H3C WA Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Wireless Access Point
  5. WA Series
  6. Configuration manual
H3C WA Series Configuration Manual

H3C WA Series Configuration Manual

Hide thumbs Also See for WA Series:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C WA Series WLAN Access Points
WLAN Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W100-20100910

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WA Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C WA Series

Summary of Contents for H3C WA Series

  • Page 1 H3C WA Series WLAN Access Points WLAN Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 6W100-20100910...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 The H3C WA documentation set includes 10 configuration guides, which describe the software features for the H3C WA series WLAN access points and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply the software features to different network scenarios.
  • Page 4 Means an action or information that needs special attention to ensure successful configuration or good performance. Means a complementary description. Means techniques helpful for you to make configuration with ease. About the H3C WA Documentation Set The H3C WA documentation set includes: Category Documents...

  • Page 5: Obtaining Documentation

    Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 6: Table Of Contents

    Table of Contents 1 Applicable Models and Software Versions .....................1-1 2 Feature Matrix ............................2-1 3 Command/Parameter Matrix........................3-1 4 WLAN Interface Configuration .........................4-1 Overview ..............................4-1 WLAN-Radio Interface ..........................4-1 Introduction............................4-1 Configuring a WLAN-Radio Interface ....................4-1 WLAN-BSS Interface ..........................4-2 Introduction............................4-2 Configuring a WLAN-BSS Interface ....................4-2 WLAN Mesh Interface ..........................4-3 Introduction............................4-3 Entering WLAN Mesh Interface View ....................4-3...
  • Page 7 6 WLAN RRM Configuration ........................6-1 Overview ..............................6-1 Configuration Task list..........................6-1 Configuring Data Transmission Rates ....................6-2 Configuring 802.11a/802.11b/802.11g Rates .................6-2 Configuring 802.11n Rates......................6-2 Configuring Power Constraint .........................6-3 Prerequisites............................6-3 Configuring Power Constraint ......................6-3 Configuring Only Non-802.11h Channels to Be Scanned ..............6-4 Configuring Only Non-802.11h Channels to Be Scanned...............6-4 Enabling 802.11g Protection........................6-4 Displaying and Maintaining WLAN RRM ....................6-4 7 WLAN IDS Configuration ..........................7-1...
  • Page 8 Deployment Scenarios ........................9-2 WDS Configuration Task List........................9-3 Configuring WDS Port Security .......................9-3 Configuring a Mesh Profile ......................9-4 Configuring an MP Policy ........................9-4 Mapping a Mesh Profile to the Radio of an MP................9-5 Mapping an MP Policy to the Radio of an MP.................9-5 Specifying a Peer MAC Address on the Radio ................9-6 Displaying and Maintaining WDS......................9-6 WDS Configuration Examples ........................9-6...

  • Page 9: Applicable Models And Software Versions

    Read this chapter before using an H3C WA series WLAN access point. Applicable Models and Software Versions H3C WA series WLAN access points include the WA2200 series and WA2600 series. Table 1-1 shows the applicable models and software versions.

  • Page 10: Feature Matrix

    Feature Matrix Support of the H3C WA series WLAN access points for features, commands and parameters may vary by device model. See this document for more information. For information about feature support, see Table 2-1. For information about command and...

  • Page 11: Command/Parameter Matrix

    Command/Parameter Matrix Table 3-1 Command/Parameter matrix Document Module Command/Parameter WA2200 series WA2600 series display ip https Not supported Supported ip https acl Not supported Supported Fundamentals Command HTTP commands ip https certificate Not supported Supported Reference access-control-policy ip https enable Not supported Supported a-mpdu enable...
  • Page 12 Document Module Command/Parameter WA2200 series WA2600 series The maximum number of broadcast packets pps max-pps pps max-pps broadcast-suppression that can be ranges from 1 to ranges from 1 to { ratio | pps max-pps } forwarded on an 148810. 1488100. Ethernet interface per second The maximum...

  • Page 13: Wlan Interface Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 14: Wlan-Bss Interface

    To do… Use the Command… Remarks Optional Set the description string for the description text By default, the description string of an interface interface is interface-name + interface. Optional Shut down the WLAN-Radio shutdown interface By default, a WLAN-Radio interface is up. WLAN-BSS Interface Introduction WLAN-BSS interfaces are virtual Layer 2 interfaces.

