP are connected at the third layer).
Notice:
Regardless of the registration method used, the prerequisites for an AP to successfully register with an AC are:
AC's wireless IP address and AP's IP address are reachable at Layer 3
That is, the IP address of the AP and the wireless address of the AC can be pinged successfully.
AC discovers APs at Layer 2
Concept: The AC discovers the APs in the vlan by broadcasting discovery packets at Layer 2.
Requirement: AC and AP are in the same Layer 2 network.
Basic principle: The AC can specify a list of vlans to be automatically discovered at layer 2, and send auto-discovery packets to each vlan in the list. The AP that receives the broadcast discovery message will respond to the AC.
Note: Only the Discovery message sent by the AC is broadcast, and the subsequent messages exchanged between AC and AP are all unicast (udp).
This method is applicable to Layer 2 deployment.
Configuration method:
Configuration on the AC:
Turn on the AC wireless function
6028(config)#wireless
6028(config-wireless)#enableSpecify vlan discovery list
6028(config-wireless)# discovery vlan-list 10
Vlan1是默认加入vlan-list的,可以删除。
6028(config-wireless)# no discovery vlan-list 1AC discovers APs at Layer 3
How the AC discovers the AP through unicast based on the AP's IP address
A layer-3 discovery IP address list is configured on the AC, and the AC discovers APs one by one according to the addresses in the list.
Configuration method:
Add the IP address of the AP to the Layer 3 discovery IP list
6028(config-wireless)#discovery ip-list 192.168.2.10View the configured IP discovery list
6028#show wireless discovery ip-list
IP Address Status
--------------- ------------------
192.168.2.10 Discovered
AP registration authentication method
When the AP registers with the AC, the AC needs to authenticate the AP.
Main authentication methods:
MAC authentication: Determine whether the AP can register with the AC by checking the MAC address of the AP. The default authentication method. Add the mac address of the AP through the ap database on the AC. It is more troublesome when deploying on a large scale.
None: No authentication, that is, the AP automatically registers, which is convenient for deployment. This method is recommended.
Pass-Phase authentication: password authentication, the AC and the AP compare the passwords, and the AP can register with the AC if the passwords match. AP needs to be configured, which is inconvenient to use and rarely used.
AP Authentication Mode Configuration Method
MAC authentication:
6028(config-wireless)#ap database xx-xx-xx-xx-xx-xx
AP automatic registration:
6028(config-wireless)#ap authentication mode none
After AP automatic registration is configured, the MAC address of the AP will be automatically added to the AC (the configuration of the individual AP must be operated in database mode and restart the AP, which will be described later)
AP proactively discovers AC
The AP actively discovers the AC and can only perform unicast discovery through the AC's wireless IP address.
According to the different methods of obtaining the AC address on the AP, it can be divided into the following discovery methods:
The AP actively discovers the AC through the static AC address (must be mastered)
The AP obtains the AC address through DHCP Option43 and discovers it (must be mastered)
The AP discovers the AC through the automatic deployment address issued by the AC (not explained yet)
Configure a static AC address on the AP (configure up to 4)
AP obtains AC address through DHCP Option43
DHCP Option43 and Option60 are used together. Option60 is the vendor identification field, such as "udhcp 1.18.2". If you are not sure, you can check it by capturing the DHCP Discovery message sent by the AP. Option43 is a custom field. Here, the wireless address of the AC is delivered to the AP as the content of Option43. The DHCP server will configure these two options at the same time. Only when the Option60 sent by the AP is consistent with the server, the server will respond with Option43.
Notice:
1. The AP must use the method of dynamically obtaining the address.
2. Option43 does not affect the normal access of the AP itself. If Option60 fails to match with the server, the AP itself can obtain an IP address, but the packet responded by the server does not contain Option43.
3. The switch of DCN supports issuing Option43, and the customer's own server needs to confirm whether it supports this function.
Several ways to use are suggested:
When the number of AP deployments is small, both methods can be considered;
When a large number of APs are deployed, it is recommended to use DHCP Option43, which can achieve "zero configuration online" of APs.
Check AP Registration Status
managed: AP is in management state
failed: AP is not in management state
AP configuration delivery
The configuration of the thin AP is delivered by the AC, and all functions are configured on the AC.
Proficiency in:
AC to AP Overall Configuration Architecture
How to configure the main functions
Configuration architecture diagram:
Configuration structure description:
Each AP is associated with a profile, which is associated with profile 1 by default.
network 1-1024 is the global public configuration. For the AP, each VAP corresponds to a unique network , and there are 16 networks (1-16) on the AC by default, corresponding to 0-15 of the vap.
Radio 1 corresponds to the 2.4Ghz working frequency band on the AP, and radio 2 corresponds to the 5Ghz working frequency band on the AP.
To change the global or profile configuration, the profile must be issued once, and the issued command is: wireless ap profile apply X
X indicates the serial number of the profile, and all APs applying this profile will update the configuration.
Every time the AP registers with the AC, the AC will automatically deliver the profile configuration
AP and profile correspondence settings
Bind the AP to a profile (need to restart the AP)
DCWS-6028#
DCWS-6028#config
DCWS-6028(config)#wireless
DCWS-6028(config-wireless)#ap database 00-03-0f-58-80-00
DCWS-6028(config-ap)#profile 1
DCWS-6028(config-ap)#
DCWS-6028#Set the hardware type corresponding to the profile
DCWS-6028(config)#wireless
DCWS-6028(config-wireless)#ap profile 1
DCWS-6028(config-ap-profile)#hwtype 7
DCWS-6028(config-ap-profile)#SSID setting
The steps to set SSID are:
6028(config-wireless)#network 1
6028(config-network)#ssid dcn_wlan
Send profile configuration:
6028#wireless ap profile apply 1
One SSID can be set under each network, and multiple networks need to be used in the case of multiple SSIDs
6028(config-wireless)#network 2
6028(config-network)#ssid guest_wlan
The corresponding vap needs to be enabled under radio:
6028(config-ap-profile)#radio 1
6028(config-ap-profile-radio)#vap 1
6028(config-ap-profile-vap)#enable
Notice:
Notice:
VAP0 on the AP is always on and cannot be turned off. Therefore, in the application scenario where different APs broadcast different SSIDs, do not use Network1 to configure the SSID, and hide the default SSID of Network1!
DCWS-6028(config-wireless)#network 1
DCWS-6028(config-network)#hide-ssid
DCWS-6028(config-network)#
Wireless Encryption Settings
open mode (default)
6028(config-wireless)#network 1
6028(config-network)#security mode none
Set the encryption method to WPA Personal Edition, WPA version can be set to wpa, wpa2 and wpa/wpa2 mixed mode, the default is wpa/wpa2 mixed mode, here the encryption key is 12345678
6028(config-wireless)#network 1
6028(config-network)#security mode wpa-personal
6028(config-network)#wpa key 12345678
Set the encryption method to WPA enterprise version, this method needs to use radius authentication
6028(config-wireless)#network 1
6028(config-network)#security mode wpa-enterprise
Authentication and Accounting Settings
6028(config)#radius-server authentication host 192.168.1.250
6028(config)#radius-server accounting host 192.168.1.250
6028(config)#radius-server key dcn
6028(config)#radius nas-ipv4 192.168.1.254 //与无线IP相同
6028(config)#radius source-ipv4 192.168.1.254 //与无线IP相同
6028(config)#aaa enable
6028(config)#aaa-accounting enable
6028(config)#aaa group server radius wlan
6028(config-sg-radius)#server 192.168.1.250
Associate aaa group under network:
6028(config-wireless)#network 1
6028(config-network)#radius server-name auth wlan
6028(config-network)#radius server-name acct wlan
6028(config-network)#radius accounting
Wi-Fi settings
Specify the vlan information under the network, when the user accesses the network, it belongs to the vlan where the network is located, and the data will be forwarded in the corresponding vlan.
6028(config-wireless)#network 1
6028(config-network)#vlan 10
6028(config-network)#exit
6028(config-wireless)#network 2
6028(config-network)#vlan 20
local forwarding
Local forwarding is the default forwarding method, no configuration is required on the AC, and it follows the general rules of Layer 2/3 layer forwarding. The main body of the forwarding is the AP, and the AC only performs general routing exchange according to the needs. For the common AC bypass mode, the AC hardly participates in the forwarding of user data.
centralized forwarding
A centralized tunnel is established between the AC and the AP, and all data is transmitted to the AC through the tunnel for subsequent processing and forwarding. It is required that the AC and the AC peer interconnection switch must be configured with the data vlan of each user, and the interconnection port of the two must be a trunk, otherwise the tunnel message cannot be forwarded after decapsulation!
After successful AP registration, a tunnel will be established automatically, as shown below:
Interface capwaptnl1, changed state to administratively UP
Note: The tunnel is established automatically, but at this time the tunnel does not have the function of forwarding data.
Centralized forwarding is based on vlan.
Add a vlan to the vlan-list of the centralized tunnel, and the data of the corresponding vlan will be forwarded in the centralized tunnel.
Centralized forwarding configuration
Add data vlan to vlan-list
DCWS-6028(config-wireless)#l2tunnel vlan-list 10
DCWS-6028(config-wireless)#l2tunnel vlan-list 20
View the list of vlans contained in the current vlan-list:
DCWS-6028(config)#show wireless l2tunnel vlan-list radio frequency management
Adjust the RF working mode:
6028(config-wireless)#ap profile 1
6028(config-ap-profile)#radio 1
6028(config-ap-profile-radio)#mode bg-n
Set the static power and channel of the AP. After the adjustment, you need to restart the AP to take effect
6028(config-wireless)#ap database 00-03-0f-19-71-e0
6028(config-ap)#radio 1 channel 11
The valid AP entry is updated. This AP is already managed, to update the managed AP configuration with the new value(s) you need to reset the AP.
6028(config-ap)#radio 1 power 50