Policy-Based Local Forwarding

Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contents

Introduction· 1

Prerequisites· 1

Example: Configuring policy-based local forwarding· 1

Network configuration·· 1

Procedures· 1

Verifying the configuration·· 3

Configuration files· 3

Related documentation· 4

 

Introduction

This document provides a configuration example for configuring policy-based local forwarding.

Prerequisites

This document applies to Comware 7-based access controllers and access points. Procedures and information in the examples might be slightly different depending on the software or hardware version of the access controllers and access points.

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of WLAN access and OpenFlow.

Example: Configuring policy-based local forwarding

Network configuration

As shown in Figure 1, the AC acts as the DHCP server to assign IP addresses to the AP and client. Configure ACL to perform local forwarding for clients matching the specified ACL rule.

Figure 1 Network diagram

 

Procedures

1.     Configure VLANs:

# Create VLAN 100 and VLAN-interface 100, and assign an IP address to the VLAN interface. APs will use this IP address to establish CAPWAP tunnels with the AC.

<AC> system-view

[AC] vlan 100

[AC-vlan100] quit

[AC] interface vlan-interface 100

[AC-Vlan-interface100] ip address 192.168.0.100 16

[AC-Vlan-interface100] quit

# Create VLAN 200.

[AC] vlan 200

[AC-vlan200] quit

2.     Configure DHCP:

# Enable DHCP.

[AC] dhcp enable

# Create DHCP address pool vlan100, specify the subnet for dynamic allocation as 192.168.0.0/24, and specify the gateway address as 192.168.0.100.

[AC] dhcp server ip-pool vlan100

[AC-dhcp-pool-vlan100] network 192.168.0.0 mask 255.255.255.0

[AC-dhcp-pool-vlan100] gateway-list 192.168.0.100

[AC-dhcp-pool-vlan100] quit

# Create DHCP address pool vlan200, specify the subnet for dynamic allocation as 192.168.1.0/24, and specify the gateway address as 192.168.1.100.

[AC] dhcp server ip-pool vlan200

[AC-dhcp-pool-vlan200] network 192.168.1.0 mask 255.255.255.0

[AC-dhcp-pool-vlan200] gateway-list 192.168.1.100

[AC-dhcp-pool-vlan200] quit

3.     Configure policy-based forwarding:

# Create IPv4 basic ACL 2000, and configure an ACL rule to permit matching packets.

[AC] acl basic 2000

[AC-acl-ipv4-basic-2000] rule permit

[AC-acl-ipv4-basic-2000] quit

# Create forwarding policy policy1, and configure the forwarding policy to locally forward packets that match ACL 2000.

[AC] wlan forwarding-policy policy1

[AC-wlan-fp-policy1] classifier acl 2000 behavior local

[AC-wlan-fp-policy1] quit

# Create service template service1, and set the SSID to service1.

[AC] wlan service-template service1

[AC-wlan-st-service1] ssid service1

# Assign clients to join VLAN 200 after coming online through the service template.

[AC-wlan-st-service1] vlan 200

# Apply forwarding policy policy1 to the service template.

[AC-wlan-st-service1] client forwarding-policy-name policy1

# Enable policy-based forwarding.

[AC-wlan-st-service1] client forwarding-policy enable

# Enable the service template.

[AC-wlan-st-service1] service-template enable

[AC-wlan-st-service1] quit

4.     Configure a manual AP:

# Create AP ap1 and specify its serial ID.

[AC] wlan ap ap1 model WA560-WW

[AC-wlan-ap-ap1] serial-id 219801A1NM8182032235

# Bind service template service1 to radio 1 and enable radio 1.

[AC-wlan-ap-ap1] radio 1

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] service-template service1

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

Verifying the configuration

# Display connected controllers' flow entries and verify that the output interface is in Normal status, which indicates that the forwarding policy is issued to APs through OpenFlow.

 [AC] display openflow-controller flow-table

Datapath ID: 0x1005741f4acb9520

Table 0 information:

 total flow entry count: 0

 

Datapath ID: 0x1004741f4acb9520

Table 10 information:

 total flow entry count: 0

 

Table 11 information:

 total flow entry count: 0

 

Table 20 information:

 total flow entry count: 0

 

Table 21 information:

 total flow entry count: 0

 

Table 30 information:

 total flow entry count: 0

 

Table 40 information:

 total flow entry count: 1

 

Flow entry information:

 cookie: 0x114047d000000001, priority: 65535, hard time: 0, idle time: 0,

 flags: flow_send_rem

Match information:

 Ethernet source MAC address: 64b0-a6c6-c25a

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

 Experimenter:

  In-BSSID: 741f-4acb-9520

Instruction information:

 Write actions:

  Output interface: Normal

Configuration files

#

 dhcp enable

#

vlan 100

#

vlan 200

#

dhcp server ip-pool vlan100

 gateway-list 192.168.0.100

 network 192.168.0.0 mask 255.255.255.0

#

dhcp server ip-pool vlan200

 gateway-list 192.168.1.100

 network 192.168.1.0 mask 255.255.255.0

#

wlan forwarding-policy policy1

 classifier acl 2000 behavior local

#

wlan service-template service1

 ssid service1

 vlan 200

 client forwarding-policy-name policy1

 client forwarding-policy enable

 service-template enable

#

interface Vlan-interface100

 ip address 192.168.0.100 255.255.255.0

#

acl basic 2000

 rule 0 permit

#

wlan ap ap1 model WA560-WW

 serial-id 219801A1NM8182032235

radio 1

  radio enable

  service-template service1

#

Related documentation

·     WLAN Command Reference in H3C Access Controllers Command References

·     WLAN Configuration Guide in H3C Access Controllers Configuration Guides