H3C WX5002V2, WX5004, WX6103, WX3024, WX3010 Configuration Manual

H3C WX Series Access Controllers

Access Controller Module Configuration Guide

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Document Version: 6W105-20101124

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care,

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

2

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C WX series documentation set describes the sof tware features for the H3C WX Serie s Access Controllers and guides you through the software configuration procedures. The configuration guides also provide configuration examples to help you apply the software features to different network scenarios.

The Access Controller Module Basic Configuration Guide describes the compatibility matrix between access controller modules and Ethernet switches, and descri bes the basic configurations for an acce ss controller module to cooperate with an Ethernet switch.

This preface includes:

z Audience z Conventions z About the H3C WX Series Documentation Set z Obtaining Documentation z Technical Support z Documentation Feedback

Audience

This documentation is intended for:

z Network planners z Field technical support and servicing engineers z Network administrators working with the WX series

Conventions

This section describes the conventions used in this documentation set.

Command conventions

Convention Description

Boldface Bold

text represents commands and keywords that you enter literally as shown.

italic

Italic text represents arguments that you replace with actual values.

[ ]

Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.

Convention Description

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you may select multiple choices or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For example, the

New User

window appears; click OK.

>

Multi-level menus are separated by angle brackets. For example,

File

>

Create

>

Folder

.

Symbols

Convention Description

Means reader be extremely careful. Improper operation may cause bodily injury.

Means reader be careful. Improper operation may cause data loss or damage to equipment.

Means an action or information that needs special attention to ensure successful configuration or good performance.

Means a complementary description.

Means techniques helpful for you to make configuration with ease.

Network topology icons

Convention Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, an access controller module, or a switching engine on a unified switch.

Represents an access point.

Represents a mesh access point.

Convention Description

Represents omnidirectional signals.

Represents directional signals.

About the H3C WX Series Documentation Set

The H3C WX series documentation set includes:

Category Documents Purposes

WX3000 Series Unified Wired and Wireless Switches Brochure

WX5000 Series Access Controllers Brochure

Product description and specifications

WX6000 Series Access Controllers Brochure

Describe product specifications and benefits.

LSWM1WCM10 Access Controller Module Card Manual

LSWM1WCM20 Access Controller Module Card Manual

LSRM1WCM2A1 Access Controller Module Card Manual

Provide the hardware specifications of the cards, and describe how to install and remove the cards.

LSQM1WCMB0 Access Controller Module Installation Manual

Hardware specifications and installation

LSBM1WCM2A0 Access Controller Module Installation Manual

Guide you through hardware specifications and installation methods to help you install your AC.

WX Series Access Controllers Getting Started Guides

Guide you through the main functions of your AC, and describes how to install and log in to your AC, perform basic configurations, maintain software, and troubleshoot your AC.

WX Series Access Controllers Configuration Guides

Describe software features and configuration procedures.

WX Series Access Controllers Command References

Provide a quick reference to all available commands.

Software configuration

WX Series Access Controllers Web-based Configuration Guides

Describes configuration procedures through the web interface.

WX3000 Series Unified Switches Release Notes

WX5002 Series Access Controllers Release Notes

WX5004 Series Access Controllers Release Notes

Operations and maintenance

WX6103 Series Access Controllers Release Notes

Provide information about the product release, including the version history, hardware and software compatibility matrix, version upgrade information, technical support information, and software upgrading.

Obtaining Documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com

. Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents]

– Provides hardware installation, software

upgrading, getting started, and software feature configuration and maintenance documentation.

[Products & Solutions]

– Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download]

– Provides the documentation released with

the software version.

