Managing a large number of APs is both time consuming and costly. The fit AP+AC network architecture enables an AC to implement centralized AP management and maintenance.

Control And Provisioning of Wireless Access Points (CAPWAP) defines how an AP communicates with an AC. It provides a generic encapsulation and transport mechanism between AP and AC. CAPWAP uses UDP and supports both IPv4 and IPv6.

As shown in Figure 1, an AC and an AP establish a data tunnel to forward data packets and a control tunnel to forward control packets.

Figure 1 CAPWAP tunnel

‌

AC discovery

After starting up with zero configurations, an AP automatically creates VLAN-interface 1 and enables the DHCP client, DHCPv6 client, and DNS features on the interface. Then it obtains its own IP address from the DHCP server and discovers ACs by using the following methods:

· Static IP address.

If AC IP addresses have been manually configured for the AP, the AP sends a unicast discovery request to each AC IP address to discover ACs.

· DHCP options.

The AP obtains AC IPv4 addresses from Option 138, Option 43, and IPv6 addresses from Option 52 sent from the DHCP server. It uses these addresses in descending order.

· DNS.

a. The AP obtains the domain name suffix from the DHCP server.

b. The AP adds the suffix to the host name.

c. The DNS server translates the domain name into IP addresses.

For more information about DNS, see Layer 3—IP Services Configuration Guide.

· Broadcast.

The AP broadcasts discovery requests to IP address 255.255.255.255 to discover ACs.

· IPv4 multicast:

The AP sends multicast discovery requests to IPv4 address 224.0.1.140 to discover ACs.

· IPv6 multicast.

The AP sends multicast discovery requests to IPv6 address FF0E::18C to discover ACs.

The methods of static IP address, DHCPv4 options, broadcast/IPv4 multicast, IPv4 DNS, IPv6 multicast, DHCPv6 option, and IPv6 DNS are used in descending order.

The AP does not stop AC discovery until it establishes a CAPWAP tunnel with one of the discovered ACs.

DHCP options

Option 43

Option 43 can be configured only in hexadecimal format, case insensitive. It contains the PXE server address sub-option and ACS parameter sub-option.

· PXE server address sub-option.

¡ If you specify one AC IPv4 address, for example, 2.2.2.2, you must specify option 43 hex 800700000102020202 in DHCP address pool view of the DHCP server.

- 80—Fixed value, 1 byte long.

- 07—Length of the subsequent fields. In this example, the subsequent fields are 7 byte long.

- 0000—Fixed value.

- 01—Number of AC IPv4 addresses. In this example, one IPv4 address is specified.

- 02020202—AC IPv4 address in hexadecimal format. You can specify a maximum of 16 IPv4 addresses, and spaces are not allowed between the IPv4 addresses.

¡ If you specify two AC IPv4 addresses, for example, 6.6.6.2 and 6.6.6.3, you must specify option 43 hex 800b0000020606060206060603 in DHCP address pool view of the DHCP server.

· ACS parameter sub-option.

¡ If you specify one AC IPv4 address, for example, 2.2.2.2, you must specify option 43 hex 010402020202 in DHCP address pool view of the DHCP server.

- 01—Fixed value, 1 byte long.

- 04—Length of the subsequent fields. In this example, the subsequent fields are 4 byte long.

- 02020202—AC IPv4 address in hexadecimal format. You can specify a maximum of 16 IPv4 addresses, and spaces are not allowed between the IPv4 addresses.

¡ If you specify two AC IPv4 addresses, for example, 6.6.6.2 and 6.6.6.3, you must specify option 43 hex 01080606060206060603 in DHCP address pool view of the DHCP server.

Option 138

Option 138 can be configured in hexadecimal and IP formats. In hexadecimal format, Option 138 contains the PXE server address sub-option and ACS parameter sub-option. The fields for the sub-options in hexadecimal format are the same as those for Option 43.

· If you specify one AC IPv4 address, for example, 192.168.0.100, you must specify option 138 ip-address 192.168.0.100 in DHCP address pool view of the DHCP server.

You can specify a maximum of 8 IPv4 addresses, and you must separate them with spaces.

· If you specify two AC IPv4 addresses, for example, 6.6.6.2 and 6.6.6.3, you must specify option 138 ip-address 6.6.6.2 6.6.6.3 in DHCP address pool view of the DHCP server.

Option 52

Option 52 can be configured only in hexadecimal format, case insensitive.

· If you specify one AC IPv6 address, for example, 3138:101::62, you must specify option 52 hex 31380101000000000000000000000062 in DHCP address pool view of the DHCP server.

The IPv6 address must contain 32 bytes. You can specify a maximum of 8 IPv6 addresses, and you must separate them with spaces.

· If you specify two AC IPv6 addresses, for example, 3138:101::62 and 3138:101::72, you must specify option 52 hex 3138010100000000000000000000006231380101000000000000000000000072 in DHCP address pool view of the DHCP server.

CAPWAP tunnel establishment

Figure 2 Establishing a CAPWAP tunnel

‌

As shown in Figure 2, the AP and an AC establish a CAPWAP tunnel by using the following procedure:

1. The AP sends a discovery request to each AC to discover ACs.

2. Upon receiving a discovery request, an AC determines whether to send a discovery response by performing the following steps:

a. Identifies whether the discovery request is a unicast packet.

- Unicast packet—The AC proceeds to step b.

- Broadcast or multicast packet—The AC proceeds to step b if it is disabled with the feature of responding only to unicast discovery requests. If this feature is enabled, the AC does not send a discovery response.

b. Identifies whether it has manual AP configuration for the AP model specified in the discovery request.

- If manual AP configuration exists, the AC sends a discovery response to the AP. The discovery response contains information about whether the AC has the manual configuration for the AP, the AP connection priority, and the AC's load status.

- If no manual AP configuration exists, the AC proceeds to step c.

c. Identifies whether auto AP is enabled.

- If auto AP is enabled, the AC sends a discovery response to the AP. The discovery response contains the enabling status of auto AP, AP connection priority, and AC's load information.

- If auto AP is disabled, the AP does not send a discovery response.

3. Upon receiving the discovery responses, the AP selects the optimal AC in descending order.

¡ AC that saves information about the AP.

¡ AC where the auto AP feature is enabled.

¡ AC with higher AP connection priority.

¡ AC with the lighter load.

¡ AC that is the earliest to respond.

4. The AP sends a join request to the optimal AC.

5. After receiving the join request, the AC examines the information in the request to determine whether to provide access services to the AP and sends a join response.

6. The AP examines the result code in the response upon receiving the join response:

¡ If the result code represents failure, the AP does not establish a CAPWAP tunnel with the AC.

¡ If the result code represents success, the AP establishes a CAPWAP tunnel with the AC.

APDB

The Access Point Information Database (APDB) on an AC stores the following AP information:

· AP models.

· Hardware version and software version mappings.

· Information about radios supported by AP models:

¡ Number of radios.

¡ Radio type.

¡ Valid region code.

¡ Valid antenna type.

¡ Maximum transmission power.

The AC can establish a CAPWAP tunnel with an AP only when the APDB contains the corresponding AP model information.

You can use the system script and user scripts to manage data in the APDB. The system script is released with the AC software version, and it is automatically loaded each time the AC starts. If you need to add new AP models, upgrade the AC software version (see Fundamentals Configuration Guide) or create a user script and load it on the AC (see "Loading an APDB user script").

