Login
- Table of Contents
-
- H3C SecPath M9000 Multi Service Security Gateway Configuration Examples(V7)(E9X71)-6W700
- 00-Preface
- 01-About the configuration examples
- 02-Web Login Configuration Examples
- 03-Internet Access Through a Static IP Address Configuration Examples
- 04-Internet access through PPPoE configuration examples
- 05-License Configuration Examples
- 06-Signature Library Upgrade Configuration Examples
- 07-Software Upgrade Examples
- 08-Routing deployment configuration examples
- 09-Transparent deployment configuration examples
- 10-Static routing configuration examples
- 11-RIP configuration examples
- 12-OSPF configuration examples
- 13-BGP configuration examples
- 14-Policy-based routing configuration examples
- 15-Security Policy Configuration Examples
- 16-APR-Based Security Policy Configuration Examples
- 17-Object Group Configuration Examples
- 18-User identification configuration examples
- 19-Attack defense configuration examples
- 20-Request Limit Configuration Examples
- 21-IPS Configuration Examples
- 22-URL Filtering Configuration Examples
- 23-Anti-Virus Configuration Examples
- 24-File Filtering Configuration Examples
- 25-Data Filtering Configuration Examples
- 26-WAF Configuration Examples
- 27-IP Reputation Configuration Examples
- 28-APT Defense Configuration Examples
- 29-NetShare Control Configuration Examples
- 30-Bandwidth Management Configuration Examples
- 31-IPsec configuration examples
- 32-SSL VPN IP access configuration examples
- 32-SSL VPN TCP access configuration examples
- 32-SSL VPN Web access configuration examples
- 33-L2TP Configuration Examples
- 34-NAT configuration examples
- 35-NPTv6 Configuration Examples
- 36-Policy-based NAT configuration examples
- 37-NAT hairpin configuration examples
- 38-NAT Flow Logging Configuration Examples
- 39-Inbound Link Load Balancing Configuration Examples
- 40-Outbound Link Load Balancing Configuration Examples
- 41-Server Load Balancing Configuration Examples
- 42-Transparent DNS Proxy Configuration Examples
- 43-Hot Backup Configuration Examples
- 44-Context Configuration Examples
- 45-DNS configuration examples
- 46-Server Connection Detection Configuration Examples
- 47-Connection Limit Configuration Examples
- 48-Public key management configuration examples
- 49-SSL Decryption Configuration Examples
- 50-MAC Address Learning Through a Layer 3 Device Configuration Examples
- 51-4G Configuration Examples
- 52-WLAN Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 52-WLAN Configuration Examples | 91.24 KB |
WLAN configuration examples
· General restrictions and guidelines
· Example: Configuring wireless services
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of the WLAN feature.
· For clients to discover the SSID provided by the device, do not enable SSID hidden on the device.
· By default, the device has added Vlan-interface1 to the Management security zone, specified the IP address and mask as 192.168.20.1/24, and configured basic DHCP and DNS features. The administrator can use the default settings directly or edit the default settings as needed if the settings cannot satisfy network requirements. You can view default settings by executing the display default-configuration command.
Network configuration
As shown in Figure 1, the device connects to the LAN and Internet through security zones Management and Untrust, respectively.
Configure wireless services on the device for the client to access the Internet.
Software versions used
This configuration example was created and verified on F9671 of an F100-C-A6-WL device.
Procedure
1. Assign IP addresses to interfaces and add the interfaces to security zones.
# From the navigation pane, select Interface Configuration > Interfaces.
# Click the Edit icon for GE 1/0/2.
# In the dialog box that opens, configure the interface:
a. Select the Untrust security zone.
b. On the IPv4 Address tab, enter the IP address and mask of the interface. In this example, enter 20.1.1.1/24.
c. Retain the default settings for the other fields.
d. Click OK.
By default, the device has added Vlan-interface1 to the Management security zone and configured the IP address and mask as 192.168.20.1/24. You can edit the settings as needed.
2. Configure a route.
This section configures a static route as an example. If the network requires dynamic routes, configure corresponding dynamic route protocols.
# On the top navigation bar, click Network.
# From the navigation pane, select Routing > Static Routing.
# On the IPv4 Static Routing tab, click Create.
# In the dialog box that opens, configure a static route to permit packets from the device to the server:
a. Specify the destination IP address as 5.5.5.0.
b. Specify the mask length as 24.
c. Specify the next-hop address as 20.1.1.2.
d. Click OK.
3. Create a security policy.
For internal network users to access the Internet, you must allow packets exchanged between the Management security zone which Vlan-interface1 is in and the Untrust security zone to pass.
# On the top navigation bar, click Policies.
# From the navigation pane, select Security Policies > Security Policies.
# Click Create.
# In the dialog box that opens, create a security policy as follows:
¡ Specify the policy name as test-a.
¡ Select Management as the source security zone.
¡ Select Untrust as the destination security zone.
¡ Select IPv4 as the type.
¡ Select Permit as the action.
¡ Specify 192.168.20.0/24 as the source IPv4 address.
¡ Retain the default settings for the other fields.
# Click OK.
If you added Vlan-interface1 to a security zone other than the Management security zone, for Vlan-interface1 to obtain IP address from the DHCP server, you must create a new security policy. The policy allows packets exchanged between the security zone which Vlan-interface1 is in and the Local security zone to pass.
4. Configure wireless settings.
# On the top navigation bar, click Network.
# From the navigation pane, select Wireless > Wireless Settings.
# Click Create.
# In the dialog box that appears, configure a wireless service:
¡ Enter SSID wifi.
¡ Select VLAN interface 1.
¡ Enter password 123456789.
¡ Retain the default settings for the other fields.
# Click OK.
Figure 2 Creating a wireless service
5. Configure DHCP settings.
DHCP features are configured for the device by default. You can execute the display default-configuration command to view the parameters and edit the configuration as needed.
6. Configure DNS settings.
DNS features are configured for the device by default. You can execute the display default-configuration command to view the parameters and edit the configuration as needed.
Verifying the configuration
Verify that the client can access the WLAN and visit the Internet. To view client information, such as online client information, client statistics, SNR distribution, and rate distribution, click Network on the top navigation bar and then select Wireless > Wireless Info from the navigation pane.
