FAT AP v200r005 Configuration Two layer transparent mode (web& command line, start)

Background: vlan123: User Service Vlan,192.168.1.0/24 VLAN2001: Management vlan,172.168.129.0/24 Vlan1: Default VLAN, not recommended. Precautions: When you configure a service set, the WLAN-BSS interface cannot be reused or missing. The VLAN configuration of the wired port needs to be referenced by the upstream switch. Special Note: Configuration for reference, VLAN and IP segment subject to actual business. "Prerequisite Preparation": Add the Management IP 192.168.1.100, after switching vlan123 with the new IP to login A. Log in to the Web interface and click the WLAN Configuration Wizard in the Configuration Wizard B. Configure the wired port. Two-tier mode is available for access. Different types of differences and comparisons: http://forum.huawei.com/enterprise/thread-278705.html C. Create a new virtual interface to host the IP address. This is used only for management, not three-layer exchange. Previously configured, you can skip D. DHCP service, skip, generally by uplink device to allocate. E. Configure the country code for the AP. F. Configure 2.4G RF, dual-band APS can choose two, but the configuration Wizard can only implement one RF. To the new RF template page Input parameters. Special note: At the beginning of this version, the RF type cannot be manually adjusted and will be automatically adapted. (V200r003 also configure 802.11BGN and 802.11an) To the new WMM template page. Enter a name, and the others do not change. G. User authentication method H. Configuring service Sets There are 4 modules in the service set that need to be configured in turn. -Configure the SSID to display the signal name externally -Flow profile for speed limit. If there is no special requirement, only one name is required. -Security templates, wireless network security settings Encryption recommends selecting WPA2+PSK+CCMP. If you want to implement a password-free, use the default parameters. -BSS interface. Wireless air interface for connecting the wireless user's logical interfaces. Review service sets after determining Check the previous configuration, after completion, prompt for success. I. Configuring routing (only for administrative use, not business-agnostic) J. Finally remember to save the top right corner of the page. If you want to turn on dual-band functionality, another radio frequency is done through the WLAN business configuration. Similarly, you need to create a template that can be manipulated in the RF templates and service set counterparts. To modify an RF template: To modify a service set and a child template:

VLAN Batch 123 2001 # Interface Vlanif123 IP address 192.168.1.100 255.255.255.0 # Interface Vlanif2001 IP address 172.168.129.116 255.255.255.0 # Interface gigabitethernet0/0/0 Port Link-type Trunk Port Trunk allow-pass VLAN 123 2001 # Interface Wlan-bss0 Port hybrid Pvid VLAN 123 Port hybrid untagged VLAN 123 # Interface Wlan-bss1 Port hybrid Pvid VLAN 123 Port hybrid untagged VLAN 123 # Interface NULL0 # IP route-static 0.0.0.0 0.0.0.0 172.168.129.1//For managing APS, business agnostic # Wlan Wmm-profile name WMMF ID 0 Traffic-profile name HW-WM ID 2 Security-profile name hw-sec ID 0 Security-policy WPA2 WPA2 Authentication-method PSK pass-phrase cipher%@% @Wk, 1MS) 36cp~e8vij4i18k) m%@%@ Encryption-method ccmp Security-profile Name Default ID 1 Service-set name Hw-set ID 0 WLAN-BSS 0 SSID Hw-ssid Traffic-profile ID 2 Security-profile ID 0 Service-set name hw-5g ID 1 WLAN-BSS 1 SSID hw-5g Traffic-profile ID 2 Security-profile ID 0 Radio-profile name radiof ID 0 Wmm-profile ID 0 # Interface wlan-radio0/0/0//2.4G Radio-profile ID 0 Service-set ID 0 # Interface WLAN-RADIO0/0/1//5g Radio-profile ID 0 Service-set ID 1 Return It can also be simplified (in 5G, for example, if the pvid of an upstream switch is a business vlan123): # Interface VLANIF1 IP address 192.168.1.100 255.255.255.0 # Interface Wlan-bss0 Port hybrid Pvid VLAN 1 Port hybrid untagged VLAN 1 # Wlan Wmm-profile name WMMF ID 0 Traffic-profile name HW-WM ID 2 Security-profile name hw-sec ID 0 Security-policy WPA2 WPA2 Authentication-method PSK pass-phrase cipher%@% @Wk, 1MS) 36cp~e8vij4i18k) m%@%@ Encryption-method ccmp Security-profile Name Default ID 1 Service-set name hw-5g ID 1 WLAN-BSS 1 SSID hw-5g Traffic-profile ID 2 Security-profile ID 0 Radio-profile name radiof ID 0 Wmm-profile ID 0 # Interface WLAN-RADIO0/0/1//5g Radio-profile ID 0 Service-set ID 1

Actual configuration: Command line configuration:

[Huawei]dis current-Configuration # HTTP Secure-server ssl-Policy default_policy HTTP server enable# clock timezone Bei Jing time Add ,:xx:xx# DNS Resolve #vlan batch123 2001#lldp enable #pki Realm default enrollment self-SIGNED#SSL policy default_policy type server PKI-Realm DEFAULT#AAA Authentication-Scheme Default Authorization-Scheme default Accounting-scheme Default domain Default domain default_admin local-user Admin Password irreversible-cipher%@%@x"rg8gldnwfsme+%cme&| wpr_ry&%h+8uuz%t^ed_a&~wpu|%@%@Local-user Admin Privilege level theLocal-user Admin Service-typeSSHHTTP # interface VLANIF1 IP address169.254.1.1 255.255.0.0# interface Vlanif123 IP address192.168.1.100 255.255.255.0# interface Vlanif2001 IP address172.168.129.116 255.255.255.0# interface GigabitEthernet0/0/0Port Link-type access port default VLAN123mac-learning Priority3# interface Wlan-Bss0 Port hybrid Pvid VLAN123Port hybrid untagged VLAN123# interface Wlan-Bss1 Port hybrid Pvid VLAN123Port hybrid untagged VLAN123# interface NULL0 # Info-center Timestamp Log format-Date# Undo SNMP-Agent #SSHClient first- TimeEnable Stelnet server enable undo Telnet Server Enable # IP Route-static0.0.0.0 0.0.0.0 172.168.129.1# User-interface Con0Authentication-mode password set authentication password cipher%@%@2#P: Kfxtto6:o (6g ' u^<,.g ' ~CW; #TbyeC2e%qse85^=.gc,%@%@user-interface vty0 4Authentication-Mode AAA Protocol InboundSSHUser-interface vty -  -protocol Inbound All # WLAN WMM-profile name WMMFID 0WMM-profile name DefaultID 1Traffic-profile name DefaultID 0Traffic-profile name Hw-wmID 2Security-profile name Hw-secID 0Security-Policy WPA2 WPA2 authentication-method PSK pass-phrase cipher%@%@m) gp3kz1i;>wiw$wx]a (zo7o%@%@ encryption-Method CCMP Security-profile name DefaultID 1Service-set name Hw-setID 0Wlan-bss0SSID HW-SSID Traffic-profileID 2Security-profileID 0Service-set name hw-5gID 1Wlan-bss1SSID HW-5G Traffic-profileID 2Security-profileID 0Radio-profile name RadiofID 0WMM-profileID 0Radio-profile name DefaultID 1WMM-profileID 1Radio-profile name huawei-5gID 2Calibrate-interval720WMM-profileID 0# interface Wlan-radio0/0/0Radio-profileID 0Service-setID 0Wlan1# interface Wlan-radio0/0/1Radio-profileID 2Service-setID 1Wlan1# undo NTP-service Enable # return [H Uawei]

Reference: http://forum.huawei.com/enterprise/zh/thread-236265-1-1.html

FAT AP v200r005 Configuration Two layer transparent mode (web& command line, start)