Example for Configuring Mesh Services
Configuration Process
You need to configure and maintain WLAN features and functions in different profiles. These WLAN profiles include regulatory domain profile, radio profile, VAP profile, AP system profile, AP wired port profile, WIDS profile, WDS profile, and Mesh profile. When configuring WLAN services, you need to set related parameters in the WLAN profiles and bind the profiles to the AP group or APs. Then the configuration is automatically delivered to and takes effect on the APs. WLAN profiles can reference one another; therefore, you need to know the relationships among the profiles before configuring them. For details about the profile relationships and their basic configuration procedure, see WLAN Service Configuration Procedure.
Networking Requirements
An enterprise has three areas: Area A, Area B, and Area C. Restricted by geographical locations, the AP in Area A can be deployed in wired mode, but wired deployment of APs is costly in Area B and Area C. The enterprise requires that APs be deployed in Area B and Area C at low cost.
As shown in Figure 1, a Mesh network is deployed to connect AP_2 and AP_3 to AP_1 through Mesh links, which can reduce network construction cost.
Configuration Roadmap
- Configure network connectivity and enable the AP (MPP) in Area A to go online on the AC in wired mode.
- Configure Mesh services to enable APs (MPs) in Area B and Area C to go online on the AC through Mesh links.
In this example, Switch_A (access switch) and Switch_B (aggregation switch) are Huawei products.
AP |
Type |
MAC |
|---|---|---|
AP_1 |
AP8130DN |
60de-4474-9640 |
AP_2 |
AP8130DN |
60de-4476-e360 |
AP_3 |
AP8130DN |
dcd2-fcf6-76a0 |
Item |
Data |
|---|---|
Management VLAN for APs |
VLAN 100 |
DHCP server |
The AC functions as a DHCP server to allocate IP addresses to APs. Address pool: 10.23.100.2-10.23.100.254/24 |
AC's source interface |
VLANIF 100: 10.23.100.1/24 |
Mesh profile name |
Name: mesh-net |
Mesh role |
|
Mesh ID |
Name: mesh-net |
Mesh whitelist |
Name: mesh-list |
AP system profile |
Name: mesh-sys |
Radio used by Mesh services |
Radio 1:
|
Security profile |
|
AP group |
|
Configuration Notes
- No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
Procedure
- Configure the AC to communicate with AP_1.
# Configure access switch Switch_A. Add GE0/0/1 to VLAN 100 (management VLAN) and set the PVID of the interface to VLAN 100. Configure GE0/0/1 and GE0/0/2 to allow packets from VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname Switch_A [Switch_A] vlan batch 100 [Switch_A] interface gigabitEthernet 0/0/1 [Switch_A-GigabitEthernet0/0/1] port link-type trunk [Switch_A-GigabitEthernet0/0/1] port trunk pvid vlan 100 [Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [Switch_A-GigabitEthernet0/0/1] port-isolate enable [Switch_A-GigabitEthernet0/0/1] quit [Switch_A] interface gigabitEthernet 0/0/2 [Switch_A-GigabitEthernet0/0/2] port link-type trunk [Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [Switch_A-GigabitEthernet0/0/2] quit
# Configure aggregation switch Switch_B. Configure GE0/0/1 and GE0/0/2 to allow packets from VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname Switch_B [Switch_B] vlan batch 100 [Switch_B] interface gigabitEthernet 0/0/1 [Switch_B-GigabitEthernet0/0/1] port link-type trunk [Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [Switch_B-GigabitEthernet0/0/1] quit [Switch_B] interface gigabitEthernet 0/0/2 [Switch_B-GigabitEthernet0/0/2] port link-type trunk [Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [Switch_B-GigabitEthernet0/0/2] quit
# Configure GE0/0/1 that connects the AC to the aggregation switch to allow packets from VLAN 100 to pass through.
<HUAWEI> system-view [HUAWEI] sysname AC [AC] vlan batch 100 [AC] interface gigabitEthernet 0/0/1 [AC-GigabitEthernet0/0/1] port link-type trunk [AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AC-GigabitEthernet0/0/1] quit
- Configure the AC as a DHCP server to allocate IP addresses to APs.
[AC] dhcp enable [AC] interface vlanif 100 [AC-Vlanif100] ip address 10.23.100.1 24 [AC-Vlanif100] dhcp select interface [AC-Vlanif100] quit
- Configure the AP groups, country code, and AC's source interface.
# Create AP groups for MPPs and MPs respectively and add APs that require the same configuration to the same group.
[AC] wlan [AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] quit [AC-wlan-view] ap-group name mesh-mp [AC-wlan-ap-group-mesh-mp] quit
# Create a regulatory domain profile, configure the AC country code in the profile, and apply the profile to the AP groups.
[AC-wlan-view] regulatory-domain-profile name domain1 [AC-wlan-regulate-domain-domain1] country-code cn [AC-wlan-regulate-domain-domain1] quit [AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-mesh-mpp] quit [AC-wlan-view] ap-group name mesh-mp [AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y [AC-wlan-ap-group-mesh-mp] quit [AC-wlan-view] quit
# Configure the AC's source interface.
[AC] capwap source interface vlanif 100
# Add AP_1 to the AP group mesh-mpp and AP_2 and AP_3 to the AP group mesh-mp. The default AP authentication mode is MAC address authentication. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.
In this example, the AP8130DN is used and has two radios: radio 0 and radio 1.
[AC] wlan [AC-wlan-view] ap auth-mode mac-auth [AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640 [AC-wlan-ap-1] ap-name AP_1 [AC-wlan-ap-1] ap-group mesh-mpp Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-1] quit [AC-wlan-view] ap-id 2 ap-mac 60de-4476-e360 [AC-wlan-ap-2] ap-name AP_2 [AC-wlan-ap-2] ap-group mesh-mp Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-2] quit [AC-wlan-view] ap-id 3 ap-mac dcd2-fcf6-76a0 [AC-wlan-ap-3] ap-name AP_3 [AC-wlan-ap-3] ap-group mesh-mp Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-3] quit
- Configure Mesh parameters.
# Configure radio parameters for Mesh nodes. Radio 1 of the AP8130DN is used as an example. coverage distance indicates the radio coverage distance parameter, which is 3 (unit: 100 m) by default. This example sets the radio coverage distance parameter to 4. You can configure the parameter according to your service needs.
[AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] radio 1 [AC-wlan-group-radio-mesh-mpp/1] channel 40mhz-plus 157 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-group-radio-mesh-mpp/1] coverage distance 4 [AC-wlan-group-radio-mesh-mpp/1] quit [AC-wlan-ap-group-mesh-mpp] quit [AC-wlan-view] ap-group name mesh-mp [AC-wlan-ap-group-mesh-mp] radio 1 [AC-wlan-group-radio-mesh-mp/1] channel 40mhz-plus 157 Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-group-radio-mesh-mp/1] coverage distance 4 [AC-wlan-group-radio-mesh-mp/1] quit [AC-wlan-ap-group-mesh-mp] quit
# Set parameters for the APs' wired interfaces. This example assumes that the service VLAN is VLAN 101. Wired interfaces of all Mesh nodes are therefore added to VLAN 101 in tagged mode.
[AC-wlan-view] wired-port-profile name wired-port [AC-wlan-wired-port-wired-port] vlan tagged 101 [AC-wlan-wired-port-wired-port] quit
# Configure the security profile mesh-sec used by Mesh links. The Mesh network supports only the security policy WPA2+PSK+AES.
[AC-wlan-view] security-profile name mesh-sec [AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase a1234567 aes [AC-wlan-sec-prof-mesh-sec] quit
# Configure a Mesh whitelist.
[AC-wlan-view] mesh-whitelist-profile name mesh-list [AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 60de-4474-9640 [AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 60de-4476-e360 [AC-wlan-mesh-whitelist-mesh-list] peer-ap mac dcd2-fcf6-76a0 [AC-wlan-mesh-whitelist-mesh-list] quit
# Configure Mesh roles. Set the Mesh role of AP_1 to mesh-portal. AP_2 and AP_3 use the default Mesh role mesh-node. Mesh roles are configured through the AP system profile.
[AC-wlan-view] ap-system-profile name mesh-sys [AC-wlan-ap-system-prof-mesh-sys] mesh-role mesh-portal [AC-wlan-ap-system-prof-mesh-sys] quit
# Configure a Mesh profile. Set the Mesh network ID to mesh-net, aging time of Mesh links to 30s, and bind the security profile and Mesh whitelist to the Mesh profile.
[AC-wlan-view] mesh-profile name mesh-net [AC-wlan-mesh-prof-mesh-net] mesh-id mesh-net [AC-wlan-mesh-prof-mesh-net] link-aging-time 30 [AC-wlan-mesh-prof-mesh-net] security-profile mesh-sec [AC-wlan-mesh-prof-mesh-net] quit
# Bind the Mesh whitelist profile to the AP radio.
[AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] radio 1 [AC-wlan-group-radio-mesh-mpp/1] mesh-whitelist-profile mesh-list [AC-wlan-group-radio-mesh-mpp/1] quit [AC-wlan-ap-group-mesh-mpp] quit [AC-wlan-view] ap-group name mesh-mp [AC-wlan-ap-group-mesh-mp] radio 1 [AC-wlan-group-radio-mesh-mp/1] mesh-whitelist-profile mesh-list [AC-wlan-group-radio-mesh-mp/1] quit [AC-wlan-ap-group-mesh-mp] quit
- Bind required profiles to the AP groups to make Mesh services take effect.
# Bind the AP wired port profile wired-port to AP groups mesh-mpp and mesh-mp to make AP wired port parameters take effect on Mesh nodes. This example assumes that all APs connect to Switch_A through GE0.
[AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] wired-port-profile wired-port gigabitethernet 0 [AC-wlan-ap-group-mesh-mpp] quit [AC-wlan-view] ap-group name mesh-mp [AC-wlan-ap-group-mesh-mp] wired-port-profile wired-port gigabitethernet 0 [AC-wlan-ap-group-mesh-mp] quit
# Bind the AP system profile mesh-sys to the AP group mesh-mpp to make the MPP role take effect on AP_1.
[AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] ap-system-profile mesh-sys [AC-wlan-ap-group-mesh-mpp] quit
# Bind the Mesh profile mesh-net to AP groups mesh-mpp and mesh-mp to make the Mesh services take effect.
[AC-wlan-view] ap-group name mesh-mpp [AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-net radio 1 [AC-wlan-ap-group-mesh-mpp] quit [AC-wlan-view] ap-group name mesh-mp [AC-wlan-ap-group-mesh-mp] mesh-profile mesh-net radio 1 [AC-wlan-ap-group-mesh-mp] quit
- Verify the Mesh service configuration.
# After the configuration is complete, run the display ap all command to check whether Mesh nodes go online successfully. If State displays as nor, APs have gone online successfully.
<AC> display ap all Total AP information: nor : normal [3] Extrainfo : Extra information P : insufficient power supply ---------------------------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime ExtraInfo ---------------------------------------------------------------------------------------------------- 1 60de-4474-9640 AP_1 mesh-mpp 10.23.100.254 AP8130DN nor 0 13M:45S - 2 60de-4476-e360 AP_2 mesh-mp 10.23.100.251 AP8130DN nor 0 5M:22S - 3 dcd2-fcf6-76a0 AP_3 mesh-mp 10.23.100.253 AP8130DN nor 0 4M:14S - ---------------------------------------------------------------------------------------------------- Total: 3# After Mesh services take effect, run the display wlan mesh link all command to check Mesh link information.
<AC> display wlan mesh link all Rf : radio ID Dis : coverage distance(100m) Ch : channel Per : drop percent(%) TSNR : total SNR(dB) P- : peer Mesh : Mesh mode Re : retry ratio(%) RSSI : RSSI(dBm) MaxR : max RSSI(dBm) ---------------------------------------------------------------------------------------------------------------------------------- APName P-APName P-APMAC Rf Dis Ch Mesh P-Status RSSI MaxR Per Re TSNR SNR(Ch0~3:dB) Tx(Mbps) Rx(Mbps) ---------------------------------------------------------------------------------------------------------------------------------- 192 192 AP_1 AP_2 60de-4476-e360 1 4 157 portal normal -30 -27 0 12 67 62/65/-/- 192 192 AP_1 AP_3 dcd2-fcf6-76a0 1 4 157 portal normal -26 -24 0 12 71 67/68/-/- 192 192 AP_3 AP_2 60de-4476-e360 1 4 157 node normal -19 -3 0 5 77 66/76/-/- 192 192 AP_3 AP_1 60de-4474-9640 1 4 157 node normal -32 -4 0 26 64 55/63/-/- 192 192 AP_2 AP_1 60de-4474-9640 1 4 157 node normal -32 -4 0 12 64 62/61/-/- 192 192 AP_2 AP_3 dcd2-fcf6-76a0 1 4 157 node normal -14 -12 0 4 82 71/82/-/- 192 192 ---------------------------------------------------------------------------------------------------------------------------------- Total: 6
Configuration Files
Switch_A configuration file
# sysname Switch_A # vlan batch 100 # interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 port-isolate enable group 1 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 # return
Switch_B configuration file
# sysname Switch_B # vlan batch 100 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 # return
AC configuration file
# sysname AC # vlan batch 100 # dhcp enable # interface Vlanif100 ip address 10.23.100.1 255.255.255.0 dhcp select interface # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 # capwap source interface vlanif100 # wlan security-profile name mesh-sec security wpa2 psk pass-phrase %^%#WXq~51G1^G;~|`C\G$v-`XoiIe4z$CNAM#@TeN^+%^%# aes mesh-whitelist-profile name mesh-list peer-ap mac 60de-4474-9640 peer-ap mac 60de-4476-e360 peer-ap mac dcd2-fcf6-76a0 mesh-profile name mesh-net security-profile mesh-sec mesh-id mesh-net link-aging-time 30 regulatory-domain-profile name domain1 ap-system-profile name mesh-sys mesh-role mesh-portal wired-port-profile name wired-port vlan tagged 101 ap-group name mesh-mp wired-port-profile wired-port gigabitethernet 0 regulatory-domain-profile domain1 radio 1 mesh-profile mesh-net mesh-whitelist-profile mesh-list channel 40mhz-plus 157 coverage distance 4 ap-group name mesh-mpp ap-system-profile mesh-sys wired-port-profile wired-port gigabitethernet 0 regulatory-domain-profile domain1 radio 1 mesh-profile mesh-net mesh-whitelist-profile mesh-list channel 40mhz-plus 157 coverage distance 4 ap-id 1 ap-mac 60de-4474-9640 ap-name AP_1 ap-group mesh-mpp ap-id 2 ap-mac 60de-4476-e360 ap-name AP_2 ap-group mesh-mp ap-id 3 ap-mac dcd2-fcf6-76a0 ap-name AP_3 ap-group mesh-mp # return