  • Page 15: Wlan Mesh Interface

    WLAN Mesh Interface Introduction WLAN mesh interfaces are Layer 2 virtual interfaces. You can use them as configuration templates to make and save settings for WLAN mesh link interfaces. Once a WLAN mesh link interface is created, you will not be allowed to change the settings on its associated WLAN mesh interface. Entering WLAN Mesh Interface View Follow these steps to enter WLAN mesh interface view: To do…...

  • Page 16: Wlan Security Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 17: Wlan Data Security

    Figure 5-1 Open system authentication process Client Authentication request Authentication response Shared key authentication The following figure shows a shared key authentication process. The two parties have the same shared key configured. The client sends an authentication request to the AP. The AP randomly generates a challenge and sends it to the client.

  • Page 18: Client Access Authentication

    Wired Equivalent Privacy (WEP) was developed to protect data exchanged among authorized users in a wireless LAN from casual eavesdropping. WEP uses RC4 encryption for confidentiality. WEP encryption falls into static and dynamic encryption according to how a WEP key is generated. Static WEP encryption With Static WEP encryption, all clients using the same SSID must use the same encryption key.

  • Page 19: Protocols And Standards

    PSK authentication Both WPA wireless access and WPA2 wireless access support PSK authentication. To implement PSK authentication, the client and the authenticator must have the same shared key configured. 802.1X authentication As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the port level.

  • Page 20: Configuring The Ptk Lifetime

    Follow these steps to enable the authentication method: To do… Use the command… Remarks Enter system view system-view — wlan service-template Enter WLAN service service-template-number Required template crypto Optional Open system authentication method is used by default. Shared key authentication is usable only when authentication-method Enable an WEP encryption is adopted.

  • Page 21: Configuring Security Ie

    To do… Use the command… Remarks Enter system view system-view — wlan service-template Enter WLAN service template view — service-template-number crypto Required Enable GTK rekey gtk-rekey enable By default, GTK rekey is enabled. Required gtk-rekey method time-based Configure the GTK rekey interval By default, the interval is 86400 time seconds.

  • Page 22: Configuring Cipher Suit

    Disable 802.1X online user handshake function before starting PTK and GTK negotiation. Configuring WPA security IE Wi-Fi Protected Access (WPA) ensures greater protection than WEP. WPA operates in either WPA-PSK (or called Personal) mode or WPA-802.1X (or called Enterprise) mode. In Personal mode, a pre-shared key or pass-phrase is used for authentication.
  • Page 23 In open system authentication mode, a WEP key is used for encryption only. A client can go online without having the same key as the authenticator. But, if the receiver has a different key from the sender, it will discard the packets received from the sender. In shared key authentication mode, the WEP key is used for both encryption and authentication.

  • Page 24: Configuring Port Security

    Configuring TKIP Follow these steps to configure TKIP: To do… Use the command… Remarks Enter system view system-view — wlan service-template Enter WLAN service template Required service-template-number crypto Enable the TKIP cipher suite cipher-suite tkip Required Optional Set TKIP counter measure time tkip-cm-time time By default, the counter measure time value is 60 seconds.
  • Page 25 To do… Use the command… Remarks Enter system view system-view — interface wlan-bss Enter WLAN-BSS interface view Required interface-number Required Enable 11key negotiation port-security tx-key-type 11key Not enabled by default. Required port-security preshared-key Configure the key { pass-phrase | raw-key } key Not configured by default.

  • Page 26: Displaying And Maintaining Wlan Security

    To do… Use the command… Remarks Required Enable 11key negotiation port-security tx-key-type 11key Not enabled by default. Enable the PSK and MAC port-security port-mode Required port security mode. mac-and-psk Required port-security preshared-key Configure the pre-shared key The key is a string of 8 to 63 { pass-phrase | raw-key } key characters, or a 64-digit hex number.

  • Page 27: Wlan Security Configuration Examples

    WLAN Security Configuration Examples PSK Authentication Configuration Example Network requirements As shown in Figure 5-3, the AP is connected to the Switch. The PSK key configured on the client side is 12345678. The same PSK key is configured on the AP. It is required to perform PSK authentication on the client.

