Example: Configuring client quantity control

Introduction

The following information provides an example for configuring client quantity control.

Network configuration

As shown in Figure 1, the switch acts as a DHCP server to assign IP addresses to the APs and clients. The AC forwards client traffic. Perform the following tasks:

·     Set the maximum number of clients that can associate with a radio to enable AP 1 to permit only Client 1.

·     Set the maximum number of clients that can associate with a service template to enable AP 2 to permit only Client 2 and Client 3.

Figure 1 Network diagram

 

Restrictions and guidelines

Use the actual serial ID of an AP to uniquely identify that AP.

Procedures

Configuring the AC

1.     Configure AC interfaces:

# Create VLAN 100 and VLAN-interface 100, and assign an IP address to the VLAN interface. The AC will use this IP address to establish a CAPWAP tunnel with the AP.

<AC> system-view

[AC] vlan 100

[AC-vlan100] quit

[AC] interface vlan-interface 100

[AC-Vlan-interface100] ip address 192.1.0.1 16

[AC-Vlan-interface100] quit

# Create VLAN 200 and VLAN-interface 200, and assign an IP address to the VLAN interface. Clients will use this VLAN to access the WLAN.

[AC] vlan 200

[AC-vlan200] quit

[AC] interface vlan-interface 200

[AC-Vlan-interface200] ip address 192.2.0.1 24

[AC-Vlan-interface200] quit

# Configure GigabitEthernet 1/0/1 that connects the AC to the switch as a trunk port, and assign the port to VLANs 1, 100, and 200.

[AC] interface gigabitethernet 1/0/1

[AC-GigabitEthernet1/0/1] port link-type trunk

[AC-GigabitEthernet1/0/1] port trunk permit vlan 1 100 200

[AC-GigabitEthernet1/0/1] quit

2.     Configure wireless services:

# Create service template service and enter its view.

[AC] wlan service-template service

# Configure the SSID as service.

[AC-wlan-st-service] ssid service

# Specify VLAN 200 for clients to access the WLAN defined by the service template.

[AC-wlan-st-service] vlan 200

# Set the AKM mode to PSK and specify plaintext string 12345678 as the preshared key.

[AC-wlan-st-1] akm mode psk

[AC-wlan-st-1] preshared-key pass-phrase simple 12345678

# Specify the cipher suite as CCMP and the security IE as RSN.

[AC-wlan-st1] cipher-suite ccmp

[AC-wlan-st-1] security-ie rsn

# Configure the AC to forward client data traffic. You can skip this step if the AC is the client traffic forwarder by default.

[AC2-wlan-st-service] client forwarding-location ac

# Set the maximum number of clients that can associate with the service template to 2.

[AC-wlan-st-service] client max-count 2

# Enable the service template.

[AC-wlan-st-service] service-template enable

[AC-wlan-st-service] quit

3.     Configure the AP:

 

NOTE: In large-scale networks, configure AP groups instead of single APs as a best practice.

 

# Create manual AP officeap1, and specify the AP model and serial ID.

[AC] wlan ap officeap1 model WA6320

[AC-wlan-ap-officeap1] serial-id 219801A28N819CE0002X

# Create manual AP officeap2, and specify the AP model and serial ID.

[AC] wlan ap officeap2 model WA6320

[AC-wlan-ap-officeap2] serial-id 219801A28N819CE0002T

# Create AP group group1, add the AP to the AP group, and specify the AP model.

[AC] wlan ap-group group1

[AC-wlan-ap-group-group1] ap officeap1

[AC-wlan-ap-group-group1] ap-model WA6320

# Bind service template service to radio 1.

[AC-wlan-ap-group-group1-ap-model-WA6320] radio 1

[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] service-template service

# Set the maximum number of clients that can associate with radio 1 and enable radio 1.

[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] client max-count 1

[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] radio enable

[AC-wlan-ap-group-group1-ap-model-WA6320-radio-1] quit

# Create AP group group2, add the AP to the AP group, and specify the AP model.

[AC] wlan ap-group group2

[AC-wlan-ap-group-group2] ap officeap2

[AC-wlan-ap-group-group2] ap-model WA6320

# Bind service template service to radio 1.

[AC-wlan-ap-group-group2-ap-model-WA6320] radio 1

[AC-wlan-ap-group-group2-ap-model-WA6320-radio-1] service-template service

# Enable radio 1.

[AC-wlan-ap-group-group2-ap-model-WA6320-radio-1] radio enable

[AC-wlan-ap-group-group2-ap-model-WA6320-radio-1] quit

[AC-wlan-ap-group-group2] quit

Configuring the switch

1.     Configure switch interfaces:

# Create VLAN 100 and VLAN-interface 100, and assign an IP address to the VLAN interface. The switch will use VLAN 100 to forward packets between the AC and the AP.

<Switch> system-view

[Switch] vlan 100

[Switch-vlan100] quit

[Switch] interface vlan-interface 100

[Switch-Vlan-interface100] ip address 192.1.0.2 16

[Switch-Vlan-interface100] quit

# Create VLAN 200 and VLAN-interface 200, and assign an IP address to the VLAN interface. The switch will use VLAN 200 to forward client traffic.