Technical Support

customer_service@h3c.com http://www.h3c.com

Documentation Feedback

You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

z Read Compatibility Matrixes before using an H3C WX series access co ntroller. z Support of the H3C WX series access controllers for features and commands may vary by AC

model. For more information, see “Feature Matrixes” and “Command Matrixes” in Compatibility Matrixes.

z The term AC in this document refers to H3C access controllers, access controller modules, and

H3C WX series unified switches' access controller engines.

z The interface types and the number of interfaces vary by AC model. z The models listed in this manual are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

i

Table of Contents

1 Applicable Models and Software Versions·····························································································1-1 2 Typical Network Scenarios·······················································································································2-1

AC Networking········································································································································2-1 Access Controller Module Networking····································································································2-1 Unified Switch Networking ······················································································································2-2

3 Feature Matrixes········································································································································3-1

Feature Matrix for the WX5000 Series····································································································3-1 Feature Matrix for the WX6000 Series····································································································3-7 Feature Matrix for the WX3000 Series··································································································3-11

4 Command Matrixes····································································································································4-1

Command Matrix for the WX5000 Series·······························································································4-1 Command Matrix for the WX6000 Series·····························································································4-15 Command Matrix for the WX3000 Series·····························································································4-24

5 Access Controller Module Basic Configuration·····················································································5-1

Access Controller Module and Ethernet Switch Compatibility Matrix·····················································5-1

6 Access Controller Module Basic Configuration·····················································································6-1

Access Controller Module Basic Configuration·······················································································6-1

Configuring the Internal Ports of the Switch····················································································6-1 Configuring the Access Controller Module······················································································6-2

Configuration Examples··························································································································6-3

Configuring LS8M1WCMA0············································································································6-3 Configuring LSQM1WCMB0, LSBM1WCM2A0, or LSRM1WCM2A1············································6-3 Configuring LSWM1WCM20 or LSWM1WCM10············································································6-4

7 Index ···························································································································································7-1

1-1

1 Applicable Models and Software Versions

H3C WX series access controllers include the WX3000 series unified switches, and WX5000 and WX6000 series access controllers. Table 1-1

shows the applicable models and software versions.

Table 1-1 Applicable models and software versions

Model Software version

WX3024 unified switches WX3010 unified switches WX3008 unified switches LSWM1WCM20 access controller module

WX3000-CMW520-R3111P03

WX5002 access controller LS8M1WCMA0 access controller module

WX5002-CMW520-R1112

WX5002V2 access controller WX5004 access controller LSWM1WCM10 access controller module

WX5004-CMW520-R2107P04

WX6103 access controller LSQM1WCMB0 access controller module LSBM1WCM2A0 access controller module LSRM1WCM2A1 access controller module

WX6103-CMW520-R2115P08

2-1

2 Typical Network Scenarios

AC Networking

As shown in the following figure, the AC is connected to Switch (Layer 2 or Layer 3) through GE1/0/1, which can be connected to APs directly or connected to APs over an IP network. Clients can be connected to the network through the APs to implement WLAN user access.

Figure 2-1 AC networking

AC

GE 1/0/1

Server

AP 1 AP 2

Client A Client B

Scheme 1

IP network

Access Controller Module Networking

As shown in the following figure, installed with an access controller module, Switch (Layer 2 or Layer 3) can be connected to APs di rectly or conn ected to APs over an IP network. Cli ent s can be connected to the network through the A P s to implement WLAN user access.

2-2

Figure 2-2 Access controller module networking

Unified Switch Networking

As shown in Figure 2-3, Unified switch (functions as both an AC and a Layer 2 switch) can be conne cted to APs directly or connected to APs over an IP network. Clients can be connected to the network through the APs to implement WLAN user access.

Figure 2-3 Unified switch networking diagram

3-1

3 Feature Matrixes

In this document, Yes means a feature or command is supported, and No means not supported.

Feature Matrix for the WX5000 Series

The LS8M1WCMA0, LSWM1WCM10, and LSWM1WCM20 on the WX5000 series adopt the OAP architecture. Install ed on the exp ansion slot s of switches, they work as OAP cards to exchange data and status and control information with the switches through their internal service interfaces. Do not configure services such as QoS rate limiting and 802.1X authentication on GE interfaces on the LS8M1WCMA0, XGE 1/0/1 on the LSWM1WCM10, and the logical interface BAGG1 aggregated by GE 1/0/1 and GE 1/0/2 on the LSWM1WCM20.

