Implementing Wi-Fi using Huawei WAC and APs
- April 10, 2024
- Posted by: James Majani
- Category: Networking
Wireless workplaces are crucial in improving communication and collaboration efficiency for campuses. Some examples of campuses include factories, government buildings and facilities, shopping malls, office buildings, school campuses and parks. Campus networks, as the infrastructure for campuses to connect to the digital world, are an indispensable part of campus construction and play an increasingly important role in daily working, R&D, production and operation management. This lab simulates basic Wi-Fi environment.
In the lab, the architecture is two-tier , we have Core/Aggregation and Access layers. APs are managed by WAC which is connected to the CORE switch. Tunnel forwarding is the forwarding mode to be configured. There are two VLANs i.e. AP_Management and Wireless_Service VLAN. The gateway for users is on the CORE.
Step 1: Configure VLANs and ports.
AP_Management-Vlan10 10.0.10.0/24 and Wireless_Service-Vlan100 10.0.100.0/24
*******************************************ACC_1
system-view
sysname ACC_1
vlan batch 10 100
port-group 1
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2 ethernet 0/0/1
port trunk pvid vlan 10
port trunk allow-pass vlan 10 100
*******************************************CORE
system-view
sysname CORE
vlan batch 10 100
port-group 1
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 100
*******************************************WAC
system-view
sysname WAC
vlan batch 10 100
interface GigabitEthernet 0/0/1
port link-type trunk
port trunk pvid vlan 10
port trunk allow-pass vlan 10 100Step 2: Configure Vlanif interface for AP_Management Vlan on the AC and set the AC as the DHCP server for APs
*******************************************WAC
system-view
dhcp enable
ip pool AP_Management
network 10.0.10.0 mask 24
gateway-list 10.0.10.254
dns-list 8.8.8.8
#
interface vlanif 10
description AP_Management_GW
ip add 10.0.10.254 24
dhcp select globalCheck whether APs have obtained Management IPs from DHCP Server.
Step3: Specify Capwap source and configure basic authentication for APs.
Create a Regulatory-profile and set the country code, create ap-group and bind the regulatory profile to the AP group. Set AP authentication to mac-address authentication, add the APs and their MAC addresses, bind them to the AP group.
*******************************************WAC
system-view
capwap-source interface vlanif 10
wlan
report-sta-info enable
regulatory-domain profile name PROPAGATE
country-code CH
#
ap-group name PROPAGATE
regulatory-domain-profile PROPAGATE
#
ap auth-mode mac-auth
ap-id 1 ap-mac 00e0-fc12-4e90
ap-group PROPAGATE
ap-name AP1
#
ap-id 2 ap-mac 00e0-fc2b-35f0
ap-group PROPAGATE
ap-name AP2
Step 4: Create ssid-profile, security-profile and vap-profile. Bind ssid-profile and security-profile to vap-profile and then bind vap-profile to the AP group.
On vap-profile specify forward-mode and service vlan.
*******************************************WAC
wlan
ssid-profile name PROPAGATE
ssid PROPAGATE
#
security-profile name PROPAGATE
security wpa-wpa2 psk pass-phrase jambo_987 aes
#
vap-profile name PROPAGATE
forward-mode tunnel
service-vlan vlan-id 100
security-profile PROPAGATE
ssid-profile PROPAGATE
#
ap-group name PROPAGATE
vap-profile PROPAGATE wlan 1 radio all
Confirm that the APs are online on WAC. The status of APs should be nor (normal).
Step 5: Configure DHCP server for users on the CORE switch.
*******************************************CORE
system-view
dhcp enable
interface vlanif100
description Wireless_Service_GW
ip address 10.0.100.254 24
dhcp select interfaceCheck whether stations have scanned the ssid and input authenticated credentials to get IP address.
We can see that the APs have Stations online.