H3C MSR Series Configuration manual

H3C MSR Router Series

Comware 5 WLAN Configuration Guide

New H3C Technologies Co., Ltd.

http://www.h3c.com

Software version: MSR-CMW520-R2516

Document version: 20180820-C-1.13

No part of this manual may be reproduced or transmitted in any form or by any means without prior written

consent of New H3C Technologies Co., Ltd.

Trademarks

H3C, , H3CS, H3CIE, H3CNE, Aolynk, , H

3

Care, , IRF, NetPilot, Netflow, SecEngine,

SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of New H3C Technologies

Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. All contents in this document, including

statements, information, and recommendations, are believed to be accurate, but they are presented without

warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions

contained herein.

Preface

This configuration guide describes fundamentals and configuration of WLAN Interface, WLAN

Service, WLAN RRM, WLAN Security, WLAN IDS, and WLAN QoS.

This preface includes the following topics about the documentation:

• Audience.

• Conventions.

• Documentation feedback.

Audience

This documentation is intended for:

• Network planners.

• Field technical support and servicing engineers.

• Network administrators working with the routers.

Conventions

The following information describes the conventions used in the documentation.

Command conventions

Convention Description

Boldface Bold

text represents commands and keywords that you enter literally as shown.

Italic

Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which

you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars,

from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical

bars, from which you select a minimum of one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical

bars, from which you select one choice, multiple choices, or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign

can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For

example, the

New User

window opens; click

OK

.

>

Multi-level menus are separated by angle brackets. For example,

File

>

Create

>

Folder

.

Symbols

Convention Description

WARNING!

An alert that calls attention to important information that if not understood or followed

can result in personal injury.

CAUTION:

An alert that calls attention to important information that if not understood or followed

can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT:

An alert that calls attention to essential information.

NOTE:

An alert that contains additional or supplementary information.

TIP:

An alert that provides helpful information.

Network topology icons

Convention Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that

supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access

controller engine on a unified wired-WLAN switch.

Represents an access point.

Represents a wireless terminator unit.

Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security

gateway, or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL

VPN, IPS, or ACG module.

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model,

configuration, or software version. It is normal that the port numbers, sample output, screenshots,

and other information in the examples differ from what you have on your device.

T

Documentation feedback

You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

i

Contents

Configuring WLAN interfaces ······························································ 1

Hardware compatibility with WLAN ································································································ 1

Configuring a WLAN radio interface ······························································································· 1

Configuring a WLAN BSS interface ································································································ 2

WLAN Ethernet interface ············································································································· 3

Entering WLAN Ethernet interface view ···················································································· 3

Configuring a WLAN Ethernet interface ···················································································· 3

Displaying and maintaining a WLAN interface ·················································································· 7

Configuring WLAN access ································································· 9

WLAN access overview ··············································································································· 9

Terminology ······················································································································· 9

Client access ······················································································································ 9

Hardware compatibility with WLAN ······························································································ 11

Workgroup bridge mode overview ······························································································· 11

WLAN access configuration task list ····························································································· 12

Specifying a country code ·········································································································· 12

Configuring a WLAN service template ·························································································· 13

Creating a service template and specifying an SSID ································································· 13

Configuring secure access ·································································································· 13

Configuring the maximum number of associated clients ····························································· 14

Enabling fast association ···································································································· 14

Enabling a service template ································································································· 14

Configuring WLAN parameters ··································································································· 14

Configuring radio parameters ····································································································· 15

Configuring radio parameters ······························································································· 15

Configuring 802.11n ··········································································································· 16

Mapping a service template to a radio ···················································································· 17

Enabling a radio ················································································································ 18

Displaying and maintaining WLAN access ····················································································· 18

Configuring SSID-based access control ························································································ 18

Configuring workgroup bridge mode ····························································································· 19

Enabling workgroup bridge mode ·························································································· 19

Connecting the workgroup bridge to the wireless network ·························································· 19

Displaying and maintaining workgroup bridge ·········································································· 20

WLAN access configuration examples ·························································································· 20

WLAN access configuration example ····················································································· 20

802.11n configuration example ····························································································· 21

Workgroup bridge mode configuration example ······································································· 22

Configuring WLAN RRM ·································································· 25

Overview ································································································································ 25

Hardware compatibility with WLAN ······························································································ 25

Configuration task list················································································································ 25

Configuring data transmit rates ··································································································· 26

Configuring 802.11b/802.11g rates ······················································································· 26

Configuring 802.11n rates ··································································································· 26