Table 3-1 Feature matrix for the WX5000 series

Document Module Feature WX5002 WX5002V2 LS8M1WCMA0 WX5004 LSWM1WCM10 LSWM1WCM20

AUX user interface Yes No Yes No Yes Yes Console user interface No Yes No Yes No No

Login configuration

Telnet Yes Yes Yes Yes Yes Yes

Fundamentals Configuration Guide

User interface configuration

User interface type

Console user interface not supported

AUX user interface not supported

Yes

AUX user interface not supported

Console user interface not supported

3-2

Document Module Feature WX5002 WX5002V2 LS8M1WCMA0 WX5004 LSWM1WCM10 LSWM1WCM20

File system management configuration

Configuration file encryption

No No No No No Yes

Storage media supported

Flash CF Flash CF CF Flash

Device management configuration

License

Supports 32 concurrent APs by default, and can be extended to support 64.

No on the WX5002-12 8

Supports 32 concurrent APs by default, and can be extended to support 64.

No

Supports 64 concurren t APs by default, and can be extended to support

256.

Supports 64 concurrent APs by default, and can be extended to support 256.

Supports 32 concurrent APs by default, and can be extended to support 128.

Hot AC backup No Yes No Yes Yes No

WLAN Configuration Guide

WLAN services configuration

Maximum number of SSIDs supported

128 256 128 256 256 128

Combo port configuration

Yes Yes No Yes

No No

Shutting down an Ethernet interface

Yes Yes Yes Yes

Yes. Do not use the

shutdown command on internal interfaces; otherwise, the normal operation of the device will be affected.

Yes. Do not use the

shutdown command on internal interfaces; otherwise, the normal operation of the device will be affected.

Layer 2 – LAN Switching Configuration Guide

Ethernet interface configuration

Configuring flow control on an Ethernet interface

Yes Yes Yes Yes

No No

3-3

Document Module Feature WX5002 WX5002V2 LS8M1WCMA0 WX5004 LSWM1WCM10 LSWM1WCM20

Configuring loopback detection on an Ethernet interface

Yes on GE interfaces only

Internal loopback testing supported on GE interfaces only

Yes on GE interfaces only

Internal loopback testing supported on XGE interfaces only

Internal loopback testing supported on GE interfaces only

Link aggregation configuration

Link aggregation Yes Yes No Yes No Yes

MSTP Configuration STP No Yes No Yes No No Layer 2 forwarding

configuration

Layer 2 forwarding Yes No Yes No No No

Port mirroring configuration

Port mirroring

Remote port mirroring and cross-board mirroring not supported

No

Remote port mirroring and cross-boa rd mirroring not supported

No No

DNS configuration

IPv6 DNS configuration

Yes Yes Yes Yes Yes Yes

IP performance optimization configuration

Configuring ICMP to send error packets

Yes No No No No No

Adjacency table configuration

Displaying and maintaining adjacency table

No Yes No Yes Yes Yes

IPv6 basics configuration

Yes Yes Yes Yes Yes Yes

Layer 3 – IP Services Configuration Guide

IPv6 application configuration

Yes Yes Yes Yes Yes Yes

Layer 3 – IP Routing

IP routing basics configuration

IPv6 features Yes Yes Yes Yes Yes Yes

3-4

Document Module Feature WX5002 WX5002V2 LS8M1WCMA0 WX5004 LSWM1WCM10 LSWM1WCM20

Configuration Guide

IPv6 static routing configuration

Yes Yes Yes Yes Yes Yes

MLD snooping configuration

MLD snooping Yes Yes Yes Yes Yes Yes

IP Multicast Configuration Guide

IPv6 multicast VLAN configuration

IPv6 multicast VLAN Yes Yes Yes Yes Yes Yes

ACL configuration IPv6 ACL Yes Yes Yes Yes Yes Yes

Configuring line rate Yes Yes Yes Yes Yes Yes

ACL and QoS Configuration Guide

QoS

Configuring CAR applicable to all traffic of online users

No Yes No Yes Yes Yes

AAA

Specifying the device ID to be used in stateful failover mode

No Yes No Yes Yes No

Configuring Layer 3 portal authentication

No Yes No Yes Yes Yes

Specifying the portal group to which the portal service backup interface belongs

No Yes No Yes Yes No

Specifying the device ID to be used in stateful failover mode

No Yes No Yes Yes No

Portal configuration

Specifying the backup source IP address for RADIUS packets to be sent

No Yes No Yes Yes No

Security Configuration Guide

SSH2.0 configuration

Specifying a source IPv6 address or interface for an SSH client

Yes Yes Yes Yes Yes Yes

3-5

Document Module Feature WX5002 WX5002V2 LS8M1WCMA0 WX5004 LSWM1WCM10 LSWM1WCM20

Establishing a connection between an SSH client and an IPv6 SSH server

Yes Yes Yes Yes Yes Yes

Specifying a source IPv6 address or interface for an SFTP client

Yes Yes Yes Yes Yes Yes

Establishing a connection between an SFTP client and an IPv6 SFTP server

Yes Yes Yes Yes Yes Yes

IPv6 SFTP client Yes Yes Yes Yes Yes Yes

Security protection configuration

Management protocol packets supported

Telnet, SNMP, and web managemen t packets whose destination IP address is the local host

ICMP, IEC, Telnet, and SNMP packets whose destination IP address is the local host

Telnet, SNMP, and web management packets whose destination IP address is the local host

ICMP, IEC, Telnet, and SNMP packets whose destinatio n IP address is the local host

ICMP, IEC, Telnet, and SNMP packets whose destination IP address is the local host

3-6

Document Module Feature WX5002 WX5002V2 LS8M1WCMA0 WX5004 LSWM1WCM10 LSWM1WCM20

Other protocol packets supported

11MAC/802. 1X/ARP/DH CP/HWTAC AS/ICMP/IG MP/MLD/L WAPP/ND/ NTP/PIM/R ADIUS

Data packets: all packets except the above packets.

UDP/TCP/8

02.1X/DHC P/IGMP/NT P/ARP/LWA PP/LooPbac k/PPPoE/IA CTP/ACSEI/ STP/LWAP P_DATA/De fault

11MAC/802.1X/ ARP/DHCP/HW TACAS/ICMP/IG MP/MLD/LWAP P/ND/NTP/PIM /RADIUS

Data packets: all packets except the above packets.

UDP/TCP/

802.1X/D HCP/IGM P/NTP/AR P/LWAPP /LooPbac k/PPPoE/I ACTP/AC SEI/ STP/LWA PP_DATA /Default

UDP/TCP/802.1 X/DHCP/IGMP/ NTP/ARP/LWA PP/LooPback/P PPoE/IACTP/A CSEI/ STP/LWAPP_D ATA/Default

Enabling attack prevention for protocols

No Yes No Yes Yes Yes

Configuring rate limits for a protocol

No Yes No Yes Yes Yes

Network Management and Monitoring Configuration Guide

Information center configuration

Logfile No Yes No Yes Yes No

OAP module configuration

No Yes No Yes No No

ACSEI server configuration

No Yes No Yes No No

OAA Configuration Guide

OAA configuration

ACSEI client configuration

No Yes Yes Yes Yes Yes

Access Controller Module Basic Configuration Guide

Access Controller Module Basic Configuration

No No Yes No Yes Yes

3-7

Feature Matrix for the WX6000 Series

The switch interface module on the WX6103, and the LSQM1WCMB0, LSBM1WCM2A0, and LSRM1WCM2A1 access controller modules on the WX6000 series adopt the OAP architecture. Installed on the expansion slots of switches, they work as OAP cards to exchange data and status and control information with the switches through their internal service interfaces. The XGE interfaces on the switch interface module on the WX6103, and the LSQM1WCMB0, LSBM1WCM2A0, and LSWM1WCM10 access controller modules are internal interfaces. Do not configure services such as QoS rate limiting and 802.1X authentication on them.

