H3C MSR Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. MSR Series
  6. Configuration manual

H3C MSR Series Configuration Manual

Comware 5 wlan
Hide thumbs Also See for MSR Series:
Table of Contents

Advertisement

Quick Links

See also: User Manual
H3C MSR Router Series
Comware 5 WLAN Configuration Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: MSR-CMW520-R2516
Document version: 20180820-C-1.13

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the MSR Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C MSR Series

Summary of Contents for H3C MSR Series

  • Page 1 H3C MSR Router Series Comware 5 WLAN Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW520-R2516 Document version: 20180820-C-1.13...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface This configuration guide describes fundamentals and configuration of WLAN Interface, WLAN Service, WLAN RRM, WLAN Security, WLAN IDS, and WLAN QoS. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: •...
  • Page 4 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 5 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Configuring WLAN interfaces ······························································ 1 Hardware compatibility with WLAN ································································································ 1 Configuring a WLAN radio interface ······························································································· 1 Configuring a WLAN BSS interface ································································································ 2 WLAN Ethernet interface ············································································································· 3 Entering WLAN Ethernet interface view ···················································································· 3 Configuring a WLAN Ethernet interface ···················································································· 3 Displaying and maintaining a WLAN interface ··················································································...
  • Page 7 Configuring WLAN security ······························································ 33 Overview ································································································································ 33 Authentication modes ········································································································· 33 WLAN data security ··········································································································· 34 Client access authentication ································································································ 35 Protocols and standards ····································································································· 35 Hardware compatibility with WLAN ······························································································ 35 Configuring WLAN security ········································································································ 36 Configuration task list ········································································································· 36 Enabling an authentication method ·······················································································...

  • Page 8: Configuring Wlan Interfaces

    NOTE: The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. • Wireless routers support WLAN radio interfaces, which are physical interfaces that provide wireless network access.

  • Page 9: Configuring A Wlan Bss Interface

    WLAN BSS interface is no greater than 31. For more information about IMC, see H3C Intelligent Management Center Getting Started Guide. Optional. Set the description string for By default, the description string description text the interface.

  • Page 10: Wlan Ethernet Interface

    WLAN Ethernet interface WLAN Ethernet interfaces are virtual Layer 3 interfaces. They operate like Layer 3 Ethernet interfaces. You can assign an IP address to a WLAN Ethernet interface. On a wireless router, a WLAN radio interface bound to a WLAN Ethernet interface operates as a Layer 3 interface. Entering WLAN Ethernet interface view Step Command...
  • Page 11 Step Command • ip count inbound-packets • ip count outbound-packets 10. Assign an IP address to the interface. ip address • ip forward-broadcast 11. Configure IP performance. • tcp mss 12. Configure policy-based routing. ip policy-based-route 13. Configure UDP helper. udp-helper server 14.
  • Page 12 Step Command • ospf timer poll • ospf timer retransmit • ospf trans-delay • rip authentication-mode • rip input • rip output • rip metricin • 20. Configure RIP. rip metricout • rip poison-reverse • rip split-horizon • rip summary-address •...
  • Page 13 Step Command • igmp last-member-query-interval • igmp max-response-time • igmp require-router-alert • igmp robust-count • igmp send-router-alert • igmp static-group • igmp timer other-querier-present • igmp timer query • igmp version • mld enable • mld last-listener-query-interval • mld max-response-time •...

  • Page 14: Displaying And Maintaining A Wlan Interface

    Step Command • firewall ethernet-frame-filter • firewall packet-filter 30. Configure firewall. • firewall packet-filter ipv6 • firewall aspf • nat outbound • 31. Configure NAT. nat outbound static • nat server • portal auth-network 32. Configure Portal. • portal server 33.
  • Page 15 Task Command Remarks exclude | include } regular-expression ] display interface wlan-bss interface-number [ brief ] [ | { begin | exclude | include } regular-expression ] display interface [ wlan-ethernet ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] Display information about WLAN Available in any view.

  • Page 16: Configuring Wlan Access

    Configuring WLAN access The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. WLAN access overview A WLAN can provide the following services: •...
  • Page 17 When a wireless client operates, it periodically searches for (scans) surrounding wireless networks. During active scanning, the wireless client actively sends probe request frames and obtains network signals from received probe response frames. Active scanning includes two modes according to whether a specified SSID is carried in a probe request. A client sends a probe request (with the SSID null, or, the SSID IE length is 0)—The client periodically sends a probe request frame on each of its supported channels to scan wireless networks.