Protocols and standards

· RFC 5415, Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification

· RFC 5416, Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11

· RFC 5417, Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller DHCP Option

Restrictions and guidelines: AP management configuration

You can configure APs by using the following methods:

· Configure APs one by one in AP view.

· Assign APs to an AP group and configure the AP group in AP group view.

· Configure all APs in global configuration view.

For an AP, the settings made in these views for the same parameter take effect in descending order of AP view, AP group view, and global configuration view.

As a best practice, configure APs in AP group view for large scale network deployment.

AP management tasks at a glance

To configure AP management, perform the following tasks:

1. Configuring CAPWAP tunnel establishment

Choose one of the tasks of creating a manual AP and managing auto APs.

¡ Creating a manual AP

¡ Managing auto APs

¡ (Optional.) Setting the discovery-response timeout timer

¡ (Optional.) Setting the AP connection priority for the AC

¡ (Optional.) Enabling the AC to respond only to unicast discovery requests

2. (Optional.) Configuring an AP group

3. (Optional.) Upgrading APs' software

4. (Optional.) Configuring a CAPWAP tunnel

¡ Setting the control tunnel keepalive timer for an AP

¡ Setting the data tunnel keepalive interval for an AP

¡ Setting the maximum fragment size for CAPWAP packets

¡ Setting the TCP MSS for CAPWAP tunnels

5. (Optional.) Configuring region code settings

¡ Specifying a region code

¡ Including or excluding region codes in beacon frames and probe responses

6. (Optional.) Configuring AC request retransmission

7. (Optional.) Maintaining APs

¡ Resetting APs

¡ Renaming a manual AP

¡ Managing the file system of an AP

¡ Setting the statistics report interval

¡ Setting the statistics fast report interval

¡ Setting a LED lighting mode

¡ Deploying a configuration file to an AP

8. (Optional.) Configuring advanced features for AP management

¡ Configuring remote AP

¡ Configuring the virtual AP feature

¡ Enabling 5 GHz radio virtualization

¡ Configuring the AP tag

9. (Optional.) Maintaining ACs

¡ Enabling time zone synchronization

¡ Loading an APDB user script

¡ Enabling service anomaly detection

10. (Optional.) Configuring SNMP notifications

¡ Enabling SNMP notifications

¡ Setting the online AP quantity threshold for triggering an SNMP trap

11. Configuring an AP monitor group

Configuring CAPWAP tunnel establishment

Prerequisites for configuring CAPWAP tunnel establishment

Before you manage APs, complete the following tasks:

· Create a DHCP address pool on the DHCP server to assign IP addresses to APs.

· If DHCP options are used for AC discovery, configure Option 138, Option 43, or Option 52 in the specified DHCP address pool on the DHCP server.

· If DNS is used for AC discovery, configure the IP address of the DNS server and the AC domain name suffix in the specified DHCP address pool on the DHCP server. Then configure the mapping between the domain name and the AC IP address on the DNS server.

· Make sure the APs and the AC can reach each other.

For more information about DHCP and DNS, see Layer 3—IP Services Configuration Guide.

Creating a manual AP

About this task

You can create a manual AP on the AC based on the AP model, serial ID, and MAC address of the AP you are using. An AP prefers to establish a CAPWAP tunnel with an AC that saves the manual AP configuration.

Procedure

1. Enter system view.

system-view

2. Create a manual AP and enter its view.

¡ Create a physical AP.

wlan ap ap-name [ model model-name ]

¡ Create a virtual AP.

wlan virtual-ap ap-name [ model model-name ]

You must specify the model name when you create an AP.

3. Specify the serial ID or the MAC address for the AP.

¡ Specify the serial ID for the AP.

serial-id serial-id

¡ Specify the MAC address for the AP.

mac-address mac-address

By default, neither the serial ID nor the MAC address is specified for an AP.

4. (Optional.) Configure a description for the AP.

description text

By default, an AP does not have a description.

Managing auto APs

About this task

The auto AP feature enables APs to connect to an AC without manual AP configuration. This feature simplifies configuration when you deploy a large number of APs in a WLAN.

Restrictions and guidelines

To prevent illegal APs from associating with the AC, disable the auto AP feature after all required APs are associated with the AC.

You must convert auto APs to manual APs after they come online because of the following reasons:

· Auto APs can re-associate with the AC upon an AC reboot or CAPWAP tunnel termination only when they are converted to manual APs.

· You can individually configure auto APs only when they are converted to manual APs.

Tasks at a glance

To configure auto APs, perform the following tasks:

1. Enabling the auto AP feature

2. (Optional.) Converting auto APs to manual APs

Prerequisites

Before you configure remote authentication for auto APs, specify an authentication domain and AAA scheme on the AC and create user accounts on the RADIUS server. For information about authentication domain and AAA scheme configuration, see AAA in User Access and Authentication Configuration Guide.

Enabling the auto AP feature

1. Enter system view.

system-view

2. Enable the auto AP feature.

wlan auto-ap enable

By default, the auto AP feature is disabled.

Converting auto APs to manual APs

1. Enter system view.

system-view

2. Convert auto APs to manual APs. Choose the options to configure as needed:

¡ Convert online auto APs to manual APs.

wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ] }

¡ Enable the auto AP conversion feature.

wlan auto-persistent enable

By default, the auto AP conversion feature is disabled.

The wlan auto-persistent enable command does not take effect on auto APs that are already online.

Setting the discovery-response timeout timer

About this task

The discovery-response timeout timer specifies the timeout time for an AP to wait for another discovery response. Whenever an AP receives a discovery response packet, the discovery-response timeout timer is created or refreshed. When the timeout timer expires, the AP sends a join request to the optimal AC.

Restrictions and guidelines

If the network condition is poor, set a larger discovery-response timeout timer.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the discovery-response timeout timer.

discovery-response wait-time seconds

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the discovery-response timeout timer is 2 seconds.

Setting the AP connection priority for the AC

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the AP connection priority for the AC.

priority priority

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the AP connection priority is 4.

Enabling the AC to respond only to unicast discovery requests

About this task

An AP can send unicast, multicast, and broadcast discovery requests to discover ACs. This feature enables an AC to respond only to unicast discovery requests.

Procedure

1. Enter system view.

system-view

2. Enable the AC to respond only to unicast discovery requests.

wlan capwap discovery-policy unicast

By default, the AC can respond to unicast, multicast, and broadcast discovery requests.

Configuring an AP group

About this task

This feature enables you to configure multiple APs in a batch to reduce configuration workload.

APs in an AP group use the configuration of the group. By default, all physical APs belong to system-defined AP group default-group, and all virtual APs belong to the system-defined virtual AP group default-vitualapgroup. The system-defined AP group cannot be deleted.

You can configure AP grouping rules by AP name, serial ID, MAC address, and IP address to add APs to the specified AP group. Priorities of these grouping rules are in descending order. If an AP does not match any grouping rules, it is added to the default AP group.

Restrictions and guidelines

An AP can be added to only one AP group.

You cannot delete an AP group that contains an AP. An AP group that has grouping rules but does not contain any APs can be deleted.

When you configure an AP grouping rule, follow these restrictions and guidelines:

· You cannot create the same grouping rule for different AP groups. If you do so, the most recent configuration takes effect.