Table 3-2 Feature matrix for the WX6000 series

Volume Module Feature WX6103 LSQM1WCMB0 LSBM1WCM2A0 LSRM1WCM2A1

AUX user interface No No No Yes Console user interface Yes Yes Yes Yes

Login configuration

Telnet Yes Yes

Yes (IPv6 telnet not supported)

Yes

User interface configuration

User interface type

AUX user interface not supported

File management configuration

Configuration file encryption

No No No No

Storage media supported CF and USB CF and USB CF and USB CF and USB

Fundamentals Configuration Guide

Device management configuration

License

128 APs at most by default, and can be extended to 640 APs.

WLAN Configuration WLAN services

Hot AC backup Yes Yes Yes Yes

3-8

Volume Module Feature WX6103 LSQM1WCMB0 LSBM1WCM2A0 LSRM1WCM2A1

Guide configuration

Maximum number of SSIDs supported

512 512 512 512

Combo port configuration

The MPU does not support the Combo port.

No No No

Shutting down an Ethernet interface

Yes Yes Yes Yes

Configuring flow control on an Ethernet interface

Internal loopback testing supported on XGE interfaces only

Ethernet interface configuration

Loopback detection on an Ethernet interface

No No No No

Link aggregation configuration

Link aggregation No No No No

MSTP Configuration STP No No No No Layer 2 forwarding

configuration

Layer 2 forwarding No No No No

Layer 2 – LAN Switching Configuration Guide

Port mirroring configuration

Port mirroring No No No No

DNS configuration IPv6 DNS configuration Yes Yes No Yes IP performance

optimization configuration

Configuring ICMP to send error packets

No No No No

Adjacency table configuration

Displaying and maintaining adjacency table

Yes Yes Yes Yes

IPv6 basics configuration

IPv6 basics configuration Yes Yes No Yes

Layer 3 – IP Services Configuration Guide

IPv6 application configuration

Yes Yes No Yes

3-9

Volume Module Feature WX6103 LSQM1WCMB0 LSBM1WCM2A0 LSRM1WCM2A1

IP routing basics configuration

IPv6-related displaying and maintaining commands

Yes Yes No Yes Layer 3 – IP Routing Configuration Guide

IPv6 static routing configuration

Yes Yes No Yes

MLD snooping configuration

MLD snooping Yes Yes No No IP Multicast Configuration Guide

IPv6 multicast VLAN configuration

IPv6 multicast VLAN Yes Yes No No

ACL configuration IPv6 ACL Yes Yes No Yes

Configuring line rate No No No No

ACL and QoS Configuration Guide

QoS

Configuring CAR

applicable to all traffic of

online users

Yes Yes Yes Yes

AAA configuration

Specifying the device ID

to be used in stateful

failover mode

Yes Yes Yes Yes

Configuring Layer 3

portal authentication

Yes Yes Yes Yes

Specifying the portal

group to which the portal

service backup interface

belongs

Yes Yes Yes Yes

Specifying the device ID

to be used in stateful

failover mode

Yes Yes Yes Yes

Portal configuration

Specifying the backup

source IP address for

RADIUS packets to be

sent

Yes Yes Yes Yes

Security Configuration Guide

SSH2.0 configuration

Specifying a source IPv6

address or interface for

an SSH client

Yes Yes No Yes

H3C WX5002V2, WX5004, WX6103, WX3024, WX3010 Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual