Enterprise users access the WLAN network to meet the most basic needs of mobile office. and move within the coverage area
When roaming occurs, the user's business usage will not be affected. Using VLAN pool as business VLAN can avoid
Avoid insufficient IP address resources or waste of IP address resources and reduce the number of users under a single VLAN.
Reduce the broadcast domain.
Networking requirements
AC networking mode: bypass layer 3 networking.
DHCP deployment method:
o
AC acts as a DHCP server to assign IP addresses to APs.
oThe
aggregation switch SwitchB serves as a DHCP server to allocate IP addresses to STA.
Business
data forwarding method: direct forwarding.
data planning
Configuration ideas
1. Configure the AP, AC and surrounding network devices to achieve Layer 3 interoperability.
2. Configure a VLAN pool to be used as a service VLAN.
3. Configure the AP to go online.
a. Create an AP group to add all APs that need the same configuration to the AP group to achieve
Unified configuration.
b. Configure the system parameters of the AC, including the country code and the source interface for communication between the AC and the AP.
c. Configure the authentication method for AP online and import the AP offline to achieve normal AP online.
4. Configure WLAN service parameters to enable STA to access the WLAN network.
Configuration considerations
Pure
multicast messages are not guaranteed by the ACK mechanism on the wireless air interface due to protocol requirements, and the wireless air interface link is unstable. In order to ensure that pure multicast messages can be sent stably, they are usually sent in the form of low-speed messages. If a large amount of abnormal multicast traffic flows in from the network side, wireless air interface congestion will occur. In order to reduce the impact of a large number of low-speed multicast packets on the wireless network, it is recommended to configure multicast packet suppression.
control function. Before configuring, please confirm whether there is multicast service. If so, please configure the rate limit value carefully.
oWhen
the service data forwarding method uses direct forwarding, it is recommended to configure multicast packet suppression on the switch interface directly connected to the AP.
oWhen
tunnel forwarding is used as the service data forwarding method, it is recommended to configure multicast packet suppression under the traffic template of the AC.
It is recommended to configure port isolation on the device interface directly connected to the AP. If port isolation is not configured, especially when the service data forwarding method uses direct forwarding, a large number of unnecessary broadcast packets may be formed in the VLAN, causing network congestion and affecting the user experience.
In
tunnel forwarding mode, the management VLAN and service VLAN cannot be configured as the same VLAN, and only the management VLAN can be communicated between the AP and AC, but not the service VLAN.
Steps
1. Configure peripheral equipment
# Configure the GE0/0/1 and GE0/0/2 interfaces of access switch SwitchA to join VLAN10, VLAN101 and VLAN102. The default VLAN of GE0/0/1 is VLAN10.
<HUAWEI>
system-view
[HUAWEI]
sysname SwitchA
[SwitchA]
vlan batch 10 101 102
[SwitchA]
interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1]
port link-type trunk
[SwitchA-GigabitEthernet0/0/1]
port trunk pvid vlan 10
[SwitchA-GigabitEthernet0/0/1]
port trunk allow-pass vlan 10
101 102
[SwitchA-GigabitEthernet0/0/1]
port-isolate enable
[SwitchA-GigabitEthernet0/0/1]
quit
[SwitchA]
interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2]
port link-type trunk
[SwitchA-GigabitEthernet0/0/2]
port trunk allow-pass vlan 10
101 102
[SwitchA-GigabitEthernet0/0/2]
quit
# Configure interface GE0/0/1 of the aggregation switch SwitchB to join VLAN10, VLAN101 and
VLAN102, interface GE0/0/2 joins VLAN100, interface GE0/0/3 joins VLAN101 and
VLAN102, and create interface VLANIF100 with the address 10.23.100.2/24.
<HUAWEI>
system-view
[HUAWEI]
sysname SwitchB
[SwitchB]
vlan batch 10 100 101 102
[SwitchB]
interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1]
port link-type trunk
[SwitchB-GigabitEthernet0/0/1]
port trunk allow-pass vlan 10
101 102
[SwitchB-GigabitEthernet0/0/1]
quit
[SwitchB]
interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2]
port link-type trunk
[SwitchB-GigabitEthernet0/0/2]
port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/2]
quit
[SwitchB]
interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3]
port link-type trunk
[SwitchB-GigabitEthernet0/0/3]
port trunk allow-pass vlan 101
102
[SwitchB-GigabitEthernet0/0/3]
quit
[SwitchB]
interface vlanif 100
[SwitchB-Vlanif100]
ip address 10.23.100.2 24
[SwitchB-Vlanif100]
quit
# Configure the Router's interface GE1/0/0 to join VLAN101 and VLAN102, and create an interface
VLANIF101 and configure the IP address to 10.23.101.2/24, create interface VLANIF102 and configure
Set the IP address to 10.23.102.2/24.
