Configuring a Mesh Whitelist

Context

A Mesh whitelist specifies the MAC addresses of neighboring APs that are allowed to connect to an AP. After a Mesh whitelist is bound to a radio of an AP, only the neighboring APs with the MAC addresses in the whitelist can connect to the AP, and other APs are denied access.

If no Mesh whitelist is configured, APs may establish Mesh links with neighboring APs randomly, wasting limited Mesh link resources. When the number of established Mesh links reaches the maximum, the APs cannot establish more Mesh links with neighboring APs that require Mesh links. In addition, because there may be rogue neighboring APs, potential security risks exist if no Mesh whitelist is configured.

In a scenario where ATs access a Mesh network, only ATs can connect to the MPP. You can allow all neighboring ATs to access the MPP without configuring a Mesh whitelist. Alternatively, you can configure a Mesh whitelist to allow only neighboring ATs whose MAC addresses are specified in the Mesh whitelist to connect to the MPP. However, in other Mesh application scenarios, a Mesh profile must have a Mesh whitelist profile bound, and the Mesh whitelist profile must have MAC addresses configured.

Procedure

Run system-view
The system view is displayed.
Run wlan
The WLAN view is displayed.
Run mesh-whitelist-profile name whitelist-name
A Mesh whitelist profile is created, and the Mesh whitelist profile view is displayed.

By default, no Mesh whitelist profile is available in the system.
Run peer-ap mac mac-address
MAC addresses of neighboring APs that are allowed to connect to an AP are added to the Mesh whitelist profile.

By default, no MAC address of a neighboring AP is added to a Mesh whitelist profile.
Run quit
Return to the WLAN view.
Enter the radio view.
- Enter the AP group radio view.
  1. Run the ap-group name group-name command to enter the AP group view.
  2. Run the radio radio-id command to enter the radio view.
- Enter the AP radio view.
  1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.
  2. Run the radio radio-id command to enter the radio view.
Run mesh-whitelist-profile whitelist-name
The Mesh whitelist profile is bound to the AP radio.

By default, no Mesh whitelist profile is bound to an AP radio.

When the AT accesses the MPP through a Mesh link, the Mesh whitelist is optional. You can determine whether to configure a Mesh whitelist to control AT access as required.