H3C WX Series Access Controllers
Web-Based Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 6W105-20101124
Copyright © 2008-2010, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
Notice
H3C, , Aolynk, , H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
2
G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C WX Series Access Controllers Web-Based Configuration Guide describes the web functions
of the WX series, such as quick start, web overview, wireless service configuration, security and
authentication related configurations, QoS configuration, and advanced settings.
This preface includes:
z Audience
z Conventions
z About the H3C WX Sereis Documentation Set
z Obtaining Documentation
z Technical Support
z Documentation Feedback
Audience
This documentation is intended for:
z Network planners
z Field technical support and servicing engineers
z Network administrators working with the WX series
Conventions
This section describes the conventions used in this documentation set.
GUI conventions
Convention Description
Boldface
>
Symbols
Convention Description
Window names, button names, field names, and menu items are in Boldface.
For example, the
Multi-level menus are separated by angle brackets. For example,
Folder
>
Means reader be extremely careful. Improper operation may cause bodily
injury.
Means reader be careful. Improper operation may cause data loss or damage to
equipment.
.
New User
window appears; click OK.
File
>
Create
Means an action or information that needs special attention to ensure
successful configuration or good performance.
Means a complementary description.
Convention Description
Network topology icons
Convention Description
Means techniques helpful for you to make configuration with ease.
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router
that supports Layer 2 forwarding and other Layer 2 features.
Represents an access controller, an access controller module, or a switching
engine on a unified switch.
Represents an access point.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
About the H3C WX Sereis Documentation Set
The H3C WX Series documentation set includes:
Category Documents Purposes
WX3000 Series Unified Wired and Wireless Switches
Product
description and
specifications
Hardware
specifications
and installation
Brochure
WX5000 Series Access Controllers Brochure
WX6000 Series Access Controllers Brochure
LSWM1WCM10 Access Controller Module Card
Manual
LSWM1WCM20 Access Controller Module Card
Manual
LSRM1WCM2A1 Access Controller Module Card
Manual
LSQM1WCMB0 Access Controller Module
Installation Manual
LSBM1WCM2A0 Access Controller Module
Installation Manual
Describe product specifications and
benefits.
Provide the hardware specifications
of the cards, and describe how to
install and remove the cards.
Guide you through hardware
specifications and installation
methods to help you install your
AC.
Category Documents Purposes
Guide you through the main
functions of your AC, and describes
how to install and log in to your AC,
perform basic configurations,
maintain software, and
troubleshoot your AC.
Describe software features and
configuration procedures.
Software
configuration
WX Series Access Controllers Getting Started Guides
WX Series Access Controllers Configuration Guides
WX Series Access Controllers Command References
WX Series Access Controllers Web-based
Configuration Guides
WX3000 Series Unified Switches Release Notes
Operations and
maintenance
WX5002 Series Access Controllers Release Notes
WX5004 Series Access Controllers Release Notes
WX6103 Series Access Controllers Release Notes
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at
http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, getting started, and software feature configuration and maintenance documentation.
Provide a quick reference to all
available commands.
Describes configuration procedures
through the web interface.
Provide information about the
product release, including the
version history, hardware and
software compatibility matrix,
version upgrade information,
technical support information, and
software upgrading.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with
the software version.
Technical Support
customer_service@h3c.com
http://www.h3c.com
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
z The H3C WX series access controller products include H3C access controllers, access controller
modules, and H3C WX series unified switches' a cce ss cont rolle r e ngine s. Suppo rt of the H3C WX
series access controllers for features and commands may vary by device model. For more
information, see "Feature Matrixes" in Compatibility Matrixes .
z The WX3000 series includes the WX3024, WX3010, and WX3008 unified switches.
z The WX5000 series includes the WX5002, WX5002V2, and WX5004 access controllers, and the
LS8M1WCMA0, LSWM1WCM10, and LSWM1WCM20 access controller modules.
z The WX6000 series includes the WX6103 access controllers, and the LSQM1WCMB0,
LSBM1WCM2A0, and LSRM1WCM2A1 access controller mod ules.
z The models listed in this manual are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
Table of Contents
1 Compatibility Matrix and Typical Network Scenarios............................................................................1-1
Access Controller Module and Ethernet Switch Compatibility Matrix.....................................................1-1
2 Applicable Models and Software Versions.............................................................................................2-1
3 Typical Network Scenarios.......................................................................................................................3-1
AC Networking........................................................................................................................................3-1
Access Controller Module Networking....................................................................................................3-1
Unified Switch Networking ......................................................................................................................3-2
4 Feature Matrixes........................................................................................................................................4-1
Feature Matrix for the WX5000 Series....................................................................................................4-1
Feature Matrix for the WX6000 Series....................................................................................................4-2
Feature Matrix for the WX3000 Series....................................................................................................4-4
5 Quick Start..................................................................................................................................................5-1
Overview.................................................................................................................................................5-1
Quick Start ..............................................................................................................................................5-1
Home Page of the Quick Start Wizard ............................................................................................5-1
Basic Configuration .........................................................................................................................5-2
Admin Configuration........................................................................................................................5-3
IP Configuration...............................................................................................................................5-4
Wireless Configuration ....................................................................................................................5-5
RADIUS Configuration.....................................................................................................................5-6
Portal Configuration.........................................................................................................................5-7
Encryption Configuration.................................................................................................................5-9
Guest Wireless Network Configuration .........................................................................................5-10
AP Configuration ...........................................................................................................................5-12
Configuration Summary.................................................................................................................5-13
6 Web Overview............................................................................................................................................6-1
Overview.................................................................................................................................................6-1
Logging In to the Web Interface..............................................................................................................6-1
Logging Out of the Web Interface...........................................................................................................6-2
Introduction to the Web Interface............................................................................................................6-2
Web User Level.......................................................................................................................................6-3
Introduction to the Web-Based NM Functions........................................................................................6-4
Introduction to the Controls on the Web Pages....................................................................................6-15
Configuration Guidelines.......................................................................................................................6-18
Troubleshooting Web Browser..............................................................................................................6-18
Cannot Access the Device Through the Web Interface................................................................6-18
7 Summary ....................................................................................................................................................7-1
Device Information Overview..................................................................................................................7-1
Device Info.......................................................................................................................................7-2
i
System Resource State...................................................................................................................7-3
Device Interface Information ...........................................................................................................7-3
Recent System Logs .......................................................................................................................7-3
Displaying WLAN Service.......................................................................................................................7-4
Displaying Detailed Information of WLAN Service..........................................................................7-4
Displaying Statistics of WLAN Service............................................................................................7-6
Displaying Connection History Information of WLAN Service.........................................................7-7
Displaying AP..........................................................................................................................................7-7
Displaying WLAN Service Information of an AP .............................................................................7-8
Displaying AP Connection History Information ...............................................................................7-8
Displaying AP Radio Information.....................................................................................................7-8
Displaying AP Detailed Information...............................................................................................7-10
Displaying Client ...................................................................................................................................7-14
Displaying Client Detailed Information ..........................................................................................7-14
Displaying Client Statistics ............................................................................................................7-16
Displaying Client Roaming Information.........................................................................................7-18
8 License .......................................................................................................................................................8-1
Overview.................................................................................................................................................8-1
Configuring License ................................................................................................................................8-1
9 Device Basic Information Configuration.................................................................................................9-1
Overview.................................................................................................................................................9-1
Configuring Device Basic Information.....................................................................................................9-1
Configuring System Name ..............................................................................................................9-1
Configuring Idle Timeout Period......................................................................................................9-2
10 Device Maintenance ..............................................................................................................................10-1
Software Upgrade.................................................................................................................................10-1
Reboot...................................................................................................................................................10-2
Diagnostic Information ..........................................................................................................................10-3
11 System Time...........................................................................................................................................11-1
System Time Overview.........................................................................................................................11-1
Configuring System Time......................................................................................................................11-1
Configuring System Time Manually...............................................................................................11-2
Configuring Network Time.............................................................................................................11-2
System Time Configuration Example....................................................................................................11-4
Configuration Guidelines.......................................................................................................................11-5
12 Syslog.....................................................................................................................................................12-1
Overview...............................................................................................................................................12-1
Configuring System Logs......................................................................................................................12-1
Configuration Task List..................................................................................................................12-1
Setting Syslog Related Parameters ..............................................................................................12-2
Displaying Syslog..........................................................................................................................12-2
Setting Loghost..............................................................................................................................12-4
13 Configuration Management..................................................................................................................13-1
Back Up Configuration..........................................................................................................................13-1
ii
Restore Configuration...........................................................................................................................13-2
Save Configuration................................................................................................................................13-2
Initialize .................................................................................................................................................13-3
14 File Management....................................................................................................................................14-1
Overview...............................................................................................................................................14-1
File Management Configuration............................................................................................................14-1
Displaying File List.........................................................................................................................14-1
Downloading a File........................................................................................................................14-2
Uploading a File.............................................................................................................................14-2
Removing a File.............................................................................................................................14-3
15 Interface Management...........................................................................................................................15-1
Overview...............................................................................................................................................15-1
Configuring Interface Management.......................................................................................................15-2
Displaying Interface Information and Statistics.............................................................................15-2
Creating an Interface.....................................................................................................................15-3
Editing an Interface........................................................................................................................15-6
Shutting Down/Bringing Up an Interface.......................................................................................15-7
16 Port Mirroring Configuration................................................................................................................16-1
Introduction to Port Mirroring ................................................................................................................16-1
Implementing Port Mirroring..........................................................................................................16-2
Other Supported Features.............................................................................................................16-2
Configuring Port Mirroring.....................................................................................................................16-2
Configuration Task List..................................................................................................................16-2
Creating a Mirroring Group............................................................................................................16-2
Configuring Ports for a Mirroring Group........................................................................................16-3
Configuration Examples........................................................................................................................16-4
Configuration Guidelines.......................................................................................................................16-6
17 User Management..................................................................................................................................17-1
Overview...............................................................................................................................................17-1
Users.....................................................................................................................................................17-1
Creating a User .............................................................................................................................17-1
Setting the Super Password..........................................................................................................17-3
Switching the User Access Level to the Management Level ........................................................17-4
18 SNMP Configuration..............................................................................................................................18-1
SNMP Overview....................................................................................................................................18-1
SNMP Mechanism.........................................................................................................................18-1
SNMP Protocol Version.................................................................................................................18-2
MIB Overview................................................................................................................................18-2
SNMP Configuration .............................................................................................................................18-4
Configuration Task List..................................................................................................................18-4
Enabling SNMP.............................................................................................................................18-5
Configuring an SNMP View...........................................................................................................18-6
Configuring an SNMP Community ................................................................................................18-8
Configuring an SNMP Group.........................................................................................................18-9
iii
Configuring an SNMP User.........................................................................................................18-10
Configuring SNMP Trap Function ...............................................................................................18-12
SNMP Configuration Examples ..........................................................................................................18-13
19 Loopback................................................................................................................................................19-1
Overview...............................................................................................................................................19-1
Loopback Operation..............................................................................................................................19-1
Configuration Guidelines.......................................................................................................................19-3
20 MAC Address Configuration ................................................................................................................20-1
Overview...............................................................................................................................................20-1
Configuring MAC Addresses.................................................................................................................20-2
Configuring a MAC Address Entry ................................................................................................20-2
Setting the Aging Time of MAC Address Entries ..........................................................................20-4
MAC Address Configuration Examples.................................................................................................20-4
21 VLAN Configuration ..............................................................................................................................21-1
Overview...............................................................................................................................................21-1
Introduction to VLAN .....................................................................................................................21-1
How VLAN Works..........................................................................................................................21-2
Types of VLAN ..............................................................................................................................21-3
Introduction to Port-Based VLAN..................................................................................................21-3
Configuring a VLAN ..............................................................................................................................21-4
Configuration Task List..................................................................................................................21-4
Creating a VLAN............................................................................................................................21-4
Modifying a VLAN..........................................................................................................................21-5
Modifying a Port.............................................................................................................................21-6
VLAN Configuration Example...............................................................................................................21-8
Configuration Guidelines.....................................................................................................................21-11
22 ARP Configuration.................................................................................................................................22-1
ARP Overview.......................................................................................................................................22-1
ARP Function ................................................................................................................................22-1
ARP Message Format...................................................................................................................22-1
ARP Operation ..............................................................................................................................22-2
ARP Table.....................................................................................................................................22-3
Configuring ARP Entries.......................................................................................................................22-4
Displaying ARP Entries .................................................................................................................22-4
Creating a Static ARP Entry..........................................................................................................22-4
Static ARP Configuration Example................................................................................................22-5
Gratuitous ARP.....................................................................................................................................22-8
Introduction to Gratuitous ARP......................................................................................................22-8
Configuring Gratuitous ARP..........................................................................................................22-8
23 ARP Attack Defense Configuration .....................................................................................................23-1
ARP Detection.......................................................................................................................................23-1
Introduction to ARP Detection.......................................................................................................23-1
Configuring ARP Detection ...........................................................................................................23-3
Other ARP Attack Defense Functions...................................................................................................23-4
iv
Overview........................................................................................................................................23-4
Configuring Other ARP Attack Defense Functions .......................................................................23-5
24 IGMP Snooping Configuration.............................................................................................................24-1
Overview...............................................................................................................................................24-1
Principle of IGMP Snooping..........................................................................................................24-1
IGMP Snooping Related Ports......................................................................................................24-2
Work Mechanism of IGMP Snooping............................................................................................24-3
Processing of Multicast Protocol Messages..................................................................................24-5
Protocols and Standards...............................................................................................................24-5
Configuring IGMP Snooping.................................................................................................................24-5
Configuration Task List..................................................................................................................24-5
Enabling IGMP Snooping Globally................................................................................................24-6
Configuring IGMP Snooping in a VLAN ........................................................................................24-7
Configuring IGMP Snooping Port Functions.................................................................................24-8
Display IGMP Snooping Multicast Entry Information ....................................................................24-9
IGMP Snooping Configuration Examples ...........................................................................................24-10
25 IPv4 and IPv6 Routing Configuration..................................................................................................25-1
Overview...............................................................................................................................................25-1
Routing Table................................................................................................................................25-1
Static Route...................................................................................................................................25-2
Default Route.................................................................................................................................25-2
Configuring IPv4 Routing......................................................................................................................25-2
Displaying the IPv4 Active Route Table........................................................................................25-2
Creating an IPv4 Static Route.......................................................................................................25-3
Configuring IPv6 Routing......................................................................................................................25-4
Displaying the IPv6 Active Route Table........................................................................................25-4
Creating an IPv6 Static Route.......................................................................................................25-4
Static Route Configuration Examples...................................................................................................25-5
IPv4 Static Route Configuration Example.....................................................................................25-5
IPv6 Static Route Configuration Example.....................................................................................25-7
Precautions...........................................................................................................................................25-9
26 DHCP Configuration..............................................................................................................................26-1
DHCP Overview....................................................................................................................................26-1
Introduction to DHCP.....................................................................................................................26-1
DHCP Address Allocation..............................................................................................................26-2
DHCP Message Format ................................................................................................................26-3
DHCP Options...............................................................................................................................26-4
Protocols and Standards...............................................................................................................26-6
DHCP Server Configuration..................................................................................................................26-6
Application environment................................................................................................................26-6
DHCP Address Pool......................................................................................................................26-6
IP Address Allocation Sequence...................................................................................................26-7
DHCP Server Configuration Task List...........................................................................................26-8
Enabling DHCP .............................................................................................................................26-8
Creating a Static Address Pool for the DHCP Server...................................................................26-9
v
Creating a Dynamic Address Pool for the DHCP Server............................................................26-11
Enabling the DHCP Server on an Interface.................................................................................26-12
DHCP Server Configuration Example.........................................................................................26-13
DHCP Relay Agent Configuration.......................................................................................................26-15
Application Environment..............................................................................................................26-15
Fundamentals..............................................................................................................................26-15
DHCP Relay Agent Configuration Task List................................................................................26-16
Enabling DHCP and Configuring Advanced Parameters for the DHCP Relay Agent.................26-17
Creating a DHCP Server Group..................................................................................................26-19
Enabling the DHCP Relay Agent on an Interface .......................................................................26-20
Configuring and Displaying Clients' IP-to-MAC Bindings............................................................26-20
DHCP Relay Agent Configuration Example................................................................................26-21
DHCP Snooping Configuration...........................................................................................................26-24
Functions of DHCP Snooping .....................................................................................................26-24
Application Environment of Trusted Ports...................................................................................26-25
DHCP Snooping Support for Option 82.......................................................................................26-26
DHCP Snooping Configuration Task List....................................................................................26-26
Enabling DHCP Snooping...........................................................................................................26-27
Configuring DHCP Snooping Functions on an Interface.............................................................26-27
Displaying Clients' IP-to-MAC Bindings ......................................................................................26-28
DHCP Snooping Configuration Example.....................................................................................26-29
27 DNS Configuration.................................................................................................................................27-1
Overview...............................................................................................................................................27-1
Static Domain Name Resolution ...................................................................................................27-1
Dynamic Domain Name Resolution ..............................................................................................27-1
DNS Proxy.....................................................................................................................................27-2
Configuring DNS...................................................................................................................................27-3
Configuration Overview.................................................................................................................27-3
Configuring Static Name Resolution Table ...................................................................................27-4
Configuring Dynamic Domain Name Resolution...........................................................................27-5
Configuring DNS Proxy .................................................................................................................27-6
Adding a DNS Server Address......................................................................................................27-7
Adding a Domain Name Suffix......................................................................................................27-7
DNS Configuration Example.................................................................................................................27-8
28 Service Management.............................................................................................................................28-1
Overview...............................................................................................................................................28-1
Configuring Service Management.........................................................................................................28-2
29 Diagnostic Tools....................................................................................................................................29-1
Overview...............................................................................................................................................29-1
Ping................................................................................................................................................29-1
Trace Route...................................................................................................................................29-2
Diagnostic Tool Operations...................................................................................................................29-2
Ping Operation...............................................................................................................................29-2
Trace Route Operation..................................................................................................................29-5
vi
30 AP Configuration...................................................................................................................................30-1
Overview...............................................................................................................................................30-1
Introduction to CAPWAP...............................................................................................................30-1
Configuring Auto AP......................................................................................................................30-2
Configuring AP Group ...................................................................................................................30-2
Configuring an AP.................................................................................................................................30-2
AP Setup .......................................................................................................................................30-2
Configuring Auto AP......................................................................................................................30-5
Configuring an AP Group..............................................................................................................30-7
31 Access Service Configuration..............................................................................................................31-1
Access Service Overview .....................................................................................................................31-1
Terminology...................................................................................................................................31-1
Client Access.................................................................................................................................31-2
WLAN Data Security......................................................................................................................31-5
Client Access Authentication.........................................................................................................31-6
802.11n..........................................................................................................................................31-8
Configuring Access Service..................................................................................................................31-9
Creating a WLAN Service..............................................................................................................31-9
Configuring Clear Type Wireless Service......................................................................................31-9
Configuring Crypto Type Wireless Service..................................................................................31-17
Security Parameter Dependencies..............................................................................................31-22
Binding an AP Radio to a Wireless Service ................................................................................31-23
Displaying the Detailed Information of a Wireless Service..........................................................31-25
Wireless Access Configuration Examples ..........................................................................................31-27
Wireless Service Configuration Example....................................................................................31-27
Auto AP Configuration Example..................................................................................................31-30
802.11n Configuration Example..................................................................................................31-35
WPA-PSK Authentication Configuration Example ......................................................................31-36
Local MAC Authentication Configuration Example .....................................................................31-39
Dynamic WEP Encryption-802.1X Authentication Configuration Example.................................31-43
32 Mesh Service Configuration.................................................................................................................32-1
Mesh Service Overview ........................................................................................................................32-1
Basic Concepts in WLAN Mesh ....................................................................................................32-1
Advantages of WLAN Mesh ..........................................................................................................32-2
Deployment Scenarios ..................................................................................................................32-2
WLAN Mesh Security ....................................................................................................................32-5
Mobile Link Switch Protocol ..........................................................................................................32-6
Mesh Network Topologies.............................................................................................................32-7
Configuring Mesh Service.....................................................................................................................32-8
Configuring Mesh Service .............................................................................................................32-8
Configuring a Mesh Policy...........................................................................................................32-12
Mesh Global Setup......................................................................................................................32-17
Configuring a Working Channel ..................................................................................................32-17
Enabling Radio............................................................................................................................32-18
Configuring a Peer MAC Address...............................................................................................32-18
vii
Displaying the Mesh Link Status.........................................................................................................32-19
Mesh Link Monitoring ..................................................................................................................32-19
Mesh Link test .............................................................................................................................32-20
WLAN Mesh Configuration Examples.................................................................................................32-20
Normal WLAN Mesh Configuration Example..............................................................................32-20
Subway WLAN Mesh Configuration Example.............................................................................32-24
Mesh Point-to-Multipoint Configuration Example........................................................................32-25
Tri-Radio Mesh Configuration Example ......................................................................................32-26
33 WLAN Roaming Configuration.............................................................................................................33-1
WLAN Roaming Overview ....................................................................................................................33-1
Terminology...................................................................................................................................33-1
WLAN Roaming Topologies..........................................................................................................33-2
Configuring WLAN Roaming.................................................................................................................33-5
Configuring a Roaming Group.......................................................................................................33-5
Adding a Group Member...............................................................................................................33-6
Displaying Client Information.........................................................................................................33-7
Wireless Roaming Configuration Example ...........................................................................................33-7
Intra-AC Roaming Configuration Example....................................................................................33-7
Inter-AC Roaming Configuration Example..................................................................................33-12
Traffic Redirection Configuration Example..................................................................................33-16
34 Radio Configuration..............................................................................................................................34-1
Radio Overview.....................................................................................................................................34-1
Channel Adjustment......................................................................................................................34-1
Power Adjustment .........................................................................................................................34-2
Radio Setup ..........................................................................................................................................34-4
Configuring Radio Parameters......................................................................................................34-4
Enabling a Radio...........................................................................................................................34-7
Locking the Channel......................................................................................................................34-7
Locking the Power.........................................................................................................................34-8
Configuring Data Transmit Rates..........................................................................................................34-9
Configuring 802.11a/802.11b/802.11g Rates ...............................................................................34-9
Configuring 802.11n MCS...........................................................................................................34-10
Configuring Channel Scanning...........................................................................................................34-12
Configuring Calibration........................................................................................................................34-13
Parameter Settings......................................................................................................................34-13
Configuring a Radio Group..........................................................................................................34-15
Calibration Operations.................................................................................................................34-17
Antenna...............................................................................................................................................34-20
Configuration Examples......................................................................................................................34-20
Manual Channel Adjustment Configuration Example..................................................................34-20
Automatic Power Adjustment Configuration Example.................................................................34-22
Radio Group Configuration Example...........................................................................................34-24
35 802.1X .....................................................................................................................................................35-1
Overview...............................................................................................................................................35-1
Architecture of 802.1X...................................................................................................................35-1
viii
Authentication Modes of 802.1X ...................................................................................................35-2
Basic Concepts of 802.1X.............................................................................................................35-2
EAP over LANs..............................................................................................................................35-3
EAP over RADIUS.........................................................................................................................35-5
802.1X Authentication Triggering..................................................................................................35-5
Authentication Process of 802.1X.................................................................................................35-6
802.1X Timers...............................................................................................................................35-9
802.1X Extensions.......................................................................................................................35-10
Features Working Together with 802.1X.....................................................................................35-10
Configuring 802.1X .............................................................................................................................35-12
Configuration Task List................................................................................................................35-12
Configuring 802.1X Globally........................................................................................................35-12
Configuring 802.1X on a Port......................................................................................................35-14
Configuration Guidelines.....................................................................................................................35-15
36 Portal Authentication ............................................................................................................................36-1
Overview...............................................................................................................................................36-1
Introduction to Extended Portal Functions ....................................................................................36-1
Portal System Components...........................................................................................................36-2
Portal System Using the Local Portal Server................................................................................36-3
Portal Authentication Modes .........................................................................................................36-4
Portal Authentication Process .......................................................................................................36-6
Configuring Portal Authentication .........................................................................................................36-8
Configuration Prerequisites...........................................................................................................36-8
Configuration Task List..................................................................................................................36-9
Configuring the Portal Service.......................................................................................................36-9
Configuring a Portal-Free Rule....................................................................................................36-12
Customizing Authentication Pages..............................................................................................36-14
Portal Authentication Configuration Example .....................................................................................36-15
37 AAA.........................................................................................................................................................37-1
Overview...............................................................................................................................................37-1
Introduction to AAA........................................................................................................................37-1
Introduction to ISP Domain ...........................................................................................................37-2
Configuring AAA....................................................................................................................................37-2
Configuration Prerequisites...........................................................................................................37-2
Configuration Task List..................................................................................................................37-3
Configuring an ISP Domain...........................................................................................................37-3
Configuring Authentication Methods for the ISP Domain..............................................................37-4
Configuring Authorization Methods for the ISP Domain................................................................37-6
Configuring Accounting Methods for the ISP Domain...................................................................37-8
AAA Configuration Example .................................................................................................................37-9
38 RADIUS...................................................................................................................................................38-1
Overview...............................................................................................................................................38-1
Introduction to RADIUS.................................................................................................................38-1
Client/Server Model.......................................................................................................................38-1
Security and Authentication Mechanisms.....................................................................................38-2
ix
Basic Message Exchange Process of RADIUS............................................................................38-2
RADIUS Packet Format.................................................................................................................38-3
Extended RADIUS Attributes ........................................................................................................38-6
Protocols and Standards.......................................................................................................................38-7
Configuring RADIUS.............................................................................................................................38-7
Configuration Task List..................................................................................................................38-7
Configuring RADIUS Servers........................................................................................................38-8
Configuring RADIUS Parameters..................................................................................................38-9
RADIUS Configuration Example.........................................................................................................38-12
Configuration Guidelines.....................................................................................................................38-18
39 Local EAP Service.................................................................................................................................39-1
Overview...............................................................................................................................................39-1
Configuring Local EAP Service.............................................................................................................39-1
Local EAP Service Configuration Example...........................................................................................39-2
40 Users.......................................................................................................................................................40-1
Overview...............................................................................................................................................40-1
Configuring Users .................................................................................................................................40-2
Configuring a Local User...............................................................................................................40-2
Configuring a User Group .............................................................................................................40-4
Configuring a Guest.......................................................................................................................40-5
Configuring a User Profile .............................................................................................................40-6
41 PKI...........................................................................................................................................................41-1
PKI Overview ........................................................................................................................................41-1
PKI Terms......................................................................................................................................41-1
Architecture of PKI.........................................................................................................................41-2
Applications of PKI ........................................................................................................................41-3
Operation of PKI............................................................................................................................41-3
Configuring PKI.....................................................................................................................................41-3
Configuration Task List..................................................................................................................41-3
Creating a PKI Entity.....................................................................................................................41-6
Creating a PKI Domain..................................................................................................................41-7
Generating an RSA Key Pair.........................................................................................................41-9
Destroying the RSA Key Pair ......................................................................................................41-10
Retrieving a Certificate................................................................................................................41-10
Requesting a Local Certificate ....................................................................................................41-12
Retrieving and Displaying a CRL ................................................................................................41-13
PKI Configuration Example.................................................................................................................41-13
Configuring a PKI Entity to Request a Certificate from a CA......................................................41-13
Configuration Guidelines.....................................................................................................................41-19
42 WLAN Security Configuration..............................................................................................................42-1
WLAN Security Overview......................................................................................................................42-1
Terminology...................................................................................................................................42-1
WIDS Attack Detection..................................................................................................................42-4
Frame Filtering ..............................................................................................................................42-4
x
Configuring Rogue Device Detection....................................................................................................42-5
Configuring AP Operating Mode ...................................................................................................42-5
Configuring Detection Rules..........................................................................................................42-7
Configuring Detection Rule Lists...................................................................................................42-9
Enabling Countermeasures and Configuring Aging Time for Detected Rogue Devices.............42-10
Displaying Monitor Record ..........................................................................................................42-10
Displaying History Record...........................................................................................................42-11
Configuring WIDS ...............................................................................................................................42-11
Configuring WIDS........................................................................................................................42-11
Displaying History Record...........................................................................................................42-12
Displaying Statistics Information .................................................................................................42-12
Configuring Frame Filtering ................................................................................................................42-13
Configuring Dynamic Blacklist.....................................................................................................42-13
Configuring Static Blacklist..........................................................................................................42-14
Configuring White List .................................................................................................................42-14
WLAN Security Configuration Example..............................................................................................42-15
Rogue Detection Configuration Example....................................................................................42-15
43 Authorized IP..........................................................................................................................................43-1
Overview...............................................................................................................................................43-1
Configuring Authorized IP.....................................................................................................................43-1
44 User Isolation.........................................................................................................................................44-1
User Isolation Overview........................................................................................................................44-1
Before User Isolation Is Enabled...................................................................................................44-1
After User Isolation Is Enabled......................................................................................................44-2
Configuring User Isolation.....................................................................................................................44-2
Configuration Procedure................................................................................................................44-2
Displaying User Isolation Information............................................................................................44-3
User Isolation Configuration Example...................................................................................................44-4
45 ACL Configuration.................................................................................................................................45-1
ACL Overview.......................................................................................................................................45-1
Introduction to IPv4 ACL................................................................................................................45-1
Introduction to IPv6 ACL................................................................................................................45-3
Effective Period of an ACL............................................................................................................45-4
ACL Step.......................................................................................................................................45-4
Configuring an ACL...............................................................................................................................45-5
Configuration Task List..................................................................................................................45-5
Configuring a Time Range ............................................................................................................45-5
Creating an IPv4 ACL....................................................................................................................45-7
Configuring a Rule for a Basic IPv4 ACL ......................................................................................45-7
Configuring a Rule for an Advanced IPv4 ACL.............................................................................45-9
Configuring a Rule for an Ethernet Frame Header ACL .............................................................45-11
Creating an IPv6 ACL..................................................................................................................45-13
Configuring a Rule for a Basic IPv6 ACL ....................................................................................45-14
Configuring a Rule for an Advanced IPv6 ACL...........................................................................45-15
Configuration Guidelines.....................................................................................................................45-17
xi
46 QoS Configuration.................................................................................................................................46-1
Overview...............................................................................................................................................46-1
QoS Overview ...............................................................................................................................46-1
Congestion ....................................................................................................................................46-2
CBQ...............................................................................................................................................46-3
Line Rate.......................................................................................................................................46-4
Priority Mapping.............................................................................................................................46-5
Configuring QoS....................................................................................................................................46-5
QoS Configuration Task List .........................................................................................................46-5
Configuring Line Rate....................................................................................................................46-7
Configuring Priority Mapping.........................................................................................................46-9
Creating a Class..........................................................................................................................46-11
Configuring Classification Rules..................................................................................................46-12
Creating a Traffic Behavior..........................................................................................................46-14
Configuring Actions in a Traffic Behavior....................................................................................46-15
Creating a Policy .........................................................................................................................46-17
Configuring Classifier-Behavior Associations for the Policy........................................................46-17
Applying a Policy to a Port ..........................................................................................................46-18
Applying a QoS policy to a WLAN Service..................................................................................46-19
Configuration Guidelines.....................................................................................................................46-20
47 ACL/QoS Configuration Example ........................................................................................................47-1
ACL/QoS Configuration Example .........................................................................................................47-1
Network Requirements..................................................................................................................47-1
Configuration Procedure................................................................................................................47-2
48 Wireless QoS Configuration.................................................................................................................48-1
Overview...............................................................................................................................................48-1
Terminology...................................................................................................................................48-1
WMM Protocol Overview...............................................................................................................48-2
Configuring Wireless QoS.....................................................................................................................48-4
Enabling Wireless QoS..................................................................................................................48-4
Setting SVP Mapping ....................................................................................................................48-4
Setting CAC Admission Policy ......................................................................................................48-5
Setting Radio EDCA Parameters..................................................................................................48-6
Setting Client EDCA Parameters ..................................................................................................48-7
Display the Radio Statistics...........................................................................................................48-8
Displaying the Client Statistics....................................................................................................48-10
Setting Rate Limiting ...................................................................................................................48-11
Wireless QoS Configuration Example.................................................................................................48-12
CAC Service Configuration Example ..........................................................................................48-12
SVP Service Configuration Example...........................................................................................48-13
49 Advanced Settings ................................................................................................................................49-1
Advanced Settings Overview................................................................................................................49-1
District Code..................................................................................................................................49-1
AC Backup.....................................................................................................................................49-1
Continuous Transmitting Mode .....................................................................................................49-3
xii
Channel Busy Test........................................................................................................................49-3
WLAN Load Balancing ..................................................................................................................49-4
AP Settings....................................................................................................................................49-6
Wireless Location..........................................................................................................................49-7
Configuring WLAN Advanced Settings.................................................................................................49-9
Setting a District Code...................................................................................................................49-9
Configuring AC Backup.................................................................................................................49-9
Configuring Load Balancing........................................................................................................49-13
Configuring AP ............................................................................................................................49-16
Configuring Wireless Location.....................................................................................................49-17
Advanced Setting Configuration Examples.........................................................................................49-18
AC Backup Configuration Example.............................................................................................49-18
AP-Based Session-Mode Load Balancing Configuration Example.............................................49-20
AP-Based Traffic-Mode Load Balancing Configuration Example ...............................................49-21
Group-Based Session-Mode Load Balancing Configuration Example .......................................49-23
Group-Based Traffic-Mode Load Balancing Configuration Example..........................................49-25
Wireless Location Configuration Example...................................................................................49-27
50 Stateful Failover Configuration............................................................................................................50-1
Overview...............................................................................................................................................50-1
Introduction to Stateful Failover.....................................................................................................50-1
Introduction to Stateful Failover States .........................................................................................50-2
Configuring Stateful Failover.................................................................................................................50-3
Stateful Failover Configuration Example...............................................................................................50-4
Configuration Guidelines.......................................................................................................................50-6
51 Index .......................................................................................................................................................51-1
xiii
1 Compatibility Matrix and Typical Network
Scenarios
Access Controller Module and Ethernet Switch Compatibility Matrix
Table 1-1 Access controller module and Ethernet switch compatibility matrix
Access controller module Ethernet switch model
S5800 series:
LSWM1WCM20
LSWM1WCM10
S5800-60C-PWR/S5800-32F/S5800-56C/S5800-32C/S5800-32C-PWR/S58
00-56C-PWR
S5800 series:
S5800-60C-PWR
S5820 series:
S5820-28C
LS8M1WCMA0
LSQM1WCMB0
LSBM1WCM2A0
LSRM1WCM2A1
S7500 series:
S7502/S7503/S7506/S7506R
S7500E series:
S7502E/S7503E-S/S7503E/S7506E-S/S7506E/S7506E-V/ S7510E
S9500 series:
S9512/S9508/S9508V/S9505
S9500E series:
S9505E/S9508E-V/S9512E
1-1
2 Applicable Models and Software Versions
H3C WX series access controllers include the WX3000 series unified switches, WX5000 and WX6000
series access controllers. Table 2-1
Table 2-1 Applicable models and software versions
Model Software version
WX3024 unified switches
shows the applicable models and software versions.
WX3010 unified switches
WX3008 unified switches
LSWM1WCM20 access controller module
WX5002 access controller
LS8M1WCMA0 access controller module
WX5002V2 access controller
WX5004 access controller
LSWM1WCM10 access controller module
WX6103 access controller
LSQM1WCMB0 access controller module
LSBM1WCM2A0 access controller module
LSRM1WCM2A1 access controller module
WX3000-CMW520-R3111P03
WX5002-CMW520-R1112
WX5004-CMW520-R2107P04
WX6103-CMW520-R2115P08
2-1
3 Typical Network Scenarios
AC Networking
As shown in Figure 3-1 , AC is connected to a switch (Layer 2 or Layer 3), which can be connected to
APs directly or connected to AP s over a network, and Clients can be connected to the network through
APs to implement WLAN user access.
Figure 3-1 AC networking
Access Controller Module Networking
As shown in Figure 3-2, installed with an access controller module, Switch (Layer 2 or Layer 3) can be
connected to APs directly or connected to APs over a network, and Clients can be connected to the
network through the APs to implement WLAN user access.
3-1
Figure 3-2 Access controller module networking
Unified Switch Networking
As shown in Figure 3-3, Unified switch can be connected to APs directly or connected to APs over a
network, and Clients can be connected to the network through the APs to implement WLAN user
access.
Figure 3-3 Unified switch networking diagram
3-2
4 Feature Matrixes
Feature Matrix for the WX5000 Series
The LS8M1WCMA0, LSWM1WCM10, and LSWM1WCM20 on the WX5000 series adopt the OAP
architecture. Installed on the expansion slots of switches, they work as OAP cards to exchange data,
status and control information with the switches through their internal service interfaces. Do not
configure services such as QoS, rate limiting and 802.1X authentication on GE interfaces on the
LS8M1WCMA0, XGE 1/0/1 on the LSWM1WCM10, and the logical interface BAGG1 aggregated by
GE1/0/1 and GE1/0/2 on the LSWM1WCM20.
Table 4-1 Feature matrix for the WX5000 series
Module Feature WX5002 WX5002V2
Summary Summary
Device
License
File
managem
ent
Interface
managem
ent
IPv6
supported
The
WX5002
supports
32
concurrent
APs by
default,
and can be
extended
to support
64
concurrent
APs.
Flash
supported
Configurati
on of IPv6
address for
an
interface is
supported.
IPv6
supported
The
WX5002V2
supports
32
concurrent
APs by
default,
and can be
extended
to support
64
concurrent
APs.
CF
supported
Configurati
on of IPv6
address for
an
interface is
supported.
LS8M1WC
MA0
IPv6
supported
Not
supported
Flash
supported
Configurati
on of IPv6
address for
an
interface is
supported.
WX5004
IPv6
supported
The
WX5004
supports
64
concurrent
APs by
default,
and can be
extended
to support
256
concurrent
APs.
CF
supported
Configurati
on of IPv6
address for
an
interface is
supported.
LSWM1W
CM10
IPv6
supported
The
LSWM1W
CM10
supports
64
concurrent
APs by
default,
and can be
extended
to support
256
concurrent
APs.
CF
supported
Configurati
on of IPv6
address for
an
interface is
supported.
LSWM1W
CM20
IPv6
supported
The
LSWM1W
CM20
supports
32
concurrent
APs by
default,
and can be
extended
to support
128
concurrent
APs.
Flash
supported
Configurati
on of IPv6
address for
an
interface is
supported.
4-1
Module Feature WX5002 WX5002V2
LS8M1WC
MA0
WX5004
LSWM1W
CM10
LSWM1W
CM20
Network
Port
mirroring
SNMP
Loopback
test
IPv6
routing
Diagnostic
tools
Remote
port
mirroring
and
cross-boar
d mirroring
not
supported
Configurati
on of IPv6
destination
addresses
is
supported
Supported
on GE
interfaces
Supported Supported Supported Supported Supported Supported
IPv6 ping
supported
Remote
port
mirroring
and
cross-boar
d mirroring
not
supported
Configurati
on of IPv6
destination
addresses
is
supported
Supported
on GE
interfaces
IPv6 ping
supported
Not
supported
Configurati
on of IPv6
destination
addresses
is
supported
Internal
loopback
testing
supported
on GE
interfaces
only
IPv6 ping
supported
Remote
port
mirroring
and
cross-boar
d mirroring
not
supported
Configurati
on of IPv6
destination
addresses
is
supported
Supported
on GE
interfaces
IPv6 ping
supported
Not
supported
Configurati
on of IPv6
destination
addresses
is
supported
Internal
loopback
testing
supported
on XGE
interfaces
only
IPv6 ping
supported
Not
supported
Configurati
on of IPv6
destination
addresses
is
supported
Internal
loopback
testing
supported
on GE
interfaces
only
IPv6 ping
supported
QoS
Advanced
High
availability
ACL IPv6 Supported Supported Supported Supported Supported Supported
Line rate Supported Supported Supported Supported Supported Supported
AC
backup
Stateful
failover
Supported Supported Supported Supported Supported
Not
supported
Supported
Not
supported
Feature Matrix for the WX6000 Series
The switch interface module on the WX6103, and the LSQM1WCMB0, LSBM1WCM2A0, and
LSRM1WCM2A1 access controller modules on the WX6000 series adopt the OAP architecture.
Installed on the expansion slots of switches, they work as OAP cards to exchange data, status and
control information with the switches through their internal service interfaces. The XGE interfaces on
the switch interface module on the WX6103, and the LSQM1WCMB0, LSBM1WCM2A0, and
LSWM1WCM10 access controller modules are internal interfaces. Therefore, you are not
recommended to configure services such as QoS rate limiting and 802.1X authentication on them.
Supported Supported
Not
supported
Not
supported
4-2
Table 4-2 Feature matrix for the WX6000 series
Module Feature WX6103 LSQM1WCMB0 LSBM1WCM2A0 LSRM1WCM2A1
Summary Summary
License
File
manageme
nt
Interface
Device
manageme
nt
Port
mirroring
SNMP
IPv6
supported
The
WX6103
supports 128
concurrent
APs by
default, and
can be
extended to
support 640
concurrent
APs.
CF and USB
supported
Configuratio
n of IPv6
address for
an interface
is supported.
Not
supported
Configuratio
n of IPv6
destination
addresses is
supported
IPv6 supported IPv6 not supported IPv6 supported
The
LSQM1WCMB0
supports 128
concurrent APs by
default, and can
be extended to
support 640
concurrent APs.
CF and USB
supported
Configuration of
IPv6 address for
an interface is
supported.
Not supported Not supported Not supported
Configuration of
IPv6 destination
addresses is
supported
The
LSBM1WCM2A0
supports 128
concurrent APs by
default, and can be
extended to support
640 concurrent APs.
CF and USB
supported
Configuration of
IPv6 address for an
interface is not
supported.
Configuration of
IPv6 destination
addresses is not
supported
The
LSRM1WCM2A1
supports 128
concurrent APs by
default, and can be
extended to support
640 concurrent APs.
CF and USB
supported
Configuration of IPv6
address for an
interface is
supported.
Configuration of IPv6
destination
addresses is
supported
Internal
loopback
Loopback
test
IPv6
Network
QoS
Advanced AC backup Supported Supported Supported Supported
High
availability
routing
Diagnostic
tools
ACL IPv6 Supported Supported Not supported Supported
Line rate Supported Supported Supported Supported
Stateful
failover
testing
supported
on XGE
interfaces
only
Supported Supported Not supported Supported
IPv6 ping
supported
Supported Supported Supported Supported
Internal loopback
testing supported
on XGE interfaces
only
IPv6 ping
supported
Internal loopback
testing supported on
XGE interfaces only
IPv6 ping not
supported
Internal loopback
testing supported on
XGE interfaces only
IPv6 ping supported
4-3
Feature Matrix for the WX3000 Series
The access controller engine and switching engine on the WX3000 series adopt the OAP architecture.
The switching engine is integrated on the access controller engine as an OAP card. You actually log in
to the access controller engine when you log in to the device by default. GE 1/0/1 interfaces on the
WX3024, WX3010 and WX3008 are used to exchange data, status and control information with
GE1/0/29 (WX3024), GE1/0/11 (WX3010) or GE1/0/9 (WX3008) on the switching engine. Therefore,
you are not recommended to configure services such as QoS rate limiting and 80 2.1X authentication on
these interfaces.
Table 4-3 Feature matrix for the WX3000 series
Module Feature WX3024 WX3010 WX3008
Summary Summary IPv6 not supported IPv6 not supported IPv6 not supported
The WX3024
License
supports 24
concurrent APs by
default, and can
be extended to
support 48
concurrent APs.
The WX3010 supports 12
concurrent APs by default,
and can be extended to
support 24 concurrent
APs.
Not supported
File
management
Device
Network
QoS
Advanced AC backup Not supported Not supported Not supported
Interface
management
Port mirroring Not supported Not supported Not supported
SNMP
Loopback test
IPv6 routing Not supported Not supported Not supported
Diagnostic
tools
ACL IPv6 Not supported Not supported Not supported
Line rate Not supported Not supported Not supported
Flash supported Flash supported Flash supported
Configuration of
IPv6 address for
an interface is not
supported.
IPv6 destination
addresses not
supported
Internal loopback
testing supported
on GE interfaces
only
IPv6 ping not
supported
Configuration of IPv6
address for an interface is
not supported.
IPv6 destination
addresses not supported
Internal loopback testing
supported on GE
interfaces only
IPv6 ping not supported IPv6 ping not supported
Configuration of IPv6
address for an interface is
not supported.
IPv6 destination
addresses not supported
Internal loopback testing
supported on GE
interfaces only
High
availability
Stateful failover Not supported Not supported Not supported
4-4
5 Quick Start
The sample output in this manual was created on the WX5004. The output on your device may
vary.
The grayed out functions or parameters on the Web interface indicate that they are not supported
or cannot be modified.
The models listed in this manual are not applicable to all regions. Please consult your local sales
office for the models applicable to your region.
Overview
The Quick Start wizard will lead you through the following configuration steps to make your device
available for use:
Basic Configuration
Admin Configuration
IP Configuration
Wireless Configuration
RADIUS Configuration
Portal Configuration
Encryption Configuration
Guest Wireless Network Configuration
AP Configuration
Quick Start
Home Page of the Quick Start Wizard
From the navigation tree, select Quick St art to enter the home page of the Q uick St art wizard, as shown
in Figure 5-1
.
5-1
Figure 5-1 Home page of the Quick Start wizard
Basic Configuration
On the Quick Start wizard page, click start to enter the basic configuration page, as shown in Figure
5-2.
5-2
Figure 5-2 Basic configuration page
Table 5-1
lists the configuration items of the basic configuration page.
Table 5-1 Configuration items of the basic configuration page
Item Description
System Name
Country Code
Time Zone Select a time zone for the system.
Time Specify the current time and date.
Specify the name of the current device.
By default, the system name of the device is H3C.
Select the code of the country where you are. This field defines the radio frequency
characteristics such as the power and the total number of channels for frame
transmission. Before configuring the device, you need to configure the country
code correctly.
If the Country Code field is grayed out, it cannot be modified.
Admin Configuration
On the basic configuration page, click Next to enter the Admin Configuration page, as shown in
Figure 5-3
.
5-3