Configuring the maximum bandwidth ···························································································· 28

Configuring 802.11g protection ··································································································· 29

Enabling 802.11g protection ································································································ 29

Configuring 802.11g protection mode ···················································································· 30

Configuring 802.11n protection ··································································································· 30

Enabling 802.11n protection ································································································ 30

Configuring 802.11n protection mode ···················································································· 31

Configuring scan parameters ······································································································ 31

Displaying and maintaining WLAN RRM ······················································································· 32

ii

Configuring WLAN security ······························································ 33

Overview ································································································································ 33

Authentication modes ········································································································· 33

WLAN data security ··········································································································· 34

Client access authentication ································································································ 35

Protocols and standards ····································································································· 35

Hardware compatibility with WLAN ······························································································ 35

Configuring WLAN security ········································································································ 36

Configuration task list ········································································································· 36

Enabling an authentication method ······················································································· 36

Configuring the PTK lifetime ································································································ 36

Configuring the GTK rekey method ······················································································· 37

Configuring security IE ······································································································· 38

Configuring cipher suite ······································································································ 38

Configuring port security ····································································································· 40

Displaying and maintaining WLAN security ············································································· 41

WLAN security configuration examples ························································································· 42

PSK authentication configuration example ·············································································· 42

MAC and PSK authentication configuration example ································································· 43

802.1X authentication configuration example ··········································································· 47

Supported combinations for ciphers ····························································································· 52

Configuring WLAN IDS ···································································· 55

Overview ································································································································ 55

Terminology ····················································································································· 55

Attack detection ················································································································ 55

Blacklist and white list ········································································································ 56

Hardware compatibility with WLAN ······························································································ 57

WLAN IDS configuration task list ································································································· 57

Configuring AP operating mode ·································································································· 58

Configuring attack detection ······································································································· 58

Configuring attack detection ································································································ 58

Displaying and maintaining attack detection ············································································ 58

Configuring blacklist and whitelist ································································································ 59

Configuring static lists ········································································································ 59

Configuring dynamic blacklist ······························································································· 59

Displaying and maintaining blacklist and whitelist ····································································· 60

WLAN IDS configuration examples ······························································································ 60

WLAN IDS configuration example ························································································· 60

Blacklist and whitelist configuration example ··········································································· 61

Configuring WLAN QoS ··································································· 62

Overview ································································································································ 62

Terminology ····················································································································· 62

WMM protocol ·················································································································· 62

Protocols and standards ····································································································· 64

Hardware compatibility with WLAN ······························································································ 64

Configuring WMM ···················································································································· 64

Configuration restrictions and guidelines ················································································ 64

Configuration procedure ····································································································· 65

Displaying and maintaining WMM ························································································· 66

WMM configuration examples ······························································································ 66

Troubleshooting ················································································································ 69

Configuring client rate limiting ····································································································· 70

Configuration procedure ····································································································· 70

Displaying and maintaining client rate limiting ·········································································· 70

Client rate limiting configuration example ················································································ 71

Index ··························································································· 73

1

Configuring WLAN interfaces

NOTE:

The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and

MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module.

• Wireless routers support WLAN radio interfaces, which are physical interfaces that provide

wireless network access.

• Wireless routers support WLAN BSS and WLAN Ethernet virtual interfaces. WLAN radio

interfaces on routers can be used as common physical access interfaces. They can be bound to

WLAN BSS interfaces and WLAN Ethernet interfaces.

Hardware compatibility with WLAN

WLAN is not available on the following routers:

• MSR 2600.

• MSR 30-11.

• MSR 30-11E.

• MSR 30-11F.

• MSR3600-51F.

Configuring a WLAN radio interface

WLAN radio interfaces are physical interfaces and are used for providing wireless access service.

They can be configured but cannot be removed manually.

To configure a WLAN radio interface:

Step Command Remarks

1. Enter system view.

system-view

N/A

2. Enter WLAN radio interface

view.

interface wlan-radio

interface-number

N/A

3. Set the description for the

interface.

description

text

Optional.

By default, the description of an

interface is its interface name

followed by the

Interface

string.

4. Specify the expected

bandwidth for the interface.

bandwidth

bandwidth-value

Optional.

5. Restore the default settings

of the WLAN radio interface.

default

Optional.

6. Shut down the WLAN radio

interface.

shutdown

Optional.

By default, a WLAN radio

interface is up.

