H3C WX6000 User Manual

H3C WX Series Access Controllers

Web-Based Configuration Guide

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Document Version: 6W105-20101124

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

Notice

H3C, , Aolynk, , H3Care, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C WX Series Access Controllers Web-Based Configuration Guide describes the web functions of the WX series, such as quick start, web overview, wireless service configuration, security and authentication related configurations, QoS configuration, and advanced settings.

This preface includes:

z Audience z Conventions z About the H3C WX Sereis Documentation Set z Obtaining Documentation z Technical Support z Documentation Feedback

Audience

This documentation is intended for:

z Network planners z Field technical support and servicing engineers z Network administrators working with the WX series

Conventions

This section describes the conventions used in this documentation set.

GUI conventions

Convention Description

Boldface

Symbols

Convention Description

Window names, button names, field names, and menu items are in Boldface. For example, the

Multi-level menus are separated by angle brackets. For example,

Folder

Means reader be extremely careful. Improper operation may cause bodily injury.

Means reader be careful. Improper operation may cause data loss or damage to equipment.

New User

window appears; click OK.

File

Create

Means an action or information that needs special attention to ensure successful configuration or good performance.

Means a complementary description.

Convention Description

Network topology icons

Convention Description

Means techniques helpful for you to make configuration with ease.

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, an access controller module, or a switching engine on a unified switch.

Represents an access point.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

About the H3C WX Sereis Documentation Set

The H3C WX Series documentation set includes:

Category Documents Purposes

WX3000 Series Unified Wired and Wireless Switches

Product description and specifications

Hardware specifications and installation

Brochure WX5000 Series Access Controllers Brochure WX6000 Series Access Controllers Brochure LSWM1WCM10 Access Controller Module Card

Manual LSWM1WCM20 Access Controller Module Card

Manual LSRM1WCM2A1 Access Controller Module Card

Manual LSQM1WCMB0 Access Controller Module

Installation Manual LSBM1WCM2A0 Access Controller Module

Installation Manual

Describe product specifications and benefits.

Provide the hardware specifications of the cards, and describe how to install and remove the cards.

Guide you through hardware specifications and installation methods to help you install your AC.

Category Documents Purposes

Guide you through the main functions of your AC, and describes how to install and log in to your AC, perform basic configurations, maintain software, and troubleshoot your AC.

Describe software features and configuration procedures.

Software configuration

WX Series Access Controllers Getting Started Guides

WX Series Access Controllers Configuration Guides

WX Series Access Controllers Command References

WX Series Access Controllers Web-based Configuration Guides

WX3000 Series Unified Switches Release Notes

Operations and maintenance

WX5002 Series Access Controllers Release Notes WX5004 Series Access Controllers Release Notes

WX6103 Series Access Controllers Release Notes

Obtaining Documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, software

upgrading, getting started, and software feature configuration and maintenance documentation.

Provide a quick reference to all available commands.

Describes configuration procedures through the web interface.

Provide information about the product release, including the version history, hardware and software compatibility matrix, version upgrade information, technical support information, and software upgrading.

[Products & Solutions] – Provides information about products and technologies, as well as solutions. [Technical Support & Documents > Software Download] – Provides the documentation released with

the software version.

Technical Support

customer_service@h3c.com http://www.h3c.com

Documentation Feedback

You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

z The H3C WX series access controller products include H3C access controllers, access controller

modules, and H3C WX series unified switches' a cce ss cont rolle r e ngine s. Suppo rt of the H3C WX series access controllers for features and commands may vary by device model. For more information, see "Feature Matrixes" in Compatibility Matrixes.

z The WX3000 series includes the WX3024, WX3010, and WX3008 unified switches. z The WX5000 series includes the WX5002, WX5002V2, and WX5004 access controllers, and the

LS8M1WCMA0, LSWM1WCM10, and LSWM1WCM20 access controller modules.

z The WX6000 series includes the WX6103 access controllers, and the LSQM1WCMB0,

LSBM1WCM2A0, and LSRM1WCM2A1 access controller mod ules.

z The models listed in this manual are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

1 Compatibility Matrix and Typical Network Scenarios............................................................................1-1

Access Controller Module and Ethernet Switch Compatibility Matrix.....................................................1-1

2 Applicable Models and Software Versions.............................................................................................2-1

3 Typical Network Scenarios.......................................................................................................................3-1

AC Networking........................................................................................................................................3-1

Access Controller Module Networking....................................................................................................3-1

Unified Switch Networking ......................................................................................................................3-2

4 Feature Matrixes........................................................................................................................................4-1

Feature Matrix for the WX5000 Series....................................................................................................4-1

Feature Matrix for the WX6000 Series....................................................................................................4-2

Feature Matrix for the WX3000 Series....................................................................................................4-4

5 Quick Start..................................................................................................................................................5-1

Overview.................................................................................................................................................5-1

Quick Start ..............................................................................................................................................5-1

Home Page of the Quick Start Wizard ............................................................................................5-1

Basic Configuration .........................................................................................................................5-2

Admin Configuration........................................................................................................................5-3

IP Configuration...............................................................................................................................5-4

Wireless Configuration ....................................................................................................................5-5

RADIUS Configuration.....................................................................................................................5-6

Portal Configuration.........................................................................................................................5-7

Encryption Configuration.................................................................................................................5-9

Guest Wireless Network Configuration .........................................................................................5-10

AP Configuration ...........................................................................................................................5-12

Configuration Summary.................................................................................................................5-13

6 Web Overview............................................................................................................................................6-1

Overview.................................................................................................................................................6-1

Logging In to the Web Interface..............................................................................................................6-1

Logging Out of the Web Interface...........................................................................................................6-2

Introduction to the Web Interface............................................................................................................6-2

Web User Level.......................................................................................................................................6-3

Introduction to the Web-Based NM Functions........................................................................................6-4

Introduction to the Controls on the Web Pages....................................................................................6-15

Configuration Guidelines.......................................................................................................................6-18

Troubleshooting Web Browser..............................................................................................................6-18

Cannot Access the Device Through the Web Interface................................................................6-18

7 Summary ....................................................................................................................................................7-1

Device Information Overview..................................................................................................................7-1

Device Info.......................................................................................................................................7-2

System Resource State...................................................................................................................7-3

Device Interface Information ...........................................................................................................7-3

Recent System Logs .......................................................................................................................7-3

Displaying WLAN Service.......................................................................................................................7-4

Displaying Detailed Information of WLAN Service..........................................................................7-4

Displaying Statistics of WLAN Service............................................................................................7-6

Displaying Connection History Information of WLAN Service.........................................................7-7

Displaying AP..........................................................................................................................................7-7

Displaying WLAN Service Information of an AP .............................................................................7-8

Displaying AP Connection History Information ...............................................................................7-8

Displaying AP Radio Information.....................................................................................................7-8

Displaying AP Detailed Information...............................................................................................7-10

Displaying Client ...................................................................................................................................7-14

Displaying Client Detailed Information ..........................................................................................7-14

Displaying Client Statistics ............................................................................................................7-16

Displaying Client Roaming Information.........................................................................................7-18

8 License .......................................................................................................................................................8-1

Overview.................................................................................................................................................8-1

Configuring License ................................................................................................................................8-1

9 Device Basic Information Configuration.................................................................................................9-1

Overview.................................................................................................................................................9-1

Configuring Device Basic Information.....................................................................................................9-1

Configuring System Name ..............................................................................................................9-1

Configuring Idle Timeout Period......................................................................................................9-2

10 Device Maintenance ..............................................................................................................................10-1

Software Upgrade.................................................................................................................................10-1

Reboot...................................................................................................................................................10-2

Diagnostic Information ..........................................................................................................................10-3

11 System Time...........................................................................................................................................11-1

System Time Overview.........................................................................................................................11-1

Configuring System Time......................................................................................................................11-1

Configuring System Time Manually...............................................................................................11-2

Configuring Network Time.............................................................................................................11-2

System Time Configuration Example....................................................................................................11-4

Configuration Guidelines.......................................................................................................................11-5

12 Syslog.....................................................................................................................................................12-1

Overview...............................................................................................................................................12-1

Configuring System Logs......................................................................................................................12-1

Configuration Task List..................................................................................................................12-1

Setting Syslog Related Parameters ..............................................................................................12-2

Displaying Syslog..........................................................................................................................12-2

Setting Loghost..............................................................................................................................12-4

13 Configuration Management..................................................................................................................13-1

Back Up Configuration..........................................................................................................................13-1

Restore Configuration...........................................................................................................................13-2

Save Configuration................................................................................................................................13-2

Initialize .................................................................................................................................................13-3

14 File Management....................................................................................................................................14-1

Overview...............................................................................................................................................14-1

File Management Configuration............................................................................................................14-1

Displaying File List.........................................................................................................................14-1

Downloading a File........................................................................................................................14-2

Uploading a File.............................................................................................................................14-2

Removing a File.............................................................................................................................14-3

15 Interface Management...........................................................................................................................15-1

Overview...............................................................................................................................................15-1

Configuring Interface Management.......................................................................................................15-2

Displaying Interface Information and Statistics.............................................................................15-2

Creating an Interface.....................................................................................................................15-3

Editing an Interface........................................................................................................................15-6

Shutting Down/Bringing Up an Interface.......................................................................................15-7

16 Port Mirroring Configuration................................................................................................................16-1

Introduction to Port Mirroring ................................................................................................................16-1

Implementing Port Mirroring..........................................................................................................16-2

Other Supported Features.............................................................................................................16-2

Configuring Port Mirroring.....................................................................................................................16-2

Configuration Task List..................................................................................................................16-2

Creating a Mirroring Group............................................................................................................16-2

Configuring Ports for a Mirroring Group........................................................................................16-3

Configuration Examples........................................................................................................................16-4

Configuration Guidelines.......................................................................................................................16-6

17 User Management..................................................................................................................................17-1

Overview...............................................................................................................................................17-1

Users.....................................................................................................................................................17-1

Creating a User .............................................................................................................................17-1

Setting the Super Password..........................................................................................................17-3

Switching the User Access Level to the Management Level ........................................................17-4

18 SNMP Configuration..............................................................................................................................18-1

SNMP Overview....................................................................................................................................18-1

SNMP Mechanism.........................................................................................................................18-1

SNMP Protocol Version.................................................................................................................18-2

MIB Overview................................................................................................................................18-2

SNMP Configuration .............................................................................................................................18-4

Configuration Task List..................................................................................................................18-4

Enabling SNMP.............................................................................................................................18-5

Configuring an SNMP View...........................................................................................................18-6

Configuring an SNMP Community ................................................................................................18-8

Configuring an SNMP Group.........................................................................................................18-9

iii

Configuring an SNMP User.........................................................................................................18-10

Configuring SNMP Trap Function ...............................................................................................18-12

SNMP Configuration Examples ..........................................................................................................18-13

19 Loopback................................................................................................................................................19-1

Overview...............................................................................................................................................19-1

Loopback Operation..............................................................................................................................19-1

Configuration Guidelines.......................................................................................................................19-3

20 MAC Address Configuration ................................................................................................................20-1

Overview...............................................................................................................................................20-1

Configuring MAC Addresses.................................................................................................................20-2

Configuring a MAC Address Entry ................................................................................................20-2

Setting the Aging Time of MAC Address Entries ..........................................................................20-4

MAC Address Configuration Examples.................................................................................................20-4

21 VLAN Configuration ..............................................................................................................................21-1

Overview...............................................................................................................................................21-1

Introduction to VLAN .....................................................................................................................21-1

How VLAN Works..........................................................................................................................21-2

Types of VLAN ..............................................................................................................................21-3

Introduction to Port-Based VLAN..................................................................................................21-3

Configuring a VLAN ..............................................................................................................................21-4

Configuration Task List..................................................................................................................21-4

Creating a VLAN............................................................................................................................21-4

Modifying a VLAN..........................................................................................................................21-5

Modifying a Port.............................................................................................................................21-6

VLAN Configuration Example...............................................................................................................21-8

Configuration Guidelines.....................................................................................................................21-11

22 ARP Configuration.................................................................................................................................22-1

ARP Overview.......................................................................................................................................22-1

ARP Function ................................................................................................................................22-1

ARP Message Format...................................................................................................................22-1

ARP Operation ..............................................................................................................................22-2

ARP Table.....................................................................................................................................22-3

Configuring ARP Entries.......................................................................................................................22-4

Displaying ARP Entries .................................................................................................................22-4

Creating a Static ARP Entry..........................................................................................................22-4

Static ARP Configuration Example................................................................................................22-5

Gratuitous ARP.....................................................................................................................................22-8

Introduction to Gratuitous ARP......................................................................................................22-8

Configuring Gratuitous ARP..........................................................................................................22-8

23 ARP Attack Defense Configuration .....................................................................................................23-1

ARP Detection.......................................................................................................................................23-1

Introduction to ARP Detection.......................................................................................................23-1

Configuring ARP Detection ...........................................................................................................23-3

Other ARP Attack Defense Functions...................................................................................................23-4

Overview........................................................................................................................................23-4

Configuring Other ARP Attack Defense Functions .......................................................................23-5

24 IGMP Snooping Configuration.............................................................................................................24-1

Overview...............................................................................................................................................24-1

Principle of IGMP Snooping..........................................................................................................24-1

IGMP Snooping Related Ports......................................................................................................24-2

Work Mechanism of IGMP Snooping............................................................................................24-3

Processing of Multicast Protocol Messages..................................................................................24-5

Protocols and Standards...............................................................................................................24-5

Configuring IGMP Snooping.................................................................................................................24-5

Configuration Task List..................................................................................................................24-5

Enabling IGMP Snooping Globally................................................................................................24-6

Configuring IGMP Snooping in a VLAN ........................................................................................24-7

Configuring IGMP Snooping Port Functions.................................................................................24-8

Display IGMP Snooping Multicast Entry Information ....................................................................24-9

IGMP Snooping Configuration Examples ...........................................................................................24-10

25 IPv4 and IPv6 Routing Configuration..................................................................................................25-1

Overview...............................................................................................................................................25-1

Routing Table................................................................................................................................25-1

Static Route...................................................................................................................................25-2

Default Route.................................................................................................................................25-2

Configuring IPv4 Routing......................................................................................................................25-2

Displaying the IPv4 Active Route Table........................................................................................25-2

Creating an IPv4 Static Route.......................................................................................................25-3

Configuring IPv6 Routing......................................................................................................................25-4

Displaying the IPv6 Active Route Table........................................................................................25-4

Creating an IPv6 Static Route.......................................................................................................25-4

Static Route Configuration Examples...................................................................................................25-5

IPv4 Static Route Configuration Example.....................................................................................25-5

IPv6 Static Route Configuration Example.....................................................................................25-7

Precautions...........................................................................................................................................25-9

26 DHCP Configuration..............................................................................................................................26-1

DHCP Overview....................................................................................................................................26-1

Introduction to DHCP.....................................................................................................................26-1

DHCP Address Allocation..............................................................................................................26-2

DHCP Message Format ................................................................................................................26-3

DHCP Options...............................................................................................................................26-4

Protocols and Standards...............................................................................................................26-6

DHCP Server Configuration..................................................................................................................26-6

Application environment................................................................................................................26-6

DHCP Address Pool......................................................................................................................26-6

IP Address Allocation Sequence...................................................................................................26-7

DHCP Server Configuration Task List...........................................................................................26-8

Enabling DHCP .............................................................................................................................26-8

Creating a Static Address Pool for the DHCP Server...................................................................26-9

Creating a Dynamic Address Pool for the DHCP Server............................................................26-11

Enabling the DHCP Server on an Interface.................................................................................26-12

DHCP Server Configuration Example.........................................................................................26-13

DHCP Relay Agent Configuration.......................................................................................................26-15

Application Environment..............................................................................................................26-15

Fundamentals..............................................................................................................................26-15

DHCP Relay Agent Configuration Task List................................................................................26-16

Enabling DHCP and Configuring Advanced Parameters for the DHCP Relay Agent.................26-17

Creating a DHCP Server Group..................................................................................................26-19

Enabling the DHCP Relay Agent on an Interface .......................................................................26-20

Configuring and Displaying Clients' IP-to-MAC Bindings............................................................26-20

DHCP Relay Agent Configuration Example................................................................................26-21

DHCP Snooping Configuration...........................................................................................................26-24

Functions of DHCP Snooping .....................................................................................................26-24

Application Environment of Trusted Ports...................................................................................26-25

DHCP Snooping Support for Option 82.......................................................................................26-26

DHCP Snooping Configuration Task List....................................................................................26-26

Enabling DHCP Snooping...........................................................................................................26-27

Configuring DHCP Snooping Functions on an Interface.............................................................26-27

Displaying Clients' IP-to-MAC Bindings ......................................................................................26-28

DHCP Snooping Configuration Example.....................................................................................26-29

27 DNS Configuration.................................................................................................................................27-1

Overview...............................................................................................................................................27-1

Static Domain Name Resolution ...................................................................................................27-1

Dynamic Domain Name Resolution ..............................................................................................27-1

DNS Proxy.....................................................................................................................................27-2

Configuring DNS...................................................................................................................................27-3

Configuration Overview.................................................................................................................27-3

Configuring Static Name Resolution Table ...................................................................................27-4

Configuring Dynamic Domain Name Resolution...........................................................................27-5

Configuring DNS Proxy .................................................................................................................27-6

Adding a DNS Server Address......................................................................................................27-7

Adding a Domain Name Suffix......................................................................................................27-7

DNS Configuration Example.................................................................................................................27-8

28 Service Management.............................................................................................................................28-1

Overview...............................................................................................................................................28-1

Configuring Service Management.........................................................................................................28-2

29 Diagnostic Tools....................................................................................................................................29-1

Overview...............................................................................................................................................29-1

Ping................................................................................................................................................29-1

Trace Route...................................................................................................................................29-2

Diagnostic Tool Operations...................................................................................................................29-2

Ping Operation...............................................................................................................................29-2

Trace Route Operation..................................................................................................................29-5

30 AP Configuration...................................................................................................................................30-1

Overview...............................................................................................................................................30-1

Introduction to CAPWAP...............................................................................................................30-1

Configuring Auto AP......................................................................................................................30-2

Configuring AP Group ...................................................................................................................30-2

Configuring an AP.................................................................................................................................30-2

AP Setup .......................................................................................................................................30-2

Configuring Auto AP......................................................................................................................30-5

Configuring an AP Group..............................................................................................................30-7

31 Access Service Configuration..............................................................................................................31-1

Access Service Overview .....................................................................................................................31-1

Terminology...................................................................................................................................31-1

Client Access.................................................................................................................................31-2

WLAN Data Security......................................................................................................................31-5

Client Access Authentication.........................................................................................................31-6

802.11n..........................................................................................................................................31-8

Configuring Access Service..................................................................................................................31-9

Creating a WLAN Service..............................................................................................................31-9

Configuring Clear Type Wireless Service......................................................................................31-9

Configuring Crypto Type Wireless Service..................................................................................31-17

Security Parameter Dependencies..............................................................................................31-22

Binding an AP Radio to a Wireless Service ................................................................................31-23

Displaying the Detailed Information of a Wireless Service..........................................................31-25

Wireless Access Configuration Examples ..........................................................................................31-27

Wireless Service Configuration Example....................................................................................31-27

Auto AP Configuration Example..................................................................................................31-30

802.11n Configuration Example..................................................................................................31-35

WPA-PSK Authentication Configuration Example ......................................................................31-36

Local MAC Authentication Configuration Example .....................................................................31-39

Dynamic WEP Encryption-802.1X Authentication Configuration Example.................................31-43

32 Mesh Service Configuration.................................................................................................................32-1

Mesh Service Overview ........................................................................................................................32-1

Basic Concepts in WLAN Mesh ....................................................................................................32-1

Advantages of WLAN Mesh ..........................................................................................................32-2

Deployment Scenarios ..................................................................................................................32-2

WLAN Mesh Security ....................................................................................................................32-5

Mobile Link Switch Protocol ..........................................................................................................32-6

Mesh Network Topologies.............................................................................................................32-7

Configuring Mesh Service.....................................................................................................................32-8

Configuring Mesh Service .............................................................................................................32-8

Configuring a Mesh Policy...........................................................................................................32-12

Mesh Global Setup......................................................................................................................32-17

Configuring a Working Channel ..................................................................................................32-17

Enabling Radio............................................................................................................................32-18

Configuring a Peer MAC Address...............................................................................................32-18

vii

Displaying the Mesh Link Status.........................................................................................................32-19

Mesh Link Monitoring ..................................................................................................................32-19

Mesh Link test .............................................................................................................................32-20

WLAN Mesh Configuration Examples.................................................................................................32-20

Normal WLAN Mesh Configuration Example..............................................................................32-20

Subway WLAN Mesh Configuration Example.............................................................................32-24

Mesh Point-to-Multipoint Configuration Example........................................................................32-25

Tri-Radio Mesh Configuration Example ......................................................................................32-26

33 WLAN Roaming Configuration.............................................................................................................33-1

WLAN Roaming Overview ....................................................................................................................33-1

Terminology...................................................................................................................................33-1

WLAN Roaming Topologies..........................................................................................................33-2

Configuring WLAN Roaming.................................................................................................................33-5

Configuring a Roaming Group.......................................................................................................33-5

Adding a Group Member...............................................................................................................33-6

Displaying Client Information.........................................................................................................33-7

Wireless Roaming Configuration Example ...........................................................................................33-7

Intra-AC Roaming Configuration Example....................................................................................33-7

Inter-AC Roaming Configuration Example..................................................................................33-12

Traffic Redirection Configuration Example..................................................................................33-16

34 Radio Configuration..............................................................................................................................34-1

Radio Overview.....................................................................................................................................34-1

Channel Adjustment......................................................................................................................34-1

Power Adjustment .........................................................................................................................34-2

Radio Setup ..........................................................................................................................................34-4

Configuring Radio Parameters......................................................................................................34-4

Enabling a Radio...........................................................................................................................34-7

Locking the Channel......................................................................................................................34-7

Locking the Power.........................................................................................................................34-8

Configuring Data Transmit Rates..........................................................................................................34-9

Configuring 802.11a/802.11b/802.11g Rates ...............................................................................34-9

Configuring 802.11n MCS...........................................................................................................34-10

Configuring Channel Scanning...........................................................................................................34-12

Configuring Calibration........................................................................................................................34-13

Parameter Settings......................................................................................................................34-13

Configuring a Radio Group..........................................................................................................34-15

Calibration Operations.................................................................................................................34-17

Antenna...............................................................................................................................................34-20

Configuration Examples......................................................................................................................34-20

Manual Channel Adjustment Configuration Example..................................................................34-20

Automatic Power Adjustment Configuration Example.................................................................34-22

Radio Group Configuration Example...........................................................................................34-24

35 802.1X .....................................................................................................................................................35-1

Overview...............................................................................................................................................35-1

Architecture of 802.1X...................................................................................................................35-1

viii

Authentication Modes of 802.1X ...................................................................................................35-2

Basic Concepts of 802.1X.............................................................................................................35-2

EAP over LANs..............................................................................................................................35-3

EAP over RADIUS.........................................................................................................................35-5

802.1X Authentication Triggering..................................................................................................35-5

Authentication Process of 802.1X.................................................................................................35-6

802.1X Timers...............................................................................................................................35-9

802.1X Extensions.......................................................................................................................35-10

Features Working Together with 802.1X.....................................................................................35-10

Configuring 802.1X .............................................................................................................................35-12

Configuration Task List................................................................................................................35-12

Configuring 802.1X Globally........................................................................................................35-12

Configuring 802.1X on a Port......................................................................................................35-14

Configuration Guidelines.....................................................................................................................35-15

36 Portal Authentication ............................................................................................................................36-1

Overview...............................................................................................................................................36-1

Introduction to Extended Portal Functions ....................................................................................36-1

Portal System Components...........................................................................................................36-2

Portal System Using the Local Portal Server................................................................................36-3

Portal Authentication Modes .........................................................................................................36-4

Portal Authentication Process .......................................................................................................36-6

Configuring Portal Authentication .........................................................................................................36-8

Configuration Prerequisites...........................................................................................................36-8

Configuration Task List..................................................................................................................36-9

Configuring the Portal Service.......................................................................................................36-9

Configuring a Portal-Free Rule....................................................................................................36-12

Customizing Authentication Pages..............................................................................................36-14

Portal Authentication Configuration Example .....................................................................................36-15

37 AAA.........................................................................................................................................................37-1

Overview...............................................................................................................................................37-1

Introduction to AAA........................................................................................................................37-1

Introduction to ISP Domain ...........................................................................................................37-2

Configuring AAA....................................................................................................................................37-2

Configuration Prerequisites...........................................................................................................37-2

Configuration Task List..................................................................................................................37-3

Configuring an ISP Domain...........................................................................................................37-3

Configuring Authentication Methods for the ISP Domain..............................................................37-4

Configuring Authorization Methods for the ISP Domain................................................................37-6

Configuring Accounting Methods for the ISP Domain...................................................................37-8

AAA Configuration Example .................................................................................................................37-9

38 RADIUS...................................................................................................................................................38-1

Overview...............................................................................................................................................38-1

Introduction to RADIUS.................................................................................................................38-1

Client/Server Model.......................................................................................................................38-1

Security and Authentication Mechanisms.....................................................................................38-2

Basic Message Exchange Process of RADIUS............................................................................38-2

RADIUS Packet Format.................................................................................................................38-3

Extended RADIUS Attributes ........................................................................................................38-6

Protocols and Standards.......................................................................................................................38-7

Configuring RADIUS.............................................................................................................................38-7

Configuration Task List..................................................................................................................38-7

Configuring RADIUS Servers........................................................................................................38-8

Configuring RADIUS Parameters..................................................................................................38-9

RADIUS Configuration Example.........................................................................................................38-12

Configuration Guidelines.....................................................................................................................38-18

39 Local EAP Service.................................................................................................................................39-1

Overview...............................................................................................................................................39-1

Configuring Local EAP Service.............................................................................................................39-1

Local EAP Service Configuration Example...........................................................................................39-2

40 Users.......................................................................................................................................................40-1

Overview...............................................................................................................................................40-1

Configuring Users .................................................................................................................................40-2

Configuring a Local User...............................................................................................................40-2

Configuring a User Group .............................................................................................................40-4

Configuring a Guest.......................................................................................................................40-5

Configuring a User Profile .............................................................................................................40-6

41 PKI...........................................................................................................................................................41-1

PKI Overview ........................................................................................................................................41-1

PKI Terms......................................................................................................................................41-1

Architecture of PKI.........................................................................................................................41-2

Applications of PKI ........................................................................................................................41-3

Operation of PKI............................................................................................................................41-3

Configuring PKI.....................................................................................................................................41-3

Configuration Task List..................................................................................................................41-3

Creating a PKI Entity.....................................................................................................................41-6

Creating a PKI Domain..................................................................................................................41-7

Generating an RSA Key Pair.........................................................................................................41-9

Destroying the RSA Key Pair ......................................................................................................41-10

Retrieving a Certificate................................................................................................................41-10

Requesting a Local Certificate ....................................................................................................41-12

Retrieving and Displaying a CRL ................................................................................................41-13

PKI Configuration Example.................................................................................................................41-13

Configuring a PKI Entity to Request a Certificate from a CA......................................................41-13

Configuration Guidelines.....................................................................................................................41-19

42 WLAN Security Configuration..............................................................................................................42-1

WLAN Security Overview......................................................................................................................42-1

Terminology...................................................................................................................................42-1

WIDS Attack Detection..................................................................................................................42-4

Frame Filtering ..............................................................................................................................42-4

Configuring Rogue Device Detection....................................................................................................42-5

Configuring AP Operating Mode ...................................................................................................42-5

Configuring Detection Rules..........................................................................................................42-7

Configuring Detection Rule Lists...................................................................................................42-9

Enabling Countermeasures and Configuring Aging Time for Detected Rogue Devices.............42-10

Displaying Monitor Record ..........................................................................................................42-10

Displaying History Record...........................................................................................................42-11

Configuring WIDS ...............................................................................................................................42-11

Configuring WIDS........................................................................................................................42-11

Displaying History Record...........................................................................................................42-12

Displaying Statistics Information .................................................................................................42-12

Configuring Frame Filtering ................................................................................................................42-13

Configuring Dynamic Blacklist.....................................................................................................42-13

Configuring Static Blacklist..........................................................................................................42-14

Configuring White List .................................................................................................................42-14

WLAN Security Configuration Example..............................................................................................42-15

Rogue Detection Configuration Example....................................................................................42-15

43 Authorized IP..........................................................................................................................................43-1

Overview...............................................................................................................................................43-1

Configuring Authorized IP.....................................................................................................................43-1

44 User Isolation.........................................................................................................................................44-1

User Isolation Overview........................................................................................................................44-1

Before User Isolation Is Enabled...................................................................................................44-1

After User Isolation Is Enabled......................................................................................................44-2

Configuring User Isolation.....................................................................................................................44-2

Configuration Procedure................................................................................................................44-2

Displaying User Isolation Information............................................................................................44-3

User Isolation Configuration Example...................................................................................................44-4

45 ACL Configuration.................................................................................................................................45-1

ACL Overview.......................................................................................................................................45-1

Introduction to IPv4 ACL................................................................................................................45-1

Introduction to IPv6 ACL................................................................................................................45-3

Effective Period of an ACL............................................................................................................45-4

ACL Step.......................................................................................................................................45-4

Configuring an ACL...............................................................................................................................45-5

Configuration Task List..................................................................................................................45-5

Configuring a Time Range ............................................................................................................45-5

Creating an IPv4 ACL....................................................................................................................45-7

Configuring a Rule for a Basic IPv4 ACL ......................................................................................45-7

Configuring a Rule for an Advanced IPv4 ACL.............................................................................45-9

Configuring a Rule for an Ethernet Frame Header ACL .............................................................45-11

Creating an IPv6 ACL..................................................................................................................45-13

Configuring a Rule for a Basic IPv6 ACL ....................................................................................45-14

Configuring a Rule for an Advanced IPv6 ACL...........................................................................45-15

Configuration Guidelines.....................................................................................................................45-17

46 QoS Configuration.................................................................................................................................46-1

Overview...............................................................................................................................................46-1

QoS Overview ...............................................................................................................................46-1

Congestion ....................................................................................................................................46-2

CBQ...............................................................................................................................................46-3

Line Rate.......................................................................................................................................46-4

Priority Mapping.............................................................................................................................46-5

Configuring QoS....................................................................................................................................46-5

QoS Configuration Task List .........................................................................................................46-5

Configuring Line Rate....................................................................................................................46-7

Configuring Priority Mapping.........................................................................................................46-9

Creating a Class..........................................................................................................................46-11

Configuring Classification Rules..................................................................................................46-12

Creating a Traffic Behavior..........................................................................................................46-14

Configuring Actions in a Traffic Behavior....................................................................................46-15

Creating a Policy .........................................................................................................................46-17

Configuring Classifier-Behavior Associations for the Policy........................................................46-17

Applying a Policy to a Port ..........................................................................................................46-18

Applying a QoS policy to a WLAN Service..................................................................................46-19

Configuration Guidelines.....................................................................................................................46-20

47 ACL/QoS Configuration Example ........................................................................................................47-1

ACL/QoS Configuration Example .........................................................................................................47-1

Network Requirements..................................................................................................................47-1

Configuration Procedure................................................................................................................47-2

48 Wireless QoS Configuration.................................................................................................................48-1

Overview...............................................................................................................................................48-1

Terminology...................................................................................................................................48-1

WMM Protocol Overview...............................................................................................................48-2

Configuring Wireless QoS.....................................................................................................................48-4

Enabling Wireless QoS..................................................................................................................48-4

Setting SVP Mapping ....................................................................................................................48-4

Setting CAC Admission Policy ......................................................................................................48-5

Setting Radio EDCA Parameters..................................................................................................48-6

Setting Client EDCA Parameters ..................................................................................................48-7

Display the Radio Statistics...........................................................................................................48-8

Displaying the Client Statistics....................................................................................................48-10

Setting Rate Limiting ...................................................................................................................48-11

Wireless QoS Configuration Example.................................................................................................48-12

CAC Service Configuration Example ..........................................................................................48-12

SVP Service Configuration Example...........................................................................................48-13

49 Advanced Settings ................................................................................................................................49-1

Advanced Settings Overview................................................................................................................49-1

District Code..................................................................................................................................49-1

AC Backup.....................................................................................................................................49-1

Continuous Transmitting Mode .....................................................................................................49-3

xii

Channel Busy Test........................................................................................................................49-3

WLAN Load Balancing ..................................................................................................................49-4

AP Settings....................................................................................................................................49-6

Wireless Location..........................................................................................................................49-7

Configuring WLAN Advanced Settings.................................................................................................49-9

Setting a District Code...................................................................................................................49-9

Configuring AC Backup.................................................................................................................49-9

Configuring Load Balancing........................................................................................................49-13

Configuring AP ............................................................................................................................49-16

Configuring Wireless Location.....................................................................................................49-17

Advanced Setting Configuration Examples.........................................................................................49-18

AC Backup Configuration Example.............................................................................................49-18

AP-Based Session-Mode Load Balancing Configuration Example.............................................49-20

AP-Based Traffic-Mode Load Balancing Configuration Example ...............................................49-21

Group-Based Session-Mode Load Balancing Configuration Example .......................................49-23

Group-Based Traffic-Mode Load Balancing Configuration Example..........................................49-25

Wireless Location Configuration Example...................................................................................49-27

50 Stateful Failover Configuration............................................................................................................50-1

Overview...............................................................................................................................................50-1

Introduction to Stateful Failover.....................................................................................................50-1

Introduction to Stateful Failover States .........................................................................................50-2

Configuring Stateful Failover.................................................................................................................50-3

Stateful Failover Configuration Example...............................................................................................50-4

Configuration Guidelines.......................................................................................................................50-6

51 Index .......................................................................................................................................................51-1

xiii

1 Compatibility Matrix and Typical Network

Scenarios

Access Controller Module and Ethernet Switch Compatibility Matrix

Table 1-1 Access controller module and Ethernet switch compatibility matrix

Access controller module Ethernet switch model

S5800 series:

LSWM1WCM20

LSWM1WCM10

S5800-60C-PWR/S5800-32F/S5800-56C/S5800-32C/S5800-32C-PWR/S58 00-56C-PWR

S5800 series: S5800-60C-PWR S5820 series: S5820-28C

LS8M1WCMA0

LSQM1WCMB0

LSBM1WCM2A0

LSRM1WCM2A1

S7500 series: S7502/S7503/S7506/S7506R

S7500E series: S7502E/S7503E-S/S7503E/S7506E-S/S7506E/S7506E-V/ S7510E

S9500 series: S9512/S9508/S9508V/S9505

S9500E series: S9505E/S9508E-V/S9512E

1-1

2 Applicable Models and Software Versions

H3C WX series access controllers include the WX3000 series unified switches, WX5000 and WX6000 series access controllers. Table 2-1

Table 2-1 Applicable models and software versions

Model Software version

WX3024 unified switches

shows the applicable models and software versions.

WX3010 unified switches WX3008 unified switches LSWM1WCM20 access controller module WX5002 access controller LS8M1WCMA0 access controller module WX5002V2 access controller WX5004 access controller LSWM1WCM10 access controller module WX6103 access controller LSQM1WCMB0 access controller module LSBM1WCM2A0 access controller module LSRM1WCM2A1 access controller module

WX3000-CMW520-R3111P03

WX5002-CMW520-R1112

WX5004-CMW520-R2107P04

WX6103-CMW520-R2115P08

2-1

3 Typical Network Scenarios

AC Networking

As shown in Figure 3-1, AC is connected to a switch (Layer 2 or Layer 3), which can be connected to APs directly or connected to AP s over a network, and Clients can be connected to the network through APs to implement WLAN user access.

Figure 3-1 AC networking

Access Controller Module Networking

As shown in Figure 3-2, installed with an access controller module, Switch (Layer 2 or Layer 3) can be connected to APs directly or connected to APs over a network, and Clients can be connected to the network through the APs to implement WLAN user access.

3-1

Figure 3-2 Access controller module networking

Unified Switch Networking

As shown in Figure 3-3, Unified switch can be connected to APs directly or connected to APs over a network, and Clients can be connected to the network through the APs to implement WLAN user access.

Figure 3-3 Unified switch networking diagram

3-2

4 Feature Matrixes

Feature Matrix for the WX5000 Series

The LS8M1WCMA0, LSWM1WCM10, and LSWM1WCM20 on the WX5000 series adopt the OAP architecture. Installed on the expansion slots of switches, they work as OAP cards to exchange data, status and control information with the switches through their internal service interfaces. Do not configure services such as QoS, rate limiting and 802.1X authentication on GE interfaces on the LS8M1WCMA0, XGE 1/0/1 on the LSWM1WCM10, and the logical interface BAGG1 aggregated by GE1/0/1 and GE1/0/2 on the LSWM1WCM20.

Table 4-1 Feature matrix for the WX5000 series

Module Feature WX5002 WX5002V2

Summary Summary

Device

License

File managem ent

Interface managem ent

IPv6 supported

The WX5002 supports 32 concurrent APs by default, and can be extended to support 64 concurrent APs.

Flash supported

Configurati on of IPv6 address for an interface is supported.

IPv6 supported

The WX5002V2 supports 32 concurrent APs by default, and can be extended to support 64 concurrent APs.

CF supported

Configurati on of IPv6 address for an interface is supported.

LS8M1WC

MA0

IPv6 supported

Not supported

Flash supported

Configurati on of IPv6 address for an interface is supported.

WX5004

IPv6 supported

The WX5004 supports 64 concurrent APs by default, and can be extended to support 256 concurrent APs.

CF supported

Configurati on of IPv6 address for an interface is supported.

LSWM1W

CM10

IPv6 supported

The LSWM1W CM10 supports 64 concurrent APs by default, and can be extended to support 256 concurrent APs.

CF supported

Configurati on of IPv6 address for an interface is supported.

LSWM1W

CM20

IPv6 supported

The LSWM1W CM20 supports 32 concurrent APs by default, and can be extended to support 128 concurrent APs.

Flash supported

Configurati on of IPv6 address for an interface is supported.

4-1

Module Feature WX5002 WX5002V2

LS8M1WC

MA0

WX5004

LSWM1W

CM10

LSWM1W

CM20

Network

Port mirroring

SNMP

Loopback test

IPv6 routing

Diagnostic tools

Remote port mirroring and cross-boar d mirroring not supported