Huawei AR1200 SERIES Configuration Manual - Wlan
  1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Network Router
  5. AR1200 Series
  6. Configuration manual - wlan

Huawei AR1200 SERIES Configuration Manual - Wlan

Enterprise routers
Hide thumbs Also See for AR1200 SERIES:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Product Description
Huawei AR1200 Series Enterprise Routers
V200R001C01
Configuration Guide - WLAN
Issue
03
Date
2012-01-06
HUAWEI TECHNOLOGIES CO., LTD.

Advertisement

Table of Contents
loading

Related Manuals for Huawei AR1200 SERIES

Summary of Contents for Huawei AR1200 SERIES

  • Page 1 Huawei AR1200 Series Enterprise Routers V200R001C01 Configuration Guide - WLAN Issue Date 2012-01-06 HUAWEI TECHNOLOGIES CO., LTD.
  • Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.

  • Page 3: About This Document

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN About This Document About This Document Versions The following table provides the mapping between versions. Table 1 Mapping between VASP version and AR1200 version VASP AR1200 Remarks VASP ARV200R001C01 V100R003C00 Intended Audience This document provides the concepts, configuration procedures, and configuration examples supported by the AR1200.

  • Page 4: Command Conventions

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN About This Document Symbol Description Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, CAUTION performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time.
  • Page 5 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN About This Document Change History Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues. Changes in Issue 03 (2012-01-06) Based on issue 02 (2011-11-27), the document is updated as follows: The following information is modified: 1.4.5 Configuring a WLAN Service Set...

  • Page 6: Table Of Contents

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN Contents Contents About This Document........................ii 1 WLAN Configuration........................1 1.1 WLAN Overview...............................2 1.2 WLAN Features Supported by the AR1200.......................4 1.3 Configuring the WLAN Radio Environment.....................5 1.3.1 Establishing the Configuration Task......................5 1.3.2 Configuring a Radio QoS Policy.......................6 1.3.3 Configuring a Radio Profile........................8...
  • Page 7 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN Contents 3.2 WLAN QoS Features Supported by the AR1200.....................41 3.3 Configuring a Radio QoS Policy........................42 3.4 Configuring a VAP QoS Policy........................45 3.5 Configuration Examples...........................47 3.5.1 Example for Configuring a WLAN QoS Policy..................47...

  • Page 8: Wlan Configuration

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration WLAN Configuration About This Chapter This chapter describes how to configure the wireless local area network (WLAN) service in the fat AP networking mode. 1.1 WLAN Overview This section describes the concepts and application of WLAN.

  • Page 9: Wlan Overview

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration 1.1 WLAN Overview This section describes the concepts and application of WLAN. Introduction to WLAN A wireless local area network (WLAN) connects two or more computers or devices by using the wireless telecommunication technology to provide fast Ethernet access.
  • Page 10 WLAN NMS Uses the Simple Network Management Protocol (SNMP) or TR069 to manage APs. The WLAN NMS is provided by Huawei. Provides the authentication and accounting functions. A wireless link is established between a STA and an AP in the following process: Multiple APs on the WLAN periodically send Beacon frames.

  • Page 11: Wlan Features Supported By The Ar1200

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration An AP is a bridge that connects STAs to a LAN and converts frames exchanged between STAs and the LAN. SSID A service set identifier (SSID) identifies a service set. A STA scans all wireless networks and selects a wireless network based on the SSID.

  • Page 12: Configuring The Wlan Radio Environment

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration WLAN Configuration Roadmap As shown in Figure 1-2, the WLAN configuration roadmap is as follows: Configure radios for APs. Configure service sets for APs. Configure virtual APs (VAPs) and deliver VAP parameters to APs.

  • Page 13: Configuring A Radio Qos Policy

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Data Preparation To configure the WLAN radio environment, you need the following data. Data WMM profile name and (optional) WMM profile ID (Optional) WMM EDCA parameters for STAs: arbitration...
  • Page 14 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration The following information shows the default configuration of the WMM profile wp. [Huawei-wlan-view] display wmm-profile name wp Profile ID Profile name : wp WMM switch : enable Client EDCA parameters:...

  • Page 15: Configuring A Radio Profile

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration 1.3.3 Configuring a Radio Profile You can configure the radio type, radio rate, radio power mode, and channel mode in a radio profile and bind a Wi-Fi multimedia (WMM) profile to the radio profile. A radio profile can be applied to a radio only after a WMM profile is bound to the radio profile.

  • Page 16: Binding A Radio Profile To A Radio

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration The radio rate is set. Step 6 (Optional) Run: power-mode { auto | fixed } The radio power mode is set. The default power mode is auto. In this mode, the power of radios using the radio profile is set automatically based on the WLAN radio environment.

  • Page 17: Checking The Configuration

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Context A coverage hole is generated when an AP is removed or signals are blocked by an obstacle. An AP periodically checks for coverage holes. If the AP detects a coverage hole, it calibrates radios to eliminate the coverage hole.

  • Page 18: Configuring The Wlan Service

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Procedure Run the display wmm-profile { all | id profile-id | name profile-name } command to view information about a WMM profile. Run the display radio-profile { all | id profile-id | name profile-name } command to view information about a radio profile.

  • Page 19: Configuring A Wlan-Bss Interface

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Data Security profile name or ID and security parameters required for the specified authentication mode: l WEP shared key authentication: key value and key ID l WPA/WPA2 shared key authentication: key value...

  • Page 20: Configuring A Security Policy

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration A WLAN-BSS interface is created. Step 3 Run: { dot1x-authentication | mac-authentication } enable The authentication mode is configured on the WLAN-BSS interface. NOTE l The dot1x-authentication keyword must be configured when WPA/WPA2-dot1x authentication is used.
  • Page 21 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration After a security profile is configured, its default settings are: l Open system authentication and empty key if WEP is used l 802.1x+PEAP authentication and TKIP encryption if WPA1 is used l 802.1x+PEAP authentication and CCMP encryption if WPA2 is used...
  • Page 22 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration The shared key authentication and corresponding encryption mode are configured for the WPA/WPA2 policy. WAPI authentication Run: security-policy wapi The WAPI security policy is configured. Run: wapi authentication-method { certificate | psk { pass-phrase | hex } key } The authentication mode is set for the WAPI security policy.

  • Page 23: Configuring A Traffic Profile

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration 1.4.4 Configuring a Traffic Profile To apply the priority mapping and traffic suppression functions to a virtual access point (VAP), create a traffic profile and bind the traffic profile to a service set.

  • Page 24: Configuring A Wlan Service Set

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration ---------------------------- Tunnel priority(down) Mapping Mode:ToS(inner) to ToS(outer) ---------------------------- ToS(inner) ToS(outer) ---------------------------- NOTE An AP converts the 802.11 packet sent from a STA into an 802.3 packet before sending it to an Ethernet network.

  • Page 25: Configuring A Vap

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Context A service set defines key service parameters. After the service set is bound to a specified radio on an AP, the service parameters are applied to a WLAN service entity, namely, a virtual access point (VAP).

  • Page 26: Checking The Configuration

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Prerequisite A radio profile has been bound to the specified radio according to 1.3.4 Binding a Radio Profile to a Radio A service set has been configured according to 1.4.5 Configuring a WLAN Service...

  • Page 27: Configuration Examples

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Context CAUTION Exercise caution when resetting an AP because services on the AP will be interrupted. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: wlan The WLAN view is displayed.
  • Page 28 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Table 1-1 Data plan Item Data WLAN service WEP open system authentication and no encryption Service set l Name: huawei-1 l SSID: huawei-1 l WLAN virtual interface: WLAN-BSS 1...
  • Page 29 [Huawei] interface wlan-radio 0/0/0 [Huawei-Wlan-Radio0/0/0] service-set name huawei-1 [Huawei-Wlan-Radio0/0/0] quit Step 6 Verify the configuration. The WLAN with the SSID huawei-1 is available for STAs connected to the AP, and these STAs can connect to the WLAN without authentication. ----End Configuration Files...
  • Page 30 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 1 WLAN Configuration Huawei vlan 100 dhcp enable wlan global country-code cn interface Vlanif100 ip address 192.168.0.1 255.255.255.0 dhcp select interface interface Wlan-Bss1 port hybrid tagged vlan 100 wlan wmm-profile name wmm-1 id...

  • Page 31: Wlan Security Configuration

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration WLAN Security Configuration About This Chapter This chapter describes how to configure WLAN security in the fat AP networking mode. 2.1 WLAN Security Overview 2.2 WLAN Security Features Supported by the AR1200 The AR1200 supports a variety of WLAN security features, including access security policy management, station (STA) blacklist and whitelist management, and user isolation.

  • Page 32: Wlan Security Overview

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration 2.1 WLAN Security Overview The wireless security feature provided by 802.11 authentication can defend against common network attacks. However, 802.11 authentication cannot fully protect networks containing sensitive data because a few hackers can still access WLANs. To prevent unauthorized user access, a security mechanism more secure than 802.11 authentication is required.

  • Page 33: Wlan Security Features Supported By The Ar1200

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration The shared key authentication process is as follows: A wireless client initiates an authentication request to an AP. The AP then generates a Challenge packet (a character string) and sends it to the wireless client.

  • Page 34: Configuring An Access Security Policy

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration Access Security Policy Management Access security policy management allows you to configure an authentication mode for WLAN access users. The AR1200 supports four access security policies: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, and WLAN Authentication and Privacy Infrastructure (WAPI).
  • Page 35 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration Data WPA/WPA2 shared key l WAPI shared key if shared key authentication is used l AP certificate file and private key file, certificate of the AP certificate issuer, ASU certificate file name, and ASU...
  • Page 36 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration The WEP security policy is configured. Run: wep authentication-method share-key WEP shared key authentication is configured. Run: wep key { wep-40 | wep-104 } { pass-phrase | hex } key-id key-value The WEP shared key is configured.
  • Page 37 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration The AP certificate file, certificate of the AP certificate issuer, and ASU certificate file are imported. Run: wapi import private-key file-name file_name The AP private key file is imported.

  • Page 38: Configuring The Sta Blacklist And Whitelist

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration Encryption : WEP-40 Key 0 : ***** Key 1 : Empty Key 2 : Empty Key 3 : Empty Default key ID ------------------------------------------------------------ WPA's configuration Authentication : WPA 802.1x + PEAP...
  • Page 39 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: wlan The WLAN view is displayed. Step 3 Configure the blacklist and whitelist. Configure the blacklist.

  • Page 40: Configuration Examples

    Shared key authentication and WEP-40 encryption are used on the WLAN with the SSID huawei-2. WPA1 authentication and TKIP encryption are used on the WLAN with the SSID huawei-3. WPA2 authentication and CCMP encryption are used on the WLAN with the SSID huawei-4.
  • Page 41 ASU server's IP address: 10.10.10.1 Prerequisite The AP certificate file huawei-ap.cer, ASU certificate file huawei-asu.cer and Issuer certificate file huawei-issuer.cer have been saved in the flash card of the AP. Configuration Roadmap The configuration roadmap is as follows: Enable 802.1x authentication and configure AAA globally.
  • Page 42 Configure a security policy for security profile security-2. # Configure WEP shared key authentication, WEP-40 encryption, and key phrase 12345. [Huawei-wlan-view] security-profile name security-2 [Huawei-wlan-sec-prof-security-2] wep authentication-method share-key [Huawei-wlan-sec-prof-security-2] wep key wep-40 pass-phrase 0 12345 [Huawei-wlan-sec-prof-security-2] wep default-key 0 Issue 03 (2012-01-06) Huawei Proprietary and Confidential...
  • Page 43 [Huawei-wlan-sec-prof-security-5] quit Step 4 Create service sets and VAPs. # Create service set ss-1, specify SSID huawei-1 for it, bind traffic profile ctc, security profile security-1 and WLAN-BSS interface wlan-bss 0 to it, and deliver VAP parameters to radio 0.
  • Page 44 [Huawei-Wlan-Radio0/0/0] radio-profile name radio-1 [Huawei-Wlan-Radio0/0/0] service-set name ss-1 [Huawei-Wlan-Radio0/0/0] quit # Create service set ss-2, specify SSID huawei-2 for it, bind traffic profile ctc, security profile security-2 and WLAN-BSS interface wlan-bss 1 to it, and deliver VAP parameters to radio 0.
  • Page 45 On the WLAN with the SSID huawei-1, users can use the WLAN service without being authenticated. l On the WLAN with the SSID huawei-2, users can use the WLAN service only when they have the shared key. l On the WLAN with the SSID huawei-3 or huawei-4, users can use the WLAN service only when they pass 802.1x authentication.
  • Page 46 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 2 WLAN Security Configuration security-profile name security-2 id 2 wep authentication-method share-key wep key wep-40 pass-phrase 0 12345 security-profile name security-3 id 3 security-policy wpa security-profile name security-4 id 4 security-policy wpa2...

  • Page 47: Wlan Qos Configuration

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration WLAN QoS Configuration About This Chapter This chapter describes how to configure the QoS service in the fat AP networking mode. 3.1 WLAN QoS Overview The WLAN QoS feature provides services of different qualities for WLAN users.

  • Page 48: Wlan Qos Overview

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration 3.1 WLAN QoS Overview The WLAN QoS feature provides services of different qualities for WLAN users. An 802.11 network provides the competition-based wireless access service. Different applications have different requirements for networks; however, traditional networks cannot provide access services of different qualities for different applications.

  • Page 49: Configuring A Radio Qos Policy

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration ECWmin and ECWmax: determine the average backoff time. A larger value indicates a longer average backoff time. Transmission opportunity limit (TXOPLimit): determines the maximum duration in which an AP or a STA can occupy a channel.
  • Page 50 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration Applicable Environment A STA communicates with an AP by sending radio signals over a channel. To provide differentiated services for wireless users, configure a Wi-Fi multimedia (WMM) profile.
  • Page 51 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration ECWmax ECWmin AIFSN TXOPLimit AC_VO AC_VI AC_BE AC_BK --------------------------------------------------- AP EDCA parameters: --------------------------------------------------- ECWmax ECWmin AIFSN TXOPLimit Ack-Policy AC_VO normal AC_VI normal AC_BE normal AC_BK normal --------------------------------------------------- NOTE A STA communicates with an AP by sending radio signals over a channel.

  • Page 52: Configuring A Vap Qos Policy

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration 3.4 Configuring a VAP QoS Policy To apply the priority mapping and traffic suppression functions to a virtual AP (VAP), create a traffic profile and bind the traffic profile to a service set.
  • Page 53 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration Profile ID Profile name : traffic-profile-1 Client Limit Rate : 4294967295 Kbps(up) : 4294967295 Kbps(down) VAP Limit Rate : 4294967295 Kbps(up) : 4294967295 Kbps(down) 802.1p Mapping Mode: mapping...

  • Page 54: Configuration Examples

    Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration An AP terminates 802.11 packets sent from STAs, converts the 802.11 packets into 802.3 packets, and sends the 802.3 packets to an AC. To ensure the service quality for 802.3 packets, set packet priories to ensure proper scheduling.
  • Page 55 Security profile: huawei l SSID: huawei-2 l Traffic profile: huawei-vip l Security profile: huawei Radio profile of an AP Radio profile (huawei-vi) and WMM profile (huawei- Service VLAN VLAN 101 and VLAN 102 Configuration Roadmap The configuration roadmap is as follows: Configure basic attributes for the AR1200, including the country code and DHCP server address, so that the AR1200 can assign IP addresses to users.
  • Page 56 [Huawei-wlan-view] security-profile name huawei [Huawei-wlan-sec-prof-huawei] quit Step 5 Configure traffic profiles for the AP. # Create a traffic profile huawei and limit the VAP upstream rate to 1024 kbit/s and STA upstream rate to 512 kbit/s. [Huawei-wlan-view] traffic-profile name huawei...
  • Page 57 [Huawei-wlan-service-set-huawei-2] wlan-bss 2 [Huawei-wlan-service-set-huawei-2] quit Step 7 Configure a VAP. # Bind the radio profile and service sets huawei-1 and huawei-2 to a radio interface on the AP. Then VAP information is automatically created on the AR1200. [Huawei] interface Wlan-Radio 0/0/0...
  • Page 58 Huawei AR1200 Series Enterprise Routers Configuration Guide - WLAN 3 WLAN QoS Configuration radio-profile id 1 service-set id 0 wlan 1 service-set id 1 wlan interface Wlan-Bss1 port hybrid tagged vlan 101 interface Wlan-Bss2 port hybrid tagged vlan 102 return...

Table of Contents