· You cannot create grouping rules for the default AP group.

· AP grouping rules by IPv4 or IPv6 addresses for an AP group or for different AP groups cannot overlap with each other.

· An AP group supports a maximum of 32 AP grouping rules by IPv4 or IPv6 addresses.

Procedure

1. Enter system view.

system-view

2. Create an AP group and enter its view.

¡ Create a physical AP group.

wlan ap-group group-name

By default, system-defined physical AP group default-group exists.

¡ Create a virtual AP group.

wlan virtual-ap-group group-name

By default, system-defined virtual AP group default-vitualapgroup exists.

3. (Optional.) Configure a description for the AP group.

description text

By default, an AP group does not have a description.

4. Create an AP grouping rule. Choose the options to configure as needed:

¡ Create an AP grouping rule by AP names.

ap ap-name-list

¡ Create an AP grouping rule by serial IDs.

serial-id serial-id

¡ Create an AP grouping rule by MAC addresses.

mac-address mac-address

¡ Create an AP grouping rule by IPv4 addresses.

if-match ip ip-address { mask-length | mask }

¡ Create an AP grouping rule by IPv6 addresses.

if-match ipv6 { ipv6-address prefix-length | ipv6-address/prefix-length }

5. Return to system view.

quit

6. (Optional.) Create an AP regrouping rule.

wlan re-group { ap ap-name | ap-group source-group-name | mac-address mac-address | serial-id serial-id } group-name

Upgrading APs' software

Configuring software upgrade

About this task

With software upgrade enabled, the AC examines the AP software version while establishing a CAPWAP tunnel with an AP. If this feature is disabled, the AC does not examine the software version of the AP and directly establishes a CAPWAP tunnel with the AP.

Software upgrade for an AP proceeds as follows:

1. The AP reports the software version and AP model information to the AC.

2. The AC examines the received AP software version.

¡ If a match is found, the AC establishes a CAPWAP tunnel with the AP.

¡ If no match is found, the AC sends a message that notifies the AP of the AP software version inconsistency.

3. Upon receiving the inconsistency message, the AP requests a software version from the AC.

4. The AC assigns the software version to the AP after receiving the request.

5. The AP upgrades the software version, restarts, and establishes a CAPWAP tunnel with the AC

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, virtual AP view, virtual AP group view, or global configuration view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

3. Configure software upgrade.

firmware-upgrade { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no software upgrade configuration exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view. If no software upgrade configuration exists in virtual AP group view, the virtual AP uses the configuration in global configuration view.

¡ In virtual AP group view, a virtual AP uses the configuration in global configuration view.

¡ In global configuration view, the software upgrade feature is enabled.

Configuring the mapping between a software version and a hardware version of an AP model

About this task

Perform this task to configure the mapping between a software version and a hardware version of an AP model for software upgrade.

Perform this task only when the AP software version for an AP model stored in the APDB is inconsistent with the software version you expect for the AP model. To display the AP software version for each AP model in the APDB, use the display wlan ap-model command.

Restrictions and guidelines

To avoid CAPWAP tunnel establishment failure, use this feature under the guidance of H3C Support.

Procedure

1. Enter system view.

system-view

2. Configure the mapping between a software version and a hardware version of an AP model.

wlan apdb model-name hardware-version software-version

By default, the software version for a hardware version of an AP model is the software version that is stored in APDB user scripts.

Specifying the preferred location for the AC to obtain an AP image file

About this task

The AC assigns an AP image file to an AP if the AP requests a software version during CAPWAP tunnel establishment. You can specify the preferred location as the AC's RAM or local folder for the AC to obtain an AP image file. If the AC cannot obtain an AP image file from the preferred location, it obtains an AP image file from the other location. If no AP image file exists, the AC fails to obtain an image file and cannot assign a software version to the AP.

Restrictions and guidelines

The AC can assign only .ipe AP image files to APs.

If you specify the local folder, make sure the AC uses a CF or flash card as the default file system and the AP image file is stored in the root directory of the file system on the AC.

Procedure

1. Enter system view.

system-view

2. Specify the preferred location for the AC to obtain an AP image file.

wlan image-load filepath { local | ram }

By default, the AC prefers the AP image file stored in the RAM when assigning a software version to an AP.

Deploying an image file to online APs

About this task

This feature enables you to upgrade the image of all the online APs. For the upgrade to take effect, reboot the APs after upgrade.

Procedure

1. Enter system view.

system-view

2. Deploy an image file to all the online APs.

wlan ap-image-deploy

Configuring a CAPWAP tunnel

Configuring CAPWAP tunnel encryption

About this task

The CAPWAP tunnel encryption feature encrypts the tunnel packets exchanged in the CAPWAP control/data tunnel, thereby ensuring the security of the CAPWAP tunnel packets. The CAPWAP tunnel encryption feature uses the Datagram Transport Layer Security (DTLS) protocol to encrypt the CAPWAP tunnel packets.

CAPWAP tunnel encryption uses the Datagram Transport Layer Security (DTLS) protocol to encrypt control and data packets transmitted over a CAPWAP tunnel.

When CAPWAP control tunnel encryption is enabled for an AP, the AC and the AP communicate as follows:

1. The AC sends a discovery response with the encryption flag to the AC.

2. The AP performs a DTLS handshake with the AC and then establishes a CAPWAP tunnel with the AC.

3. The AC and the AP encrypt control packets transmitted in the CAPWAP control tunnel after the DTLS handshake.

With CAPWAP data tunnel encryption enabled, the AP exchanges encryption information, including keys, with the AC through the control tunnel after receiving the first data tunnel keepalive packet replied by the AC. Once the exchange is complete, the AP encrypts and transmits the CAPWAP data tunnel packets (excluding the Keepalive packets).

Restrictions and guidelines

After you enable CAPWAP control tunnel encryption, APs go offline and then come online again from the AC to re-establish CAPWAP tunnels.

CAPWAP control tunnel encryption requires a certificate. Before specifying the certificate used for CAPWAP tunnel encryption, use FTP or TFTP to upload the AC and AP certificates to the AC and then execute the download file command to deploy the AP certificate to the corresponding APs.

The certificate file function used for CAPWAP control tunnel encryption must be configured before enabling CAPWAP control tunnel encryption. It will only take effect after the control tunnel encryption feature is enabled and the AP comes online again.

If no certificate file is specified for CAPWAP control tunnel encryption, the system uses the built-in certificate file for authentication.

Prerequisites

To use a non-built-in certificate, save the certificate, key, and CA certificate to the file system of the AC. These files can be in the .pem or .cer format.

Procedure

1. Enter system view.

system-view

2. Specify the certificate used for CAPWAP tunnel encryption.

wlan capwap encryption certificate cer-name key key-name ca ca-name

By default, the system uses the built-in certificate for CAPWAP tunnel encryption.

3. Enter AP view, AP group view, virtual AP view, or virtual AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

4. Configure CAPWAP control tunnel encryption.

tunnel encryption { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, CAPWAP control tunnel encryption is disabled.

¡ In virtual AP view, an AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, CAPWAP control tunnel encryption is disabled.

5. Configure CAPWAP data tunnel encryption.

data-tunnel encryption { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, CAPWAP data tunnel encryption is disabled.

¡ In virtual AP view, an AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, CAPWAP data tunnel encryption is disabled.

