WLAN Service Configuration

Foreword

 Various WLAN profiles are designed based on different WLAN functions

and features to help you configure and maintain WLAN functions. These
WLAN profiles have different referencing relationships, based on which you
can easily grasp the configuration roadmap of WLAN profiles and complete
required service configurations.
 This course will instruct you to configure WLAN services using the CLI.

1 Huawei Confidential
 Objectives

Upon completion of this course, you will be able to:

 Understand the WLAN service configuration procedure.
 Configure basic WLAN services.

2 Huawei Confidential
 Contents

1. WLAN Service Configuration

 WLAN Service Configuration Procedure

▫ WLAN Configuration Application

3 Huawei Confidential
WLAN Basic Service Configuration Procedure

Configuring APs to go online Configuring profiles Binding profiles

Creating an AP group Configuring an SSID profile Binding profiles to a VAP profile

Binding the VAP profile to an AP

Configuring network connectivity Configuring a security profile
or AP group

Configuring system parameters for

Configuring a VAP profile
the AC

4 Huawei Confidential
Configuring an AP to Go Online
• Configure a DHCP server to assign IP addresses to APs and STAs. The AC can function as a DHCP
Configure network connectivity. server.
• Configure network connectivity between APs and the DHCP server, and between APs and the AC.

Each AP will be added and can be added to only one AP group. An AP group is typically configured to
Create an AP group.
provide the same configurations for multiple APs.

Configure the country code on the AC

A country code identifies the country in which the APs are deployed. Country codes regulate different
(based on the regulatory domain
AP radio attributes, including the transmit power and supported channels.
profile).

Configure a source interface or address

Specify a unique source IP address or interface on each AC. After learning this source IP address or the
(for establishing CAPWAP tunnels with
IP address of the source interface, APs can establish CAPWAP tunnels with the AC for communication.
APs).

In automatic upgrade mode, an AP checks whether its version is the same as that configured on the
(Optional) Configure the automatic AP
AC, SFTP server, or FTP server when going online. If so, the AP continues with going online, without an
upgrade.
upgrade. If not, the AP upgrades its version, restarts, and goes online again.

Add an AP
(configuring the AP authentication You can add an AP by manual configuration, automatic discovery, or manual confirmation.
mode).

5 Huawei Confidential
Configuring and Binding Profiles
 Various WLAN profiles are designed based on different WLAN functions and features to help you configure and
maintain WLAN functions.

Reference Regulatory • A regulatory domain profile provides configurations of the country code, calibration
domain profile channel set, and calibration bandwidth for APs.

Reference • A radio profile is used to optimize radio parameters and control the in-service
Radio profile
channel switching function.

Radios of an Reference • A VAP profile allows for the forwarding mode and service VLAN configurations, and
AP or AP group VAP profile can have other profiles bound, such as the SSID profile, security profile, and
authentication profile.

Reference
Other profiles • Include the AP system profile, location profile, WIDS profile, and Mesh profile.

Radio parameter • Configure basic radio parameters, including the frequency band, channel, and
settings transmit power.

6 Huawei Confidential
VAP Profile

Reference • An SSID identifies a WLAN. When you search for available wireless
Create an SSID
networks on a STA, the displayed WLAN names are SSIDs.
profile.
• An SSID profile is used to configure the SSID name for a WLAN.

Reference Create a security • Configure a WLAN security policy to authenticate STAs and encrypt
profile. STA packets, securing both the network and STAs.
VAP profile

Configure the data

• Configure the mode in which data packets are forwarded.
forwarding mode.

Configure service • Layer 2 data packets delivered from a VAP to an AP carry the service
VLANs. VLAN IDs.

8 Huawei Confidential
WLAN Service Configuration: Configuring an AP to Go
Online (1/3)
 Configure the AC as a DHCP server and configure the Option 43 field.
[AC-ip-pool-pool1] option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher cipher-string | ip-address ip-
address
 The DHCP server is configured to assign the specified user-defined option to DHCP clients.

 Create a regulatory domain profile and configure the country code.

[AC] wlan
[AC-wlan-view]
[AC-wlan-view] regulatory-domain-profile name profile-name
[AC-wlan-regulate-domain-profile-name]
 A regulatory domain profile is created and its view is displayed, or the view of an existing regulatory domain profile is displayed.

 A country code is configured for the device.

[AC-wlan-regulate-domain-profile-name] country-code country-code

10 Huawei Confidential
WLAN Service Configuration: Configuring an AP to Go
Online (2/3)
 Bind the regulatory domain profile.
[AC-wlan-view] ap-group name group-name
[AC-wlan-ap-group-group-name]
 An AP group is created and its view is displayed, or the view of an existing AP group is displayed.

[AC-wlan-ap-group-group-name] regulatory-domain-profile profile-name

 The regulatory domain profile is bound to an AP or AP group.

 Configure a source interface or address.

[AC] capwap source interface { loopback loopback-number | vlanif vlan-id }
 A source interface is specified on the AC for establishing CAPWAP tunnels with APs.

[AC] capwap source ip-address ip-address

 The AC's source IP address is configured.

