Managing a large number of APs is both time consuming and costly. The fit AP+AC network architecture enables an AC to implement centralized AP management and maintenance.

Control And Provisioning of Wireless Access Points (CAPWAP) defines how an AP communicates with an AC. It provides a generic encapsulation and transport mechanism between AP and AC. CAPWAP uses UDP and supports both IPv4 and IPv6.

As shown in Figure 1, an AC and an AP establish a data tunnel to forward data packets and a control tunnel to forward control packets.

Figure 1 CAPWAP tunnel

‌

AC discovery

After starting up with zero configurations, an AP automatically creates VLAN-interface 1 and enables the DHCP client, DHCPv6 client, and DNS features on the interface. Then it obtains its own IP address from the DHCP server and discovers ACs by using the following methods:

· Static IP address.

If AC IP addresses have been manually configured for the AP, the AP sends a unicast discovery request to each AC IP address to discover ACs.

· DHCP options.

The AP obtains AC IPv4 addresses from Option 138, Option 43, and IPv6 addresses from Option 52 sent from the DHCP server. It uses these addresses in descending order.

For more information about DHCP options, see Network Connectivity Configuration Guide.

· DNS.

a. The AP obtains the domain name suffix from the DHCP server.

b. The AP adds the suffix to the host name.

c. The DNS server translates the domain name into IP addresses.

For more information about DNS, see Layer 3—IP Services Configuration Guide.

· Broadcast.

The AP broadcasts discovery requests to IP address 255.255.255.255 to discover ACs.

· IPv4 multicast:

The AP sends multicast discovery requests to IPv4 address 224.0.1.140 to discover ACs.

· IPv6 multicast.

The AP sends multicast discovery requests to IPv6 address FF0E::18C to discover ACs.

The methods of static IP address, DHCPv4 options, broadcast/IPv4 multicast, IPv4 DNS, IPv6 multicast, DHCPv6 option, and IPv6 DNS are used in descending order.

The AP does not stop AC discovery until it establishes a CAPWAP tunnel with one of the discovered ACs.

CAPWAP tunnel establishment

Figure 2 Establishing a CAPWAP tunnel

‌

As shown in Figure 2, the AP and an AC establish a CAPWAP tunnel by using the following procedure:

1. The AP sends a discovery request to each AC to discover ACs.

2. Upon receiving a discovery request, an AC determines whether to send a discovery response by performing the following steps:

a. Identifies whether the discovery request is a unicast packet.

- Unicast packet—The AC proceeds to step b.

- Broadcast or multicast packet—The AC proceeds to step b if it is disabled with the feature of responding only to unicast discovery requests. If this feature is enabled, the AC does not send a discovery response.

b. Identifies whether it has manual AP configuration for the AP model specified in the discovery request.

- If manual AP configuration exists, the AC sends a discovery response to the AP. The discovery response contains information about whether the AC has the manual configuration for the AP, the AP connection priority, and the AC's load status.

- If no manual AP configuration exists, the AC proceeds to step c.

c. Identifies whether auto AP is enabled.

- If auto AP is enabled, the AC sends a discovery response to the AP. The discovery response contains the enabling status of auto AP, AP connection priority, and AC's load information.

- If auto AP is disabled, the AP does not send a discovery response.

3. Upon receiving the discovery responses, the AP selects the optimal AC in descending order.

¡ AC that saves information about the AP.

¡ AC where the auto AP feature is enabled.

¡ AC with higher AP connection priority.

¡ AC with the lighter load.

¡ AC that is the earliest to respond.

4. The AP sends a join request to the optimal AC.

5. After receiving the join request, the AC examines the information in the request to determine whether to provide access services to the AP and sends a join response.

6. The AP examines the result code in the response upon receiving the join response:

¡ If the result code represents failure, the AP does not establish a CAPWAP tunnel with the AC.

¡ If the result code represents success, the AP establishes a CAPWAP tunnel with the AC.

APDB

The Access Point Information Database (APDB) on an AC stores the following AP information:

· AP models.

· Hardware version and software version mappings.

· Information about radios supported by AP models:

¡ Number of radios.

¡ Radio type.

¡ Valid region code.

¡ Valid antenna type.

¡ Maximum transmission power.

The AC can establish a CAPWAP tunnel with an AP only when the APDB contains the corresponding AP model information.

You can use the system script and user scripts to manage data in the APDB. The system script is released with the AC software version, and it is automatically loaded each time the AC starts. If you need to add new AP models, upgrade the AC software version (see Fundamentals Configuration Guide) or create a user script and load it on the AC (see "Loading an APDB user script").

Protocols and standards

· RFC 5415, Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification

· RFC 5416, Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11

· RFC 5417, Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option

Restrictions and guidelines: AP management configuration

You can configure APs by using the following methods:

· Configure APs one by one in AP view.

· Assign APs to an AP group and configure the AP group in AP group view.

· Configure all APs in global configuration view.

For an AP, the settings made in these views for the same parameter take effect in descending order of AP view, AP group view, and global configuration view.

AP management tasks at a glance

To configure AP management, perform the following tasks:

1. Configuring CAPWAP tunnel establishment

Choose one of the tasks of creating a manual AP and managing auto APs.

¡ Creating a manual AP

¡ Managing auto APs

¡ (Optional.) Setting the discovery-response timeout timer

¡ (Optional.) Setting the AP connection priority for the AC

¡ (Optional.) Enabling the AC to respond only to unicast discovery requests

¡ (Optional.) Configuring AC rediscovery

¡ (Optional.) Enabling an AP to prefer discovering ACs by IPv6 address

2. (Optional.) Configuring an AP group

3. (Optional.) Upgrading APs' software

4. (Optional.) Configuring DHCP snooping

5. (Optional.) Configuring a CAPWAP tunnel

¡ Configuring CAPWAP tunnel encryption

¡ Configuring CAPWAP tunnel latency detection

¡ Setting the control tunnel keepalive timer for an AP

¡ Setting the data tunnel keepalive interval for an AP

¡ Setting the maximum fragment size for CAPWAP packets

6. (Optional.) Configuring region code settings

¡ Specifying a region code

¡ Including or excluding region codes in beacon frames and probe responses

7. (Optional.) Configuring AC request retransmission

8. (Optional.) Preprovisioning APs

9. (Optional.) Configuring SNMP notifications

10. (Optional.) Maintaining APs

¡ Resetting APs

¡ Renaming a manual AP

¡ Managing the file system of an AP

¡ Setting the statistics report interval

¡ Configuring auto loading of preprovisioned settings

¡ Setting a LED lighting mode

¡ Deploying a configuration file to an AP

¡ Configuring APs to report gateway information to the AC

11. (Optional.) Configuring remote AP

¡ Configuring automatic AC association for fat APs and cloud-managed APs

¡ Configuring a fat AP or cloud-managed AP to operate in fit mode

¡ Switching the operating mode for a fit AP

12. (Optional.) Configuring AP power management

¡ Configuring the default input power level

¡ Enabling or disabling USB interfaces for APs

¡ Enabling or disabling PoE for PIs

13. (Optional.) Maintaining ACs

¡ Configuring a description for the AC

¡ Enabling time zone synchronization

¡ Loading an APDB user script

¡ Enabling service anomaly detection

¡ Disabling the WLAN function

14. (Optional.) Configuring an AP monitor group

Configuring CAPWAP tunnel establishment

Prerequisites for configuring CAPWAP tunnel establishment

Before you manage APs, complete the following tasks:

· Create a DHCP address pool on the DHCP server to assign IP addresses to APs.

· If DHCP options are used for AC discovery, configure Option 138, Option 43, or Option 52 in the specified DHCP address pool on the DHCP server.

· If DNS is used for AC discovery, configure the IP address of the DNS server and the AC domain name suffix in the specified DHCP address pool on the DHCP server. Then configure the mapping between the domain name and the AC IP address on the DNS server.

· Make sure the APs and the AC can reach each other.

For more information about DHCP and DNS, see Network Connectivity Configuration Guide.

Creating a manual AP

About this task

You can create a manual AP on the AC based on the AP model, serial ID, and MAC address of the AP you are using. An AP prefers to establish a CAPWAP tunnel with an AC that saves the manual AP configuration.

Restrictions and guidelines

After you create a fat AP or cloud-managed AP, you can configure only software upgrade and operating mode switching commands in AP view or AP group view for that AP.

Procedure

1. Enter system view.

system-view

2. Create a manual AP and enter its view.

¡ Create a physical AP.

wlan ap ap-name [ model model-name ]

¡ Create a virtual AP.

wlan virtual-ap ap-name [ model model-name ]

You must specify the model name when you create an AP.

3. Specify the serial ID or the MAC address for the AP.

¡ Specify the serial ID for the AP.

serial-id serial-id

¡ Specify the MAC address for the AP.

mac-address mac-address

By default, neither the serial ID nor the MAC address is specified for an AP.

4. (Optional.) Configure a description for the AP.

description text

By default, an AP does not have a description.

Managing auto APs

About this task

The auto AP feature enables APs to connect to an AC without manual AP configuration. This feature simplifies configuration when you deploy a large number of APs in a WLAN.

For security purposes, you can use the following methods to authenticate auto APs:

· Local authentication.

The AC authenticates an auto AP by serial ID or MAC address. When an auto AP initiates a connection request, the AC uses an ACL specified by the wlan ap-authentication acl command to match the auto AP. Assume that the AC authenticates the auto AP by serial ID.

