07-Local forwarding

HomeSupportResource CenterH3C Access Controllers Configuration Examples(V7)-6W10207-Local forwarding
06-Policy-Based Local Forwarding Configuration Examples


H3C Access Controllers

Comware 7 Policy-Based Local Forwarding

Configuration Examples













































Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.


The following information provides a configuration example for configuring policy-based local forwarding.


This document applies to Comware 7-based access controllers and access points. Procedures and information in the examples might be slightly different depending on the software or hardware version of the access controllers and access points.

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of WLAN access and OpenFlow.

Example: Configuring policy-based local forwarding

Network configuration

As shown in Figure 1, the AC acts as a DHCP server to assign IP addresses to the AP and client. Configure ACL to perform local forwarding for clients matching the specified ACL rule.

Figure 1 Network diagram



1.     Configure VLANs:

# Create VLAN 100 and VLAN-interface 100, and assign an IP address to the VLAN interface. APs will use this IP address to establish CAPWAP tunnels with the AC.

<AC> system-view

[AC] vlan 100

[AC-vlan100] quit

[AC] interface vlan-interface 100

[AC-Vlan-interface100] ip address 16

[AC-Vlan-interface100] quit

# Create VLAN 200.

[AC] vlan 200

[AC-vlan200] quit

2.     Configure DHCP:

# Enable DHCP.

[AC] dhcp enable

# Create DHCP address pool vlan100, specify the subnet for dynamic allocation as, and specify the gateway address as

[AC] dhcp server ip-pool vlan100

[AC-dhcp-pool-vlan100] network mask

[AC-dhcp-pool-vlan100] gateway-list

[AC-dhcp-pool-vlan100] quit

# Create DHCP address pool vlan200, specify the subnet for dynamic allocation as, and specify the gateway address as

[AC] dhcp server ip-pool vlan200

[AC-dhcp-pool-vlan200] network mask

[AC-dhcp-pool-vlan200] gateway-list

[AC-dhcp-pool-vlan200] quit

3.     Configure policy-based forwarding:

# Create IPv4 basic ACL 2000, and configure an ACL rule to permit matching packets.

[AC] acl basic 2000

[AC-acl-ipv4-basic-2000] rule permit

[AC-acl-ipv4-basic-2000] quit

# Create forwarding policy policy1, and configure the forwarding policy to locally forward packets that match ACL 2000.

[AC] wlan forwarding-policy policy1

[AC-wlan-fp-policy1] classifier acl 2000 behavior local

[AC-wlan-fp-policy1] quit

# Create service template service1, and set the SSID to service1.

[AC] wlan service-template service1

[AC-wlan-st-service1] ssid service1

# Assign clients to join VLAN 200 after coming online through the service template.

[AC-wlan-st-service1] vlan 200

# Apply forwarding policy policy1 to the service template.

[AC-wlan-st-service1] client forwarding-policy-name policy1

# Enable policy-based forwarding.

[AC-wlan-st-service1] client forwarding-policy enable

# Enable the service template.

[AC-wlan-st-service1] service-template enable

[AC-wlan-st-service1] quit

4.     Configure a manual AP:

# Create AP ap1 and specify its serial ID.

[AC] wlan ap ap1 model WA4330-ACN

[AC-wlan-ap-ap1] serial-id 210235A1K6C157001609

# Bind service template service1 to radio 1 and enable radio 1.

[AC-wlan-ap-ap1] radio 1

[AC-wlan-ap-ap1-radio-1] radio enable

[AC-wlan-ap-ap1-radio-1] service-template service1

[AC-wlan-ap-ap1-radio-1] quit

[AC-wlan-ap-ap1] quit

Verifying the configuration

# Display connected controllers' flow entries and verify that the output interface is in Normal status, which indicates that the forwarding policy is issued to APs through OpenFlow.

 [AC] display openflow-controller flow-table

Datapath ID: 0x1005741f4acb9520

Table 0 information:

 total flow entry count: 0


Datapath ID: 0x1004741f4acb9520

Table 10 information:

 total flow entry count: 0


Table 11 information:

 total flow entry count: 0


Table 20 information:

 total flow entry count: 0


Table 21 information:

 total flow entry count: 0


Table 30 information:

 total flow entry count: 0


Table 40 information:

 total flow entry count: 1


Flow entry information:

 cookie: 0x114047d000000001, priority: 65535, hard time: 0, idle time: 0,

 flags: flow_send_rem

Match information:

 Ethernet source MAC address: 64b0-a6c6-c25a

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800


  In-BSSID: 741f-4acb-9520

Instruction information:

 Write actions:

  Output interface: Normal

Configuration files


 dhcp enable


vlan 100


vlan 200


dhcp server ip-pool vlan100


 network mask


dhcp server ip-pool vlan200


 network mask


wlan forwarding-policy policy1

 classifier acl 2000 behavior local


wlan service-template service1

 ssid service1

 vlan 200

 client forwarding-policy-name policy1

 client forwarding-policy enable

 service-template enable


interface Vlan-interface100

 ip address


acl basic 2000

 rule 0 permit


wlan ap ap1 model WA4330-ACN

 serial-id 210235A1K6C157001609

radio 1

  radio enable

  service-template service1


Related documentation

·     WLAN Access Command Reference in H3C Access Controllers Command References

·     WLAN Access Configuration Guide in H3C Access Controllers Configuration Guides