11 Huawei Confidential
WLAN Service Configuration: Configuring an AP to Go
Online (3/3)
 Add an AP.
[AC-wlan-view] ap auth-mode { mac-auth | sn-auth | no-auth}
 The AP authentication mode is set to MAC address or SN authentication. The default mode is MAC address
authentication.
[AC-wlan-view] ap-id ap-id [ [ type-id type-id | ap-type ap-type ] { ap-mac ap-mac | ap-sn ap-sn | ap-mac ap-mac ap-sn ap-
sn } ]
[AC-wlan-ap-ap-id] ap-name ap-name
 An AP is added or the AP view is displayed, and the AP name is configured.
[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] ap-group ap-group
 The AP is added to an AP group.
[AC] display ap { all | ap-group ap-group }
 Check AP information.

12 Huawei Confidential
Basic WLAN Service Configuration: Configuring VAPs (1/4)
 Create a VAP profile and enter the VAP profile view, or enter the view of an existing VAP profile.
[AC-wlan-view] vap-profile name profile-name
[AC-wlan-vap-prof-profile-name]
 Configure the direct or tunnel data forwarding mode in the VAP profile.
[AC-wlan-vap-prof-profile-name] forward-mode { direct-forward | tunnel }

 Configure service VLANs for the VAP.

[AC-wlan-vap-prof-profile-name] service-vlan { vlan-id vlan-id | vlan-pool pool-name }

13 Huawei Confidential
Basic WLAN Service Configuration: Configuring VAPs (2/4)
 Configure a security profile.
 A security profile is created and the security profile view is displayed.
[AC-wlan-view] security-profile name profile-name
[AC-wlan-sec-prof-profile-name]
 By default, the system has security profiles default, default-wds, and default-mesh.
 The security profile is bound to the VAP profile.
[AC-wlan-view] vap-profile name profile-name
[AC-wlan-vap-prof-profile-name] security-profile profile-name

14 Huawei Confidential
Basic WLAN Service Configuration: Configuring VAPs (3/4)
 Configure an SSID profile.
 An SSID profile is created and the SSID profile view is displayed, or the view of an existing SSID profile is
displayed.
[AC-wlan-view] ssid-profile name profile-name
[AC-wlan-ssid-prof-profile-name]
 By default, the system provides the SSID profile default.
[AC-wlan-ssid-prof-profile-name] ssid ssid
 An SSID is configured for the SSID profile.
 By default, the SSID in an SSID profile is HUAWEI-WLAN.
[AC-wlan-view] vap-profile name profile-name
[AC-wlan-vap-prof-profile-name] ssid-profile profile-name
 The SSID profile is bound to the VAP profile.

15 Huawei Confidential
Basic WLAN Service Configuration: Configuring VAPs (4/4)
 Bind the VAP profile to radios in the AP group.
[AC-wlan-view] ap-group name group-name
[AC-wlan-ap-group-group-name] vap-profile profile-name wlan wlan-id radio { radio-id | all } [ service-vlan { vlan-id vlan-id |
vlan-pool pool-name } ]

 Display information about service VAPs.

[AC] display vap { ap-group ap-group-name | { ap-name ap-name | ap-id ap-id } [ radio radio-id ] } [ ssid ssid ]

[AC] display vap { all | ssid ssid }

16 Huawei Confidential
 Contents

1. WLAN Service Configuration

▫ WLAN Service Configuration Procedure
 WLAN Configuration Application

17 Huawei Confidential
Topology Design

IP network
 This topology is a Layer 2 network where the AC is deployed
in in-path mode, and applies to small-scale enterprises.
AC
 The AC functions as the gateway for both APs and STAs.
GE0/0/1
 APs' gateway address: 10.1.100.1/24
GE0/0/2
 STAs' gateway address: 10.1.101.1/24
Switch

GE0/0/1
 All traffic from STAs reaches the AC and then is forwarded
by the AC to the upper-layer network.
AP

STA

18 Huawei Confidential
WLAN Data Planning
Data Configuration
The AC functions as a DHCP server to assign IP addresses to APs and STAs, and
DHCP server
also serves as the gateway for APs and STAs.
IP address pool for APs VLAN 100: 10.1.100.2-10.1.100.254/24
IP address pool for STAs VLAN 101: 10.1.101.2-10.1.101.254/24
IP address of the AC's source interface VLANIF 100: 10.1.100.1/24
Name: ap-group1
AP group
Referenced profiles: VAP profile and regulatory domain profile
Name: domain
Regulatory domain profile
Country code: CN
Name: employee
SSID profile
SSID name: employee
Name: employee
Security profile Security policy: WPA-WPA2+PSK+AES
Password: a1234567
Name: employee
Forwarding mode: tunnel forwarding
VAP profile
Service VLAN: VLAN 101
Referenced profiles: SSID profile employee and security profile employee

19 Huawei Confidential
Configuring Network Connectivity
 Create VLANs and interfaces on the switch and AC.
IP network  Configure a DHCP server to assign IP addresses to APs and
STAs.