¡ If the serial ID matches a permit rule, the auto AP passes the authentication and associates with the AC.

¡ If the serial ID matches a deny rule, the auto AP fails the authentication and cannot associate with the AC.

¡ If the serial ID does not match a rule, the auto AP is determined as an unauthenticated auto AP. An unauthenticated auto AP can associate with the AC but cannot provide wireless services.

· Remote authentication.

Remote authentication is used for authenticating unauthenticated auto APs. The AC uses the serial ID or MAC address of an unauthenticated auto AP as the username and password and sends them to the authentication server for authentication. If the authentication succeeds, the AC accepts the AP. If it does not succeed, the AC rejects the AP.

· Manual authentication.

Manual authentication is used for authenticating unauthenticated auto APs.

The AC determines whether to accept an unauthenticated auto AP depending on the manual authentication configuration.

Restrictions and guidelines

To prevent illegal APs from associating with the AC, disable the auto AP feature after all required APs are associated with the AC.

You must convert auto APs to manual APs after they come online because of the following reasons:

· Auto APs can re-associate with the AC upon an AC reboot or CAPWAP tunnel termination only when they are converted to manual APs.

· You can individually configure auto APs only when they are converted to manual APs.

Tasks at a glance

To configure auto APs, perform the following tasks:

1. Enabling the auto AP feature

2. (Optional.) Converting auto APs to manual APs

3. (Optional.) Configuring auto AP authentication

Choose one of the following tasks:

¡ Configuring auto AP local authentication

¡ Configuring auto AP remote authentication

¡ Manually authenticating unauthenticated auto APs

4. (Optional.) Disabling unauthenticated auto APs from associating with the AC

5. (Optional.) Restarting unauthenticated auto APs

Prerequisites

Before you configure remote authentication for auto APs, specify an authentication domain and AAA scheme on the AC and create user accounts on the RADIUS server. For information about authentication domain and AAA scheme configuration, see AAA in User Access and Authentication Configuration Guide.

Enabling the auto AP feature

1. Enter system view.

system-view

2. Enable the auto AP feature.

wlan auto-ap enable

By default, the auto AP feature is disabled.

Converting auto APs to manual APs

1. Enter system view.

system-view

2. Convert auto APs to manual APs. Choose the options to configure as needed:

¡ Convert online auto APs to manual APs.

wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ] }

¡ Enable the auto AP conversion feature.

wlan auto-persistent enable

By default, the auto AP conversion feature is disabled.

The wlan auto-persistent enable command does not take effect on auto APs that are already online.

Configuring auto AP local authentication

1. Enter system view.

system-view

2. Specify an authentication method.

wlan ap-authentication method { mac-address | serial-id }

By default, the AC authenticates auto APs by MAC address.

3. Create a WLAN AP ACL.

acl wlan ap { acl-number | name acl-name }

For more information about this command, see ACL in Security Command Reference.

4. Return to system view.

quit

5. Specify an ACL for authenticating auto APs.

wlan ap-authentication acl acl-number

By default, no ACL is specified for authenticating auto APs.

6. Create ACL rules for the WLAN AP ACL. Choose the options to configure as needed:

¡ Execute the following commands in sequence to manually create a rule:

acl wlan ap { acl-number | name acl-name }

rule [ rule-id ] { deny | permit } [ mac mac-address mac-mask ] [ serial-id serial-id ]

quit

¡ Import an auto AP authentication file to generate ACL rules.

wlan ap-authentication import file-name

Use either method or both methods according to actual network requirements.

7. Enable auto AP authentication.

wlan ap-authentication enable

By default, auto AP authentication is disabled.

Configuring auto AP remote authentication

1. Enter system view.

system-view

2. Specify an authentication domain for unauthenticated auto APs.

wlan ap-authentication domain domain-name

By default, no authentication domain is specified for unauthenticated auto APs.

Manually authenticating unauthenticated auto APs

1. Enter system view.

system-view

2. Manually authenticate unauthenticated auto APs.

wlan ap-authentication { accept | reject } ap-unauthenticated { all | name ap-name }

By default, manual authentication is not configured for unauthenticated auto APs.

Disabling unauthenticated auto APs from associating with the AC

1. Enter system view.

system-view

2. Disable unauthenticated auto APs from associating with the AC.

undo wlan ap-authentication permit-unauthenticated

By default, unauthenticated auto APs can associate with the AC but cannot provide wireless services.

This feature reduces waste of system resources.

Restarting unauthenticated auto APs

To restart unauthenticated auto APs, execute the following command in user view:

reset wlan ap unauthenticated

The auto APs will be reauthenticated after being restarted.

Setting the discovery-response timeout timer

About this task

The discovery-response timeout timer specifies the timeout time for an AP to wait for another discovery response. Whenever an AP receives a discovery response packet, the discovery-response timeout timer is created or refreshed. When the timeout timer expires, the AP sends a join request to the optimal AC.

Restrictions and guidelines

If the network condition is poor, set a larger discovery-response timeout timer.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the discovery-response timeout timer.

discovery-response wait-time seconds

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the discovery-response timeout timer is 2 seconds.

Setting the AP connection priority for the AC

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the AP connection priority for the AC.

priority priority

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the AP connection priority is 4.

Enabling the AC to respond only to unicast discovery requests

About this task

An AP can send unicast, multicast, and broadcast discovery requests to discover ACs. This feature enables an AC to respond only to unicast discovery requests.

Procedure

1. Enter system view.

system-view

2. Enable the AC to respond only to unicast discovery requests.

wlan capwap discovery-policy unicast

By default, the AC can respond to unicast, multicast, and broadcast discovery requests.

Configuring AC rediscovery

About this task

An AC enabled with AC rediscovery will add the CAPWAP Control IP Address message element to the discovery responses sent to APs. Upon receiving such a discovery response, an AP establishes a CAPWAP tunnel by using the following procedure:

1. Examines whether a discovery request has been sent to each IP address specified in the CAPWAP Control IP Address message element.

2. Performs either of the following operations:

¡ Sends a join request to the specified IP address representing the optimal AC for CAPWAP establishment if discovery requests have been sent.

¡ Sends a discovery request to each specified IP address to initiate a new AC discovery process if no discovery requests have been sent.

An AC disabled with AC rediscovery does not add the CAPWAP Control IP Address message element in discovery responses sent to APs. APs that receive the discovery responses will send join requests to the source IP address of the discovery responses to establish CAPWAP tunnels with the AC.

AC rediscovery applies to CMCC wireless networks where the CAPWAP Control IP Address message element is required in discovery responses from the AC.

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, or global configuration view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

3. Configure AC rediscovery.

control-address { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In global configuration view, AC rediscovery is disabled.

4. Specify the IP address to be added in the CAPWAP Control IP Address message element.

control-address { ip ipv4-address | ipv6 ipv6-address }

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In global configuration view, the IP address in the element is the AC's IP address.

You can specify a maximum of three IPv4 or IPv6 addresses to be added in the CAPWAP Control IP Address message element.

Enabling an AP to prefer discovering ACs by IPv6 address

About this task

This feature enables an AP to discover ACs by using static IP addresses, IPv6 multicast, DHCPv6 option, IPv6 DNS, DHCPv4 options, broadcast/IPv4 multicast, and IPv4 DNS successively. If the AP connects to an AC successfully by using a discovered IP address, it stops AC discovery.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Enter AP or AP group provision view.

provision

4. Enable the AP to prefer discovering ACs by IPv6 address.

ac discovery policy ipv6

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, an AP prefers to discover ACs by IPv4 address.

Configuring an AP group

About this task

This feature enables you to configure multiple APs in a batch to reduce configuration workload.

APs in an AP group use the configuration of the group. By default, all physical APs belong to system-defined AP group default-group, and all virtual APs belong to the system-defined virtual AP group default-vitualapgroup. The system-defined AP group cannot be deleted.

You can configure AP grouping rules by AP name, serial ID, MAC address, and IP address to add APs to the specified AP group. Priorities of these grouping rules are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

Restrictions and guidelines

An AP can be added to only one AP group.

You cannot delete an AP group that contains an AP. An AP group that has grouping rules but does not contain any APs can be deleted.

When you configure an AP grouping rule, follow these restrictions and guidelines:

· You cannot create the same grouping rule for different AP groups. If you do so, the most recent configuration takes effect.

· You cannot create grouping rules for the default AP group.

· AP grouping rules by IPv4 or IPv6 addresses for an AP group or for different AP groups cannot overlap with each other.

· An AP group supports a maximum of 32 AP grouping rules by IPv4 or IPv6 addresses.

Procedure

1. Enter system view.

system-view

2. Create an AP group and enter its view.

¡ Create a physical AP group.

wlan ap-group group-name

By default, system-defined physical AP group default-group exists.

¡ Create a virtual AP group.

wlan virtual-ap-group group-name

By default, system-defined virtual AP group default-vitualapgroup exists.

3. (Optional.) Configure a description for the AP group.

description text

By default, an AP group does not have a description.

4. Create an AP grouping rule. Choose the options to configure as needed:

¡ Create an AP grouping rule by AP names.

ap ap-name-list

¡ Create an AP grouping rule by serial IDs.

serial-id serial-id

¡ Create an AP grouping rule by MAC addresses.

mac-address mac-address

¡ Create an AP grouping rule by IPv4 addresses.

if-match ip ip-address { mask-length | mask }

¡ Create an AP grouping rule by IPv6 addresses.

if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length }

5. Return to system view.

quit

6. (Optional.) Create an AP regrouping rule.

wlan re-group { ap ap-name | ap-group old-group-name | mac-address mac-address | serial-id serial-id } group-name

Upgrading APs' software

About software upgrade

With software upgrade enabled, the AC examines the AP software version while establishing a CAPWAP tunnel with an AP. If this feature is disabled, the AC does not examine the software version of the AP and directly establishes a CAPWAP tunnel with the AP.

Software upgrade for an AP proceeds as follows:

1. The AP reports the software version and AP model information to the AC.

2. The AC examines the received AP software version.

¡ If a match is found, the AC establishes a CAPWAP tunnel with the AP.

¡ If no match is found, the AC sends a message that notifies the AP of the AP software version inconsistency.

3. Upon receiving the inconsistency message, the AP requests a software version from the AC.

4. The AC assigns the software version to the AP after receiving the request.

5. The AP upgrades the software version, restarts, and establishes a CAPWAP tunnel with the AC.

Configuring software upgrade

1. Enter system view.

system-view

2. Enter AP view/AP group view/virtual AP view/virtual AP group view/global configuration view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

3. Configure software upgrade.

firmware-upgrade { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no software upgrade configuration exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view. If no software upgrade configuration exists in virtual AP group view, the virtual AP uses the configuration in global configuration view.

¡ In virtual AP group view, a virtual AP uses the configuration in global configuration view.

¡ In global configuration view, the software upgrade feature is enabled.

Configuring the mapping between a software version and a hardware version of an AP model

About this task

Perform this task to configure the mapping between a software version and a hardware version of an AP model for software upgrade.

For fit APs, perform this task only when the AP software version for an AP model stored in the APDB is inconsistent with the software version you expect for the AP model. To display the AP software version for each AP model in the APDB, use the display wlan ap-model command.

For cloud-managed APs and fat APs, perform this task only when you are to perform software upgrade for the APs. You must save the AP software version to upgrade to the apimage directory of the AC, and make sure the software version is the same as the software version to specify in this task.

Restrictions and guidelines

To avoid CAPWAP tunnel establishment failure, use this feature under the guidance of H3C Support.

Procedure

1. Enter system view.

system-view

2. Configure the mapping between a software version and a hardware version of an AP model.

wlan apdb [ fatap | oasisap ] model-name hardware-version software-version

By default:

¡ For fat APs, no software version and hardware version mapping is specified.

¡ For cloud-managed APs, no software version and hardware version mapping is specified.

¡ For fit APs, the software version for a hardware version of an AP model is the software version that is stored in APDB user scripts.

If you do not specify the fatap and oasisap keywords, this command specifies the software version and hardware version mapping for fit APs.

Deploying an image file to online APs

About this task

This feature enables you to upgrade the image of all the online APs. For the upgrade to take effect, reboot the APs after upgrade.

Procedure

1. Enter system view.

system-view

2. Deploy an image file to all the online APs.

wlan ap-image-deploy { all | ap-group group-name | name ap-name }

Configuring remote configuration synchronization

NOTE:

Support for this feature depends on the AP model.

‌

About remote configuration synchronization

To update APs' configuration file or configure features that require a configuration file, you can use the map-configuration command to deploy a configuration file to APs. However, you must write related commands to the configuration file before deployment. This is time-consuming and is not applicable to a network with a large number of APs to deploy.

This feature enables the AC to directly synchronize AP settings such as VLAN, link aggregation, and port isolation changes to online APs.

Tasks at a glance

To configure remote configuration synchronization, perform the following tasks:

1. Shutting down or bringing up Ethernet interfaces on a fit AP

2. Creating a Layer 2 aggregate interface

3. Assigning an interface to a Layer 2 aggregation group

4. Configuring port isolation

5. Configuring basic VLAN settings

6. Assigning a port to a VLAN

¡ Assigning an access port to a VLAN

¡ Assigning a trunk port to VLANs

¡ Assigning a hybrid port to VLANs

¡ Setting the trusted packet priority type

¡ Setting the port priority

7. Synchronizing settings to online APs

Shutting down or bringing up Ethernet interfaces on a fit AP

About this task

To avoid unauthorized access to a fit AP from an unused interface on the AP, you can perform this task to shut down unused Ethernet interfaces on the AP.

Restrictions and guidelines

This command does not take effect on the uplink interface of a fit AP that connects the AP to the AC.

Do not shut down an interface when it is being removed from an aggregation group.

The interface-management shutdown command does not take effect on member interfaces of an aggregation group.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

4. Bring up or shut down the interface on the fit AP.

interface-management { bringup | shutdown }

By default, in an AP's Ethernet interface view, the AP uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, the interface is up.

Creating a Layer 2 aggregate interface

Restrictions and guidelines

When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 aggregation group with the same number. The aggregation group operates in static aggregation mode by default.

Aggregation mode change might cause Selected member ports to become Unselected. When you change the aggregation mode, make sure you understand the impact of the change on services.

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Create a Layer 2 aggregate interface and enter its view.

bridge-aggregation interface-number

4. Set the aggregation mode of an aggregation group and set the LACP state.

link-aggregation mode { dynamic | static }

By default:

¡ In an AP's Layer 2 aggregate interface view, the AP uses the configuration in an AP group's Layer 2 aggregate interface view.

¡ In an AP group's Layer 2 aggregate interface view, an aggregation group operates in static aggregation mode.

Assigning an interface to a Layer 2 aggregation group

Restrictions and guidelines

A Layer 2 Ethernet interface can be assigned only to a Layer 2 aggregation group and an Ethernet interface can belong to only one aggregation group.

After joining an aggregation group, an interface inherits the settings configured for the group.

Before you perform this task, make sure the specified aggregation group already exists and the AP supports Layer 2 aggregate interfaces.

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

ten-gigabitethernet interface-number

4. Assign an interface to an aggregation group.

port link-aggregation group group-id

By default, in an AP's Layer 2 Ethernet interface view, the AP uses the configuration in an AP group's Layer 2 Ethernet interface view. In an AP group's Layer 2 Ethernet interface view, an interface does not belong to an aggregation group.

Configuring port isolation

Restrictions and guidelines

The configuration in Ethernet interface view applies only to the interface.

The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

4. Configure port isolation.

port-isolate { enable | disable }

By default, in an AP's Ethernet interface view, a port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, port isolation is enabled.

Configuring basic VLAN settings

Restrictions and guidelines

You cannot create or delete VLAN 1 (the default VLAN) or reserved VLANs.

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. (Optional.) Create a VLAN and enter its view, or create a list of VLANs.

vlan { vlan-id1 [ to vlan-id2 ] }

By default, only VLAN 1 (the system default VLAN) exists.

4. Enter VLAN view.

vlan vlan-id

To configure a VLAN after bulk VLAN creation, perform this step.

Assigning an access port to a VLAN

Restrictions and guidelines

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

Use a command according to the AP model and network requirements.

4. Set the link type to access.

port link-type access

By default, in an AP's Ethernet interface view, a port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, all ports are access ports.

5. Assign the access port to a VLAN.

port access vlan vlan-id

By default, in an AP's Ethernet interface view, an access port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, an access port belongs to VLAN 1.

Make sure the VLAN has been created.

Assigning a trunk port to VLANs

Restrictions and guidelines

A trunk port can allow multiple VLANs. If you execute this command multiple times on a trunk port, the trunk port allows all the specified VLANs.

On a trunk port, packets from only the PVID can pass through untagged.

To prevent unauthorized VLAN users from accessing restricted resources through the port, use the port trunk permit vlan all command with caution.

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

gigabitethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

Use a command according to the AP model and network requirements.

4. Set the link type to trunk.

port link-type trunk

By default, in an AP's Ethernet interface view, a port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, all ports are access ports.

5. Assign the trunk port to the specified VLANs.

port trunk permit vlan { vlan-id-list | all }

By default, in an AP's Ethernet interface view, a trunk port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, a trunk port does not permit packets from any VLAN to pass through.

6. (Optional.) Set the PVID for the trunk port.

port trunk pvid vlan vlan-id

By default, in an AP's Ethernet interface view, a trunk port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, the PVID of a trunk port is VLAN 1.

Assigning a hybrid port to VLANs

Restrictions and guidelines

You can use a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a hybrid port by using the undo vlan command, the PVID setting of the port does not change.

For correct packet transmission, set the same PVID for a hybrid port on an AP and the hybrid port on the switch connected to the AP.

To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID by using the port hybrid vlan command.

The configuration will be synchronized to all online APs after remote configuration synchronization is activated.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

Use a command according to the AP model and network requirements.

4. Set the link type to hybrid.

port link-type hybrid

By default, in an AP's Ethernet interface view, a port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, all ports are access ports.

5. Assign the hybrid port to the specified VLANs.

port hybrid vlan vlan-id-list { tagged | untagged }

By default, in an AP's Ethernet interface view, a hybrid port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, a hybrid port does not permit packets from any VLAN to pass through.

6. (Optional.) Set the PVID for the hybrid port.

port hybrid pvid vlan vlan-id

By default, in an AP's Ethernet interface view, a hybrid port uses the configuration in an AP group's Ethernet interface view. In an AP group's Ethernet interface view, the PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is access.

Setting the trusted packet priority type

About this task

With a priority type and a port priority value specified for an interface, an AP assigns the priority of the specified type to all packets received on the interface.

The system supports the following trusted packet priority types:

· dot11e—Uses the 802.1e priority carried in packets for priority mapping.

· dscp—Uses the DSCP priority carried in packets for priority mapping.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group's AP model view.

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

Ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

Use a command according to the AP model and network requirements.

4. Set the trusted packet priority type.

qos trust { dot1p | dscp }

By default, in an AP's Ethernet interface view, the AP uses the configuration in AP group view. In an AP group's Ethernet interface view, no trusted packet priority type is set.

Setting the port priority

About this task

With a priority type and a port priority value specified for an interface, an AP assigns the priority of the specified type to all packets received on the interface.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group's AP model view.

wlan ap-group group-name

ap-model ap-model

3. Enter Ethernet interface view.

¡ Enter Eth interface view.

ethernet interface-number

¡ Enter GigabitEthernet interface view.

gigabitethernet interface-number

¡ Enter 2.5G Ethernet interface view.

smartrate-ethernet interface-number

¡ Enter 10-GE interface view.

Ten-gigabitethernet interface-number

¡ Enter Layer 2 aggregate interface view.

bridge-aggregation interface-number

Use a command according to the AP model and network requirements.

4. Set the port priority.

qos priority priority-value

By default, in an AP's Ethernet interface view, the AP uses the configuration in AP group view. In an AP group's Ethernet interface view, the port priority is 0.

Synchronizing settings to online APs

About this task

This feature enables the AC to directly synchronize AP settings such as VLAN, link aggregation, and port isolation changes to online APs.

Restrictions and guidelines

CAUTION:

The remote configuration synchronization feature clears all VLAN, link aggregation, and port settings (except for port isolation settings) on online APs and issues the settings on the AC to the APs. Please use it with caution.

‌

This feature takes effect only when both remote configuration assignment and remote configuration synchronization are configured. If only remote configuration assignment is configured, the AC assigns only VLAN settings to the specified AP or AP group.

With remote configuration assignment enabled, APs request VLAN, link aggregation, and port settings from the AC automatically after coming online.

Remote configuration synchronization takes effect only when remote configuration assignment is enabled.

As a best practice, do not use both remote configuration synchronization and the map-configuration command on the AC. If you must use both of them on the AC, make sure the VLAN, link aggregation, and port isolation settings in the configuration file to be deployed do not conflict with the settings on the AC.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Enable remote configuration assignment.

remote-configuration enable

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, remote configuration assignment is disabled.

4. Activate remote configuration synchronization.

remote-configuration synchronize

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, remote configuration synchronization is not activated.

Configuring DHCP snooping

About DHCP snooping

DHCP snooping is a security feature for DHCP. DHCP snooping works between the DHCP client and DHCP server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. For more information about DHCP snooping, see DHCP snooping configuration in Network Connectivity Configuration Guide.

Tasks at a glance

To configure remote configuration synchronization, perform the following tasks:

1. Configuring basic DHCP snooping features

2. Configuring DHCP snooping support for Option 82

Configuring basic DHCP snooping features

1. Enter system view.

system-view

2. Enter AP view.

wlan ap ap-name

3. Enable DHCP snooping.

dhcp snooping enable

By default, DHCP snooping is disabled.

Configuring DHCP snooping support for Option 82

About this task

Option 82 is the relay agent option. It records the location information about the DHCP client. The administrator can use Option 82 to locate the DHCP client and further implement security control and accounting. For more information about Option 82, see DHCP snooping configuration in Layer 3—IP Services Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enter AP view.

wlan ap ap-name

3. Enable DHCP snooping to support Option 82.

dhcp snooping information enable

By default, DHCP snooping does not support Option 82.

4. (Optional.) Configure the padding mode and padding format for the Circuit ID sub-option.

dhcp snooping information circuit-id { normal | wlan-private } [ format { ascii | hex } ]

By default, the padding mode is normal and the padding format is hex for the Circuit ID sub-option.

Configuring a CAPWAP tunnel

Configuring CAPWAP tunnel encryption

About this task

CAPWAP tunnel encryption uses the Datagram Transport Layer Security (DTLS) protocol to encrypt control and data packets transmitted over a CAPWAP tunnel.

When CAPWAP control tunnel encryption is enabled for an AP, the AC and the AP communicate as follows:

1. The AC sends a discovery response with the encryption flag to the AC.

2. The AP performs a DTLS handshake with the AC and then establishes a CAPWAP tunnel with the AC.

3. The AC and the AP encrypt control packets transmitted in the CAPWAP control tunnel after the DTLS handshake.

When CAPWAP data tunnel encryption is enabled for an AP, the AP exchanges encryption information including keys with the AC through the CAPWAP control tunnel upon receiving the first keepalive packet from the AC. After the exchange, the AC and the AP encrypt data packets transmitted in the CAPWAP data tunnel. Keepalive packets are not encrypted.

Restrictions and guidelines

After you enable CAPWAP control tunnel encryption, APs go offline and then come online again from the AC to re-establish CAPWAP tunnels.

CAPWAP control tunnel encryption requires a certificate. You can use the built-in certificate or specify a certificate for the AC. For the specified certificate to take effect, specify the certificate before enabling CAPWAP control tunnel encryption.

CAPWAP control tunnel encryption supports AP certificate verification to allow only APs with a matching certificate to come online. To use AP certificate verification, you must generate AP certificates, upload them to the AC, and execute the download file command to download the certificates to the corresponding APs. With the verification feature enabled, an AP can come online only when a certificate that uses the AP's MAC address as its CN exists on the AC.

Prerequisites

To use a non-built-in certificate, save the certificate, key, and CA certificate to the file system of the AC. These files can be in the .pem or .cer format.

Procedure

1. Enter system view.

system-view

2. Specify the certificate used for CAPWAP tunnel encryption.

wlan capwap encryption certificate cer-name key key-name ca ca-name

By default, the system uses the built-in certificate for CAPWAP tunnel encryption.

3. (Optional.) Enable AP certificate verification.

wlan ap-certificate verification

By default, AP certificate verification is disabled.

4. Enter AP view/AP group view/virtual AP view/virtual AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

5. Configure CAPWAP control tunnel encryption.

tunnel encryption { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, CAPWAP control tunnel encryption is disabled.

¡ In virtual AP view, an AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, CAPWAP control tunnel encryption is disabled.

6. Configure CAPWAP data tunnel encryption.

data-tunnel encryption { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, CAPWAP data tunnel encryption is disabled.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, CAPWAP data tunnel encryption is disabled.

Configuring CAPWAP tunnel latency detection

About this task

This feature enables an AC to detect the transmission latency of CAPWAP control frames or data frames from an AP to the AC and back.

This feature takes effect only on the master AC after a CAPWAP tunnel is established.

When an AP goes offline, CAPWAP tunnel latency detection automatically stops. To restart CAPWAP tunnel latency detection when the AP comes online, execute the tunnel latency-detect start command again.

To display CAPWAP tunnel latency information, use the display wlan tunnel latency ap name command.

Procedure

1. Enter system view.

system-view

2. Enter AP view.

wlan ap ap-name

3. Configure CAPWAP tunnel latency detection.

tunnel latency-detect { start | stop }

By default, CAPWAP tunnel latency detection is not started.

Setting the control tunnel keepalive timer for an AP

About this task

An AP sends echo requests to the AC at the specified echo interval to identify whether the CAPWAP control tunnel is operating correctly. The AC responds by sending echo responses. If the AP does not receive any echo responses before the keepalive timer expires, the AP terminates the connection. If the AC does not receive any echo requests before the keepalive timer expires, the AC terminates the connection.

The keepalive time is the echo interval multiplied by the maximum number of echo request transmission attempts specified by using the echo-count command. For an AC, the minimum keepalive time is 120 seconds. If the calculated value is smaller than 120, the system sets the keepalive time to 120 seconds.

The configuration in virtual AP view takes precedence over the configuration in virtual AP group view.

Restrictions and guidelines

Setting the echo interval to 0 seconds disables an AP from sending echo requests. This setting is for test use only. For correct AC and AP communication, do not set the echo interval to 0 seconds.

Procedure

1. Enter system view.

system-view

2. Enter AP view/AP group view/virtual AP view/virtual AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

3. Set the interval for the AP to send echo requests.

echo-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the echo interval is 10 seconds.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, the echo interval is 10 seconds.

4. Set the maximum number of echo request transmission attempts.

echo-count count

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the maximum number of echo request transmission attempts is 3.

This feature is supported only in AP view and AP group view.

Setting the data tunnel keepalive interval for an AP

About this task

An AP sends data channel keepalive packets to the AC at the specified keepalive intervals after a CAPWAP tunnel is established between the AP and the AC.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the data tunnel keepalive interval.

keepalive-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the data tunnel keepalive interval is 10 seconds.

Setting the maximum fragment size for CAPWAP packets

About this task

Perform this task to prevent intermediate devices from dropping packets between AC and AP if the AP connects to the AC across the Internet.

Any maximum fragment size modification takes effect immediately on online APs.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the maximum fragment size for CAPWAP control or data packets.

fragment-size { control control-size | data data-size }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the maximum fragment size for CAPWAP control packets and data packets is 1450 bytes and 1500 bytes, respectively.

Configuring region code settings

Specifying a region code

About this task

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

To prevent regulation violation caused by region code modification, lock the region code.

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, global configuration view, AP provision view, or AP group provision view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

¡ Execute the following commands in sequence to enter AP provision view:

wlan ap ap-name

provision

¡ Execute the following commands in sequence to enter AP group provision view:

wlan ap-group group-name

provision

3. Specify a region code.

region-code code

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no region code exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In global configuration view, the region code is CN.

¡ In AP provision view, an AP uses the configuration in AP group provision view.

¡ In AP group provision view, no region code is specified.

4. (Optional.) Lock the region code.

region-code-lock enable

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no region code exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In global configuration view, the region code is not locked.

Including or excluding region codes in beacon frames and probe responses

Restrictions and guidelines

If you enable an AP to include its region code in beacon frames and probe responses, you must also specify the AP installation environment. If you bind different service templates to radios of an AP, make sure the service templates are specified with the same installation environment type.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Include or exclude region codes in beacon frames and probe responses and specify the installation environment type.

region-code-ie { disable | enable { any | indoor | outdoor } }

By default, beacon frames and probe responses contain region codes and the installation environment type is any.

Configuring AC request retransmission

About this task

The AC retransmits a request to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the maximum number of request retransmission attempts.

retransmit-count value

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the maximum number of request retransmission attempts is 3.

4. Set the interval at which an AC request is retransmitted.

retransmit-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the retransmission interval is 5 seconds.

Preprovisioning APs

About AP preprovisioning

AP preprovisioning allows you to configure network settings for fit APs on an AC. The AC automatically assigns these settings to the fit APs in run state through CAPWAP tunnels in a batch. These settings will be saved in preprovisioned configuration file wlan_ap_prvs.xml on the APs. This reduces the workload in large WLAN networks.

Restrictions and guidelines

This feature takes effect only on master ACs. For information about master ACs, see High Availability Configuration Guide.

The save wlan ap-provision command has the same effect as the reset wlan ap provision command if no preprovisioned settings exist.

Tasks at a glance

To configure AP preprovisioning, perform the following tasks:

1. Configuring preprovisioned settings

Choose one of the following tasks:

¡ Configuring preprovisioned settings for an AP

¡ Configuring network settings for an AP group

¡ Configuring global network settings

2. Assigning preprovisioned settings to APs

3. (Optional.) Configuring auto loading of preprovisioned settings

Configuring preprovisioned settings for an AP

1. Enter system view.

system-view

2. Enter AP view.

wlan ap ap-name

3. Enable AP preprovisioning and enter AP provision view.

provision

By default, an AP uses the configuration in AP group view. If no configuration exists in AP group provision view, the AP uses the configuration in global configuration view.

4. Specify an AC for the AP.

ac { host-name host-name | ip ipv4-address }

By default, an AP uses the configuration in AP group provision view. If no configuration exists in AP group provision view, the AP uses the configuration in global provision view.

5. Specify an IPv4 address for the management VLAN interface.

ip address ipv4-address { mask | mask-length }

By default, no IPv4 address is specified for the management VLAN interface.

6. Specify an IPv6 address for the management VLAN interface.

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

By default, no IPv6 address is specified for the management VLAN interface.

7. Set the gateway IP address.

gateway { ip ipv4-address | ipv6 ipv6-address }

By default, no gateway IP address is specified for an AP.

8. Specify a DNS server.

dns server { ip ipv4-address | ipv6 ipv6-address }

By default, an AP uses the configuration in AP group provision view. If no configuration exists in AP group provision view, the AP uses the configuration in global provision view.

9. Set a DNS domain name suffix.

dns domain domain-name

By default, an AP uses the configuration in AP group provision view. If no configuration exists in AP group provision view, the AP uses the configuration in global provision view.

Configuring network settings for an AP group

1. Enter system view.

system-view

2. Enter AP group view.

wlan ap-group group-name

3. Enable AP preprovisioning and enter AP group provision view.

provision

By default, an AP uses the configuration in global configuration view.

4. Specify an AC.

ac { host-name host-name | ip ipv4-address }

By default, an AP uses the configuration in global provision view.

5. Specify a DNS server.

dns server { ip ipv4-address | ipv6 ipv6-address }

By default, an AP uses the configuration in global provision view.

6. Set a domain name suffix for the DNS server.

dns domain domain-name

By default, an AP uses the configuration in global provision view.

Configuring global network settings

1. Enter system view.

system-view

2. Enter global configuration view.

wlan global-configuration

3. Enable AP preprovisioning and enter global provision view.

provision

By default, AP preprovisioning is disabled.

4. Specify an AC.

ac { host-name host-name | ip ipv4-address }

By default, no AC is specified for an AP.

5. Specify a DNS server.

dns server { ip ipv4-address | ipv6 ipv6-address }

By default, no DNS server is specified for an AP.

6. Set a domain name suffix for the DNS server.

dns domain domain-name

By default, no domain name suffix is set for a DNS server.

Assigning preprovisioned settings to APs

About this task

Perform this task to enable the AC to assign preprovisioned settings to an AP with which the AC has established a CAPWAP tunnel. The preprovisioned settings will be saved to configuration file wlan_ap_prvs.xml on the AP, and the settings will overwrite the network settings originally saved in the configuration file.

You can use the following methods to assign preprovisioned settings to an AP:

· Manual configuration—You save the preprovisioned settings to configuration file wlan_ap_prvs.xml on the AP after it comes online. The settings take effect immediately.

· Auto assignment of preprovisioned settings—The preprovisioned settings are assigned to an AP when it is coming online. The AP will establish a CAPWAP tunnel with the AC specified in the preprovisioned settings. For information about optimal AC selection , see "CAPWAP tunnel establishment."

Restrictions and guidelines

Manually assigned preprovisioned settings immediately take effect on an online AP. Modifying the AC address configuration in the configuration file of the AP will trigger a new optimal AC selection process. The AP will terminate the original CAPWAP tunnel and establish a CAPWAP tunnel with the new AC.

Saving the network settings to the configuration file on an AP

To save the network settings to preprovisioned configuration file wlan_ap_prvs.xml on the specified AP or all APs, execute the following command in any view:

save wlan ap provision { all | name ap-name }

Configuring auto assignment of preprovisioned settings

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Configure auto assignment of preprovisioned settings for the AP.

provision auto-update { disable | enable }

By default:

In PA view, an AP uses the configuration in AP group view.

In AP group view, auto assignment of preprovisioned settings is disabled.

Configuring SNMP notifications

Enabling SNMP notifications

About this task

To report critical WLAN events to an NMS, enable SNMP notifications. For WLAN event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enable SNMP notifications.

¡ Enable SNMP notifications for AP management.

snmp-agent trap enable wlan ap

By default, SNMP notifications for AP management are disabled.

¡ Enable SNMP notifications for CAPWAP.

snmp-agent trap enable wlan capwap

By default, SNMP notifications for CAPWAP are disabled.

Setting the online AP quantity threshold for triggering an SNMP trap

About this task

With SNMP notifications and this command configured, the AC sends overload traps to the SNMP module when the number of online APs to the number of APs allowed by the license exceeds the specified threshold. If the threshold is exceeded, the AC sends an SNMP recover trap every time an AP comes online. When the number drops below the threshold, the AC sends recover traps to the SNMP module.

Restrictions and guidelines

If you set the threshold to 100, the AC will not send overload traps, because the number of online APs will not exceed the number of APs allowed by the license.

Procedure

1. Enter system view.

system-view

2. Set the online AP quantity threshold for triggering an SNMP trap.

wlan trap ap-number threshold percent

By default, the online AP quantity threshold for triggering an SNMP trap is 100. The AC does not send traps.

Maintaining APs

Resetting APs

To reset all APs or the specified AP, execute the following command in user view:

reset wlan ap { all | ap-group group-name | model model-name | name ap-name | native }

Renaming a manual AP

1. Enter system view.

system-view

2. Rename a manual AP.

wlan rename-ap ap-name new-ap-name

Managing the file system of an AP

About this task

You can perform the following tasks on an AC to manage files for an AP after the AP establishes a CAPWAP tunnel with the AC:

· View file information for the AP.

· Delete a file from the AP.

· Download an image file from the AC to the AP.

Restrictions and guidelines

This feature takes effect only on master ACs.

Procedure

1. Display information about files or file folders on an AP.

display wlan ap name ap-name files

2. Enter system view.

system-view

3. Enter AP view.

wlan ap ap-name

4. Manage files on the AP.

¡ Delete a file from the AP.

delete file filename

¡ Download an image file to the AP.

download file file-name

Setting the statistics report interval

About this task

Perform this task to change the interval for an AP to report its statistics. You can use the statistics to monitor the operating status of radios on the AP.

Procedure

1. Enter system view.

system-view

2. Enter AP view/AP group view/virtual AP view/virtual AP group view/global configuration view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

3. Set the statistics report interval.

statistics-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view. If no configuration exists in virtual AP group view, the virtual AP uses the configuration in global configuration view.

¡ In virtual AP group view, a virtual AP uses the configuration in global configuration view.

¡ In global configuration view, the statistics report interval is 50 seconds.

Setting the statistics fast report interval

About setting the fast statistics report interval

This task enables an AP to fast report specific statistics to the AC. APs can fast report only channel usage statistics to the AC.

Setting the interval to 0 disables an AP from fast reporting statistics to the AC.

Procedure

1. Enter system view.

system-view

2. Enter AP view/AP group view/virtual AP view/virtual AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

3. Set the interval at which an AP fast reports statistics to the AC.

statistics-interval fast-report fast-report-interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the fast report interval is 0 seconds. An AP does not fast report statistics to the AC.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, the fast report interval is 0 seconds. A virtual AP does not fast report statistics to the AC.

Configuring auto loading of preprovisioned settings

About this task

Auto loading of preprovisioned settings ensures successful CAPWAP tunnel establishment between AP and AC. An AP uses the following procedure to discover an AC when you enable this feature:

1. Uses the preprovisioned settings to discover an AC that has the AP's manual or auto AP configuration.

2. Reboots and uses other methods to discover ACs if AC discovery fails.

3. Reboots and uses the preprovisioned settings again to discover ACs if the AP still fails to discover the target AC.

This AC discovery process will be repeated until the AP discovers the target AC to establish a CAPWAP tunnel.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Configure auto loading of preprovisioned settings for the AP.

provision auto-recovery { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, auto loading of preprovisioned settings is enabled.

Setting a LED lighting mode

About this task

You can configure LEDs on an AP to flash in the following modes:

· quiet—All LEDs are off.

· awake—All LEDs flash once every minute. Support for this mode depends on the AP model.

· always-on—All LEDs are steady on. Support for this mode depends on the AP model.

· normal—How LEDs flash in this mode varies by AP model. This mode can identify the running status of an AP.

Restrictions and guidelines

If you set the LED lighting mode to awake or always-on in AP group view, the setting takes effect only on member APs that support the specified LED lighting mode.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set a LED lighting mode.

led-mode { always-on | awake | normal | quiet }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the LED lighting mode is normal.

Deploying a configuration file to an AP

About this task

Deploy a configuration file to an AP if you want to update its configuration file or configure features that require a configuration file. For example, to configure a user profile for an AP in local forwarding mode, you must write related commands to a configuration file and then deploy the configuration file to the AP. The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.

Restrictions and guidelines

Make sure the configuration file is stored in the storage medium of the AC. Contents in the configuration file must be complete commands. You can upload the file to the AC through FTP or from the Web interface. As a best practice, use the Web interface.

This feature takes effect every time the specified AP comes online.

An AP can only use its main IP address to establish a CAPWAP tunnel to the AC if the AP is configured by using a configuration file.

To change the configuration file of an online AP after specifying the file for the AP on the AC, use either of the following method for the new file to take effect immediately:

· Use the undo map-configuration command and then execute the map-configuration filename command to re-specify the configuration file.

· Disconnect the AP from the AC and then make the AP come online again.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Deploy a configuration file to the AP.

map-configuration filename

By default, no configuration file is deployed to an AP.

Configuring APs to report gateway information to the AC

About this task

When you perform dynamic-static IP address conversion for APs from IMC, the system converts IP addresses of APs obtained through DHCP to static IP addresses. However, the default gateway and AC addresses are not retained for the APs. If such an AP goes offline, it cannot come online again.

To solve this issue, enable gateway information reporting to enable APs to report their gateway information to the AC.

Procedure

1. Enter system view.

system-view

2. Enter global configuration view.

wlan global-configuration

3. Configure APs to report gateway information to the AC.

gateway information report { disable | enable }

By default, gateway information reporting is disabled.

Configuring remote AP

About this task

Remote AP enables an AP to automatically perform the following operations when the CAPWAP tunnel to the AC is disconnected:

· Forward client traffic.

· Provide client access services if local authentication is enabled and association is enabled at the AP.

Remote AP is applicable to telecommuting, small branches, and SOHO solutions.

Restrictions and guidelines

Remote AP takes effect only on APs that operate in local forwarding mode.

When the tunnel between the AC and AP is recovered, clients that use the AC as the authenticator need reauthentication. Clients that use the AP as the authenticator remain online.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Configure remote AP.

hybrid-remote-ap { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, remote AP is disabled.

Configuring automatic AC association for fat APs and cloud-managed APs

About this task

This feature enables fat APs and cloud-managed APs to register with an AC automatically for the AC to manage these APs in a centralized way.

This feature can be used only for AP upgrade or operating mode change.

Restrictions and guidelines

If multiple ACs exist in a network, enable this feature only on the AC from which you want to manage fat APs and cloud-managed APs.

Before enabling this feature, execute the wlan auto-ap enable command to enable the auto AP feature.

Do not configure any commands other than AP upgrade or operating mode change in AP view or AP group view for the fat APs or cloud-managed APs.

Procedure

1. Enter system view.

system-view

2. Enable automatic AC association for fat APs and cloud-managed APs.

wlan auto-ap fat-and-cloud enable

By default, automatic AC association is disabled for fat APs and cloud-managed APs.

Configuring a fat AP or cloud-managed AP to operate in fit mode

About this task

For unified management of fat APs or cloud-managed APs, you can configure them to operate in fit mode.

After you configure this feature for a fat AP or cloud-managed AP, it performs either of the following tasks:

· If a fit AP image exists on the AP, the AP restarts and changes its mode immediately.

· If no fit AP image exists on the AP, the AP first attempts to obtain a fit AP image from the AC after associating with the AC and then restarts and changes the mode. If the AP fails to obtain a fit AP image, it does not change its mode. The image downloading process might take several or dozens of minutes.

Restrictions and guidelines

After image downloading starts, do not perform any operations on the AP until the mode change fails or finishes.

If the AP is already in fit mode, this configuration does not affect AP operation.

If the AP is offline, save the configuration on the AC. The AP will automatically perform a mode change next time it comes online.

Make sure the AC connection feature is enabled on the target AP. To enable this feature, use the wlan connect-ac enable command.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Configure the fat AP or cloud-managed AP to operate in fit mode.

ap-mode fit

By default:

¡ In AP view, the AP uses the configuration in AP group view.

¡ In AP group view, a fat AP operates in fat mode and a cloud-managed AP operate in cloud mode.

Switching the operating mode for a fit AP

About this task

Perform this task to switch the operating mode of a fit AP to cloud.

Restrictions and guidelines

· For the configuration to take effect, use the reset wlan ap command to restart the AP after the configuration.

· For the first operating mode switching, an AP restarts with the factory default configuration. If it is not the first operation mode switching and the configuration has been saved with the save command, the AP restarts with the saved configuration. If the configuration has not been saved, the AP restarts with the factory default configuration.

· This feature takes effect only on online APs.

· If the AC associated with an AP is the backup AC for the AP, you cannot configure this feature on the AC.

Procedure

1. Enter system view.

system-view

2. Switch the operating mode for an AP.

wlan mode-switch ap ap-namecloud

Configuring AP power management

Configuring the default input power level

NOTE:

Support for this feature depends on the AP model.

‌

About this task

Configure the default input power level for an AP in case the AP cannot obtain its input power level at startup.

An AP automatically detects power supply modes to obtain its input power level at startup. If the AP fails to obtain the input power level, it operates at the low power level before associating with an AC. After the association, it operates at the configured default input power level.

An AP can be powered through a power adapter or through its PoE or PoE+ ports. The following table shows the relationship between the AP's power supply mode and input power level:

Power supply mode	Input power level
· Power adapter. · Multiple PoE+ ports. · Combination of PoE and PoE+ ports.	High
· Single PoE+ port · Multiple PoE ports	Middle
Single PoE port	Low

‌

An AP's support for MIMO modes and USB interfaces varies by input power level, as shown in Table 1.

Table 1 AP's support for MIMO modes and USB interfaces

Input power level	Supported MIMO modes	Whether USB interfaces can be enabled
High	1×1, 2×2, 3×3, and 4×4.	Yes.
Middle	1×1, 2×2, 3×3, and 4×4.	Yes when the MIMO mode is 1×1 or 2×2.
Low	1×1.	No.

‌

Restrictions and guidelines

When you configure the default input power level for an AP, make sure the setting matches its power mode. An excessively low input power level prevents the AP from operating correctly. An excessively high input power level causes overload of the AP in case of power shortage.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Configure the default input power level.

power-level default { high | low | middle }

By default:

¡ In AP view, an AP uses the configuration in an AP group's AP model view.

¡ In an AP group's AP model view, the default input power level is middle.

Enabling or disabling USB interfaces for APs

NOTE:

Support for this feature depends on the AP model.

‌

About this task

After you enable USB interfaces for an AP, the USB interfaces become active only when either of the following requirements is met:

· The input power level of the AP is high.

· The input power level of the AP is middle and the MIMO mode is 1×1 or 2×2.

For information about input power levels, see "Configuring the default input power level." For information about MIMO modes, see radio management in Radio Resources Management Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enable or disable USB interfaces.

usb { enable | disable }

By default:

In AP view, an AP uses the configuration in an AP group's AP model view.

In an AP group's AP model view, USB interfaces are disabled.

Enabling or disabling PoE for PIs

NOTE:

Support for this feature depends on the AP model.

‌

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Enable or disable PoE for PIs.

poe port port-number1 [ to port-number2 ] { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in an AP group's AP model view.

¡ In an AP group's AP model view, PoE is disabled on PIs.

Maintaining ACs

Configuring a description for the AC

1. Enter system view.

system-view

2. Configure a description for the AC.

wlan description text

By default, an AC does not have a description.

Enabling time zone synchronization

About this task

This feature enables APs to synchronize time and time zone information from the AC at association and at specific intervals after association.

Procedure

1. Enter system view.

system-view

2. Enable time zone synchronization.

wlan timezone-sync enable

By default, time zone synchronization is enabled.

Loading an APDB user script

About this task

This task allows you to add new AP models to the APDB without upgrading AC software.

Restrictions and guidelines

Make sure the user script is valid. Invalid scripts can cause loading failure.

The AP models in the user script must be different from the AP models in the system script.

If you load multiple user scripts on the AC, the most recently loaded user script overwrites the old user scripts.

To reload a user script when the following conditions exist, you must delete the related AP models or use the wlan apdb command to restore the original software version:

· A manual AP or an online auto AP whose model is listed in the old user script exists.

· APs of an AP model listed in the old user script have been added to an AP group.

· The old user script includes an AP model whose software version was already configured.

For more information about the wlan apdb command, see AP management commands in AP and WT Management Command Reference.

To prevent AP model configuration lost after an AC reboot, you must reload a user script when you rename, or delete the user script in the file system.

When you replace a user script, the AP model configuration in the old user script will be lost upon an AC reboot if the new user script does not contain AP model configuration of the old script. In this case, you must reload the new user script.

Procedure

1. Enter system view.

system-view

2. Load an APDB user script.

wlan apdb file user.apdb

By default, no user script is loaded on the AC.

Enabling service anomaly detection

CAUTION:

If you disable this feature, you can only manually restart the AC to restore services. Do not disable this feature unless necessary.

About this task

This feature enables an AC to check service status and start a reboot timer upon detecting that no APs are associated with the AC. When the reboot timer (10 minutes) expires, the AC restarts. If an AP comes online on the AC before the reboot timer expires, the AC deletes the timer.

Procedure

1. Enter system view.

system-view

2. Enable service anomaly detection.

wlan detect-anomaly enable

By default, service anomaly detection is enabled.

Disabling the WLAN function

About this task

CAUTION:

· Make sure WLAN-related features will not be used any more before you disable the WLAN function.

· Disabling the WLAN function logs off all online APs. Please use this feature with caution.

This feature disables the device from providing WLAN services and releases ports used by CAPWAP and LWAPP tunnels.

Procedure

1. Enter system view.

system-view

2. Disable the WLAN function.

undo wlan enable

By default, the WLAN function is enabled.

Configuring an AP monitor group

About AP monitor groups

APs in an AP monitor group can report client quantity, radio traffic, channel usage, and AP anomalies to the AC.

Restrictions and guidelines

You can add a maximum of 32 APs to an AP monitor group.

Procedure

1. Enter system view.

system-view

2. Create an AP monitor group and enter its view.

wlan vip-ap-group

3. Add an AP to the AP monitor group.

ap-name ap-name

By default, no APs exist in an AP monitor group.

4. (Optional.) Set the interval at which the AP reports statistics to the AC.

report-interval interval

By default, an AP reports statistics to the AC at intervals of 50 seconds.

Display and maintenance commands for AP management

Execute display commands in any view and reset commands in user view.

Task	Command
Display information about all APs or the specified AP.	display wlan ap { all \| name ap-name } [ verbose ]
Display address information for all APs or the specified AP.	display wlan ap { all \| name ap-name } address
Display configuration status of CAPWAP features.	display wlan ap all feature capwap
Display AP connection records on the AC.	display wlan ap { all \| name ap-name } connection-record
Display AP descriptions on the AC.	display wlan ap description
Display GPS information for all APs or the specified AP.	display wlan ap { all \| name ap-name } gps
Display AP group information for all APs or the specified AP.	display wlan ap { all \| name ap-name } group
Display Ethernet interface statistics about online APs.	display wlan ap { all \| name ap-name } interface [ verbose ]
Display AP online duration.	display wlan ap { all \| name ap-name } online-time
Display the reboot logs of the specified AP.	display wlan ap name ap-name reboot-log
Display region code information for APs.	display wlan ap { all \| name ap-name } region-code
Display running configuration for all APs or the specified AP.	display wlan ap { all \| name ap-name } running-configuration [ verbose ]
Display tunnel latency information for the specified CAPWAP tunnel.	display wlan ap name ap-name tunnel latency
Display association failure records for APs.	display wlan ap statistics association-failure-record
Display information about AP image downloading.	display wlan ap statistics image-download [ failed \| in-progress \| succeeded ]
Display online AP quantity records.	display wlan ap statistics online-record [ datetime date time [ count count ] ]
Display CAPWAP tunnel down records.	display wlan ap statistics tunnel-down-record
Display information about distribution of attached APs for ACs.	display wlan ap-distribution all
Display the attachment location of an AP.	display wlan ap-distribution ap-name ap-name
Display information about all AP groups or the specified AP group.	display wlan ap-group [ brief \| name group-name ]
Display AP model information.	display wlan ap-model { all \| name model-name }
Display the WLAN device role.	display wlan device role
Display the number of installed WLAN licenses.	display wlan license
Display virtual AP information.	display wlan virtual-ap { all \| name ap-name }
Display virtual AP group information.	display wlan virtual-ap-group [ brief \| name group-name ]
Clear AP connection records on the AC.	reset wlan ap { all \| name ap-name } connection-record
Delete configuration file wlan_ap_prvs.xml from all APs or the specified AP.	reset wlan ap provision { all \| name ap-name }
Clear the reboot logs of all APs or the specified AP.	reset wlan ap reboot-log { all \| name ap-name }
Clear tunnel latency information for all CAPWAP tunnels or the specified CAPWAP tunnel.	reset wlan tunnel latency ap { all \| name ap-name }

‌

AP management configuration examples

Example: Establishing a CAPWAP tunnel through DHCP

Network configuration

As shown in Figure 3, configure the AP to obtain its IP address and AC IP address from the DHCP server through DHCP Option 43. The AP uses the IP address of the AC to establish a CAPWAP tunnel with the AC.

Figure 3 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable the DHCP service.

<DHCP server> system-view

[DHCP server] dhcp enable

# Configure DHCP address pool 1.

[DHCP server] dhcp server ip-pool 1

[DHCP server-dhcp-pool-1] network 1.1.1.0 mask 255.255.255.0

# Configure Option 43 to specify the IP address of the AC in address pool 0. The right-most bytes 01010103 (1.1.1.3) represent the IP address of the AC.

[DHCP server-dhcp-pool-1] option 43 hex 800700000101010103

[DHCP Server-dhcp-pool-1] quit

[DHCP Server] quit

2. Configure the AC:

# Set the IP address of VLAN-interface 1 on the AC to 1.1.1.3/24.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 1.1.1.3 24

[AC-Vlan-interface1] quit

# Create an AP named ap1, and set its serial ID to 219801A28N819CE0002T.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-ap1] quit

# Start up the AP. The AP performs the following operations:

¡ Obtains its IP address 1.1.1.2 from the DHCP server.

¡ Obtains the IP address of the AC through Option 43.

¡ Establishes a CAPWAP tunnel with the AC.

Verifying the configuration

# Verify that you can see the following information:

· The AP obtains the IP address of the AC through DHCP.

· The AP and the AC have established a CAPWAP tunnel.

· The AP is in Run state.

[AC] display wlan ap name ap1 verbose

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A28N819CE0002T

MAC address : 0AFB-423B-893C

IP address : 1.1.1.2

UDP control port number : 26147

UDP data port number : 26147

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DHCP

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Ctrl-tunnel encryption : Disabled

Ctrl-tunnel encryption state : Not encrypted

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled

AP type : Unknown

Radio 1:

Basic BSSID : 7848-59f6-3940

State : Up

Type : 802.11ax

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel bandwidth : 20/40/80MHz

Operating bandwidth : 20/40/80MHz

Secondary channel mode : SCA

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

MIMO : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

MU-TxBF : Enabled

SU-TxBF : Enabled

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Radio 2:

Basic BSSID : 7848-59f6-3950

State : Down

Type : 802.11gax

Antenna type : internal

Client dot11n-only : Disabled

Channel bandwidth : 20MHz

Operating bandwidth : 20MHz

Secondary channel mode : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Example: Establishing a CAPWAP tunnel through DHCPv6

Network configuration

As shown in Figure 4, configure the AP to obtain its IP address and AC IP address from the DHCPv6 server through DHCP Option 52. The AP uses the IP address of the AC to establish a CAPWAP tunnel with the AC.

Figure 4 Network diagram

‌

Procedure

1. Configure the DHCPv6 server:

# Assign an IPv6 address to GigabitEthernet 1/0/1.

<DHCPv6 Server> system-view

[DHCPv6 Server] interface gigabitethernet 1/0/1

[DHCPv6 Server-GigabitEthernet1/0/1] ipv6 address 1::1/64

# Disable RA message advertising suppression.

[DHCPv6 Server-GigabitEthernet1/0/1] undo ipv6 nd ra halt

# Set the managed address configuration flag (M) to 1 in RA advertisements to be sent.

[DHCPv6 Server-GigabitEthernet1/0/1] ipv6 nd autoconfig managed-address-flag

# Set the other stateful configuration flag (O) to 1 in RA advertisements to be sent.

[DHCPv6 Server-GigabitEthernet1/0/1] ipv6 nd autoconfig other-flag

# Enable the DHCPv6 service on GigabitEthernet 1/0/1.

[DHCPv6 Server-GigabitEthernet1/0/1] ipv6 dhcp select server

[DHCPv6 Server-GigabitEthernet1/0/1] quit

# Create a DHCPv6 address pool, and specify an IPv6 subnet for dynamic allocation in the DHCPv6 address pool.

[DHCPv6 Server] ipv6 dhcp pool 1

[DHCPv6 Server-dhcp6-pool-1] network 1::0/64

# Configure Option 52 that specifies an AC address 1::3 in DHCPv6 address pool 1.

[DHCPv6 Server-dhcp-pool-1] option 52 hex 00010000000000000000000000000003

[DHCPv6 Server-dhcp-pool-1] quit

[DHCPv6 Server] quit

2. Configure the AC:

# Set the IP address of VLAN-interface 1 to 1::3/64.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ipv6 address 1::3 64

# Create an AP named ap1, and set its serial ID to 219801A28N819CE0002T.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-ap1] quit

# Start up the AP. The AP performs the following operations:

¡ Obtains its IPv6 address 1::2 from the DHCP server.

¡ Obtains the IPv6 address of the AC through Option 52.

¡ Establishes a CAPWAP tunnel with the AC.

Verifying the configuration

# Verify that you can view the following information:

· The AP obtains the IP address of the AC through DHCP.

· The AP and the AC have established a CAPWAP tunnel.

· The AP is in Run state.

[AC] display wlan ap name ap1 verbose

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A28N819CE0002T

MAC address : 0AFB-423B-893C

IP address : 1::2

UDP control port number : 26147

UDP data port number : 26147

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DHCP

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Ctrl-tunnel encryption : Disabled

Ctrl-tunnel encryption state : Not encrypted

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled

AP type : Unknown

Radio 1:

Basic BSSID : 7848-59f6-3940

State : Up

Type : 802.11ax

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel bandwidth : 20/40/80MHz

Operating bandwidth : 20/40/80MHz

Secondary channel mode : SCA

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

MIMO : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

MU-TxBF : Enabled

SU-TxBF : Enabled

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Radio 2:

Basic BSSID : 7848-59f6-3950

State : Down

Type : 802.11gax

Antenna type : internal

Client dot11n-only : Disabled

Channel bandwidth : 20MHz

Operating bandwidth : 20MHz

Secondary channel mode : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Example: Establishing a CAPWAP tunnel through DNS

Network configuration

As shown in Figure 5, configure the AP to obtain the IP address of the AC through DNS to establish a CAPWAP tunnel with the AC.

Figure 5 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable the DHCP service, configure DHCP address pool 1, and set the domain name suffix of the AC to abc.

<DHCP server> system-view

[DHCP server] dhcp enable

[DHCP server] dhcp server ip-pool 1

[DHCP server-dhcp-pool-1] network 1.1.1.0 mask 255.255.255.0

[DHCP server-dhcp-pool-1] domain-name abc

[DHCP server-dhcp-pool-1] dns-list 1.1.1.4

[DHCP server-dhcp-pool-1] gateway-list 1.1.1.2

[DHCP server-dhcp-pool-1] quit

[DHCP server] quit

2. Configure a mapping between domain name h3c.abc and IP address 2.1.1.1/24. For more information, see Layer 3—IP Services Configuration Guide. (Details not shown.)

3. Configure the AC:

# Set the IP address of VLAN-interface 1 to 2.1.1.1/24.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 2.1.1.1 24

[AC-Vlan-interface1] quit

# Configure a default route with next hop address 2.1.1.2.

[AC] ip route-static 0.0.0.0 0 2.1.1.2

# Create an AP named ap1, and set its serial ID to 219801A28N819CE0002T.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

# Start up the AP.

[AC-wlan-ap-ap1] quit

The AP performs the following operations:

¡ Obtains its IP address 1.1.1.1, the domain name suffix of the AC, and the IP address of the DNS server from the DHCP server.

¡ Adds the domain name suffix to the hostname.

¡ Informs the DNS client to translate the domain name into an IP address.

¡ Uses the IP address of the AC to establish a CAPWAP tunnel with the AC.

Verifying the configuration

# Verify that you can see the following information:

· The AP and the AC have established a CAPWAP tunnel.

· The AP is in Run state.

· The AP obtains the IP address of the AC through DNS.

[AC] display wlan ap name ap1 verbose

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A28N819CE0002T

MAC address : 0AFB-423B-893C

IP address : 1.1.1.1

UDP control port number : 26147

UDP data port number : 26147

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DNS

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Ctrl-tunnel encryption : Disabled

Ctrl-tunnel encryption state : Not encrypted

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled

AP type : Unknown

Radio 1:

Basic BSSID : 7848-59f6-3940

State : Up

Type : 802.11ax

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel bandwidth : 20/40/80MHz

Operating bandwidth : 20/40/80MHz

Secondary channel mode : SCA

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

MIMO : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

MU-TxBF : Enabled

SU-TxBF : Enabled

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Radio 2:

Basic BSSID : 7848-59f6-3950

State : Down

Type : 802.11gax

Antenna type : internal

Client dot11n-only : Disabled

Chnnel bandwidth : 20MHz

Operating bandwidth : 20MHz

Secondary channel mode : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Example: Configuring the auto AP feature

Network configuration

As shown in Figure 6, enable the auto AP feature on the AC. The AP obtains the AC IP address through DHCP Option 43 and establishes a CAPWAP tunnel with the AC.

Figure 6 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable the DHCP service.

<DHCP server> system-view

[DHCP server] dhcp enable

# Configure DHCP address pool 1.

[DHCP server] dhcp server ip-pool 1

[DHCP server-dhcp-pool-1] network 1.1.1.0 mask 255.255.255.0

# Configure Option 43 to specify the IP address of the AC in address pool 0. The right-most bytes 02010102 (2.1.1.2) represent the IP address of the AC.

[DHCP server-dhcp-pool-1] option 43 ip-address hex 800700000102010102

[DHCP Server-dhcp-pool-1] gateway-list 1.1.1.3

[DHCP Server-dhcp-pool-1] quit

[DHCP Server] quit

2. Configure the AC:

# Set the IP address of VLAN-interface 1 on the AC to 2.1.1.2/24.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 2.1.1.2 24

[AC-Vlan-interface1] quit

# Configure a default route with next hop address 2.1.1.1.

[AC] ip route-static 0.0.0.0 0 2.1.1.1

# Enable auto AP.

[AC] wlan auto-ap enable

Verifying the configuration

# Verify that the AP has established a CAPWAP tunnel with the AC.

[AC] display wlan ap name 0011-2200-0101 verbose

AP name : 0011-2200-0101

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A0CNC138011454

MAC address : 0011-2200-0101

IP address : 1.1.1.2

UDP control port number : 26147

UDP data port number : 26147

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DHCP

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Ctrl-tunnel encryption : Disabled

Ctrl-tunnel encryption state : Not encrypted

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled

AP type : Unknown

Radio 1:

Basic BSSID : 7848-59f6-3940

State : Up

Type : 802.11ax

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Chnnel band-width : 20/40/80MHz

Operating band-width : 20/40/80MHz

Secondary channel mode : SCA

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

MIMO : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

MU-TxBF : Enabled

SU-TxBF : Enabled

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Radio 2:

Basic BSSID : 7848-59f6-3950

State : Down

Type : 802.11gax

Antenna type : internal

Client dot11n-only : Disabled

Channel bandwidth : 20MHz

Operating bandwidth : 20MHz

Secondary channel mode : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Frame aging time in cache : 2000 ms

Noise floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : cts-to-self

Continuous mode : N/A

HT protection mode : No protection

ATF : Disabled

Example: Configuring AP groups

Network configuration

As shown in Figure 7, configure AP groups and add AP 1 to AP group group1, and AP 2, AP 3, and AP 4 to AP group group2.

Figure 7 Network diagram

‌

Procedure

1. Configure APs to obtain their IP addresses and the AC IP address from the DHCP server. (Details not shown.)

2. Configure manual APs. (Details not shown.)

3. Configure AP groups:

# Create an AP group named group1.

<AC> system-view

[AC] wlan ap-group group1

# Add AP 1 to AP group group1.

[AC-wlan-ap-group-group1] ap ap1

[AC-wlan-ap-group-group1] quit

# Create an AP group named group2.

[AC] wlan ap-group group2

# Add AP 2, AP 3, and AP 4 to AP group group2.

[AC-wlan-ap-group-group2] ap ap2 ap3 ap4

[AC-wlan-ap-group-group2] quit

[AC] quit

Verifying the configuration

# Verify that AP 1 is in AP group group1, and AP 2, AP 3, and AP 4 are in AP group group2.

[AC-wlan-ap-group-group2] display wlan ap-group

Total number of AP groups: 3

AP group name : default-group

Description : Not configured

AP model : Not configured

APs : Not configured

AP group name : group1

Description : Not configured

AP model : WA6320

AP grouping rules:

AP name : ap1

Serial ID : Not configured

MAC address : Not configured

IPv4 address : Not configured

IPv6 address : Not configured

APs : ap1 (AP name)

AP group name : group2

Description : Not configured

AP model : WA6320

AP grouping rules:

AP name : ap2, ap3, ap4

Serial ID : Not configured

MAC address : Not configured

IPv4 address : Not configured

IPv6 address : Not configured

APs : ap2 (AP name), ap3 (AP name), ap4 (AP name)

07-AP Management Configuration Guide

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Tasks at a glance

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

Assigning an access port to a VLAN

Restrictions and guidelines

Procedure

Assigning a trunk port to VLANs

Restrictions and guidelines

Procedure

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

Configuring DHCP snooping support for Option 82

About this task

Procedure

About this task

Restrictions and guidelines

Prerequisites

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

Configuring region code settings

About this task

Procedure

Restrictions and guidelines

Procedure

About this task

Procedure

Preprovisioning APs

About this task

Restrictions and guidelines

Saving the network settings to the configuration file on an AP

About this task

Procedure

About this task