2

Configuring a WLAN BSS interface

WLAN BSS interfaces are virtual interfaces. They operate like Layer 2 Ethernet ports. A WLAN BSS

interface supports multiple Layer 2 protocols. On a wireless router, a WLAN radio interface bound to

a WLAN BSS interface operates as a Layer 2 interface.

To configure a WLAN BSS interface:

Step Command Remarks

1. Enter system view.

system-view

N/A

2. Enter WLAN BSS interface

view.

interface wlan-bss

interface-number

If the WLAN BSS interface does

not exist, this command creates

the WLAN BSS interface first.

When you bind a service with a

WLAN-BSS interface in IMC,

make sure the interface number of

the WLAN BSS interface is no

greater than 31. For more

information about IMC, see H3C

Intelligent Management Center

Getting Started Guide.

3. Set the description string for

the interface.

description

text

Optional.

By default, the description string

of an interface is interface-name +

Interface

.

4. Specify the link type.

port link-type

{

access | hybrid

}

Optional.

The default is

access

.

You can add the WLAN BSS

interface to specific VLANs

depending on the link type.

For more information, see Layer

2—LAN Switching Configuration

Guide.

5. Specify an authentication

domain for MAC

authentication users.

mac-authentication domain

domain-name

By default, the default

authentication domain is used for

MAC authentication users.

6. Set the maximum number of

concurrent MAC

authentication users on the

interface.

mac-authentication max-user

user-number

Optional.

The default value is 256.

7. Specify the expected

bandwidth for the interface.

bandwidth

bandwidth-value

Optional.

8. Restore the default settings

of the WLAN BSS interface.

default

Optional.

9. Shut down the WLAN BSS

interface.

shutdown

Optional.

By default, a WLAN BSS interface

is up.

For more information about the mac-authentication domain and mac-authentication max-user

commands, see Security Command Reference.

3

WLAN Ethernet interface

WLAN Ethernet interfaces are virtual Layer 3 interfaces. They operate like Layer 3 Ethernet

interfaces. You can assign an IP address to a WLAN Ethernet interface. On a wireless router, a

WLAN radio interface bound to a WLAN Ethernet interface operates as a Layer 3 interface.

Entering WLAN Ethernet interface view

Step Command Remarks

1. Enter system view.

system-view

N/A

2. Enter WLAN Ethernet

interface view.

interface wlan-ethernet

interface-number

If the WLAN Ethernet interface

does not exist, this command

creates the WLAN Ethernet

interface first.

3. Specify the expected

bandwidth for the interface.

bandwidth

bandwidth-value

Optional.

4. Restore the default settings

of the WLAN Ethernet

interface.

default

Optional.

Configuring a WLAN Ethernet interface

For a WLAN Ethernet interface, you can configure basic settings such as MTU, ARP, DHCP, and

routing protocols as listed in the following table (for information about the commands/features listed

in the following table, see related chapters in the corresponding volumes).

To configure a WLAN Ethernet interface:

Step Command

5. Configure an interface.

• qos max-bandwidth

• shutdown

• mtu

• description

• enable snmp trap updown

6. Configure ARP.

• arp max-learning-num

• arp proxy enable

• proxy-arp enable

7. Configure the interface as a BOOTP client.

ip address bootp-alloc

8. Configur

e DHCP.