<Huawei>
system-view
[Huawei]
sysname Router
[Router]
vlan batch 101 102
[Router]
interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0]
port link-type trunk
[Router-GigabitEthernet1/0/0]
port trunk allow-pass vlan 101
102
[Router-GigabitEthernet1/0/0]
quit
[Router]
interface vlanif 101
[Router-Vlanif101]
ip address 10.23.101.2 24
[Router-Vlanif101]
quit
[Router]
interface vlanif 102
[Router-Vlanif102]
ip address 10.23.102.2 24
[Router-Vlanif102]
quit
2. Configure AC to communicate with other network devices
# Configure AC interface GE0/0/1 to join VLAN100 and create interface VLANIF100.
<AC6605>
system-view
[AC6605]
sysname AC
[AC]
vlan 100
[AC-vlan100]
quit
[AC]
interface vlanif 100
[AC-Vlanif100]
ip address 10.23.100.1 24
[AC-Vlanif100]
quit
[AC]
interface gigabitethernet 0/0/1
[AC-GigabitEthernet0/0/1]
port link-type trunk
[AC-GigabitEthernet0/0/1]
port trunk allow-pass vlan 100
[AC-GigabitEthernet0/0/1]
quit
# Configure the route from AC to AP, with the next hop being VLANIF 100 of SwitchB.
[AC]
ip route-static 10.23.10.0 24 10.23.100.2
3. Configure the DHCP server to assign IP addresses to the STA and AP
# Configure DHCP relay on SwitchB.
[SwitchB]
dhcp enable
[SwitchB]
interface vlanif 10
[SwitchB-Vlanif10]
ip address 10.23.10.1 24
[SwitchB-Vlanif10]
dhcp select relay
[SwitchB-Vlanif10]
dhcp relay server-ip 10.23.100.1
[SwitchB-Vlanif10]
quit
# Create VLANIF101 and VLANIF102 interfaces on SwitchB to provide addresses for STA, and
Specify the default gateway.
illustrate:
Please configure the DNS server address according to actual needs. Commonly used configuration methods are as follows:
oIn the interface address pool scenario, you need to execute the
dhcp
command in the VLANIF interface view.
server dns-list
ip-address
&<1-8>。
oIn the global address pool scenario, you need to execute the command
dns-list
in the IP address pool view.
ip-address
&<1-8>。
[SwitchB]
interface vlanif 101
[SwitchB-Vlanif101]
ip address 10.23.101.1 24
[SwitchB-Vlanif101]
dhcp select interface
[SwitchB-Vlanif101]
dhcp server gateway-list 10.23.101.2
[SwitchB-Vlanif101]
quit
[SwitchB]
interface vlanif 102
[SwitchB-Vlanif102]
ip address 10.23.102.1 24
[SwitchB-Vlanif102]
dhcp select interface
[SwitchB-Vlanif102]
dhcp server gateway-list 10.23.102.2
[SwitchB-Vlanif102]
quit
# Create a global address pool on the AC to provide addresses for the AP.
[AC]
dhcp enable
[AC]
ip pool huawei
[AC-ip-pool-huawei]
network 10.23.10.0 mask 24
[AC-ip-pool-huawei]
gateway-list 10.23.10.1
[AC-ip-pool-huawei]
option 43 sub-option 3 ascii 10.23.100.1
[AC-ip-pool-huawei]
quit
[AC]
interface vlanif 100
[AC-Vlanif100]
dhcp select global
[AC-Vlanif100]
quit
4. Configure VLAN pool to be used as a business VLAN
# Create a new VLAN pool on the AC, add VLAN101 and VLAN102 to it, and configure
The VLAN allocation algorithm in the VLAN pool is "hash".
illustrate:
In this example, the VLAN allocation algorithm in the VLAN pool is configured as "hash". Allocation algorithm defaults
The following is "hash". If you have not modified its default configuration before, you do not need to execute the command.
assignment hash
。
In this example, the VLAN pool only takes two VLANs, VLAN101 and VLAN102, as an example. In fact, it can
Configure multiple VLANs to join the VLAN pool. The configuration method is the same as VLAN101 and VLAN102.
