Professional Documents
Culture Documents
# Add GE0/0/1 and GE0/0/2 on SwitchA to VLAN 100. The default VLAN of GE0/0/1 is
VLAN 100.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SwitchA-GigabitEthernet0/0/1] port-isolate enable
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SwitchA-GigabitEthernet0/0/2] quit
----------------------------------------------
# Add GE0/0/1 and GE0/0/2 on SwitchB (aggregation switch) to VLAN 100, and GE0/0/2
and GE0/0/3 to VLAN 101.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 101
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 101
[SwitchB-GigabitEthernet0/0/3] quit
-----------------------------------------------------------------------------------
-----------
# Add GE1/0/0 on Router to VLAN 101. Create VLANIF 101 and set its IP address to
10.23.101.2/24.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 101
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] port link-type trunk
[Router-GigabitEthernet1/0/0] port trunk allow-pass vlan 101
[Router-GigabitEthernet1/0/0] quit
[Router] interface vlanif 101
[Router-Vlanif101] ip address 10.23.101.2 24
[Router-Vlanif101] quit
-----------------------------------------------------------------------------------
--------------
Configure the AC to communicate with the network devices
-----------------------------------------------------------------------------------
-------------------
-----------------------------------------------------------------------------------
-----------
[SwitchB] dhcp enable
[SwitchB] interface vlanif 101
[SwitchB-Vlanif101] ip address 10.23.101.1 24
[SwitchB-Vlanif101] dhcp select interface
[SwitchB-Vlanif101] dhcp server gateway-list 10.23.101.2
[SwitchB-Vlanif101] quit
-----------------------------------------------------------------------------------
----
Configure a route from the AC to DNS server.
[AC] wlan
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] quit
-----------------------------------------------------------------------------------
-----------------------
# Create a regulatory domain profile, configure the AC country code in the profile,
and apply the profile to the AP group.
-----------------------------------------------------------------------------------
--------------------------
# Import the AP offline on the AC and add the AP to AP group ap-group1. Assume that
the AP's MAC address is 60de-4476-e360. Configure a name for the AP based on the
AP's deployment location, so that you can know where the AP is deployed from its
name. For example, name the AP area_1 if it is deployed in Area 1.
In this example, the AP5030DN is used and has two radios: radio 0 (2.4 GHz radio)
and radio 1 (5 GHz radio).
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
[AC-wlan-ap-0] ap-name area_1
Warning: This operation may cause AP reset. Continue? [Y/N]:y
[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will
clear channel, power and antenna gain configuration
s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit
-----------------------------------------------------------------------------------
-----------------
# After the AP is powered on, run the display ap all command to check the AP state.
If the State field is displayed as nor, the AP goes online successfully.
[AC-wlan-view] display ap all
Total AP information:
nor : normal [1]
Extra information:
P : insufficient power supply
Total: 1
-----------------------------------------------------------------------------------
--------------------------
Configure local authentication.
# Configure the local authentication scheme wlan-net.
[AC] aaa
[AC-aaa] authentication-scheme wlan-net
[AC-aaa-authen-wlan-net] authentication-mode local
[AC-aaa-authen-wlan-net] quit
-----------------------------------------------------------------------------------
--------------------------
# Configure the user name, password, and service type of the local user.
[AC-aaa] local-user guest password cipher guest@123
[AC-aaa] local-user guest service-type web
[AC-aaa] quit
-----------------------------------------------------------------------------------
----------------
-----------------------------------------------------------------------------------
-----------------
# Configure the SSL policy default_policy and load the digital certificate.
-----------------------------------------------------------------------------------
--------------------
# Check the configuration of the SSL policy. The status of the CA and local
certificates must be loaded.
Policy ID : 2
Policy type : Server
Cipher suite : rsa_aes_128_sha256 rsa_aes_256_sha256
PKI realm : abc
Version : tls1.0 tls1.1 tls1.2
Cache number : 32
Time out(second) : 3600
Server certificate load status : loaded
CA certificate chain load status : loaded
SSL renegotiation status : enable
Bind number : 1
SSL connection number : 0
-----------------------------------------------------------------------------------
------------------------------------------------------------------------------
Configure the Portal access profile wlan-net
# Enable the built-in Portal server function.
-----------------------------------------------------------------------------------
-------
# Create the Portal access profile wlan-net and configure it to use the built-in
Portal server.
-----------------------------------------------------------------------------------
-------------------
-----------------------------------------------------------------------------------
--------------------------
[AC] wlan
[AC-wlan-view] security-profile name wlan-net
[AC-wlan-sec-prof-wlan-net] quit
-----------------------------------------------------------------------------------
---------------------------
# Create SSID profile wlan-net and set the SSID name to wlan-net.
-----------------------------------------------------------------------------------
--------------------------
# Create VAP profile wlan-net, configure the data forwarding mode and service
VLANs, and apply the security profile, SSID profile, and authentication profile to
the VAP profile.
-----------------------------------------------------------------------------------
--------------------------
# Bind VAP profile wlan-net to the AP group and apply the profile to radio 0 and
radio 1 of the AP.