Optimizing AP System Profile Parameters

Context

This task is to configure an AP to directly respond to association requests of STAs and configure the MTU of Ethernet port in the AP system profile and the Extensible Authentication Protocol (EAP) packet conversion function.

Procedure

Run system-view
The system view is displayed.
Run wlan
The WLAN view is displayed.
Run ap-system-profile name profile-name
An AP system profile is created, and the AP system profile view is displayed.

By default, the system provides the AP system profile default.
Run mtu mtu-value
The MTU of the management VLANIF is configured in an AP system profile.

By default, the MTU value of the management VLANIF and CAPWAP on an AP is 1500 bytes.

The size of data packets is limited at the network layer. When a network layer device receives an IP packet, it determines the outbound interface and obtains the MTU configured on the interface.

The device then compares the MTU with the IP packet length. If the IP packet length is longer than the MTU, the device fragments the IP packet. Each fragment has the smaller or equal size as the MTU.

If the MTU value is smaller than the DHCP packet length, the AP may be disconnected. In this case, restart the AP.
Configure EAP packet conversion.
Different vendors use different methods to encapsulate EAP packets in broadcast, multicast, or unicast packets.

In 802.1X authentication, when an AP sends EAPOL-Start and EAPOL-Response packets to an AC, the method that the AP uses to encapsulate the two types of packets must be the same as the method that the access device directly connected to the AC uses. Otherwise, the two types of packets cannot be processed by the access device directly connected to the AP. Consequently, the user cannot pass 802.1X authentication.
1. Run the eapol-start dest-address transform-condition { always | equal-bssid } command to specify EAPOL-Start packets to be encapsulated.
  By default, an AP encapsulates only the EAPOL-start packets with the destination MAC addresses being the AP's BSSID.
2. Run the eapol-start dest-address transform-to { broadcast | multicast | mac mac-address } command to configure the AP to encapsulate EAPOL-Start packets into broadcast, multicast, or unicast packets.
  By default, an AP encapsulates EAPOL-start packets into multicast packets.
3. Run the eapol-response dest-address transform-condition { always | equal-bssid } command to specify EAPOL-Response packets to be encapsulated.
  By default, an AP encapsulates only the EAPOL-response packets with the destination MAC addresses being the AP's BSSID.
4. Run the eapol-response dest-address transform-to { broadcast | multicast | mac mac-address | learning } command to configure the AP to encapsulate EAPOL-Response packets into broadcast, multicast, or unicast packets.
  By default, an AP encapsulates EAPOL-response packets into unicast packets and actively learns the destination MAC address.
Run quit
Return to the WLAN view.
Bind an AP system profile to an AP group or AP.
- Binding an AP system profile to an AP group.
  1. Run the ap-group name group-name command to enter the AP group view.
  2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.
    
    By default, the AP system profile default is bound to an AP group.
- Binding an AP system profile to an AP.
  1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
  2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.
    
    By default, no AP system profile is bound to an AP.