[Switch] vlan 200

[Switch-vlan200] quit

[Switch] interface vlan-interface 200

[Switch-Vlan-interface200] ip address 192.2.0.2 24

[Switch-Vlan-interface200] quit

# Configure GigabitEthernet 1/0/1 that connects the switch to the AC as a trunk port, and assign the port to VLANs 1, 100, and 200.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] port link-type trunk

[Switch-GigabitEthernet1/0/1] port trunk permit vlan 1 100 200

[Switch-GigabitEthernet1/0/1] quit

# Configure GigabitEthernet 1/0/2 that connects the switch to AP 1 as an access port, and assign the port to VLAN 100.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] port link-type access

[Switch-GigabitEthernet1/0/2] port access vlan 100

# Enable PoE on GigabitEthernet 1/0/2.

[Switch-GigabitEthernet1/0/2] poe enable

[Switch-GigabitEthernet1/0/2] quit

# Configure GigabitEthernet 1/0/3 that connects the switch to AP 2 as an access port, and assign the port to VLAN 100.

[Switch] interface gigabitethernet 1/0/3

[Switch-GigabitEthernet1/0/3] port link-type access

[Switch-GigabitEthernet1/0/3] port access vlan 100

# Enable PoE on GigabitEthernet 1/0/3.

[Switch-GigabitEthernet1/0/3] poe enable

[Switch-GigabitEthernet1/0/3] quit

2.     Configure DHCP:

# Enable DHCP.

[Switch] dhcp enable

# Create DHCP address pool 100 to assign an IP address to the AP, and specify subnet 192.1.0.0/16 in the DHCP address pool.

[Switch] dhcp server ip-pool 100

[Switch-dhcp-pool-100] network 192.1.0.0 mask 255.255.0.0

# Specify the gateway address as 192.1.0.1 in the DHCP address pool.

[Switch-dhcp-pool-100] gateway-list 192.1.0.1

[Switch-dhcp-pool-100] quit

# Create DHCP address pool 200 to assign IP addresses to clients, and specify subnet 192.2.0.0/24 in the DHCP address pool.

[Switch] dhcp server ip-pool 200

[Switch-dhcp-pool-200] network 192.2.0.0 mask 255.255.255.0

# Specify the gateway address as 192.2.0.1 and specify the DNS server address in the DHCP address pool. In this example, the gateway also acts as a DNS server.

[Switch-dhcp-pool-200] gateway-list 192.2.0.1

[Switch-dhcp-pool-200] dns-list 192.2.0.1

[Switch-dhcp-pool-200] quit

Verifying the configuration

# Try to associate client 1, client 2, client 3, and client 4 with the WLAN successively. (Details not shown.)

# Verify that only client 1, client 2, and client 3 have successfully associated with the WLAN.

[AC] display wlan client

Total number of clients: 3

 

MAC address     Username   AP name         R   IP address       VLAN

0000-000f-1211  N/A        officeap1       1     192.2.0.3       200

0000-000f-1212  N/A        officeap2       1     192.2.0.4       200

0000-000f-1213  N/A        officeap2       1     192.2.0.5       200

Configuration files

·     AC:

#

vlan 1

#

vlan 100

#

vlan 200

#

wlan service-template service

 ssid service

 vlan 200

akm mode psk

preshared-key pass-phrase simple 12345678

cipher-suite ccmp

security-ie rsn

client forwarding-location ac

client max-count 2

 service-template enable

#

interface Vlan-interface100

 ip address 192.1.0.1 255.255.0.0

#

interface Vlan-interface200

 ip address 192.2.0.1 255.255.255.0

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 100 200

#

wlan ap officeap1 model WA6320

 serial-id 219801A28N819CE0002X

#

wlan ap officeap2 model WA6320

 serial-id 219801A28N819CE0002T

#

wlan ap-group group1

ap officeap1

ap-model WA6320

radio 1

service-template service

client max-count 1

radio enable

#

wlan ap-group group2

ap officeap2

ap-model WA6320

radio 1

service-template service

radio enable

#

·     Switch:

#

vlan 1

#

vlan 100

#

vlan 200

#

dhcp server ip-pool 100

 gateway-list 192.1.0.1

 network 192.1.0.0 mask 255.255.0.0

#

dhcp server ip-pool 200

 gateway-list 192.2.0.1

 network 192.2.0.0 mask 255.255.255.0

 dns-list 192.2.0.1

#

interface Vlan-interface100

 ip address 192.1.0.2 255.255.0.0

#

interface Vlan-interface200

 ip address 192.2.0.2 255.255.255.0

#

interface GigabitEthernet1/0/1

 port link-type trunk

 port trunk permit vlan 1 100 200

#

interface GigabitEthernet1/0/2

 port link-type access

 port access permit vlan 100

 poe enable

#

interface GigabitEthernet1/0/3

 port link-type access

 port access permit vlan 100

 poe enable

#

Related documentation

·     Radio Resources Management Command Reference in H3C Access Controllers Command References

·     Radio Resources Management Configuration Guide in H3C Access Controllers Configuration Guides

·     WLAN Access Command Reference in H3C Access Controllers Command References

·     WLAN Access Configuration Guide in H3C Access Controllers Configuration Guides