[AC]
vlan batch 101 102
[AC]
vlan pool sta-pool
[AC-vlan-pool-sta-pool]
vlan 101 102
[AC-vlan-pool-sta-pool]
assignment hash
[AC-vlan-pool-sta-pool]
quit
5. Configure AP to go online
# Create an AP group to add APs with the same configuration to the same AP group.
[AM]
wool
[AC-wlan-view]
ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]
quit
# Create a domain management template, configure the country code of the AC under the domain management template and reference it under the AP group
Domain management template.
[AC-wlan-view]
regulatory-domain-profile name default
[AC-wlan-regulate-domain-default]
country-code cn
[AC-wlan-regulate-domain-default]
quit
[AC-wlan-view]
ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]
regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power
and antenna gain configurations of the radio and reset the AP.
Continu
e?[Y/N]:
y
[AC-wlan-ap-group-ap-group1]
quit
[AC-wlan-view]
quit
# Configure the source interface of the AC.
[AC]
capwap source interface vlanif 100
# Import the AP offline on the AC and add the AP to the AP group "ap-group1". Assuming AP
The MAC address is 60de-4476-e360, and the AP is configured with a name based on its deployment location.
Name, so that you can know the deployment location of the AP from the name. For example, the MAC address is 60de-
The AP of 4476-e360 is deployed in area 1, and this AP is named area_1.
illustrate:
The ap auth-mode
command defaults to MAC authentication. If its default configuration has not been modified before,
settings, you don’t need to execute
ap auth-mode mac-auth
.
The AP used in the example is AP5030DN, which has two radio frequencies: radio frequency 0 and radio frequency 1.
Radio frequency 0 of AP5030DN is a 2.4GHz radio frequency, and radio frequency 1 is a 5GHz radio frequency.
[AC]
wlan
[AC-wlan-view]
ap auth-mode mac-auth
[AC-wlan-view]
ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0]
ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:
y
[AC-wlan-ap-0]
ap-group ap-group1
Warning: This operation may cause AP reset. If the country code
changes, it will clear channel, power and antenna gain
configuration
s of the radio, Whether to continue? [Y/N]:
y
[AC-wlan-ap-0]
quit
# After powering on the AP, run the
display ap all
command to view the "State" word of the AP.
When the segment is "nor", it means that the AP is online normally.
[AC-wlan-view]
display ap all
Total AP information:
nor : normal [1]
Extra information:
P : insufficient power supply
---------------------------------------------------------------
-----------------------------------
ID MAC Name Group IP Type
State STA Uptime ExtraInfo
---------------------------------------------------------------
-----------------------------------
0 60de-4476-e360 area_1 ap-group1 10.23.10.254 AP5030DN
nor
0 10S -
---------------------------------------------------------------
-----------------------------------
Total: 1
6. Configure WLAN service parameters
# Create a security template named "wlan-net" and configure the security policy.
illustrate:
In this example, we take configuring the security policy of WPA-WPA2+PSK+AES as an example. The password is
"a1234567". In the actual configuration, please configure the security that meets the actual requirements according to the actual situation.
Strategy.
[AC-wlan-view]
security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net]
security wpa-wpa2 psk pass-phrase
a1234567 aes
[AC-wlan-sec-prof-wlan-net]
quit
# Create an SSID template named "wlan-net" and configure the SSID name as "wlan
net”。
[AC-wlan-view]
ssid-profile name wlan-net
[AC-wlan-ssid-prof-wlan-net]
ssid wlan-net
[AC-wlan-ssid-prof-wlan-net]
quit
# Create a VAP template named "wlan-net", configure the service data forwarding mode, service
VLAN, and references the security template and SSID template.
[AC-wlan-view]
vap-profile name wlan-net
[AC-wlan-vap-prof-wlan-net]
forward-mode direct-forward
[AC-wlan-vap-prof-wlan-net]
service-vlan vlan-pool sta-pool
[AC-wlan-vap-prof-wlan-net]
security-profile wlan-net
[AC-wlan-vap-prof-wlan-net]
ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net]
quit
# Configure the AP group to reference the VAP template. Both radio frequency 0 and radio frequency 1 on the AP use the VAP template.
Configuration of "wlan-net".
[AC-wlan-view]
ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]
vap-profile wlan-net wlan 1 radio
0
[AC-wlan-ap-group-ap-group1]
vap-profile wlan-net wlan 1 radio
1
[AC-wlan-ap-group-ap-group1]
quit
7. Configure the channel and power of the AP radio frequency
illustrate:
The radio frequency channel and power automatic tuning function is enabled by default. If this function is not turned off, it will cause
Manual configuration does not take effect. The channel and power of the AP radio frequency in the example are only examples. For actual configuration, please
Configure according to the AP's country code and network planning results.
# Turn off the channel and power automatic tuning function of AP radio frequency 0, and configure the channel of AP radio frequency 0
and power.
[AC-wlan-view]
ap-id 0
[AC-wlan-ap-0]
radio 0
[AC-wlan-radio-0/0]
calibrate auto-channel-select disable
[AC-wlan-radio-0/0]
calibrate auto-txpower-select disable
[AC-wlan-radio-0/0]
channel 20mhz 6
Warning: This action may cause service interruption.
Continue?[Y/N]
and
[AC-wlan-radio-0/0]
erp 127
[AC-wlan-radio-0/0]
quit
# Turn off the channel and power automatic tuning function of AP Radio 1, and configure the channel of AP Radio 1
and power.
[AC-wlan-ap-0]
radio 1
[AC-wlan-radio-0/1]
calibrate auto-channel-select disable
[AC-wlan-radio-0/1]
calibrate auto-txpower-select disable
[AC-wlan-radio-0/1]
channel 20mhz 149
Warning: This action may cause service interruption.
Continue?[Y/N]
and
[AC-wlan-radio-0/1]
erp 127
[AC-wlan-radio-0/1]
quit
[AC-wlan-ap-0]
quit
8. Verify configuration results
The WLAN service configuration will be automatically delivered to the AP. After the configuration is completed, run the
display command
vap ssid wlan-net
View the following information. When the "Status" item displays "ON",
Indicates that the VAP on the radio corresponding to the AP has been created successfully.
[AC-wlan-view]
display vap ssid wlan-net
WID : WLAN ID
---------------------------------------------------------------
-----------------
AP ID AP name RfID WID BSSID Status Auth type
STA SSID
---------------------------------------------------------------
-----------------
0 area_1 0 1 60DE-4476-E360
ON
WPA/WPA2-PSK 0
wlan-net
0 area_1 1 1 60DE-4476-E370
ON
WPA/WPA2-PSK 0
wlan-net
---------------------------------------------------------------
----------------
Total: 2
STA searches for the wireless network named "wlan-net", enters the password "a1234567" and corrects it.
After normal association, execute the display station ssid wlan-net
command on the AC .
It is found that the user has accessed the wireless network "wlan-net".
[AC-wlan-view]
display station ssid wlan-net
Rf/WLAN: Radio ID/WLAN ID
Rx/Tx: link receive rate/link transmit rate(Mbps)
---------------------------------------------------------------
------------------
STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx
RSSI VLAN IP address
---------------------------------------------------------------
------------------
e019-1dc7-1e08 0 area_1 1/1 5G 11n 46/59
-68 101 10.23.101.254
---------------------------------------------------------------
------------------
Total: 1 2.4G: 0 5G: 1
Configuration file
Configuration file of SwitchA
#
sysname SwitchA
#
vlan batch 10 101 to 102
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 101 to 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 101 to 102
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
vlan batch 10 100 to 102
#
dhcp enable
#
interface Vlanif10
ip address 10.23.10.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.23.100.1
#
interface Vlanif100
ip address 10.23.100.2 255.255.255.0
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 10.23.101.2
#
interface Vlanif102
ip address 10.23.102.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 10.23.102.2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 101 to 102
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 101 to 102
#
return
Router configuration file
#
sysname Router
#
vlan batch 101 to 102
#
interface Vlanif101
ip address 10.23.101.2 255.255.255.0
#
interface Vlanif102
ip address 10.23.102.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 101 to 102
#
return
Configuration files for AC
#
sysname AC
#
vlan batch 100 to 102
#
vlan pool sta-pool
vlan 101 to 102
#
dhcp enable
#
ip pool huawei
gateway-list 10.23.10.1
network 10.23.10.0 mask 255.255.255.0
option 43 sub-option 3 ascii 10.23.100.1
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100
#
ip route-static 10.23.10.0 24 10.23.100.2
#
capwap source interface vlanif100
#
wlan
security-profile name wlan-net
security wpa-wpa2 psk pass
phrase %^%#m"tz0f>
~
7.[`^6RWdzwCy16hJj/Mc!,}s`X*B]}A%^%# aes
ssid-profile name wlan-net
ssid wlan-net
vap-profile name wlan-net
service-vlan vlan-pool sta-pool
ssid-profile wlan-net
security-profile wlan-net
regulatory-domain-profile name default
ap-group name ap-group1
radio 0
vap-profile wlan-net wlan 1
radio 1
vap-profile wlan-net wlan 1
ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn
210235554710CB000042
ap-name area_1
ap-group ap-group1
radio 0
channel 20mhz 6
erp 127
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
radio 1
channel 20mhz 149
erp 127
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
#
return