  • Page 18: Hardware Compatibility With Wlan

    Figure 4 Passive scanning Authentication To secure wireless links, the wireless clients must be authenticated before accessing the AP, and only wireless clients passing the authentication can be associated with the AP. 802.11 links define two authentication mechanisms: open system authentication and shared key authentication. For more information about the two authentication mechanisms, see "Configuring WLAN security."...

  • Page 19: Wlan Access Configuration Task List

    Figure 5 Network diagram Printer Workgroup Bridge Client For an AP with two radios, you can configure one radio as a workgroup bridge and configure the other radio to provide normal access services. As shown in Figure 6, Radio 1 operates as a workgroup bridge, and Radio 2 provides normal access services.

  • Page 20: Configuring A Wlan Service Template

    Step Command Remarks By default, the country code for Specify the global country wlan country-code code North American models is US, code. and for other models is CN. Configuring a WLAN service template Creating a service template and specifying an SSID Step Command Remarks...

  • Page 21: Configuring The Maximum Number Of Associated Clients

    Configuring the maximum number of associated clients Step Command Remarks Enter system view. system-view Create a WLAN service wlan service-template You cannot change an existing template and enter WLAN service-template-number { clear | service template to another type. service template view. crypto } Configure the maximum number of clients allowed to...

  • Page 22: Configuring Radio Parameters

    Step Command Remarks Enable the fat AP to respond Optional. to probe requests with null broadcast-probe reply The default setting is enabled. SSID. Configuring radio parameters Configuring radio parameters Step Command Remarks Enter system view. system-view interface wlan-radio Enter radio interface view. interface-number radio-type { dot11b | dot11g Configure a radio type.

  • Page 23: Configuring 802.11N

    Step Command Remarks 12. Set the maximum number of Optional. retransmission attempts for long-retry threshold count By default, the long retry threshold frames larger than the RTS is 4. threshold. Optional. 13. Specify the maximum number of attempts to transmit a frame short-retry threshold count By default, the short retry shorter than the RTS threshold.

  • Page 24: Mapping A Service Template To A Radio

    Map a service template to service-template-number binding service, make sure the the radio. interface wlan-bss interface number of the WLAN interface-number BSS interface is no more than 31. For more information about IMC, see H3C Intelligent Management Center Getting Started Guide.

  • Page 25: Enabling A Radio

    Enabling a radio Step Command Remarks Enter system view. system-view interface wlan-radio Enter radio interface view. interface-number Optional. Enable the radio. undo shutdown By default, the radio is disabled. Displaying and maintaining WLAN access You can use the wlan link-test command to perform a Radio Frequency Ping (RFPing) operation to a client.

  • Page 26: Configuring Workgroup Bridge Mode

    To specify a permitted SSID: Step Command Remarks Enter system view. system-view If the specified user profile does Enter user profile view. user-profile profile-name not exist, this command creates it and enters its view. By default, no permitted SSID is Specify a permitted SSID.

  • Page 27: Displaying And Maintaining Workgroup Bridge

    Step Command Remarks client-mode Optional. Configure the authentication authentication-method method for the workgroup By default, open system { open-system | shared-key | bridge. authentication is used. wpa2-psk } client-mode cipher-suite { ccmp Optional. Configure the cipher suite | tkip | { wep40 | wep104 | and pre-shared key for the wep128 } [ key-id key-id ] } key By default, no cipher suite or...

  • Page 28: 802.11N Configuration Example

    [AP] interface wlan-bss 1 [AP-WLAN-BSS1] quit # Configure a clear type WLAN service template, with no authentication. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid abc [AP-wlan-st-1] authentication-method open-system [AP-wlan-st-1] service-template enable [AP-wlan-st-1] quit # Bind WLAN-Radio 2/0 to service template 1 and WLAN-BSS 1. [AP] interface WLAN-Radio 2/0 [AP-WLAN-Radio2/0] radio-type dot11g [AP-WLAN-Radio2/0] channel 1...

  • Page 29: Workgroup Bridge Mode Configuration Example

    [AP] interface wlan-bss 1 [AP-WLAN-BSS1] quit # Configure a clear type WLAN service template with no authentication. [AP] wlan service-template 1 clear [AP-wlan-st-1] ssid service [AP-wlan-st-1] authentication-method open-system [AP-wlan-st-1] service-template enable [AP-wlan-st-1] quit # Bind WLAN-Radio 2/0 to service template 1 and WLAN-BSS 1. [AP] interface WLAN-Radio 2/0 [AP-WLAN-Radio2/0] radio-type dot11gn [AP-WLAN-Radio2/0] service-template 1 interface WLAN-BSS 1...
  • Page 30 # Configure the SSID as China-net. [AP-WLAN-Radio2/0] client-mode ssid China-net # Connect the AP to the wireless network. [AP-WLAN-Radio2/0] client-mode connect [AP-WLAN-Radio2/0] return Verifying the configuration Use the display wlan client-mode radio command to display the configuration and connection status for the workgroup bridge. <AP>...
  • Page 31 • To configure VLAN settings for the uplink wireless interface on the workgroup bridge, make sure the uplink wireless interface has the same VLAN ID as the downlink Ethernet interface on the workgroup bridge.

  • Page 32: Configuring Wlan Rrm

    NOTE: The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview Radio signals are susceptible to surrounding interference. The causes of radio signal attenuation in different directions are very complex.

  • Page 33: Configuring Data Transmit Rates

    Configuring data transmit rates Configuring 802.11b/802.11g rates Step Command Remarks Enter system view. system-view Enter WLAN RRM view. wlan rrm Optional. By default, no rates are disabled. dot11b { disabled-rate | Mandatory rates are 1 and 2. The Configure rates for 802.11b. mandatory-rate | multicast-rate | multicast rate is automatically supported-rate } rate-value...
  • Page 34 Table 1 MCS data rate table (20 MHz) Data rate (Mbps) Number of MCS index Modulation spatial streams 800ns GI 400ns GI BPSK QPSK 13.0 14.4 QPSK 19.5 21.7 16-QAM 26.0 28.9 16-QAM 39.0 43.3 64-QAM 52.0 57.8 64-QAM 58.5 65.0 64-QAM 65.0...

  • Page 35: Configuring The Maximum Bandwidth

    Data rate (Mbps) Number of MCS index Modulation spatial streams 800ns GI 400ns GI 64-QAM 270.0 300.0 802.11 rates include three types: mandatory rates, supported rates, and multicast rates. • Mandatory rates—The AP must support mandatory rates. Clients can only associate with the AP when they support the mandatory rates.

  • Page 36: Configuring 802.11G Protection

    MSR80 MSR90 Feature MSR 20 MSR 30 MSR 50 20-1X MSR800 930-W-G SIC_WL SIC_WL SIC_WL SIC_WL -10-W U, and module module module module 930-W-G that that that that supports supports supports supports 802.11n 802.11n 802.11n 802.11n The configured maximum bandwidth does not take effect on radios enabled with intelligent bandwidth assurance.

  • Page 37: Configuring 802.11G Protection Mode

    Step Command Remarks disabled. Enabling 802.11g protection reduces network performance. Configuring 802.11g protection mode 802.11g protection modes include RTS/CTS and CTS-to-self. • RTS/CTS—An AP sends an RTS packet before sending data to a client. After receiving the RTS packet, all the devices within the coverage of the AP do not send data within the specified time.

  • Page 38: Configuring 802.11N Protection Mode

    • A non-802.11n client associates with the 802.11n AP. In this case, 802.11g protection is always enabled without manual intervention. • The 802.11n AP detects a non-802.11n BSS or some 802.11n packets that are not destined to it. To enable 802.11n protection, issue the dot11g protection enable command. To enable 802.11n protection: Step Command...

  • Page 39: Displaying And Maintaining Wlan Rrm

    Step Command Remarks By default, the scan mode is auto. Optional. Set the scan type. scan type { active | passive } By default, the scan type is passive. Optional. Set the scan report interval. scan report-interval seconds By default, the scan report interval is 10 seconds.

  • Page 40: Configuring Wlan Security

    Configuring WLAN security The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview The wireless security incorporated in 802.11 is inadequate for protecting networks that contain sensitive information.

  • Page 41: Wlan Data Security

    Figure 12 Shared key authentication process Client Authentication Request Authentication Response(Challenge) Authentication(Encrypted Challenge) Authentication Response(Success) WLAN data security Compared with wired networks, WLAN networks are more susceptible to attacks because all WLAN devices share the same medium and thus every device can receive data from any other sending device.

  • Page 42: Client Access Authentication

    Client access authentication PSK authentication To implement pre-shared key (PSK) authentication, the client and the authenticator must have the same shared key configured. Otherwise, the client cannot pass the PSK authentication. 802.1X authentication As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the port level.