Setting the control tunnel keepalive timer for an AP

About this task

An AP sends echo requests to the AC at the specified echo interval to identify whether the CAPWAP control tunnel is operating correctly. The AC responds by sending echo responses. If the AP does not receive any echo responses before the keepalive timer expires, the AP terminates the connection. If the AC does not receive any echo requests before the keepalive timer expires, the AC terminates the connection.

The keepalive time is the echo interval multiplied by the maximum number of echo request transmission attempts specified by using the echo-count command. For an AC, the minimum keepalive time is 120 seconds. If the calculated value is smaller than 120, the system sets the keepalive time to 120 seconds.

The configuration in virtual AP view takes precedence over the configuration in virtual AP group view.

Restrictions and guidelines

Setting the echo interval to 0 seconds disables an AP from sending echo requests. This setting is for test use only. For correct AC and AP communication, do not set the echo interval to 0 seconds.

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, virtual AP view, or virtual AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

3. Set the interval for the AP to send echo requests.

echo-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the echo interval is 10 seconds.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, the echo interval is 10 seconds.

4. Set the maximum number of echo request transmission attempts.

echo-count count

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the maximum number of echo request transmission attempts is 3.

This feature is supported only in AP view and AP group view.

Setting the data tunnel keepalive interval for an AP

About this task

An AP sends data channel keepalive packets to the AC at the specified keepalive intervals after a CAPWAP tunnel is established between the AP and the AC.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the data tunnel keepalive interval.

keepalive-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the data tunnel keepalive interval is 10 seconds.

Setting the maximum fragment size for CAPWAP packets

About this task

Perform this task to prevent intermediate devices from dropping packets between AC and AP if the AP connects to the AC across the Internet.

Any maximum fragment size modification takes effect immediately on online APs.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the maximum fragment size for CAPWAP control or data packets.

fragment-size { control control-size | data data-size }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the maximum fragment size for CAPWAP control packets and data packets is 1450 bytes and 1500 bytes, respectively.

Setting the TCP MSS for CAPWAP tunnels

About this task

Perform this task to set the value of the Maximum Segment Size (MSS) option in SYN packets transmitted over a CAPWAP tunnel.

The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than or equal to the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, TCP fragments the segment based on the receiver's MSS.

Procedure

1. Enter system view.

system-view

2. Set the TCP MSS for CAPWAP tunnels.

wlan tcp mss value

The default setting is 1460 bytes.

Configuring region code settings

Specifying a region code

About this task

A region code determines characteristics such as available frequencies, available channels, and transmit power level. Set a valid region code before configuring an AP.

To prevent regulation violation caused by region code modification, lock the region code.

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, or global configuration view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

3. Specify a region code.

region-code code

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no region code exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In global configuration view, the region code is CN for China, JP for Japan, and not configured for other countries or regions.

4. (Optional.) Lock the region code.

region-code-lock enable

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no region code exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In global configuration view, the region code is not locked.

Including or excluding region codes in beacon frames and probe responses

Restrictions and guidelines

If you enable an AP to include its region code in beacon frames and probe responses, you must also specify the AP installation environment. If you bind different service templates to radios of an AP, make sure the service templates are specified with the same installation environment type.

Procedure

1. Enter system view.

system-view

2. Enter service template view.

wlan service-template service-template-name

3. Include or exclude region codes in beacon frames and probe responses and specify the installation environment type.

region-code-ie { disable | enable { any | indoor | outdoor } }

By default, beacon frames and probe responses contain region codes and the installation environment type is any.

Configuring AC request retransmission

About this task

The AC retransmits a request to an AP at the retransmission interval until the maximum number of request retransmission attempts is reached or a response is received.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set the maximum number of request retransmission attempts.

retransmit-count value

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the maximum number of request retransmission attempts is 3.

4. Set the interval at which an AC request is retransmitted.

retransmit-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the retransmission interval is 5 seconds.

Maintaining APs

Resetting APs

To reset all APs or the specified AP, execute the following command in user view:

reset wlan ap { all | ap-group group-name | model model-name | name ap-name | native }

Renaming a manual AP

1. Enter system view.

system-view

2. Rename a manual AP.

wlan rename-ap ap-name new-ap-name

Managing the file system of an AP

About this task

You can perform the following tasks on an AC to manage files for an AP after the AP establishes a CAPWAP tunnel with the AC:

· View file information for the AP.

· Delete a file from the AP.

· Download an image file from the AC to the AP.

Restrictions and guidelines

This feature takes effect only on master ACs.

Procedure

1. Display information about files or file folders on an AP.

display wlan ap name ap-name files

2. Enter system view.

system-view

3. Enter AP view.

wlan ap ap-name

4. Manage files on the AP.

¡ Delete a file from the AP.

delete file filename

¡ Download an image file to the AP.

download file file-name

Setting the statistics report interval

About this task

Perform this task to change the interval for an AP to report its statistics. You can use the statistics to monitor the operating status of radios on the AP.

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, virtual AP view, virtual AP group view, or global configuration view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

¡ Enter global configuration view.

wlan global-configuration

3. Set the statistics report interval.

statistics-interval interval

By default:

¡ In AP view, an AP uses the configuration in AP group view. If no configuration exists in AP group view, the AP uses the configuration in global configuration view.

¡ In AP group view, an AP uses the configuration in global configuration view.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view. If no configuration exists in virtual AP group view, the virtual AP uses the configuration in global configuration view.

¡ In virtual AP group view, a virtual AP uses the configuration in global configuration view.

¡ In global configuration view, the statistics report interval is 50 seconds.

Setting the statistics fast report interval

About this task

This task enables an AP to fast report specific statistics to the AC. APs can fast report only channel usage statistics to the AC.

Setting the interval to 0 disables an AP from fast reporting statistics to the AC.

Procedure

1. Enter system view.

system-view

2. Enter AP view, AP group view, virtual AP view, or virtual AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

¡ Enter virtual AP view.

wlan virtual-ap ap-name

¡ Enter virtual AP group view.

wlan virtual-ap-group group-name

3. Set the interval at which an AP fast reports statistics to the AC.

statistics-interval fast-report fast-report-interval

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the fast report interval is 0 seconds. An AP does not fast report statistics to the AC.

¡ In virtual AP view, a virtual AP uses the configuration in virtual AP group view.

¡ In virtual AP group view, the fast report interval is 0 seconds. A virtual AP does not fast report statistics to the AC.

Setting a LED lighting mode

About this task

You can configure LEDs on an AP to flash in the following modes:

· quiet—The LED is off.

· awake—The LED flashes once every minute. Support for this mode depends on the AP model.

· always-on—The LED is steady on. Support for this mode depends on the AP model.

· normal—How LEDs flash in this mode varies by AP model. This mode can identify the running status of an AP.

Restrictions and guidelines

If you set the LED lighting mode to awake or always-on in AP group view, the setting takes effect only on member APs that support the specified LED lighting mode.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Set a LED lighting mode.

led-mode { always-on | awake | normal | quiet }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, the LED lighting mode is normal.

Deploying a configuration file to an AP

About this task

Deploy a configuration file to an AP if you want to update its configuration file or configure features that require a configuration file. For example, to configure a user profile for an AP in local forwarding mode, you must write related commands to a configuration file and then deploy the configuration file to the AP. The configuration file takes effect when the CAPWAP tunnel to the AC is in Run state. It does not survive an AP reboot.

Restrictions and guidelines

Make sure the configuration file is stored in the storage medium of the AC. Contents in the configuration file must be complete commands. You can upload the configuration file to the AC through FTP or from the Web interface. As a best practice, upload the configuration file from the Web interface.

If you edited the configuration file for an online AP and want the configuration file to take effect immediately, perform one of the following tasks:

· Execute the undo map-configuration command, and then execute the map-configuration filename command to deploy the configuration file to the AP.

· Disconnect the AC from the AP for the AP to come online again.

Procedure

1. Enter system view.

system-view

2. Enter AP view or an AP group's AP model view.

¡ Enter AP view.

wlan ap ap-name

¡ Execute the following commands in sequence to enter an AP group's AP model view:

wlan ap-group group-name

ap-model ap-model

3. Deploy a configuration file to the AP.

map-configuration filename

By default, no configuration file is deployed to an AP.

Configuring advanced features for AP management

Configuring remote AP

About this task

Remote AP enables an AP to automatically perform the following operations when the CAPWAP tunnel to the AC is disconnected:

· Forward client traffic.

· Provide client access services if local authentication is enabled and association is enabled at the AP.

Remote AP is applicable to telecommuting, small branches, and SOHO solutions.

Restrictions and guidelines

Remote AP takes effect only on APs that operate in local forwarding mode.

When the tunnel between the AC and AP is recovered, clients that use the AC as the authenticator need reauthentication. Clients that use the AP as the authenticator remain online.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Configure remote AP.

hybrid-remote-ap { disable | enable }

By default:

¡ In AP view, an AP uses the configuration in AP group view.

¡ In AP group view, remote AP is disabled.

Configuring the virtual AP feature

About this task

A physical AP can be virtualized into multiple virtual APs to provide different wireless services. You can use one AC to manage the physical AP and another AC to manage the virtual APs for isolation.

As shown in Figure 3, the physical AP is virtualized into one virtual AP. The physical AP establishes a CAPWAP tunnel with AC 1, and the virtual AP establishes a CAPWAP tunnel with AC 2 to provide wireless services for Client 1 and Client 2, respectively.

Figure 3 Network diagram

‌

Restrictions and guidelines

You can create only one virtual AP for a physical AP.

Make sure the IP address of the AC that manages a physical AP is different from the IP address of the AC that manages its virtual AP and make sure the IP addresses are the same version.

When the virtual AP feature is enabled, the number of BSSs that can be created on a radio decreases by 50%.

Before you disable the virtual AP feature, make sure no virtual AP exists in all AP views and AP group views. If any virtual AP exists, first delete that virtual AP and then disable the virtual AP feature.

For security purposes, you can specify a management VLAN for a virtual AP different from its physical AP. If you do not specify a management VLAN for a virtual AP, you must enable port isolation for an Ethernet interface on that AP.

Before you can specify a management VLAN for a virtual AP, you must assign an Ethernet interface on that AP to the management VLAN and make sure the management VLAN-interface obtains an IP address through DHCP.

Prerequisites

Before you enable this feature, make sure the WLAN ID assigned to the service templates bound to all radios in all AP radio views and AP group radio views is not a value in the second half of the WLAN ID range. If such a WLAN ID exists, you must first unbind the service template and then enable this feature. To view the WLAN IDs assigned to a service template, execute the display system internal wlan bss list ap ap-id radio radio-id command in probe view. The value range for a WLAN ID is from 1 to the maximum number of BSSs that can be created on a radio before the virtual AP feature is enabled.

Procedure

1. Enter system view.

system-view

2. Enable the virtual AP feature.

wlan virtual-ap enable

Before creating a virtual AP, make sure the virtual AP feature has been enabled on the AC.

3. Enter AP view, or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

4. Create a virtual AP and specify the IP address of the AC to which the virtual AP connects.

virtual-ap ac-address { ip ipv4-address | ipv6 ipv6-address } [ management-vlan vlan ]

Enabling 5 GHz radio virtualization

NOTE:

Support for this feature depends on the AP model.

‌

About this task

5 GHz radio virtualization splits the 5 GHz radio on an AP that has a 2.4 GHz radio and a 5-GHz 8 × 8 mode radio into two 5-GHz 4 × 4 mode radios. With this feature enabled, a dual-radio AP can operate in triple-radio mode.

Restrictions and guidelines

Before you configure 5 GHz radio virtualization, perform the following tasks:

· Disable the auto AP feature.

· Delete the manual APs for which you want to enable this feature. If the manual APs belong to an AP group, also delete the manual APs from that AP group.

After you configure 5 GHz radio virtualization, reconfigure the target APs. The APs will reboot automatically during the association process to switch to triple-radio mode.

Procedure

1. Enter system view.

system-view

2. Enable 5 GHz radio virtualization.

wlan virtual-5g-radio enable { all | ap-model ap-model }

By default, 5 GHz radio virtualization is disabled. A 5 GHz radio will not be virtualized into two 5 GHz radios.

Configuring the AP tag

About this task

An AP tag is a collection of AP parameter attributes. Based on the business characteristics of each application scenario, the device provides predefined AP tags for you to reference according to the actual network application scenarios. After you specify a tag, the AP can inherit the AP parameters defined in the AP tag without the need for manual configuration.

Currently, the following predefined AP tags are available:

· meeting—Meeting room tag. This tag sets the bandwidth of 5GHz radios to 80 MHz.

· high-density—High-density tag.

· vip—VIP tag, which represents an AP in the monitor group. In monitor group view, you can use the ap ap-name command to add an AP to the AP monitor group. The monitor group allows the APs in it to collect and report data to the AC regarding client quantity, radio traffic, radio channel usage, and AP abnormal information.

· unstable—Unstable AP tag. When an AP with an unstable tag goes offline, it will not trigger automatic power adjustment for neighboring APs. This tag is assigned to APs automatically and does not support manual configuration.

Restrictions and guidelines

If an AP tag is configured in both AP view and AP group view, the configuration in AP view takes precedence over the configuration in AP group view.

Procedure

1. Enter system view.

system-view

2. Enter AP view or AP group view.

¡ Enter AP view.

wlan ap ap-name

¡ Enter AP group view.

wlan ap-group group-name

3. Configure the AP tag.

ap-tag tag

By default:

¡ In AP view, the configuration in AP group view is used.

¡ In AP group view, no AP tag is configured.

Maintaining ACs

Enabling time zone synchronization

About this task

This feature enables APs to synchronize time and time zone information from the AC at association and at specific intervals after association.

Procedure

1. Enter system view.

system-view

2. Enable time zone synchronization.

wlan timezone-sync enable

By default, time zone synchronization is enabled.

Loading an APDB user script

About this task

This task allows you to add new AP models to the APDB without upgrading AC software.

Restrictions and guidelines

Make sure the user script is valid. Invalid scripts can cause loading failure.

The AP models in the user script must be different from the AP models in the system script.

If you load multiple user scripts on the AC, the most recently loaded user script overwrites the old user scripts.

To reload a user script when the following conditions exist, you must delete the related AP models or use the wlan apdb command to restore the original software version:

· A manual AP or an online auto AP whose model is listed in the old user script exists.

· APs of an AP model listed in the old user script have been added to an AP group.

· The old user script includes an AP model whose software version was already configured.

