Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-WLAN Service Configuration | 356.9 KB |
Table of Contents
Single ESS Multiple BSS (The multiple radio case)
Configuring Global WLAN Parameters
Configuring a Service Template
Configuring the Radio of an AP
Displaying and Maintaining WLAN Service
Configuring WLAN Client Isolation
Enabling WLAN Client Isolation
WLAN Service Configuration Examples
WLAN Service Configuration Example
l The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
l Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.
l The interface types and the number of interfaces vary by AP model.
l The term AP in this document refers to common APs, wireless bridges, or mesh APs.
This chapter includes these sections:
l Configuring Uplink Detection
l Displaying and Maintaining WLAN Service
l Configuring WLAN Client Isolation
l WLAN Service Configuration Examples
WLAN Service Overview
Wireless Local Area Networks (WLAN) have become very popular because they are very easy to setup and use, and have low maintenance cost. Generally, one or more access points (APs) can cover a building or an area. A WLAN is not completely wireless because the servers in the backbone are fixed.
The WLAN solution allows you to provide the following wireless LAN services to your customers:
l WLAN client connectivity to conventional 802.3 LANs
l Secured WLAN access with different authentication and encryption methods
l Seamless roaming of WLAN clients in the mobility domain
Terminology
Client
A handheld computer, a laptop with a wireless Network Interface Card (NIC), or a terminal supporting WiFi can be a WLAN client.
Access point (AP)
An AP bridges frames between wireless and wired networks.
Fat AP
A fat AP controls and manages all associated wireless stations and bridges frames between wired and wireless networks.
SSID
The service set identifier. A client scans all networks at first, and then selects a specific SSID to connect to a specific wireless network.
Wireless medium
A medium that is used for transmitting frames between wireless clients. Radio frequency is used as the wireless medium in the WLAN system.
Wireless Client Access
A wireless client access process involves three steps: active/passive scanning surrounding wireless services, authentication, and association, as shown in Figure 1-1.
Figure 1-1 Establish a client access
Scanning
A wireless client can get the surrounding wireless network information in two ways, passive scanning or active scanning. With passive scanning, a wireless client gets wireless network information through listening to Beacon frames sent by surrounding APs; with active scanning, a wireless actively sends a probe request frame during scanning, and gets network signals by received probe response frames.
Actually, when a wireless client operates, it usually uses both passive scanning and active scanning to get information about surrounding wireless networks.
1) Active scanning
When a wireless client operates, it periodically searches for (that is, scans) surrounding wireless networks. Active scanning falls into two modes according to whether a specified SSID is carried in a probe request.
l A client sends a probe request (with no SSID, which means the length of the SSID is 0.): The client broadcasts a probe request frame on each of the supported channels to scan wireless networks. APs that receive the probe request frame send a probe response frame. The client associates with the AP with the strongest signal. This active scanning mode enables a client to know the available wireless services and then access the target wireless network.
l When the wireless client is configured to access a specific wireless network or has already been connected to a wireless network, the client periodically unicasts a probe request carrying the specified SSID of the configured or connected wireless network. When an AP that can provide the wireless service with the specified SSID receives the probe request, it sends a probe response. This active scanning mode enables a client to access a specified wireless network. The active scanning process is as shown in Figure 1-3.
Figure 1-3 Active scanning (the probe request carries the specified SSID AP 1)
2) Passive scanning
Passive scanning is used by clients to discover surrounding wireless networks through listening to the beacon frames periodically sent by an AP. All APs providing wireless services periodically send beacons frames, so that wireless clients can periodically listen to beacon frames on the supported channels to get information about surrounding wireless networks. Passive scanning is used by a client when it wants to save battery power. Typically, VoIP clients adopt the passive scanning mode. The passive scanning process is as shown in Figure 1-4.
Authentication
To secure wireless links, a wireless client must be authenticated before accessing an AP, and only wireless clients passing the authentication can be associated with the AP. 802.11 links define two authentication mechanisms: open system authentication and shared key authentication.
l Open system authentication
l Shared key authentication
For more information about the two types of authentication, see WLAN Security in the WLAN Configuration Guide.