Configure DHCP server

dhcp select server global-pool

Configure DHCP relay

• dhcp relay address-check

• dhcp relay information enable

• dhcp relay information format

• dhcp relay information strategy

• dhcp relay release

• dhcp relay server-select

• dhcp select relay

Configure DHCP client

ip address dhcp-alloc

9. Configure IP accounting.

• ip count firewall-denied

4

Step Command

•

ip count inbound-packets

• ip count outbound-packets

10. Assign an IP address to the interface.

ip address

11. Configure IP performance.

• ip forward-broadcast

• tcp mss

12. Configure policy-based routing.

ip policy-based-route

13. Configure UDP helper.

udp-helper server

14. Configure URPF.

ip urpf

15. Configure fast forwarding.

ip fast-forwarding

16. Configure basic IPv6 settings.

• ipv6 address

• ipv6 address auto link-local

• ipv6 mtu

• ipv6 nd autoconfig managed-address-flag

• ipv6 nd autoconfig other-flag

• ipv6 nd dad attempts

• ipv6 nd ns retrans-timer

• ipv6 nd nud reachable-time

• ipv6 nd ra halt

• ipv6 nd ra interval

• ipv6 nd ra prefix

• ipv6 nd ra router-lifetime

• ipv6 neighbors max-learning-num

• ipv6 policy-based-route

17. Configure NAT-PT.

natpt enable

18. Configure IS-IS.

• isis authentication-mode

• isis circuit-level

• isis circuit-type p2p

• isis cost

• isis dis-name

• isis dis-priority

• isis enable

• isis mesh-group

• isis small-hello

• isis timer csnp

• isis timer hello

• isis timer holding-multiplier

• isis timer lsp

• isis timer retransmit

• isis silent

19. Configure OSPF.

• ospf authentication-mode simple

• ospf authentication-mode

• ospf cost

• ospf dr-priority

• ospf mtu-enable

• ospf network-type

• ospf timer dead

• ospf timer hello

5

Step Command

•

ospf timer poll

• ospf timer retransmit

• ospf trans-delay

20. Configure RIP.

• rip authentication-mode

• rip input

• rip output

• rip metricin

• rip metricout

• rip poison-reverse

• rip split-horizon

• rip summary-address

• rip version

21. Configure IPv6 IS-IS.

isis ipv6 enable

22. Configure IPv6 OSPFv3.

• ospfv3 cost

• ospfv3 mtu-ignore

• ospfv3 timer dead

• ospfv3 timer hello

• ospfv3 timer retransmit

• ospfv3 area

• ospfv3 dr-priority

• ospfv3 trans-delay

23. Configure IPv6 RIPng.

• ripng default-route

• ripng enable

• ripng metricin

• ripng metricout

• ripng poison-reverse

• ripng split-horizon

• ripng summary-address

24. Configure basic MPLS capabilities.

• mpls

• mpls ldp

• mpls ldp advertisement

• mpls ldp timer hello-hold

• mpls ldp timer keepalive-hold

• mpls ldp transport-address

25. Configure BGP/MPLS VPN.

ip binding vpn-instance

26. Configure PPPoE.

• pppoe-server bind virtual-template

• pppoe-client dial-bundle-number

27. Configure bridge sets.

bridge-set

28. Configur

e

multicast.

Configure multicast routing

and forwarding

• multicast minimum-ttl

• multicast ipv6 minimum-hoplimit

• multicast boundary

• multicast ipv6 boundary

Configure IPv6 multicast

routing and forwarding

• multicast ipv6 minimum-hoplimit

• multicast ipv6 boundary

Configure IGMP

• igmp enable

• igmp fast-leave

• igmp group-policy

6

Step Command

•

igmp last-member-query-interval

• igmp max-response-time

• igmp require-router-alert

• igmp robust-count

• igmp send-router-alert

• igmp static-group

• igmp timer other-querier-present

• igmp timer query

• igmp version

Configure MLD

• mld enable

• mld last-listener-query-interval

• mld max-response-time

• mld require-router-alert

• mld send-router-alert

• mld robust-count

• mld timer other-querier-present

• mld timer query

• mld version

• mld static-group

• mld group-policy

• mld fast-leave

Configure PIM

• pim bsr-boundary

• pim hello-option

• pim holdtime

• pim require-genid

• pim sm

• pim dm

• pim state-refresh-capable

• pim timer graft-retry

• pim timer hello

• pim timer join-prune

• pim triggered-hello-delay

Configure IPv6 PIM

• pim ipv6 bsr-boundary

• pim ipv6 hello-option

• pim ipv6 holdtime

• pim ipv6 require-genid

• pim ipv6 sm

• pim ipv6 dm

• pim ipv6 state-refresh-capable

• pim ipv6 timer graft-retry

• pim ipv6 timer hello

• pim ipv6 timer join-prune

• pim ipv6 triggered-hello-delay

29. Configur

e QoS.

Configure traffic policing, traffic

shaping, and line rate

• qos car

• qos gts any cir

• qos gts acl

Apply a QoS policy

qos apply policy

Configure congestion

avoidance

qos max-bandwidth

7

Step Command

30. Configure firewall.

• firewall ethernet-frame-filter

• firewall packet-filter

• firewall packet-filter ipv6

• firewall aspf

31. Configure NAT.

• nat outbound

• nat outbound static

• nat server

32. Configure Portal.

• portal auth-network

• portal server

33. Configure IPsec.

ipsec policy

34. Configure the backup center.

• standby interface

• standby threshold

• standby timer delay

• standby timer flow-check

• standby bandwidth

35. Configure NetStream.

ip netstream

36. Configure NTP.

• ntp-service broadcast-client

• ntp-service broadcast-server

• ntp-service multicast-client

• ntp-service multicast-server

• ntp-service in-interface disable

37. Configure IPX.

ipx encapsulation

38. Configure port security.

• port-security authorization ignore

• port-security max-mac-count

• port-security port-mode { mac-and-psk |

mac-authentication | mac-else-userlogin-secure

| mac-else-userlogin-secure-ext | psk |

userlogin-secure | userlogin-secure-ext |

userlogin-secure-ext-or-psk |

userlogin-secure-or-mac |

userlogin-secure-or-mac-ext }

• port-security preshared-key { pass-phrase |

raw-key }

• port-security tx-key-type 11key

Displaying and maintaining a WLAN interface

Task Command Remarks

Display information about WLAN

radio interfaces.