  • Page 28: Mac-And-Psk Authentication Configuration Example

    You can use the display wlan client and display port-security preshared-key user commands to view the online clients. MAC-and-PSK Authentication Configuration Example Network Requirements As shown in Figure 5-4, a fat AP is connected to a RADIUS server through a Layer 2 switch, and they are in the same network.
  • Page 29 Add 12345678 for Shared Key. Add ports 1812, and 1813 for Authentication Port and Accounting Port respectively. Select LAN Access Service for Service Type. Select H3C for Access Device Type. Select or manually add an access device with the IP address 10.18.1.1. 5-14...
  • Page 30 Figure 5-5 Add access device # Add service. Select the Service tab, and then select Access Service > Access Device from the navigation tree to enter the add service page. Then click Add on the page to enter the following configuration page. Set the service name to mac, and the others keep the default values.

  • Page 31: 802.1X Authentication Configuration Example

    Add an account and password 00146c8a43ff. Select the service mac. Figure 5-7 Add account Verify the configuration After the client passes the MAC-and-PSK authentication, the client can associate with the AP and access the WLAN. You can use the display wlan client command, display connection command and display mac-authentication command to view the online clients.
  • Page 32 [AP] dot1x authentication-method eap # Configure a RADIUS scheme name rad. Configure the IP addresses of both the primary authentication and authorization servers as 10.18.1.88, the shared key of the authentication, authorization, and accounting servers as 12345678, and configure the scheme to exclude the ISP domain name from the usernames sent to the RADIUS server.
  • Page 33 Add ports 1812, and 1813 for Authentication Port and Accounting Port respectively. Select LAN Access Service for Service Type. Select H3C for Access Device Type. Select or manually add an access device with the IP address 10.18.1.1. Figure 5-9 Add access device # Add service.
  • Page 34 Figure 5-10 Add service # Add account. Select the User tab, and then select Users > All Access Users from the navigation tree to enter the user page. Then, click Add on the page to enter the page shown in Figure 5-11.
  • Page 35 Double click the icon at the bottom right corner of your desktop. The Wireless Network Connection Status window appears. Click the Properties button in the General tab. The Wireless Network Connection Properties window appears. In the Wireless Networks tab, select wireless network with the SSID dot1x, and then click Properties.
  • Page 36 Figure 5-12 Configure the wireless card (I) 5-21...
  • Page 37 Figure 5-13 Configure the wireless card (II) 5-22...

  • Page 38: Dynamic Wep Encryption-802.1X Authentication Configuration Example

    Figure 5-14 Configure the wireless card (III) Verify the configuration. The client can pass 802.1X authentication and associate with the AP. You can use the display wlan client command, display connection command and display dot1x command to view the online clients. Dynamic WEP Encryption-802.1X Authentication Configuration Example Network requirements As shown in...
  • Page 39 Figure 5-15 Network diagram for dynamic WEP encryption-802.1X authentication Configuration procedure Configure the AP <Sysname> system-view [Sysname] port-security enable [Sysname] dot1x authentication-method eap # Create RADIUS scheme rad, and specify the extended RADIUS server type. [Sysname] radius scheme rad [Sysname-radius-rad] primary authentication 10.18.1.88 [Sysname-radius-rad] primary accounting 10.18.1.88 [Sysname-radius-rad] key authentication 12345678 [Sysname-radius-rad] key accounting 12345678...

  • Page 40: Supported Combinations For Ciphers

    Configure the RADIUS server (iMC) Configure the RADIUS server (iMC). Configure the wireless card Configure the wireless card. Configuration verification After inputting username user and password dot1x in the popup dialog box, the client can associate with the AP and access the WLAN. You can use the display wlan client, display connection, and display dot1x commands to view online client information.
  • Page 41 For WPA, the WLAN-WSEC module supports the CCMP and TKIP ciphers as the pair wise ciphers and WEP cipher suites will only be used as group cipher suites. Below are the cipher suite combinations that WLAN-WSEC supports for WPA (WEP40, WEP104 and WEP128 are mutually exclusive). Unicast cipher Broadcast cipher Authentication method...

  • Page 42: Wlan Rrm Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 43: Configuring Data Transmission Rates

    Task Remarks Configuring Data Transmission Rates Optional Configuring Power Constraint Optional Configuring Only Non-802.11h Channels to Be Scanned Optional Enabling 802.11g Protection Optional Configuring Data Transmission Rates Configuring 802.11a/802.11b/802.11g Rates Follow these steps to configure 802.11a/802.11b/802.11g rates: To do… Use the command… Remarks system-view Enter system view...

  • Page 44: Configuring Power Constraint

    For example, if you specify the maximum MCS index as 5 for mandatory rates, rates corresponding to MCS indexes 0 through 5 are configured as 802.11n mandatory rates. Mandatory rates must be supported by the AP and the clients that want to associate with the AP. Supported rates allow some clients that support both mandatory and supported rates to choose higher rates when communicating with the AP.

  • Page 45: Configuring Only Non-802.11H Channels To Be Scanned

    Configuring Only Non-802.11h Channels to Be Scanned Configuring Only Non-802.11h Channels to Be Scanned Follow these steps to configure only non-802.11h channels to be scanned: To do… Use the command… Remarks Enter system view system-view — Enter WLAN RRM view wlan rrm —...

  • Page 46: Wlan Ids Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 47: Wlan Ids Ips

    Ad-hoc mode: A station in ad-hoc mode can directly communicate with other stations without support from any other device. WLAN IDS IPS WLAN IDS IPS is a sub-feature of WLAN IDS. WLAN IDS IPS supports detection of the following attacks: Flood attack Weak IV attack Spoofing attack...

  • Page 48: Configuring Ids Attack Detection

    Configuring IDS Attack Detection Configuring IDS Attack Detection Follow these steps to configure IDS attack detection: To do… Use the command… Remarks Enter system view system-view — Enter IDS view wlan ids — Required attack-detection enable { all | Enable IDS attack detection flood | weak-iv | spoof } Disabled by default.

  • Page 49: Configuring Wids-Frame Filtering

    When an AP receives an 802.11 frame, it checks the source MAC address of the frame and processes the frame as follows: If the source MAC address does not match any entry in the white list, the frame is dropped. If there is a match, the frame is considered valid and will be further processed.

  • Page 50: Configuring Static White And Black Lists

    Configuring Static White and Black Lists Follow these steps to configure static white and black lists: To do… Use the command… Remarks system-view Enter system view — Enter WLAN IDS view wlan ids — Add an entry into the white list whitelist mac-address mac-address Optional Add an entry into the static black list...
  • Page 51 Figure 7-2 WLAN IDS frame filtering configuration Configuration procedure # Add MAC address 0000-000f-1211 of Client 1 into the blacklist. <AP> system-view [AP] wlan ids [AP-wlan-ids] static-blacklist mac-address 0000-000f-1211 After the above configuration, Client 1 cannot access the AP, and other clients can access the network.

  • Page 52: Wlan Qos Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 53: Wmm Protocol Overview

    Connection admission control (CAC) limits the number of clients that are using high-priority ACs (AC-VO and AC-VI) to guarantee sufficient bandwidth for existing high-priority traffic. U-APSD Unscheduled automatic power-save delivery (U-APSD) is a new power saving mechanism defined by WMM to enhance the power saving capability of clients. SpectraLink voice priority (SVP) is a voice priority protocol designed by the Spectralink company to guarantee QoS for voice traffic.
  • Page 54 Figure 8-1 Per-AC channel contention parameters in WMM CAC admission policies CAC requires that a client obtain permission of the AP before it can use a high-priority AC (AC-VO or AC-VI) for transmission, thus guaranteeing required bandwidth to the clients that have gained accesses. CAC controls real time traffic (AC-VO and AC-VI traffic) but not common data traffic (AC-BE and AC-BK traffic).

  • Page 55: Protocols And Standards

    SVP can assign packets with the protocol ID 119 in the IP header to a specific AC. SVP stipulates that random backoff is not performed for SVP packets. Therefore, you can set both ECWmin and ECWmax to 0 when there are only SVP packets in an AC. ACK policy WMM defines two ACK policies: Normal ACK and No ACK.
  • Page 56 To do… Use the command… Remarks wmm edca client { ac-be | Optional ac-bk } { aifsn aifsn-value | Set the EDCA parameters of ecw ecwmin ecwmin-value By default, a client uses the default EDCA AC-BE or AC-BK for clients ecwmax ecwmax-value | parameters shown in Table...

  • Page 57: Displaying And Maintaining Wmm

    Table 8-2 Default EDCA parameters for APs AIFSN ECWmin ECWmax TXOP Limit AC-BK AC-BE AC-VI AC-VO Displaying and Maintaining WMM To do... Use the command… Remarks Display the WMM statistics of display wlan statistics client { all | mac-address Available in any view the specified client or clients.

  • Page 58: Cac Service Configuration Example

    [AP-Ethernet1/0/1] quit # Create a clear-type WLAN service template, configure its SSID as market, configure its authentication method as open-system, and then enable the WLAN service template. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid market [AP-wlan-st-1] authentication-method open-system [AP-wlan-st-1] service-template enable # Configure the radio type as 802.11g for radio interface WLAN-Radio 1/0/2, and bind service template 1 to interface WLAN-BSS1 on the radio interface.

  • Page 59: Troubleshooting

    # Create a clear-type WLAN service template, configure its SSID as market, configure its authentication method as open-system, and then enable the WLAN service template. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid market [AP-wlan-st-1] authentication-method open-system [AP-wlan-st-1] service-template enable # Configure the radio type as 802.11g for radio interface WLAN-Radio 1/0/2, and bind service template 1 to interface WLAN-BSS1 on the radio interface.
  • Page 60 Solution Use the wmm enable command to enable the WMM function. Check the state of the SVP priority mapping function or CAC again.

  • Page 61: Wds Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 62: Deployment Scenarios

    Easy to deploy in scenarios of metro, company, office, large warehouses, manufacturing, ports and waterfronts and so on Deployment Scenarios The WDS feature provides the following three topologies as required by actual applications. Point to point bridge connection As shown in Figure 9-1, AP 1 and AP 2 create a WDS bridge link to connect LAN segment 1 and LAN segment 2 to form a unified LAN.

  • Page 63: Wds Configuration Task List

    Figure 9-3 Mesh bridging LAN Segment 2 MP 2 MP 4 MP 3 MP 1 LAN Segment 1 WDS Configuration Task List Complete the following tasks to configure WDS: Task Remarks Configuring WDS Port Security Required Configuring a Mesh Profile Required Configuring an MP Policy Optional...

  • Page 64: Configuring A Mesh Profile

    For more information about the port-security tx-key-type, port-security preshared-key, and port-security port-mode commands, see Port Security in the Security Command Reference. Configuring a Mesh Profile A mesh profile is created and mapped to an MP so that it can provide WDS services to other MPs that have the same mesh profile mapped.

  • Page 65: Mapping A Mesh Profile To The Radio Of An Mp

    To do… Use the command… Remarks Optional Configure the link saturation RSSI link-saturation-rssi value 100 dBm by default Optional Configure the probe request probe-request-interval By default, the probe request interval is interval interval-value 1000 ms. Optional link rate-mode { fixed | Configure the link rate mode real-time } The default link rate mode is fixed.

  • Page 66: Specifying A Peer Mac Address On The Radio

    Specifying a Peer MAC Address on the Radio You need to specify the MAC addresses of allowed peers on the local radio interface. Follow these steps to specify a peer MAC address on a radio interface: To do… Use the command… Remarks Enter system view system-view...
  • Page 67 Figure 9-4 WDS point to point configuration LAN Segment 2 AP 2 AP 1 LAN Segment 1 Configuration procedure Because the WDS point to point configuration made on the two APs are similar, the following only gives the configuration on AP 1. # Enable port security.

  • Page 68: Wds Point To Multi-Point Configuration Example

    [AP1-WLAN-Radio1/0/1] mesh-profile 1 The configuration of AP 2 is the same as that of AP 1. You only need to configure the peer MAC address as the MAC address of AP 1. Configuration verification After the devices on the two ends of the WDS link are configured, you can use the display command to view whether the WDS link has been established successfully.

  • Page 69: Wlan Service Configuration

    The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region. Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.

  • Page 70: Wireless Client Access

    Fat AP A fat AP controls and manages all associated wireless stations and bridges frames between wired and wireless networks. SSID The service set identifier. A client scans all networks at first, and then selects a specific SSID to connect to a specific wireless network.
  • Page 71 Figure 10-2 Active scanning (the SSID of the probe request is null, that is, no SSID information is carried) When the wireless client is configured to access a specific wireless network or has already been connected to a wireless network, the client periodically unicasts a probe request carrying the specified SSID of the configured or connected wireless network.

  • Page 72: 802.11 Overview

    Authentication To secure wireless links, a wireless client must be authenticated before accessing an AP, and only wireless clients passing the authentication can be associated with the AP. 802.11 links define two authentication mechanisms: open system authentication and shared key authentication. Open system authentication Shared key authentication For more information about the two types of authentication, see WLAN Security in the WLAN...

  • Page 73: Wlan Topologies

    Ethernet to Dot11 Frame Conversion Keep Alive Mechanism Idle Timeout Mechanism Clear Channel Search WLAN Topologies WLAN has the following topologies: Single BSS Multiple ESS Single ESS Multiple BSS Single BSS Coverage of an access point is called a Basic Service Set (BSS). Each BSS is identified by the BSSID. The most basic WLAN network can be established with only one BSS.
  • Page 74 Figure 10-6 Multiple ESS network Generally, Fat AP can provide more than one logical ESS at the same time. The configuration of ESS in Fat AP can broadcast the current information of ESS by Beacon or Probe response frames. Client can select an ESS it is interested to join.

  • Page 75: Protocols And Standards

    Protocols and Standards For more information on protocols and standards, see: ANSI/IEEE Std 802.11, 1999 Edition IEEE Std 802.11a IEEE Std 802.11b IEEE Std 802.11g IEEE Std 802.11i IEEE Std 802.11-2004 Configuring WLAN Service WLAN service configuration includes WLAN global configuration, country code, service template and radio configuration.

  • Page 76: Configuring A Service Template

    To do… Use the command… Remarks Enter system view system-view — Required Specify the country code wlan country-code code By default the country code is CN. For relations between country codes and countries, see WLAN Command Reference. Configuring a Service Template WLAN service template includes the attributes such as SSID, authentication algorithm (open-system or shared key) information.

  • Page 77: Configuring The Radio Of An Ap

    Configuring the Radio of an AP Follow these steps to configure the radio of an AP: To do… Use the command… Remarks system-view Enter system view — interface wlan-radio Enter radio interface view — interface-number Specify a radio type for the radio-type { dot11b | dot11g | Required radio...

  • Page 78: Configuring 802.11N

    To do… Use the command… Remarks Set the maximum number of Optional attempts for transmitting a frame long-retry threshold count The default count is 4. larger than the RTS threshold Specify the maximum number of Optional short-retry threshold count attempts to transmit a frame The default count is 7.

  • Page 79: Configuring Uplink Detection

    To do… Use the command… Remarks Optional Enable the short GI function short-gi enable Enabled by default. Optional Enable the A-MSDU function a-msdu enable Enabled by default. Optional Enable the A-MPDU function a-mpdu enable Enabled by default. Support for the configuration of 802.11n rates depends on the device model. For information about Modulation and Coding Scheme (MCS) index and mandatory and supported 802.11n rates, see WLAN RRM in the WLAN Configuration Guide.

  • Page 80: Displaying And Maintaining Wlan Service

    To do… Use the command… Remarks Enter system view system-view — Optional Specify the uplink interface wlan uplink-interface By default, no interface is (Ethernet interface) interface-type interface-number configured as an uplink interface. Optional Specify the uplink interface (radio wlan uplink-interface mesh-link By default, no interface is interface) interface-type interface-number...

  • Page 81: Enabling Wlan Client Isolation

    Figure 10-10 User isolation network diagram As shown in Figure 10-10, after the fat AP is enabled with user isolation, clients 1 through 4 cannot access each other directly, or learn one another’s MAC and IP addresses. Enabling WLAN Client Isolation Follow these steps to enable WLAN client isolation: To do…...

  • Page 82: 802.11N Configuration Example

    Configuration procedure Configuration on the fat AP # Create a WLAN BSS interface. <AP> system-view [AP] interface WLAN-BSS 1 [AP-WLAN-BSS1] quit # Configure a clear-type service template, and configure its SSID as service, specify the open-system authentication mode, and enable the WLAN service template. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid service [AP-wlan-st-1] authentication-method open-system...
  • Page 83 Configuration procedure Configuration on the fat AP # Create a WLAN-ESS interface. <AP> system-view [AP] interface WLAN-BSS 1 [AP-WLAN-BSS1] quit # Configure a clear-type service template, and configure its SSID as service, specify the open-system authentication mode, and enable the WLAN service template. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid service [AP-wlan-st-1] authentication-method open-system...

  • Page 84: Index

    Index 802.11 Overview 10-4 Protocols and Standards 10-7 Configuration Task list Supported Combinations for Ciphers 5-25 Configuring Data Transmission Rates Configuring IDS Attack Detection Configuring Only Non-802.11h Channels to Troubleshooting Be Scanned Configuring Power Constraint WDS Configuration Examples Configuring Uplink Detection 10-11 WDS Configuration Task List Configuring WIDS-Frame Filtering...

Table of Contents