[AC]dhcp enable
AC
[AC]interface Vlanif 100
GE0/0/1 [AC-Vlanif100]ip address 10.1.100.1 24
[AC-Vlanif100]dhcp select interface
GE0/0/2
[AC-Vlanif100]quit
Switch
[AC]interface Vlanif 101
GE0/0/1 [AC-Vlanif101]ip address 10.1.101.1 24
[AC-Vlanif101]dhcp select interface
AP [AC-Vlanif101]quit

STA

20 Huawei Confidential
Configuring an AP to Go Online (1/2)
 Create an AP group.
IP network [AC]wlan
[AC-wlan-view]ap-group name ap-group1
[AC-wlan-ap-group-ap-group1]quit
AC
 Create a regulatory domain profile and configure the country code.
GE0/0/1
AC-wlan-view]regulatory-domain-profile name domain
GE0/0/2 [AC-wlan-regulate-domain-default]country-code CN
Switch [AC-wlan-regulate-domain-default]quit

GE0/0/1 [AC-wlan-view]ap-group name ap-group1

[AC-wlan-ap-group-ap-group1]regulatory-domain-profile domain
AP Warning: Modifying the country code will clear channel, power and antenna
gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group1]quit
STA
[AC-wlan-view]quit

21 Huawei Confidential
Configuring an AP to Go Online (2/2)

IP network
 Configure the AC's source interface.
[AC]capwap source interface vlanif 100

 Import an AP that is offline on the AC.

AC

GE0/0/1 [AC]wlan
[AC-wlan-view]ap auth-mode mac-auth
GE0/0/2
[AC-wlan-view]ap-id 0 ap-mac 00e0-fc44-4270
Switch
[AC-wlan-ap-0]ap-name ap1
GE0/0/1 Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC-wlan-ap-0]ap-group ap-group1
AP Warning: This operation may cause AP reset. If the country code
changes, it will clear channel, power and antenna gain configurations of
the radio, Whether to continue? [Y/N]:y

STA [AC-wlan-ap-0]quit

22 Huawei Confidential
Verifying the AP Onboarding Configuration
 After the AP is powered on, run the display ap all command to check the AP state. If the State field displays nor, the
AP has gone online.

[AC]display ap all
Total AP information:
nor : normal [1]
Extra information:
P : insufficient power supply
-------------------------------------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime ExtraInfo
-------------------------------------------------------------------------------------------------------------------------------
0 00e0-fc44-4270 ap1 ap-group1 10.1.100.254 AirEngine5760-10 nor 0 10S -
-------------------------------------------------------------------------------------------------------------------------------
Total: 1

23 Huawei Confidential
Configuring WLAN Service Parameters (1/2)

IP Network  Create security profile employee and configure a security policy.

[AC-wlan-view]security-profile name employee

[AC-wlan-sec-prof-employee]security wpa-wpa2 psk pass-phrase
AC
a1234567 aes
GE0/0/1 [AC-wlan-sec-prof-employee]quit

GE0/0/2
Switch
 Create SSID profile employee and set the SSID name to employee.
GE0/0/1
[AC-wlan-view]ssid-profile name employee
AP [AC-wlan-ssid-prof-employee]ssid employee
[AC-wlan-ssid-prof-employee]quit

STA

24 Huawei Confidential
Configuring WLAN Service Parameters (2/2)
 Create VAP profile employee, set the data forwarding mode and service
IP Network
VLAN, and bind the security profile and SSID profile to the VAP profile.

[AC-wlan-view]vap-profile name employee

[AC-wlan-vap-prof-employee]forward-mode tunnel
AC [AC-wlan-vap-prof-employee]service-vlan vlan-id 101
[AC-wlan-vap-prof-employee]security-profile employee
GE0/0/1
[AC-wlan-vap-prof-employee]ssid-profile employee
GE0/0/2 [AC-wlan-vap-prof-employee]quit
Switch
 Bind VAP profile employee to the AP group so that configurations in
GE0/0/1
this VAP profile are applied to all radios on the AP.

AP [AC-wlan-view]ap-group name ap-group1

[AC-wlan-ap-group-ap-group1]vap-profile employee wlan 1 radio all
[AC-wlan-ap-group-ap-group1]quit

STA

25 Huawei Confidential
Checking VAP Profile Information
 The WLAN service configuration is automatically delivered to the AP. After the service configuration is complete,
run the display vap ssid employee command to check VAP profile information. If Status in the command output is
displayed as ON, the VAPs have been successfully created for the corresponding AP radios.
[AC-wlan-view]display vap ssid employee
WID : WLAN ID
-----------------------------------------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
-----------------------------------------------------------------------------------------------------------------
0 ap1 0 1 00E0-FC44-4270 ON WPA/WPA2-PSK 0 employee
0 ap1 1 1 00E0-FC44-4280 ON WPA/WPA2-PSK 0 employee
-----------------------------------------------------------------------------------------------------------------
Total: 2

26 Huawei Confidential
 Quiz

1. (True or False) After a VAP profile is configured, it can be bound only to an AP

group but not to a single AP.
A. True

B. False

27 Huawei Confidential
 Summary

 In this course, we go through the WLAN service configuration procedure,

including how an AP goes online and how to configure VAPs. WLAN service
configurations help you understand the service relationships between
WLAN profiles.

28 Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright©2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.