  • Page 43: Configuring Wlan Security

    • MSR3600-51F. Configuring WLAN security Configuration task list To configure WLAN security in a service template, map the service template to a radio policy, and add radios to the radio policy. The SSID name, advertisement setting (beaconing), and encryption settings are configured in the service template. You can configure an SSID to support any combination of WPA, RSN, and Pre-RSN clients Task Remarks...

  • Page 44: Configuring The Gtk Rekey Method

    To configure the PTK lifetime: Step Command Remarks Enter system view. system-view Enter WLAN service wlan service-template template view. service-template-number crypto Optional. Configure the PTK lifetime. ptk-lifetime time By default, the PTK lifetime is 43200 seconds. Configuring the GTK rekey method A fat AP generates a group temporal key (GTK) and sends the GTK to a client during the authentication process between an AP and the client through group key handshake or the 4-way handshake.

  • Page 45: Configuring Security Ie

    Step Command Remarks Enable GTK rekey. gtk-rekey enable By default, GTK rekey is enabled. Configure GTK rekey gtk-rekey method packet-based The default packet number is based on packet. [ packet ] 10000000. Optional. By default, the device does not start Configure the device to GTK rekey when a client goes start GTK rekey when a...
  • Page 46 • WEP40/WEP104/WEP128 • TKIP • AES-CCMP Configuring WEP cipher suite The WEP encryption mechanism requires that the authenticator and clients on a WLAN have the same key configured. WEP adopts the RC4 algorithm (a stream encryption algorithm), supporting WEP40, WEP104 and WEP128 keys. You can use WEP with either open system or shared key authentication mode: •...

  • Page 47: Configuring Port Security

    Step Command Remarks countermeasures are taken. Configuring AES-CCMP cipher suite Step Command Remarks Enter system view. system-view Enter WLAN service wlan service-template template view. service-template-number crypto Enable the AES-CCMP By default, no cipher suite is cipher-suite ccmp cipher suite. selected. Configuring port security The authentication type configuration includes the following options: •...

  • Page 48: Displaying And Maintaining Wlan Security

    Configuring MAC address authentication 802.11i does not support MAC address authentication. To configure MAC address authentication: Step Command Enter system view. system-view Enter WLAN-BSS interface view. interface wlan-bss interface-number Enable MAC port security mode. port-security port-mode mac-authentication Configuring PSK and MAC address authentication For more information about port security configuration commands, see Security Configuration Guide.

  • Page 49: Wlan Security Configuration Examples

    Task Command Remarks information or statistics. statistics ] [ interface interface-list ] [ | { begin | exclude | include } regular-expression ] WLAN security configuration examples PSK authentication configuration example Network requirements As shown in Figure 13, perform PSK authentication with key 12345678 on the client. Figure 13 Network diagram Configuration procedure # Enable port security.

  • Page 50: Mac And Psk Authentication Configuration Example

    • You can use the display wlan client command and display port-security preshared-key user command to view the online clients. MAC and PSK authentication configuration example Network requirements As shown in Figure 14, perform MAC and PSK authentication on the client. Figure 14 Network diagram RADIUS server 10.18.1.88/24...
  • Page 51 On the page that appears, enter 12345678 for Shared Key, add ports 1812, and 1813 for Authentication Port and Accounting Port, respectively, select LAN Access Service for Service Type, select H3C for Access Device Type, and select or manually add an access device with the IP address 10.18.1.1, and click Apply.
  • Page 52 Figure 15 Adding an access device Add a service: a. Click the Service tab. b. Select Access Service > Access Device from the navigation tree. c. Click Add. d. On the page that appears, set the service name to mac, keep the default values for other parameters, and click Apply.
  • Page 53 Figure 17 Adding an account Configuring the RADIUS server (IMCv5) The following takes the IMC (the IMC versions are IMC PLAT 5.0 and IMC UAM 5.0) as an example to illustrate the basic configurations of the RADIUS server. Add an access device: a.

  • Page 54: 802.1X Authentication Configuration Example

    Figure 19 Adding a service Add an account: a. Click the User tab. b. Select User > All Access Users from the navigation tree to enter the user page. c. Click Add. d. On the page that appears, enter username 00146c8a43ff, set the account name and password both to 00146c8a43ff, select the service mac, and click Apply.
  • Page 55 Figure 21 Network diagram RADIUS server 10.18.1.88/24 IP network FAT AP L2 switch Client 10.18.1.1/24 Configuration procedure Configure the fat AP: # Enable port security. <Sysname> system-view [Sysname] port-security enable # Configure the 802.1X authentication mode as EAP. [Sysname] dot1x authentication-method eap # Create a RADIUS scheme rad, and specify the extended RADIUS server type.
  • Page 56 # Create crypto-type service template 1, configure its SSID as dot1x, and configure the tkip and ccmp cipher suite. [Sysname] wlan service-template 1 crypto [Sysname-wlan-st-1] ssid dot1x # Enable the RSN-IE in the beacon and probe responses and enable the AES-CCMP cipher suite in the encryption of frames.
  • Page 57 Figure 22 Configuring the wireless card (1)
  • Page 58 Figure 23 Configuring the wireless card (2)

  • Page 59: Supported Combinations For Ciphers

    Figure 24 Configuring the wireless card (3) Verifying the configuration. • Enter the username user and password dot1x. The client can pass 802.1X authentication and access the WLAN. • You can use the display wlan client command, display connection command and display dot1x command to view the online clients.
  • Page 60 Unicast cipher Broadcast cipher Authentication method Security Type CCMP TKIP CCMP CCMP TKIP WEP40 TKIP WEP104 TKIP WEP128 TKIP TKIP CCMP WEP40 802.1X CCMP WEP104 802.1X CCMP WEP128 802.1X CCMP TKIP 802.1X CCMP CCMP 802.1X TKIP WEP40 802.1X TKIP WEP104 802.1X TKIP WEP128...
  • Page 61 Unicast cipher Broadcast cipher Authentication method Security Type TKIP WEP128 802.1X TKIP TKIP 802.1X Pre-RSN For Pre-RSN stations, the WLAN-WSEC module supports only WEP cipher suites. (WEP40, WEP104 and WEP128 are mutually exclusive). Unicast cipher Broadcast cipher Authentication method Security Type WEP40 WEP40 Open system...

  • Page 62: Configuring Wlan Ids

    Configuring WLAN IDS The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview 802.11 networks are susceptible to a wide array of threats such as unauthorized access points and clients, ad hoc networks, and DoS attacks.

  • Page 63: Blacklist And White List

    Flood attack detection A flood attack refers to the case where WLAN devices receive large volumes of frames of the same kind within a short span of time. When this occurs, the WLAN devices are overwhelmed. Consequently, they are unable to service normal clients. WIDS attacks detection counters flood attacks by constantly keeping track of the density of traffic generated by each device.

  • Page 64: Hardware Compatibility With Wlan

    If the source MAC address does not match any entry in the white list, the frame is dropped. If there is a match, the frame is considered valid and is processed further. If no white list entries exist, the static and dynamic blacklists are searched. If the source MAC address matches an entry in any of the two lists, the frame is dropped.

  • Page 65: Configuring Ap Operating Mode

    Configuring AP operating mode A WLAN consists of various APs that span across the building offering WLAN services to the clients. The administrator may want some of these APs to detect rogue devices. The administrator can configure an AP to operate in any of the three modes, normal, monitor, or hybrid. •...

  • Page 66: Configuring Blacklist And Whitelist

    Task Command Remarks Clear the history of attacks reset wlan ids history Available in user view. detected by the WLAN system. Clear the statistics of attacks reset wlan ids statistics Available in user view. detected in the WLAN system. Configuring blacklist and whitelist Perform this task to configure the static blacklist, static white list, enable dynamic blacklist feature, and configure the lifetime for dynamic entries.

  • Page 67: Displaying And Maintaining Blacklist And Whitelist

    Displaying and maintaining blacklist and whitelist Task Command Remarks display wlan blacklist { static | dynamic } [ | Display blacklist entries. Available in any view. { begin | exclude | include } regular-expression ] display wlan whitelist [ | { begin | Display white list entries.

  • Page 68: Blacklist And Whitelist Configuration Example

    [AP-wlan-st-1] ssid service [AP-wlan-st-1] authentication-method open-system [AP-wlan-st-1] service-template enable [AP-wlan-st-1] quit # Bind WLAN-Radio 2/0 to service template 1 and WLAN-BSS 1. [AP] interface Wlan-radio 2/0 [AP-Wlan-radio2/0] service-template 1 interface WLAN-BSS 1 [AP-Wlan-radio2/0] quit # Configure the AP to operate in hybrid mode. It scans rogue devices and provides access services. [AP] wlan device-detection enable Blacklist and whitelist configuration example Network requirements...

  • Page 69: Configuring Wlan Qos

    Configuring WLAN QoS The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module. Overview An 802.11 network offers contention-based wireless access. To provide applications with QoS services, IEEE developed 802.11e for the 802.11-based WLAN architecture.
  • Page 70 queue. The idle duration increases as the AIFSN value increases (see Figure 28 for the AIFS durations). • Exponent form of CWmin (ECWmin) and exponent form of CWmax (ECWmax)—Determine the average backoff slots, which increases as the two values increase (see Figure 28 for the backoff slots).

  • Page 71: Protocols And Standards

    (except the TXOPLimit parameter for devices using 802.11b radio cards) unless it is necessary to modify the default settings. • When the radio card of a device is 802.11b, H3C recommends that you set the TXOPLimit values of the AC-BK, AC-BE, AC-VI, and AC-VO queues to 0, 0, 188, and 102, respectively. •...

  • Page 72: Configuration Procedure

    Configuration procedure Step Command Remarks Enter system view. system-view Enter WLAN-radio interface interface wlan-radio view. radio-number By default, WMM is enabled. The 802.11n protocol stipulates that all 802.11n clients support WLAN QoS. Therefore, when the Enable WMM. wmm enable radio operates in 802.11gn mode, you should enable WMM.

  • Page 73: Displaying And Maintaining Wmm

    Table 4 The default EDCA parameters for APs AC queue AIFSN ECWmin ECWmax TXOP Limit AC-BK queue AC-BE queue AC-VI queue AC-VO queue Displaying and maintaining WMM Task Command Remarks display wlan statistics client { all | mac-address Display WLAN statistics of the mac-address } [ | { begin | Available in any view.
  • Page 74 [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping. [Sysname] interface Ethernet 1/0 [Sysname-Ethernet1/0] qos trust dot1p [Sysname-Ethernet1/0] quit # Create a clear-type WLAN service template, configure its SSID as market, configure its authentication method as Open System, and then enable the WLAN service template.
  • Page 75 [Sysname] interface ethernet 1/0 [Sysname-Ethernet1/0] qos trust dot1p [Sysname-Ethernet1/0] quit # Create a clear-type WLAN service template, configure its SSID as market, configure its authentication method as Open System, and then enable the WLAN service template. [Sysname] wlan service-template 1 clear [Sysname-wlan-st-1] ssid market [Sysname-wlan-st-1] authentication-method open-system [Sysname-wlan-st-1] service-template enable...

  • Page 76: Troubleshooting

    # Configure interface WLAN-BSS 1 to use the 802.11e priority of received packets for priority mapping. <Sysname> system-view [Sysname] interface wlan-bss 1 [Sysname-WLAN-BSS1] qos trust dot11e [Sysname-WLAN-BSS1] quit # Configure interface Ethernet 1/0 to use the 802.1p priority of received packets for priority mapping.

  • Page 77: Configuring Client Rate Limiting

    Analysis The SVP packet priority mapping function or CAC takes effect only after WMM is enabled. Solution Use the wmm enable command to enable the WMM function. Check the state of the SVP priority mapping function or CAC again. The SVP packet priority mapping function takes effect on only non-WMM clients. Check whether the client is a non-WMM client.

  • Page 78: Client Rate Limiting Configuration Example

    Client rate limiting configuration example Network requirements The fat AP is connected to Switch. Configure client rate limiting on the fat AP, so that fat AP limits the incoming traffic in static mode and limits the outgoing traffic in dynamic mode for the clients. Figure 32 Network diagram Configuration procedure # Create a WLAN-ESS interface.
  • Page 79 Inbound Static 8000 Outbound Dynamic 8000 -------------------------------------------------------------------------------- When only Client 1 accesses the WLAN through SSID service, the available bandwidth is limited to around 8000 kbps. When both Client 1 and Client 2 access the WLAN through SSID service, the bandwidth available for the traffic from either Client 1 or Client 2 to the AP is limited to around 8000 kbps, and the bandwidth available for the traffic from the AP to either Client 1 or Client 2 is limited to around 4000 kbps.

  • Page 80: Index

    Index C D H O S W Hardware compatibility with WLAN,57 Hardware compatibility with WLAN,11 Configuration task list,25 Hardware compatibility with WLAN,64 Configuring 802.11g protection,29 Hardware compatibility with WLAN,25 Configuring 802.11n protection,30 Hardware compatibility with WLAN,35 Configuring a WLAN BSS interface,2 Hardware compatibility with WLAN,1...

This manual is also suitable for:

Msr 800Msr 900-eMsr 900Msr 930Msr 20-1xH3c msr 50 ... Show all

Table of Contents