Professional Documents
Culture Documents
Networking Requirements
As shown in Figure 2-1, a Fat AP is connected to the Internet in wired mode and connects to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime.
The requirements are as follows:
l A WLAN named wlan-net is available.
l Router functions as a DHCP server to assign IP addresses to STAs.
Figure 2-1 Networking diagram for configuring basic Layer 2 WLAN services
Service VLAN:VLAN101
GE0/0/0
FAT AP VLAN101 Router
10.23.101.2/24
STA Internet
GE1/0/0
10.23.101.1/24
STA
Data planning
Item Data
Configuration Roadmap
1. Configure Router as a DHCP server to assign IP addresses to STAs.
2. Configure basic WLAN services using the WLAN configuration wizard.
3. Configure the AP channel and transmit power.
4. Associate STAs to the WLAN to verify services.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see 2.9.1 Multicast Packet Suppression Is Not Configured, Causing
Slow Network Access of STAs.
Procedure
Step 1 Configure Router as a DHCP server to assign IP addresses to STAs.
# Configure Router as a DHCP server to assign IP addresses to STAs from the IP address pool
on GE1/0/0.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
[Router] dhcp enable
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] ip address 10.23.101.1 24
[Router-GigabitEthernet1/0/0] dhcp select interface
[Router-GigabitEthernet1/0/0] dhcp server excluded-ip-address 10.23.101.2
[Router-GigabitEthernet1/0/0] quit
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
3. Click OK.
Step 5 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. STAs can associate with the WLAN and obtain IP addresses on the network segment
10.23.101.x/24.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
----End
Networking Requirements
As shown in Figure 2-2, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime.
The requirements are as follows:
l A WLAN named wlan-net is available.
l Enterprise employees are assigned IP addresses on the network segment 10.23.101.0/24.
Figure 2-2 Networking diagram for configuring basic Layer 3 WLAN services
Service VLAN:VLAN101
GE0/0/0
FAT AP VLAN200 Router
10.23.200.1/24
STA Internet
GE1/0/0
VLAN200
10.23.200.2/24
STA
Data planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure Router to communicate with the AP.
2. Configure basic WLAN services using the WLAN configuration wizard.
3. Configure the AP channel and transmit power.
4. Associate STAs to the WLAN to verify services.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see 2.9.1 Multicast Packet Suppression Is Not Configured, Causing
Slow Network Access of STAs.
Procedure
Step 1 Configure the network devices.
# Add GE1/0/0 on Router to VLAN 200. Create VLANIF 200 and set its IP address to
10.23.200.2/24.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 200
[Router] interface gigabitethernet 1/0/0
[Router-GigabitEthernet1/0/0] port link-type trunk
[Router-GigabitEthernet1/0/0] port trunk allow-pass vlan 200
[Router-GigabitEthernet1/0/0] quit
[Router] interface vlanif 200
[Router-Vlanif200] ip address 10.23.200.2 24
[Router-Vlanif200] quit
# Click Finish.
3. Configure Internet connections.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 200 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
# Click OK.
2. Configure a default route.
# Choose Configuration > IP Service > Route. The Route page is displayed.
# Click Create in Static Route Configuration Table and create a static route.
# Click OK.
Step 5 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
----End
Networking Requirements
As shown in Figure 2-3, a Fat AP is connected to the Internet in wired mode and connected to
STAs in wireless mode. An enterprise branch needs to deploy basic WLAN services for
mobile office so that enterprise employees can access the enterprise internal network
anywhere, anytime. The administrator wants enterprise employees to access the public
network using public IP addresses.
The requirements are as follows:
Figure 2-3 Networking diagram for configuring STAs to access the public network through
NAT
Service VLAN:VLAN101
GE0/0/0
FAT AP VLAN200
202.169.10.1/24
STA Internet
202.169.10.2/24
STA
Data planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic WLAN services using the WLAN configuration wizard.
2. Configure the AP channel and transmit power.
3. Configure NAT so that users can access the public network using public IP addresses.
4. Associate STAs to the WLAN to verify services.
Configuration Notes
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large number of such multicast packets are sent from the
network side, the air interfaces may be congested. You are advised to configure multicast
packet suppression on switch interfaces connected to APs to reduce impact of a large number
of low-rate multicast packets on the wireless network. Exercise caution when configuring the
rate limit; otherwise, the multicast services may be affected. For details on how to configure
traffic suppression, see 2.9.1 Multicast Packet Suppression Is Not Configured, Causing
Slow Network Access of STAs.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connections.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 200 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 2 Set the AP channel and power.
1. Disable automatic channel and power calibration functions of AP radios, and manually
configure the AP channel and power.
NOTE
Automatic channel and power calibration functions are enabled by default. The manual channel and
power configurations take effect only when these two functions are disabled.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
# Click Radio Management. The Radio 0 Setting(2.4G) page is displayed.
# On the Radio 0 Setting(2.4G) page, disable automatic channel and power calibration
functions, and set the AP channel to 20-MHz channel 6 and transmit power to 127 dBm.
# Click OK.
2. Configure a default route.
# Choose Configuration > IP Service > Route. The Route page is displayed.
# Click Create in Static Route Configuration Table and create a static route.
# Click OK.
Step 4 Configure an ACL.
1. Choose Configuration > Security > ACL. The Basic ACL Settings page is displayed.
2. Click Create. On the Create Basic ACL page that is displayed, set ACL parameters.
3. Click OK.
4. In the new ACL, click Add Rule. On the Add Rule page, set ACL parameters.
5. Click OK.
Step 5 Configure NAT.
1. Choose Configuration > IP Service > NAT. The NAT page is displayed.
2. Click Create in NAT Mapping and create a NAT mapping.
3. Click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. STAs can access the public network successfully.
----End
Service Requirements
Because the WLAN is open to users, there are potential security risks if no security policy is
configured for the WLAN. Users do not require high WLAN security, so no authentication
server is required. A WEP or WPA/WPA2 (pre-shared key) security policy can be configured.
STAs support WPA/WPA2, TKIP encryption, and AES encryption, so pre-shared key
authentication and AES encryption are used to secure data transmission.
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data preparation
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Set the security
policy to WPA-WPA2 PSK and AES.
2. Configure radio calibration.
3. Connect STAs to the WLAN to verify the configuration.
NOTE
During AP deployment, you can manually specify the working channels of the APs based on the network
planning or configure the radio calibration function to enable the APs to automatically select the optimal
channels. This example uses the latter configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 2 Enable radio calibration to allow APs to automatically select the optimal channels.
1. Enable automatic channel and power calibration functions of radios.
NOTE
Radio 0 is used as an example. The configuration for other radios is similar and will not be mentioned
here.
# Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
The following example configures a 2G radio profile. The configuration of the 5G radio profile is
similar.
# Choose Radio0 > Radio Management > Radio Profile. On the Radio Profile
configuration page that is displayed, retain the default parameter settings in the radio
profile.
# Click next to Radio Profile. The profiles referenced by the radio profile are
displayed.
3. Create an air scan profile and configure the scan channel set, scan interval, and scan
duration.
# Click Air Scan Profile in Radio Profile. The air scan profile configuration page is
displayed.
# Click Create. On the Create Air Scan Profile page that is displayed, enter the profile
name wlan-airscan and click OK. The air scan profile configuration page is displayed.
# Configure the scan channel set, scan interval, and scan duration.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. The STA can access the WLAN after the wireless user enters the password.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1x
and RADIUS authentication and set RADIUS server parameters.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
Step 2 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
Step 5 Verify the configuration.
l The WLAN with SSID wlan-net is available for STAs connected to the AP.
l The wireless PC obtains an IP address after it associates with the WLAN.
l Use the 802.1x authentication client on a STA and enter the correct user name and
password. The STA is authenticated and can access the WLAN. You must configure the
client for PEAP authentication.
– Configuration on the Windows XP operating system:
i. On the Association tab page of the Wireless network properties dialog box,
add SSID wlan-net, set the authentication mode to WPA2, and encryption
algorithm to AES.
ii. On the Authentication tab page, set EAP type to PEAP and click Properties.
In the Protected EAP Properties dialog box, deselect Validate server
certificate and click Configure. In the displayed dialog box, deselect
Automatically use my Windows logon name and password and click OK.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure Portal and
RADIUS authentication and set parameters of the external Portal server and RADIUS
server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Specify network resources accessible to authentication-free users.
5. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
# Configure a Portal server and set the port number and shared key to provide the web
authentication page.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
2. Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile >
Authentication-free Rule Profile. The Authentication-free Rule Profile page is
displayed.
3. Set Authentication-free Rule Profile to default_free_rule.
4. Click Create. On the Create Authentication-free Rule page that is displayed, set Rule
ID to 1 and the authentication-free resource to the IP address of the DNS server.
5. Click OK.
6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that
is displayed, click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. When you open the browser on the STA, you are redirected to the Portal authentication
page. After you enter the correct user name and password and are successfully
authenticated, you can access the Internet.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure MAC
address and RADIUS authentication and set parameters of the RADIUS server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Add GE0/0/1 and GE0/0/3 on the aggregation switch to VLAN 101.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
Step 2 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
Step 5 Configure MAC authentication.
1. Create the authentication profile wlan-net.
# Choose Configuration > WLAN Service > WLAN Config > Radio 0. The Radio 0
page is displayed.
# Choose VAP Configuration > wlan-net > Authentication Profile. The
Authentication Profile page is displayed.
# Click Create. On the Create Authentication Profile page that is displayed, enter the
profile name wlan-net and click OK. The authentication profile configuration page is
displayed.
# Set Access mode to MAC authentication and Authentication mode to RADIUS
authentication.
# Click Apply. In the dialog box that is displayed, click OK.
# Click under RADIUS Server Profile. The RADIUS Server Profile page is
displayed.
# Click Create. On the Create RADIUS Server Profile page that is displayed, set
Profile name to wlan-net and Profile default shared key to huawei@123.
# Click Create Server. In the Create Server Configuration dialog box that is
displayed, configure the RADIUS server parameters.
# Click OK. On the Create RADIUS Server Profile page that is displayed, select the
created RADIUS server and click OK. On the RADIUS Server Profile page that is
displayed, select the created RADIUS server profile wlan-net and click OK.
# Click Apply. In the dialog box that is displayed, click OK.
Step 6 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Figure 2-8 Configuring the RADIUS server and AP to deliver user group rights to users
Data Planning
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services. Configure 802.1x
and RADIUS authentication and set RADIUS server parameters.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Configure a static route so that the AP forwards the packet to the router after receiving
the packet from the STA.
4. Configure the user group.
5. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure the switches and router.
# Assign an IP address 10.23.101.2/24 to GE1/0/0 on Router and configure the router as the
default gateway for the AP.
# Configure a RADIUS server, configure a user name and password, and set the shared key to
huawei123.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 3 Configure DNS.
NOTE
Configure the DNS server as required. The common methods are as follows:
l In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the
VLANIF interface view.
l In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool
view.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
3. Click OK.
Step 5 Configure user group rights.
1. Create ACL 3002 that denies access to the FTP server 10.23.103.1/24.
# Choose Configuration > Security > ACL > Advanced ACL Settings. The
Advanced ACL Settings page is displayed.
# Click Create. In the Create Advanced ACL page that is displayed, set the ACL name
to ACL3002 and number to 3002, and click OK.
# Click Add Rule and add a rule.
# Click OK.
2. Create the QoS profile huawei, and set the rate limits of uplink and downlink traffic to 3
Mbit/s and 5 Mbit/s respectively.
# Choose Configuration > Security > User Group > QoS Profile. The QoS Profile
page is displayed.
# Click Create. On the Create QoS Profile page that is displayed, set parameters.
# Click OK.
3. Create the user group huawei, and bind ACL 3002 and QoS profile huawei to the user
group, and enable intra-group and inter-group isolation.
# Choose Configuration > Security > User Group > User Group. The User Group
page is displayed.
# Click Create. On the Create User Group page that is displayed, set parameters.
# Click OK.
4. Bind the user group huawei to the authentication profile wlan-net.
# Choose Configuration > Security > AAA > Authentication Profile. The
Authentication Profile page is displayed.
# Click wlan-net, select the user group huawei on the parameter setting page of the
authentication profile
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Two users go online and they cannot ping each other.
----End
Service Requirements
WLAN is open to users and therefore has potential security risks. To manage access users in a
centralized manner, Portal authentication is configured on the FAT AP. Any user that attempts
to access the WLAN is redirected to the Portal authentication page. Users are authorized to
access the WLAN after entering the correct user names and passwords. If the enterprise has a
few number of users, the FAT AP can function as the Portal server to authenticate users
locally to reduce costs. Built-in Portal authentication requires no additional Portal server,
allowing for easy and flexible deployment. However, as the Portal server, the FAT AP
provides only basic web functions (such as user login and logout) but cannot replace an
independent Portal server or provide extended functions of an external Portal server.
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Planning
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Select WLAN Wizard to configure WLAN services on the FAT AP. On the web
platform, the HTTPS service is enabled and an SSL policy is applied. When configuring
a built-in Portal server, configure the same SSL policy for the built-in Portal server.
2. Configure a DNS server address in the DHCP address pool of the service VLAN to
provide the DNS service for the STA.
3. Specify network resources accessible to authentication-free users.
4. Complete service verification.
Procedure
Step 1 Configure WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID. Set Security settings to Portal
(applicable to enterprise networks) and Portal server to Built-in Portal server.
Under Built-in Portal Server Configuration, configure the server IP address and port
number.
# Click Manage next to Local user. The Local User page is displayed
# Click Create. The Create Local User page is displayed.
# Set Creation mode to Manually add and configure the local user name and password.
# Click OK.
# On the Create Local User page, select the new user and click OK.
# Click Next. The IP and Rate page is displayed.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool
List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
2. Configure the DNS server address for the STA and click OK.
5. Click OK.
6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that
is displayed, click OK.
Step 4 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. When a user browses a web page, the browser automatically redirects the user to the
Portal authentication page. After entering the correct user name and password, the user
passes the authentication and can access the web page.
4. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
Step 5 Maintain local user information.
# Choose Configuration > Security > AAA > Local User. Click a user name to modify the
password of the user. Click Delete to delete the selected user. Click Create to add a local user.
The following image shows adding a user.
----End
Service Requirements
To improve user experience and reduce burden on the 2.4 GHz frequency band, customers
require that STAs preferentially connect to the 5 GHz frequency band.
Networking Requirements
As shown in Figure 2-10, 2.4 GHz and 5 GHz wireless networks are deployed in the
conference hall. The AP works on dual frequency bands. STAs connected to the APs support
both 2.4 GHz and 5 GHz frequency bands.
Service VLAN:VLAN101
GE0/0/0
FAT AP VLAN101 Router
10.23.101.2/24
STA Internet
GE1/0/0
10.23.101.1/24
STA
Data preparation
Item Data
Configuration Roadmap
Configure the band steering function and proper band steering parameters so that users can
preferentially access the 5 GHz frequency band.
Configuration Notes
l Use AP that supports both 5 GHz and 2.4 GHz frequency bands and configure the same
SSID and security policy on the 5 GHz and 2.4 GHz radios.
l To allow a STA to preferentially associate with the 5 GHz radio and achieve a better
access effect, configure larger power for the 5 GHz radio than the 2.4 GHz radio.
l No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets,
they are usually sent at low rates. If a large number of such multicast packets are sent
from the network side, the air interfaces may be congested. You are advised to configure
multicast packet suppression on switch interfaces connected to APs to reduce impact of a
large number of low-rate multicast packets on the wireless network. Exercise caution
when configuring the rate limit; otherwise, the multicast services may be affected. For
details on how to configure traffic suppression, see 2.9.1 Multicast Packet Suppression
Is Not Configured, Causing Slow Network Access of STAs.
Procedure
Step 1 Configure the band steering function.
1. Enable the band steering function in the VAP profile wlan-net. By default, the band
steering function is enabled.
# Choose Configuration > WLAN Service > Profile.
# Choose Wireless Service > VAP Profile in Profile Management. The VAP Profile
List page is displayed.
# Click wlan-net. The VAP profile page is displayed.
# Enable the band steering function on the VAP profile page.
2. # In the RRM profile, configure load balancing between radios to prevent heavy load on
a single radio. Set the start threshold for load balancing between radios to 15, and the
load difference threshold to 25%.
# Choose Radio Management > RRM Profile in Profile Management. The RRM
Profile List page is displayed.
# Click the RRM profile default. The RRM profile configuration page is displayed.
# Set the start threshold for load balancing between radios to 15, and the load difference
threshold to 25% on the RRM profile configuration page.
----End
Networking Requirements
l DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to
STAs.
Data Preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure wireless services on the AP. For details, see 2.1 Example for Configuring
Fat AP Layer 2 Networking.
2. Configure WIDS and WIPS to detect and contain rogue APs and prevent STAs from
associating with the rogue APs. Add attacking devices to the dynamic blacklist so that
the APs discard packets from the attacking devices.
3. Verify the configuration.
NOTE
In this example, the AP works in normal mode and has the air interface scan function enabled; therefore, the
AP radios provide the monitoring function while transmitting common WLAN service data. When the AP
periodically scans channels, services may be interrupted for a short time. In this situation, the AP can only
take countermeasures on the channel used by WLAN services. To take countermeasures on all channels, you
need to configure the AP to work in monitor mode. However, WLAN services are unavailable in this mode.
The following example configures WIDS and WIPS on radio 0. The configuration on radio 1 is similar.
Procedure
Step 1 Enable WIDS and WIPS.
1. Choose Configuration > WLAN Service > WLAN Config > Radio0. The Radio0
page is displayed.
2. Click Radio Management. The configuration page of radio 0 is displayed.
3. Enable device detection, rogue device containment, flood attack detection, and WPA2-
PSK attack detection.
4. Click Apply. In the Info dialog box that is displayed, click OK.
Step 2 Set parameters related to WIDS and WIPS.
1. Choose Configuration > Security > WIDS > Global Settings. The Global Settings
page is displayed.
2. Set the rogue device containment mode and parameters for detection of brute force key
cracking attacks and flood attacks, and enable the dynamic blacklist function.
3. Click Apply. In the Info dialog box that is displayed, click OK.
Step 3 Set the aging time of the dynamic blacklist.
1. Choose Configuration > WLAN Service > Basic Config > STA Blacklist And
Whitelist.
2. Set Dynamic blacklist aging time to 200 seconds.
3. Click Apply. In the Info dialog box that is displayed, click OK.
Step 4 Verify the configuration.
1. Choose Configuration > Security > WIDS.
2. Check information about detected rogue devices on the Rogue Device tab page.
3. Check statistics on all detected attacks on the Attack Statistics tab page.
4. Check detailed information about attacks on the Attack Records tab page.
5. Check information about attack devices in the blacklist on the Dynamic Blacklist tab
page.
----End
Networking Requirements
On the network of a shopping mall shown in Figure 2-12, a Fat AP interconnects with a
location server through a switch. It is required that the Fat AP provide Wi-Fi access for STAs
while implementing the passenger flow analysis function with the help of the location server.
GE0/0/0
STA VLAN 101
Network
FAT AP Switch
STA
Location ser
Data preparation
Item Data
Item Data
Configuration Roadmap
1. Configure basic WLAN services so that users can connect to the internal network
through the WLAN.
2. Configure the passenger flow analysis function so that APs can periodically scan
channels to collect radio signals and report the collected information to the location
server.
Procedure
Step 1 Configure the location server (details are not provided here).
Step 2 Configure basic WLAN services based on data planning. For details, see 2.1 Example for
Configuring Fat AP Layer 2 Networking.
Step 3 Configure the WLAN air scan function.
1. Create an air scan profile.
# Choose Configuration > WLAN Service > Profile > Radio Management > Air
Scan Profile. The Air Scan Profile List page is displayed.
# Click Create to create the air scan profile wlan-air-scan and click OK.
# Set Probe channel set to Country code channels.
# Click Apply.
2. Configure the 2G radio profile and bind the air scan profile to the 2G radio profile.
# Choose Configuration > WLAN Service > Profile > Radio Management > 2G
Radio Profile.
# Click next to the 2G radio profile default in Profile Management. The profiles
referenced by the 2G radio profile are displayed. Click Air Scan Profile.
# Click Apply.
3. Configure the 5G radio profile and bind the air scan profile to the 5G radio profile.
# Choose Configuration > WLAN Service > Profile > Radio Management > 5G
Radio Profile.
# Click next to the 5G radio profile default in Profile Management. The profiles
referenced by the 5G radio profile are displayed. Click Air Scan Profile.
# Click Apply.
# Choose Configuration > WLAN Service > Profile > WLAN Location > WLAN
Location Profile. The WLAN Location Profile List page is displayed.
# Click Create to create the location profile wlan-location and click OK.
# Click Apply.
2. Apply the location profile to radio 0.
# Choose Configuration > WLAN Service > WLAN Config > Radio0 > WLAN
Location > WLAN Location Profile, select wlan-location, and click Apply.
3. Apply the location profile to radio 1.
# Choose Configuration > WLAN Service > WLAN Config > Radio1 > WLAN
Location > WLAN Location Profile, select wlan-location, and click Apply.
Check and collect statistics about STA online duration through the location server.
----End
Figure 2-13 Networking diagram for configuring WMM and priority mapping
Data Preparation
Item Data
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Enable WMM in the radio profile and configure voice and video services to
preferentially use bandwidth on the wireless side.
3. Retain the default priority mapping in the traffic profile to ensure that voice and video
services can be preferentially forwarded on the wired side.
4. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
The following example configures a 2G radio profile. The configuration of the 5G radio profile is similar.
# Choose Radio0 > Radio Management > Radio Profile in WLAN Config. The Radio
Profile page is displayed.
# Enable WMM in the 2G radio profile, select Voice and video, and retain the default settings
of EDCA parameters.
# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic
Profile page is displayed.
# Click Create. The Create Traffic Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter
setting page is displayed.
# Configure priority mapping and set the mapped priority of video packets higher than that of
the voice packets.
NOTE
By default, the user priority of voice packets is set to 6 or 7 on the terminal, and that of the video packets is
set to 4 or 5.
In the following figure, the DSCP priorities of video packets are 48 and 56, and those of the voice packets are
32 and 40. Based on the settings, video packets will be preferentially transmitted.
# Click Apply. In the Info dialog box that is displayed, click OK.
Step 4 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Normal voice and video communication improves user experience in voice and video
services.
----End
Data Preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Configure the traffic profile and set the uplink rate limit of each STA associated with the
AP to 2 Mbit/s and the total uplink rate limit of all STAs on a VAP to 30 Mbit/s.
3. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The Traffic
Profile page is displayed.
# Click Create. The Create Traffic Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The parameter
setting page is displayed.
# Set the uplink rate limit to 2 Mbit/s (2048 kbit/s) for STAs and to 30 Mbit/s (30720 kbit/s)
for VAPs.
# Click Apply. In the Info dialog box that is displayed, click OK.
Step 3 Verify the configuration.
1. The WLAN with the SSID wlan-net is available.
2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its
gateway address is 10.23.101.1.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display traffic-profile name wlan-traffic command on the AP to check the
traffic profile configuration. The command output shows that the uplink rate limit of a
single STA is 2048 kbit/s (2 Mbit/s) and the total uplink rate limit of all STAs on a VAP
is 30720 kbit/s (30 Mbit/s).
----End
Data Preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
1. Use the WLAN configuration wizard to configure WLAN services.
2. Configure airtime fair scheduling to enable all users on a radio to occupy the network
bandwidth for equal time, improving the overall user experience.
3. Connect STAs to the WLAN to verify the configuration.
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
NOTE
The following example configures a 2G radio profile. The configuration of the 5G radio profile is
similar.
# Click next to Radio Profile. The profiles referenced by the radio profile are
displayed.
2. Configure the RRM profile and enable airtime fair scheduling in the RRM profile.
# Click RRM Profile in Radio Management. The RRM profile configuration page is
displayed.
# Enable airtime fair scheduling.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display rrm-profile name default command on the AP to check the
configuration of the RRM profile. The command output shows that airtime fair
scheduling has been enabled. Therefore, users on the network can fairly use the channel
resources.
----End
Data Preparation
Item Data
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure basic WLAN services.
1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
2. Configure Wi-Fi signals.
# Click Create. The Basic Information page is displayed.
# Configure basic information about an SSID.
# Click Finish.
3. Configure Internet connection parameters.
# Click Next. The Configure Internet Connection page is displayed.
# Add an interface to VLAN 101 in tagged mode.
NOTE
If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete
the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs.
As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs
communicate with the AP through this interface. You can use the default IP address of the AP to log in
to the web platform. If you need to use the default IP address to log in to the web platform, do not
delete VLAN 1.
# Click Finish.
Step 2 Configure an ACL.
1. Configure ACL 3001 that rejects packets with the source IP address 10.23.101.10 and
destination IP address 10.23.101.11.
# Choose Configuration > Security > ACL > Advanced ACL Settings. The
Advanced ACL Settings page is displayed.
# Click Create. In the Create Advanced ACL page that is displayed, set the ACL name
to ACL3001 and number to 3001, and click OK.
# Click Add Rule to add ACL rules.
# Click OK.
2. Create a traffic profile and apply the ACL to the profile.
# Choose Configuration > WLAN Service > WLAN Config.
# In the WLAN Config navigation tree, click Radio0. Click in front of VAP
Configuration. Under it, click in front of wlan-net. Click Traffic Profile. The
Traffic Profile page is displayed.
# Click Create. The Create Traffic Profile page is displayed.
# Enter the traffic profile name wlan-traffic in Profile name and click OK. The
parameter setting page of the new traffic profile is displayed.
# In Inbound ACL, click Add, and set Packet Filtering Type to IPv4 and the packet
filtering ACL to ACL 3001. Click to save the settings.
# Click Apply. In the Info dialog box that is displayed, click OK.
3. Choose Monitoring > Terminal Manage > STA Management. In User, you can see
that STAs go online properly and obtain IP addresses.
4. Run the display traffic-profile name wlan-traffic command on the AP to check
applications of ACL-based packet filtering. The command output shows that the ACL
has been applied to the traffic profile, and packets with the source and destination IP
addresses 10.23.101.10 and 10.23.101.11 cannot pass through.
----End
Symptom
No ACK mechanism is provided for multicast packet transmission on air interfaces. In
addition, wireless links are unstable. To ensure stable transmission of multicast packets, they
are usually sent at low rates. If a large amount of abnormal multicast traffic is received on the
network side, the air interfaces may be congested, and STAs may suffer from slow network
access. You are advised to configure multicast packet suppression to reduce impact of a large
number of low-rate multicast packets on the wireless network. Exercise caution when
configuring the rate limit; otherwise, the multicast services may be affected.
l In direct forwarding mode, you are advised to configure multicast packet suppression on
switch interfaces connected to APs.
l In tunnel forwarding mode, you are advised to configure multicast packet suppression on
WLAN-ESS interfaces of the AC.
Procedure
l Configure multicast packet suppression in direct forwarding mode.
a. Create the traffic classifier test and define a matching rule.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] traffic classifier test
[SwitchA-classifier-test] if-match destination-mac 0100-5e00-0000 mac-
address-mask ffff-ff00-0000 //Match the destination MAC address of
multicast packets.
[SwitchA-classifier-test] quit
b. Create the traffic behavior test, enable traffic statistics collection, and set the traffic
rate limit.
[SwitchA] traffic behavior test
[SwitchA-behavior-test] statistic enable
[SwitchA-behavior-test] car cir 100 //Set the rate limit to 100
kbit/s. If multicast services are available, you are advised to set the
rate limit according to the service traffic.
[SwitchA-behavior-test] quit
c. Create the traffic policy test and bind the traffic classifier and traffic behavior to the
traffic policy.
[SwitchA] traffic policy test
[SwitchA-trafficpolicy-test] classifier test behavior test
[SwitchA-trafficpolicy-test] quit
----End