Association
A client that wants to access a wireless network via an AP must be associated with that AP. Once the client chooses a compatible network with a specified SSID and passes the link authentication to an AP, it sends an association request frame to the AP. The AP detects the capability information carried in the association request frame, determines the capability supported by the wireless client, and sends an association response to the client to notify the client of the association result. Usually, a client can associate with only one AP at a time, and an association process is always initiated by the client.
Other related frames
1) De-authentication
A de-authentication frame can be sent by either an AP or wireless client to break an existing link. In a wireless system, de-authentication can occur due to many reasons, such as:
l Receiving an association/disassociation frame from a client which is unauthenticated.
l Receiving a data frame from a client which is unauthenticated.
l Receiving a PS-poll frame from a client which is unauthenticated.
l The validity timer for a client expires and the port is not secured.
2) Dissociation
A dissociation frame can be sent by an AP or a wireless client to break the current wireless link. In wireless the system, dissociation can occur due to many reasons, such as:
l Receiving a data frame from a client which is authenticated and unassociated.
l Receiving a PS-Poll frame from a client which is authenticated and unassociated.
A dissociation frame is either unicast or broadcast.
802.11 Overview
The following functions are provided by Fat-AP WMAC:
l Beacon generation
l Handling Probe Request
l Handling Open System Authentication
l Handling (Re) Association
l Handling De-authentication
l Handling Disassociation
l Power Management
l Fragmentation and Defragmentation
l Dot11 to Ethernet Frame Conversion
l Ethernet to Dot11 Frame Conversion
l Keep Alive Mechanism
l Idle Timeout Mechanism
l Clear Channel Search
WLAN Topologies
WLAN has the following topologies:
l Single BSS
l Multiple ESS
l Single ESS Multiple BSS
Single BSS
Coverage of an access point is called a Basic Service Set (BSS). Each BSS is identified by the BSSID. The most basic WLAN network can be established with only one BSS. All wireless clients associate with same BSS. If those clients have same authorization, they can communicate with each other. Figure 1-5 shows the single BSS network.
The clients are able to communicate with each other and are also able to reach a host in the Internet. Communication between clients within the same BSS shall be carried out by the Fat AP.
Multi-ESS
All the clients under the same logical administration form an extended service set (ESS). This multi-ESS topology describes a scenario where more than one ESS exists. When a mobile client joins the AP, it can join one of the available ESSs. Figure 1-6 shows the multiple ESS network.
Figure 1-6 Multiple ESS network
Generally, Fat AP can provide more than one logical ESS at the same time. The configuration of ESS in Fat AP can broadcast the current information of ESS by Beacon or Probe response frames. Client can select an ESS it is interested to join.
The different ESS domains can be configured on the fat AP. The fat AP can be configured to allow advertising and accepting Clients in these ESS domains once there credentials are accepted.
Single ESS Multiple BSS (The multiple radio case)
This topology describes a usage where a fat AP has more than one radio in single logical administration. Both radios support same service set in the same ESS; but since the coverage area is logically different, they belong to different BSSs.
Figure 1-7 Single ESS Multiple BSS network
This can be used in scenarios where 802.11a and 802.11b/g need to be supported together. Figure 1-7 shows two clients connected to different radios but belonging to the same ESS and different BSSs.
Protocols and Standards
For more information on protocols and standards, see:
l ANSI/IEEE Std 802.11, 1999 Edition
l IEEE Std 802.11a
l IEEE Std 802.11b
l IEEE Std 802.11g
l IEEE Std 802.11i
l IEEE Std 802.11-2004
Configuring WLAN Service
WLAN service configuration includes WLAN global configuration, country code, service template and radio configuration.
|
Task |
Description |
|
Optional |
|
|
Required |
|
|
Required |
|
|
Required |
|
|
Required |
Configuring Global WLAN Parameters
Follow these steps to configure global WLAN parameters
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the idle timeout interval |
wlan client idle-timeout interval |
Optional By default, the idle timeout interval is 3600 seconds. |
|
Configure the keep alive timeout interval for the client |
wlan client keep-alive interval |
Optional By default, keep alive function is disabled. |
|
Enable the fat AP to respond to the probe requests with the SSID null sent by the client |
wlan broadcast probe reply |
Optional Enabled by default. |
Specifying the Country Code
A country code identifies the country in which you want to operate the radio. It determines characteristics such as operating power level and total number of channels available for the transmission of frames. You need to configure the valid country code before configuring the fat AP.
Follow these steps to configure the country code:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify the country code |
wlan country-code code |
Required By default the country code is CN. |
For relations between country codes and countries, see WLAN Command Reference.
Configuring a Service Template
WLAN service template includes the attributes such as SSID, authentication algorithm (open-system or shared key) information. Service template can be clear or crypto type. If one service template exists and it is of type clear, you cannot change it to crypto. To change the service template from clear to crypto you must delete the existing service template, and configure a new service template again with type as crypto.
Follow these steps to configure a WLAN service template:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a WLAN service template |
wlan service-template service-template-number { clear | crypto } |
Required By default, a clear type service template exists. |
|
Specify the service set identifier |
ssid ssid-name |
Required |
|
Disable the advertising of SSID in beacon frames |
beacon ssid-hide |
Optional By default, the SSID is advertised in the beacon frames. |
|
Specify the maximum number of clients allowed to associate with the same radio |
client max-count max-number |
Optional 64 by default. |
|
Enable the authentication method |
authentication-method { open system | shared key } |
Required For more information about shared key authentication, see WLAN Security in the WLAN Configuration Guide. |
|
Enable the service template |
service-template enable |
Required By default, the service template is disabled. |
Configuring the Radio of an AP
Follow these steps to configure the radio of an AP:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter radio interface view |
interface wlan-radio interface-number |
— |
|
Specify a radio type for the radio |
radio-type { dot11b | dot11g | dot11a } |
Required |
|
Map a service template to the current radio |
service-template service-template-number interface wlan-bss interface-number |
Required |
|
Specify a channel number for the radio |
channel { channel-number | auto } |
Optional By default, auto mode is enabled. The working channel of a radio varies with country codes and radio types. The channel list depends on your device model. |
|
Specify the maximum radio power |
max-power max-power |
Optional By default, the maximum radio power varies with country codes, channels, AP models, radio types and antenna types. If 802.11n is adopted, the maximum radio power also depends on the bandwidth mode. |
|
Specify the type of preamble |
preamble { long | short } |
Optional By default, the short preamble is supported. |
Configuring a Radio Interface
A set of radio parameters can be configured for a radio interface. If a radio interface is mapped to a radio (for example, 802.11b/g or 802.11a), all parameters configured for the radio interface apply to the radio.
Follow these steps to configure a radio interface:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter radio interface view |
interface wlan-radio interface-number |
Required |
|
Set the interval for sending beacon frames |
beacon-interval interval |
Optional 100 time units (TUs) by default. |
|
Set the number of beacon intervals between DTIM frames |
dtim counter |
Optional The default is 1. |
|
Specify the fragmentation threshold |
fragment-threshold size |
Optional By default, the fragmentation threshold is 2346 bytes. |
|
Specify the Request to Send (RTS) threshold |
rts-threshold size |
Optional By default, the RTS threshold is 2346 bytes. |
|
Set the maximum number of attempts for transmitting a frame larger than the RTS threshold |
long-retry threshold count |
Optional The default count is 4. |
|
Specify the maximum number of attempts to transmit a frame shorter than the RTS threshold |
short-retry threshold count |
Optional The default count is 7. |
|
Specify the duration for the AP to hold received packets |
max-rx-duration duration |
Optional By default, the duration is 2000 milliseconds. |
Configuring 802.11n
As the next generation wireless LAN technology, 802.11n supports both 2.4 GHz and 5 GHz bands. It provides higher-speed services to customers by using the following two methods:
1) Increasing bandwidth: 802.11n can bond two adjacent 20-MHz channels together to form a 40-MHz channel. During data forwarding, the two 20-MHz channels can work separately with one acting as the primary channel and the other acting as the secondary channel or work together as a 40-MHz channel. This provides a simple way of doubling the data rate.
2) Improving channel utilization through the following ways:
l A-MPDU frame: By aggregating multiple message protocol data units (MPDUs) and using only one PHY header for the aggregate MPDUs (A-MPDU), the overhead in transmission and the number of ACK frames to be used are reduced, and thus improves channel utilization.
l A-MSDU: Multiple MAC service data units (MSDU) can be aggregated into a single A-MSDU. This reduces the MAC header overhead and thus improves MAC layer forwarding efficiency and channel utilization.
l Short GI function at the physical layer: This feature shortens the guard interval (GI) of 800 us in 802.11a/g to 400 us. This feature effectively reduces the channel idle time, and improves channel utilization. The short GI feature can increase the performance by about 10 percent.
Follow these steps to configure 802.11n:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter radio interface view |
interface wlan-radio interface-number |
— |
|
Enter radio view |
radio-type { dot11an | dot11gn } |
— |
|
Specify the bandwidth mode for the radio |
channel band-width { 20 | 40 } |
Optional By default, the 802.11an radio operates in 40 MHz mode; the 802.11gn radio operates in 20 MHz mode. |
|
Enable access permission for 802.11n clients only |
client dot11n-only |
Optional By default, an 802.11a/n radio permits both 802.11a and 802.11n clients to access, and an 802.11g/n radio permits both 802.11g and 802.11n clients to access. |
|
Enable the short GI function |
short-gi enable |
Optional Enabled by default. |
|
Enable the A-MSDU function |
a-msdu enable |
Optional Enabled by default. |
|
Enable the A-MPDU function |
a-mpdu enable |
Optional Enabled by default. |
l Support for the configuration of 802.11n rates depends on the device model.
l For information about Modulation and Coding Scheme (MCS) index and mandatory and supported 802.11n rates, see WLAN RRM in the WLAN Configuration Guide.
Configuring Uplink Detection
A fat AP connects to a wired network through an uplink Ethernet interface or radio interface in bridge mode, as shown in Figure 1-8 and Figure 1-9. If the uplink Ethernet interface or radio interface fails, the fat AP and associated clients cannot access the wired network. With uplink detection enabled, as long as its uplink interface fails, the AP stops providing WLAN services and the SSID of the AP is not available for the clients to access the WLAN until it recovers. In this way, WLAN clients will select other APs (if any) to access the network.
Figure 1-8 Uplink detection network diagram (an Ethernet interface used as the uplink interface)
Figure 1-9 Uplink detection network diagram (a radio interface used as the uplink interface)
Follow these steps to specify the uplink interface of the fat AP:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Specify the uplink interface (Ethernet interface) |
wlan uplink-interface interface-type interface-number |
Optional By default, no interface is configured as an uplink interface. |
|
Specify the uplink interface (radio interface) |
wlan uplink-interface mesh-link interface-type interface-number |
Optional By default, no interface is configured as an uplink interface. |
For more information about the wlan uplink-interface mesh-link command, see WDS in the WLAN Command Reference.
Displaying and Maintaining WLAN Service
|
To do… |
Use the command… |
Remarks |
|
Display WLAN client information |
display wlan client { interface wlan-radio [ radio-number ] | mac-address mac-address | service-template service-template-number } [ verbose ] |
Available in any view |
|
Display WLAN service template information |
display wlan service-template [ service-template-number ] |
Available in any view |
|
Display WLAN client statistics |
display wlan statistics client { all | mac-address mac-address } |
Available in any view |
|
Cut off client(s) |
reset wlan client { all | mac-address mac-address } |
Available in user view |
|
Clear WLAN client statistics |
reset wlan statistics client { all | mac-address mac-address } |
Available in user view |
Configuring WLAN Client Isolation
Introduction
In hot spots such as airport and coffee shops, some users need to access the Internet through WLAN. In this case, if user authentication cannot be performed, unauthorized users are able to use network resources, which may occupy wireless channels to increase bandwidth cost, decrease the service quality for authorized users, and bring losses to wireless service providers. Used together with IEEE 802.11i, RADIUS authentication and accounting, wireless user isolation can provide security protection for users.