For more information about the wlan apdb command, see WLAN Command Reference.

To prevent AP model configuration lost after an AC reboot, you must reload a user script when you rename, or delete the user script in the file system.

When you replace a user script, the AP model configuration in the old user script will be lost upon an AC reboot if the new user script does not contain AP model configuration of the old script. In this case, you must reload the new user script.

Procedure

1. Enter system view.

system-view

2. Load an APDB user script.

wlan apdb file user.apdb

By default, no user script is loaded on the AC.

Enabling service anomaly detection

About this task

This feature takes effect only on the master AC that had more than 50 associated APs in a cloud cluster.

This feature enables an AC to check service status and start a reboot timer (10 minutes) upon detecting that no APs are associated with the AC. When the reboot timer expires, the AC perform either of the following operations:

· Restart if no AP comes online during the 10 minutes.

· Delete the timer if a minimum of one AP is online.

If APs come online and then all go offline before the timer expires, the AC restarts the timer upon detecting that the last online AP goes offline.

Procedure

1. Enter system view.

system-view

2. Enable service anomaly detection.

wlan detect-anomaly enable

By default, service anomaly detection is enabled.

CAUTION:

With this feature disabled, the AC cannot restart automatically if a service exception occurs. As a best practice, do not disable this feature.

Configuring SNMP notifications

Enabling SNMP notifications

About this task

To report critical WLAN events to an NMS, enable SNMP notifications. For WLAN event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enable SNMP notifications.

¡ Enable SNMP notifications for AP management.

snmp-agent trap enable wlan ap

By default, SNMP notifications for AP management are disabled.

¡ Enable SNMP notifications for CAPWAP.

snmp-agent trap enable wlan capwap

By default, SNMP notifications for CAPWAP are disabled.

Setting the online AP quantity threshold for triggering an SNMP trap

About this task

With SNMP notifications and this command configured, the AC sends overload traps to the SNMP module when the number of online APs to the number of APs allowed by the license exceeds the specified threshold. If the threshold is exceeded, the AC sends an SNMP recover trap every time an AP comes online. When the number drops below the threshold, the AC sends recover traps to the SNMP module.

Restrictions and guidelines

If you set the threshold to 100, the AC will not send overload traps, because the number of online APs will not exceed the number of APs allowed by the license.

Procedure

1. Enter system view.

system-view

2. Set the online AP quantity threshold for triggering an SNMP trap.

wlan trap ap-number threshold percent

By default, the online AP quantity threshold for triggering an SNMP trap is 100. The AC does not send traps.

Configuring an AP monitor group

About AP monitor groups

APs in an AP monitor group can report client quantity, radio traffic, channel usage, and AP anomalies to the AC.

Restrictions and guidelines

You can add a maximum of 32 APs to an AP monitor group.

Procedure

1. Enter system view.

system-view

2. Create an AP monitor group and enter its view.

wlan vip-ap-group

3. Add an AP to the AP monitor group.

ap ap-name

By default, no APs exist in an AP monitor group.

4. (Optional.) Set the interval at which the AP reports statistics to the AC.

report-interval interval

By default, an AP reports statistics to the AC at intervals of 50 seconds.

Verifying and maintaining AP management

Displaying and clearing AP connection records

To display AP connection records on the AC, execute the following command in any view:

display wlan ap { all | name ap-name } connection-record

To clear AP connection records on the AC, execute the following command in user view:

reset wlan ap { all | name ap-name } connection-record

Displaying AP management information

Perform display tasks in any view.

· Display information about all APs or the specified AP.

display wlan ap { all | apid ap-id | name ap-name } [ verbose [ filter { field }&<1-5> ] ]

· Display AP tags.

display wlan ap { all | name ap-name } ap-tag { all | tag }

· Display virtual AP information.

display wlan virtual-ap { all | name ap-name }

· Display address information for all APs or the specified AP.

display wlan ap { all | name ap-name } address

· Display AP group information for all APs or the specified AP.

display wlan ap { all | name ap-name } group

· Display Ethernet interface statistics for all online APs or a specified online AP.

display wlan ap { all | name ap-name } interface [ verbose ]

· Display AP online duration.

display wlan ap { all | name ap-name } online-time

· Display running configuration for all APs or the specified AP.

display wlan ap { all | name ap-name } running-configuration [ verbose ]

· Display the reboot logs of the specified AP.

display wlan ap name ap-name reboot-log

· Display region code information for APs.

display wlan ap { all | name ap-name } region-code

· Display association failure records for APs.

display wlan ap statistics association-failure-record

· Display information about AP image downloading.

display wlan ap statistics image-download [ failed | in-progress | succeeded ]

· Display online AP quantity records.

display wlan ap statistics online-record [ datetime date time [ count count ] ]

· Display the total online duration for APs.

display wlan ap { all | name ap-name } total-online-duration

· Display information about all AP groups or the specified AP group.

display wlan ap-group [ brief | name group-name ]

· Display virtual AP group information.

display wlan virtual-ap-group [ brief | name group-name ]

· Display AP model information.

display wlan ap-model { all | name model-name }

· Display the number of installed WLAN licenses.

display wlan license

Clearing the reboot logs of all APs or the specified APs

To clear the reboot logs of all APs or the specified AP, execute the following command in user view:

reset wlan ap reboot-log { all | name ap-name }

Displaying CAPWAP tunnel information

Perform display tasks in any view.

· Display configuration status of CAPWAP features.

display wlan ap all feature capwap

· Display CAPWAP tunnel down records.

display wlan ap statistics tunnel-down-record

· Display master and backup link switchover statistics.

display wlan ap statistics switch-over-record

AP management configuration examples

Example: Establishing a CAPWAP tunnel through DHCP

Network configuration

As shown in Figure 4, configure the AP to obtain its IP address and AC IP address from the DHCP server through DHCP Option 43. The AP uses the IP address of the AC to establish a CAPWAP tunnel with the AC.

Figure 4 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable the DHCP service.

<DHCP server> system-view

[DHCP server] dhcp enable

# Configure DHCP address pool 1.

[DHCP server] dhcp server ip-pool 1

[DHCP server-dhcp-pool-1] network 1.1.1.0 mask 255.255.255.0

# Configure Option 43 to specify the IP address of the AC in address pool 0. The right-most bytes 01010103 (1.1.1.3) represent the IP address of the AC.

[DHCP server-dhcp-pool-1] option 43 hex 800700000101010103

[DHCP Server-dhcp-pool-1] quit

[DHCP Server] quit

2. Configure the AC:

# Set the IP address of VLAN-interface 1 on the AC to 1.1.1.3/24.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 1.1.1.3 24

[AC-Vlan-interface1] quit

# Create an AP named ap1 with model WA6320, and set its serial ID to 219801A28N819CE0002T.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

[AC-wlan-ap-ap1] quit

# Start up the AP. The AP performs the following operations:

¡ Obtains its IP address 1.1.1.2 from the DHCP server.

¡ Obtains the IP address of the AC through Option 43.

¡ Establishes a CAPWAP tunnel with the AC.

Verifying the configuration

# Verify that you can see the following information:

· The AP obtains the IP address of the AC through DHCP.

· The AP and the AC have established a CAPWAP tunnel.

· The AP is in Run state.

[AC] display wlan ap name ap1 verbose

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Ready-for-Switchover : Not ready

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A28N819CE0002T

MAC address : 0AFB-423B-893C

IP address : 1.1.1.2

UDP port number : 18313

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DHCP

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled Radio 1:

Basic BSSID : 7848-59f6-3940

Admin state : Up

Radio type : 802.11ac

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel bandwidth : 20/40/80MHz

Operating bandwidth : 20/40/80MHz

Secondary channel offset : SCB

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

mimo : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Radio 2:

Basic BSSID : 7848-59f6-3950

Admin state : Down

Radio type : 802.11n(2.4GHz)

Antenna type : internal

Client dot11n-only : Disabled

Channel bandwidth : 20/40MHz

Secondary channel offset : SCA

Channel auto-switch : Enabled

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15, 16, 17,

18, 19, 20, 21, 22, 23, 24, 25,

26, 27, 28, 29, 30, 31

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Example: Establishing a CAPWAP tunnel through DNS

Network configuration

As shown in Figure 5, configure the AP to obtain the IP address of the AC through DNS to establish a CAPWAP tunnel with the AC.

Figure 5 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable the DHCP service, configure DHCP address pool 1, and set the domain name suffix of the AC to abc.

<DHCP server> system-view

[DHCP server] dhcp enable

[DHCP server] dhcp server ip-pool 1

[DHCP server-dhcp-pool-1] network 1.1.1.0 mask 255.255.255.0

[DHCP server-dhcp-pool-1] domain-name abc

[DHCP server-dhcp-pool-1] dns-list 1.1.1.4

[DHCP server-dhcp-pool-1] gateway-list 1.1.1.2

[DHCP server-dhcp-pool-1] quit

[DHCP server] quit

2. Configure a mapping between domain name h3c.abc and IP address 2.1.1.1/24. For more information, see Layer 3—IP Services Configuration Guide. (Details not shown.)

3. Configure the AC:

# Set the IP address of VLAN-interface 1 to 2.1.1.1/24.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 2.1.1.1 24

[AC-Vlan-interface1] quit

# Configure a default route with next hop address 2.1.1.2.

[AC] ip route-static 0.0.0.0 0 2.1.1.2

# Create an AP named ap1 with model WA6320, and set its serial ID to 219801A28N819CE0002T.

[AC] wlan ap ap1 model WA6320

[AC-wlan-ap-ap1] serial-id 219801A28N819CE0002T

# Start up the AP.

[AC-wlan-ap-ap1] quit

The AP performs the following operations:

¡ Obtains its IP address 1.1.1.1, the domain name suffix of the AC, and the IP address of the DNS server from the DHCP server.

¡ Adds the domain name suffix to the hostname.

¡ Informs the DNS client to translate the domain name into an IP address.

¡ Uses the IP address of the AC to establish a CAPWAP tunnel with the AC.

Verifying the configuration

# Verify that you can see the following information:

· The AP and the AC have established a CAPWAP tunnel.

· The AP is in Run state.

· The AP obtains the IP address of the AC through DNS.

[AC] display wlan ap name ap1 verbose

AP name : ap1

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Ready-for-Switchover : Not ready

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A28N819CE0002T

MAC address : 0AFB-423B-893C

IP address : 1.1.1.2

UDP port number : 18313

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DNS

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled

Radio 1:

Basic BSSID : 7848-59f6-3940

Admin state : Up

Radio type : 802.11ac

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel bandwidth : 20/40/80MHz

Operating bandwidth : 20/40/80MHz

Secondary channel offset : SCB

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

mimo : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Radio 2:

Basic BSSID : 7848-59f6-3950

Admin state : Down

Radio type : 802.11n(2.4GHz)

Antenna type : internal

Client dot11n-only : Disabled

Channel bandwidth : 20/40MHz

Secondary channel offset : SCA

Channel auto-switch : Enabled

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15, 16, 17,

18, 19, 20, 21, 22, 23, 24, 25,

26, 27, 28, 29, 30, 31

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Example: Configuring the auto AP feature

Network configuration

As shown in Figure 6, enable the auto AP feature on the AC. The AP obtains the AC IP address through DHCP Option 43 and establishes a CAPWAP tunnel with the AC.

Figure 6 Network diagram

‌

Procedure

1. Configure the DHCP server:

# Enable the DHCP service.

<DHCP server> system-view

[DHCP server] dhcp enable

# Configure DHCP address pool 1.

[DHCP server] dhcp server ip-pool 1

[DHCP server-dhcp-pool-1] network 1.1.1.0 mask 255.255.255.0

# Configure Option 43 to specify the IP address of the AC in address pool 0. The right-most bytes 02010102 (2.1.1.2) represent the IP address of the AC.

[DHCP server-dhcp-pool-1] option 43 ip-address hex 800700000102010102

[DHCP Server-dhcp-pool-1] gateway-list 1.1.1.3

[DHCP Server-dhcp-pool-1] quit

[DHCP Server] quit

2. Configure the AC:

# Set the IP address of VLAN-interface 1 on the AC to 2.1.1.2/24.

<AC> system-view

[AC] interface vlan-interface 1

[AC-Vlan-interface1] ip address 2.1.1.2 24

[AC-Vlan-interface1] quit

# Configure a default route with next hop address 2.1.1.1.

[AC] ip route-static 0.0.0.0 0 2.1.1.1

# Enable auto AP.

[AC] wlan auto-ap enable

Verifying the configuration

# Verify that the AP has established a CAPWAP tunnel with the AC.

[AC] display wlan ap name 0011-2200-0101 verbose

AP name : 0011-2200-0101

AP ID : 1

AP group name : default-group

State : Run

Backup type : Master

Ready-for-Switchover : Not ready

Online time : 0 days 1 hours 25 minutes 12 seconds

System up time : 0 days 2 hours 22 minutes 12 seconds

Model : WA6320

Region code : CN

Region code lock : Disable

Serial ID : 219801A28N819CE0002T

MAC address : 0011-2200-0101

IP address : 1.1.1.2

UDP port number : 18313

H/W version : Ver.C

S/W version : E2321

Boot version : 1.01

USB state : N/A

Power level : N/A

Power info : N/A

Description : wtp1

Priority : 4

Echo interval : 10 seconds

Echo count : 3 counts

Keepalive interval : 10 seconds

Discovery-response wait-time : 2 seconds

Statistics report interval : 50 seconds

Fragment size (data) : 1500

Fragment size (control) : 1450

MAC type : Local MAC & Split MAC

Tunnel mode : Local Bridging & 802.3 Frame & Native Frame

CWPCAP data-tunnel status : Up

Discovery type : DHCP

Retransmission count : 3

Retransmission interval : 5 seconds

Firmware upgrade : Enabled

Sent control packets : 1

Received control packets : 1

Echo requests : 147

Lost echo responses : 0

Average echo delay : 3

Last reboot reason : User soft reboot

Latest IP address : 10.1.0.2

Current AC IP : N/A

Tunnel down reason : Request wait timer expired

Connection count : 1

Backup Ipv4 : Not configured

Backup Ipv6 : Not configured

Tunnel encryption : Disabled

Data-tunnel encryption : Disabled

Data-tunnel encryption state : Not encrypted

LED mode : Normal

Remote configuration : Enabled

Radio 1:

Basic BSSID : 7848-59f6-3940

Admin state : Up

Radio type : 802.11ac

Antenna type : internal

Client dot11ac-only : Disabled

Client dot11n-only : Disabled

Channel bandwidth : 20/40/80MHz

Operating bandwidth : 20/40/80MHz

Secondary channel offset : SCB

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

Short GI for 80MHz : Supported

Short GI for 160MHz : Not supported

mimo : Not Config

Green-Energy-Management : Disabled

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational VHT-MCS Set:

Mandatory : Not configured

Supported : NSS1 0,1,2,3,4,5,6,7,8,9

NSS2 0,1,2,3,4,5,6,7,8,9

Multicast : Not configured

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 44(auto)

Channel usage(%) : 15

Max power : 20 dBm

Operational rate:

Mandatory : 6, 12, 24 Mbps

Multicast : Auto

Supported : 9, 18, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : -102 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Radio 2:

Basic BSSID : 7848-59f6-3950

Admin state : Down

Radio type : 802.11b

Antenna type : internal

Client dot11n-only : Disabled

Channel bandwidth : 20MHz

Operating bandwidth : 20MHz

Secondary channel offset : SCN

Short GI for 20MHz : Supported

Short GI for 40MHz : Supported

A-MSDU : Enabled

A-MPDU : Enabled

LDPC : Not Supported

STBC : Supported

Operational HT MCS Set:

Mandatory : Not configured

Supported : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,

10, 11, 12, 13, 14, 15

Multicast : Not configured

Channel : 5(auto)

Channel usage(%) : 0

Max power : 20 dBm

Preamble type : Short

Operational rate:

Mandatory : 1, 2, 5.5, 11 Mbps

Multicast : Auto

Supported : 6, 9, 12, 18, 24, 36, 48, 54 Mbps

Disabled : Not configured

Distance : 1 km

ANI : Enabled

Fragmentation threshold : 2346 bytes

Beacon interval : 100 TU

Protection threshold : 2346 bytes

Long retry threshold : 4

Short retry threshold : 7

Maximum rx duration : 2000 ms

Noise Floor : 0 dBm

Smart antenna : Enabled

Smart antenna policy : Auto

Protection mode : rts-cts

Continuous mode : N/A

HT protection mode : No protection

Example: Configuring AP groups

Network configuration

As shown in Figure 7, configure AP groups and add AP 1 to AP group group1, and AP 2, AP 3, and AP 4 to AP group group2.

Figure 7 Network diagram

‌

Procedure

1. Configure APs to obtain their IP addresses and the AC IP address from the DHCP server. (Details not shown.)

2. Configure manual APs. (Details not shown.)

3. Configure AP groups:

# Create an AP group named group1.

<AC> system-view

[AC] wlan ap-group group1

# Add AP 1 to AP group group1.

[AC-wlan-ap-group-group1] ap ap1

[AC-wlan-ap-group-group1] quit

# Create an AP group named group2.

[AC] wlan ap-group group2

# Add AP 2, AP 3, and AP 4 to AP group group2.

[AC-wlan-ap-group-group2] ap ap2 ap3 ap4

[AC-wlan-ap-group-group2] quit

[AC] quit

Verifying the configuration

# Verify that AP 1 is in AP group group1, and AP 2, AP 3, and AP 4 are in AP group group2.

[AC-wlan-ap-group-group2] display wlan ap-group

Total number of AP groups: 3

AP group name : default-group

Description : Not configured

AP model : Not configured

APs : Not configured

AP group name : group1

Description : Not configured

AP model : WA6320

AP grouping rules:

AP name : ap1

Serial ID : Not configured

MAC address : Not configured

IPv4 address : Not configured

IPv6 address : Not configured

APs : ap1 (AP name)

AP group name : group2

Description : Not configured

AP model : WA6320

AP grouping rules:

AP name : ap2, ap3, ap4

Serial ID : Not configured

MAC address : Not configured

IPv4 address : Not configured

IPv6 address : Not configured

APs : ap2 (AP name), ap3 (AP name), ap4 (AP name)

Example: Configuring virtual APs

Network configuration

As shown in Figure 8, the physical AP associates with AC 1 to provide wireless services. Create a virtual AP and associate it with AC 2 to provide wireless services.

Figure 8 Network diagram

‌

Procedure

1. Configure the switch as the DHCP server to assign an IP address to the AP. (Details not shown.)

2. Configure AC 1:

# Edit the configuration file of the AP and name it as map.txt, and then upload the configuration file to the storage medium on AC 1.

system-view

interface range GigabitEthernet 1/0/1 to GigabitEthernet 1/0/2

port-isolate enable

# Set the IP address of VLAN-interface 1 on AC 1 to 2.1.1.2/24.

<AC1> system-view

[AC1] interface vlan-interface 1

[AC1-Vlan-interface1] ip address 2.1.1.2 24

[AC1-Vlan-interface1] quit

# Enable the virtual AP feature.

[AC1] wlan virtual-ap enable

# Create an AP named ap1, and set its serial ID.

[AC1] wlan ap ap1 model WA6320

[AC1-wlan-ap-ap1] serial-id 219801A28N819CE0002T

# Create a virtual AP on AP ap1, and specify the AC IP address as the IP address of AC 2.

[AC1-wlan-ap-ap1] virtual-ap ac-address ip 2.1.1.3

# Deploy the configuration file to the AP.

[AC1-wlan-ap-ap1] map-configuration map.txt

[AC1-wlan-ap-ap1] quit

3. Configure AC 2:

# Set the IP address of VLAN-interface 1 on AC 2 to 2.1.1.3/24.

<AC2> system-view

[AC2] interface vlan-interface 1

[AC2-Vlan-interface1] ip address 2.1.1.3 24

[AC2-Vlan-interface1] quit

# Create a virtual AP named ap2 on AC 2 with the same model and serial ID with ap1 on AC 1.

[AC2] wlan virtual-ap ap2 model WA6320

[AC2-wlan-virtual-ap-ap2] serial-id 219801A28N819CE0002T

# Disable software upgrade in virtual AP view. Virtual APs do not support software upgrade. If AC 2 and the virtual AP use different software versions, the virtual AP cannot connect to the AC.

[AC2-wlan-virtual-ap-ap2] firmware-upgrade disable

[AC2-wlan-virtual-ap-ap2] quit

Verifying the configuration

# Verify that virtual AP ap2 has established a CAPWAP tunnel with AC 2.

[AC2] display wlan virtual-ap all

Total number of virtual-APs: 1

Total number of connected virtual-APs: 1

Total number of connected common virtual-APs: 1

Total number of connected virtual-WTUs: 0

Maximum supported APs: 256

Remaining APs: 255

AP information

State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad

C = Config, DC = DataCheck, R = Run, M = Master, B = Backup

AP name APID State Model Serial ID

ap2 1 R/M WA6320 219801A28N819CE0002T

27-WLAN Configuration Guide (AC)

DHCP options

Option 43

Option 52

About this task

Procedure

About this task

Restrictions and guidelines

Tasks at a glance

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

Configuring a CAPWAP tunnel

About this task

Restrictions and guidelines

Prerequisites

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

Setting the TCP MSS for CAPWAP tunnels

About this task

Procedure

About this task

Procedure

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

Configuring the virtual AP feature

About this task

Restrictions and guidelines

Prerequisites

Procedure

About this task

Restrictions and guidelines

Procedure

Configuring the AP tag

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines