Adding APs

Context

You can add APs in any of the following modes:

Importing APs offline: The APs' MAC addresses and serial numbers (SNs) are configured on an AC before APs go online. The AC starts to set up connections with the APs if the MAC addresses or SNs of the APs match the configured ones.
Configuring the AC to automatically discover an AP: The AP authentication mode is set to no authentication; alternatively, the AP authentication mode is set to MAC or SN authentication and the AP whitelist is configured on the AC. When an AP in the whitelist connects to the AC, the AC discovers the AP, and the AP goes online.
Manually confirming APs added to the list of unauthorized APs: The AP authentication mode is set to MAC or SN authentication, and the AP whitelist is configured on the AC. When an AP out of the whitelist connects to the AC, the AC adds the AP to the list of unauthorized APs. After the AP identity is confirmed, the AP can go online.

When you add an AP in any of the preceding modes, the AP cannot connect to the AC if the MAC address of the AP is in the AP blacklist.

After you add an AP to an AC offline and configure AP parameters, for example, AP group which the AP joins by default, the AP can go online and use the configured data to work. When the AC is configured to automatically discover APs, an AP uses the default parameters to work after going online.

Adding an AP offline is recommended when the MAC address or SN of the AP is already learned.

The AP blacklist and whitelist can be configured at the same time. However, the MAC address of an AP cannot be added to the AP blacklist and whitelist at the same time.

If AP whitelist and blacklist are all configured, check whether an AP is on the blacklist first.

The number of APs managed by an AC is restricted by the following factors:

License resource items: The total number of common APs and central APs does not exceed the maximum number of local license resource items on the AC. RUs do not occupy license resources.
Maximum number of APs managed by an AC: The total number of central APs, common APs, and RUs does not exceed the maximum number of APs that the AC can manage.

Procedure

Add an AP offline.
1. Run the system-view command to enter the system view.
2. Run the wlan command to enter the WLAN view.
3. (Optional) Run the ap blacklist mac ap-mac1 [ to ap-mac2 ] command to add the AP to an AP blacklist.
  By default, no AP is in an AP blacklist.
4. Run the ap auth-mode { mac-auth | sn-auth } command to set the AP authentication mode to MAC address authentication or SN authentication.
  The default AP authentication mode is MAC address authentication. In the CloudCampus Solution scenario, for an AC working in NETCONF mode, the AP authentication mode is SN authentication.
5. Run the ap-id ap-id [ [ type-id type-id | ap-type ap-type ] { ap-mac ap-mac | ap-sn ap-sn | ap-mac ap-mac ap-sn ap-sn } ] or ap-mac ap-mac [ type-id type-id | ap-type ap-type ] [ ap-id ap-id ] [ ap-sn ap-sn ] command to import the AP offline and enter the AP view.
6. Run the ap-name ap-name command to configure the AP name.
  By default, no AP name is configured for an AP.
7. Run the ap-group group-name command to add the AP to an AP group.
  By default, no AP group is configured.
Configure the AC to automatically discover an AP.

If no AP name or AP group is configured for an automatically discovered AP on the AC, the configuration file of the AP name or AP group will not be generated in the AP view.

If an AP is deleted from the AC, the configuration in the AP view will be automatically deleted.
- Set the AP authentication mode to no authentication.
  1. Run the system-view command to enter the system view.
  2. Run the wlan command to enter the WLAN view.
  3. (Optional) Run the ap blacklist mac ap-mac1 [ to ap-mac2 ] command to add the AP to an AP blacklist.
    
    By default, no AP is in an AP blacklist.
  4. Run the ap auth-mode no-auth command to set the AP authentication mode to no authentication.
    
    The default AP authentication mode is MAC address authentication. In the CloudCampus Solution scenario, for an AC working in NETCONF mode, the AP authentication mode is SN authentication.
    
    The non-authentication mode brings security risks. You are advised to set the authentication mode to MAC address authentication or SN authentication, which is more secure.
- Set the AP authentication mode to MAC address or SN authentication.
  1. Run the system-view command to enter the system view.
  2. Run the wlan command to enter the WLAN view.
  3. (Optional) Run the ap blacklist mac ap-mac1 [ to ap-mac2 ] command to add the AP to an AP blacklist.
    
    By default, no AP is in an AP blacklist.
  4. Run the ap auth-mode { mac-auth | sn-auth } command to set the AP authentication mode to MAC address authentication or SN authentication.
    
    The default AP authentication mode is MAC address authentication. In the CloudCampus Solution scenario, for an AC working in NETCONF mode, the AP authentication mode is SN authentication.
  5. Configure the AP whitelist.
    - Run the ap whitelist mac ap-mac1 [ to ap-mac2 ] command to add the AP with the specified MAC address to the whitelist if the AP authentication mode is set to MAC address authentication.
      
      By default, no MAC address is added to the AP whitelist.
    - Run the ap whitelist sn ap-sn1 [ to ap-sn2 ] command to add the AP with the specified SN to the whitelist if the AP authentication mode is set to SN authentication.
      
      By default, no SN is added to the AP whitelist.
Manually confirm the AP added to the list of unauthorized APs.
1. Run the system-view command to enter the system view.
2. Run the wlan command to enter the WLAN view.
3. (Optional) Run the ap blacklist mac ap-mac1 [ to ap-mac2 ] command to add the AP to an AP blacklist.
  By default, no AP is in an AP blacklist.
4. Run the ap auth-mode { mac-auth | sn-auth } command to set the AP authentication mode to MAC address authentication or SN authentication.
  The default AP authentication mode is MAC address authentication. In the CloudCampus Solution scenario, for an AC working in NETCONF mode, the AP authentication mode is SN authentication.
5. Run the display ap unauthorized record command to check information about unauthorized APs.
6. Run the ap-confirm { all | mac ap-mac | sn ap-sn } command to confirm the unauthorized APs. After confirmation, the APs work in normal state.

Verifying the Configuration

Run the display ap global configuration command to check the AP authentication mode.
Run the display ap blacklist command to check the AP blacklist.
Run the display ap whitelist { mac | sn } command to check the AP whitelist.