User isolation enables a fat AP to isolate Layer-2 packets (unicast/broadcast) exchanged between wireless clients associated with it, thus disabling them from direct communication.
Figure 1-10 User isolation network diagram
As shown in Figure 1-10, after the fat AP is enabled with user isolation, clients 1 through 4 cannot access each other directly, or learn one another’s MAC and IP addresses.
Enabling WLAN Client Isolation
Follow these steps to enable WLAN client isolation:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable WLAN client isolation |
wlan-client-isolation enable |
Optional Enabled by default. |
WLAN Service Configuration Examples
WLAN Service Configuration Example
Network requirements
As shown in Figure 1-11, it is required to enable the client to access the internal network resources at any time. More specifically:
l The AP provides plain-text wireless access service with SSID service.
l The AP adopts 802.11g.
Figure 1-11 Network diagram for WLAN service configuration
Configuration procedure
1) Configuration on the fat AP
# Create a WLAN BSS interface.
<AP> system-view
[AP] interface WLAN-BSS 1
[AP-WLAN-BSS1] quit
# Configure a clear-type service template, and configure its SSID as service, specify the open-system authentication mode, and enable the WLAN service template.
[AP] wlan service-template 1 clear
[AP-wlan-st-1] ssid service
[AP-wlan-st-1] authentication-method open-system
[AP-wlan-st-1] service-template enable
[AP-wlan-st-1]quit
# Bind WLAN-Radio 1/0/1 to service template 1 and WLAN-BSS 1.
[AP] interface WLAN-Radio 1/0/1
[AP-WLAN-Radio1/0/1] radio-type dot11ag
[AP-WLAN-Radio1/0/1] channel 149
[AP-WLAN-Radio1/0/1] service-template 1 interface WLAN-BSS 1
2) Configuration verification
l The clients can associate with the AP and access the WLAN.
l You can use the display wlan client and display connection commands to view the online clients.
802.11n Configuration Example
Support for 802.11n depends on your device model.
Network requirements
As shown in Figure 1-12, it is required to deploy an 802.11n network to provide high-bandwidth access for multi-media applications. More specifically:
l The AP provides a plain-text wireless service with SSID service.
l 802.11gn is adopted to inter-work with existing 802.11g network.
Figure 1-12 802.11n configuration
Configuration procedure
1) Configuration on the fat AP
# Create a WLAN-ESS interface.
<AP> system-view
[AP] interface WLAN-BSS 1
[AP-WLAN-BSS1] quit
# Configure a clear-type service template, and configure its SSID as service, specify the open-system authentication mode, and enable the WLAN service template.
[AP] wlan service-template 1 clear
[AP-wlan-st-1] ssid service
[AP-wlan-st-1] authentication-method open-system
[AP-wlan-st-1] service-template enable
[AP-wlan-st-1] quit
# Configure the bandwidth as 40 MHz, and bind WLAN-Radio 1/0/1 to service template 1 and WLAN-BSS 1.
[AP] interface WLAN-Radio 1/0/1
[AP-WLAN-Radio1/0/1] radio-type dot11gn
[AP-WLAN-Radio1/0/1] channel 6
[AP-WLAN-Radio1/0/1] channel band-width 40
[AP-WLAN-Radio1/0/1] service-template 1 interface WLAN-BSS 1
2) Configuration verification
l The clients can associate with the APs and access the WLAN.
l You can use the display wlan client and display connection commands to view the online clients. The 802.11n client information is displayed in the output information of the display wlan client command.