display interface

[

wlan-radio

]

[

brief

[

down

] ] [

|

{

begin

|

exclude

|

include

}

regular-expression ]

display interface

wlan-radio

interface-number [

brief

] [

|

{

begin

|

exclude

|

include

}

regular-expression ]

Available in any view.

Display information about WLAN

BSS interfaces.

display interface

[

wlan-bss

]

[

brief

[

down

] ] [

|

{

begin

|

Available in any view.

8

Task Command Remarks

exclude

|

include

}

regular-expression ]

display interface

wlan-bss

interface-number [

brief

] [

|

{

begin

|

exclude

|

include

}

regular-expression ]

Display information about WLAN

Ethernet interfaces.

display interface

[

wlan-ethernet

] [

brief

[

down

] ]

[

|

{

begin

|

exclude

|

include

}

regular-expression ]

display interface wlan-ethernet

interface-number [

brief

] [ | {

begin

|

exclude

|

include

}

regular-expression ]

Available in any view.

9

Configuring WLAN access

The terms AP and fat AP in this document refer to MSR800, MSR 900, MSR900-E, MSR 930, and

MSR 20-1X routers with IEEE 802.11b/g and MSR series routers installed with a SIC WLAN module.

WLAN access overview

A WLAN can provide the following services:

• WLAN client connectivity to conventional 802.3 LANs

• Secured WLAN access with different authentication and encryption methods

• Seamless roaming of WLAN clients in the mobility domain

Terminology

• Client—A handheld computer or laptop with a wireless NIC or a terminal that supports WiFi.

• Access point—An AP bridges frames between wireless and wired networks.

• Fat AP—A fat AP controls and manages all associated wireless stations and bridges frames

between wired and wireless networks.

• Service set identifier—A client scans all networks at first, and then selects a specific SSID to

connect to a specific wireless network.

• Wireless medium—A medium used for transmitting frames between wireless clients. Radio

frequency is used as the wireless medium in the WLAN system.

Client access

A wireless client access process involves three steps: active/passive scanning surrounding wireless

services, authentication, and association, as shown in Figure 1.

Figure 1

Establishing a client access

Scanning

When a wireless client is operating, it usually uses both passive scanning and active scanning to get

information about surrounding wireless networks.

1. Active scanning

10

When a wireless client operates, it periodically searches for (scans) surrounding wireless

networks. During active scanning, the wireless client actively sends probe request frames and

obtains network signals from received probe response frames. Active scanning includes two

modes according to whether a specified SSID is carried in a probe request.

{ A client sends a probe request (with the SSID null, or, the SSID IE length is 0)—The

client periodically sends a probe request frame on each of its supported channels to scan

wireless networks. APs that receive the probe request send a probe response, which

carries the available wireless network information. The client associates with the AP with

the strongest signal. The active scanning mode enables a client to actively get acquainted

with the available wireless services and to access the proper wireless network as needed.

The active scanning process of a wireless client is as shown in Figure 2.

Figure 2

Active scanning (the SSID of the probe request is null or no SSID

information is carried)

{ A client sends a probe request (with a specified SSID)—When the wireless client is

configured to access a specific wireless network or has already successfully accessed a

wireless network, the client periodically sends a probe request carrying the specified SSID

of the configured or connected wireless network. When an AP that can provide the wireless

service with the specified SSID receives the probe request, it sends a probe response. This

active scanning mode enables a client to access a specified wireless network. The active

scanning process is as shown in Figure 3.

Figure 3

Active scanning (the probe request carries the specified SSID AP 1)

2. Passive scanning

Passive scanning is used by clients to discover surrounding wireless networks through listening

to the beacon frames periodically sent by an AP. All APs providing wireless services

periodically send beacons frames, so that wireless clients can periodically listen to beacon

frames on the supported channels to get information about surrounding wireless networks and

connect to an AP. Passive scanning is used by a client when it wants to save battery power.

Typically, VoIP clients adopt the passive scanning mode. The passive scanning process is as

shown in Figure 4.

Pr

ob

e

r

e

q

u

es

t

(

w

i

t

h

n

o

SSI

D

)

Pr

ob

e

r

e

q

ue

s

t

(

w

i

t

h

n

o

SSI

D

)

Pr

o

b

e

R

e

s

p

on

s

e

Pr

o

b

e

R

e

s

p

o

ns

e

11

Figure 4 Passive scanning

Authentication

To secure wireless links, the wireless clients must be authenticated before accessing the AP, and

only wireless clients passing the authentication can be associated with the AP. 802.11 links define

two authentication mechanisms: open system authentication and shared key authentication.

For more information about the two authentication mechanisms, see "Configuring WLAN security."

Association

A client that wants to access a wireless network through an AP must be associated with that AP.

Once the client chooses a compatible network with a specified SSID and passes the link

authentication to an AP, it sends an association request frame to the AP. The AP detects the

capability information carried in the association request frame, determines the capability supported

by the wireless client, and sends an association response to the client to notify the client of the

association result. Usually, a client can associate with only one AP at a time, and an association

process is always initiated by the client.

Hardware compatibility with WLAN

WLAN is not available on the following routers:

• MSR 2600.

• MSR 30-11.

• MSR 30-11E.

• MSR 30-11F.

• MSR3600-51F.

Workgroup bridge mode overview

The workgroup bridge mode enables an AP to associate with another AP as a wireless client.

As shown in Figure 5, to provide wirele

ss connectivity for the PCs and printer, you can connect them

to an AP through a hub or a switch and configure the AP as a workgroup bridge. The PCs and printer

access the network through the workgroup bridge.

12

Figure 5 Network diagram

For an AP with two radios, you can configure one radio as a workgroup bridge and configure the

other radio to provide normal access services.

As shown in Figure 6, Rad

io 1 operates as a workgroup bridge, and Radio 2 provides normal access

services. Clients associated with Radio 2 can access the network through the workgroup bridge

Radio 1.

Figure 6 Dual-radio AP in workgroup bridge mode

WLAN access configuration task list

Task Description

Specifying a country code Required.

Configuring a WLAN service template Required.

Configuring WLAN parameters Optional.

Configuring radio parameters Required.

Specifying a country code

A country code identifies the country in which you want to operate radios. It determines

characteristics such as operating power level and total number of channels available for the

transmission of frames. Set the valid country code or area code before configuring an AP.

The country code for North American models cannot be modified and that for other models can be

modified at the CLI.

To specify the country code:

Step Command Remarks

1. Enter system view.

system-view

N/A

AP

Workgroup Bridge

LAN Segment

Hub

PC

Printer

Client

AP

Workgroup Bridge

Client

Radio 1

Radio 2

13

Step Command Remarks

2. Specify the global country

code.

wlan country-code

code

By default, the country code for

North American models is US,

and for other models is CN.

Configuring a WLAN service template

Creating a service template and specifying an SSID

Step Command Remarks

1. Enter system view.

system-view

N/A

2. Create a WLAN service

template and enter WLAN

service template view.

wlan service-template

service-template-number

{

clear

|

crypto

}

You cannot change an existing

service template to another type.

3. Specify the service set

identifier.

ssid

ssid-name N/A

4. Disable the advertising of

SSID in beacon frames.

beacon ssid-hide

Optional.

By default, the SSID is advertised

in beacon frames.

Configuring secure access

WLAN access can be secured by client authentication and data encryption. Client authentication

makes sure only authorized users can access the WLAN and data encryption makes sure the data

sent can only be received by specific users.

Client authentication includes 802.1X, PSK, and MAC authentication. Data encryption methods

include WEP, TKIP, and CCMP.

For more information about WLAN security and port security, see "Configuring WLAN security." For

more info

rmation about port security, see Security Configuration Guide.

To configure secure access:

Step Command Remarks

1. Enter system view.

system-view

N/A

2. Create a WLAN service

template and enter WLAN

service template view.

wlan service-template

service-template-number

{

clear

|

crypto

}

You cannot change an existing

service template to another type.

3. Configure an authentication

method.

authentication-method

{

open-system

|

shared-key

}

By default, the open-system

authentication method is used.

For more information about the

command, see WLAN Command

Reference.

Page is loading ...

H3C MSR Series, MSR 20, MSR 20-1X, MSR 30, MSR 50, MSR 800, MSR 900 Series, MSR 900-E, MSR 930 Configuration manual

Related papers

Other documents