The privilege of HCNA/HCNP/HCIE:

With any Huawei Career Certification, you have the privilege on http://learning.huawei.com/en to enjoy:
n
 1、e-Learning Courses： Logon http://learning.huawei.com/en and enter Huawei Training/e-Learning
/e


o m
If you have the HCNA/HCNP certificate：You can access Huawei Career Certification and Basic Technology e-Learning
courses.
e i .c
If you have the HCIE certificate: You can access all the e-Learning courses which marked for HCIE Certification Users.

aw


Methods to get the HCIE e-Learning privilege : Please associate HCIE certificate information with your Huawei account, and

hu


email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

g .
 2、 Training Material Download
i n


arn
Content: Huawei product training material and Huawei career certification training material.


//le
Method：Logon http://learning.huawei.com/en and enter Huawei Training/Classroom Training ,then you can download
training material in the specific training introduction page.
p :
 3、 Priority to participate in Huawei Online Open Class (LVC)
t t


s :h
The Huawei career certification training and product training covering all ICT technical domains like R&S, UC&C, Security,

4、Learning Tools: rc e
Storage and so on, which are conducted by Huawei professional instructors.

u


s o
eNSP ：Simulate single Router&Switch device and large network.


R e
WLAN Planner ：Network planning tools for WLAN AP products.


n g
In addition, Huawei has built up Huawei Technical Forum which allows candidates to discuss technical issues with Huawei experts ,

ni
share exam experiences with others or be acquainted with Huawei Products.

a r
 Statement:
L e
r e
This material is for personal use only, and can not be used by any individual or organization for any commercial purposes.
o
M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1
 Huaw
wei Certifiication

HC
CNA
A-W
WLA
AN / e n
o m
ei.c
Huaw wei Certtified Network Associate – W LAN
aw
Volume 1
V . hu
i n g
arn
/ l e
: /
t tp
: h
e s
r c
o u
es
R
i n g
a rn
Le
e
or Huawei Te
echnologie
es Co.,Ltd.

Page 1
 Copyright © Huawei Technologies Co., Ltd. 2017.

All rights reserved.

Huawei owns all copyrights, except for references to other parties. No part of this
document may be reproduced or transmitted in any form or by any means without
prior written consent of Huawei Technologies Co., Ltd.

e n
Trademarks and Permissions
/
o m
i.c
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

e
All other trademarks and trade names mentioned in this document are the property

w
of their respective holders.

u a
g .h
Notice
i n
arn
le
The information in this manual is subject to change without notice. Every effort has

//
:
been made in the preparation of this manual to ensure accuracy of the contents, but

p
t
all statements, information, and recommendations in this manual do not constitute
t
:h
the warranty of any kind, express or implied.

e s
r c
s ou
Re
i n g
r n Huawei Certification
e a
e L HCNA-WLAN
or
M Huawei Certified Network Associate – WLAN

Version 2.0

Page 2
 Huawei Certification System

Relying on the strong technical strength and professional training system, Huawei
provides a practical and professional four-level certificate system to meet various
customer requirements on different WLAN technologies.

Huawei Certified Network Associate-Wireless Local Area Network (HCNA-WLAN) is

designed for Huawei local offices, online engineers in representative offices, and
e n
/
readers who want to understand Huawei WLAN products and technology.

o m
i.c
HCNA-WLAN covers WLAN basics, Control and Provisioning of Wireless Access

w e
Points (CAPWAP) protocol, WLAN networking, Huawei WLAN product features,
security configuration, WLAN advanced technology, antennas, WLAN network
planning and optimization, and WLAN fault troubleshooting.
u a
g .h
n
The HCNA-WLAN certificate system introduces you to the industry and market,
i
rn
helps you in innovation, and enables you to stand atop the WLAN frontiers.

a
//le
p :
t t
s :h
r c e
s ou
Re
i n g
r n
e a
e L
or
M

Page 3
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
sou
Re
i n g
rn
e a
e L
or
M

Page 4
 Table of Contents

WLAN History .............................................................................................................................Page 7

WLAN Standards Organizations ............................................................................................. Page 27

e n
/
Wireless Radios Introduction................................................................................................... Page 41
o m
i.c
WLAN Frequency Bands ......................................................................................................... Page 69

e
w
Huawei WLAN Product Introduction........................................................................................ Page 89
a
u
VRP Introduction and Basic Configuration ............................................................................ Page 119
h
.
ing
WLAN Topology .................................................................................................................... Page 175

r n
802.11 Physical Layer Technologies(optional) ..................................................................... Page 205

l e a
802.11 Protocols Introduction................................................................................................ Page 233

: //
ttp
CAPWAP Fundamentals ....................................................................................................... Page 271

h
WLAN Networking ................................................................................................................. Page 307

:
e s
WLAN Network Configuration CLI......................................................................................... Page 337

r c
u
Fast Configure WLAN Service(Web) .................................................................................... Page 359

o
s
Features of Huawei WLAN Products .................................................................................... Page 401
e
R
i n g
r n
e a
e L
o r
M

Page 5
 e n
/
o m
ei.c
aw
hu
.
ning
ar
l e
: //
http
s :
r c e
o u
es
R
i n g
r n
e a
e L
or
M

Page 6
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 7
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 8
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 9
 e n
/
o m
e i.c
aw
u
g.h
i n
arn
// le
p :
l

t t
The wireless network first appeared during the WWII when the US army used radio

:h
signals for data transmission. They developed a set of radio transmission and

s
encryption technologies, which were widely used by the US and Ally armies. 50 years
e
c
later, their inventions have changed people's life.
r
l
ou
In 1971, researchers in Hawaii University invented the first radio network ALOHAnet

es
based on encapsulation technology. This is one of the earliest versions of WLAN.
R
This network was comprised of seven computers in bidirectional star topology. The

n g
computers are located in the four Hawaii islands with the core computer on the Oahu
i
n
island. This marked the birth of wireless network.
r
l
e a
In 1990, the IEEE started the 802.11 project and formulated many 802.11 standards,

e Lmarking the maturity of WLAN technologies. Many standards such as 802.11a,

o r 802.11b, 802.11g，802.11e，802.11f，802.11h，802.11i，and 802.11j have been

M
set or are to be set. Currently, the 802.11n standard which can ensure high speed
and high quality WLAN services is widely used.

l The WLAN market is rapidly expanding since 2003, becoming a highlight in IT market.
As people expect more and more convenient and high-speed WLAN, Wi-Fi,
CDMA/GPRS, and Bluetooth, technologies closely related to personal computers and
mobile devices become increasingly popular. Meanwhile, the mass production of
corresponding WLAN products greatly reduced the WLAN construction costs.
Suddenly, WLAN has become an inseparable part of our life.

Page 10
 l The high-speed mobile 3G and 4G (LTE) networks further popularized mobile
network. Many public places such as shops and restaurants now provide Wi-Fi
service.

e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 11
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Wireless Personal Area Networks (WPANs) are P2P or small wireless networks that

:h
provide wireless access for individual users.

e s
Characteristics: easy to use, low cost, convenient
c
p

ur
Main technology: Bluetooth technology. It works on the 2.4 GHz band.

s o
WLAN: 2.4 GHz and 5 GHz bands
e
l

R
High power consumption
g
p

p
i n
Flexible design and multiple users supported
n
p
a r
Main technology: 802.11a/b/g/n

l
L e
The Wireless Metro Area Network (WMAN) is used for backbone network coverage.

r e
o p Uses applied bands. You can also use the public bands but interference exists.

M p Main technology: WiMax (802.16)

l The Wireless Wide Area Network (WWAN) is used by carriers for wireless coverage.

p Low bandwidth, accounting based on time or traffic

p Main technology: 2G/3G, satellite transmission

l With the development of wireless technologies, various wireless network are now
merging, blurring the boundaries between different wireless networks.

Page 12
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Ir DA: A P2P transmission technology. This technology is applicable to short-distance

:h
transmission and there is no block between the two ends. The transmission rate is 16

s
Mbit/s. The technology is cheap but the device used has a short lifespan.
e
r c
Bluetooth: Works on the 2.4 GHz band. The ideal transmision distance is 10 cm to 10
u
l

o
m. Supports 72 Kbps/57.6 Kbps asymmetrical connection or 43.2 Kbps symmetrical
s
connection.
Re
l

i n g
Home RF: A combination of IEEE802.11 and DECT. Works on the 2.4 GHz band and
provides a maximum of 2 M bandwidth within 100 m.

r n
l

e a
Wi-Fi: Wireless Fidelity. Uses standards such as IEEE802.11a/b/g/n to provide

e Lwireless coverage for LANs.

o rl GSM, UMTS, LTE: Works on the 900 M, 1800 M, 1900M, and 2100 M bands. Used
for mobile network data transmission and WWAN coverage.
M

Page 13
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 14
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
First appeared in the US, WLAN technology is used as extension of the wired network. It is

:h
mainly for family use. The American people have a strong requirement on wireless access due

s
to the cabling difficulty (Most Americans live in villas with courtyards.) and the penetration of

e
c
laptops and PDAs. This spurred the development of WLAN.

ur
Due to its mobility and wireless access capability, WLAN has been used in scenarios such as
o
l

s
families, offices, schools, and enterprises. With the development of WLAN, its standards and
e
R
products are also maturing.

i g
The WLAN has the following advantages compared with wired access: high bandwidth to
n
support high-speed wireless access, cost-effective products and low construction costs,

r n
mature technologies, and rich applications.

e a
l

e LThis chart demonstrates the performance of WLAN, Modem, ADSL/LAN, and

GPRS/CDMA1X/3G in terms of mobility and bandwidth.

o r p Compared with ADSL and LAN, WLAN can provide wireless HIS(High bandwidth

M wireless Internet access Service) to meet customer needs.

p Compared with GPRS and CDMA1x, WLAN can provide 600 Mbit/s or higher
bandwidth at a lower cost.

l If you ask the average user about their 802.11 wireless network, they may give you a strange
look. The name that many people recognize for the technology is Wi-Fi. Wi-Fi is a marketing
term, recognized worldwide by millions of people as referring to 802.11 wireless networking.

Page 15
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 16
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 17
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
High bandwidth: Rate of 802.11a/g reaches 54 Mbit/s, rate of 802.11n reaches 600

:h
Mbit/s (using the MIMO technology)，

l
e s
Wide coverage range: 100 m for 802.11a/g, 500-1000 m for 802.11n

r c
l

ou
Block traversal capability: applicable to the houses containing many walls with
complex structure.
es
l
R
The AC + Fit AP mode is used to replace the Fat AP mode.

i n g
rn
e a
e L
o r
M

Page 18
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Mobility: Users move a lot but data needs to be stored in the same place. WLAN

:h
enables users to access data from different locations, which improves productivity.

l
e s
Flexibility: In some scenarios, traditional cabling can be very difficult. For example, in

r c
old buildings without original design blueprint, it is difficult to lay out cables that will

ou
penetrate the stone wall. However, WLAN can be flexibly deployed here.

es
Scalability: The WLAN requires no cabling or re-cabling. The WLAN can quickly build
R
l

i n g
small and temporary group networks for meetings, overcoming the difficulties of
meeting holding among different offices. WLANs can be easily expanded since

r n
wireless transmission media are ever-present. There is no need for any kind of

e a
cabling. APs can also be deployed at hotels, stations, and airports.

e LEconomy: WLAN technologies help reduce network construction costs. First, there
r
l

o are no cable costs. Second, if customers want to deploy wireless distribution system

M (WDS) between two buildings, they only need to buy the devices. The ensuing
maintenance costs are insiginificant. In the long term, this P2P wireless link is far
more economic than leased lines from carriers.

Page 19
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 20
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
WLANs provide more flexible networking to improve working efficiency.

s :h
WLANs deployed in stadiums allow correspondents to give live broadcasting.

c e
WLANs in exhibition and securities halls realize real-time interactive service
r
u
operation and data monitoring.

o
p

es
WLANs in factories and production lines realize remote control and monitoring

R
of production equipment.

n g
WLANs in logistics centers and ports realize medium and long distance
i
r n
communication.

e a
e L
o r
M

Page 21
 e n
/
o m
ei.c
aw
u
g .h
i n
arn
//le
p :
l

t t
WLANs provide users with real-time and free Internet access at any place.

s :h
WLANs in office buildings realize wireless office working.

c e
WLANs in airport lounges, scenic spots, and coffee shops provide ready-made
r
u
Internet access anywhere.

o
es
R
i n g
r n
e a
e L
o r
M

Page 22
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l What are the types of wireless network?
t t
p Wireless Personal Area Network
s :h
p

c e
Wireless Local Area Network
r
p

ou
Wireless Metro Area Network

es
Wireless Wide Area Network
R
p

i n g
What is the relationship between Wi-Fi and WLANs?

r n
Wi-Fi = WLAN in compliance with 802.11 standards

e a
What are advantages of WLANs compared to wired networks?

e L Mobility
r
p

o p Flexibility

M p Scalability

p Economicalness

Page 23
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 24
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 25
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 26
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 27
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 28
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 29
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
China's State Radio Monitoring Center (SRMC), formerly known as the State Radio

:h
Regulatory Commission (SRRC), is the only authorized organization in mainland

s
China that tests and certifies the radio type approval regulations. At present, China
e
c
has defined frequency ranges for different radio transmitting devices. Some
r
u
frequencies are not allowed in China. Different frequencies have been defined for
o
s
radio transmitting devices sold and used in China.
e
R
i n g
rn
e a
e L
o r
M

Page 30
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The FCC is an independent agency of the United States government, formed in 1934.

:h
The FCC regulates interstate and international communications by radio, television,

s
wire, satellite and cable. Radio products, communication products, and digital
e
c
products need to obtain FCC certification before entering the U.S. market. The FCC
r
u
investigates and researches product security stages to find out the best way to solve
o
s
problems. The FCC also regulates detection of radio devices and aircrafts.
e
l
R
The FCC defines regulations to reduce electromagnetic interference, manage and

i n g
control radio frequency ranges, and ensure the normal operation of telecom networks

n
and electrical products.
r
l

e a
The FCC and the respective controlling agencies in the other countries typically

e Lregulate two categories of wireless communications: licensed spectrum and

o r unlicensed spectrum. The difference is that unlicensed users do not have to go

through the license application procedures before they can install a wireless system.
M Both licensed and unlicensed communications are typically regulated in the following
fi ve areas:
p Frequency
p Bandwidth
p Maximum power of the intentional radiator (IR)
p Maximum equivalent isotropically radiated power (EIRP)
p Use (indoor and/or outdoor) the FCC

Page 31
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The European Telecommunications Standards Institute (ETSI) is an independent, non-profit,

:h
standardization organization in the telecommunications industry (equipment makers and

s
network operators) in Europe. The ETSI was approved by the European Commission in
e
r c
1988 and based in Nice (a southern city in France). The ETSI is responsible for

u
standardization of the telecommunications industry but not the information and
o
s
broadcasting industries. The ETSI is officially recognized by the European Committee for
e
R
Standardization (CEN) and European Conference of Postal and Telecommunications

i n g
Administrations (CEPT). The recommended standards defined by the ETSI are often used by
the European Communities as the technical basis of European regulations and are required
rn
a
to comply with.
l
L e
The ETSI standards development is open. The standards are drafted by ETSI members in

r e the technical committees, listed in the ETSI working plan after being approved by the

o technical conference, and researched by each technical committee. The standards drafts

M proposed by the technical committees are summarized by the secretariat and sent to the
standards organizations of members for suggestions. After suggestions are returned, the
secretariat modifies the drafts according to the suggestions and organizes voting in
members. A proposition passes if at least 70% of the weighed votes cast are in favor.
Otherwise, the proposition becomes a temporary standard or other technical file.

Page 32
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The IEEE was formed in 1963 by the merger of the Institute of Radio Engineers (IRE,

:h
founded in 1912) and the American Institute of Electrical Engineers (AIEE, founded in

s
1884). The IEEE has a dual complementary regional and technical structure, with
e
r c
organizational units based on geography ( for example, the IEEE Philadelphia Section and
IEEE Computer Society).
ou
l

es
The IEEE was founded to provide international exchange occasion for electrical and

R
electronic scientists, engineers, and manufacturers and provide professional education and

i n g
service capability improving services.

l
r n
The IEEE is approved by the International Organization for Standardization as an

e a
organization to define standards. It has standards technical committees and more than

e L30000 volunteers who participate in standards research and development, defining and

o r revising more than 800 technical standards in every year. The IEEE standards involve
electrical and electronic devices, test methods, symbols, and definitions.
M l The IEEE 802 Committee was formed in February, 1980 to define international standards
for LANs.
l The Institute of Electrical and Electronics Engineers (IEEE) creates standards for
compatibility and coexistence between networking equipment. The IEEE standards must
adhere to the rules of the communications organizations, such as the FCC.

Page 33
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
In 1999, several visionary leaders came together to form a global non-profit organization

:h
(Wi-Fi Alliance) with the goal of driving adoption of high-speed wireless local area
networking.
e s
l
r c
Wi-Fi is short for wireless fidelity. It refers to wireless compatibility certification and is

ou
actually commercial certification and a wireless networking technology. Computers are

es
originally connected to the network using network cables and are now connected to the

R
network using radio waves. A wireless router is often used. The Wi-Fi connection mode

i n g
can be used for networking within the coverage range of wireless router. If a wireless

n
router connects to an ADSL line or another line, a hotspot is formed.
r
l

e a
The Wi-Fi Alliance is a growing non-profit international organization composed of more

e Lthan 300 member companies. Currently, the Wi-Fi Alliance has 10 independent

o r authoritative testing labs in six countries.

The Wi-Fi Alliance is the industry and technology leader in the WLAN field and provides
M
l

testing and certification for the world.

l It has good cooperation with the industrial chain and includes members such as
manufacturers, standards organizations, regulatory organizations, service providers, and
carriers.

Page 34
 l Wi-Fi CERTIFIED implements the interoperability of WLAN technology and provides the
best user experience, with more than 3000 products passing the certification.
l Because the ongoing expansion of the Wi-Fi network is implemented based on the
enterprise, household, and hotspot that allows people to wirelessly access the Internet
from anywhere at any time, compatibility is essential. The Wi-Fi Alliance defines global
regulations, tests and certifies wireless devices to enable them to comply with standards of
interoperability.

e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 35
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The IETF is an international non-governmental organization with all participants and

:h
managers are volunteers who contribute to the development of Internet technology. It

s
brings together the network designers, operators, and researchers related to Internet
e
r c
architecture evolution and Internet stable operation and is open to all who want to

u
participate. The IETF meeting is hold three times a year with more than 1000 participants.
o
l
es
The IETF produces two types of files: Internet Draft and Request for Comments (RFC). Any

R
participant can propose an Internet Draft. Many important files were originally Internet
Drafts.
i n g
l

r n
RFC is more formal than Internet Draft and is archived. Its contents remain unchanged

a
after being approved.
e
l

e LRFCs include:

o r p Proposal

M p

p
Standard
Best practice
l The CAPWAP protocol (defined in RFC 5415) used in WLAN is defined by the IETF.

Page 36
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
WAPI Industry Association (Technical Committee on Wireless Network and Secure Network

:h
Access of CCIA) was founded in March 7, 2006. It is a non-governmental social

s
organization and industrial cooperation platform that is composed of enterprises,
e
r c
institutions, and communities engaged in WLAN product research, development, and
operation.
ou
l
es
The association aims to integrate and coordinate industry and social resources, enhance

R
the research, development, manufacturing, and service level of members, and promote the

i n g
fast and healthy development of the WLAN industry. Taking advantage of leading and

n
common wireless network security technology (WAPI), the association promotes the wide
r
a
use and application of WAPI, drives the development of broadband wireless IP networks,
e
e Limproves the competitiveness of members, creates an innovative environment, and

r
cultivates the spirit of innovation.

o
M

Page 37
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l

t t
Which standard organization defines the 802.11 protocols?

:h
p IEEE

e s
What is the WLAN security mandatory standard in China?
c
l

p WAPI
ur
s o
Re
i n g
r n
e a
e L
o r
M

Page 38
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 39
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 40
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 41
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 42
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 43
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Extremely low frequency (ELF): 3 Hz to 30 Hz. Its wavelength ranges from 100,000 km to

:h
10,000 km. It can be used in submarine communications or directly converted to sound.
l

e s
Super low frequency (SLF): 30 Hz to 300 Hz. Its wavelength ranges from 10,000 km to

c
1,000 km. It can be directly converted to sound or used in AC transmission systems (50 to
r
u
60 Hz).
l
s o
Ultra low frequency (ULF): 300 Hz to 3 KHz. Its wavelength ranges from 1,000 km to 100
e
km. It can be used for communications in the mine field or directly converted to sound.
R
l

i n g
Very low frequency (VLF): 3 KHz to 30 KHz. Its wavelength ranges from 100 km to 10 km.
It can be directly converted to sound or ultrasound, or be used for geophysical studies.

rn
Low frequency (LF): 30 KHz to 300 KHz. Its wavelength ranges from 10 km to 1 km. It can
a
l

L e
be used in international broadcasts.

r
l
e Medium frequency (MF): 300 KHz to 3 MHz. Its wavelength ranges from 1 km to 100 m. It

o
can be used in AM broadcasts, VHF omnidirectional range (VOR), marine and navigation
communications.
M l High frequency (HF): 3 MHz to 30 MHz. Its wavelength ranges from 100 m to 10 m. It can
be used in short-wave broadcasts and citizen's band radio.
l Very high frequency (VHF): 30 MHz to 300 MHz. Its wavelength ranges from 10 m to 1
meter. It can be used in FM broadcasts, TV broadcasts, and navigation communications.

Page 44
 l Ultra high frequency (UHF): 300 MHz to 3 GHz. Its wavelength ranges from 1 m to 100
mm. It can be used in TV broadcasts, mobile phones, wireless networks, and microwave
ovens.

l Super high frequency (SHF): 3 GHz to 30 GHz. Its wavelength ranges from 100 mm to 10
mm. It can be used in wireless networks, radar, and man-made satellites.

l Extremely high frequency (EHF): 30 GHz to 300 GHz. Its wavelength ranges from 10 mm
to 1 mm. It can be used in radio astronomy, remote sensing, and millimeter wave scanner.
Radio waves working at a frequency of more than 300 GHz include infrared rays, visible
e n
/
light, UVs, and rays.

o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 45
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Because data ultimately consists of bits, the transmitter needs a way of sending both 0s

:h
and 1s to transmit data from one location to another. An AC or DC signal by itself does

s
not perform this task. However, if a signal fluctuates or is altered, even slightly, the signal
e
r c
can be interpreted so that data can be properly sent and received. This modified signal is

u
now capable of distinguishing between 0s and 1s and is referred to as a carrier signal. The
o
s
method of adjusting the signal to create the carrier signal is called modulation.
e
l
R
A carrier wave is a waveform (usually sinusoidal) that is modulated with an input signal for

n g
the purpose of conveying information. This carrier wave is usually a much higher frequency
i
n
than the input signal. Otherwise, the two signals may overlap, resulting in signal distortion.
r
l
e a
Data signals to be transmitted are usually of low frequency. When data signals are

e Ltransmitted over the low frequency, signal receiving and synchronization become difficult.

o r With a carrier wave, data signals can be loaded on the carrier wave. The receiver receives

M
data signals at the frequency of the carrier wave. The amplitude of meaningful signal
waves is different from that of meaningless signal waves. After extracting meaningful
signal waves from the modulated carrier wave, we obtain the required data signals. We
will talk about modulation and demodulation later.

l Three components of a wave that can fluctuate or be modified to create a carrier signal
are amplitude, frequency, and phase.

Page 46
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l
t t
RF communication starts when radio waves are generated from an RF transmitter and

:h
picked up or “heard” by a receiver at another location. RF waves are similar to the waves
s
r c e
that you see in an ocean or lake. Waves are made up of two main components:

u
wavelength and amplitude.

o
l

es
The wavelength of the 2.4 GHz radio wave is 12.5 cm.
l
R
The wavelength of the 5 GHz radio wave is 6 cm.
l

i n g
The wavelength of the 5.8 GHz radio wave is 5.2 cm.

r n
e a
e L
o r
M

Page 47
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Amplitude is the height, force, or power of the wave. If you were standing in the ocean as

:h
the waves came to shore, you would feel the force of a larger wave much more than you

s
would a smaller wave. Transmitters do the same thing, but with radio waves. Smaller
e
r c
waves are not as noticeable as bigger waves. A bigger wave generates a much larger

u
electrical signal picked up by the receiving antenna. The receiver can then distinguish
o
s
between highs and lows.
e
l
R
The amplitude is measured in meters or centimeters.

l
i n g
The amplitude describes the vibration range and intensity of a vibrating object.

rn
l

e a
The amplitude of the radio wave reflects the radio signal strength on the wireless networks.

e L
o r
M

Page 48
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Phase is a relative term. It is the relationship between two waves with the same frequency.

:h
To determine phase, a wavelength is divided into 360 pieces referred to as degrees. If you

s
think of these degrees as starting times, then if one wave begins at the 0 degree point and
e
r c
another wave begins at the 90 degree point, these waves are considered to be 90 degrees
out of phase.
ou
es
R
i n g
r n
e a
e L
o r
M

Page 49
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
If two wireless signals working at the same frequency have the same phase when they

:h
reach the receiver, the two signals will overlay to enhance the signal effect.

e s
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 50
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
If two wireless signals working at the same frequency have the opposite phases when they

:h
reach the receiver (180 degrees in difference), the signal strength attenuates.

e s
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 51
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Frequency describes a behavior of waves. Waves travel away from the source that

:h
generates them. How fast the waves travel, or more specifi cally, how many waves are

s
generated over a 1-second period of time, is known as frequency.
e
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 52
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 53
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Based on factors involved in modulation, modulation can be classified into the following

:h
types:

e s
AM: Amplitude modulation (AM) is a form of modulation in which the amplitude of
c
p

r
a carrier wave is varied in direct proportion to that of a modulating signal. That is,
u
o
the amplitude of a high-frequency signal is varied according to that of the
s
Re
modulating signal. In this way, information carried in the modulating signal is
included in the high-frequency signal. An antenna sends out the modulating signal

n g
together with the high-frequency signal. After a receiver receives the high-frequency
i
n
signal, it can obtain the modulating signal by demodulating the amplitude of the
r
e a high-frequency signal.

eL
p FM: Frequency modulation is a form of modulation in which the frequency of the

or
carrier is varied according to that of a modulating signal. After modulation, the

M
frequency and phase of the signal are determined by those of the modulating signal,
whereas the amplitude of the signal remains unchanged. The waveform of the
modulating wave looks like an uneven compressed spring.

p PM: Phase modulation is a form of modulation in which the deviation between the
carrier phase and the reference phase is varied in direct proportion to that of the
modulating signal. That is, the initial phase of the carrier wave varies with that of the
digital baseband signal. For example, digital signal "1" corresponds to the phase
"180°", and "0" corresponds to the phase "0°".

Page 54
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 55
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The most common RF behavior is absorption. If a signal does not bounce off an object,

:h
move around an object, or pass through an object, then 100 percent absorption has

s
occurred. Most materials will absorb some amount of an RF signal to varying degrees.
e
r c
Brick and concrete walls will absorb a signal significantly, whereas drywall will absorb a
u
l

o
signal to a lesser degree. Materials of higher density may cause severe signal attenuation.
s
Re
If the signal strength is too low, it is hard for a receiver to receive it. When the wireless
signals pass through water, the energy will be absorbed, leading to signal attenuation. (In

n g
this example, water contained in the tree leaves at the wireless transmission path or in
i
n
human bodies near the wireless devices can absorb wireless signals.)
r
l
e a
An average adult body is 50 to 65 percent water. Water causes absorption, which results

e Lin attenuation. User density is an important factor when designing a wireless network.

o r One reason is the effects of absorption. Another reason is the amount of available

M
bandwidth.

Page 56
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
One of the most important RF propagation behaviors to be aware of is refl ection. When a

:h
wave hits a smooth object that is larger than the wave itself, depending on the media the

s
wave may bounce in another direction. This behavior is categorized as reflection.
e
r c
Take the lights sent from an electric lamp as an example. Though most of the lights spread
u
l

o
out in all directions, some lights may encounter certain objects in the room and be
s
Re
reflected. The reflected lights either go back to the electric lamp or illuminate other areas
in the room, making the areas brighter. Reflection can be caused by common indoor

n g
objects, such as metal furniture, file cabinets, and metal doors. When outdoor wireless
i
n
signals encounter water surfaces or atmosphere layers, reflection may happen.
r
l
e a
The reflected RF signals can cause interference to the original signals, leading to signal

e Ldistortion. Therefore, it would be better if no obstacle exists on the transmission path of

o r RF signals. Reflection can be the cause of serious performance problems in a legacy

M
802.11/a/b/g WLAN. As a wave radiates from an antenna, it broadens and disperses. If
portions of this wave are reflected, new wave fronts will appear from the reflection points.
If these multiple waves all reach the receiver, the multiple reflected signals cause an effect
called multipath. Reflection and multipath were often considered primary enemies when
deploying legacy 802.11a/b/g radios. 802.11n radios utilize multiple-input multiple-output
(MIMO) antennas and advanced digital signal processing (DSP) techniques to take
advantage of multipath.

Page 57
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Did you know that the color of the sky is blue because the molecules of the

:h
atmosphere are smaller than the wavelength of light? This blue sky phenomenon is

s
known as Rayleigh scattering (named after the 19th-century British physicist Lord
e
c
Rayleigh). The shorter blue wavelength light is absorbed by the gases in the

ur
atmosphere and radiated in all directions. This is an example of an RF propagation

o
behavior called scattering, sometimes called scatter.
s
l

Re
Scattering can most easily be described as multiple reflections. These multiple

i n g
reflections occur when the electromagnetic signal’s wavelength is larger than pieces
of whatever medium the signal is reflecting from or passing through.

r n
Scattering can happen in two ways:
a
l

e
eL
p The first type of scatter is on a smaller level and has a lesser effect on the
signal quality and strength. This type of scattering may manifest itself when the

or RF signal moves through a substance and the individual electromagnetic waves

M are reflected off the minute particles within the medium. Smog in our
atmosphere and sandstorms in the desert can cause this type of scattering.
p The second type of scattering occurs when an RF signal encounters some type
of uneven surface and is reflected into multiple directions. Chain link fences,
tree foliage, and rocky terrain commonly cause this type of scattering. When
striking the uneven surface, the main signal dissipates into multiple reflected
signals, which can cause substantial signal downgrade and may even cause a
loss of the received signal.

Page 58
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Reflection is a phenomenon in which the wave bounces back, while refraction is a

:h
phenomenon in which the wave changes its transmission direction when passing a

s
particular surface. For example, refraction occurs when signals pass through atmosphere
e
r c
layers or building walls of different densities.

l
ou
When refraction happens, RF signals will change the transmission directions, reducing the

es
signal strength (some refraction media can affect the RF signal strength and lead to signal
attenuation). R
l
i n g
In addition to RF signals being absorbed or bounced (via refl ection or scattering), if certain

r n
conditions exist an RF signal can actually be bent in a behavior known as refraction. A

e a
straightforward defi nition of refraction is the bending of an RF signal as it passes through

e La medium with a different density, thus causing the direction of the wave to change. RF

o r refraction most commonly occurs as a result of atmospheric conditions.

M l The three most common causes of refraction are water vapor, changes in air temperature,
and changes in air pressure. In an outdoor environment, RF signals typically refract slightly
back down toward the earth’s surface. However, changes in the atmosphere may cause
the signal to bend away from the earth. In long-distance outdoor wireless bridge links,
refraction can be an issue. An RF signal may also refract through certain types of glass and
other materials that are found in an indoor environment.

Page 59
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Diffraction is the bending and the spreading of an RF signal when it encounters an

:h
obstruction. The conditions that must be met for diffraction to occur depend entirely on

s
the shape, size, and material of the obstructing object as well as the exact characteristics
e
r c
of the RF signal, such as polarization, phase, and amplitude.

l
ou
Typically, diffraction is caused by some sort of partial blockage of the RF signal, such as a

es
building that sits between a transmitting radio and a receiver. The waves that encounter
R
the obstruction bend around the object, taking a longer and different path. The waves

n g
that did not encounter the object do not bend and maintain the shorter and original path.
i
rn
Through scattering, signals can bypass the objects that absorb their energy, and
a
l

L e
implement self-recovery. Due to this feature, signals can be transmitted to the receiver
even if there are some buildings between the transmitter and the receiver. However, the

r e radio wave may change after bypassing the obstacles, leading to signal distortions.
o
M l Sitting directly behind the obstruction is an area known as the RF shadow. Depending on
the change in direction of the diffracted signals, the area of the RF shadow can become a
dead zone of coverage or still possibly receive degraded signals. The concept of RF
shadows is important when selecting antenna locations. Mounting to a beam or other wall
structure can create a virtual RF blind spot.

Page 60
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Loss, also known as attenuation, is best described as the decrease of amplitude, or signal

:h
strength. A signal may lose strength when transmitted on a wire or in the air.

l
e s
Factors that lead to signal attenuation are classified as follows:

r c
p

ou
Attenuation caused by cables connecting the transmitter and antenna: In outdoors,

s
cables used to connect the transmitter and antenna may be very long.
e
p
R
Attenuation of free space during the transmission process: The attenuation of free

i n g
space is severe in any environment. The power of RF signals is inversely proportional

n
to the square of transmission distance. As the distance between the transmitter and

a r
the receiver becomes larger, the strength of the received signals becomes lower.
e
eL
p External obstacles: Many objects that can absorb and scatter signals exist during the

or
transmission process of RF signals. These objects, including building materials, plants,
and metal, may lead to signal attenuation.
M p External noise or interference: Many wireless devices may exist around the signals,
leading to collisions in signal channels.

p Attenuation caused by cables connecting the receiver and antenna: In outdoors,

cables used to connect the receiver and antenna may be very long.

Page 61
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Multipath is a propagation phenomenon that results in two or more paths of a signal

:h
arriving at a receiving antenna at the same time or within nanoseconds of each other.

s
Because of the natural broadening of the waves, the propagation behaviors of reflection,
e
r c
scattering, diffraction, and refraction will occur differently in dissimilar environments. A

u
signal may reflect off an object or scatter, refract, or diffract. These propagation behaviors
o
s
can all result in multiple paths of the same signal.
e
l
R
Some wireless signals are reflected and some others are directly transmitted along the

n g
signal transmission paths. When signals reach the receiver, if the electric field direction of
i
n
reflected signals is in reverse with that of signals directly transmitted (that is, a 180 degree
r
a
difference in phase), the signal strength is reduced. On the contrary, if the electric field
e
e Ldirection of the reflected signals is the same as that of signals directly transmitted (that is,

o r 0 difference in phase), the signal strength is increased.

Page 62
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Gain, also known as amplification, can best be described as the increase of amplitude, or

:h
signal strength. The two types of gain are known as active gain and passive gain. A

s
signal’s amplitude can be boosted by the use of external devices.
e
r c
Antennas are passive devices that do not require an external power source. The antenna
u
l

o
itself cannot increase the power of signals. Antenna gain is a kind of capability to
s
Re
concentrate signal energy. The omnidirectional antenna can barely concentrate signal
energy. If the antenna can concentrate the energy of RF signals into a narrower space, the

n g
power of signals increases.
i
r n
e a
e L
o r
M

Page 63
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The Fresnel zone is an imaginary football-shaped area (American football) that surrounds

:h
the path of the visual LOS between two point-to-point antennas.

l
e s
Signals are focused into a beam instead of being transmitted in all directions. To form a

r c
visible path between the transmitter antenna and the receiver antenna for the signals, they

ou
cannot be interrupted by any obstacles.

es
Obstacles (including buildings and plants) that can interrupt the signals usually exist during
R
l

i n g
the transmission paths between the buildings or cities.

n
In this situation, the antenna must be elevated to a place higher than the obstacles, so that

a r
no obstacles exist on the transmission path.

l
L e
In long distance transmissions, the curved earth surface becomes the obstacle that may

r e interrupt the signals. When the transmission distance exceeds two miles, the remote end
o cannot be seen as it is slightly below the horizon. In this situation, the wireless signals can
M transmit with the same curvature as the earth surface along the atmosphere layers.
However, if the transmission path is too long, the curved earth surface is in the Fresnel
zone, leading to transmission problems.

l As a result, the height of the visual system must be elevated, making the bottom line of
the Fresnel zone higher than all obstacles.

Page 64
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
What is the working principle of WLAN radios? What are their modulation modes?

s :h
WLAN radios use modulation and demodulation to convert between digital

r c e
baseband signals and digital modulating signals for signal transmission.

ou
Modulation can be classified into the following types:

es
Amplitude modulation

R
Frequency modulation
g
n

n
n
i n
Phase modulation

a r
L e
r e
o
M

Page 65
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 66
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 67
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 68
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 69
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 70
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 71
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Industrial band: The industrial band in America ranges from 902 to 928 MHz. In Europe,

:h
the 900 MHz frequency band is partially used for GSM communications. The use of

s
industrial bands prevents interferences among various wireless communication devices at
e
r
the 2.4 GHz frequency band.
c
l
ou
Scientific band: The 2.4 GHz frequency band is the common ISM band of all countries.

es
Therefore, wireless networks such as WLAN, Bluetooth, and Zigbee devices can all work at
R
the 2.4 GHz frequency band, which ranges from 2.4 to 2.4835 GHz.

l
i n g
Medical band: The medical band ranges from 5.725 to 5.875 GHz. The medical band and

rn
the frequencies ranging from 5.15 to 5.35 GHz are the 5 GHz frequency band. The 802.11

e a
standard supports 2.4 GHz and 5 GHz frequency bands.

e L
o r
M

Page 72
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The 2.4 GHz frequency band is used for wireless transmission over a short distance, and is

:h
used by countries all over the world. WLANs operating in the 2.4 GHz frequency band

s
have wider applications and higher anti-interference capabilities. Therefore, it is widely
e
r c
used at homes and for commercial purposes. The 2.4 GHz frequency band has a wider

u
range than other ISM bands. This improves data transmission rates, transmission distance,
o
s
and anti-interference capabilities. As the 2.4 GHz frequency band is used in more and
e
R
more technologies, it is becoming increasingly congested.

l
n g
As the 2.4 GHz frequency band has been widely used, 802.11a that uses the 5 GHz
i
n
frequency band features low channel conflicts. However, high frequency has its own
r
a
limitations. The 5 GHz frequency band transmits signals at a line; therefore more access
e
e Lpoints are required. Besides, as the 5 GHz frequency band is easily absorbed, it has a

o r shorter transmission distance compared to the 2.4 GHz frequency band.

Page 73
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
IEEE 802.11b is one of the WLAN standards. It operates at the 2.4 GHz frequency band

:h
with a transmission rate of 11 Mbit/s. IEEE 802.11b is a well-known WLAN standard and it

s
is widely used. The 2.4 GHz ISM band provides 14 channels with a bandwidth of 22 MHz.
e
r c
IEEE 802.11g operates at the 2.4 GHz frequency band. When the original data

u
transmission rate is 54 Mbit/s, data is actually transmitted at 24 Mbit/s over the 2.4 GHz
o
s
frequency band. 802.11g devices are compatible with 802.11b devices. 802.11g is a
e
R
standard designed for data transmission at higher rates. It supports the 2.4 GHz frequency

i n g
band and uses the CCK technology to be backward compatible with 802.11b. In addition,
802.11g provides a transmission rate of up to 54 Mbit/s using the orthogonal frequency-
rn
a
division multiplexing (OFDM) technology.

l
L e
IEEE 802.11a, approved in 1999, is an amendment to the original 802.11 standards. The

r e 802.11a standard uses the same core protocol as the original standards, operates in the 5
o GHz frequency band, and uses 52 OFDM subcarriers to transmit data at its raw rate of 54
M Mbit/s. 802.11a supports eight transmission rates: 54 Mbit/s, 48 Mbit/s, 36 Mbit/s, 24
Mbit/s, 18 Mbit/s, 12 Mbit/s, 9 Mbit/s, and 6 Mbit/s.

l IEEE 802.11n can provide a maximum transmission rate of 600 Mbit/s, and can provide a
longer transmission distance for wireless networks. The transmission rate at the physical
layer must be higher than 600 Mbit/s. 802.11n uses the multiple-input multiple output
(MIMO) technology to provide a higher data transmission rate.

Page 74
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 75
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 76
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The working frequency specified in China, FCC (America), IC (Canada), and ETSI (Europe)

:h
ranges from 2.4 to 2.4835 GHz.

e s
Channel 1 to Channel 13 can be used in China and Europe.
c
p

ur
Channel 1 to Channel 11 can be used in America and Canada.

s o
In Japan, Channel 1 to Channel 14 can be used for the 2.4 GHz WLAN. Among them,
e
l

R
Channel 14 can only be used in 802.11b. This figure shows the frequency band specified

i n g
in these countries or regions. The frequency bands used in different countries differ from

n
one another.

a r
L e
r e
o
M

Page 77
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
For wireless technology, when two channels are bound, the throughput is largely

:h
increased.

l
e s
In the traditional 802.11 standard, air interfaces work at a bandwidth of 20 MHz. The

r c
802.11n technology binds two neighboring 20 MHz channels to form a 40 MHz channel

ou
to double the transmission rate. In actual applications, the two bound 20 MHz channels

es
can also be used as two separate channels, one as the primary channel and the other as
R
the secondary channel. Therefore, either a 40 MHz channel or a single 20 MHz channel

n g
can be used for transmitting and receiving data. At the same time, partial bandwidth is
i
n
reserved in each 20 MHz channel to avoid signal interferences. When two 20 MHz
r
a
channels are bound to form a 40 MHz channel, the reserved bandwidth can be also used
e
e Lfor communication, further improving the throughput.

o r
M

Page 78
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 79
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
802.11n supports 20 MHz and 40 MHz bandwidths, where 20 MHz bandwidth is

:h
mandatory and 40 MHz bandwidth is optional.

l
e s
802.11ac supports 20 MHz, 40 MHz, 80 MHz, 80+80 MHz (incontinuous, non-

r c
overlapping), and 160 MHz, where 20 MHz, 40 MHz, and 80 MHz bandwidths are

ou
mandatory, and 80+80 MHz and 160 MHz bandwidths are optional.

es
R
i n g
rn
e a
e L
o r
M

Page 80
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l 5 GHz frequency allocation in China:
t t
p

s :h
Five channels are provided for frequency bands with a total bandwidth of 125 MHz.

band.
r c e
The center of the outer channel is 20 MHz away from the edge of the frequency

ou
l

es
U-NII frequency allocation in FCC (America):

p
R
Eight channels are provides for U-NII low-frequency bands and U-NII middle-

i n g
frequency bands with a total bandwidth of 200 MHz. Four channels are provided for

n
U-NII high-frequency band with a total bandwidth of 100 MHz. For U-NII low-

a r
frequency bands and U-NII middle-frequency bands, the center of the outer channel

L e is 30 MHz away from the edge of the frequency band. For U-NII high-frequency

r e bands, the distance is 20 MHz.

o
M

Page 81
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 82
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The 40 MHz channel mode has higher usage efficiency of frequency bands and doubles

:h
the throughput of that in 20 MHz channel mode. However, the 40 MHz channel mode has

s
some problems due to the limited spectrum resources of the 2.4 GHz band, which cannot
e
r c
provide two 40 MHz channels without any interference.

l
ou
However, the 5 GHz frequency band has abundant spectrum resources. FCC specifies 23

es
non-overlapping 20 MHz channels and China has five non-overlapping 20 MHz channels.
R
Therefore, sufficient channels can be provided for the binding to form 40 MHz channels.

l
i n g
The 40 MHz channel mode is not recommended in the 2.4 GHz frequency band. Usually,

r n
the 20 MHz channel mode is used in 802.11g/n to obtain more channel resources for

e a
cellular signal coverage.

e L802.11n supports 20 MHz and 40 MHz bandwidths, where 20 MHz bandwidth is

r
l

o mandatory and 40 MHz bandwidth is optional. 802.11ac supports 20 MHz, 40 MHz, 80

M MHz, 80+80 MHz (incontinuous, non-overlapping), and 160 MHz, where 20 MHz, 40
MHz, and 80 MHz bandwidths are mandatory, and 80+80 MHz and 160 MHz bandwidths
are optional.

Page 83
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 84
 e n
/
o m
e i.c
aw
u
g.h
i n
arn
// le
p :
l

t t
The 2.4 GHz frequency band is the ISM open frequency band. Devices working at the 2.4

:h
GHz frequency band include cordless phones, baby monitors, microwave ovens, wireless

s
cameras, Bluetooth devices, infrared sensors, and fluorescent light ballasts.
e
r c
Compared with the 2.4 GHz frequency band, the 5 GHz frequency features less
u
l

o
interference. More devices begin to use the 5 GHz frequency band, such as cordless
s
e
phones, radars, wireless sensors, and digital satellites.
R
i n g
r n
e a
e L
o r
M

Page 85
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
What are the common non-overlapping channels working at the 2.4 GHz frequency band?

:h
Channel 1, Channel 6, and Channel 11.
s
l

c e
How many non-overlapping channels are provided for the 5 GHz frequency band in China?
r
What are they?

ou
s
Five. They are Channel 149, Channel 153, Channel 157, Channel 161, and Channel 165.
e
R
i n g
rn
e a
e L
o r
M

Page 86
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 87
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 88
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 89
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 90
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 91
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Huawei access controllers include box ACs, ACU2 on modular switches, and X1E card.

s :h
Huawei APs include indoor APs, outdoor APs, and scenario-specific APs.

c e
Indoor AP: recommended in scenarios such as enterprise offices, schools, hospitals,
r
u
large shopping malls, convention centers, airports, stations, trains, and stadiums.

o
s
The high-density access and good performance guarantee user experience.
e
p
R
Outdoor AP: recommended in scenarios such as squares, pedestrian streets, and

i n g
amusement parks and bridging scenarios including digital ports, wireless data

n
backhaul, wireless video surveillance, and train-to-ground backhaul. The outdoor

a r
APs have industrial-grade outdoor protection features.
e
eL
p Scenario-specific AP: recommended in scenarios with a high density of rooms and

or
complex wall structures, such as schools, hotels, hospitals, and office meeting rooms.
The scenario-specific APs can be also deployed in train-to-ground backhaul and
M compartment coverage in rail transportation scenarios.

Page 92
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Huawei AC6005 series (AC6005 for short) has a large capacity and high performance. It is

:h
highly reliable, easy to install and maintain, and has such advantages as flexible

s
networking and energy conservation.
e
r c
Huawei AC6005 series has two models: AC6005-8 and AC6005-8-PWR.
u
l

l
s o
The AC6005 resides at the aggregation layer to provide the high-speed, secure, and
e
reliable WLAN service.
R
l

i n g
The AC6005 has the following features:

r n
Provides PoE power (15.4 W) on 8 interfaces or PoE+ power (30 W) on 4 interfaces

e a so that APs can directly connect to these interfaces.

eL
p Has various user policy management and rights control capabilities.

or p Can be maintained using the eSight, web system, or CLI.

Page 93
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Huawei AC6605 is an AC of a large switching capacity and high performance. It is highly

:h
reliable, easy to install and maintain, and has such advantages as flexible networking and

s
energy conservation. The AC6605 is located at the aggregation layer to provide the high-
e
r c
speed, secure, and reliable WLAN service.

l
ou
The AC6605 has twenty-four GE ports, two 10GE ports, one 10G port connecting an AC

es
to an LSW, and one reserved 10GE port. The switching capacity is calculated using the
following formula: R
i n g
(24 Gbit/s + 2 x 10 Gbit/s + 1 x 10 Gbit/s + 1 x 10 Gbit/s) x 2 = 128 Gbit/s

r n
l

e a
The AC6605 has the following features:

eL
p Provides access and aggregation functions.

or
p Provides PoE power (15.4 W) or PoE+ power (30 W) on 24 interfaces so that APs

M p
can directly connect to these interfaces.

Has various user policy management and rights control capabilities.

p Supports dual modules and hot swapping of AC or DC power supply to ensure

uninterrupted running of the AC.

p Can be maintained using the eSight, web system, or CLI.

Page 94
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Huawei access controller unit (ACU2) is installed on the S12700, S9700, or S7700 switch

:h
and functions as an AC. The ACU2 is applicable to large-sized enterprises and campus

s
networks to provide wireless services. With a large capacity, high reliability, and abundant
e
r c
services, the ACU2 works with Huawei APs to provide high-density access for a large
number of users.
ou
l
es
The ACU2 has the following features:
R
p

i n g
On a wired network, you can install ACU2s on switches to rapidly build a WLAN.
This reduces WLAN construction costs and time, and lowers the total cost of

r n
ownership (TCO).

e a
e L p Each ACU2 can manage 2048 APs, leading in the industry. It provides flexible data
forwarding modes, fine-grained user group management policies, comprehensive

o r radio management, and end-to-end QoS guarantee.

M l Compatible with 802.11ac

p Huawei ACU2 can work with the latest 802.11ac APs to facilitate smooth WLAN
expansion, protecting customer investments.

Page 95
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The built-in Ethernet Network Processor (ENP) enables X1E series native AC cards to

:h
provide data access and switching while implementing AC functions. This achieves wired
and wireless convergence.
e s
r c
X1E series cards are applicable to Huawei agile modular switches including the S12700,
u
l

S9700, and S7700.

s o
l Product positioning:
Re
p

i n g
Reduces network construction costs for customers. X1E series cards centralize

n
management on wired and wireless traffic so that customers do not need to

a r
purchase ACs.
e
eL
p Improves the wireless forwarding capacity. X1E series cards can decapsulate

or
CAPWAP packets and forward the packets in the same way as that of forwarding
wired packets along a simple forwarding path. The switch can provide a forwarding
M capacity of up to 1 Tbit/s.

Page 96
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l SMB: small- and medium-sized business
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 97
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 98
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 99
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 100
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 101
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 102
 e n
/
o m
ei.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The AC controls and manages all APs on the WLAN. The AC can work with an

:h
authentication server to provide authentication services for WLAN users.

e s
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 103
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Indoor settle APs are uplinked to nodes of access networks, such as access switches or Acs,

:h
and downlinked to STAs.

e s
Indoor settled APs with omnidirectional antennas are commonly used to provide wireless
c
l

r
signal coverage. They can be easily and flexibly deployed at low costs. Each AP works
u
o
independently, which facilitates adjustment in the number of APs to meet different
s
e
bandwidth requirements.
R
i n g
rn
e a
e L
o r
M

Page 104
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 105
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
High-power outdoor APs are used in outdoor scenarios, whose coverage performance is

:h
affected by transmit power, antenna type, antenna gain, height, and obstacles. In WLAN

s
deployment, all the factors need to be taken into consideration, such as the system
e
r c
capacity and the number of APs, antenna gain and coverage angle, signal penetration

u
capability and power budget, and protection grade.
o
es
R
i n g
rn
e a
e L
o r
M

Page 106
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
eSight is able to manage enterprises' IT systems, IP networks, and third-party devices. It

:h
analyzes network traffic and access authentication roles, automatically adjusts network

s
control policies to ensure enterprise network security. eSight also provides an open
e
r c
platform for enterprises to build their own intelligent management systems.

Any user:
ou
s
p

Re
Differentiated versions meet management and business requirements of

i n g
different enterprise users.

n
n The open secondary development platform and API interfaces enable

a r enterprises to integrate and customize tools.

e
eL
p Any device:

or
n IP and IT devices from multiple vendors can be managed in a uniformly

M n
manner, which reduces network management costs.

Batch device deployment improves O&M efficiency.

p Any service:

n Service-oriented SLA provides visualized service quality.

n Visualized WLAN management and configuration wizard

Page 107
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 108
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t
With wide application of IP phones, network video monitoring, and wireless Ethernet
t
:h
networks, power supply requirements on the Ethernet become urgent. In most cases, access

s
point devices are installed on the ceiling that has a long distance from the ground. They need
e
r c
DC power supply, but the nearby proper power socket is difficult to find. Even if a proper

u
power socket is available, the network administrator finds it hard to install an AC/DC adapter
o
s
required by access point devices. On large-scale LANs, the administrators need to manage
e
R
multiple access point devices that require uniform power supply and managemen, making

issue.
i n g
power supply management complex. The Power over Ethernet (PoE) function addresses this

r n
l

e a
PoE provides power through the Ethernet. It is also called Power over LAN (PoL) or active

e LEthernet.

o rl This technology provides power on the 10Base-T, 100Base-TX, or 1000Base-T Ethernet at

M
a distance of up to 100 m. PoE can be used to effectively provide centralized power for
terminals such as IP phones, APs, chargers of portable devices, POS machines, cameras,
and data collection devices. Terminals are powered when they access the network,
without the indoor cabling of power supply.

Page 109
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
IEEE 802.3af: Power sourcing equipment (PSE) provides 44 V to 57 V, 350 mA DC power.

:h
Each port can provide a minimum of 15.4 W power. A powered device (PD) connected by

s
100 m cables can still receive 12.95 W power.
e
r c
IEEE 802.3at: The PSE provides 50 V to 57 V, 600 mA DC power. Each port can provide a
u
l

minimum of 30 W power.
s o
l

Re
PSEs provide power for other devices and are classified into the MidSpan PSE (with the PoE

switch) PSE.
i n g
module installed out of the switch) and Endpoint (with the PoE module integrated in the

rn
l

e a
Huawei PSEs are all Endpoint PSEs.

e LPDs are devices powered through PoE, including wireless APs, IP phones, and low-power

o r SOHO switches.

Page 110
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l PoE devices include:
t t
p IP security camera
s:h
p Network router
r c e
p Network camera
ou
VoIP phone
es
R
p

p AP

i n g
r n
e a
e L
o r
M

Page 111
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The IEEE 802.3af standard stipulates that PSEs can power PDs with power below 13 W

:h
through the Ethernet. This meets power supply requirements of traditional IP phones and

s
network cameras. However, it is becoming increasingly clear that the 13 W power cannot
e
r c
power dual-band access, video phones, and other high-power applications.

l
ou
Therefore, the 802.3at (PoE Plus) standard is formulated to increase PoE power, which is 2

es
times higher than 802.3af power. The power supply on each port is 30 W. The 802.3at
R
standard can support more PoE applications.

i n g
rn
e a
e L
o r
M

Page 112
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 113
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 114
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
// le
p :
l

t t
How do you classify Huawei APs by WLAN coverage?

p Indoor settled AP
s :h
p Indoor distributed AP
r c e
p Outdoor AP
ou
es
R
i n g
r n
e a
e L
o r
M

Page 115
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 116
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 117
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 118
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 119
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 120
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 121
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Versatile Routing Platform (VRP) is a network operation system capable of supporting

:h
various data communication products of Huawei. Network operating systems are

s
system software that runs on the network products to provide network access and
e
interconnection services.
r c
l
ou
VRP helps to provide unified user interfaces and interface management as the core

es
engine of the software for Huawei’s whole series routers, Ethernet switches and
R
service gateways. VRP defines and forwards norms of plane interface and makes the

n g
interaction between forwarding planes of all products and the VRP control plane a
i
n
reality. VRP also forms a network interface layer to keep the difference between the
r
a
data link layer of the product and the network layer at bay.
e
e L
o r
M

Page 122
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
The VRP5 is a distributed network operating system, and features high
t
l

t
extensibility, reliability, and performance. Currently, network devices

:h
running VRP5 are serving more than 50 carriers worldwide. The VRP5
s
r c e
provides various features and its stability has been approved by the market.

ou
The VRP8 is a new-generation network operating system, which has a

s
distributed, multi-process, and component architecture. The VRP8 supports
e
R
distributed applications and virtualization techniques. It follows the

i n g
hardware development trend and meets the exploding service requirements
of carriers in five to ten years.

rn
l

e a
The operating system of the access controller is developed on the basis of

eL
HUAWEI VRP5.0, which can realize the functions of AP management, user

or
access authentication and traffic forwarding.

Page 123
 e n
/
o m
e i.c
aw
u
g.h
i n
arn
//le
p :
l

t t
Win7 and Win10 system can login devices through the PuTTY and other third party

:h
software.

e s
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 124
 e n
/
o m
ei.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Right click my computer, select properties, enter the device manager view.

s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 125
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 126
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Press Enter until the following information is displayed. Enter the password and confirm

:h
password, and the system will save the password. (The following information is only for
reference.)
e s
r c
Please configure the login password (maximum length 16)
u
p

p Enter Password:
s o
p
Re
Confirm Password:

l NOTE:
i n g
r n
The password entered in interactive mode is not displayed on the screen.
a
p

e
eL
p When you log in to the system again in password authentication mode, enter the

or
password that is set during the initial login.

You can run commands to configure the device.

M
p

Page 127
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Command line interfaces are classified into command line views. All commands must be

:h
executed in command line views. You can run a command only after you enter its
command view.
e s
r c
When a user logs in to the device, the user enters the user view and the following
u
p

o
prompt is displayed on the screen:
s
<AC6605>
Re
n

i n g
In the user view, you can view the running status and statistics of the device.

rn
Run the system-view command and press Enter in the user view. The system view is

e a
displayed.

eL
<AC6605>system-view

or Enter system view, return user view with Ctrl+Z.

M [AC6605]

n In the system view, you can set the system parameters of the device, and
enter other function views from this view.

Page 128
 p Run the interface command and specify an interface type and number to enter an
interface view.

[AC6605]interface gigabitethernet 0/0/1

[AC6605-GigabitEthernet0/0/1]

n You can configure interface parameters in the interface view. The interface
parameters include physical attributes, link layer protocols, and IP addresses.

p Run the wlan command and press Enter in the system view. The WLAN view is
e n
displayed. /
o m
i.c
[AC6605] wlan

[AC6605-wlan-view]

w e
n In the WLAN view, you can configure most WLAN parameters.
u a
l

g .h
The command line prompt AC6605 is the default host name (sysname). The prompt

n
indicates the current view. For example,<> indicates the user view and [] indicates all other
i
rn
views except user view.

le a
Some commands can be executed in multiple views, but they have different functions after

//
being executed in different views. For example, you can run the lldp enable command in
:
t p
the system view to enable LLDP globally and in the interface view to enable LLDP on an
t
:h
interface.

e s
In the system view, you can run the diagnose command to enter the diagnostic view.

r c
Diagnostic commands are used for device fault diagnosis. If you run some commands in

u
the diagnostic view, the device may run improperly or services may be interrupted. Contact
o
s
technical support personnel and use these diagnostic commands with caution.
e
R
i n g
r n
e a
e L
o r
M

Page 129
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 130
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 131
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Press Tab after typing the incomplete key word and the system runs the partial help:

s :h
If the matching key word is unique, the system replaces the typed one with the

r c e
complete key word and displays it in a new line with the cursor a space behind.

ou
If there are several matches or no match at all, the system displays the prefix first.

es
Then you can press Tab to view the matching key word one by one. In this case, the
cursor closely follows the end of the word and you can type a space to enter the
R
i n g
next word.

n
p If a wrong key word is entered, press Tab and the word is displayed in a new line.

a r
L e
r e
o
M

Page 132
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l Common error messages of the command line.
t t
:h
Error Message Cause of the Error

e s No command is found.

r c
Error: Unrecognized command found at '^' position.

ou No keyword is found.

es The parameter type is incorrect.

R
Error: Wrong parameter found at '^' position.
The parameter value exceeds the limit.

i n g
Error: Incomplete command found at '^' position. The entered command is incomplete.

r n
e a
Error: Too many parameters found at '^' position. Too many parameters are entered.

eL
Error: Ambiguous command found at '^' position. Indefinite command is entered.

or
M

Page 133
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 134
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
AC6605 is a new device added to the network. To manage the AC6605 remotely,

:h
configure the Telnet service and system name at the LSW side and AC side before
installing the AC6605.
e s
NOTE:
r c
u
l

s o
Telnet and STelnetv1&v2 can be used to log in to the device. Using Telnet or
e
STelnetv1 has potential security risks. STelnetv2 is recommended.
R
i n g
r n
e a
e L
o r
M

Page 135
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 136
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Configure the Telnet service on AC6605:
t t
p Enable telnet service.
s :h
p

c e
Set the authentication method to AAA, user name to Huawei, and password to
r
Huawei.

ou
p

es
Set the service type to telnet and user level to 15.

R
Configure AAA authentication for the users at the vty 0 to vty 4 levels.
g
p

n i n
a r
L e
r e
o
M

Page 137
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 138
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Logging In to the Devices Through the Console Interface.

s :h
Run the display users [ all ] command to check information about the user interface.

c e
Run the display user-interface console ui-number1 [ summary ] command to check
r
u
physical attributes and configurations of the user interface.

o
p

es
Run the display local-user command to check the local user list.

R
Run the display access-user command to check online users.
g
p

l
i n
Logging In to the Devices Through the Telnet.
n
p
a r
Run the display users [ all ] command to check information about users logged in to
e
eL
user interfaces.

or
p Run the display telnet server status command to check the configuration and status
of the Telnet server.
M

Page 139
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 140
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
AC6605 is a new device added to the network. To manage the AC6605 remotely,

:h
configure the STelnet service and system name at the LSW side and AC side before
installing the AC6605.
e s
NOTE:
r c
u
l

s o
Users can use the default IP address or a configured IP address to log in to the web
platform.
Re
p

i n g
Users can use the default IP address or a configured IP address to log in to the web

n
platform.

a r
L e
r e
o
M

Page 141
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
t t
:h
l Before logging in to the web platform, ensure that:

e s
The IP address of the device's access port has been configured.

r c
The device and your PC are properly connected.

ou
The device is running properly, and the HTTP and HTTPS services are correctly

s
p

configured.

Re
The web browser software has been installed on your PC.
g
p

l NOTE:

n i n
p

a r
The IP address 169.254.1.1 and subnet mask 255.255.0.0 have been configured on

L e
MEth0/0/1 of the AC6605 before the delivery.

r ep The IP address 169.254.1.1 and subnet mask 255.255.0.0 have been configured on

o MEth0/0/1 of the ACU2 before the delivery.

M p The IP address 169.254.1.1 and subnet mask 255.255.0.0 have been configured on
VLANIF 1 of the AC6005 before the delivery, and interfaces GE0/0/1 to GE0/0/8
have been added to VLAN 1 by default.

p Before the device is delivered, the STelnet service has been configured on the device.
The STelnet port number is 22, and the default user name and password are
respectively admin and admin@huawei.com.

p Before the device is delivered, the HTTP and HTTPS services have been configured on
the device. The default port number is 80 for HTTP and 443 for HTTPS. The default
user name and password are respectively admin and admin@huawei.com.

Page 142
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 143
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l Configure the STelnet service on AC6605:
t t
p Enable STelnet service.
s :h
p

c e
Create administrator account,username:huawei,Password:Huawei@123
r
p

ou
Choose access mode is ssh,access level is Super administrator.

l
es
The ssh client first-time enable command enables the first authentication on the SSH client.
R
i n g
rn
e a
e L
o r
M

Page 144
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 145
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 146
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
// le
p :
l

t t
The following describes how to upgrade the AC6605.

s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 147
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l Prepare for the upgrade
t t
p

s :h
Check the version of the running system software.

<AC6605>display version
r c e
p

ou
Check the running status of the device.

es
<AC6605>display device
R
i n g
rn
e a
e L
o r
M

Page 148
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 149
 e n
/
o m
e i.c
aw
u
g.h
i n
arn
//le
p :
l

t t
Use the FTP, TFTP, or BootROM menu to copy the system software and BootROM program

:h
to the root directory of the storage device.

e s
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 150
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 151
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 152
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
l

p :
To upgrade the functions or versions of an existing WLAN, perform an in-service upgrade

t
on APs on the WLAN.In an in-service upgrade, an AP is already online. If the AP finds that
t
:h
its version is different from the version of the AP upgrade file specified on the AC, the AP

s
starts to upgrade its version.Unlike automatic upgrade, an in-service upgrade allows an AP
e
c
to work properly without affecting services. To minimize the impact of an AP upgrade, you
r
u
are advised to configure APs to download upgrade files in the daytime and reset the APs in
o
batches at night.
es
l
R
Run the following commands as required.

i n g
Run:ap update mode ac-mode,the AP upgrade mode is set to ac mode. The default

r n
upgrade mode is ac-mode.

e a
L
p Run:ap update mode ftp-mode, the AP upgrade mode is set to ftp mode.

r e p Run:ap update mode sftp-mode,the AP upgrade mode is set to sftp mode.

o
M
l In an in-service upgrade, APs support the upgrade modes of single AP upgrade, upgrade
based on the AP type and upgrade based on the AP group.

p Upgrade of a single AP: allows you to upgrade a single AP to check whether the
upgrade version can function properly. If the upgrade is successful, upgrade other
APs in batches.

p AP upgrade based on the AP type: allows you to upgrade APs of the same type.

p AP upgrade based on the AP group: allows you to upgrade APs in the same AP
group.

Page 153
 l Note the following during the configuration:

p In an in-service upgrade, if APs fail to load the upgrade file and are reset, APs are
upgraded automatically.

p Upgrading multiple APs in AC mode takes a long period of time. To reduce the
service interruption time, you are advised to use the FTP or SFTP mode.

p The AP version file has been uploaded to the AC, SFTP server, or FTP server.

e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 154
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
To simplify the problem description, this course uses FTP as an example to describe the

:h
related technologies.The FTP protocol will bring risk to device security. The SFTP V2 mode
is recommended.
e s
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 155
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 156
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
To upgrade APs of the same type, run the preceding command at one time. During

:h
upgrade, run the display ap all command to check whether APs are being upgraded. In

s
this example, the FTP mode is used. The maximum number of APs to be upgraded
e
r c
simultaneously is half of the maximum number of FTP connections. For example, if the

u
maximum of FTP connections is 100, a maximum of 50 APs can be upgraded
o
s
simultaneously. During AP upgrade, services are not affected.
e
R
i n g
r n
e a
e L
o r
M

Page 157
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 158
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 159
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 160
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 161
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 162
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 163
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 164
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 165
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
You can upgrade a large number of APs on your network in batches on the Upgrade

:h
Configuration page.

l
e s
Before starting a batch AP upgrade, upgrade an AP to check whether the target version is

r c
normal, ensuring success of the subsequent batch upgrade.

ou
l

online APs. es
The batch AP upgrade and single AP upgrade functions on the web system apply only to

R
i n g
rn
e a
e L
o r
M

Page 166
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 167
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 168
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 169
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 170
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 171
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l What kinds of upgrade mode support of AP?
t t
p AC mode
s :h
p FTP mode
r c e
p SFTP mode
ou
l
es
How to batch reboot ap after ap have download is newest software version?
R
p

i n g
Reboot a type AP.

n
[AC6605-wlan-view]ap-reset ap-type type-id 43
r
p

e a
Reboot a group AP.

e L [AC6605-wlan-view]ap-reset ap-group default

o r p Reboot all AP.

M [AC6605-wlan-view]ap-reset all

Page 172
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 173
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 174
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 175
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 176
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 177
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
BSS: A basic service set (BSS) is the basic building block of an 802.11 WLAN and comprises

:h
a group of associated STAs. STAs can communicate with each other when they are located

s
in a conceptual area which is called the basic service area (BSA). The BSA is determined by
e
r c
the transmission feature of the wireless media. An STA can communicate with other STAs

u
in the same BSS since they are in the BSA.
o
l
es
BSA: The basic service area is the coverage area of the BSS.
R
l

i n g
ESS: An extended service set is a set of multiple interconnected BSSs with the same SSID. It
is a virtual BSS of a large scale.

rn
l

e a
SSID: A service set identifier is the unique identifier of the BSS. Using SSID, one wireless

e LLAN can be divided into several sub-networks that require independent authentication.
Users can access the corresponding sub-networks only after they pass the authentication.

o r This prevents unauthorized users from accessing the network.

M l BSSID: The basic service set identifier is the MAC address of an AP. It identifies the BSSs
managed by the AP. As for one AP, each BSSID maps to a specified SSID. If multiple APs
manage the same BSS, the BSS has only one SSID but different BSSIDs for each AP. If one
AP manages multiple BSSs, different BSSIDs are assigned to map these SSIDs.

Page 178
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
SSID(Service Set Identifier):Identifier of wireless network, can be used to distinguish

:h
different wireless network. For example, When we search for a wireless network on a

s
laptop, the network name is SSID. SSID consists of up to 32 characters, and case sensitive,
e
r c
configured in all AP and STA radio frequency card.

l
ou
BSA(Basic Service Area):Equivalent to a wireless unit. Communication between the

es
member sites within the coverage area can be maintained. Because of the frequent
R
changes in the surrounding environment, the size and shape of the BSA is not always fixed.

i n g
r n
e a
e L
o r
M

Page 179
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The earlier 802.11 chips support only a single BSS. A single AP can only provide one

:h
wireless network for users, and the authorities of users on this network are almost the

s
same. A single logical network can meet the requirements of the earlier scenarios where
e
r c
there are only a few users. However, with the popularization of wireless networks, a single

u
network is far from enough.
o
l
es
For example, each company has some regular visitors who have their own wireless
R
terminals (such as laptops and mobile phones). These terminals need to access the Internet.

n g
An ESS is established for the AP to allow the visitors to access the Internet. Currently, APs
i
n
can create several ESSs simultaneously. For example, some APs developed by Huawei can
r
a
support 16 virtual APs per radio. That is, each AP radio can support 16 ESSs.
e
l

e LAs shown in this figure, two ESSs are created on an AP. Therefore, the AP has two SSIDs:

o r Internal for internal employees and Guest for visitors. The SSIDs are associated to different

M
VLANs that have different access authorities. In this way, different users can access the
wireless network through one AP.

Page 180
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
STA (Station):Terminal equipment supporting 802.11 standard.

s :h
AP (Access Point):Provide wireless access services based on 802.11 standard for STA,

r c e
which plays a bridging role between wired and wireless networks.

ou
BSS (Basic Service Set): Coverage of a AP. In a BSS service area, STA can communicate with
each other.
es
l
R
BSSs can be classified into two types: independent BSS and infrastructure BSS. BSS can be

i n g
used in a small office or family. However, it cannot cover large-scale areas.

r n
In IBSS,STAs can directly communicate with each other within an IBSS since the

e a distance between two STAs is within the limited range. An IBSS must consist of at

eL
least two STAs. In general, an IBSS is established temporarily for a small number of

or
STAs for specific purposes. For example, an IBSS is established to organize a
conference in the meeting room. When the conference begins, the STAs form an
M IBSS to transmit data. When the conference ends, the IBSS is dismissed immediately.

Page 181
 p An IBSS is of a small scale, established for specific purposes and lasts for a short
period. Therefore, it is also called Ad-hoc BSS or Ad-hoc network.

p Note: Ad-hoc is originated from Latin, which means special or for special situation.
Ad-hoc network is also called P2P network because STAs on this network
communicate directly with each other.

p infrastructure BSS. If there is an AP on the network, the BSS forms an infrastructure

network. An AP manages all the communications within the infrastructure network,
including the communications among all the mobile nodes in the BSA.
e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
t t
s :h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 182
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
802.11 allows us to connect several BSSs into an extended service set (ESS for short) to

:h
expand the WLAN coverage area. ESS is the connection of several BSSs through a

s
backbone network. Huawei recommend AP overlap of at least 15 to 25 percent to achieve
e
r c
successful seamless roaming, although measuring cell overlap is not an exact science.

ou
es
R
i n g
r n
e a
e L
o r
M

Page 183
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
All the APs within an ESS use the same service set identifier (SSID for short), which is the

:h
name of a user network. 802.11 does not specify which technology to use. It's only

s
required that the technology should provide a set of specified services.
e
r c
SSID: A service set identifier is the unique identifier of the BSS. Using SSID, one wireless
u
l

o
LAN can be divided into several sub-networks that require independent authentication.
s
Re
Users can access the corresponding sub-networks only after they pass the authentication.
This prevents unauthorized users from accessing the network.

l
i n g
BSSID: The basic service set identifier is the MAC address of an AP. It identifies the BSSs

rn
managed by the AP. As for one AP, each BSSID maps to a specified SSID. If multiple APs

e a
manage the same BSS, the BSS has only one SSID but different BSSIDs for each AP. If one

e LAP manages multiple BSSs, different BSSIDs are assigned to map these SSIDs.

o r
M

Page 184
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 185
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 186
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The wireless network of Ad-hoc typology consists of several wireless STAs. One STA can

:h
directly communicate with another STA or several other STAs through the Ad-hoc typology.

s
This network cannot be connected to a wired network, and it works independently. No AP
e
r c
is configured on the network. Each user ensures its own security.

l
ou
The STAs on the network compete for public channels. When a lot of STAs coexist on the

es
network, the channel competition may congest the network. Therefore, such topology is
R
applicable to small-sized WLAN networks.

l
i n g
On a point-to-point network, each node must "see" other nodes; otherwise, they consider

r n
that network connection is interrupted. Therefore, the Ad-hoc network is applicable only

e a
when there are a few users, for example, 4 to 8 users.

e L
o r
M

Page 187
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
When several APs are connected to cover larger areas, the APs should communicate with

:h
each other in order to monitor the mobile STAs. A distribution system is the logical

s
component of an 802.11 WLAN, and is responsible for transmitting frames to the
e
r c
destination. The distribution system is the backbone network for APs to transmit frames.

u
For products that have achieved success in the market, most of them use Ethernet as the
o
backbone network.
es
l
R
The distribution system is responsible for tracing the actual positions of STAs and

n g
transmitting the frames. To transmit frames to a mobile STA, the distribution system must
i
n
first transmit them to a specified AP that serves this STA. As is shown in the figure, if STA1
r
a
wants to access STA3, STA1 must transmit frames to AP1 first. The distribution system
e
e Lconnected to AP1 is responsible for transmitting the frames to AP2, which is connected

o r with STA3. AP2 then transmits the frame to STA3.

Page 188
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
APs are connected to the 802.3 Ethernet network. All the hosts in wireless networks

:h
communicate through the APs.

l
e s
The wireless AP works in half-duplex modes. It receives, buffers, and forwards data

r c
between STAs and the wired network. Wireless communication is implemented by the AP.

ou
l

es
An AP covers dozens of users and the radius of coverage area can reach a hundred meters.
An AP can connect a wireless network to a wired network.
R
l

i n g
The infrastructure network consists of multiple APs and DSs. The network is also called an

n
ESS. Each AP in the ESS is an independent BSS. All APs share an ESSID.

a r
A mobile terminal can roam between the wireless networks with the same ESSID. The
e
l

e Lwireless networks with different ESSIDs form a logical subnet.

o rl The channels between APs cannot overlap. The overlapping signal coverage areas range

M from 10% to 15%.

Page 189
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l WDS working principle:
t t
p

s :h
WDS can transmit data in a wired network through a wireless network to another

r c e
wired or wireless network. This function is also called wireless networking bridge
because data is transmitted over virtual wireless links.

ou
p

es
The wireless networking bridge function usually works in point-to-point mode.
However, WDS supports the point-to-multipoint mode and can connect wired
R
i n g
systems or wireless network adapters. Therefore, at least two APs of the same
function exist in the WDS. The maximum number of APs is determined by the

rn
vendor's network structure. WDS connects APs using wireless links and does not

e a
affect the coverage capabilities of APs.

e LCompared to traditional wired networks, WDS has the following advantages:

r
l

o It can be constructed without laying out cables or digging grooves. The deployment
M
p

and capability extension can be implemented rapidly.

p Companies except for the Telecommunications Department cannot lay out cables for
wired network connection in public places. However, the WDS system can flexibly
establish private networks through the 2.4 GHz or 5.8 GHz ISM open frequency
bands according to the customers' requirements.

p The O&M troubleshooting is difficult on wired networks. Fault locating and recovery
can be quickly implemented in the WDS because you only need to maintain bridging
devices.
Page 190
 p The WDS network can be deployed quickly, which provides assurance in temporary,
emergency, or anti-disaster situations.

l Huawei dual band APs can support a series of comprehensive services, and feature long
transmission areas, high anti-interference capabilities, simple network deployment,
automatic AC discovery and configuration, and real-time management and maintenance.
These APs meet the network coverage and connection requirements of indoor and
outdoor WLAN.

e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 191
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
This figure shows an example of a WDS application scenario.

s :h
For indoor WDS deployment, you can select the P2P or P2MP networking modes

r c e
flexibly according to the service requirements and architecture designs. In indoor
scenarios where network cabling is difficult or the coverage area is far away from

ou
the switch, WDS networking is an effective solution. However, the WDS application

es
in indoor scenarios is subjected to restrictions caused by building obstacles.
R
p

i n g
Outdoor WDS deployment: select the networking modes flexibly according to the
service requirements and architecture designs. When there are obstacles between

rn
two LANs or the transmission distance is too far, you can connect the two LANs

e a
using APs as repeaters.

e L The application scenario in this figure is the outdoor P2P networking mode.
r
p

o
M

Page 192
 e n
/
o m
ei.c
aw
u
g .h
i n
arn
//le
p :
l

t t
WDS connects two networks through two APs. The peer MAC address is configured on

:h
each AP to determine the link to be set up in the actual application.

l
e s
The P2P WDS networking mode can connect two networks in different places. You need

r c
to specify the same channel for the root AP and leaf AP.

ou
es
R
i n g
r n
e a
e L
o r
M

Page 193
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The P2MP WDS networking mode can integrate several remote and isolated networks

:h
together. Compared to the P2P mode, it has a more complicated structure. As shown in

s
the figure, root AP is the center device. The other APs set up wireless links with root AP.
e
r c
LAN segments 2, 3, and 4 can only communicate through root AP.

l
ou
If LAN segment 2 needs to establish connections with LAN segment 3, it must connect to
root AP first.
es
R
i n g
rn
e a
e L
o r
M

Page 194
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Depending on the AP's location on the WDS network, a wireless bridge works in root,

:h
middle, or leaf mode.

e s
Root: The AP functions as a root to connect to the AC through a wire, and functions
c
p

r
as an AP bridge to connect to a STA bridge.
u
p

s o
Middle: The AP functions as a middle node to connect to an AP bridge and an STA
e
bridge. When connecting to an AP bridge, the AP is an STA bridge; when
R
i n g
connecting to a STA bridge, the AP is an AP bridge.

n
p Leaf: The AP connects to an AP bridge as an STA bridge.

a r
The hand-in-hand mode applies to typical WDS indoor scenarios, such as homes,
e
l

e Lwarehouses, subways, and enterprises. WLAN signals deteriorate because of walls and

o r other obstacles. One AP cannot provide signal coverage for all indoor areas. A WDS
network connects multiple APs, enlarging signal coverage area and saving cabling costs.
M l For users that do not have high bandwidth requirements, this mode is cost-effective.

Page 195
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The back-to-back mode applies to typical WDS outdoor scenarios. When there are

:h
obstacles between two LANs to be connected or the transmission distance is too far, you

s
can select the back-to-back mode. As is shown in the figure, two repeater APs are
e
r c
deployed in back-to-back mode on the network to provide the wireless bridge function.

u
This network deployment ensures wireless link bandwidth for a long transmission distance.
o
l
es
When users require high bandwidth, two repeater APs can be deployed in back-to-back
R
mode to provide the wireless bridge function. The two APs work at different channels to

n g
provide high link bandwidth.
i
rn
e a
e L
o r
M

Page 196
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
On a traditional WLAN, APs exchange data with STAs using wireless channels and connect

:h
to a wired network through uplinks. If no wired network is available before a WLAN is

s
constructed, it takes much time and money to construct a wired network. If positions of
e
r c
some APs on a WLAN are adjusted, the wired network must be adjusted accordingly,

u
increasing the difficulty in network adjustment. A traditional WLAN requires a long
o
s
construction period and has a high cost and poor flexibility, so it does not apply to
e
R
emergency communication, wireless MANs, or areas that lack weak wired network

i n g
infrastructure. The construction of a WMN requires only APs to be installed, which greatly
speeds up network construction.
r n
e a
e L
o r
M

Page 197
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Mesh point portal (MPP): connects to a WMN or another type of network and

:h
communicates with an MP or MAP on a WMN. This node provides the Portal function and

s
enables Mesh nodes to communicate with external networks.
e
r c
Mesh point (MP): is a Mesh-capable node that uses IEEE 802.11 MAC and physical layer
u
l

o
protocols for wireless communication on a WMN. This node supports automatic topology
s
Re
discovery, automatic route discovery, and data packet forwarding. MPs can provide both
Mesh service and user access service.

l
i n g
Mesh access point (MAP): is an AP that supports the AP function and provides access to
STAs.
rn
e a
e L
o r
M

Page 198
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
A WMN allows APs to wirelessly connect to each other, solving the preceding problems. A

:h
WMN has the following advantages:

e s
Fast deployment: Mesh nodes can be easily installed to construct a WMN in a short
c
p

r
time, much shorter than the construction period of a traditional WLAN.
u
p

s o
Dynamic coverage area expansion: As more mesh nodes are deployed on a WMN,
e
the WMN coverage area can be rapidly expanded.
R
p

i n g
Robustness: A WMN is a peer network that will not be affected by the failure of a

n
single node. If a node fails, packets are forwarded to the destination node along the

a r
backup path.
e
eL
p Flexible networking: An AP can join or leave a WMN easily, allowing for flexible

or
networking.

M p Various application scenarios: Besides traditional WLAN scenarios such as enterprise

networks, office networks, and campus networks, a WMN also applies to scenarios
such as large-scale warehouses, docks, MANs, metro lines, and emergency
communications.

p Cost-effectiveness: Only MPPs need to connect to a wired network, which minimizes

the dependency of a WMN on wired devices and saves costs in wired device
purchasing and cable deployment.

Page 199
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
In an outdoor WMN, two MPs can interconnect over dozens of kilometers by using

:h
different antennas. Mesh technology can implement data transmission across office

s
buildings or areas. It overcomes the limitations of wired networks such as difficult
e
r c
deployment, high deployment costs, and low flexibility. Therefore, outdoor WMN

u
networking applies to campuses, plantations, mountain areas, and high buildings.
o
l
es
Outdoor obstacles include trees and high buildings. The radian of the earth must be
R
considered for long-distance transmission. Select and install antennas based on site
requirements.
i n g
rn
e a
e L
o r
M

Page 200
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l What are the common WDS networking modes?
t t
p Point-to-point mode
s :h
p

c e
Point-to-multipoint mode
r
l

ou
What are P2P networking modes? What are its disadvantages?

es
In the P2MP networking scenarios, an AP is used as the center device. The other APs
R
p

set up wireless links with the center AP. Data forwarding between sub-networks

i n g
must be implemented through the center AP.

r n
e a
e L
o r
M

Page 201
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 202
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 203
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 204
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 205
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 206
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 207
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The IEEE 802.11 working group has defined the standards related to:

p 802.11 physical layer

s :h
p 802.11 MAC layer
r c e
l

ou
802.11 physical layer standard defines the frequency, modulation method, and highest
rate.
es
R
IEEE 802.11: In 1990, the IEEE standard association (IEEE-SA) appointed the IEEE
g
p

i n
802.11 working group, which defined the standards related to physical layer and

n
r
MAC layer. The physical layer, working at 2.4000-2.4835 GHz, defines signal

e a
characteristics and modulation in data transport. The highest rate at this layer is 2

eL
Mbps.

or
p IEEE 802.11a: IEEE 802.11a standard was completed in 1999. It defines the

M frequency of WLAN, which is between 5.15 GHz and 5.825 GHz. The data transport
rate reaches 54 Mbps.

p IEEE 802.1b: IEEE 802.1b standard was approved in 1999. According to 802.1b,
WLAN works at 2.4-2.4835 GHz. The data transport rate reaches 11 Mbps.

p IEEE 802.11g: IEEE 802.11g improves the rate of 802.11b (Wi-Fi) from 11 Mbps to
54 Mbps. 802.11g access points are compatible with 802.11b and 802.11g clients.

Page 208
 p IEEE 802.11n: IEEE 802.11n uses 2.4 GHz and 5 GHz frequency bands. Multiple-
input multiple-output (MIMO) and OFDM are the core technologies of IEEE 802.11n.
The transport rate is 300 Mbps and reaches 600 Mbps at the maximum. IEEE
802.11n is compatible with 802.11b and 802.11g.

p IEEE 802.11ac:802.11 wireless local area network (WLAN) communication standards,

which through the 5GHz band for communication. In theory, the latest version of it
can provide up to 3.47Gbps bandwidth for multi station wireless LAN
communications, or at least 200Mbps single link transmission bandwidth.
e n
/
m
l 802.11 MAC layer standard defines the features of WLAN at the MAC layer, such as QoS,
security, and roaming.
o
p
e
IEEE 802.11e standard allows WLAN MAC protocols to support multimedia traffic i.c
transmission and QoS on all radio interfaces.
aw
u
.h
p 802.11h, refers to the amendment added to the IEEE 802.11 standard for Spectrum

i n g
and Transmit Power Management Extensions. It solves problems like interference
with satellites and radar using the same 5 GHz frequency band. It was originally

rn
designed to address European regulations but is now applicable in many other
a
le
countries. The standard provides Dynamic Frequency Selection (DFS) and Transmit

//
Power Control (TPC) to the 802.11a PHY.
p :
n

t t
DFS ensures that channels containing radar are avoided by an Access Point (AP)

:h
and energy is spread across the band to reduce interference to satellites. TPC

e s
ensures that the average power is less than the regulatory maximum to reduce

r c
interference to satellites.

ou
s
n The IEEE 802.11h standard provides an additional 11 channels to the 802.11a

R
channels.
e
standard’s 12 non-overlapping channels for a total of 23 non-overlapping

i n g
IEEE 802.11i uses user and device authentication of IEEE 802.1x. It is an amendment
n
p

a r
to MAC layer standard. IEEE 802.1i defines strict encryption and authentication

L e mechanism to improve WLAN security.

r e p IEEE 802.11r, fast BSS transition (FT), reduces the delay to transit clients between
o APs. IEEE 802.11h is designed to manage spectrum.
M p IEEE 802.11s is an IEEE 802.11 amendment for mesh networking, defining how
wireless devices can interconnect to create a WLAN mesh network, which may be
used for static topologies and ad-hoc networks.

Page 209
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Advantages of infrared rays: no wireless interference, visual transmission distance, difficult

:h
in detection, and secure. Disadvantage: hard to traverse opaque objects, short

s
transmission distance, interference by sunlight and fluorescent lamps, and half-duplex.
e
r c
Compared with infrared ray, radio frequency allows longer distance, faster transmission,
u
l

and higher security.

s o
Re
i n g
rn
e a
e L
o r
M

Page 210
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Physical layer is classified into two sublayers: Physical Layer Convergence Procedure (PLCP)

:h
and Physical Medium Dependent (PMD). PLCP maps MAC frames to the transmission

s
medium. PMD transports the frames.
e
r c
PLCP combines the MAC frames with radio waves. PLCP adds a header to frames. Usually,
u
l

o
a frame contains a preamble to synchronize data receiving. However, the preambles vary
s
Re
according to modulation method. Therefore, PLCP adds its own preamble to the frames to
be transmitted. Then PMD transmits the frames from PLCP to the air.

i n g
r n
e a
e L
o r
M

Page 211
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Bandwidth is the maximum frequency width of signals that can pass a channel. The unit is

:h
Hz.

l
e s
Nowadays, wireless signals transmit more and more information; therefore, bandwidth

r
usage is higher than before. c
ou
p

es
Broadcasting signals consume 175 kHz bandwidth to provide high quality audio.

p
R
TV signals contain audio and video, consuming 4500 kHz bandwidth.

i n g
WLAN uses 802.11 protocol and uses 20 MHz bandwidth.

rn
e a
e L
o r
M

Page 212
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Spread spectrum technology is used to transmit data on the WLAN. It was originally used

:h
by military departments to prevent wiretapping and signal interference.

l
e s
Spread spectrum is the basis for ISM transmission. Traditional wireless communication

r c
focus on how to transmit more signals with low bandwidth. Spread spectrum uses

ou
mathematics functions to spread signals to a wide frequency range. The receiver restores

es
the signals to narrowband signals. Moreover, the narrowband noise can be filtered out.
R
l

i n g
A WLAN device is a transceiver that connects to servers or other network segments
through Ethernet cables. There are two wireless technologies that establish a WLAN:

r n
p

e a Narrowband radio: It is similar to broadcasting. The transmitter and receiver must be

e L in the same frequency band.

o r p Spread spectrum radio: It broadcasts signals in a wide range, preventing the issues
occurring in narrowband transmission. This technology uses a type of codes to
M transmit signals, and the receiver uses the same type of codes to restore signals.
Spread spectrum radio can work in the frequency bands occupied by other signals.
Spread spectrum radio does not interfere with other wireless radio because it has
weak energy.

Page 213
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Industrial Scientific Medical (ISM) is used by industry, science, and medicine fields.

:h
Generally, each country has some radio frequencies for industry, science, and medicine use.

s
Using these frequencies does not need license, but must use certain transmit power (< 1
e
r c
W). In addition, signals in different frequency bands cannot interfere with each other.

l
ou
The ISM frequency bands in different countries are different. For example, the USA uses

es
902-928 MHz, 2400-2483.5 MHz, and 5725-5850 MHz; however, in Europe, 900 MHz is
R
used for GSM. Frequency band 2.4 GHz is used by all countries. Therefore, WLAN (IEEE

n g
802.11b/IEEE 802.11g) and other wireless networks can work at 2.4 GHz.
i
rn
902-928 MHz is used by cordless phones.
a
l

l
L e
2.400-2.4835 GHz is used for microwave. The typical applications are microwave oven,

r e Bluetooth, and 802.11 networks.

o l 5.725-5.875 GHz is the microwave frequency band, which is used for highway RFID
M system, gate control (shopping mall) system, and 802.11 networks.

Page 214
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 215
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l Frequency hopping (FH or FHSS):
t t
p

s :h
FHSS is a method of transmitting radio signals by rapidly switching a carrier among

r c e
many frequency channels, using a pseudorandom sequence known to both
transmitter and receiver.

ou
l

es
Direct sequence (DS or DSSS):

p
R
DSSS uses mathematics functions to spread power to wider frequency band.

i n g
Orthogonal Frequency Division Multiplexing (OFDM)

rn
OFDM divides available channels into sub-channels and decodes some signals on
a
p

L e each sub-channel.

r e
o
M

Page 216
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Frequency hopping spread spectrum (FHSS) is a method of transmitting radio signals by

:h
rapidly switching a carrier among many frequency channels, using a pseudorandom

s
sequence known to both transmitter and receiver. As shown in the figure:
e
r c
Available frequencies are divided into several frequency slots, and the time axis is
u
p

o
also divided into time slots.
s
p

Re
The frequencies in use are 3, 8, 5, and 7. The frequency hopping time is important.

i n g
The transmitter and receiver must be synchronized so that the frequencies at the
two ends are the same.

r n
l

e a
FHSS is defined only in IEEE802.11, but is rarely used in practice. The WLAN using FHSS

e Lsupports two rates: 1 Mbps and 2 Mbps.

o rl FHSS prevents wireless devices from interfering with major users at certain frequency
bands. FHSS users only interfere major users in a moment.
M l Similarly, major users only interfere with the spread spectrum device at a certain time slot,
like instance noise.

l The figure shows the impact on signals when time slot 7 is used. Signals in time slot 4 are
damaged, but the signals in previous three time slots are successfully transmitted. For
example, time slot 7 is used by microwave oven. The microwave oven only interferes with
the signals in time slot 7, and signals in other time slots are successfully transmitted.

Page 217
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Direct sequence spread spectrum (DSSS) was originally specified in the primary, 802.11

:h
standard and provides 1 and 2 Mbps RF communications using the 2.4 GHz ISM band. An

s
updated implementation of DSSS (HR-DSSS) was also specified in the 802.11b addendum
e
r c
and provides 5.5 and 11 Mbps RF communications using the same 2.4 GHz ISM band. The

u
802.11b 5.5 and 11 Mbps speeds are known as High-Rate DSSS (HR-DSSS).
o
l
es
802.11b devices are backward compatible with the legacy 802.11 DSSS devices. This
R
means that an 802.11b device can transmit using DSSS at 1 and 2 Mbps and using HR-

n g
DSSS at 5.5 and 11 Mbps. However, 802.11b devices are not capable of transmitting
i
n
using FHSS; therefore, they are not backward compatible with 802.11 FHSS devices.
r
l
e a
Unlike FHSS, where the transmitter jumped between frequencies, DSSS is set to one

e Lchannel. The data that is being transmitted is spread across the range of frequencies that

o r make up the channel. The process of spreading the data across the channel is known as

M
data encoding.

Page 218
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Everyone know the many ways that RF signals can get altered or corrupted. Because

:h
802.11 uses an unbounded medium with a huge potential for RF interference, it had to be

s
designed to be resilient enough that data corruption could be minimized. To achieve this,
e
r c
each bit of data is encoded and transmitted as multiple bits of data.

l
ou
The barker code uses 11 bit sequence, for example, 10110111000. It effectively prevents

es
interference, but reduces transmission rate.
R
l

i n g
Each bit code is an 11-bit barker code. The generated data object is a chip. A chip is a
binary numeral used in spread spectrum. Bit is advanced data, while chip is a binary

r n
numeral used during coding. They do not have difference in mathematics.

e a
l

e LInformation volume actually transmitted is 11 times of effectively transmitted information

volume.

o r
M

Page 219
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
CCK codes four or eight bits in any 8-bit sequence, so the total throughput is 5.5 Mbps or

:h
11 Mbps. In addition, CCK uses the transfer function to make the receiver easily identify

s
various codes even if interference or multi-path attenuation occurs.
e
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 220
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l BPSK: Binary Phase Shift Keying
t t
l QPSK: Quadrature Phase Shift Keying
s :h
l Modulation
c e
Phases difference
r
Code

BPSK 0
ou 0

BPSK
es
180 1
R
ing
QPSK 0 00

rn
QPSK 90 01

L ea
QPSK 180 10

r e QPSK 270 11

o l QPSK uses four-level coding mechanism to provide higher throughput than BPSK. However,

M if multi-path interference is serious, QPSK does not take effect. Multi-path interference
occurs because signals from the transmitter to the receiver through the branch. The
lengths of paths are different, so there is time difference between the signals received
from different paths. If multi-path interference is serious, QPSK will be down earlier than
BPSK.

Page 221
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
802.11b uses DSSS to provide four rates: 1 Mbps, 2 Mbps, 5.5 Mbps, and 11 Mbps.

s :h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 222
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
802.11a is based on Orthogonal Frequency Division Multiplexing (OFDM).

s :h
OFDM divides a wide channel into sub-channels. Each sub-channel can transmit data.

c e
The sub-carriers used by OFDM overlap, but they do not interfere with each other. Sub-
r
u
carriers can be distinguished by using orthogonal. In mathematics, orthogonal describes

o
independent projects.
es
l
R
The waveform of a sub-carrier is not affected by other sub-carriers. Signals are classified

i n g
into three sub-carriers. The waveform of each sub-carrier is used for coding, as shown in

n
the bullets in figure. The sub-carriers is designed to maintain the orthogonal relationship.

a r
Pay attention to the peak of wave. The amplitudes of the other two sub-carriers are 0.

L e
r e
o
M

Page 223
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Orthogonal Frequency Division Multiplexing (OFDM)

s :h
OFDM divides the specified channels into orthogonal sub-channels, and modulates

r c e
and transmits data on the sub-channels.

ou
The bandwidth of each signal is lower than the channel bandwidth.

es
OFDM divides a channel into 52 sub-channels, in which 4 are used for phase

R
reference. Therefore, only 48 sub-channels are available.

i n g
rn
e a
e L
o r
M

Page 224
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
QAM represents digital signals by using the amplitude change of two orthogonal carriers.

:h
Phase modulation of analog signals and PSK of digital signals can be considered as the

s
QAM with amplitude unchanged and phase changed.
e
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 225
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
To increase data rate, use the constellation with more bullets. When the data rate

:h
increases, the received signals must have high quality; otherwise, the adjacent bullets

s
cannot be distinguished. If two bullets are too close, the acceptable error of each bullet is
e
r c
small. 802.11a defines the maximum acceptable error of each bullet at the physical layer.

u
The figure shows the constellation used by 802.11a. BPSK and QPSK have the lowest bit
o
s
rate. They are the PSK technologies used by DSSS.
e
R
i n g
rn
e a
e L
o r
M

Page 226
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
To improve the maximum throughput, 802.11ac uses higher-order modulation 256Q-AM

:h
with improved modulation efficiency. 802.11ac supports code rates 3/4 and 5/6 and 10

s
MCS modes. Original 802.11 standards provide MCS coding for each MIMO combination,
e
r c
which is abandoned by 802.11ac. Therefore, there are only 10 MCS coding modes in

u
802.11ac. A higher MCS value indicates higher maximum throughput. This is because
o
s
different modulation coding modes use different numbers of bits in each sub-carrier. Each
e
R
sub-carrier represents 2 bits in BPSK mode, 4 bits in 16QAM mode, 6 bits in 64QAM mode,

i n g
and 8 bits in 256QAM mode. The following constellation figure shows BPSK, QPSK,
16QAM, 64QAM, and 256QAM. A higher order modulation mode achieves a higher
r n
a
modulation efficiency. The modulation efficiency is not improved linearly. The modulation

L e
efficiency in latter modulation modes is slightly improved.

r e
o
M

Page 227
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
OFDM PHY has four rate levels: 6 and 9 Mbps, 12 and 18 Mbps, 24 and 36 Mbps, and 48

:h
and 54 Mbps. The mandatory rates are 6 Mbps, 12 Mbps, and 24 Mbps. The three rates

s
are most stable even if there is interference.
e
r c
The first level rate uses binary BPSK. Each sub-channel has a one-bit code. That is,
u
p

o
each symbol has 48 bits. About a half or a quarter of these bits are used to correct
s
e
errors. Therefore, each symbol has only 24 or 36 available bits.
R
p

i n g
The second level rate uses binary QPSK. Each sub-channel has a two-bit code. That is,
each symbol has 96 bits. About a half or a quarter of these bits are used to correct

rn
errors. Therefore, each symbol has only 48 or 72 available bits.

e a
e L p The third and fourth levels use QAM. 16-QAM codes 16 symbols into 4 bits, and 64-
QAM codes 64 symbols into 6 bits. 64-QAM uses 2/3 and 3/4 code rate to increase

o r transmission rate.256-QAM uses 3/4 and 5/6 code rate.

Page 228
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
// le
p :
l DSSS: direct sequence spread spectrum
t t
l

s :h
OFDM: Orthogonal Frequency Division Multiplexing

r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 229
 e n
/
o m
e i.c
aw
u
g.h
i n
arn
// le
p :
l

t t
Which technologies are used at 802.11 physical layer?

s :h
802.11 uses three physical layer technologies:

c e
Frequency Hopping Spread Spectrum (FHSS)
r
n

ou
Direct Sequence Spread Spectrum(DSSS)

es
Orthogonal Frequency Division Multiplexing (OFDM)
R
n

i n g
Which rates are supported by OFDM?

rn
Eight. They are 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps,

e a
and 54 Mbps.

e L
o r
M

Page 230
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 231
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 232
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 233
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 234
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 235
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
802.11 defines interfaces used to transmit signals in air between a station and a wireless

:h
client or between wireless clients.

l
e s
After release of the 802.11 standard, a series of standard extensions are developed.

r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 236
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
802.11a was released in 1999 but related products were not available unitl a long period

:h
after 1999.

l
e s
802.11a hardware first appeared in the market at the end of 2001.

r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 237
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 238
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 239
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 240
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
In January, 2004, IEEE announced to establish a committee to develop new 802.11

:h
standatds. IEEE 802.11n was approved by Sep, 2009. Currently, the 802.11n standard

s
provides a theoretical bandwidth of 600 Mbit/s.
e
r c
Different from 802.11a/b/g standards, 802.11n uses dual bands (2.4 GHz and 5 GHz),
u
l

o
making it backward compatible with 802.11a/b/g standards.
s
l

Re
802.11n combines the MIMO and OFDM technologies, which doubles the transmission
speed.

i n g
n
l Additionally, advanced antenna and transmission technologies extend the WLAN

a r
transmission distance to several kilometers and ensure a transmission rate of 100 Mbit/s.

l
L e
The IEEE 802.11n standard improves the original 802.11 standards not only in the physical

r e layer but also in the MAC layer. IEEE 802.11n uses high-performance wireless transmission
o technology to improve MAC layer performance and optimize data frame structure,
M improving network throughout performance.

Page 241
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 242
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 243
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
802.11g/n uses OFDM to provide more subcarries for flexiable adjustment. More

:h
subcarriers indicates a higher transmission rate. Even if 802.11n uses single-input single-

s
output (SISO) antennas, it provides higher receive and transmit rate than 802.11g.
e
r c
Traditional 802.11a/g provides a total of 52 subcarriers (48 subcarriers can be used) in 20
u
l

o
MHz mode with a rate of 54 Mbit/s.
s
l

Re
802.11n provides a total of 56 subcarriers (52 subcarriers can be used) in 20 MHz mode

i n g
with a rate of up to 58.5 Mbit/s.

rn
e a
e L
o r
M

Page 244
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Forward error correction (FEC) uses error-correcting codes (ECCs) to correct wireless data

:h
errors caused by attenuation or interference during transmission. The corrupted data can

s
be recovered.
l
c e
802.11n ECCs maintain the same error correcting ability but consume less frequency
r
u
bandwidth. The ratio between the error correcting ability and the bandwidth consumption
o
s
is called the code rate.

e
R
i n g
r n
e a
e L
o r
M

Page 245
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Short Guard Interval (Short GI):
t t
p

s :h
802.11a/b/g defines an interval of 800 ns between data transmissions. This interval

r c e
is called Guard Interval (GI).

ou
802.11n uses the GI of 800 ns by default. If the multipath effect causes little effect

es
on data transmission, the GI should be set to 400 ns, which can increase the
throughput by 10%. This interval is called Short GI.
R
l

i n g
Usage scenario: Short GI applies to scenarios with good a radio environment and few

n
multipath problems. Short GI must be disabled on a network with severe multipath effect.

a r
In a multipath situation, data is transmitted over multiple paths. If a short GI is set, the
e
l

e Lsecond data block interfers with the sending of the first data block. A proper GI prevents

o r this problem. An improper GI reduces efficient SNR, as shown in the preceding figure.

Page 246
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Guard intervals (GIs) are the delay required for receiving or sending wireless data or

:h
between wireless data transmissions.

l
e s
When the radio chip sends data in OFDM modulation mode, it divides a frame into

r c
different data blocks. To ensure data transmission reliability, GIs are inserted between data

ou
blocks to ensure that the receive end correctly parses each data block. 802.11a/g uses GI

es
of 800 ns, while 802.11n uses short GI. A short GI of 400 ns increases data transmission
rate by 10%. R
i n g
r n
e a
e L
o r
M

Page 247
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The 40 MHz frequency bandwidth doubles the transmission rate of the wireless network.

:h
However, the number of 40 MHz channels supported by 2.4 GHz and 5 GHz networks are
different.
e s
r c
A 2.4 GHz network supports only one 40 MHz channel. while the number of 40 MHz
u
l

o
channels supported by the 5 GHz network varies according to countries. Theoretically a
s
e
maximum of eleven 40MHz channels are supported
R
i n g
r n
e a
e L
o r
M

Page 248
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l SISO: Single Input Single Output
t t
l

s :h
MIMO: Multiple Input and Multiple Output

c e
The 802.11n network uses APs and STAs that support MIMO technology to provde high
r
u
reliablity and data throughput. Even if only APs support MIMO, the 802.11n network

o
s
ensures 30% higher performance than an 802.11a/b/g network.
e
l
R
The improvement of network performance is benefited from MIMO antennas which allow

i n g
more reliable data transmissions between the AP and STAs. Compared to standard

n
antenana diversity, the MIMO antenna provides higher data transmission rate for STAs. For

a r
example, when an 802.11a/b/g STA communicates with a traditional AP, the transmission

L e
rate decreases from 54 Mbit/s to 48 Mbit/s or 36 Mbit/s. However, if the same STA

r e communicates with an 802.11n AP that supports MIMO, the transmission rate remains 54

o Mbit/s.

Page 249
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Multiple antennas are used on the receive and transmit ends in a wireless communication

:h
system. Proper use of MIMO technology greately improves performance. The input and

s
output in the MIMO system refers to wireless channels). Multiple antennas of the transmit
e
r c
end allow multiple signal inputs in the wireless channel (Multiple antennas of the receive

u
end allow multiple signal outputs from the wireless channel. Multiple-antenna receiver
o
s
uses advanced spatial code processing technology to separate and decode data signal
e
R
streams, which has good processing results and effectively prevents space-selective fading.

i n g
rn
e a
e L
o r
M

Page 250
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Beamforming: The beamforming technology adjusts transmit signals of multiple antennas

:h
to enhance signal strengths on the receive end.

l
e s
When two different antennas send two signals, the two signals are superposed at the

r c
receive end. Their phases may be different at the receive end due to transmission

ou
directions. This affects the signal strength at the receive end. The phases of wireless signals

es
on the transmit end can be adjusted to enchange signal strength, that is to increase the
SNR. R
p
i n g
The beamforming technology applies to the scenario where the receive end has

r n
only one antenna and no obastacle exsits. If the beamforming technology is not

e a used, two signals received by the receive end go out of phase, as shwon in figure 1.

eL
If the beamforming technology is used, the receive end receives positive phases that

or
maximize signal strength, as shown in figure 2. The SNR is increased on the receive

M
end.

Page 251
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
For example, MIMO 2*2 indicates two groups of tranmission links: two receive links and

:h
two spatial streams that are processed through multi-tasks and transmitted over wireless

s
links. The AP can transmit different information over multiple spatial streams to increase
e
data transmission rate.
r c
l
ou
If the MIMO 2*1 is increased to MIMO 4*4, the SNR of the AP is increased every time one

es
transmit antenna or receive antenna is added on the AP.
R
i n g
rn
e a
e L
o r
M

Page 252
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
802.11 MAC layer protocols consume excessive bandwidth for link maintenance and

:h
protection, which greately reduces the system throughput.

l
e s
802.11 MAC layer protocols have a large amount of overhead, especially acknowledgment

r c
of transmitted frames. At the highest data rates, this overhead occupy more bits than the

ou
data frame. For example, 802.11g supports a theoretical transmission rate of 54 Mbit/s

es
but the actual transmission rate is 22 Mbit/s. Half of the rate is wasted.
R
l

i n g
Wireless network conflicts and congestion also lower the 802.11 throughput. 802.11n
improves the MAC layer to reduce fixed cost and transmission loss caused by congestion.

r n
e a
e L
o r
M

Page 253
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
A-MSDU and A-MPDU reduce payloads and can aggregate only frames of the same QoS

:h
level. However, there may be transmission delay because they have to wait for a time for

s
packet aggregation. Only MPDU uses the Block acknowledge frame.
e
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 254
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
A-MSDU is short for aggregation of MAC service data units.

s :h
A-MSDU aggregates packets that have the same destination and application. After

r c e
aggregation, these packets share one MAC frame header. The playload, transmission time,
and acknowledge frame in the packet header decreases. This improves wireless

ou
transmission rate. The maximum length of an A-MSDU frame is 7935 bytes.

es
R
i n g
r n
e a
e L
o r
M

Page 255
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
A-MPDU is short for agregation of MAC protocol data units.

s :h
A-MPDU aggregates packets that have the same destination but different applications. It is

r c e
less efficient than A-MSDU aggregation, but it can reduce playload in the packet header
and transmission time. The maximum length of the A-MPDU frame is 65535 bytes.

ou
es
R
i n g
rn
e a
e L
o r
M

Page 256
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
To ensure reliable data transmission, 802.11n defines that an ACK frame must be sent to

:h
respond to every received unicast data frame. After receiving an A-MPDU, A-MPDU

s
receivers must process each MPDU and send an ACK frame to respond to each MPDU.
e
r c
Block Acknowledgement uses a single Block Acknowledgement frame to acknowledge

u
multiple MPDUs to reduce the number of ACK frames.
o
l
es
The sender only needs to retransmit frames that receive no ACK frame. In environments
R
with high error rates, A-MPDU that uses the Block Acknowledgement mechanism allows

n g
higher WLAN efficiency than A-MSDU. In this mechanism, only error frames rather than
i
n
the all aggregation frames are retransmitted. This reduces the number of data to be
r
a
transmitted.
e
e L
o r
M

Page 257
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 258
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
IEEE 802.11ac a being computer networking standard of 802.11. It implements WLANs on

:h
the 5 GHz band. Theoretically, this specification enables multi-station WLAN throughput of

s
at least 1 Gbit/s or a maximum single-link throughput of at least 500 Mbit/s.
e
r c
802.11ac involves multiple technical innovations. It may take a long time to employ these
u
l

o
innovations into Wi-Fi products at a time and launch the products on the market.
s
Re
Therefore, the Wi-Fi Alliance (WFA) brings the fifth-generation 802.11 standard, 802.11.ac,
to the commercial market in two phases: Wave 1 and Wave 2. This method can quickly

n g
launch 802.11ac to meet the rapidly increasing traffic requirements as well as remaining
i
n
802.11ac evolution, maintaining the competitiveness of Wi-Fi.
r
l
e a
802.11ac will be backward compatible with existing and to-be-released 802.11 standards

e Land regulations, including 802.11s mesh networking.

o rl In terms of security, 802.11ac complies with the 802.11i security standard so that Wi-Fi

M meets security requirements of enterprise users. According to the 802.11ac goal, 802.11ac
will help implement seamless roaming for enterprises and households. It will also support
security, management, and diagnosis of Wi-Fi products during roaming.

l 802.11ac uses new technologies or extends original technologies to improve the

maximum throughput or number of access users, for example, multi-flow MIMO, 256QAM,
and MU-MIMO.

l 802.11ac optimizes protocols to reduce complexity. For example, 802.11ac deletes implicit
TXBF, and provides only one channel probe mode and one feedback mode.

Page 259
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
High throughput has always been the goal of Wi-Fi standards. The throughput has been

:h
rapidly increasing, 2 Mbit/s in the first generation, 54 Mbit/s in the third generation, 600

s
Mbit/s in the fourth generation, and 6.93 Gbit/s in the fifth generation. Such a significant
e
r c
improvement of throughput enables 802.11ac to better cope with large-bandwidth
challenges.
ou
l
es
802.11ac defines WLAN operation in bands below 6 GHz excluding 2.4 GHz. However, the
R
mainstream frequency band is still the 5 GHz frequency band that provides more abundant

n g
resources. Compared with 83.5 MHz bandwidth of 2.4 GHz, the 5 GHz frequency band
i
n
can provide up to hundreds of megahertz in some countries. More frequencies reduce the
r
a
frequency misuse with the same bandwidth and therefore reduce interference in the
e
e Lsystem. External interference is mainly from 2.4 GHz Wi-Fi devices.

o rl Although 802.11ac does not change the multiple access modes on Wi-Fi networks, it

M
provides higher throughput and MU-MIMO, improving the user access capability. With a
higher rate, each user occupies the air interface for a shorter time. In this way, an AP can
provide access services for more users within the same time period. MU-MIMO
significantly improves the user access capability. It allows an AP to provide data
transmission for multiple users, therefore improving the concurrent access capability.

Page 260
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 261
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
SU-MIMO can greatly increase the throughput of a single user. However, many STAs on

:h
live networks still support single spatial streams. Compared with multi-stream STAs, a

s
single-stream STA occupies the air interface for a longer time, becoming a bottleneck of
e
r c
the user access capacity. MU-MIMO can address this problem. Without changing the user

u
bandwidth or frequency, an AP can send different data to multiple users (a maximum of 4)
o
at the same time.
es
l
R
In an SU-MIMO scenario, all antennas of an AP send the same data. Despite the diversity

n g
gain generated in this transmission mode, the gain is limited. In an MU-MIMO scenario,
i
n
each antenna (mapping different users) on an AP sends different data. That is, one AP can
r
a
send four copies of different data, increasing efficiency by four times compared with SU-
e
e LMIMO.

o rl 802.11ac Wave 1 supports only SU-MIMO, allowing an AP to communicate with only one

M
user at the same time. 802.11ac Wave 2 supports MU-MIMO, allowing an AP to
communicate with several users at the same time.

Page 262
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
802.11n introduces frame aggregation technology to the MAC layer to aggregate and

:h
encapsulate MSDUs and MPDUs. Then multiple frames use one physical header

s
encapsulation, improving encapsulation efficiency and reducing the occupation and
e
r c
preemption for the air interface.

l
ou
Upon an error occur during transmission, the entire aggregated frame needs to be

es
retransmitted in A-MSDU. In contrast, in A-MPDU, each MPDU has its own MAC header,
R
so only the error data packet needs to be retransmitted.

l
i n g
802.11ac frames must be sent in A-MPDU mode. That is, A-MPDU cannot be disabled.

r n
e a
e L
o r
M

Page 263
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The request to send/clear to send (RTS/CTS) handshake protocol prevents data

:h
transmission failures caused by channel conflicts. When an AP needs to send data to a STA,

s
the AP sends an RTS packet to all the STAs associated with it. After receiving the RTS
e
r c
packet, none of the devices within the AP's coverage area sends data within a specified

u
period. After the destination STA receives the RTS packet, it sends a CTS packet. After
o
s
receiving the CTS packet, none of the devices within the STA's coverage area sends data
e
R
within a specified period.

l
n g
802.11ac enhances the RTS/CTS mechanism to coordinate available channels and when
i
n
these channels are available. The coordination mechanism is as follows:
r
e a
An 802.11ac device sends an RTS packet in 20-MHz subchannels. The RTS packet is

eL
p

replicated another three times to fill 80 MHz (or another seven times to fill 160 MHz).

or
In this way, any 20-MHz channel in the primary channel can listen on the RTS packet

M
regardless of whether the primary channel bandwidth is 80 MHz or 160 MHz. Every
device that hears the RTS packet has its virtual carrier sense set to busy.

p The recipient device checks whether data is being transmitted on its primary channel
or on any 20-MHz subchannels. If a portion of the channel bandwidth is in use, the
recipient device responds with a CTS packet only on the available 20-MHz
subchannels and reports the bandwidth of the replicated CTS packet.

Page 264
 p The CTS packet is sent, like the RTS, replicated on available 20-MHz subchannels. In
this way, the initiating device can know available channels and send data only on
the available subchannels.

p RTS/CTS supports the dynamic frequency bandwidth mode. In this mode, if a portion
of the frequency bands is in use, the CTS packet is sent only on the primary channel.
The STA that has sent an RTS frame can fall back to a low frequency band mode.
This helps reduce the impact of hidden STAs. The final transmission frequency
bandwidth is always included in the primary channel.
e n
/
m
l If the RTS/CTS handshake mechanism is not enabled, there may be hidden STAs. If base
stations A and C simultaneously send information to base station B because base station C
o
i.c
does not know that base station A is sending information to base station B, signal conflict
e
w
occurs. As a result, signals fail to be sent to base station B.

l
u a
Note that the RTS/CTS handshake mechanism reduces the transmission rate and even
causes the network delay.
g .h
i n
arn
// le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 265
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
802.11ac supports 20 MHz, 40 MHz, 80 MHz, 80+80 MHz (discontinuous, non-

:h
overlapping), and 160 MHz bandwidths. 20 MHz, 40 MHz, and 80 MHz are mandatory,

s
and 80+80 MHz and 160 MHz are optional.
e
r c
This figure shows a North American spectrum, giving a comparison between 802.11a/n/ac.
u
l

o
Note that a 160 MHz channel can be composed of two continuous or discontinuous 80
s
MHz channels.
Re
l

i n g
This variable bandwidth design retains the compatibility with small-bandwidth channels.
The higher bandwidth also greatly improves throughput and brings users a better

r
experience.n
e a
e L
o r
M

Page 266
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The theoretical transmission rate of 802.11a reaches 54 Mbit/s on the 5 GHz frequency

:h
band.

l
e s
802.11b is the oldest and most popular WLAN technology. The theoretical rate is 11

r c
Mbit/s, and the actual throughput can reach 5 Mbit/s.

ou
l

es
802.11g greatly increases the physical-layer transmission speed on the 2.4 GHz frequency
band. The maximum rate reaches 54 Mbit/s, and the throughput reaches 20–26 Mbit/s. In
R
i n g
addition, 802.11g is backward compatible with 802.11b.

n
l 802.11n uses dual-band (2.4 GHz and 5 GHz). The theoretical transmission rate is 300

a r
Mbit/s and even reaches 600 Mbit/s in certain conditions. The tested rate is over 100

L e
Mbit/s. It is backward compatible with 802.11a/b/g.

rl
e 802.11ac Wave 1 supports a maximum rate of 1.3 Gbit/s, while 802.11ac Wave 2
o supports 3.47 Gbit/s.
M l In actual tests, the wireless transmission rate of 802.11a/b/g/n/ac products is far from the
theoretical rate. This is because about a half of bandwidth is used for load balancing,
checking, frame alignment, and error restoration data. Various factors also need to be
considered, for example, signal strength and obstacles.

Page 267
 e n
/
o m
e i.c
aw
u
g.h
i n
arn
//le
p :
l What are the 802.11ac advantages?
t t
p Higher throughput
s :h
n

c e
802.11ac Wave 2 supports a maximum rate of 3.47 Gbit/s.
r
p Less interference
ou
es
The 5 GHz frequency band is the mainstream band.
R
n

i n g
Higher access capacity

rn
n 802.11ac provides higher throughput, and MU-MIMO objectively improves

e a the user access capability.

e LWhat is MIMO technology?

o r p Multiple input and multiple output (MIMO) allows 802.11n APs and STAs can

M transmit data simultaneously on two or more channels in space division mode.

Page 268
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 269
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 270
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 271
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 272
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 273
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 274
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
For many years, the conventional access point was a standalone WLAN portal device

:h
where all three planes(Management Plane, Control Plane, Data Plane) of operation existed

s
and operated on the edge of the network architecture. These APs are often referred to as
e
r c
fat APs, or standalone APs. However, the most common industry term for the traditional

u
access point is autonomous AP.
o
l
es
All configuration settings exist in the autonomous access point itself, and therefore, the
R
management plane resides individually in each autonomous AP. All encryption and

n g
decryption mechanisms and MAC layer mechanisms also operate within the autonomous
i
AP.
rn
l
e a
A typical fat AP is a wireless router. Unlike traditional APs, wireless routers have WAN and

e LLAN interfaces and support Dynamic Host Configuration Protocol (DHCP) servers, domain

o r name server (DNS), and MAC address clone, as well as VPN access and firewall functions.

Page 275
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The next progression in the development of WLAN integration is the centralized WLAN

:h
architecture. This model uses a central WLAN controller that resides in the core of the

s
network. In the centralized WLAN architecture, autonomous APs have been replaced with
e
r c
controller-based access points, also known as lightweight APs or Fit APs (thin APs).

l
ou
To build operational WLAN and to realize quick deployment of WLAN, centralized

es
management of network devices, and fine-grained user management. Enterprises and
R
carriers prefer the fit AP + AC networking to the fat AP networking because the fit AP +

n g
AC networking realizes fast WLAN deployment, centralized network device, and refined
i
n
user management, helping build a maintainable, manageable WLANs.
r
l
e a
An AC and a fit AP run the CAPWAP protocol to communicate with each other.

e L
o r
M

Page 276
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 277
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 278
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
// le
p :
l

t t
Control And Provisioning of Wireless Access Points

s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 279
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l

t t
LWAPP: Light Weight Access Point Protocol

s:h
SLAPP: Secure Light Access Point Protocol

c
CTP: CAPWAP Tunneling Protocol
r e
l

ou
WiCoP: Wireless LAN Control Protocol

es
R
i n g
rn
e a
e L
o r
M

Page 280
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
LWAPP has a complete protocol architecture and defines detailed packet structure and

:h
multiple control control messages. However, the effectiveness of the newly created

s
security mechanism is yet to be proven. The highlight of SLAPP is the DTLS technology,
e
r c
which is highly applauded in the industry.CTP and WiCoP can satisfy the demands of

u
centralized WLAN architecture. However, they have drawbacks, especially in terms of
o
security.
es
l
R
The CAPWAP team compared and evaluated the four protocols, and extended the LWAPP

n g
protocol to create the CAPWAP protocol, using DTLS technology and merits of the other
i
n
three protocols.
r
e a
e L
o r
M

Page 281
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 282
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Direct Forwarding(local forwarding) of data packets

s :h
Service data of APs is forwarded locally and the AC only manages the APs. That is,

r c e
AP management packets are encapsulated in CAPWAP tunnels and terminated on
the AC; whereas AP service flows are directly forwarded to switching devices

ou
without being encapsulated.

es
Tunnel forwarding (centralized forwarding) of data packets
R
l

i n g
Service data of APs is encapsulated and forwarded to the AC over the CAPWAP

n
tunnel. The AC manages the APs and forwards service data of APs to the upper layer

a r
network. Both the AP's management flows and data lows are encapsulated in the

L e CAPWAP tunnel and sent to the AC.

r e
o
M

Page 283
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 284
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
CAPWAP is an application-layer protocol using UDP ports.

l CAPWAP transmits two types of packets:

s :h
p

c e
Data packets: encapsulate wireless frames
r
p

ou
Control packets: management packets exchanged between APs and ACs.

l
es
CAPWAP data and control packets are transmitted on different UDP ports:
R
p

i n g
Control packets are transmitted on UDP port of 5246.

r n
Data packets are transmitted on UDP port of 5247.

e a
e L
o r
M

Page 285
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
If an AC IP address list is configured on an AP, the AP starts the static discovery process

:h
after being powered on and associates with a specified AC.

l
e s
If no AC IP address list is configured, the AP starts the dynamic AC discovery process. In

r c
this process, the AP obtains it own IP address and DNS server address through DHCP,

ou
obtains an AC IP address list from the DHCP server or DNS server, and broadcasts

es
discovery packets to discover an AC and associates with the AC.
R
i n g
rn
e a
e L
o r
M

Page 286
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
1. After an AP starts, it obtains an IP address, DNS server address, and domain name

:h
through the DHCP server.

l
e s
2. The AP broadcasts a request packet at Layer 2 to attempt to associate with an AC.

r c
l

ou
3. If the AP does not receive a response after 30s, it starts Layer 3 discovery. The AP

es
obtains the IP address of an AC using Option 43 or the domain name of an AC using
Option 15 from the DHCP server, and then sends a discovery request to the IP address or
R
domain name.

i n g
n
l 4. After receiving the discovery request, the AC checks whether the AP has the right to

a r
access the AC. If the AP is authorized, the AC replies with a discovery response.

l
L e
5. The AC and the AP establish a CAPWAP tunnel.

r e
o
M

Page 287
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 288
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 289
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l DHCP four-message exchange:
t t
p

s :h
When no AC IP address list is preconfigured, the AP starts the dynamic AC auto-

r c e
discovery process. The AP obtains IP address through DHCP and returns to IP
address list of AC through Option in DHCP protocols.

ou
p

es
First, the AP sends a discovery request to the DHCP server. The DHCP server detects
the discovery request packet and responds to the AP with a DHCP offer packet with
R
i n g
an unleased IP address and other TCP/IP configuration. The packet contains
information about lease duration.

rn
p

e a
Since DHCP offer packets can be either unicast or multicast packets. When the AP

e L receives responses from multiple DHCP servers, it chooses the offer first received and
sends a DHCP request to require all servers to send DHCP offer packets aobtain. The

o r DHCP server specifies which IP address is to be used. The AP sends an ARP packet to

M check whether the IP address is used by another device. If the address is used, the
AP sends a DHCP decline packet to the DHCP server to reject the DHCP discovery
packet.

p When the DHCP server receives the AP request packet, it responds with a DHCPACK
packet, which contains the IP address of the AP, lease duration, gateway
information, and DNS server IP address. By now, the lease contract takes effect and
the DHCP four-message exchange is completed.

Page 290
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l AC discovery:
t t
p

s :h
The AP finds available ACs through the AC discovery mechanism and decides to

r c e
associate with the best AC through CAPWAP tunnel. The discovery mechanism is
optional. If there is preconfigured AC on the AP, there is no need to conduct the

o
discovery process.u
es
The AP activates CAPWAP protocol discovery mechanism and sends unicast or
R
p

i n g
broadcast request packets to try to associate an AC. The AC responds the requests
with unicast discovery response packets, containing the information about the AC

r n
priority level and the number of APs The AP determines to associate with the

e aappropriate AC based on the AC priority level and the number of APs.

e L
o r
M

Page 291
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l DTLS handshake:
t t
p

s :h
After the AP obtains the AC IP address, it triggers negotiation with the AC. After the

r c e
AP receives a response message from the AC, it starts to establish a CAPWAP tunnel
with the AC. The Datagram Transport Layer Security (DTLS) protocol can be used to

ou
encrypt and transmit User Datagram Protocol (UDP) packets.

es
R
i n g
rn
e a
e L
o r
M

Page 292
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Join:
t t
p

s :h
After the DTLS handshake is completed, the AC and the AP establish control channel.

r c e
The AC sends a join response packet containing information about user upgrade
version number, the interval/timeout period of the handshake packet, and the

ou
priority level of the control packets. The AC checks the version of the current AP. If

es
the AP version cannot meet the demands of the AC, the AP and the AC enter image
R
data state for AP hardware upgrading. If the AP version meets the demands, the

n g
two enter the configuration state.
i
r n
e a
e L
o r
M

Page 293
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l image data：
t t
p

s :h
The AP checks whether it is running the latest software version based on negotiation

r c e
parameters. If the current version is not the latest version, the AP obtains the latest
software version from the AC using the CAPWAP tunnel.

ou
p

es
After the software version is updated, the AP restarts, discovers the AC, establishes a
CAPWAP tunnel with the AC, and joins the AC again.
R
i n g
rn
e a
e L
o r
M

Page 294
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Configuration：
t t
p

s :h
The configuration state is for the matching of the current AP configuration and the

r c e
configuration required by the AC. The AP sends a configuration request to the AC,
containing information about the current AP configuration. When the current AP

ou
configuration does not meet the requirement of the AC, the AC sends a

es
configuration response packet to notify the AP.
R
i n g
r n
e a
e L
o r
M

Page 295
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Data Check ：
t t
p

s :h
When the configuration is completed, the AP sends change state event request

r c e
message, which contains information about radio, result, and code. When the AC
receives the message, it replies with change state event response message.

ou
p

es
The management tunnel is established when the data check is completed and the

R
AP enters run state.

i n g
rn
e a
e L
o r
M

Page 296
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Run：
t t
p

s :h
The AP sends a Keepalive message to the AC to establish a data tunnel. When the

r c e
AC receives the Keepalive message, the data tunnel is established. The AC then
replies with a Keepalive message. The AP enters the normal state and starts to work

ou
when receiving the Keepalive message from the AC.

es
R
i n g
r n
e a
e L
o r
M

Page 297
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l Management tunnel maintenance:
t t
p

s :h
When the AP is in run state, it sends echo request packet to the AC to demonstrate

r c e
the CAPWAP management tunnel is established and activates the echo sending
timer and tunnel monitoring timer to monitor the management tunnel.

ou
p

es
When the AC receives the echo request packet, it enters run state, replies with echo
response packet, and activates tunnel timeout timer.
R
p

i n g
When the AP receives echo response packet, it resets the tunnel timeout detection

n
timer.

a r
L e
r e
o
M

Page 298
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
As shown in the figure, the left two APs belong to region 101 and are added to VLAN 11.

:h
Their SSID is Huawei 101 and bound to the service VLAN 101. STAs obtain the IP address

s
10.1.101.51. The right APs belong to region 102 and are added to VLAN 12. Their SSID is
e
r c
Huawei102 and bound to WLAN 102. The STAs obtain the IP address 10.1.102.51. The

u
AC uses the management VLAN 100 to manage all APs.
o
l
es
The gateways of device VLAN, management VLAN, and service VLANs reside on the core
R
switch. The source IP address of the AC is 10.1.100.100. To ensure normal

n g
communications, the AC creates a VLANIF interface for each service.
i
r n
On the AC, the interface that connects the AC to the core switch is configured as a trunk
a
l

L e
interface and is configured to allow the management VLAN 100, service VLANs 101 and
102. The AC functions as a Layer 2 device and uses the tunnel forwarding mode.

r e
o
M

Page 299
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The above is the description of the topology. The following pages are going to show you

:h
how data flows are transmitted in this deployment mode. Take the transmission of DHCP

s
data packets as an example. After a wireless terminal connects to the wireless network, it
e
r c
sends a DHCP request. The DHCP request packet carries the source IP address 0.0.0.0. The

u
wireless terminal has not obtained an IP address yet. The destination IP address will be
o
255.255.255.255.
es
R
i n g
rn
e a
e L
o r
M

Page 300
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
After the data packet reaches the AP, the AP encapsulates the packet into a CAPWAP

:h
packet. The encapsulated packet carries the source IP address 10.1.11.101. This IP address

s
is the IP address of the AP. The packet is destined for the IP address 10.1.100.100, which
e
r c
is the AC's IP address. Since the packet is a CAPWAP data packet, its UDP port is 5247.

ou
es
R
i n g
r n
e a
e L
o r
M

Page 301
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
After receiving the packet, the AC decapsulates the packet and obtains the original data

:h
sent by the terminal. Since the network uses an independent DHCP server, the AC will

s
send this request to the DHCP server.
e
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 302
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
The DHCP server receives the request packet and sends a DHCP offer packet to the AC.

:h
The DHCP offer packet carries information such as the IP address, mask, gateway IP

s
address, and DNS IP address. The AC then encapsulates the offer data into the CAPWAP
e
r c
tunnel and sends it to the AP. The AP decapsulates the packet after receiving it, and sends

u
the offer packet to the terminal. The terminal finally obtains the requested IP address.
o
es
R
i n g
r n
e a
e L
o r
M

Page 303
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l What methods can a fit AP use to discover an AC?
t t
p

s :h
Automatic discovery of AC includes static discovery and dynamic discovery. Dynamic

r c e
discovery includes DHCP discovery and DNS discovery.

ou
How a CAPWAP tunnel is established?

s
CAPWAP tunnel establishment:
e
R
Discovery phase
g
1.

2.
i n
DTLS handshake (optional)
n
a r Join phase
e
3.

eL
4. Image data phase (optional)

or 5. configure

M 6. Data check phase

7. Run (data) phase

8. Run (control) phase

Page 304
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 305
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 306
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 307
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 308
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 309
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In home or SOHO network, the WLAN coverage area is small, so Fat AP networking is used.

:h
Fat APs not only provide wireless coverage, but also route packets to or from the wired
network.
e s
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 310
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Enterprise networks and other large networks require large WLAN coverage. If fat AP

:h
networking is used, APs are connected to access switches and the data is forwarded by

s
the switches to the core network. NMSs can also be deployed on the core network to
e
manage APs.
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 311
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In AC + fit AP networking, the AC controls wireless network access, manages roaming,

:h
controls network security, forwards data, collects traffic statistics, configures APs, and

s
monitors APs. The AP just implements some simple functions, for example, encrypting and
e
r c
decrypting 802.11 packets, realizing functions of 802.11 physical layer, and collecting

u
statistics about radio frequency (RF) air interfaces.
o
es
R
i n g
rn
e a
e L
o r
M

Page 312
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
In Layer 2 networking, the AC and APs are connected in inline mode or through Layer 2

:h
network, it is called Layer 2 networking.

l
e s
Layer 2 networking is easy to deploy because its structure is simple. It is applicable to

r c
simple or temporary networking but not to large networking.

ou
es
R
i n g
r n
e a
e L
o r
M

Page 313
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In Layer 3 networking, the AC and APs are connected toa Layer 3 network, it is Layer 3

:h
WLAN networking.

l
e s
Actual networking can be complex with one AC connecting to as many as hundreds of APs.

r c
For example, in enterprise networks, APs can be placed in offices, meeting rooms, and

ou
guest rooms, while the AC can be deployed in the equipment room. Therefore, the

es
network between APs and the AC is a complex Layer 2 network. So Layer 3 networking is
R
used in large networking.

i n g
rn
e a
e L
o r
M

Page 314
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In this mode, APs, the AC, and the core layer network are connected in line. All data going

:h
to the core layer are forwarded by the AC.

l
e s
In inline networking, the AC must have high throughput and processing capabilities, or the

r c
AC becomes the bandwidth bottleneck. The inline networking is easy to deploy and with
clear architecture.
ou
es
R
i n g
r n
e a
e L
o r
M

Page 315
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In bypass networking, the AC is connected to the network between APs and the core

:h
network in bypass mode.

l
e s
In actual networking, most WLANs are established based on wired networks. Bypass

r c
networking is easy to expand. The AC can be connected to the network (such as the

ou
aggregation switch) in bypass mode to manage the APs. So bypass networking is used
more often.
es
R
l

i n g
In bypass networking, The AC only manages APs. Management flows are transmitted in
CAPWAP tunnels. Data flows can be forwarded by the AC over the CAPWAP tunnel, or

rn
forwarded to the upper layer network by the aggregation switch and do not pass the AC.

e a
e L
o r
M

Page 316
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 317
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The AC6605 processes both control flows and data flows. Management flows must be

:h
transmitted over Control And Provisioning of Wireless Access Points (CAPWAP) tunnels.

s
Data flows can be transmitted over CAPWAP tunnels or not, as required.
e
r c
The CAPWAP protocol defines how APs communicate with ACs and provides a general
u
l

o
encapsulation and transmission mechanism for communication between APs and ACs.
s
e
CAPWAP defines data tunnels and control tunnels.
R
p

i n g
Data tunnels encapsulate 802.11 data packets to be sent to the AC6605.

n
p Control tunnels transmit control flows for remote AP configuration and WLAN

a r
management.

l
L e
Two forwarding modes are available according to whether data flows are transmitted on

r e CAPWAP tunnels:
o
M p

p
Direct forwarding: is also called local or distributed forwarding.

Tunnel forwarding: is also called centralized forwarding. It is usually used to control

wireless user traffic in a centralized manner.

Page 318
 l You can select the chain or branched mode according to networking requirements. On the
AC6605, you can configure direct forwarding for some APs and tunnel forwarding for
other APs. In tunnel forwarding mode, all wireless user traffic is aggregated to an AC,
which may create a switching bottleneck. Therefore, tunnel forwarding is seldom used on
enterprise networks.

p Inline Networking

In Inline Networking mode, APs or access switches are directly connected to the

e n
AC6605. The AC6605 functions as both an AC and an aggregation switch to
/
forward and process APs' data and management services.
o m
i.c
p Bypass Networking

e
In Bypass Networking mode, the AC6605 is connected to a network device (usually
w
an aggregation switch) to manage APs.
u a
g .h
i n
arn
// le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 319
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In Inline Networking mode, APs or access switches are directly connected to the AC6605.

:h
The AC6605 functions as both an AC and an aggregation switch to forward and process

s
APs' data and management services.
e
r c
In Inline Networking mode, the AC6605 sets up CAPWAP tunnels with APs to configure
u
l

o
and manage these APs over CAPWAP tunnels. Service data of wireless users can be
s
forwarded by APs. Re
forwarded between APs and the AC6605 over CAPWAP data tunnels or be directly

l
i n g
In Inline Networking mode, direct forwarding is often used so that user service data can be

rn
forwarded on APs.

e a
l

e LThe AC6605 functions as the DHCP server to allocate IP addresses to APs. APs obtain the
IP address of the AC6605 using the DNS function, DHCP Option 43 in DHCP packets, or

o r Layer 2 discovery protocols, and then set up data tunnels with the AC6605.

Page 320
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 321
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 322
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In Bypass Networking mode, the AC6605 is connected to a network device (usually an

:h
aggregation switch) to manage APs.

l
e s
The AC6605 only manages APs. Management flows are transmitted in CAPWAP tunnels,

r c
and data flows are forwarded to the upper layer network by the aggregation switch and

ou
router and do not pass through the AC6605.

es
R
i n g
r n
e a
e L
o r
M

Page 323
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Direct forwarding is also called local forwarding. In direct forwarding mode, data packets

:h
between APs and the AC do not go through the CAPWAP tunnel and are directly

s
forwarded to the upper-layer network. This forwarding mode improves packet forwarding
e
efficiency.
r c
l
ou
In direct forwarding, an AP sends packets without any change on the packets.

es
Direct forwarding prevents AC from being the bandwidth bottleneck. Service holding
R
l

i n g
upon CAPWAP link disconnection can reduce risks of network disconnection.

rn
e a
e L
o r
M

Page 324
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Tunnel forwarding is also called centralized forwarding. In this mode, data packets

:h
between APs and the AC go through the CAPWAP tunnel to the upper-layer network. This

s
forwarding mode improves packet forwarding security.
e
r c
By tunnel forwarding, all data packets go through the CAPWAP tunnel to the AC, which
u
l

o
forwards the packets to the upper layer network.
s
l

Re
Tunnel forwarding greatly improves transmission security and realizes centralized control

i n g
of the data, such as QoS.

r n
e a
e L
o r
M

Page 325
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 326
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 327
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l Management VLAN:
t t
p

s :h
In most cases, only one Layer 3 virtual interface is configured on a Layer 2 switch.

r c e
Therefore, a management VLAN must be configured for the Layer 3 virtual interface.
An IP address is bound to the management VLAN so that you can remotely manage

ou
the switch. For example, you can log in to the switch to view logs, analyze the

es
switch status, and locate faults.
R
p

i n g
On a WLAN, a management VLAN transmits management packets between an AC
and AP, including DHCP packets, ARP packets, and CAPWAP packets (control and

rn
data CAPWAP packets). PVIDs and trunk VLANs of XGE interfaces on an AC are the

e a
same as those of physical interfaces on a switch. During AC deployment, the PVID

eL
must be configured as the management VLAN ID and packets of the management

or
VLAN are allowed to pass through a trunk interface.

Page 328
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l On a WLAN:
t t
p

s :h
Service VLANs transmit data required for WLAN user access.

l On an AP:
r c e
p

ou
In direct forwarding mode, the service VLAN is specified by the VLAN ID that an AP

s
adds to a data packet.
e
R
In tunnel forwarding mode, the service VLAN is specified by the VLAN ID in the user
g
p

i n
packet encapsulated with a CAPWAP header.

n
l

a r
On an AC:

e
eL
p PVID VLAN of a WLAN ESS interface: indicates the default VLAN of user packets that

or
an AC sends and receives. The PVID VLAN is manually configured by the
administrator and valid only when packets sent by an AP are untagged packets.

M p Service VLAN in a service set profile: indicates the VLAN that an AP adds to a user
packet. APs use service VLANs to forward user packets.

Page 329
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
User VLANs are assigned based on user rights. The following user VLANs may be used on a

:h
WLAN:
p

e s
VLAN used in 802.1x authentication
Guest VLAN
r c
u
n

s o
Unauthenticated users can only access resources in a guest VLAN. For example,

Re
when no 802.1x client software is installed for a user device, the user can
access resources in the guest VLAN to download and install the 802.1x client

i n g
software. After the user passes 802.1x authentication, the user can access the

rn WLAN.

e a Restrict VLAN
L
n

r e n Users can access resources in a restrict VLAN when the authentication server

o rejects users for some reasons, for example, users enter incorrect user names

M or passwords. If users fail to pass authentication because the authentication

times out or the network connection is terminated, users are not added to a
restrict VLAN.
p Authorization VLAN
p Static VLANs fail to control mobile users. WLAN devices support dynamic VLAN
assignment based on users. For example, on an enterprise network, dynamic VLAN
assignment ensures that a user belongs to the same service VLAN when the user
roams between two APs. This prevents user services from being interrupted.

Page 330
 l VLAN Deployment

l When management VLANs, service VLANs, and user VLANs are configured on a WLAN,
these VLANs are deployed according to the following rules:

p An authorization VLAN has the highest priority, and so users are added to the
authorization VLAN during authentication, re-authentication, re-authentication for
roaming, or delivery of a Change of Authorization (CoA) packet with the VLAN field.

p Users are added to the service VLAN to which their AP belongs if no authorization
e n
VLAN is configured during authentication, re-authentication, re-authentication for
/
roaming, or delivery of a CoA packet with the VLAN field.
o m
p Generally, user VLANs take precedence over service VLANs. When both a service
e
VLAN and a user VLAN (an authorization VLAN, a guest VLAN, or a restrict VLAN)
i.c
are configured, users are added to the user VLAN.
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 331
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
What are the advantages and disadvantages of Layer 2 and Layer 3 networking?

p Advantages of Layer 2 networking

s :h
n

c e
Simple and easy to configure, Layer 2 networking is applicable to
r
u
uncomplicated and temporary networking that can be quickly deployed.

o
p

es
Advantages of Layer 3 networking

R
Actual networking can be complex with one AC connecting to as many as
g
n

n i n
hundreds of APs. For example, in enterprise networks, APs can be placed in

ar
offices, meeting rooms, and guest rooms, while the AC can be deployed in the
equipment room. Therefore, the network between APs and the AC is a

L e complex Layer 2 network. So Layer 3 networking is used in large networking.

e
or
M

Page 332
 l What are the advantages and disadvantages of inline networking and bypass networking?

p Advantages of inline networking

n Direct forwarding is often used in inline networking mode. This networking

mode simplifies network architecture and applies to large-scale and centralized
WLANs.

p Advantages of bypass networking

The networking mode is commonly used. Wireless user service data does not
e n
/
n

need to be processed by an AC, eliminating the bandwidth bottleneck and

o
facilitating the usage of existing security policies. Therefore, this networkingm
mode is recommended.
e i.c
aw
u
g .h
i n
arn
// le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 333
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 334
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 335
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 336
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 337
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 338
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 339
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l The AC6605 in branch mode
t t
l

s :h
The Switch assign service VLANs to users and tags AP management packets with the
management VLAN ID.

r c e
l

ou
The AC functions as a DHCP server to allocate IP addresses to APs.

es
AP1 and AP2 directly forward service data.

R
i n g
rn
e a
e L
o r
M

Page 340
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 341
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Configure the Switch and the AC to enable APs to communicate with the AC. Configure

:h
GE0/0/3 of the access switch connected to the aggregation switch to transparently

s
transmit packets of all service VLANs and the management VLAN.
e
r c
Configure GE0/0/1 and GE0/0/2 of the Switch connected to APs as trunk interfaces, and
u
l

o
set the PVID of the trunk interfaces to 100.
s
Re
i n g
rn
e a
e L
o r
M

Page 342
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Configure GE0/0/2 of the Switch connected to the AC to transparently transmit packets of

:h
all service VLANs and the management VLAN. Configure GE0/0/3 of the Switch connected

s
to the access switch to transparently transmit packets of all service VLANs and the
e
management VLAN.
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 343
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Configure GE0/0/1 on the AC to transparently transmit packets of all services and the

:h
management VLAN.

e s
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 344
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l

t t
the WLAN configuration roadmap is as follows:

p Create ap group
s :h
p

c e
Configure Aps to go online
r
p

ou
Configure WLAN service parameters

es
R
i n g
r n
e a
e L
o r
M

Page 345
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 346
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Run: ap-group name group-nameAn AP group is created, and the AP group view is

:h
displayed.By default, the system provides the AP group default.

e s
r c
ou
es
R
i n g
r n
e a
e L
o r
M

Page 347
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
(Optional) Configure the AC as a DHCP server to allocate IP addresses to APs.

p Run: dhcp enable

s :h
p

c e
DHCP is enabled on the VLANIF interface.
r
p Run: interface
ou
es
vlanif vlan-id or interface loopback number.
R
p

i n g
A VLANIF interface or loopback interface is created.

rn
Run: ip address

e a
An IP address range is configured for APs.

e L Run: dhcp select interfaceCreate an interface address pool according to the interface
r
p

o address.

M p Run: quit

p Return to the system view.

l An AP can set up a connection with an AC only after obtaining an IP address from the AC,
switch, or a DHCP server. When the AC is configured as a DHCP server, it can allocate IP
addresses to APs.

Page 348
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 349
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Run the capwap source interface vlanif vlan-id command to specify a VLANIF interface as

:h
the source interface of the CAPWAP tunnel established between the AP and AC or run the

s
capwap source ip-address ip-address command to specify an IP address of the VLANIF
e
r c
interface as the source IP address of the CAPWAP tunnel established between the AP and
AC.
ou
l
es
The AC uses the IP address of the specified source interface as the source IP address. All
R
APs connected to the AC can learn this IP address.

i n g
rn
e a
e L
o r
M

Page 350
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Run the ap auth-mode { mac-auth | no-auth | sn-auth } command to modify the AP

:h
authentication mode to MAC address authentication or SN authentication.

l
e s
The default AP authentication mode is MAC address authentication.

r c
l

ou
Run the ap-id ap-id [ type-id type-id | ap-type ap-type ] [ ap-mac ap-mac ] [ ap-sn ap-sn ] or

es
ap-mac ap-mac [ type-id type-id | ap-type ap-type ] [ ap-id ap-id ] [ ap-sn ap-sn ] command
to import the AP offline and enter the AP view.
R
l

i n g
Run the ap-name ap-name command to configure the AP name.

r n
By default, no AP name is configured for an AP.

e a
Run the ap-group group-name command to add the AP to an AP group.
L
l

r
l
e By default, no AP group is configured.

o
M

Page 351
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Run: security-profile name profile-nameA security profile is created and the security profile

:h
view is displayed.

l
e s
By default, security profiles default, default-wds, and default-mesh are available in the
system.
r c
ou
l

policy. es
The default security policy has low security. You are advised to configure a proper security

R
i n g
rn
e a
e L
o r
M

Page 352
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 353
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 354
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 355
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l

t t
What are need configure about basic AC attributes?

p Create AP Group
s :h
p

c e
Configure the DHCP Server (optional)
r
p

ou
Create the regulatory domain profile

es
Configure a country code
R
p

i n g
Bind regulatory domain profile to ap group

rn
Configure AC’s source interface

e a
Configure the AP authentication mode

e LWhat are the AP join the AC three authentication modes?

o r p { mac-auth | no-auth | sn-auth }

Page 356
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 357
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 358
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 359
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 360
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 361
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Networking Requirements:
t t
p

s :h
The customer must lay out a large number of network cables to deploy a wired

r c e
network which does not support flexible user access. Deployment of network cables
requires huge costs and human resources. The customer wants to use an AC and a

ou
Fit AP to deploy a WLAN network, which can reduce deployment costs, improve

es
access flexibility, and enhance network maintainability.
R
l

i n g
As shown in Figure, the aggregation switch connects to the upper layer network and an
AC connects to the aggregation switch in bypass mode. An AP connects to the AC

rn
through the access switch and aggregation switch. The AP and AC communicate through

e a
a Layer 2 network and the AP and AC belong to the management VLAN 100. Tunnel

e Lforwarding is used to effectively manage data packets.

o r
M

Page 362
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 363
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 364
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 365
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 366
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 367
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 368
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 369
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
An AC manages APs, controls WLAN user access, and guarantees security. APs can

:h
communicate with the AC only after the basic AC attributes are configured.

e s
r c
ou
es
R
i n g
rn
e a
e L
o r
M

Page 370
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Network interface parameters
t t
Parameter
:h
Description
s
Interface name
r c e
Interface name

ou
Default VLAN
es Default VLAN of the interface
R
Link type
i n g Link type of the interface

r n
e a
Added VLAN ID ID of the VLAN to which the interface belongs

e L
o r
M

Page 371
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 372
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 373
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l VLAN parameters
t t
Parameter Description
s :h
Interface type
c e
VLAN type (VLANIF/LoopBack).
r
ou
ID of the VLAN to be created, which is valid only when the
VLAN ID
esinterface type is VLANIF.
R
ing
Number of the interface through which traffic in the VLAN
Interface number passes, which is valid only when the interface type is

rn LoopBack.

e a
Primary IP

e L address/mask
Primary IP address and subnet mask of the VLANIF interface.

o r
M

Page 374
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 375
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 376
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Parameters for Configuring a DHCP interface address pool
Parameter Description
s :h
DHCP status
c e
Whether to enable the DHCP function globally.
r
Address pool type
ou
DHCP address pool type (global address pool/interface address pool).

es
Interface of the DHCP server on which the address pool is configured.
Select Interface
RThe IP addresses in the network segment to which the interface IP

i n g address belongs can be allocated .

r n
Interface IP address
IP address of the current interface; namely, the gateway address of

a
the DHCP client.

e
eL
Subnet mask of the IP address assigned to the DHCP client; namely,

or
Mask the subnet mask of the current interface. The gateway IP address and
subnet mask together identify the range of an interface address pool.

M User-defined option for the global IP pool. The options are as follows:
l
none: The user-defined option is not configured for the interface
IP pool.
l
sub-option: Specifies the value of the user-defined sub-options
and configures the parameter of the sub-options.
Vendor-defined n
ascii: Specifies the user-defined option code as an ASCII
character string.
n
hex: Specifies the user-defined option code as a
hexadecimal number.
n
ip-address: Specifies the user-defined option code as an IP
address. One to eight IP addresses can be specified.

Page 377
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 378
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 379
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 380
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 381
 e n
/
o m
ei.c
aw
u
g .h
i n
arn
// le
p :
l AC parameters
t t
Parameter
:h
Description
s
AC source address
r c eSource interface of an AC.

ou
AP authentication mode
es Mode in which the AC authenticates APs.

R
l NOTE:

i n g
p

rn
The selected source interface must have an IP address.

e a
e L
o r
M

Page 382
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 383
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 384
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 385
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 386
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 387
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 388
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 389
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 390
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 391
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Basic SSID parameters
t t
Parameter
:h
Description
s
SSID
c e
SSID name.
r
Forwarding mode
ouData forwarding mode of the corresponding AP.

es
R
Service VLAN bound to the corresponding VAP, which
Service VLAN
can be configured as a single VLAN or a VLAN pool.

i n g ID of a service VLAN,

rn
Service VLAN ID which is valid only when Service VLAN is set to Single

e a VLAN.

eL
VLAN pool used for service VLANs,

or
VLAN Pool which is valid only when Service VLAN is set to VLAN
Pool.

M Radio Radio to which a VAP is applied.

WLAN ID VAP corresponding to the SSID.

Page 392
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l SSID security parameters
t t
Parameter
:h
Description
s
r c e
Security policy used on a wireless network.

oul
High: WPA-WPA2 802.1X
s
Security Settings l
Medium: WPA-WPA2 PSK

Re l
Low: OPEN

i n g Encryption mode of a security policy,

r n
Encryption mode which is valid only when Security Settings is set to High

e a or Medium.

eL
Password format of a security policy,

or
Password type which is valid only when Security Settings is set to
Medium.

M Password/Confirm
Encryption password of a security policy,
which is valid only when Security Settings is set to
password
Medium.

Page 393
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 394
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 395
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 396
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 397
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
l No
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 398
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 399
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 400
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 401
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 402
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 403
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 404
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Connect the serial ports of the PC and AC with a serial cable and use the puTTy to access

:h
the CLI. You can log in to the AP using telnet and perform the following operations to

s
upgrade the AP. The default IP address of the AP V200R003 or a later version is
e
r c
169.254.1.1, and the default user name and password are respectively admin and

u
admin@huawei.com. If an IP address, a user name, and a password have been configured
o
s
for the AP, you can use the configured IP address, user name, and password for AP login.
e
l
R
To use the FTP, TFTP, or SFTP mode to upgrade the AP, ensure that the AP can

n g
communicate with the PC that functions as the FTP, TFTP, or SFTP server. Before starting
i
n
the upgrade, run the display version command to check the AP model and version.
r
e a
e L
o r
M

Page 405
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 406
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
// le
p :
l

t t
Huawei AP can support FTP,Tftp or SFTP to switch AP mode.

s :h
After the switch is complete, need to restart the AP.

r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 407
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 408
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 409
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 410
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 411
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 412
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
An AP sends discovery requests and finds available ACs based on the received discovery

:h
responses. Then the AP selects an appropriate AC to establish a connection with. After an

s
AP is powered on, it can discover ACs according to static configuration or dynamically.
e
r c
An AP discovers ACs according to a preconfigured AC IP address list or by obtaining AC IP
u
l

o
addresses from a DHCP server、DNS server or broadcast. If an AC IP address list is
s
Re
preconfigured on an AP, the AP establishes a connection with a specified AC based on the
list; otherwise, the AP obtains AC IP addresses from a DHCP server、DNS server or

n g
broadcast, then associates with an AC successfully.
i
r n
e a
e L
o r
M

Page 413
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
An AC supports the following AP access control modes.

s :h
Add the MAC addresses or SNs of some APs to the blacklist to reject access from
these APs.

r c e
p

ou
Add APs to the AC offline to allow the APs to connect to the AC without
authentication.
es
p
R
Add the MAC addresses of some APs to the whitelist and configure MAC address

i n g
authentication.

rn
Add the SNs of some APs to the whitelist and configure SN address authentication.

e a
Manually confirm identifies of APs and allow authorized APs to connect to the AC.
L
p

r e
o
M

Page 414
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Direct forwarding is also called local forwarding. In direct forwarding mode, data packets

:h
between APs and the AC do not go through the CAPWAP tunnel and are directly

s
forwarded to the upper-layer network. This forwarding mode improves packet forwarding
e
r c
efficiency. In direct forwarding, In direct forwarding, an AP does not process the packets

u
and sends packets directly.
o
l
es
In tunnel forwarding mode, data packets between APs and the AC go through the
R
CAPWAP tunnel to the upper-layer network. This forwarding mode improves packet

n g
forwarding security.
i
r n
The encapsulated packets are UDP packets. On the AC side, data packets carry the
a
p

e port number 5247, and control packets carry the port number 5246. Port number of

eL
data and control packets on the AP side is randomly assigned.

or p The Data field in UDP packets contains the contents of original packets and the 8-

M p
byte CAPWAP header.

Common packet capturing tools cannot parse original packets encapsulated with
CAPWAP headers.

Page 415
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Data collection: APs collects radio environment information in real time according to

:h
policies provided by the AC.

l
e s
Data analysis: The AC analyzes and evaluates data collected by APs.

r c
l

ou
RF allocation: The AC allocates channels and transmit power according to analysis results.

es
RF adjustment: APs adjust radio resources according to configuration delivered by the AC.

R
i n g
rn
e a
e L
o r
M

Page 416
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The radio calibration function can dynamically adjust channels and transmit power of

:h
APsmanaged by the same AC to ensure that the APs work at the optimal performance.

l Channel adjustment
e s
r c
p

ou
On a WLAN, adjacent APs must work on non-overlapping channels to avoid radio
interference.
es
l Power adjustment
R
p

i n g
An AP's transmit power determines its radio coverage area. APs with higher power

r n
have larger coverage areas. A traditional method to control the radio power is to set

e a the transmit power to the maximum value to maximize the radio coverage area.

eL
However, a high transmit power may cause interference with other wireless devices.

or
Therefore, an optimal power is required to balance the coverage area and signal
quality.
M

Page 417
 l There are three radio calibration modes:

p Auto mode: The device periodically implements global radio calibration at regular
intervals.

p Manual mode: Radio calibration is not automatically implemented by the device but
manually triggered through the calibrate manual startup command.

p Schedule mode: The device triggers global radio calibration at a time specified by
the parameter time.
e n
The three modes cannot be configured simultaneously. You can choose any of the modes /
m
l

as required. Schedule mode is recommended, which can be specified using the calibrate
o
enable schedule time time-value command. You can configure the device to perform radio
calibration in off-peak hours, for example, between 00:00 am and 06:00 am. e i.c
aw
u
l In an AP region, APs automatically adjust working channels and power in the event of
signal interference:

g .h
p

i n
Partial calibration: The optimal working channel and power of a specified AP can be
adjusted.
arn
p

//le
Global calibration: The optimal working channels and power of all the APs in a
specified region can be adjusted.
p :
l
t t
When an AP is removed or goes offline, the AC increases the power of neighboring APs to
compensate for the coverage hole.
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 418
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
WLAN load balancing ensures sufficient transmission rate and bandwidth for each STA by

:h
evenly distributing traffic of STAs among APs. This function is used on wireless networks

s
with high user densities to ensure access of STAs.

c e
Load Balancing Mechanism: An AC performs load balancing between APs when STAs
r
u
connect to these Aps; Each AP periodically reports STA association information to the AC,

o
s
and the AC distributes user traffic among APs based on received STA association

Re
information. When a STA sends an association request to an AP, the AC checks whether
the number of STAs connected to the AP has reached the threshold. If the number of STAs

n g
is smaller than the threshold, the AC instructs the AP to accept the association request.
i
n
Otherwise, the AC determines whether to accept the association request according to the
r
a
load balancing configuration.

e
l

e LLoad Balancing Mode

o rl An AP works in either traffic volume-based or session-based load balancing mode, which is

configured on the AC. The threshold of the load difference among radios in a load
M balancing group is expressed in percentage.

p Traffic volume-based load balancing:The load difference is the gap between the
traffic volume (sum of upstream and downstream traffic volumes) on one radio and
that on another radio. If the load difference threshold is exceeded, load between
radios in a load balancing group is unbalanced.

p Session-based load balancing: The load difference is the gap between the number of
STAs on one radio and that on another radio. If the load difference threshold is
exceeded, load between radios in a load balancing group is unbalanced.

Page 419
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Most STAs support both 5 GHz and 2.4 GHz frequency bands but usually associate with

:h
the 2.4 GHz radio by default when connecting to the network. As a result, the 2.4 GHz

s
frequency band with fewer channels is congested, heavily-loaded, and has severe
e
r c
interference. The 5 GHz frequency band with more channels and less interference is not

u
well used. When the 2.4 GHz frequency band has many users or severe interference, the 5
o
s
GHz frequency band can provide better access service for wireless users. Users must
e
R
manually select the 5 GHz radio to connect to it.

l
n g
The band steering function enables an AP to steer STAs to the 5 GHz radio first, which
i
n
reduces traffic load and interference on the 2.4 GHz radio and improves user experience.
r
l
e a
To implement band steering, an AP must have the same SSID and security policy on the 5

e LGHz and 2.4 GHz radios.

o rl When user density is high or there is interference with 2.4 GHz, the 5 GHz radio can

M provide higher access capability.

Page 420
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
On a traditional WLAN, APs exchange data with STAs using wireless channels and connect

:h
to a wired network through uplinks. To expand the coverage area of a wireless network,

s
APs need to be connected by switches. This deployment involves high costs and takes a
e
r c
long time. In some places, such as subways, tunnels, and docks, it is difficult to connect

u
APs to the Internet through wired links. WDS technology can connect APs wirelessly in
o
s
these places, which reduces network deployment costs, makes the network easy to
e
R
expand, and allows flexible networking.

l
n g
Service VAP: On a traditional WLAN, an AP is a physical entity that provides WLAN services
i
n
to STAs. A service virtual access point (VAP) is a logical entity that provides access service
r
a
for users. Multiple VAPs can be created on an AP to provide access service for multiple
e
e Luser groups. In Figure, VAP0 created on AP3 is a service VAP.

o rl WDS VAP: On a WDS network, an AP is a functional entity that provides WDS service for

M
neighboring devices. WDS VAPs include AP and STA VAPs. AP VAPs provide connections
for STA VAPs. In Figure, VAP13 created on AP3 is a STA VAP, and VAP12 created on AP2
is an AP VAP.

l Wireless virtual link (WVL): a connection set up between a STA VAP and an AP VAP on
neighboring Aps.

Page 421
 l AP working mode: Depending on its location on a WDS network, an AP can work in root,
middle, or leaf mode.

p Root: The AP directly connects to an AC through a wired link and uses an AP VAP to
set up wireless virtual links with a STA VAP.

p Middle: The AP uses a STA VAP to connect to an AP VAP on an upstream AP and

uses an AP VAP to connect to a STA VAP on a downstream AP.

p Leaf: The AP uses a STA VAP to connect to an AP VAP on an upstream AP.

e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 422
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
On a traditional WLAN, APs exchange data with STAs using wireless channels and connect

:h
to a wired network through uplinks. If no wired network is available before a WLAN is

s
constructed, it takes much time and money to construct a wired network. If positions of
e
r c
some APs on a WLAN are adjusted, the wired network must be adjusted accordingly,

u
increasing the difficulty in network adjustment. A traditional WLAN requires a long
o
s
construction period and has a high cost and poor flexibility, so it does not apply to
e
R
emergency communication, wireless MANs, or areas that lack weak wired network

i n g
infrastructure. The construction of a WMN requires only APs to be installed, which greatly
speeds up network construction.
r n
e a
e L
o r
M

Page 423
 l A WMN allows APs to wirelessly connect to each other, solving the preceding problems. A
WMN has the following advantages:

p Fast deployment: Mesh nodes can be easily installed to construct a WMN in a short
time, much shorter than the construction period of a traditional WLAN.

p Dynamic coverage area expansion: As more mesh nodes are deployed on a WMN,
the WMN coverage area can be rapidly expanded.

p Robustness: A WMN is a peer network that will not be affected by the failure of a
e n
single node. If a node fails, packets are forwarded to the destination node along the
/
backup path.
o m
p

networking. e i.c
Flexible networking: An AP can join or leave a WMN easily, allowing for flexible

aw
u
p Various application scenarios: Besides traditional WLAN scenarios such as enterprise

g .h
networks, office networks, and campus networks, a WMN also applies to scenarios
such as large-scale warehouses, docks, MANs, metro lines, and emergency
i n
rn
communications.

le a
Cost-effectiveness: Only MPPs need to connect to a wired network, which minimizes

//
the dependency of a WMN on wired devices and saves costs in wired device
:
purchasing and cable deployment.
t t p
s :h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 424
 l A WMN includes the following devices:

p Mesh point (MP): a mesh-capable node that uses IEEE 802.11 MAC and physical layer
protocols for wireless communication. This node supports automatic topology
discovery, automatic route discovery, and data packet forwarding. MPs can provide
both mesh service and user access service.

p Mesh point portal (MPP): an MP that connects to a WMN or another type of network.
This node has the portal function and enables mesh nodes to communicate with
external networks.
e n
/
m
p Neighboring MP: an MP that directly communicates with another MP or MPP. For
example, in Figure 1, MP2 is the neighbor of MP1.
o
p
e i.c
Candidate MP: a neighboring MP with which an MP prepares to establish a mesh link.

aw
Peer MP: a neighboring MP that has established a mesh connection with an MP.
u
g .h
i n
arn
//le
p :
t t
s :h
r c e
ou
es
R
i n g
r n
e a
e L
o r
M

Page 425
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
On a WLAN, blacklist or whitelist can be configured to filter access from STAs based on

:h
specified rules. The blacklist or whitelist allows authorized STAs to connect to the WLAN

s
and rejects access from unauthorized STAs.
e
r c
Whitelist: A whitelist contains MAC addresses of STAs that are allowed to connect
u
p

o
to a WLAN. After the whitelist function is enabled, only the STAs in the whitelist can
s
e
connect to the WLAN, and access from other STAs is rejected.
R
p

i n g
Blacklist: A blacklist contains MAC addresses of STAs that are not allowed to
connect to a WLAN. After the blacklist function is enabled, STAs in the blacklist

rn
cannot connect to the WLAN, and other STAs can connect to the WLAN.

e a
l

e LIn public places (such as airports and cafes), carriers' networks, medium- and large-sized
enterprises, and financial organizations, users may need to connect to the Internet

o r wirelessly. In these scenarios, user isolation can ensure security of data transmitted

M l
between users. User isolation can be implemented based on VAPs or user groups.

WLAN security involves the following:

p Perimeter security: An 802.11 network is subject to threats from unauthorized APs

and users, ad-hoc networks, and denial of service (DoS) attacks. A wireless intrusion
detection system (WIDS) can detect unauthorized users and APs. A wireless intrusion
prevention system (WIPS) can protect an enterprise network against unauthorized
access from wireless networks.

Page 426
 p User access security: Link authentication, access authentication, and data encryption
are used to ensure validity and security of user access on wireless networks.

p Service security: This feature protects service data of authorized user from being
intercepted by unauthorized users during transmission.

l WLAN Quality of Service (QoS) provides differentiated service for wireless users to satisfy
their traffic requirements. WLAN QoS has the following functions:

p High-efficiency use of wireless channels: The Wi-Fi multimedia (WMM) standard

e n
enables the high-priority users to preempt wireless channels.
/
o
Efficient bandwidth use: Priority mapping preferentially transmits the data of high- m
i.c
p

priority users.

w e
Network congestion prevention: Traffic policing limits users' transmission rate,
a
p

preventing network congestion.

u
p

g .h
Fairness in wireless channel usage: Airtime scheduling assigns users on the same
radio with equal channel occupation time.
i n
p

arn
Differentiated services for different types of packets: The same QoS services are

// le
provided for packets that match a specified ACL. In this way, differentiated services

:
are implemented for different types of packets.
p
t t
WLAN positioning involves WLAN tag positioning and terminal positioning.

:h
l

e s
WLAN tag positioning technology uses radio frequency identification (RFID) devices and a

c
positioning system to locate a target through the WLAN. An AP sends the collected RFID
r
u
tag information to a positioning server. The positioning server then computes the physical
o
s
location and sends the location data to a third-party device so that users can view the
e
R
location of a target through maps and tables.

n g
Terminal positioning technology uses APs to collect strength information about radio
i
n
signals in the surrounding environment to locate Wi-Fi terminals and rogue APs. The APs
r
a
report the collected information to a positioning server. The positioning server computes
e
e Llocations of terminals based on AP's location and data received from the APs, and presents

r
the computing results to users through a display terminal.

o
M

Page 427
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 428
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
Hot-Standby Backup:The active/standby switchover is implemented rapidly with little

:h
impact on services, which has a high reliability.

e s
Dual-link HSB: Only STA information is backed up between two ACs. An AP sets up

r c
a link with both active and standby ACs, and exchanges management packets with
both ACs.
ou
p

es
VRRP HSB: AP, STA, and CAPWAP link information are backed up. An AP sets up a

R
CAPWAP link with an AC and then backs up the CAPWAP link information on the

i n g
other AC. The AP exchanges packets with only one AC.

r n
Dual-Link backup provides only the basic backup functions and has lower reliability than

a
hot-standby backup.
e
eL
l Dual-link backup does not back up STA information. An AP establishes a link with both

or
active and standby ACs. During an active/standby switchover or a revertive switchover,
STAs must go online again and services are temporarily interrupted.

M l N+1 backup is A standby AC can provide backup services for multiple active ACs, which
reduces device purchase costs. However, this mode has lower reliability than hot-standby
backup.

l N+1 backup is a cold backup mode, and does not back up AP or STA information. An AP
establishes a link with only one AC. During an active/standby switchover or a revertive
switchover, the AP and STAs must go online again and services are temporarily interrupted.
The service interruption time in N+1 backup mode is longer than that in dual-link backup
mode.

Page 429
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
HSB is a feature that improves network reliability through redundancy between two

:h
devices. After the two devices determine the master and backup roles, the master device

s
forwards service packets and the backup device monitors status of the master device. The
e
r c
master device periodically sends its status information and data to be backed up to the

u
backup device. When the master device fails, the backup device takes over the services
o
immediately.
es
l
R
On a WLAN, an AC can manage several hundreds of APs. If the AC becomes faulty,

n g
services of all the APs that associate with the AC are interrupted. The reliability of ACs is
i
n
crucial to HA of the network.
r
e a
e L
o r
M

Page 430
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
AC1 and AC2 form a Virtual Router Redundancy Protocol (VRRP) group. AC1 is the master

:h
device and AC2 is the backup device. When AC1 is working normally, it processes all

s
services and transmits session information to AC2 through the HSB channel. AC2 does not
e
r c
process services and only backs up session information.

ou
es
R
i n g
r n
e a
e L
o r
M

Page 431
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
When AC1 fails, AC2 starts to process services. Session information is backed up on AC2,

:h
so new sessions can be set up without interrupting the current session. This improves
network reliability.
e s
r c
When the original master device (AC1) recovers, it becomes the master in preemption
u
l

o
mode. In non-preemption mode, AC1 stays in backup state.
s
Re
i n g
rn
e a
e L
o r
M

Page 432
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
The AP establishes Control and Provisioning of Wireless Access Points (CAPWAP) tunnels

:h
with two ACs and differentiates between the master and backup ACs based on the

s
priorities in the CAPWAP packets delivered by the ACs. An HSB tunnel is established
e
r c
between the two ACs. For AP1, AC1 is the master device and AC2 is the backup device.

u
AC1 processes all service traffic from AP1 and transmits session information to AC2
o
s
through the HSB channel. AC2 does not process service traffic from AP1 and only backs up
e
R
session information. For AP2, AC2 is the master device and AC1 is the backup device. AC2

i n g
processes all service traffic from AP2 and transmits session information to AC1 through the
HSB channel. AC1 does not process service traffic from AP2 and only backs up session
r n
a
information.

l
L e
On the network, AC1 forwards service traffic from AP1 and AC2 forwards service traffic

r e from AP2. In this way, service traffic is load balanced on the network.
o
M

Page 433
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
When AC1 fails, service traffic from AP1 is automatically switched to AC2 to ensure

:h
nonstop service forwarding. Service traffic from AP2 is still forwarded by AC2.

l
e s
When the original master device (AC1) of AP1 recovers, service traffic can be switched

r c
back to the master device or retained on the backup device, depending on the
configuration.
ou
es
HSB implements traffic switching using VRRP or dual-link backup. VRRP applies only to the
R
l

i n g
master/backup mode, whereas dual-link backup applies to both the master/backup and
load balancing modes.

rn
e a
e L
o r
M

Page 434
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
In VRRP-based HSB, master/backup services are registered with the same HSB group,

:h
which binds to an HSB service and a VRRP group. The HSB group informs the service

s
module of the current user entry status (master or backup) and master/backup switchover
e
r c
events, and receives and sends backup data through the interface in the HSB group.

l
ou
Single-instance VRRP HSB supports only wireless users. To support both wireless and wired

es
users in later versions, VRRP must be able to support multiple instances.
R
i n g
r n
e a
e L
o r
M

Page 435
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
In dual-link HSB, services are directly bound to the HSB service but not an HSB group. In

:h
this way, the HSB system only sends and receives backup data and the dual-link

s
mechanism maintains the user status.
e
r c
Dual-link HSB works as follows:
u
l

s o
After receiving the Discover Request packet from an AP, the ACs send Discover
e
Response packets carrying the dual-link backup flag and priorities of the master and
R
i n g
backup ACs to the AP. The AP creates a list recording the IP addresses and priorities
of the ACs and the dual-link backup flag. The AP determines the master AC based

rn
on information in the list and a specified rule. After the master AC is determined, the

e a
AP establishes a CAPWAP tunnel with the master AC, which is the master tunnel.

e L After the master tunnel is established and configuration is updated, the AP checks
r
p

o whether the dual-link feature is enabled. If so, the AP starts to establish a backup

M tunnel. The AP creates a tunnel, saves the IP address of backup AC, and sends a Join
Request packet carrying the configuration flag. After receiving the Join Request
packet, the AC of the backup tunnel sets the tunnel status to backup and adds the
configuration flag. The configurations of the latter tunnel are not delivered to the AP.

Page 436
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Definition
t t
p

s :h
Dual-link backup allows two ACs on an AC + Fit AP network to manage APs

r c e
simultaneously. The APs set up CAPWAP links with both ACs, between which one
AC functions as the active AC to provide services for the APs while the other works

ou
as the standby AC. When the active AC fails or the CAPWAP link between the active

es
AC and AP become faulty, the standby AC replaces the active AC to manage APs
R
and provide services. To ensure that both ACs provide the same services, it is

n g
recommended that the same service configurations be performed on the active and
i
n
standby ACs.
r
l
e a
Purpose

e L Usually, an AC controls and manages massive APs and STAs on an AC + Fit AP

r
p

o network. Once the CAPWAP link between the AC and AP is disconnected, the AC is

M unable to provide services for STAs. Dual-link backup reduces the impact of a
CAPWAP link failure on the STAs, improving network reliability.

Page 437
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
An active AC and a standby AC are deployed on the WLAN. The AP establishes tunnels

:h
with the two ACs (CAPWAP Tunnel Setup), and periodically exchanges CAPWAP packets

s
with ACs to monitor link status. The active AC controls access from STAs. If the AP detects
e
r c
a fault on the link between AP and active AC, the AP requests the standby AC to trigger an

u
Active/Standby Switchover. The standby AC then becomes the active AC to control access
o
s
of STAs. After the original active AC is restored, the AP requests the active and standby
e
R
ACs to perform Revertive Switchover. The restored AC becomes the active AC again.

i n g
rn
e a
e L
o r
M

Page 438
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Setting up the first tunnel:
t t
l

s :h
The procedure for setting up the first tunnel is the same as the procedure for setting up a

r c e
CAPWAP tunnel, except that the active AC needs to be selected in the Discovery phase.

ou
After the dual-link backup function is enabled in Discovery phase, the AP sends a

s
Discovery Request message in unicast or broadcast mode:
e
n
R
If the IP addresses of active and standby ACs have been allocated in static,

i n g
DHCP, or DNS mode, the AP sends the Discovery Request message in unicast

n
mode to request connections with the ACs.

a r If no IP addresses are allocated to ACs or there is no response to the unicast

e
n

eL
packet, the AP sends another Discovery Request message in broadcast mode

or
to discover the ACs that can be associated with the AP.

M p In unicast or broadcast mode, ACs working properly will return Discovery Response
messages to the AP. The Discovery Response messages contain the dual-link backup
flags, priorities, loads, and IP addresses of the ACs.

Page 439
 p After receiving the Discovery Response message, the AP selects an active AC based
on AC priorities, loads, and IP addresses, and sets up a CAPWAP primary tunnel with
the active AC. The AP selects the active AC in the following sequence:

n compare AC priorities. The AP selects the AC with the smaller priority value as
the active AC.

n If the AC priorities are the same, the AP selects the AC with the lowest load as
the active AC.

e n
n When the loads are the same, compare the ACs' IP addresses, and select the
/
AC with the smaller IP address as the active AC.
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
t t
s :h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 440
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l

t t
Setting up the second tunnel with the other AC

s :h
To prevent repeated service configuration delivery, the AP starts to set up the second

r c e
tunnel only after the configuration of the first tunnel is complete.

ou
The AP sends a Discovery Request message to the other AC in unicast mode.

es
The AC returns a Discovery Response message containing the dual-link backup flag,

R
load, and priority to the AP.

i n g
The AP knows that the dual-link backup function is enabled after receiving the

r n
Discovery Response message, and saves the priority of the AC.

e a The AP sends a Join Request message, notifying the AC that the configurations have

eL
p

been delivered. After receiving the Join Request message, the AC sets up a CAPWAP

or
tunnel with the AP but does not deliver configurations to the AP.

M p After the second tunnel is set up, the AP selects the active and standby ACs again
based on the tunnel priorities.

Page 441
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Active/Standby Switchover
t t
p

s :h
After setting up tunnels with the active and standby ACs, the AP sends Echo

r c e
messages to monitor tunnel status. The Echo messages contain the active/standby
status of the tunnels. When the AP detects that the primary tunnel has failed, it

ou
sends an Echo Request message with the active flag to the standby AC. After

es
receiving the Echo Request message, the standby AC becomes the active AC, and
R
the AP transfers STA data to this AC.

i n g
rn
e a
e L
o r
M

Page 442
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
// le
p :
l Revertive Switchover
t t
p

s :h
The AP periodically sends Discovery Request messages to check whether the original

r c e
primary tunnel recovers. If the original primary tunnel has recovered, the AP
switches STA data back to this tunnel after a delay because this tunnel has a higher

ou
priority than the other one. To prevent frequent switchovers caused by network

es
flapping, the AP requests ACs to perform revertive switchover after 20 Echo intervals,
R
and then sends STA data to the new active AC.

i n g
r n
e a
e L
o r
M

Page 443
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 444
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 445
 e n
/
o m
e i.c
aw
u
g .h
i n
arn
//le
p :
l

t t
How many data forwarding modes are supported and what are their differences?

s :h
Data forwarding modes include the direct forwarding and Tunnel forwarding.

c e
Direct forwarding is also called local forwarding. In direct forwarding mode,
r
u
data packets between APs and the AC do not go through the CAPWAP tunnel

o
es
and are directly forwarded to the upper-layer network. This forwarding mode
improves packet forwarding efficiency.
R
n

i n g
In tunnel forwarding mode, data packets between APs and the AC go through

n
the CAPWAP tunnel to the upper-layer network. This forwarding mode

a r improves packet forwarding security.

l
L e
What is 5G prior and What are its advantages?

r e
o
p When the AP and STAs support both 5 GHz and 2.4 GHz, the AP can allow the STAs

M p
to access the 5 GHz radio preferentially.

When the user density is high or there is interference on the 2.4 GHz frequency
band, the 5 GHz radio can provide higher access capability and capacity to improve
user experience.

Page 446
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 447
 e n
/
o m
ei.c
aw
u
g.h
i n
arn
//le
p :
t t
s:h
r c e
ou
es
R
i n g
rn
e a
e L
o r
M

Page 448
 Huawei Certification

HCNA-WLAN e n
/
o m
ei.c
Huawei Certified Network Associate – WLAN
aw
Volume 2 . hu
i n g
r n
l e a
: //
t tp
: h
e s
r c
o u
es
R
i n g
a rn
e Le
o r Huawei Technologies Co.,Ltd.

M
 Copyright © Huawei Technologies Co., Ltd. 2017.

All rights reserved.

Huawei owns all copyrights, except for references to other parties. No part of this

document may be reproduced or transmitted in any form or by any means without

prior written consent of Huawei Technologies Co., Ltd.

e n
Trademarks and Permissions
/
o m
i.c
and other Huawei trademarks are trademarks of Huawei Technologies Co.,
Ltd.

w e
of their respective holders.
u a
All other trademarks and trade names mentioned in this document are the property

g .h
Notice
ni n
r
// lea
:
The information in this manual is subject to change without notice. Every effort has

p
t
been made in the preparation of this manual to ensure accuracy of the contents, but
t
:h
all statements, information, and recommendations in this manual do not constitute

s
the warranty of any kind, express or implied.
e
r c
s ou
Re
i n g
n
ar
Le
Huawei Certification

r e
o HCNA-WLAN
M
Huawei Certified Network Associate – WLAN

Version 2.0
 Huawei Certification System

Relying on the strong technical strength and professional training system, Huawei
provides a practical and professional four-level certificate system to meet various
customer requirements on different WLAN technologies.

Huawei Certified Network Associate-Wireless Local Area Network (HCNA-WLAN) is

designed for Huawei local offices, online engineers in representative offices, and
e n
/
readers who want to understand Huawei WLAN products and technology. HCNA-

o m
i.c
WLAN covers WLAN basics, Control and Provisioning of Wireless Access Points

w e
(CAPWAP) protocol, WLAN networking, Huawei WLAN product features, security
configuration, WLAN advanced technology, antennas, WLAN network planning and
optimization, and WLAN fault troubleshooting.
u a
g .h
ni n
The HCNA-WLAN certificate system introduces you to the industry and market,

r
helps you in innovation, and enables you to stand atop the WLAN frontiers.

//lea
p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
 e n
/
o m
ei.c
aw
u
g.h
ni n
r
//lea
p :
t t
s:h
r c e
sou
Re
i n g
n
e ar
e L
or
M
 Table of Contents
WLAN Roaming ................................................................................................................... Page 7

WLAN Security .................................................................................................................. Page 29

WLAN Access Security and Configurations .................................................................. Page 73

802.11 MAC Architecture ............................................................................................... Page 131

802.11 Medium Access Control .................................................................................... Page 161

e n
/
m
Antenna Technologies .................................................................................................... Page 187

o
i.c
eSight Functions and WLAN Configuration Introduction ........................................... Page 221

WLAN Routine Maintenance Through eSight ............................................................. Page 255

w e
a
WLAN Basic Network Planning ..................................................................................... Page 281
u
.h
WLAN Design and Typical Cases ................................................................................. Page 321
g
i n
Huawei WLAN Planner Introduction ............................................................................. Page 355

n
r
lea
WLAN Troubleshooting .................................................................................................. Page 395

//
WLAN Troubleshooting Cases ...................................................................................... Page 431

p :
t t
s :h
r c e
s ou
Re
i n g
n
e ar
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Purpose: The most obvious advantage of WLAN networks is that a STA can move within a

:h
WLAN network without physical media restrictions. WLAN roaming allows the STA to

s
move within a WLAN network without service interruption. An ESS includes multiple APs.
e
c
When a STA moves from an AP to another, WLAN roaming ensures seamless transition of
r
u
STA services between APs.
o

es
Depending on whether a STA roams within the same subnet, WLAN roaming is
R
categorized as Layer 2 and Layer 3 roaming.

n g
ni
 Subnets with different VLAN IDs are in different network segments. STAs roaming

a r
between these subnets roam at Layer 3.

L
e Sometimes, two subnets have the same VLAN ID but belong to different network

e segments. Based on the VLAN ID, the system may incorrectly consider that STAs

or roam between the two subnets at Layer 2. To prevent this situation, configure a

M roaming domain to determine whether the STAs roam within the same subnet. The
system considers that the STAs roam at Layer 2 only when the STAs roam within the
same VLAN and roaming domain; otherwise, the STAs roam at Layer 3.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
To avoid packet loss or service interruption due to long authentication duration. The

:h
packet exchange duration of 802.1x or portal authentication is longer than the WLAN

s
connection setup duration; therefore, STAs will not be reauthenticated or re-negotiate
e
c
keys with APs after they roam to another place.
r

ou
Users' authorization information must be kept unchanged. Users' authentication and

es
authorization information is their "passports" on wireless networks; therefore, after they
R
roam, the authentication and authorization information must be the same as that stored

n g
on the original AC.

r ni
Users' IP addresses must be unchanged.
a


L e
 Application protocols are transmitted using IP addresses and TCP/UDP sessions. STA

e IP addresses do not change after roaming. If the IP addresses are changed, the

or TCP/UDP sessions set up for the STAs are interrupted.

M  The roaming technology synchronizes authentication, authorization, and PMK

information to shorten the authentication duration and keep
authentication/authorization information consistency.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The STA monitors channel beacons. When it finds new APs, it sends probe requests to the

:h
APs. The new APs respond the requests through the channels. The STA evaluates the

s
responses and decides which AP is the best to associate with.
e
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Triggering conditions vary according to the following factors:

s :h
Ratio of the signal strength of the current AP to the signal strength of neighboring

r c e
APs: STA roaming is triggered when the ratio reaches a threshold.

ou
Service performance indicators such as packet loss ratio: STA roaming is triggered

es
when the service performance indicators reach the preset thresholds. Roaming
triggered this way is slow and less effective.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Generally, after sending a roaming request, the STA sends a request to associate with a

:h
new AP. After its request is accepted, the STA associates with the new AP and then

s
disassociates with the original AP. In some cases, the STA directly associates with a new
e
c
AP and then disassociates with the original AP.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The figure shows the network architecture of WLAN roaming. AC1 and AC2 manage APs

:h
on the WLAN. AP1 and AP2 associate with AC1, and AP3 associates with AC2. A STA

s
roams on the WLAN. During roaming, the STA associates with different APs. The roaming
e
process is as follows:
r c

ou
The STA moves from the coverage area of AP1 to AP2. Since AP1 and AP2 both connect

es
to AC1, the STA implements Intra-AC Roaming. The STA associates with AP1 first. AP1 is
R
the STA's HAP, and AP2 is the STA's FAP. AC1 is the STA's HAC and FAC.

n g
ni
 The STA moves from the coverage area of AP2 to AP3. Since AP2 and AP3 associate with

r
AC1 and AC2 respectively, the STA implements Inter-AC Roaming. AP1 and AC1 are the
a
L e
STA's HAP and HAC, and AP3 and AC2 are the STA's FAP and FAC. AC1 and AC2 belong
to the same Roaming Group. The STA can only roam between ACs of the same roaming
e
or
group. ACs in a roaming group synchronize data of each other and forward packets over

M
the Inter-AC Tunnel.

 AC1 and AC2 need to know information about each other. AC1 functions as the Master
Controller to manage group members and deliver member information to other group
members.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
//le
p :


t t
During Layer 2 roaming, the STA stays within the same subnet. The FAP/FAC processes

:h
packets of a Layer 2 roaming STA in the same way as it processes packets of a newly

s
online STA. The FAP/FAP forwards the packets on the local network but not send the
e
c
packets back to the HAP over the inter-AC tunnel.
r
 Before roaming:
ou
es
The STA sends a service packet to the HAP.
R


n g
After receiving the service packet, the HAP sends it to the HAC.


r ni
The HAC forwards the service packet to the upper-layer network.

e a
After roaming:
L


e
or
 The STA sends a service packet to the FAP.

After receiving the service packet, the FAP sends it to the FAC.
M


 The FAC forwards the service packet to the upper-layer network.

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The STA stays in different subnets before and after Layer 3 roaming. To ensure that the

:h
STA can still access the original network after roaming, user traffic is forwarded to the
original subnet over tunnels.
e s
r c
In tunnel forwarding mode, service packets exchanged between the HAP and HAC are
u


o
encapsulated through a CAPWAP tunnel, and the HAP and HAC can be considered in the
s
Re
same subnet. Instead of forwarding the packets back to the HAP, the HAC directly
forwards the packets to the upper-layer network.

n g
ni
 Before roaming:

a r
The STA sends a service packet to the HAP.

L e
 After receiving the service packet, the HAP sends it to the HAC.
e
or
 The HAC forwards the service packet to the upper-layer network.

M  After roaming:

 The STA sends a service packet to the FAP.

 After receiving the service packet, the FAP sends it to the FAC.

 The FAC forwards the service packet to the HAC through a tunnel between them.

 The HAC forwards the service packet to the upper-layer network.

 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
// le
p :


t t
In direct forwarding mode, service packets exchanged between the HAP and HAC are not

:h
encapsulated through the CAPWAP tunnel; therefore, whether the HAP and HAC reside in

s
the same subnet is unknown. Packets are forwarded back to the HAP by default. If the
e
c
HAP and HAC are located in the same subnet, configure the HAC with higher performance
r
u
as the home agent. This reduces the load on the HAP and improves the forwarding
o
efficiency.
es

R
After a user roams to a new AP, the user uses the Home AP (HAP) as its home agent by

n g
default. A tunnel is automatically set up between the Foreign AP (FAP) and home agent

ni
when the user is roaming. User traffic is forwarded by the home agent to ensure that the
r
a
user can still access the original network after roaming.
e


e L
If the AC and user's gateway can communicate at Layer 2, for example, when the AC is

or
located in the user VLAN or happens to be the gateway, you can configure the HAC as the

M
home agent to reduce traffic load on the HAP. This also reduces the length of the tunnel
between the FAP and the home agent, which improves the forwarding efficiency.

 Before roaming:

 The STA sends a service packet to the HAP.

 After receiving the service packet, the HAP sends it to the HAC.

 The HAC forwards the service packet to the upper-layer network.

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
A small enterprise needs to provide access services for users through a WLAN and requires

:h
nonstop service transmission when the users move within the enterprise. To meet the

s
requirements, deploy one AC and multiple APs inside the enterprise and configure the AC
e
c
to manage the APs and provide WLAN services for users.
r

ou
In Figure, the enterprise deploys one AC to manage multiple APs. The STA can connect to

es
the WLAN through AP1 and AP2. When the STA roams from AP1 to AP2, services are not
interrupted. R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
A medium or large enterprise is composed of many working areas. The enterprise needs to

:h
provide access services for users through a WLAN and requires nonstop service

s
transmission when the users move between different working areas. To meet the
e
c
requirements, deploy one AC and multiple APs in each working area of the enterprise and
r
u
configure the ACs to manage the APs and provide WLAN services for users.
o

es
In Figure, AC1 and AC2 belong to the same roaming group and manage APs in area 1 and
R
area 2 respectively. The STA can connect to the WLAN through AP1 and AP2. When the

n g
STA roams from AP1 to AP2, services are not interrupted.

r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Multiple APs are used to cover the scenarios from al angles. Roaming prevents services

:h
from being interrupted when users roam from one AP to another.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
What are the differences between Layer 3 roaming and Layer 2 roaming?

s :h
Subnets with different VLAN IDs are in different network segments. STAs roaming

r c e
between these subnets roam at Layer 3.

ou
The system considers that the STAs roam at Layer 2 only when the STAs roam within

s
the same VLAN and roaming domain.
e
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 What is roaming?
t t


s :h
WLAN roaming policies mean free roaming of a STA in a WLAN. When the STA

r c e
roams within an extended service set (ESS), services are not interrupted.

ou
Working Principles of Roaming

es
Requests to roam.

R
Triggers roaming.
g


ni n
Performs roaming.


a r
What are the application scenarios of roaming?

L e There are Layer 2 and Layer 3 roaming depending on whether the STA crosses
e


or
between VLANs.

M  WLAN Roaming on Small Enterprise Networks, WLAN Roaming on Medium and

Large Enterprise Networks

 Roaming occurs in places including grand halls, sports stadiums, and dormitories.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
WLAN reduces cables on a network and can be deployed in places where cables are

:h
difficult to deploy, such as subways and highways. One or more APs can provide wireless

s
access for a building or an area. Compared with a wired access network, a WLAN is easier
e
c
to construct and requires lower construction and maintenance costs.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
An increasing number of enterprises are planning or have deployed WLAN networks to use

:h
various WLAN functions like mobile OA, wireless surveillance, wireless voice, and asset

s
location in a more convenient and efficient way. However, WLAN networks are facing
e
c
more security risks and threats than wired networks, because WLAN networks transmit
r
u
data using shared media — radio waves. To protect user information security, prevent
o
s
unauthorized access, and improve WLAN stability and efficiency, protection measures must
e
R
be taken to enhance WLAN security.

n g
Prevent information theft: If information transmitted on a WLAN is not encrypted or

ni


the encryption algorithm is not secure enough, information may be intercepted by

a r
attackers using snooping software or be reversely decrypted when being transmitted

L e over radio waves. Such information leakage may cause losses to users or enterprises.

e
or
 Prevent unauthorized access: WLAN STAs connect to APs wirelessly. Without user

M
access control and authority management, unauthorized users can connect to the
WLAN and authorized users can access network resources that they should not
access. For example, guests of a company are allowed to connect to the company's
WLAN. If access rights of guests are not controlled, guests may access internal file
servers of the company, bringing risks of information leakage.

 Provide stable, efficient wireless access: WLANs work on the Industrial Scientific &
Medical (ISM) frequency band, which can be used without authorization. Therefore,
WLANs are facing threats from rogue devices and DoS attacks.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Data theft: Because wireless networks use radio waves to transmit data, data packets are

:h
easy to intercept. Currently, most data packets on wireless networks are transmitted in

s
plaintext. Wireless networks do not have clear physical borders, and any attacker in the
e
c
coverage area of radio signals can snoop and crack communication data. In addition,
r
u
many WLANs do not encrypt transmitted data by default; therefore, anyone that receives
o
s
radio signals can connect to the WLANs and decode the data, resulting in information
e
leakage.
R
n g
DoS attacks: Due to openness of WLANs, data is transmitted in a wide space. Any device,

ni


malicious or not, can receive and send wireless data freely. Attackers can easily send a

a r
large number of packets of the same type to a WLAN within a short time. As a result, the

L e
WLAN is full of the flooding packets and cannot process requests from authorized users.

e
or
 Rogue device intrusion: A WLAN is facing threats from rogue APs, ad-hoc networks, and

M
DDoS attacks. Compared with other attacks, rogue devices pose more severe threats on
wireless networks. Take rogue APs as an example. A hacker can deploy unauthorized APs
or clients on a WLAN to provide unrestricted access. Then users on the WLAN think they
are provided with good signal coverage and do not know their data has been intercepted
by the hacker. This information leakage may cause losses to users' fame or wealth.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WLAN security involves perimeter security, user access security, and service security.

s :h
Perimeter security: A WLAN is subject to threats from unauthorized AP users, ad-hoc

r c e
networks, and DoS attacks. A wireless intrusion detection system (WIDS) can detect
unauthorized users and APs. A wireless intrusion prevention system (WIPS) can protect an

ou
enterprise network against access from unauthorized devices on wireless networks.

es
User access security: Link authentication, user access authentication, and data encryption
R


g
are used to ensure validity and security of user access on wireless networks.

n
ni
 Service security: This feature protects service data of authorized user from being

a r
intercepted by unauthorized users during transmission.


L e
WIDS: This feature can detect rogue devices, attacks, and intrusions on wireless networks.
e
or
Devices that can be detected include rogue APs, wireless bridges, rogue clients, ad-hoc
terminals, and co-channel APs.
M  WIPS: On the basis of WIDS, WIPS further protects security of enterprise wireless networks.
For example, it can prevent rogue devices from accessing enterprise networks and users
without authorization, provide attack defense for the network system, disconnect
authorized users from rogue APs, disconnect rogue clients and ad-hoc terminals from
wireless networks. In this way, WIPS achieves rogue containment.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
A WLAN is an open wireless network vulnerable to various network threats, for example,

:h
unauthorized APs, rogue clients, ad-hoc networks, rogue APs, and DoS attacks. WIDS and

s
WIPS technologies are used to monitor and prevent these wireless network security threats.
e
r c
u


s o
Re
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
With rapid development of attacking techniques, WLANs are facing more and more

:h
security threats. Misconfiguration of APs may result in session hijacking and DoS attacks

s
on WLANs. WLANs are often attacked not only because they are deployed on the
e
c
traditional TCP/IP architecture of wired networks, but also because the 802.11 standards
r
u
of the Institute of Electrical and Electronics Engineers (IEEE) have their own vulnerabilities.
o

es
A WLAN is facing threats from rogue APs, ad-hoc networks, and DDoS attacks. Compared
R
with other attacks, rogue devices pose more severe threats on wireless networks. To

n g
detect and prevent these threats more effectively, WIDS and WIPS technologies are

ni
introduced to WLANs. WIDS and WIPS can detect malicious attacks and intrusions to
r
a
WLANs in early stages, helping network administrators find potential risks in WLANs. In
e
e L
this way, preventive measures can be taken in a timely manner to secure WLANs against

or
attacks.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WLAN device detection can implement monitoring of the entire network. You can deploy

:h
monitor APs on a WLAN to be protected and configure the APs to periodically listen to
radio signals.
e s
r c
Before configuring rogue device identification on an AP, configure the AP working mode.
u



s o
AP radios can work in two modes:

 Normal
Re
n g
A radio transmits common WLAN service data if air scan is disabled.

ni


a r
A radio transmits WLAN service data and provides the monitoring function if air scan

L e is enabled. Monitoring may affect WLAN service data transmission.

e
or
 Monitor: AP radios are only used for monitoring WLAN services such as WIDS, spectrum
analysis, and terminal location.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The AC extracts surrounding neighbor entries and identifies device types as follows:

s :h
Rogue AP identification: APs can be classified based on the MAC address, SSID, or

r c e
OUI whitelist. APs that are not managed by the AC and not in the whitelist are
considered as rogue APs.

ou


rogue clients.es
Rogue client identification: Clients associated with rogue APs are considered as

R


n g
Wireless bridge identification: the same as rogue AP identification.

r ni
Ad-hoc: All ad-hoc networks are considered unauthorized.

e a
Note: If an AC determines a rogue AP, a rogue AP alarm is triggered and sent to the
L


e
network management platform through SNMP trap messages. Detection of other

or
unauthorized device types will not trigger unauthorized device alarms.

M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Rogue device defense: A blacklist can be configured to prevent access from rogue APs or

:h
clients.


e s
Rogue AP containment: When detecting a rogue AP, a monitor AP sends a fake broadcast

r c
or unicast Deauthentication frame with the MAC address of the rogue AP, to prevent

ou
wireless users from associating with the rogue AP.

es
Rogue client and ad-hoc device containment: When detecting a rogue client or ad-hoc
R


g
device, a monitor AP sends a fake unicast Deauthentication with the BSSID and MAC

n
ni
address of the rogue client or ad-hoc device, to prevent access from the rogue client or

r
disconnect the ad-hoc device from the WLAN.
a

L e
Monitor APs take containment periodically on rogue devices using the configured probing

emode.

or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 Flood attack detection through WIDS
t t


s :h
Attack detection mechanism: An AP continuously monitors traffic from each STA.

r c e
When the traffic rate from a STA exceeds the configured threshold, the AP considers
that the STA is initiating a flood attack and reports an alarm to the AC. If the

ou
dynamic blacklist function is enabled, the attacking STA is added to the blacklist,

es
and the AP drops all packets sent from the STA to protect the WLAN.
R


n g
Spoofing attack detection through WIDS

ni
 Spoofing frames are classified into the following types:

a r Broadcast Disassociation frame

e


e L  Broadcast Deauthentication frame

or  Attack detection mechanism: After an AP receives a broadcast Disassociation or

M Deauthentication frame, it checks whether the source MAC address of the frame is
its own MAC address. If so, the WLAN is undergoing a spoofing attack of
Disassociation or Deauthentication frames. The AP then reports an alarm to the AC.

 Weak IV detection through WIDS

 Attack detection mechanism: An AP identifies the IV of each WEP packet. When

detecting a packet carrying a weak IV, the AP reports an alarm to the AC, to alert
the user that other security policies should be adopted to prevent STAs from using
 the weak IV for encryption.

n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
To enhance AP security, an AC can authenticate the APs that attempt to connect to the

:h
network. Currently, Huawei ACs support MAC address authentication, SN authentication,
and non-authentication.
e s
r c
MAC address authentication (default): controls AP access using a configured MAC
u


address list.
s o


Re
SN authentication: controls AP access using a configured SN list.

n g
Non-authentication: accepts access requests of any APs. That is, AP identities are not

ni
authenticated.

a r
A whitelist can also be configured to allow access from certain APs. The following types of
e


e L
whitelists can be configured:

or
 AP whitelist: When APs are deployed on a wired network, an AP whitelist can be

M 
configured to allow specified APs to connect to the network without authentication.

WDS whitelist: In a WDS system, a WDS whitelist can be configured on the root and
middle APs to accept connection requests from the downstream middle and leaf APs
without authentication.

 Mesh whitelist: On a Mesh network, a Mesh whitelist can be configured on the

Mesh Portal Point (MPP) to allow access from the Mesh Points (MPs) that establish
Mesh connections with the MPP.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
 WPA: Wi-Fi Protected Access
t t
 EAP: Extensible Authentication Protocol
s :h


c e
TKIP: Temporal Key Integrity Protocol
r


ou
CCMP: Counter Mode with CBC-MAC Protocol


es
ECC: elliptic curve cryptography
R


n g
WAPI: WLAN Authentication and Privacy Infrastructure

r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Wired Equivalent Privacy (WEP), defined in IEEE 802.11, is used to protect data of

:h
authorized users from unauthorized interception during transmission on a WLAN. The core

s
of WEP is the RC4 algorithm. This algorithm uses 64-bit or 128-bit encryption keys. In an
e
c
encryption key, the 24-bit IV is generated by the system, so the rest of 40 bits or 104 bits
r
u
are configured on the WLAN server and client. WEP uses static encryption keys. That is, all
o
s
the STAs associating with the same SSID use the same key to connect to the wireless
e
network.
R
n g
A WEP security policy involves link authentication and data encryption.

ni


a r
Link authentication mechanisms include open system authentication and shared key

e
authentication.
L
e If open system authentication is used, data is not encrypted during link

or


authentication. After a user goes online, user data can be encrypted by WEP or not,

M 
depending on the configuration.

If shared key authentication is used, the WLAN client and server complete key
negotiation during link authentication. After a user goes online, user data is
encrypted using the negotiated key.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WEP shared-key authentication uses the RC4 symmetric stream cipher to encrypt data;

:h
therefore, the same static key must be preconfigured on the server and client. Both the

s
encryption mechanism and encryption algorithm are vulnerable to security threats. The Wi-
e
c
Fi Alliance developed Wi-Fi Protected Access (WPA) to overcome WEP defects before more
r
u
secure policies are provided in 802.11i. WPA still uses the RC4 algorithm and defines the
o
s
TKIP encryption algorithm. Later, 802.11i defined WPA2. Different from WPA, WPA2 uses
e
R
an 802.1x authentication framework and supports EAP-PEAP and EAP-TLS authentication.

g
In addition, WPA2 uses a more secure encryption algorithm: CCMP.
n


r ni
Both WPA and WPA2 support 802.1x access authentication and TKIP/CCMP encryption

a
algorithm, ensuring better compatibility. The two protocols provide almost the same
e
e L
security level and their difference lies in the protocol packet format.

or
 For link authentication, WPA and WPA2 support only open system authentication.

M  For access authentication, WPA and WPA2 provide an enterprise edition and a personal
edition.

 WPA/WPA2-Enterprise (WPA/WPA2-802.1x authentication): uses a RADIUS server

and EAP for authentication. Users provide authentication information, including the
user name and password, and are authenticated by an authentication server
(generally a RADIUS server).

 Large-scale enterprise networks usually use WPA/WPA2-Enterprise.

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese national standard for

:h
WLANs, which was developed based on IEEE 802.11. WAPI provides higher security than

s
WEP and WPA and consists of the following parts:
e
r c
WLAN Authentication Infrastructure (WAI): authenticates user identities and
u


manages keys.
s o


Re
WLAN Privacy Infrastructure (WPI): protects data transmitted on WLANs and

g
provides the encryption, data verification, and anti-replay functions.

n
ni
 WAPI uses the ECC algorithm based on the public key cryptography and the block key

a r
algorithm based on the symmetric-key cryptography. The ECC algorithm is used for digital

L e
certificate authentication and key negotiation between wireless devices. The block key

ealgorithm is used to encrypt and decrypt data transmitted between wireless devices. The

or two algorithms implement identity authentication, link authentication, access control, and

M user information encryption.

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
On a WLAN, a blacklist or whitelist can be configured to filter access from STAs based on

:h
specified rules. The blacklist or whitelist allows authorized STAs to connect to the WLAN

s
and rejects access from unauthorized STAs.
e
Whitelist
r c
u


s o
A whitelist contains MAC addresses of STAs that are allowed to connect to a WLAN.
e
After the whitelist function is enabled, only the STAs in the whitelist can connect to
R
g
the WLAN, and access from other STAs is rejected.

n
ni
 Blacklist

a r
A blacklist contains MAC addresses of STAs that are not allowed to connect to a
e


e L WLAN. After the blacklist function is enabled, STAs in the blacklist cannot connect

or
to the WLAN, and other STAs can connect to the WLAN.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
MAC address authentication controls user access rights based on access ports and user

:h
MAC addresses. This authentication method does not require any client software. After

s
MAC address authentication is enabled on a port, the device starts authentication for a
e
c
user upon detecting the MAC address of the user. During authentication, the user does
r
u
not need to enter a user name or password.
o

es
User names and passwords used in MAC address authentication have either of the
following formats: R
n g
ni
 MAC address: A user's MAC address is used as the user name and password for

a r
authentication.

L e
 Fixed user name: All users use a fixed name and password configured on the device

e for authentication, regardless of their MAC addresses. When all users connecting to

or the same port use the same fixed user name and password for authentication, only

M one user account needs to be configured on the authentication server. This method
is applicable to a network where access STAs are reliable.

 Guest VLAN for MAC address authentication

 After the guest VLAN function is enabled on a device, the device adds an access
port to the guest VLAN if users on the port do not respond to MAC address
authentication requests. The users on this port can access resources in the guest
VLAN. The guest VLAN function enables users to access certain network resources
without being authenticated.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Portal authentication is also called web authentication. Generally, portal authentication

:h
websites are referred to as portal websites.


e s
Portal authentication system architecture

r c


ou
A Portal server can be an independent entity (external Portal server) or an embedded

s
entity (internal Portal server) on an access device.
e

R
If the Portal authentication system uses an internal Portal server, no external Portal

g
server needs to be deployed, and an access device provides Portal server functions.
n


r ni
Different Portal authentication methods can be used in different networking modes.

a
Depending on the network layer where Portal authentication is performed, Portal
e
e L
authentication is categorized as Layer 2 authentication or Layer 3 authentication.

or
 Layer 2 Portal authentication

M  When the authentication clients and access device are directly connected or have only
Layer 2 devices between them, the access device can learn MAC addresses of users.
Therefore, the access device can identify the users using their MAC addresses and IP
addresses. Layer 2 Portal authentication can be configured in this scenario. Layer 2
authentication is simple and ensures high security, but it is not flexible because users must
be located on the same network segment as the access device.

 Layer 3 Portal authentication

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Security functions, such as DHCP snooping, DAI, and IPSG, can be configured on interfaces

:h
of wired network devices or in WLAN service sets to enhance network security.

e s
After the dhcp snooping command is executed to enable DHCP snooping on an AP,
c


r
the STA that attempts to associate with the AP can obtain an IP address using DHCP.
u
o
If the STA obtains an IP address successfully, the AP reports to the AC the IP
s
Re
information including the IP address, IP version, and lease duration. You can specify
trusted and untrusted ports for DHCP snooping on a network device to prevent

n g
attacks from bogus DHCP servers. Since DHCP snooping is also enabled in the

ni
service set, DHCP users can be associated with the AP. For users who use static IP
r
e a addresses, the network administrator must create static binding entries by binding

e L the user MAC addresses to specified IP network segments on the network device.

or
These users can connect to the network only when their MAC addresses match the
static binding entries.
M  After DAI is enabled on an AP, the AP checks all the ARP request and reply packets
sent to the DAI-enabled VAPs. When detecting invalid or attacking ARP packets, the
AP drops the packets and sends trap messages to the AC. This function prevents
unauthorized users from connecting to external networks through the AP and
protects authorized users from interference and ARP spoofing attacks. In addition,
DAI protects the AP's CPU from ARP attacks, which, if not prevented, will cause
unavailability of some functions on the AP or even make the AP break down.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
When an AP sets up a CAPWAP tunnel with an AC, the AP obtains the AC's IP address in

:h
the Discovery phase. Then the DTLS negotiation phase begins. In this phase, the AP

s
negotiates with the AC using this IP address to set up the CAPWAP tunnel. UDP packets
e
c
transmitted in the CAPWAP tunnel are encrypted using DTLS.
r

ou
DTLS supports certificate encryption and PSK encryption.

es
The control-link dtls encrypt command configures the certificate encryption mode.
R


g
A certificate is only used to generate keys but cannot be used to authenticate an AP.

n
ni
If DTLS negotiation fails, the CAPWAP tunnel fails to be established.

a r
When the PSK encryption mode is used, the dtls psk command can be executed on

L e the AC to manually change the PSK value used in the DTLS session.

e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 User isolation
t t


s :h
The user isolation function prevents wireless users associated with the same AP from

r c e
exchanging Layer 2 packets. These users cannot communicate directly. Instead, user
traffic is aggregated to the gateway, facilitating user management.

ou


es
In public places, carrier networks, medium- and large-sized enterprises, and financial
organizations, users may need to access the Internet using wireless technology. If
R
g
accurate and reliable user authentication is not performed, unauthorized users are

n
ni
able to use network resources, consuming bandwidth. This lowers the service quality

a r
of authorized users and brings unacceptable loss to wireless access service providers.

L e Layer 2 user isolation can be combined with user authentication and accounting of
IEEE 802.11i and RADIUS to provide high security.
e
or  VAP-based user isolation

M  Before user isolation is configured, users associated with the same VAP can
communicate with each other. This may threaten network security or cause
accounting issues. VAP-based user isolation can solve this problem. VAP-based user
isolation disables forwarding of Layer 2 unicast or broadcast packets between users
associated with the same VAP. This function ensures service security and accounting
accuracy.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
User group–based user isolation divides users into different groups and implements user

:h
isolation in the following modes:

e s
Inter-group user isolation: Users in different groups cannot communicate with each
c


r
other, and users in the same group can communicate with each other.
u


s o
Intra-group user isolation: Users in the same group cannot communicate with each
other.
Re


n g
Inter-group user isolation and intra-group user isolation can be used together.

r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
 Answer 1: ABCD
t t
 Answer 2: AB, C, CD
s:h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
EAP stands for Extensible Authentication Protocol.

s :h
TKIP stands for Temporal key Integrity Protocol.

c e
CCMP stands for Counter Mode with CBC-MAC (short for cipher block chaining-message
r
u
authentication code) Protocol.

o
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Open system authentication (OSA) is the default as well as the simplest authentication

:h
mode. Users do not need to be authenticated in this mode. When the authentication

s
mode is set to OSA, all STAs that sends authentication requests can pass authentication.
e
c
OSA applies to carriers' large-sized WLANs with a great number of users.
r

ou
OSA consists of two steps only. An AP only checks whether an STA uses the same

es
authentication mode as itself and does not verify the STA's WEP encryption key. This slide
R
shows the authentication process.

n g
ni
 The OSA process is as follows:

a r
The STA sends an authentication request to the AP.

L e
 The AP sends an authentication success response packet to the STA. After receiving
e
or
the packet, the STA registers with the AP.

M  The advantages and disadvantages of OSA are as follows:

 Advantages: As a basic authentication mechanism, OSA can be used on wireless

devices that do not support complex authentication algorithms. Since authentication
defined in 802.11 is connection-oriented, you can deploy OSA on scenarios where
STAs are required to connect to a WLAN quickly.

 Disadvantages: OSA cannot distinguish hacker STAs from authorized STAs. When
this authentication mode is used, any users can connect to a WLAN if they know the
 WLAN SSID.

n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
An STA can access an AP only if it has the same SSID as the AP. If their SSIDs are different,

:h
the STA cannot access network resources in the service area covered by the AP. By setting

s
SSIDs, carriers can group users and restrict access from roaming users to ensure security
e
c
and access performance. Carriers can also configure SSID hiding, define SSID areas, and
r
u
assign different rights to SSID areas to ensure data confidentiality. Therefore, an SSID can
o
s
be considered as a simple password to implement network security using the password
e
R
authentication mechanism.

n g
Currently, however, there are available devices or software that can be used to find

ni


WLANs with hidden SSIDs. The SSID hiding function alone is no longer powerful enough

a r
to protect the WLAN security.

L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
MAC address authentication controls the network access right of a user based on the

:h
access interface and the user's MAC address. In this authentication mode, no

s
authentication client software is required.
e
r c
MAC address filtering identifies STAs by controlling network adapters. The network
u


o
adapter of each STA is identified by a unique MAC address. Therefore, the source MAC
s
Re
address in the data packets sent from an STA can be checked to determine the STA validity.
To perform MAC address filtering, a valid MAC address list must be preconfigured on the

n g
AC (in fat AP mode, the list is preconfigured on the AP). The AP communicates with an

ni
STA only when the STA's MAC address matches the address in the valid MAC address list.
r

e a
However, many network adapters allow MAC addresses to be reconfigured. In that case,

e L
the MAC addresses are easy to be forged or copied. Therefore, MAC address

or
authentication is more an access control method than an authentication mode. It is not

M
recommended that you use the MAC address authentication only, except for the situation
that some legacy devices do not support better security mechanism.

 The RADIUS server also supports MAC address authentication. The MAC address list is
configured on the RADIUS server connected to the AC. If the MAC address of an STA is
not included in the list, the STA sends an authentication request to the RADIUS server.
After the RADIUS server authenticates the user's MAC address, the user can access the
WLAN and obtain the authorization information.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Like open system authentication, shared key authentication is another link authentication

:h
mechanism.


e s
Shared key authentication requires that an AP and STA use the same key (static WEP key)

r c
and is implemented based on WEP encryption. It consists of four steps. The last three steps

ou
complete a WEP encryption and decryption process, which is similar to the process of

es
Challenge Handshake Authentication Protocol (CHAP). Verifying the WEP key ensures that
R
the network card and AP use the same key when the network card sends association

n g
requests. This slide shows the authentication process.

r ni
The shared key authentication process is as follows:
a


L e
 The STA sends an authentication request to the AP.

e
or
 The AP randomly generates a challenge packet and sends it to the STA.

M  The STA copies the challenge packet to a new packet, uses its key to encrypt the
packet, and sends the encrypted packet to the AP.

 After receiving the encrypted packet, the AP decrypts it with its key and compares
the decrypted packet with the original one.

 If the packets are the same, the STA and AP have the same key and the STA is
successfully authenticated.

 If the character strings are different, the STA cannot pass the authentication.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
IEEE 802.1X defines port-based network access control protocols. The port can be a

:h
physical port or a logical one, while in a wireless local area network (WLAN) scenario, it

s
refers to a channel. Examples of typical application scenarios: computer stations where
e
c
each port of an access switch connects to one single user (physical port-based); WLAN
r
u
access scenarios defined in the IEEE 802.11 standard (logical port-based).
o

es
The ultimate objective of 802.1X authentication is to check whether a port is available. If
R
802.1X authentication succeeds, the port is enabled and allows all the packets to pass. If

n g
802.1X authentication fails, the port is disabled and allows only the Extensible

ni
Authentication Protocol over LANs (EAPoL) packets to pass.
r

e a
Note: The letter X in 802.1X is capitalized. In the IEEE naming rules, lowercase letters (such

e L
as 802.11a and 802.11b) are used to name regulations attached to existing standards,

or
while uppercase letters are used to name independent regulations. Since 802.1X is a

M
complete and independent protocol standard, the letter X must be capitalized.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
As shown in the slide, the 802.1X system operates in the typical client/server (C/S) model.

:h
It consists of the following components: the supplicant, authenticator, and authentication
server.
e s
r c
802.1X is an enhanced network security solution. On a WLAN using 802.1X authentication,
u


o
the STA equipped with the 802.1X client software functions as the supplicant, and the
s
Re
AP/AC with built-in 802.1X authentication proxy functions as the authenticator. The AP/AC
also functions as the client of the RADIUS server, and is responsible for forwarding

n g
authentication information between the STA and the RADIUS server.

r ni
Boasting its distinct advantages on security and cost, 801.1X is an ideal wireless
a


e
authentication solution. It applies to enterprise WLANs of all scales.
L
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
802.1X is developed based on EAP. EAP is a simple encapsulation protocol and can run at

:h
any link layer. However, it has not been widely used on Point-to-Point Protocol (PPP) links.


e s
This slide shows the EAP encapsulation format. In a WLAN scenario, the EAP packets are

r c
transmitted over LAN links, forming EAPoL packets.

ou


es
EAP encapsulation format:


R
Code: This field is the first field of an EAP packet. It is one byte in length and

g
identifies the EAP encapsulation type. The Data field must be parsed according to
n
ni
the Code field.

a r
Identifier: This field is one byte in length. It contains one unsigned integer, which is
e


e L used to send requests and responses.

or
 Length: This field occupies two bytes. It specifies the total number of bytes in an

M 
EAP packet.

Data: The length of this field is based on the encapsulation type of the EAP packet.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Extensibility (what the letter E in EAP stands for) is a feature with two sides. With

:h
extensibility, new functions can be developed to meet new requirements. However,

s
extensibility also allows different carriers or enterprises to use different types of EAP and
e
c
incompatibility occurs as a result. This explains the narrow coverage of the 802.1X system.
r

ou
The commonly-used EAPs include:

es
EAP-MD5: It is the first EAP authentication mode. EAP-MD5 is an authentication
R


g
mode based on the user name and password. Its authentication process is similar to

n
ni
that of the CHAP authentication.

a r
EAP-TLS: It is an authentication mode based on certificates, authenticating the

L e certificates of both the client and authentication server.

e
or
 EAP-TTLS is co-developed by Funk Software and Certicom. It is an IETF open
standard, and is well-supported among different platforms. EAP-TTLS provides
M strong security and uses the Public Key Infrastructure (PKI) certificate to the
authentication server.

 EAP-PEAP: It is an authentication mode based on certificates. A server uses a

certificate for authentication while a client can use either a certificate or a user name
and password for authentication.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The pre-shared key (PSK) mode is also named individual mode. It is developed for

:h
household families and small-sized companies, for whom the 802.1X authentication

s
servers are high in costs and complex in operation. Each user must enter a specific
e
c
password to access the network. The password can have a length of 8 to 63 ASCII
r
u
characters or 64 hexadecimal numbers (256 bits). Users can decide whether to save their
o
s
passwords to avoid repeated input, but the passwords must be saved on APs.
e

R
This authentication mode requires that a key be configured for an STA before the STA

n g
starts an authentication attempt. The AP implements a 4-way handshake key negotiation

ni
to authenticate the validity of the STA-side key.
r

e a
WPA-PSK can be used for small-sized networks with few important data. It mainly applies

e L
to small-sized networks with low risks and network users that do not have high security

or
requirements.

M  Since large-sized enterprises have high requirements on security, 802.1X authentication is

used.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Portal authentication is also called web authentication. When a user accesses the

:h
authentication page on the web server or when a user attempts to access other external

s
networks using HTTP, the user is forcibly redirected to the web authentication page. After
e
c
the user enters the account and submits the web page, the web server obtains the
r
u
account. The web server sends the user account information to the WLAN server using the
o
s
Portal protocol. The WLAN server and authentication server exchange messages to
e
R
complete user authentication.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The process of login triggered by IP packets is described as follows:

s :h
1. A WLAN client (STA) is assigned with a static IP address or obtains a dynamic IP
address using DHCP.

r c e


ou
2. The WLAN client sends an HTTP request packet to the WLAN server (AC) to visit a
web page.
es

R
3. The WLAN server redirects the requested URL to the web authentication page (IP

g
address of the Portal server) and sends the redirection packets to the WLAN client.
n


r ni
4. The user enters the user name and password on the web authentication page and

e a the WLAN client submits them to the Portal server.

e L  5. The Portal server obtains the account information and encrypts the password with

or
the challenge from the WLAN server. After that, the Portal server sends an

M authentication request packet, which carries the user account information and IP
address, to the WLAN server.

 6. The WLAN server exchanges authentication information with the RADIUS server
to complete authentication. After the WLAN client is authenticated, the WLAN
server allocates resources to the user, delivers a forwarding entry, and starts online
user probe. In addition, the WLAN server sends an authentication response packet
to notify the Portal server of the authentication result.
  7. The Portal server sends the authentication result to the WLAN client and notifies
the WLAN server that it has received the authentication response packet.

n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :


t t
WLAN is featured with its openness. Therefore, if no link encryption mechanism is used,

:h
data security is threatened. Anyone can tamper or eavesdrop the unencrypted data as long
as they have proper devices.
e s
r c
Communication security is supposed to achieve the following three goals. In addition to
u


o
network administrators, data protection protocols must also play a role in protecting data
s
during transmission.
Re


n g
Confidentiality: prevents data from being intercepted by an unauthorized third-party

ni
device.

a r
Integrity: ensures that the data is not modified.

L e
 Authentication: basis of all security policies. As data credibility partly depends on the
e
or
reliability of the data source, data users must verify the data source and therefore
authentication is essential for data protection. Authorization and access control are
M both based on authenticity. Before a user accesses any data, the system must verify
the user identity and decide whether to allow the user to access the data.

 Authentication has been mentioned in the previous section. In this section, we will talk
about the protection of data confidentiality and integrity, which is what WLAN encryption
all about.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
For WEP encryption, the following items are needed:

s :h
Original data that needs to be protected

c e
Secret key used to encrypt the frames (WEP allows four secret keys to be stored at
r
the same time.)

ou


es
Initialization vector (IV) used together with secret keys during frame transmission

R
WEP delivers the following item after processing the preceding three items:
g


ni n
An encrypted frame that can be transmitted even on an insecure network and that

a r
carries sufficient data for the receiver to decrypt it.


L e
If Rivest Cipher 4 (RC4) is used, the same plain-text password will generate the same

e
or
encryption result. Therefore, decryption is not that difficult after the encryption regularity
has been figured out.

M  To break the regularity, IV is introduced to 802.11. IV is entered together with the

key to generate a key stream. In that way, using the same key will no longer
generate the same encryption result.

 IV is carried in packets as plain text so that the receiver can decrypt the encrypted
packets.

 Although IV varies depending on packets, the 24-bit length will lead to IV repetition
sooner or later. For a busy AP, the repetition occurs within hours. Therefore, IV
 cannot break the regularity of packets in the true sense.

n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 The analysis is as follows:
t t


s :h
The encryption keys used in WEP encryption include:

c e
40-bit or 104-bit common keys preset on the sender and receiver
r


ou
24-bit encryption keys (also called the IV key) configured for each message block by
the sender
es
R
As shown in the functional block diagram of encryption, IV keys are added in the message
g


n
block without encryption to inform the receiver. If a message block with a certain IV is

ni
r
collected through wireless interception, it is possible to work out the secret common key

a
by analyzing the IV.
e


e L
Due to the lack of message integrity check, messages can be easily modified by hackers.

or 

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The Temporal key Integrity Protocol (TKIP) is the first commonly used new encryption

:h
protocol at the link layer. TKIP is developed to improve the security of the legacy WEP

s
hardware. Generally, chips enabled with the WEP function support the RC4 encryption
e
c
mechanism. Since it is the hardware that implements encryption, security can be enhanced
r
u
simply by upgrading the software or firmware. Therefore, TKIP inherits the basic WEP
o
s
architecture and encryption process.
e
R
Note: TKIP was first named WEP2 when written into the 802.11 standard. After it is
g


ni n
proved that WEP has defects, this protocol changes its name to TKIP to differentiate
itself from WEP.

a r


L e
TKIP has the same encryption mechanism with WEP. To guard against attacks on IV, TKIP
increases the IV length from 24 bits to 48 bits so that more IV values are supported. In
e
or
addition, TKIP uses a cryptographic mixing function to defend attacks against the WEP

M
seed. Each frame is encrypted using a specific RC4 key, which improves the IV security.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Key management deals with problems produced during the period from key generation to

:h
key destruction. The two major protocols in key management defined in 802.11i are the 4-

s
way handshake protocol and multicast key upgrade protocol. The 4-way handshake
e
c
protocol is used for unicast key negotiation. An STA and an AP dynamically negotiates a
r
u
pairwise master key (PMK). The STA and AP then conduct a 4-way handshake to negotiate
o
s
a unicast key based on this PMK. Each STA uses a different PMK to communicate with the
e
R
AP and the PMK is updated periodically, ensuring communication security.

n g
The 4-way handshake protocol is the most important part in the key management system.

ni


It is conducted to ensure that the STA and AP obtain the same PMK and that the PMK is

a r
the latest, so that the latest pairwise transient key (PTK) can be generated. The PMK is

L e
negotiated between the STA and AP after the authentication is implemented. The PTK can

e
or
be upgraded periodically through the 4-way handshake initiated by an AP. In the case that
the PMK remains unchanged, an STA can send a 4-way handshake initialization request to
M generate a new PTK. The key negotiation messages exchanged between the STA and AP
are encapsulated with EAPOL-Key. The process of 4-way handshake is shown in the slide.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
One of the biggest WEP weaknesses lies in integrity check, which is used to ensure that

:h
frames will not be modified when being transmitted through wireless media. WEP uses the

s
cyclic redundancy check (CRC) to check the frame integrity, but it has been proved that
e
c
CRC is not capable of doing that. Therefore, the task for improvement falls on TKIP. TKIP
r
u
aims to work out an applicable algorithm based on solid cryptography to implement
o
s
message integrity check (MIC). The final algorithm is one called Michael, which is an
e
R
outcome of the compromise of multiple factors. Compared with the simple linear hash

g
algorithm, Michael is robust. However, the Standards Committee expects an easy
n
ni
application of algorithms, so the design of Michael is largely restricted.

a r
The development of Michael results from some attacks, among which the most serious
e


e L
attacks are the modification of bit and header. The modification of bits takes advantage of

or
the CRC's weakness in cryptography. As a linear hash algorithm, any change of the CRC
input bits will result in a change of the output ones. It is no longer something that is
M known to only a limited circle of people. Attackers can modify several bits of a frame and
to balance the difference resulted, they can change the WEP MIC value at the same time.
For the modification of headers, malicious attackers may forge an IP address of a source
end or a sending end. They may also modify the destination IP address to control the
transmission direction of a frame.

 Michael cannot be counted as a highly secure encryption algorithm. It is designed for

networks with a lot of devices. Michael helps to protect the data security when the
 existing network security is being upgraded. In other words, it is only a temporal measure
that will be replaced when a long-term solution comes out.

n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
CCMP: The combination of AES-based encryption algorithm and CCM authentication

:h
greatly improves WLAN security. CCMP is a must for robust security network (RSN)

s
construction. Since AES has high requirements on hardware, CCMP cannot be
e
c
implemented simply by upgrading the existing devices.
r

ou
CCMP is not an outcome of compromise; instead, it is independently designed. Therefore,

es
CCMP can provide highly reliable security.
R


n g
AES is an encryption standard first used by the U.S. government in 2001. It supersedes the

ni
Data Encryption Standard (DES). AES adopts the Rijindael block encryption algorithm

r
developed by two Belgians, where the block size is 128 bits and the key size is 128 bits,
a
L e
192 bits, or 256 bits. Different number of iteration rounds are performed in accordance
with the key sizes, say, 10, 12, or 14 rounds.
e
or  Counter (CTR) and CBC-MAC were first put forward in 1970s, and are now standardized.

M CCMP uses CBA-MAC to calculate MIC values and CTR to encrypt data. To put it in
another way, CCMP defines an application method of AES. The relationship between AES
and CCMP is similar to that between RC4 and TKIP.

 Security: The U.S. government says the security of AES meets its requirements on secret
data encryption.

 AES cracking: The AES encryption algorithm cannot be cracked currently.

 Comparison between CCMP and TKIP: The major difference is that CCMP adopts AES
 block encryption algorithm where the block size is 128 bits and the key size is 128 bits. AES
encryption algorithm applies to packet encryption, key management, and message integrity
code calculation.

n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
In shared key authentication mode, two WEP encryption modes are available: WEP-40 and

:h
WEP-104. One access security profile can only be configured with one data encryption

s
mode; otherwise, only the latest configuration takes effect.
e
r c
To enable shared key authentication, the STA and AP must be configured with the same
u


o
shared key. In shared key authentication mode, a maximum of four WEP encryption keys
s
Re
can be configured at the same time. The key IDs are 0, 1, 2, and 3 respectively. If WEP-40
is used, the encryption key can be configured as a 10-digit hexadecimal number or five

n g
ASCII characters; if WEP-104 is used, the encryption key can be configured as a 26-digit

ni
hexadecimal number or thirteen ASCII characters
r
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Choose Configuration > AP Management > Service Set > Security Profile.

s :h
In the Security Profile List area, click Create. In the Create Security Profile dialog box that is
displayed.

r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Wi-Fi Protected Access (WPA) is a commercial standard drafted by the Wi-Fi Alliance to

:h
substitute the insecure Wired Equivalent Privacy (WEP) standard before IEEE 802.11i was

s
published. WPA uses the RC4 algorithm, which is called the Temporal Key Integrity
e
Protocol (TKIP) algorithm.
r c

ou
There are two WPA authentication modes:

802.1X+EAP es
R


n g
An authentication server is needed.

r ni
WPA pre-shared key (WAP-PSK)

e a No authentication server is needed and pre-shared key authentication is

L


e
configured.

or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Note:
t t


s :h
If the security policy uses 802.1X authentication, run the dot1x-authentication

r c e
enable command and dot1x authentication-method { chap | pap | eap } command to
enable 802.1x authentication in the WLAN-ESS interface and set the 802.1x

ou
authentication method for WLAN users.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
With the proposal of the 802.11i security standard, the Wi-Fi Alliance introduced WPA2

:h
based on the IEEE802.11i Standard in 2004. Different from WPA, WPA2 adopts 802.1X

s
authentication that includes EAP authentication, LEAP authentication, EAP-TLS
e
c
authentication, EAP-TTLS authentication, and PEAP authentication. The pairwise master
r
u
key (PMK) is used as a seed to generate an encryption key. A different PMK is generated
o
s
every time a user goes online, which ensures security of the encryption key. WPA2 adopts
e
R
the CCMP encryption.

n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Creating an authentication scheme
t t


s :h
Choose Configuration > Security Management > AAA > AAA Schemes.

c e
Click Create in the Authentication Scheme area, and set parameters in the Create
r
u
Authentication Scheme dialog box that is displayed.

o


es
Creating a RADIUS server template

R
Choose Configuration > Security Management > AAA > RADIUS Setting.
g


ni n
In the RADIUS Server Template area, click Create. In the Create RADIUS Server

a r
Template dialog box that is displayed.


L e
Creating an authentication or accounting server

e
or
 Choose Configuration > Security Management > AAA > RADIUS Setting.

M  In the Authentication/Accounting Server area, click Create. In the Create

Authentication/Accounting Server dialog box that is displayed.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WPA-WPA2 and TKIP-CCMP: User devices vary and support different authentication and

:h
encryption modes. This security policy supports simultaneous configuration of WPA and

s
WPA2 on the AC so that multiple types of terminals can access the network, facilitating
e
c
network management. If the security policy is set to WPA-WPA2, any terminal that
r
u
supports WPA or WPA2 can be authenticated and access the WLAN; if the encryption
o
s
mode is set to TKIP-CCMP, any authenticated terminal that supports TKIP or CCMP can
e
R
implement service packet encryption.

n g
By default, WPA-WPA2 uses 802.1X authentication + TKIP-CCMP encryption.

ni


a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WAPI is a security mechanism defined in the Chinese national WLAN standard.

s :h
On June 15, 2009, the Broadband Wireless IP Standard Working Group told that WAPI

r c e
had, for the first time, been approved unanimously by over ten participant countries
including America, Britain, and France, and that it would be recognized as an international

ou
standard and be published in the form of an independent text.

es
WAPI is China's first self-developed technical standard for access security in the field of
R


g
broadband wireless LAN communication. China owns the intellectual property right of

n
ni
WAPI.


a r
WAPI allows only robust security network association (RSNA), providing higher security

L e
than WEP and WPA. It can be identified by the Information Element field in a Beacon

eframe.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The 802.11 system has the following weaknesses:

:h
The dual-element authentication architecture has not been changed.

s
The AP is not assigned with a unique digital certificate.
e
c
The AP identifies WLANs based on SSIDs.
r

ou
WAPI is an instance that applies the access control method based on a triple-element

es
architecture and peer authentication to WLANs. In this architecture, the AP is allocated
R
with a unique certificate and bidirectional authentication is performed between the three

n g
entities on two links.

r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The WAPI protocol includes the following core content:

 WAI:
s :h


c e
Establishes a security policy
r


ou
Completes bidirectional authentication (two authentication modes: certificate

s
authentication and pre-shared key authentication)
e
R
Negotiation between unicast and multicast keys
g


ni
WPI: n
a r Solves all the known problems of WEP
e


e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
On most carrier WLAN scenarios, only Portal authentication is used. In other words, none

:h
of the three encryption methods (WEP, WPA, and WAPI) are used. The carrier WLANs are

s
open and data is transmitted in plain text. It can been seen that most of the public WLANs
e
c
that are widely used currently have low security and application layer protocols are needed
r
u
to guarantee the WLAN security.
o

es
On enterprise WLANs, however, WPA2+802.1X authentication is used to protect the user
security. R
n g
ni
 This table presents a summary of the WLAN authentication and encryption, and various

r
combinations of authentication and accounting applied at the service layer.
a
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Port-based access control authentication and authorization can be implemented only if the

:h
802.1X architecture has the following three components:

Supplicant
e s
c


 Authenticator
ur
s o
Authentication server
e


R
Features of TKIP encryption
g


ni n
The IV length is increased from 24 bits to 48 bits so that more IVs are supported.


a r
A mechanism for key generation, management, and transmission is introduced into

L e TKIP encryption.

e
or
 Each user uses a unique key.

M 
 The key used in data encryption is transmitted in a secure way.

Use MIC to check the data integrity.

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Protocol: The protocol version is 0, indicates the unique version.

 Type: indicates the frame type.

s :h


c e
Subtype: indicates the subtype of a frame. Request to Send (RTS): Type=0,
r
u
Subtype=1011. Clear to Send (CTS): Type=01, Subtype=1100.

o


es
To DS and From DS: indicate the frame sent to the AP or from the AP.

R
More Fragments: indicates whether there are other frames that are divided from a
g


ni n
large frame. If the upper-layer frames are fragmented, all the fragments except the

r
last one set this bit to 1.

e a
Retry: indicates that the frame needs to be retransmitted. All the retransmitted frames
L


e
set this bit to 1 so that the receiver can reject repeated frames.

or  Power Management: indicates the power status of the transmitter after a frame is

M transmitted. The value 1 indicates that the STA is in Power_save mode, and the value
0 indicates that the STA is in active mode.

 More Data: this bit is only used by management frames. The value is fixed as 0 in the
control frame.

 Protected Frame: the value 1 indicates that the frame body is encrypted, and the
value 0 indicates that the frame body is not encrypted.

 Order: indicates that the frames and fragments can be transmitted in a certain order;
 however, the transmitter and receiver must number the frames and fragments. The
value is 1 if frames and fragments are transmitted in a certain order.

n
/e
o m
ei.c
aw
u
g .h
ni n
ar
//le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
//le
p :


t t
When the 15th bit is set to 0, the Duration/ID bit is used to set NAV.

s :h
This bit indicates the number of microseconds used by the transmission medium to

r c e
transmit the frame. The workstation must monitor all received frame headers and
update NAV. If the transmission consumes more time than expected, the NAV is

ou
updated and other workstations are rejected.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Address 1 indicates the receiver's address. In some cases, the receiver's address is

:h
the destination.

e s
Destination refers to the encapsulated workstation in the frame.
c


ur
The receiver is the workstation that decrypts wireless signals into 802.11 frames.

s o
e
 If Address 1 is a broadcast or multicast address, the workstation must check

R
BSSID. The workstation responds to the broadcast or multicast messages from

g
the same BSS, and discards the messages from other BSSs.
n


r ni
Address 2 is the transmitter's address, which is used to sent response message. In

e a
some cases, the transmitter's address is the source. The source address is the

e L
workstation that encapsulates frames into network layer protocol, and the transmitter

or
sends frames to wireless links.

M  Address 3 is used to filter stations and transport systems. The use of this bit depends
on the network type.

 Address 4 is used in the WDS.

 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
The sequence number is the number of transmitted frames Mod 4096. The number of

:h
transmitted frames starts from 0, and increases 1 every time the MAC processes an

s
upper-layer packet. If a frame is retransmitted, the sequence number is unchanged;
e
r c
therefore, repeated frames can be discarded.


ou
The fragment number is used when the upper-layer packets are fragmented. The

es
number of the first fragment is 0. The fragment number increases 1 for consecutive
R
fragments. All fragments of a packet have the same sequence number. The sequence

n g
ni
number of retransmitted frame is unchanged.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The workstations use the same algorithm, so they can use FCS to verify frame

:h
integrity. All bits in MAC header and frame body are counted. 802.3 and 802.11 use

s
the same algorithm to calculate FCS; however, the MAC headers are different.
e
r c
Therefore, the workstations must recalculate FCS. When a frame arrives at the

u
wireless link, the workstation calculates the FCS first, and forwards the frame through
o
s
RF or IR link. The receiver then calculates the FCS for the received frames, and
e
R
compares the FCS with the recorded one. If the FCSs are the same, it indicates that

g
the frame is not damaged during transmission.
n


r ni
On the Ethernet, the frames with incorrect FCSs are discarded or sent to the upper-

e a
layer protocol. On the 802.11 network, the receiver must respond to the frames

e L
passing integrity check. If no response is returned, the frame is retransmitted. No

or
response is returned for the frames that do not pass FCS check. Therefore, the
workstation must wait until timer expires before retransmission.
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
 Type values:
t t
 Management frame: 00
s :h
 Control frame: 01
r c e
ou
Data frame: 10
The value 11 issreserved.
Re


Subtype is the specific type of frames.

g


n i n
a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Frame Control: Each frame control bit may affect the description of other bits in MAC

:h
header. Especially, the address bit meaning depends on the To DS and From DS bits.


e s
Duration: The Duration bit records the NAV value. NAV specifies the time limit for
access medium.
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The Distribution System (DS) is the backbone network for forwarding frames between

:h
access points. Generally, the DS is the Ethernet.


e s
SA refers to the source address, DA refers to the destination address, RA refers to

r c
the receiver, and TA refers to the transmitter.

ou


es
BSSID: The coverage area of an AP is a BSS. Each BSS is identified by a BSSID,

R
which indicates the MAC address of an AP.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The four figures match columns 1-4 in the previous slide.

s :h
1. The source and transmitter are STA, and the destination and receiver are AP.

r c e
Signals are transmitted by the STA, and the STA attempts to associate with the AP.
The BSSID is used to discard the signals from other STAs.

ou


es
2. The source and transmitter are STA, and the receiver is AP. Signals are

R
transmitted from the wireless link to AP, so the To DS field is 1. The destination is the

g
switch connected to the AP.

n
ni
 3. The source is the switch connected to the AP, and the transmitter is the AP.

a r
Signals are transmitted from AP to the wireless link, so the From DS field is 1. The

L e
destination and receiver are STA.

e
or
 4. This is a WDS model. All the four address bits are used only in this model. In WDS,
signals may be transmitted from wireless link to AP and from AP to wireless link.
M Therefore, the To DS and From DS fields are both 1.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Some bit values in Frame Control are fixed.

:h
 Type: 01. All control frames use this value.

e s
To DS and From DS: The control frame is used to process access to wireless

r c
medium; therefore, it is generated by the wireless workstation. The

ou
transmission system does not receive or transmit control frames. Therefore,

es
the value of these two bits must be 0.
R
g
 More Fragments: The control frame is not fragmented, so this value is fixed as
0.

ni n


a rRetry: Unlike management frames and data frames, control frames are

L e transmitted in sequence. Therefore, this value is fixed as 0.

e  More Data: This bit is only used by management frames. The value is fixed as

or 0 in the control frame.

M  Protected Frame: The control frames are not encrypted. Therefore, this value
is fixed as 0.
 Order: The control frames is a component in atomic frame exchange operation;
therefore, they must be transmitted in sequence. The value is fixed as 0.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The RTS frame is used to obtain the medium control authority for transmitting frames.

s :h
Frame Control: It is the same as the Frame Control bit of other frames. The value

r c e
1011 indicates the RTS frame. The other bits are the same as those of other frames.

ou
Duration: The RTS frame specifies the medium access authority for atomic frame

s
exchange operation. Therefore, the transmitter must calculate the remaining time
e
R
after RTS frame is sent. After calculation is complete, the microseconds used for

g
frame transmission are set to the Duration bit. If the result is not an integer, it is

n
ni
automatically changed to the next microsecond.


a r
Receiver Address: indicates the address of the workstation receiving RTS frames.


L e
Transmitter Address: indicates the address of the RTS frame transmitter.
e
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
After receiving the CTS frame, the neighboring workstations do not response.

s :h
Frame Control: The subtype value is set to 1100, indicating the CTS frame.

c e
Duration: When responding to RTS, the CTS transmitter uses the duration value of
r
u
RTS frame as time basis. RTS reserves medium use time for the RTS-CTS-frame-

o
s
ACK interaction process. After the CTS frame is sent, only the other frames,
e
R
fragments, and response messages need to be transmitted. The CTS transmitter

g
deducts the time required for transmitting CTS frames and other frames from the RTS

n
ni
duration, and sets the result to CTS duration.


a r
Receiver Address: The CTS receiver is the RTS transmitter, so MAC copies the RTS

L e
transmitter address to the CTS receiver address.

e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
ACK is the positive acknowledgement to any received data, including RTS/CTS

:h
frames and fragments. By using the service quality expansion function, ACK is not

s
needed for some types of frames.
e
r c
Frame Control: The subtype value is set to 1101, indicating the ACK frame.
u



s o
Duration: The value in the last frame or fragment is set to 0 depending on the ACK

Re
position in frame transmission.

n g
Receiver Address: The receiver address is copied from the response packet.

r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Frame Control: The subtype value is set to 1010, indicating the PS-Poll frame.

s :h
AID: In the PS-Poll frame, the third and fourth bits in MAC header are the association

r c e
ID. AID, specified by the workstation, is used to distinguish connections. By adding
the AID to frames, the AP can find buffered frames.

ou


es
BSSID: This field contains the BSSID of the transmitter. The BSS is set up by the

R
connected AP.

n g
Transmitter Address: indicates the MAC address of the PS-Poll frame transmitter.

r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Management frames have the following types:

:h
 Beacon frame

e s
Beacon frames are used to declare network existence. Mobile

r c
workstations use the Beacon frames to detect network existence, and

ou
adjust parameters used to join the network.

es
The access points transmit Beacon frames.
R


n g On the IBSS network, the workstations transmit Beacon frames in turn.

ni
 Probe Request and Probe Response

a r  The workstations send Probe Request frames to scan 802.11 networks.

L e  If the Probe Request is compatible with the discovered network, the

e
or
network returns a Probe Response frame.
 Authentication and Deauthentication
M  The workstation uses shared key and Authentication frame for
authentication.
 The Deauthentication frame is used to terminate the authentication
relationship.
 Association Request
 After the workstation discovers a compatible network and passes
authentication, it sends an Association Request frame to the network.
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
//le
p :


t t
Which parameter controls the 802.11 frame type?

:h
 The Type field in Frame Control decides the frame types.

e s
Management frame: 00
c


ur
Control frame: 01

s o
e
 Data frame: 10

R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Carrier Sense (CS): Before transmitting data, a station monitors the line to check whether

:h
the line is idle. In this manner, chances of collision are decreased.

e s
Multiple Access (MA): Data sent by a station can be received by multiple stations.
c


ur
Collision Detection (CD): If two stations transmit signals at the same time, the signals are

s o
superimposed, and the voltage amplitude over the line doubles the normal value. A collision
e
occurs. Stations stop data transmission after detecting the conflict, and resume the
R
g
transmission after a random delay.

n
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Working process:
t t


s :h
Terminal A detects the status of the shared line continuously.

c e
If the line is idle, terminal A sends data.
r


ou
If the line is in use, terminal A waits until the line becomes idle.

es
If terminal B sends data simultaneously, collision occurs. Signals of the line become
R


unstable.

n g
ni
 The terminals stop sending data when they detect the unstable signals.


a r
Terminals then send a succession of interference pulses and wait for a period to send data.

L eTerminals send interference pulses to notify other devices of the collision, especially
e


or
notifies the device that sends data at the same time. The time to wait for resuming
data transmission is random.
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Collision detection wastes transmission resources. Therefore, 802.11 WLAN protocol uses

:h
the collision avoidance mechanism.


e s
Carrier Sense (CD): Before transmitting data, a station monitors the line to check whether

r c
the line is idle. In this manner, chances of collision are decreased.

ou


es
Multiple Access (MA): Data sent by a station can be received by multiple stations.


R
Collision avoidance: 802.11 allows stations to send Request to Send (RTS) packets and

g
Clear to Send (CTS) packets to clear the transmission line. This avoids interference of other
n
ni
stations during data transmission.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
As shown in the figure, the AP can communicate with PC1 and PC2 but PC1 and PC2

:h
cannot communicate with each other due to some restrictions. (PC1 and PC2 cannot

s
receive radio signals of each other because they are for from each other. Obstacles
e
c
between PC1 and PC2 have little impact on the hidden node problem.)
r

ou
PC2 is a hidden node of PC1. PC1 and PC2 may send data simultaneously, which causes

es
collision and the AP cannot identify information from PC1 and PC2. PC1 and PC2 cannot
detect the error. R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
PC1 sends an RTS frame to the AP. After receiving the frame, the AP returns a CTS frame.

:h
PC2 cannot receive the RTS frame sent by PC1 but receives the CTS frame sent by the AP.

s
Therefore, PC2 does not send data frames over the channel.
e
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
PC1 is transmitting data to AP1. When PC2 wants to send data to AP2, it listens on the

:h
signal channel as defined in CSMA/CA. PC2 detects that PC1 is sending data and

s
mistakenly considers that it cannot send data to AP2. However, PC2 can send data to AP2
e
c
without interfering data transmission of AP1. The exposed node problem occurs.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
PC1 sends an RTS frame to AP1. After receiving the frame, AP1 returns a CTS frame. If PC2

:h
receives the CTS frame, PC2 does not send data. If PC2 receives only the RTS frame, it still

s
sends data. PC2, as an exposed node, will not receive the CTS frame of AP1. Therefore,
e
PC2 can send data to AP2.
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 InterFrame Space (IFS)
t t
:h
 A station has to wait for a delay to send the next frame (listening on the channel)
s
after the previous frame is sent. This delay is called InterFrame Space (IFS).
e
r c
The duration of the delay depends on the frame type. High priority frames are sent
u


o
ahead of lower priority frames. A station only waits for a short delay to send frames
s
priority.
Re
with higher priority and has to wait for a long delay for sending frames with lower

n g
A station defers the transmission of lower priority frames if it detects that the

ni


medium is busy handling higher priority frames. This reduces the chance of collision.

a r


L e
Short Interframe Space (SIFS)

e The SIFS defined in 802.11g has the value of 10 microseconds and is the smallest IFS.

or


It differentiates frames in each exchange. The station switches back to the receive
mode from the transmit mode within this period.
M  SIFS applies to transmission of the following frames.
 Acknowledgement frames, CTS frames, data frames of the fragmented MAC
frames, AP probe reply frames, frames sent from the AP to the STA that uses
the PCF mode.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The preceding figure demonstrates how Network Allocation Vector (NAV) ensures

:h
noninterference of the whole process.


e s
The access of a work station to the medium is described in bars in shadow. Each bar is

r c
marked with the frame type. If no frame is sent, the operation of the station is marked
with frame interval.
ou
es
At the bottom of the figure, the bar align with the NAV represents the NAV timer. NAV is
R


g
carried in the header of RTS and CTS frames. Other stations postpone medium access

n
ni
because the CSMA/CA mechanism senses that the medium is busy.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
A WLAN enables users to access the Internet by using wireless clients.

s :h
A STA scans wireless networks first. After the authentication and association process is

r c e
complete, the STA sets up a connection with an AP and accesses the wireless LAN.

ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
In active scan, a STA periodically searches for near wireless networks. The STA can send a

:h
Probe Request frame with or without an SSID.

e s
The STA sends a Probe Request containing an SSID in 11 channels to search for the AP
c


r
with the same SSID. Only the AP with the same SSID will respond to the STA.
u


s o
The STA periodically sends a Probe Request that does not contain an SSID in the
e
supported channels. The APs return Probe Response frames to notify the STA of the
R
g
wireless services they can provide.

n
ni
 In passive scan, a STA waits for the Beacon frames sent by APs. The Beacon frames contain

a r
the BSS information of the APs.

L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Authentication is the first of two steps required to connect to the 802.11 basic service set.

:h
Both authentication and association must occur, in that order, before an 802.11 client can

s
pass traffic through the AP to another device on the network.
e
r c
The 802.11-2007 standard specifies two different methods of authentication: Open
u


o
System authentication and Shared Key authentication.
s


Re
If open system authentication is used, the WLAN client can be authenticated as long as the

g
WLAN server supports open system authentication and packets exchanged between them

n
ni
are not encrypted.


a r
Shared key authentication requires that the WLAN server and client use the same shared

L e
key. The WLAN server checks whether the client uses the shared key. If the client uses the

esame shared key as the server, the client is authenticated; otherwise, the client fails to be

or authenticated.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The WLAN client has already obtained the service configuration parameters such as the

:h
access authentication algorithm and encryption key in the WLAN service discovery stage.

s
These parameters are carried by the Beacon frame or probe response sent by the WLAN
e
c
server. In the client association stage, the association or re-association request sent by the
r
u
client carries the client's parameters and the parameters that the client selects according to
o
s
the service configuration, including the transmission rate, channel, QoS capabilities, access
e
R
authentication algorithm, and encryption algorithm.

n g
After link negotiation is complete, an 802.11 link is set up between the WLAN server and

ni


client.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
How many stages are required for an STA to access the network and what are they?

 WLAN access process:

s :h


c e
Three stages: scan, authentication, and association
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Electromagnetic wave (namely, electromagnetic radiation) moves in the air using the

:h
electric field and magnetic field that are mutually vertical and flap in the same
direction.
e s

r c
Radio wave is the electromagnetic wave emitted in the free space (including air and

ou
vacuum). The frequency of radio wave is lower than 300GHz (The lowest frequencies

es
are different. The commonly used lowest frequencies are 3 KHz-300 GHz, 9 KHz-300

R
GHz, and 10 KHz-300 GHz).

n g
ni
 The current change in the conductor generates radio waves. Therefore, information

r
can be carried by radio wave through modulation. When electromagnetic wave

e a
reaches the receiver, the electromagnetic field change caused by the electromagnetic

e L wave generates current. Information can be extracted from current through

or
modulation. Information is thus transmitted.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Frequency is an important physical index. The frequency of a wave is the flapping

:h
frequency of the wave. The unit is Hz. If a wave flaps once per second, the frequency
is 1 Hz.
e s

r c
Wave consists of consecutive crests and troughs. The distance between adjacent

ou
crest and trough is the wavelength. Waves vary in size from very long radio waves

es
the size of a football field, to very short gamma-rays smaller than the size of the

R
nucleus of an atom. The higher the frequency is, the shorter the wavelength is.

n g
ni
 The frequency of electromagnetic waves ranges from 3 kHz to 300 GHz, and the

r
wavelength ranges from 10 km to 0.1 mm.

e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
When radio waves reach the receiver, the electric field may be vertical to or in parallel

:h
with the group.


e s
When the phases are the same (or 180°), the electric field is linear

r c
polarization. In this case, the electric field vectors are in the same plane. The

ou
amplitude E of electric field changes at an interval in period t, but the direction

es
is not changed. The wave of electrical field E that is vertical to the group is

R
called vertical polarized wave, and the wave that is parallel with the group is

n g
called parallel polarized wave.


r ni
If the vertical vector and parallel vector of an electric field are the same and

e a the phases are 90° (270°, the wave is the circular polarized wave.

e L  Generally, the amplitude and phase of waves are random values, and the

or
electric field E is an ellipse. This is called elliptical polarization. If the transmit
antenna uses circular polarization, the receiver antenna must also use circular
M polarization, and the polarization directions must be the same. This is called
polarization matching.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
When electric charge is added to the metal conductors. The electric field is generated

:h
between the conductors, as shown in figure 1. In figure 2, the conductors is placed far

s
away from each other. If the conductors forms a line, the electric field is outside the
e
r c
conductors, as shown in figure 3.

ou
When the conductor length L is greatly smaller than wavelength λ, emission is weak.

es
When the conductor length is near the wavelength, current on the conductor greatly

R
increases and emission increases. The linear conductor is called dipole.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The antenna converts guided waves on cables into free space electromagnet waves

:h
or converts free space electromagnet waves into guided waves. Antennas on wireless

s
devices transmit and receive electromagnetic waves. The signals transmitted by the
e
r c
wireless transceiver are received by the antenna through the feeder, and transmitted

u
by the antenna as electromagnet waves. The electromagnet waves are received by
o
s
the antenna of the receiver, and sent to the wireless transceiver through the feeder.
e

R
Generally, an antenna can transmit and receive electromagnet waves. The features

n g
and specifications of an antenna are basically the same when it transmits and

ni
receives electromagnet waves. This is the reciprocity principle.
r


e a
Guided waves: electromagnet waves transmitted along a transmission line in a

e L certain direction. The typical guided waves are the waves transmitted along the

or
parallel lines or coaxial cables, waves transmitted along the pipe, and waves
transmitted along the ground from the launchers to the receiver.
M  Free space waves: electromagnet waves transmitted in free space.
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
To analyze antenna performance, antennas are classified into two types: linear

:h
antenna (metal cables of which the semidiameter is smaller than the wavelength) and

s
plane antenna (metal or medium of which the semidiameter is greater than the
e
r c
wavelength). The linear antenna is used for long, medium, and short frequency bands.

u
The plane antenna is used for centimeter or millimeter frequency bands.
o
s
Veryhighfrequency (VHF) is transmitted by linear antennas, and ultrahigh frequency
e
R
(UHF) is transmitted by both linear and plane antennas. The working mechanisms of

g
linear antenna and plane antenna are the same.
n
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
:

t
The dipole with the arms of the sametp length is called balanced
dipole. The dipole with the armshof which the length is 1/4 of
s :
c e
wavelength is called half-wavelength dipole, and the length of two
r The longer the wavelength is, the larger
u
arms is 1/2 of wavelength.
odipole is.
s
Re
the half-wavelength

g
 Half-wavelength dipole generates electric wave of which the wavelength is two times

i n
of the dipole length. The two ends of the generated standing wave are voltage

n
r
antinode and the center is current antinode. It is similar to electric dipole, which can
a
L e
be used as antenna (dipole antenna). When it is used as dipole antenna, the
wavelength is half wavelength. Symmetrical dipole is the typical and commonly used

o re antenna.

M
 In short wave, ultrashort wave, and microwave, the half-wavelength dipole functions
as the dipole of antennas, feeders, or antenna arrays.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
An antenna can transmit waves to different directions and receive waves from

:h
different directions. An antenna pattern is a plot of the relative field strength of the

s
electromagnet waves emitted by the antenna at different angles. The omnidirectional
e
r c
antennas emit and receive equal power in all horizontal direction. The directional

u
antennas emit and receive relatively high power in one or multiple directions. The
o
s
omnidirectional antennas are undirectional, so they are usually used by point-to-
e
R
multipoint console. The directional antennas emit and receive high power in certain

g
directions, so they have relatively high gain than omnidirectional antennas. The
n
ni
directional antennas are suitable for long-distance, point-to-point communication. In

a r
addition, they can effectively prevent interference.

L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The radiation of a vertical half-wavelength symmetrical dipole is represented by a

:h
three dimensional perspective.

e s
The flat pattern shows the radiation direction of an antenna at the specified plane.

r c
The radiation in the axes direction is zero, and the radiation in the horizontal direction

ou
is the maximum value. The antenna has equal radiation in all directions.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
When the pattern becomes flat, signals are focused. The signals are strong in certain

:h
directions, and weak in other directions.

e s
The flat pattern shows the reflector function: The reflector reflects energy to one side

r c
to increase gain. The paraboloid reflector focuses energy to an angle, like a

ou
searchlight. A paraboloid antenna consists of a paraboloid reflector and radiation
source.
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Polarization refers to the orientation of antennas in the plane perpendicular to a

:h
transverse wave's direction of travel. The electrical field and magnetic field have fixed

s
relationship, so polarization direction of antennas is represented by the direction of
e
r c
electrical field. It is the electrical field direction in which the antenna emits highest
energy.
ou

es
Due to the characteristics of electrical waves, the horizontally polarized signals

R
generates current when approaching to the ground. Polarized current generates heat

n g
due to ground impedance. As a result, electrical field signals are attenuated. The

ni
vertically polarized signals do not generate current, so energy will not be attenuated.
r
a
Therefore, vertical polarization is widely used in mobile communication. Huawei uses
e
e L vertical polarization or ±45° dual-polarized antennas in wireless systems.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Dual-polarized antennas: combination of vertically polarized antenna and horizontally

:h
polarized antenna, or combination of +45° polarized antenna and -45° polarized
antenna.
e s

r c
With development of new technologies, dual-polarized antennas are widely used now.

ou
Dual-polarized antennas use two polarization modes: vertical and horizontal

s
polarization and ±45° polarization. The performance of ±45° polarization is
e
R
higher than the performance of vertical and horizontal polarization. Therefore, ±45°

n g
polarization is widely used. The dual-polarized antenna consists of +45° and -45°

ni
antennas that are mutually orthogonal and work in full duplex mode. Fewer antennas
r
a
will be used if dual-polarized antennas are adopted. In addition, the ±45° antennas
e
e L are mutually orthogonal, signal transmitting and receiving performance is improved.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The indoor ceiling-mounted antenna must have simple structure and be easy to install.

:h
The antenna has low gain, which is about2-5 dBi. Such antennas are usually used on

s
indoor distributed devices. The antenna receives signals through feeder.
e

r c
Wall-mount antennas also feature in light weight and easy installation. The gain of

ou
wall-mount antennas is about 5-8 dBi. The wall-mount antennas can be used on

es
indoor distributed devices or directly connected to the signal source.

R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Outdoor antennas are the most important part in WLAN outdoor project. Antenna type

:h
decides whether signals can be stably transmitted in a long distance. Antenna's

s
coverage area and angle must be considered when selecting antenna types. When
e
r c
the space to be covered is small, the low-gain omnidirectional or directional antennas

u
can be used. When the space to be covered is large, the high-gain directional
o
s
antennas must be used. The high-gain, small-angle antennas are suitable for outdoor
e
R
long distance, point-to-point transmission.


n g
Directional antennas can provide high gain. Generally, the antennas that have small

ni
angles provide high gain, and signals are transmitted longer. However, the antennas
r
a
that have focused directions are difficult to install and adjust. The antennas on two
e
e L sides must point to each other; otherwise, signal transmission is inaccurate. Such

or
antennas are suitable for long-distance transmission. Therefore, there are high
requirements on the antennas' locations.

M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Physically, gain has the following meaning: ratio of the signal output of a system to

:h
the signal input of the same system. If the transmitter antenna is an ideal

s
undirectional source, the input power should be 100 W. If the transmitter antenna is a
e
r c
directional antenna of which gain is G=13dB(20 times), the input power is 100/20=5W.

u
That is, an antenna's gain is the amplifier of input power of the undirectional ideal
o
radiation source.
es

R
If the gain is calculated based on half-wavelength symmetrical dipole, the gain unit is
dBd.
n g


r ni
When selecting gain, ensure that the beam matches coverage area. If coverage area

e a
is small, select the low-gain antenna with wide vertical lobe.

e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Antennas have different patterns. Some antenna patterns have many lobes. The lobe

:h
that has the highest radiation is the main lobes, and the other lobes are backlobes

s
and sidelobe. The areas between lobes have weak radiation.
e

r c
At the two sides of the main lobe, radiation is reduced by 3 dB (power is reduced a

ou
half). The angle between the two sides is beamwidth (main lobe width, half-power

es
angle). When the beamwidth is narrow, radiation distance is long and interference is
prevented.
R
n g
ni
 When deploying the antennas, note that sidelobes will interfere with peripheral

r
residential areas. Generally, the main lobe radiation needs to be enhanced, and side

e a
lobe radiation needs to be suppressed. However, in the areas near the antennas, the

e L sidelobes enlarge the coverage distance.

or
 There is another beamwidth (10 dB). It is the angle between the two points of which
radiation is reduced by 10 dB (power is reduced 1/10).
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
dBm: indicates an absolute power value. Typical values:

:h
 0 dBm = 1 mW
 3 dBm = 2mW
e s
 -3 dBm = 0.5 mW
r c
10 dBm = 10 mW
ou
s


Re
-10 dBm = 0.1 mW

g
 dBi and dBd: indicates the gain (power gain).


ni n
The reference source of dBi is omnidirectional antenna. The reference source

a rof dBd is dipole. dBd=dBi+2.14

L e That is, the gain 16 dBd is equivalent to 18.14 dBi, that is 18 dBi.

e
 dB: indicates a relative power.

or  For example, if the power of antenna A is two times of the power of antenna B,

M 10lg(power of antenna A/power of antenna B)=10lg2=3dB. That is, the power

of antenna A is 3 dB higher than the power of antenna B.
 When transmitting signals within 100 m at frequency band 2.4 GHz, the power
loss of the 1/2-inch feeder is about 12.1 dB.
 If the power of antenna A is 46 dBm and the power of antenna B is 40 dBm,
the gain of antenna A is 6 dB higher than the gain of antenna B.
 If the power of antenna A is 12 dBd and the power of antenna B is 14 dBd, the
gain of antenna A is 2 dB lower than the gain of antenna B.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 The splitter equally divides energy.
t t
:h
 The splitter cascades two, three, or four channels to distribute power.
 Note
e s
r c
u
 Cavity splitter is applicable to high transmit power.

s o
The output arms of cavity splitter are not separated; therefore, the cavity

Re
splitter cannot be used as combiner.


n g
When working for a long time, the cavity splitter is stabler than the microstrip

ni
splitter.

a rWhen connecting passive components, consider port definition; otherwise, the

L e system cannot work.

e
or
 Passive components cannot work under overloaded power; otherwise, the
components may be damaged or the active devices may be faulty.

M  When connecting components, ensure that the interfaces are reliably

connected; otherwise, interface performance may degrade and the system
cannot work.
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 Product Type
t t
:h
 Couplers are classified into cavity coupler and microstrip coupler based on
power distribution.
e s

r c
The couplers must be selected properly.

ou
s
 Note

Re
Cavity splitter is applicable to high transmit power.


n g
When working for a long time, the cavity splitter is stabler than the microstrip

ni
splitter.

a r
When connecting passive components, consider port definition; otherwise, the

L e system cannot work.

e
or
 Passive components cannot work under overloaded power; otherwise, the
components may be damaged or the active devices may be faulty.

M  When connecting components, ensure that the interfaces are reliably

connected; otherwise, interface performance may degrade and the system
cannot work.
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
The combiner combines signals of multiple systems into a set of antenna system. In

:h
wireless antenna system, input and output signals of different frequency bands are

s
combined ,and the antenna system is connected to the console through a feeder.
e
r c
This saves feeders and prevent antenna switching.

ou
In the WLAN field, combiners include single-band combiners (2.4G) and multi-band
combiner).
es

R
The input port on the combiner limits frequency.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The coaxial cable has inner conductor and the outer shield sharing a geometric axis.

:h
Coaxial cable has an inner conductor surrounded by a tubular insulation layer,

s
surrounded by a tubular conducting shield. The coaxial cable transmits high-
e
r c
frequency signals with little loss, prevents interference, and provides high bandwidth.

ou
There are two types of coaxial cables: 50Ω and 75Ω.The 75Ω coaxial cable uses

es
CATV system, and the 50Ω coaxial cable uses radio communication.

R
FR coaxial cable is the coaxial cable that transmits signals and energy within the

n g
ni
radio frequency range. FR coaxial cables are classified into three types based on

r
functions, CATV coaxial cable, radio coaxial cable, and leakage coaxial cable.

e a
When signals are transmitted in the feeder, there are impedance loss and media loss.

e L The loss increases when the feeder length and working frequency increase.

or
Therefore, the feeder should not be too long.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
RF coaxial connector (RF connector) is installed on a cable or instrument to separate

:h
or combine electricity)

e s
Compared with other electrical components, RF connector has a shorter

r c
history.1930The UHF connector invented in 1930 is the earliest RF connector. During

ou
the second world war, radar, broadcasting station, and microwave communication

es
technologies developed fast. Accordingly, the N-type, C-type, BNC, and TNC

R
connectors were developed. After 1958, the SMA, SMB, and SMC connectors were

n g
developed. In 1964, the US issues the MIL-C-39012 RF coaxial connector

ni
specifications. Then, the RF connectors were standardized and commonly used.
r


e a
RF connector type:


e L The major name of a converter is the connector name or fraction.

or
 Example: SMA-50JK represents the SMA-type 50Ω converter. One end is

M
male and the other end is female. BNC/SMA-50JK represents the converter
with BNC male and SMA female, and the impedance is 50Ω.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The surge protection device is usually used between electrical conduction and ground,

:h
and connected to the protected device. When voltage exceeds the upper limit, the

s
surge protection device limits voltage to protect the device. When voltage is restored,
e
r c
the surge protection device restores the working voltage.

ou
Functions of antenna surge protection device: transmits wireless signals and protects

es
interfaces, transmits control signals and protects receiving device, protects television

R
satellite device, monitors signal transmission, protects receiving device, protects

n g
wireless communication device, and protects other radio devices.

r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Combiner, power splitter, and coupler are commonly used passive components used

:h
in indoor distribution system. The combiner is mainly applied to multi-system

s
(GSM/CDMA/3G/WLAN), or to different WLAN frequency bands. The coupler is used
e
r c
to unequally divide power and splitter is used to equally divide power.

ou
Antenna surge protection device and network interface surge protection device are
used outdoors.
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :


t t
How many antenna types are there based on direction?

:h
 Omnidirectional antenna, directional antenna
 23dBm=?Mw
e s
r c
u
 +23 dBm can be divided into +10dBm +10dBm +3dBm.
 Calculation:
s o

Re
1 mW x 10 = 10 mW


n g
10 mW x 10 = 100 mW

r ni
 100 mW x 2 = 200 mW

e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Any customer:
t t


s :h
eSight provides multiple editions to meet management and business requirements of
different enterprises.

r c e


ou
The open secondary development platform and API facilitate enterprises to integrate

s
existing systems and develop personalized tools.
e
 Any device:
R
n g
Unified management on multi-vendor IP and IT devices reduces network

ni


r
management costs.

e a Batch device deployment improves O&M efficiency.

L


e
or
 Any service:

Service-oriented SLA, directly presenting the service quality

M


 Visible WLAN management and wizard-based service configuration

 Unified network monitoring through MPLS VPN and one-click fault diagnosis
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
eSight (eSight V300R006C00) is a new-generation management and maintenance system

:h
developed by Huawei for enterprise agile campus networks and branch networks. It

s
implements unified management of and intelligent interaction between enterprise
e
c
resources, services, and users.
r

ou
eSight supports centralized management of the network infrastructure, unified

es
communications, Telepresence conference, video surveillance, and devices from multiple
R
vendors. eSight supports unified monitoring and configuration management for WLAN

n g
and Multiprotocol Label Switching (MPLS) VPN networks and provides Packet

ni
Conservation Algorithm for Internet (iPCA), service level agreement (SLA), and network
r
a
traffic analysis (NTA) functions for network quality monitoring and analysis. In addition,
e
e L
eSight provides a flexible and open platform, which enables enterprises to customize an

or
intelligent network management system.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The software and hardware configuration requirements vary with eSight editions, and the

:h
hardware platform influences eSight management capabilities.

 NOTE:
e s
r c


ou
To prevent software conflict or mutual impact, only planned services and Huawei

es
recommended software can be installed on the eSight server, for example, DHCP
and DNS services. This avoids port conflicts and provides sufficient server
R
g
performance to guarantee normal service operations.

n
ni
 Client environment:

a r
The client can only determine the browser version and device memory. The
e


e L supported browser versions are IE 8.0 and Firefox 3.6, and the device memory must

or
be no less than 1 GB.

M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Network Planning
t t


s :h
During network planning, you can create virtual region topologies based on existing

r c e
networks and then deploy APs in region topologies, set the scale, and add obstacles
to simulate network environments.

ou


es
eSight can interconnect with the WLAN Planner. You can import network topology
and environment planning files generated by the WLAN Planner to eSight.
R


n g
Service Deployment

r ni
To deploy WLAN services, you need to bind profiles to devices.

e aThe service deployment procedure is as follows: configure the VLANIF interface and
L


e
address pool, configure tunnels between ACs and APs, configure AC parameters,

or
configure profiles, and bind profiles to AP groups.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
During network planning, you can create virtual region topologies based on existing

:h
networks and then deploy APs in region topologies, set the scale, and add obstacles to
simulate network environments.
e s
r c
eSight can interconnect with the WLAN Planner. You can import network topology and
u


o
environment planning files generated by the WLAN Planner to eSight.
s
Re
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
You can deploy services on multiple ACs or a single AC using eSight.

s :h
Service deployment on multiple ACs: After creating profiles and AP groups on eSight,

r c e
you deploy their binding relationship on ACs.

ou
Service deployment on a single AC: You configure a single AC in AC Object Manager

s
by directly creating profiles and AP groups and binding them on the AC.
e

R
eSight automatically searches for AC and SW and adds the found ones to eSight.

n g
Use the intelligent configuration tool to configure the network connectivity between

ni


r
eSight and the AC and LSW so that eSight can deliver services to and implement

a
management on them.
e


e L
Set basic AC information.

or  Import APs in batches using plan sheets.

M  APs download corresponding configuration files from the AC.

 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Users can create regions based on management requirements and add APs to subnets.

:h
Through region monitoring, users can view the signal coverage of APs, AP status, and

s
channel conflict information, and build a virtual network environment for routine
e
c
maintenance according to the actual one.
r

ou
Region monitoring supports planning of sub-region topologies of multiple levels.

es
A region can contain multiple devices.
R


n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Restore an AP to factory settings: Perform this operation when AP configuration is faulty

:h
or when the network is calibrated.


e s
Restart an AP: Perform this operation when an AP is upgraded online or when the network
is calibrated.
r c
ou


es
Replace an AP: Perform this operation to synchronize AP service configurations to a new
AP (unconfigured) after a faulty AP is replaced on the network.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :


t t
Commands for setting SNMP community parameters for the AC:

s :h
[AC1]snmp-agent community read publicro

c e
[AC1]snmp-agent community write privaterw
r


ou
[AC1]snmp-agent sys-info version v2c

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
On the Add Device page, set basic information of the WLAN device to be added, the

:h
SNMP parameters, and the information about the subnet that the device is to be added to.


e s
ICMP can also be used to discover and add devices, but SNMP is preferred for unified
device management.
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
On the Auto Discovery page, set the network segment discovery parameters, SNMP

:h
parameter, and the information about the subnet that the device is to be added to.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
On the Import Device page, download the template, enter the information about WLAN

:h
devices, and upload the configuration files to eSight.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
eSight provides agile WLAN service configuration. Only three steps are required to

:h
complete service provisioning, namely, basic configuration, AC global configuration, and
AP service configuration.
e s
r c
In the traditional WLAN configuration mode, WLAN services have to be repeatedly
u


o
configured on hundreds of APs, making the deployment rather complex. The agile
s
Re
configuration mode supports batch AP service configuration based on AP groups, which
greatly simplifies the deployment procedure.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
After creating VLANs, you can configure VLANIF interfaces so that devices can

:h
communicate with other devices on the network layer.


e s
If you want to enable APs and users to obtain IP addresses automatically after going online,

r c
you must configure IP address pools.

ou
 Procedure
es

R
Choose Business > WLAN Management > Configuration and Deployment from the

g
main menu.
n


r ni
Choose Basic Configuration > VLAN IF & Address Pool.

e a Click +Add and select devices on which VLANs will be configured.

L


e
or
 Click a device name to access the VLANIF and address pool configuration page for
the device.

M  Click + Create VLAN IF and select Create VLAN IF to configure VLANs and address
pools.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Procedure
t t


s :h
Choose Resource > Resources Group > Group Management from the main menu.

c e
Click + next to User Defined under Interface Group in the navigation tree to create
r
u
an interface group.

o


es
Specify a name and provide description for the interface group.

R
Click + Add Members Manually in Group Members. In the dialog box that is
g


n
displayed, select interfaces to be added to a group and click Confirm.

ni


a r
Click Confirm. An interface group is created.

L e
e
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 Prerequisites
t t


s :h
Interface groups have been created for interfaces carrying links between ACs and

r c
create interface groups.e
APs. Main interfaces are interfaces on ACs and switches. For details about how to

ou
 Procedure
es

R
Choose Business > WLAN Management > Configuration and Deployment from the

g
main menu.
n


r ni
Choose Basic Configuration > Channel Configuration from the navigation tree.

e a Click + to select the target interface group.

L


e
or
 Click to select the target interface group.

Click the interface group name and Deploy to deliver configured parameters to the
M


interfaces.

 If the operation succeeds, √ is displayed at the upper left corner of the

parameter.

 If the operation fails, click！ at the upper left corner of the parameter to view
the cause.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Prerequisites
t t


s :h
AC devices have been added to eSight based on SNMP.

c e
Telnet parameters have been configured on the AC. For details.
r


ou
The ssh client first-time enable command must be configured for an AC to enable

s
the SSH client first authentication function.
e
Procedure R
g


ni n
Choose Business > WLAN Management > Configuration and Deployment from the

a r
main menu.

L e
 Choose Global AC Configuration from the navigation tree.

e
or
 Click + next to AC to select an AC.

M 


Set the parameters.

Click the AC name and Deploy to deliver configured parameters to the AC.

 If the operation succeeds, √ is displayed at the upper left corner of the

parameter.

 If the operation fails, click ！ at the upper left corner of the parameter to view
the cause.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
 Procedure
t t


s :h
Choose Business > WLAN Management > Configuration and Deployment from the
main menu.

r c e


ou
Choose AP Configuration from the navigation tree.

es
Click the Profile Management tab.

R
Select types of profiles to create profiles.
g


ni n
Click + Create and set parameters.

a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 Prerequisites
t t
 Profiles have been created.
s :h
 Procedure
r c e


ou
Choose Business > WLAN Management > Configuration and Deployment from the
main menu.
es
R
Choose AP Configuration from the navigation tree.
g


ni n
Click the AP Group tab.


a r
Click + Create to set AP group parameters.

L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Procedure
t t


s :h
Click the group name and open the profile binding page to bind service profiles.

c e
Profiles that can be bound directly, In the profile navigation tree, select a
r
u
profile and click Apply. Then click Deploy in the displayed dialog box.

o


es
Profiles that can be bound only by adding, In the profile navigation tree, select

R
a profile type and click . After setting parameters, click Confirm. Then click

n g
Deploy in the displayed dialog box.

r ni
 VAP profile: You need to select VAP profiles and set radios and WLAN IDs.

e a Wired port profile: You need to select a wired port profile and set port types
L


e
and numbers.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 What are the features of eSight?
t t
 Any customer:
s :h


c e
eSight provides multiple editions to meet management and business
r
u
requirements of different enterprises.

o


es
The open secondary development platform and API facilitate enterprises to

R
integrate existing systems and develop personalized tools.

n g
Any device:

ni


ar
 Unified management on multi-vendor IP and IT devices reduces network

L e management costs.

e
or
 Batch device deployment improves O&M efficiency.

Any service:
M


 Service-oriented SLA, directly presenting the service quality

 Visible WLAN management and wizard-based service configuration

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 User
t t


s :h
WLAN User Statistics: Display the chart of WLAN online Users in a specified period.

c e
Client Statistics: Display user distribution by the protocol used to access the wireless
r
u
network and authentication mode.

o


es
Client Statistics By SSID: Display distribution of SSID users.

R
Client Statistics By Frequency: Display distribution of 2.4G and 5G users.
g


ni n
Top N Client with Low SNR: Display Top N users with low SNRs.


a r
Top N Client with Low Speed: Display Top N users with low rates.

L e Top N Client with Low RSSI: Display Top N users with low RSSIs.
e


or  Client Distribution Based On Device Type: Display distribution of network access

M 
users based on device types.

Client Distribution Based On Device OS: Display distribution of network access users
based on device OSs.

 Client Distribution Based On Roles: Display distribution of network access users

based on roles.

 Client Distribution Based On Vendor: Display distribution of network access users

based on vendors.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 AP
t t


s :h
Top N AP Upstream Traffic and Channel Usage: Display Top N AP traffic and channel
usage information.

r c e


ou
Top N AP User Association Failure Rate: Display the association failure rate of top AP
users.
es

R
Top N AP Interface Traffic Utilization Trend: Display Top N AP Interface Traffic

g
Utilization Trend.
n


r ni
Traffic Statistics By Area: Display regional traffic distribution information.

e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Radio:
t t


s :h
User Statistics of Client Radio Types: Display user statistics of WLAN client radio

r c e
types, including number of users for 2.4 GHz and 5 GHz WLANs.

ou
Channel Utilization Trend: Display the trend chart of WLAN channel utilization in a

s
specified period.
e
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :
 WIDS:
t t


s :h
Rogue Devices And Rogue Clients Statistics: Display WLAN rogue devices and rogue
clients statistics.

r c e


ou
Interferers Statistics: Display WLAN Interferer statistics.

es
Security Statistics By Type: Display statistics on rogue devices, unauthorized devices,

R
interference sources, and attacks.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Other:
t t


s :h
Wireless Resource Statistics on the Network: Display wireless resource distribution

r c e
on the region, including the total number of ACs, number of online ACs, the total
number of APs, and the number of online APs on the WLAN.

ou


es
Top N WLAN Average CPU Usage: Display Top N AC and AP average CPU usage in
last hour, the last 24 hours, or the last 7 days.
R


n g
Top N WLAN Average Memory Usage: Display Top N AC and AP average memory

ni
usage in last hour, the last 24 hours, or the last 7 days.

a r
Top N SSID User Statistics: Display Top N SSID user statistics.
e


e L Top N Region Statistics: Display Top N region statistics, including number of total

or
APs, number of online AP users, and number of clients.

M  Traffic Statistics By SSID: Display SSID traffic distribution information.

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Unauthorized AP
t t


s :h
The Unauthorized AP page displays APs whose MAC addresses or SNs are not in the

r c e
whitelist. On this page, you can acknowledge unauthorized APs in batches to add
them to the whitelist. Then, APs in the whitelist are brought online.

ou
 AP whitelist
es

R
Network administrators can add MAC addresses of APs or AP SNs to an AP whitelist

g
to allow the APs to go online normally.
n


r ni
AP blacklist

e a Network administrators can add MAC addresses of APs to an AP blacklist,

L


e
preventing unauthorized APs from going online.

or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
// le
p :


t t
Click an AC name to view information about this AC.

s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Restart the AP, restore factory settings of the AP, or replace the AP based on the site

:h
scenario.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
// le
p :


t t
Click an AP name to view information about this AP.

s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
//le
p :


t t
Choose Client from the navigation tree of the Region Object Manager.

s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :


t t
Choose SSID from the navigation tree of the Region Object Manager.

s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Diagnosing a user
t t


s :h
Click on the user icon, enter the user's name, IP address, MAC address, or region

r c e
name, and click Diagnose.

 Diagnosing an AP

ou


es
Click on the AP icon, select the AP to be diagnosed, and click Diagnose.

Diagnosing an AC R
g


ni n
Click on the AC icon, select the AC to be diagnosed, and click Diagnose.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
When an AP encounters configuration errors or hardware faults, or needs to be upgraded,

:h
you can restore the AP to its factory defaults, replace the AP, or restart the AP using eSight.

e s
Restore an AP to factory settings: Perform this operation when AP configuration is
c


r
faulty or when the network is calibrated.
u


s o
Restart an AP: Perform this operation when an AP is upgraded online or when the
e
network is calibrated.
R


n g
Replace an AP: Perform this operation to synchronize AP service configurations to a

ni
new AP (unconfigured) after a faulty AP is replaced on the network.

a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
How do you rectify AP faults through eSight?

s :h
Restore an AP to factory settings: Perform this operation when AP configuration is

r c e
faulty or when the network is calibrated.

ou
Restart an AP: Perform this operation when an AP is upgraded online or when the

s
network is calibrated.
e

R
Replace an AP: Perform this operation to synchronize AP service configurations to a

g
new AP (unconfigured) after a faulty AP is replaced on the network.
n
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
You need to clarify the basic requirements for WLAN network construction, such as field

:h
strength requirements, bandwidth requirements, and the services to support.


e s
Bring a drive test mobile phone to the site and conduct the onsite survey to obtain the

r c
building drawings and measure the attenuation values of obstacles.

ou


es
Make a deployment plan based on the survey result and customer requirements. When
you make the plan, consider frequency interference, network capacity, the upper-layer
R
g
network, and power supply.

n
ni
 Review the deployment plan. If it passes the approval, begin the onsite construction. If not,

a r
modify the plan.


L e
After the construction is complete, conduct the acceptance test using Huawei network
e
or
test tools and output an acceptance report. If the project is accepted, the WLAN
deployment process ends.
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Determine the key coverage area and secondary coverage area according to the site survey

:h
and building drawings, and make coverage mode planning for areas with a high density of
users.
e s
r c
Determine the deployment modes (indoor settled, indoor distribution, and outdoor
u


o
coverage) according to site requirements.
s


Re
The transmit power of an AP is controlled to adjust the field strength of covered

g
areas. Before planning the WLAN network, consider the following points:

n
ni
 The capability of an AP is limited. If a large number of STAs exist, more APs

a r need to be deployed.

L e  APs provide a limited bandwidth. If there is high requirement on the

e
or
bandwidth, more APs need to be deployed.

M  Select the AC inline or bypass networking mode according to site

requirements.

 You can use AC power or PoE switches to supply power.

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Conduct the site survey to obtain detailed building drawings and learn the building

:h
structure.


e s
Check the coverage area for wireless interference sources and 2G/3G antennas.

r c


ou
Perform outdoor survey to determine the method for installing APs (pole mounted or wall

es
mounted), and check the frequency band, transmit power, and antenna direction of APs
already deployed on the site.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Indoor settled deployment: This mode is widely used because the installation is easy and

:h
the AP position is flexible. An AP can provide signal coverage since it is connected to a

s
network and powered on. When using this mode, you need to consider network access,
e
c
signal interference, and power supply.
r

ou
Indoor distributed deployment: You can use a small number of APs since couplers are used

es
to integrate WLAN signals to the planned indoor distribution system. When using this
R
mode, you need to consider the antenna installation and bandwidth requirements.

n g
ni
 Outdoor coverage: This mode is used when WLAN cannot be deployed indoors or when

r
you construct a wireless city. When using this mode, you need to consider the sector
a
e
coverage, antenna selection, wireless network bridges selection.
L
e
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
In Japan, channel 14 uses only the direct sequence spread spectrum (DSSS) and

:h
complementary code keying (CCK) modulation modes but not orthogonal frequency
division multiplexing (OFDM).
e s
r c
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Center frequency = 5000 + 5 x Nch
t t


s :h
The standard frequency band in China can be extended to 5.850 GHz on the basis of UNII

r c e
high frequency band. Five non-overlapping channels are provided.

ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 2.4 GHz channel planning in HT40 mode:
t t


s :h
Channels 1 to 9 or Channels 5 to 13 are used in Europe.

c e
Channels 1 to 7 or Channels 5 to 11 are used in America.
r


ou
802.11n provides two frequency band modes: HT20 and HT40.

s
HT20 provides high signal compatibility. For example, when 802.11b and 802.11g signals
e
R
co-exist in an area, you can set the HT20 mode to reduce interference between the two
signals.
n g
ni
HT40 provides high performance. In HT40 mode, two neighboring 20 MHz channels are

a r
bundled to form a 40 MHz channel. One channel is the main channel, and the other the

L e
auxiliary channel. The main channel sends Beacon packets and data packets, and the

eauxiliary channel sends other packets.

or It is recommended that you use the 5 GHz but not 2.4 GHz in an area with cellular signal

M 
coverage because the bandwidth in HT40 mode is 40 Mbit/s.

In HT40 mode, a 2.4 G network has only two non-overlapping channels 3 and 11 among
the valid channels 3 to 13. Interference between APs is unavoidable.

 This table lists the 5 GHz frequency band in HT40 mode used in America and China.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
To prevent interference between channels, the interval between center frequencies of

:h
each two channels in the 2.4 GHz frequency band must be larger than or equal to 25 MHz.

s
It is recommended that channels 1, 6, and 11 be used in overlapping mode.
e
r c
In the 5.8 GHz frequency band, non-overlapping channels 149, 153, 157, 161, and 165
u


o
are used, with 20 MHz of separation between each two channels.
s
Re
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Use the channel distribution with the lowest co-channel interference to prevent cross floor

:h
interference.


e s
If the AP's channels conflict with channels of users' Wi-Fi devices, adjust the channel
distribution.
r c
ou


es
If channel conflicts cannot be avoided by adjusting APs' channel distribution, discuss with
the owners of the Wi-Fi devices to re-distribute the channels.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
If directional antennas are used, you can prevent channel conflicts by adjusting the

:h
antenna directions. In this way, you can make full use the channels that have been
planned.
e s
r c
For example, in outdoor coverage scenarios, you can install APs on poles or towers in
u


o
back-to-back mode. This fully uses the channels in different sectors that provide signal
s
e
coverage in different directions, improving channel utilization.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
APs are directly connected to the AC or connected to the AC through a switch. All data is

:h
forwarded by the AC. Service data is not encapsulated by CAPWAP. The service data is

s
transparently transmitted by service VLANs. The AC must have high forwarding
e
c
performance. If there are a few APs and traffic volume is not high, this mode can be used.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
APs are directly connected to the AC or connected to the AC through a switch. All data is

:h
forwarded by the AC. Service data is encapsulated by CAPWAP and is transparently

s
transmitted by the management VLAN. The CAPWAP encapsulation and decapsulation are
e
c
carried out by the AC. This mode is simple, but requires that the AC must have high
r
forwarding performance.
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The AC is connected to an aggregation switch. AP's management data is forwarded to the

:h
AC through the switch. Service data is not processed by the AC. The AC is connected to

s
the existing network in bypass mode. This mode has little impact on the existing network.
e
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The AC is connected to an aggregation switch. AP's management data is forwarded to the

:h
AC through the switch. All data is forwarded by the AC. Service data is encapsulated by

s
CAPWAP and is transparently transmitted by the management VLAN. The CAPWAP
e
c
encapsulation and decapsulation are carried out by the AC. The AC is connected to the
r
u
existing network in bypass mode. This mode has little impact on the existing network.
o
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
This table lists some common data services. The minimum downstream and upstream

:h
bandwidth must be ensured for these services.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The bandwidth of each AP must be available bandwidth. As the number of access users

:h
increases, the total available bandwidth decreases. It is recommended that less than 30

s
users be connected to each AP. (For details about AP's capability, see the product manual.)
e
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Calculate the AP's coverage based on AP's transmit power, antenna gain, and signal loss.

:h
Place the AP according to its coverage radius.


e s
When the AP's signal traverses the wall from outdoors to indoors, determine whether

r c
signal loss affects indoor signal strength. If indoor signal is weak, add more APs to increase
signal strength indoors.
ou
es
If signals traverse a barrier with a degree, the traverse depth is larger than that when
R


g
signals traverse the barrier vertically. Therefore, vertical traverse reduces signal loss.

n
ni
 In the area containing a lot of access users, AP density should be high, ensuring that each

a r
user connected to the AP can obtain guaranteed bandwidth.

L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :


t t
You can use Huawei eSight WLAN Planner to import building drawings and set various

:h
obstacles.


e s
The tool supports automatic AP deployment, facilitating the planning of AP position and
channel.
r c
ou


es
The tool can display the signal strength and SNR by figures.


R
The tool allows you to export standard planning reports, facilitating communication with
the customer.
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
You can know the penetration loss of some obstacles through site survey and experiences.

:h
These values help AP planning and signal strength rendering.


e s
In the scenario where APs are deployed outdoors to support indoor wireless access,

r c
wireless signal strength decreases when signals penetrate glasses, walls, or wooden doors.

ou
You need to consider the penetration loss into link budgets.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Co-channel interference may be caused by incorrect WLAN planning or come from WLAN

:h
devices of other users. To prevent co-channel interference, perform onsite RF scanning and

s
unified AP planning during the survey and planning stage and adjust APs' transmit power
e
c
and antenna direction to control signal coverage in the optimization stage. Perform RF
r
u
scanning in onsite survey to check wireless environment, negotiate channel usage with
o
s
other carriers or wireless router users to avoid co-channel interference.
e

R
Improve frequency multiplexing efficiency and ensure that the same signal channel is not

n g
used in a coverage area or adjacent coverage areas. Use the isolation degree formed by

ni
surrounding environment for channel planning to prevent co-channel interference.
r

e a
Use directional and intelligent antennas to reduce internal signal interference.

e L
Omnidirectional antennas are not recommended for networking of many APs.

or  Adjust transmit power and feeder system to reduce impact of co-channel interference on

M AP performance.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
When the interval between center frequencies of two channels is smaller than 25 MHz,

:h
there is signal overlapping between the two channels. You can use adjacent channels to

s
increase available center frequencies. Usually, non-overlapping channels 1, 6, and 11 are
e
c
used for the 2.4 GHz frequency band.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Microwave ovens, cordless phones, and Bluetooth devices are non-WLAN interference

:h
sources that use 2.4 GHz frequency band.


e s
Wireless cameras and routers are other WLAN interference sources.

r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
If many STAs associate with the same AP, a large number of STAs and services compete

:h
for this AP resource, causing QoS deterioration. If this AP keeps this state for a long period

s
whereas its adjacent AP is lightly-loaded, the entire network is unstable, reducing the
e
c
overall efficiency and performance.
r

ou
When a network is not load balanced, STAs switch among APs randomly. A large number

es
of STAs disconnect from the original AP and try to associate with an AP on a hotspot area,
R
but the association may fail. When the number of STAs connected to that AP reaches the

n g
threshold, new STAs cannot associate with the AP or the association causes network

ni
congestion and service interruption.
r

e a
A few APs on hotspot areas are fully-loaded whereas other APs are not used, causing

e L
waste of network resources.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
An AC performs load balancing between APs when STAs connect to these APs.

s :h
Each AP periodically reports STA association information to the AC, and the AC distributes

r c e
user traffic among APs based on received STA association information.

ou
When a STA sends an association request to an AP, the AC checks whether the number of

es
STAs connected to the AP has reached the threshold. If the number of STAs is smaller than
the threshold, the AC instructs the AP to accept the association request. Otherwise, the AC
R
g
determines whether to accept the association request according to the load balancing

n
ni
configuration.


a r
As shown in this figure, STA1 requests to associate with AP1. However, the number of

L e
STAs connected to AP1 has reached the threshold, so STA1 associates with AP2.

e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
As shown in this figure, a WLAN has three APs. The coverage area of AP1 does not

:h
overlap the coverage areas of AP2 and AP3. The AC load balances traffic among APs.

s
When STA1 sends an association request to AP1, the AC detects that the number of STAs
e
c
connected to AP1 has reached the threshold. Therefore, the AC instructs AP1 to reject the
r
u
association request of STA1. STA1 then attempts to connect to AP2 or AP3. Because STA1
o
s
is not in the coverage area of AP2 and AP3, STA1 finally associates with AP1.
e

R
This example shows that load balancing can be implemented among APs only when the

n g
APs are connected to the same AC and all these APs can be discovered by a STA.

r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
On medium- and large-sized WLANs, some APs are connected to a large number of users

:h
while some to a few users. Wi-Fi air interfaces support competition-based multi-address

s
access. As more and more users connect to a radio, the competition overhead increases.
e
c
As a result, the air interface throughput decreases, and user experience deteriorates. That
r
u
is, increasing the number of deployed APs does not bring about better user experience.
o

es
Load balancing can be implemented among APs only when the APs are connected to the
R
same AC and all these APs can be discovered by a STA.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Static load balancing: APs providing the same services are manually added to a load

:h
balancing group. Each AP periodically reports STA association information to the AC, and

s
the AC distributes user traffic among APs based on received STA association information.
e
c
When a STA sends an association request, the AP uses a load balancing algorithm to
r
u
determine whether to accept the association request. Static load balancing can be
o
s
implemented when the following conditions are met:
e
R
An AP radio can join only one load balancing group. APs in the figure are single-
g


ni n
band APs that support only one frequency band (2.4 GHz or 5 GHz frequency
band).If dual-band APs are used, traffic is load balanced among APs working on the

a r
same frequency band. That is, a dual-band AP can join two load balancing groups.

L e Each load balancing group supports a maximum of 16 AP radios.

e


or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Dynamic load balancing: Before going online, a STA sends broadcast Probe Request frames

:h
to scan available APs. The APs that receive the Probe Request frame all report the STA

s
information to the AC. The AC adds these APs to a load balancing group, and then uses a
e
c
load balancing algorithm to determine whether to allow access from the STA. Static load
r
u
balancing supports a limited number of group members, and all members must be
o
s
manually added to the group and work on the same frequency band. Dynamic load
e
R
balancing overcomes these limitations.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Why do people need to plan channels and how do they plan channels?

s :h
To prevent interference between channels, the interval between center frequencies

r c e
of each two channels in the 2.4 GHz frequency band must be larger than or equal to
25 MHz. It is recommended that channels 1, 6, and 11 be used in overlapping mode.

ou


es
In the 5.8 GHz frequency band, non-overlapping channels 149, 153, 157, 161, and
165 are used, with 20 MHz of separation between each two channels.
R


n g
What are the major WLAN network designs?

r ni
Direct forwarding in inline mode

e aTunnel forwarding in inline mode

L


e
or
 Direct forwarding in bypass mode

Tunnel forwarding in bypass mode

M

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
As various Wi-Fi terminals are developed and WLAN sizes increase, WLAN is widely used

:h
and a lot of new service requirements emerge. WLAN is applied to many new scenarios.

s
Currently, WLAN is mainly used in the following scenarios:
e
Campus
r c
u


s o
Network size is large and the network needs to operate various services. The
e
campus WLAN usually covers teaching buildings, library, restaurant,
R
n g
apartments, gymnasium, and playground.

ni
 Public area

a r The public area, such as coach station, railway station, airport lounge,
e


e L restaurant, amusement park, library, hospital, and large gymnasium, has

or
temporary and mobile troops and high population density.

M  Exhibition center

 The exhibition center also has temporary and mobile troops and high
population density.

 Office building

 The office building features in large area and middle height. The WLAN covers
meeting rooms, restaurant, and office area.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Indoor settled APs have lower power, 100 mW usually. They can use multiple antenna

:h
arrays to support 2x2 MIMO and 3x3MIMO, providing high throughput.


e s
Indoor distributed AP is also called high-power AP. The indoor distributed system enlarges

r c
signal coverage area, and works with the 2G/3G indoor distribution system to provide

ou
signal coverage. The indoor distributed system is a cost-effective solution.

es
Outdoor APs are applicable to rugged environment. Compared with indoor APs, outdoor
R


g
APs have higher waterproof, surge protection, and dust-proof capabilities.

n
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Case:
t t


s :h
Requirement analysis: An office area has 200 employees. The user concurrent

r c e
rate is 75%. Each user must be assigned 2 Mbps bandwidth.

ou
Site survey: The employees are separated by glass, plasterboard, and load-

s
bearing walls.
e

R
Network design:

n g
ni
Deploy the indoor settled APs with dual bands: 2.4 GHz and 5
GHz.

a r Available channels at 2.4 GHz: channels 1, 6, and 11; available

L e frequencies at 5 GHz: 149, 153, 157, 161, and 165.

e
or
Each AP covers 8-12 meters.
Number of concurrent users is 150, and each AP connects to
M 
40 users; therefore, four (150/40) APs are required.
Device configuration: 10 dBm@2.4 GHz, 20 dBm@5 GHz
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
For the indoor areas such as meeting rooms and coffee houses, the wall-mount or ceiling-

:h
mount APs are recommended.


e s
For the ordinary guest room, the ceiling-mount APs can be installed in corridor. For the VIP

r c
guest rooms, the antennas can be deployed in the rooms.

ou


es
The office building has a wide indoor area, and the rooms are separated by walls. The
ceiling-mount APs installed in the corridor can offer signals for ordinary offices.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Local powering is inconvenient. In addition, the exposed power cables bring security risks.

s :h
PoE adaptor powering: The PoE module is a potential failure point.

c e
PoE switch powering is convenient, stable, and safe.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
In most countries, the available channels at 2.4 GHz are 1-13 and 1-14, and there are

:h
three available non-overlapping channels.


e s
The frequencies at 5 GHz vary according to countries and regions. They are mainly

r c
distributed at 5.1-5.3 GHz, 5.4-5.7 GHz, and 5.8 GHz. Before planning the network,

ou
determine the available frequencies.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
If the terminals and APs are separated by blocks, consider the penetration loss and the

:h
incidence angle of signals traversing the walls.


e s
In the premise of meeting receiver sensitivity requirement, reserve certain link margin in

r c
case of extra loss. If the reserved link margin is high, the wireless system has high

ou
capability to overcome signal transmission loss, and communication quality is high.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Example:
t t


s :h
An office has 150 2.4 GHz terminals. The concurrent user rate is 60%. The

r c e
bandwidth requirement is: 2 Mbps downlink and 1 Mbps uplink.

ou
Each AP connects to 20 terminals. The number of required APs is 4.5 (150*60%/20)

s
in the case of no interference. Therefore five APs are required.
e
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
More and more companies choose mobile offices today. Existing network interfaces

:h
cannot meet growth requirement of new employees, and adding network interfaces will

s
cause office reconstruction. In addition, wired network cannot meet mobile office
e
c
requirements. Wireless network remedies the defects of wired network.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Office buildings have the following command characteristics:

s :h
The half-open area has a few obstacles.

c e
The office area contains enclosed rooms, and the walls' materials may be different.
r


ou
User density is high, requiring high network capacity and stability.

es
Users have mobile office requirement.
R


n g
Signals must cover a large area for high density users. The half-open structure has a few

ni
obstacles. The indoor settled system is recommended because of its high capacity and easy

r
installation.
a

L e
2.4 GHz & 5 GHz dual frequency needs to be supported to increase bandwidth.

e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The half-open area has a few obstacles, so it is recommended to use fewer APs to reduce

:h
signal interference. Less than 3 APs are recommended in a short distance. The building has

s
five floors. Signal leaking may occur between floors. Therefore, the signals of different
e
floors must overlap.
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Wireless network and wired network are connected seamlessly, and there is no physical

:h
connection failures. Network access is convenient.


e s
Wireless network is easy and fast to deploy. Network deployment has little impact on hotel
operation.
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Signal coverage is the primary goal for a hotel. Before planning the wireless network,

:h
check the hotel's decoration and wall material.


e s
Hotel rooms have the following common characteristics:

r c


ou
The wash rooms are close to corridors and separated by plasterboards or brick walls.

es
Guests are equally distributed in rooms. Medium user density

R
Indoor distributed AP has only one antenna output interface, and does not support MIMO.
g


ni n
a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
In some scenarios, antennas cannot be deployed in rooms due to the limit of decoration

:h
and cable deployment. In these scenarios, antennas can be installed in corridors; however,

s
signal strength is weakened. Due to the impact of obstacles and decoration materials,
e
c
signal strength in some corners may be weak.
r

ou
It is recommended to test signal strength by simulating antenna coverage area,

es
distribution, and output power.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
A high-gain antenna provides weak signal strength for the areas under the antenna. To

:h
cover a small area (< 500 meters), choose a low-gain antenna, which provides high signal
strength in nearby areas.
e s
r c
When coverage area is small (< 300 meters) and coverage angle is larger than 120°, the
u


o
omnidirectional antenna is recommended. When coverage area is large and coverage
s
e
angle is small, the directional antenna is recommended.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
A high-gain antenna provides weak signal strength for the areas under the antenna. To

:h
cover a small area (< 500 meters), choose a low-gain antenna, which provides high signal
strength in nearby areas.
e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
A wireless distribution system (WDS) connects two or more wired or wireless LANs

:h
wirelessly to establish a large network.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Measure the backhaul distance using Google Earth or GPS tester, and measure the

:h
distance on site.


e s
Use 5 GHz for WDS backhaul, and 2.4 GHz for user access.

r c


ou
The frequencies at 5 GHz vary according to countries and regions. Choose appropriate

s
frequencies. If there is radar on site, do not use the frequencies conflicting with the radar.
e
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
After measuring the coverage distance, calculate the gain using the distance longer than

:h
that you measured. When selecting the antennas, consider the coverage distance and

s
ensure signal coverage for the nearby areas.
e
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
//le
p :


t t
Consider the following aspects when designing wireless network capacity:

 Device performance
s :h


c e
Number of concurrent users
r


ou
Bandwidth requirement

Interference
es
R


n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
As the WLAN technology improves, enterprises are increasing investments in the

:h
construction of WLAN, deploying WLAN in hotspot areas such as office buildings, hotels,

s
and airports to meet users' increasing requirements.
e
r c
Compared with a wired LAN, WLAN has wide coverage and high mobility and is easier to
u


o
install and expand. However, it is difficult to deploy a WLAN.
s


Re
Signal quality: The quality of wireless signals is determined by the distance between

g
terminals and the closest APs. It decreases as the distance increases.

n
ni
 Coverage: The performance of a wireless network is affected by network coverage

a r
and layout of the buildings.

L e
 Signal interference: A WLAN can be affected by surroundings such as microwaves,
e
or
wires, and multipath interference.

M  The preceding challenges impose higher requirements on technical engineers' skills

in deploying the WLAN.

 The WLAN Planner, as a auxiliary tool for wireless network planning, provides functions of
environment planning, AP deployment, network signal simulation, and automatic report
export, which helps technical engineers with network planning and improves work
efficiency.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 WLAN Planner Characteristics：
t t
 Environment planning
s :h


c e
The WLAN Planner can be used to customize the materials of walls, windows,
r
u
and doors and draw coverage areas and dead zones.

o
 AP deployment
es
R
It can be used to automatically calculate the number and location of APs, as
g


ni n
well as deploy APs manually and adjust coverage of the signals based on the

r
building drawing and coverage requirements.

e aNetwork signal simulation

L


e
or
 It can be used to view drawings of signal coverage and location.

Report management
M


 This function allows users to export the planning reports.

 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :


t t
Common toolbar : Provides shortcut icons of the common operations.

s :h
Shortcut toolbar : Allow users to quickly create a project, open a project, and calculate the
number of APs.

r c e


ou
Project list : Lists the projects that have been created.

es
Planning flow diagram : Provides flow diagram for using the WLAN Planner.

R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The number of APs that need to be deployed is automatically calculated based on the

:h
actual area of the deployment environment, the number of concurrent users, and a single
user's bandwidth requirements.
e s
r c
The sales personnel use the WLAN Planner to preevaluate the number of APs, modify the
u


o
number as required, and make a business quotation based on users' requirements on the
s
e
coverage of wireless signals.
R


n g
On the home page of the WLAN Planner, click AP Calculator. The AP Calculator

ni
page is displayed.

a r
Select the AP type to be deployed.

L e
 Select the Bandwidth to be deployed.
e
or
 Select the environment mode as required in the Environment type dialog box.

M  Semi-open environment: The deployment environment is semi-open, such as

office buildings and factories.

 Tunnel environment: The deployment environment is tunnel, such as tunnels

and corridors.

 Open environment: The deployment environment is open, such as stadiums

and squares.

 Closed environment: The deployment environment is closed, such as boxes

 and rooms.

 Enter area of the network to be planned and performance parameters.

 Click OK.

n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
This topic describes how to configure the global attributes of the WLAN Planner.

 Global Configuration:
s :h


c e
On the home page, click Configure. The Configure page is displayed.
r


ou
On the Configure page, click Global Configuration.

es
On the Basic Setting and Advanced Setting tab pages of the Configure page,
R


configure the global parameters.

n g
ni
 Click OK.


a r
Frequency for Automatic AP Deployment: 2.4 G, 5 G.


L e
Throughput Calculation By SNR, By field strength.
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
User can bind antennas to pre-defined system APs.

s :h
The transit and receive capabilities of an AP are determined by the type of the AP.

r c e
Different types of antennas are different in transmit power and receive sensitivity. Users
can configure the type of the antennas in the Bind AP Antenna interface.

ou


es
On the home page, click Configure. The Configure page is displayed.


R
On the Configure page, select Bind AP Antenna.

n g
On the Bind AP Antenna tab page, click Operate icon in the Operate list to open the

ni


r
Bind Antenna interface.

e a NOTE: Antennas can only be bound to APs whose Built-in Antennas are shown
L


e
as No.

or  Configure the 2.4G and 5G antenna type in the Bind Antenna interface.

M  Click OK.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The WLAN Planner preconfigures five default types of switch devices: S2700-26TP-PWR-EI,

:h
S2700-9TP-PWR-EI, S3700-26C-HI, S5700-28C-PWR-EI, and S5700-52C-PWR-EI. These
switch types cannot be deleted.
e s
r c
The WLAN Planner supports the function of planning and deploying the third-party
u


o
switches. Users can customize the switches type on the Preconfigured Switch page and
s
e
deploy the customized switch on the Routing and Power Supply tab page.
R


n g
On the home page, click Configure. The Configure page is displayed.

ni
 On the Configure page, click “+” Preconfigured Switch.

a r
On the Preconfigured Switch tab page, click . The New Switch Type page is
e


e L displayed.

or
 Enter the parameters for customizing the switch.

M  Click OK.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WLAN signals are related to the blocking capacity of the obstacles. Different obstacles

:h
have different blocking capacity. Users can customize the obstacle type on the

s
Preconfigured Obstacle page and draw different types of obstacles on the drawing.
e
r c
The WLAN Planner preconfigures ten default types of obstacles, such as wooden doors,
u


o
concrete, and glass windows. These obstacle types cannot be deleted.
s
 Procedure:
Re


n g
On the home page, click Configure. The Configure page is displayed.

r ni
On the Configure page, click Preconfigured Obstacle.

e a On the Preconfigured Obstacle tab page, click “+” . The New Obstacle Type page is
L


e
displayed.

or  On the New Obstacle Type page, enter the parameters for customizing the obstacle.

M  Click OK.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Before technical engineers design the wireless network, make clear the users'

:h
requirements on the wireless network planning, including requirements on frequency band,

s
bandwidth, signals, the number of users who are connected to the wireless network,
e
c
cabling, and services. Obtain basic information about the project, including diagrams of
r
u
building layout, weak current cabling, and strong current cabling. Plan the WLAN network
o
s
using the WLAN Planner, calculate the number and location of APs, and export the
e
R
planning reports to provide reference for the on-site implementation engineers. this slide

g
describes the detailed procedure.
n
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Before you use the WLAN Planner to plan the WLAN network, you need to create a

:h
project, select a country, and set the environment type first.

 Create a project.
e s
r c


ou
On the home page, click Create Project. The Create Project page is displayed.

es
Enter the project name.

R
Select the country or area.
g


ni

nNOTE: Different countries or area use different wireless channels. Select the

a r corresponding country or region when creating a new project. In this way, the

L e WLAN Planer automatically filters out channels that cannot be used in this

e
country.

or  Select Indoor in Environment Type area and select the corresponding environment

M mode.

 Click OK.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
After you create a project, you need to add a building and import the drawing, so that you

:h
can set the environment type and deploy APs on the drawing to simulate the WLAN
network.
e s
Procedure
r c
u



s o
On the home page of the WLAN planning project, select project nodes.


Re
Click building icon. The Add new building page is displayed.

n g
Enter the name and import the drawing and click OK.

ni


a r
How to set building and floor parameters.

L e
 Create a floor: Right-click a building node and select Add New Floor. Set Floor

e
or
Number, Name, and Drawing, and click OK.

Update a drawing: Right-click the newly added building node and select Update
M


Drawing to update a drawing for the floor.

 Create multiple floors and import drawings: Right-click a building node and select
Import Drawings in Batches. The WLAN Planner will then create multiple floors and
import a drawing for each floor based on the number of drawings.

 Set floor attributes: Right-click a floor node and select Property. Set Floor Height,
Floor Materials, 2.4G Attenuator, and 5G Attenuator, and click OK.
  Adjust the floor sequence: Directly drag a floor node to adjust the floor sequence.

n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Configure the scale.
t t


s :h
On the floor page, click Set Scale. The mouse status changes to .

c e
Click the start point of the scale on the drawing.
r


ou
Click the end point of the scale on the drawing. The Set Scale dialog box is displayed.

es
Enter the drawing scale interface and select the unit as required.
R


n g
Click OK. The scale is displayed on the drawing.

r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Adjust the datum mark.
t t


s :h
The datum marks of all the floors must be on the same vertical line.

c e
You can manually drag the datum marks of multiple floors to align them, to better
r
u
simulate actual environment among the floors.

o
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Configure the obstacle.
t t


s :h
Select the obstacle type from the toolbar of the drawing.

c e
NOTE: Users can customize the obstacle type. For detailed procedure, see
r
u
Preconfiguring an Obstacle.

o


es
Select an obstacle figure, such as rectangle or polyline, from the toolbar.

R
Draw obstacles based on actual environment.
g


ni n
a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :
 Configure the coverage area.
t t


s :h
On the home page of the WLAN planning project, click Environment Setting. The

r c e
Environment Setting page is displayed.

ou
Select the coverage area type from the toolbar.

es
You can select the shapes of the coverage area, including polygon or rectangular in

R
the coverage area drawing toolbar.

n g
Draw the coverage area.

ni


a r
Right-click or double-click the created coverage area.

L
e Select Property. The Coverage dialog box is displayed. Modify the attributes of this

e
or
coverage area.

Click Save.
M

 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :
 Configure the interference source.
t t


s :h
On the home page of the WLAN planning project, click Environment Setting. The

r c e
Environment Setting page is displayed.

ou
In the toolbar, click the interference source icon.

es
Click on the drawing to add an interference source.

R
NOTE: Click repeatedly to add multiple interference sources to the drawing.
g


ni

n Right-click to end this operation.


a r
Right-click the interference source icon.

L e Select Property. The interference source dialog box is displayed.

e


or  Configure the attribute as required.

M  Click Save.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
// le
p :
 Configure the AP deployment area.
t t


s :h
Select the AP deployment area from the toolbar.

c e
Draw AP deployment area.
r
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Deploy manually.
t t


s :h
Users can deploy APs manually based on the actual environment and deployment

r c e
experience. Users can perform operations such as adding APs, deleting APs,
adjusting AP location, and configuring AP attributes.

ou


es
On the home page of the WLAN Planner, click AP Deployment. The AP deployment
page is displayed.
R


n g
Select the AP type to be deployed from the toolbar.

r ni
Deploy APs manually in the drawing.

e aRight-click the AP icon.

L


e
or
 Select Property. The dialog box of AP attributes is displayed. Configure AP attribute.

Click Save.
M

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Simulate the environment wireless signals.
t t


s :h
Preview the coverage of wireless signals by signal simulation diagram and determine

r c e
whether it meets the designing requirements. This tool is available for Received
Signal Strength Indication (RSSI) simulation diagram, Signal to Interference plus

ou
Noise Ratio (SINR) simulation diagram, physical layer throughput diagram, and

es
application layer throughput diagram.
R


n g
Select the type of simulation diagram.

ni
 Click Open Simulation to export the simulation graph.

a r After adjusting the location or attributes of APs, obstacles, and coverage areas,
e


e L users can click Refresh Simulation to refresh the simulation graph. This step is

or
optional.

M  Optional: After adjusting the location or attributes of APs, obstacles, and

coverage areas, you can click Refresh Simulation to refresh the simulation
graph. This step is optional.
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :
 Simulate access points.
t t


s :h
Access point simulation is used to simulate the information about wireless signal

r c e
sources that can be received by a single access point, such as information about
frequency, signaling channels, and field strength.

ou


es
On the home page of the WLAN planning project, click AP Deployment. The
AP Deployment page is displayed.
R


n g
In the toolbar, Click Access Simulation.

r ni
 Configure the information about the simulation access point in the dialog box.

e a Deploy the simulation access points.

L


e
or
 Right-click each simulation access point and select View to view information
about accessible sources of this point.

M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
After AP deployment is complete, deploy switches and connect APs and switches using

:h
network cables to provide reference for implementation engineers.

 Procedure:
e s
r c


ou
On the home page of the WLAN planning project, click Routing and Power Supply. The

s
Routing and Power Supply page is displayed.
e
 Deploy switches.
R
n g
Select the switch type to be deployed from the toolbar.

ni


a r
Deploy switches on the drawing.

L
e Right-click the switch icon and select Property. The dialog box of switch attributes is

e
or
displayed. Configure the switch attributes.

Click Save.
M


 Deploy ACs.

 Select the AC type to be deployed from the toolbar.

 Deploy ACs on the drawing.

 NOTE: Click View Planned Resource on the toolbar at the bottom to view the
APs and switches deployed on the drawing.
  Select the network cable type from the toolbar.

 Click and draw network cables on the drawing to connect APs, switches, and ACs.

 NOTE: The WLAN Planner allows you to connect devices of different types only.

n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
t t
s :h
r c e
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The WLAN Planner allows users to export detailed planning reports, AP lists, and material

:h
lists to provide reference for implementation engineers.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 Export the network planning reports.
t t


s :h
On the home page of the WLAN planning project, click Import and Export. The page

r c e
for import and export is displayed.

ou
Click Generate WLAN Planning Report. The WLAN Planning Report dialog box is
displayed.
es

R
Select the planning map.

n g
Select the content to be exported.

ni


a r
Select the language of the network planning reports.

L
e Select the format of the network planning reports.

e
or
 Click Generate

M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
// le
p :
 Export the AP lists.
t t


s :h
On the home page of the WLAN planning project, click Import and Export. The page

r c e
for import and export is displayed.

ou
Click Export AP List. The AP Bill dialog box is displayed.

es
Select planning maps.

Click Export. R
g


ni n
a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
// le
p :
 Export material lists.
t t


s :h
On the home page of the WLAN planning project, click Import and Export. The page

r c e
for import and export is displayed.

ou
Click Export Materiel Bill. The Materiel List dialog box is displayed.

es
Select planning maps.

Click Export. R
g


ni n
a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 WLAN Planner Characteristics：
t t
 Environment planning
s :h


c e
The WLAN Planner can be used to customize the materials of walls, windows,
r
u
and doors and draw coverage areas and dead zones.

o
 AP deployment
es
R
It can be used to automatically calculate the number and location of APs, as
g


ni n
well as deploy APs manually and adjust coverage of the signals based on the

r
building drawing and coverage requirements.

e aNetwork signal simulation

L


e
or
 It can be used to view drawings of signal coverage and location.

Report management
M


 This function allows users to export the planning reports.

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
This course introduces basic WLAN troubleshooting methods and tools, common faults,

:h
and cases, step by step.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Management block: APs are classified into Fat APs and Fit APs. A Fat AP can manage itself

:h
independently, while Fit APs are uniformly managed by an AC.


e s
Service block: This part includes service VLAN configurations and wireless services.

r c


ou
Port block: VLANs are configured based on ports.

es
Wired block: This block includes the connection between APs and switches, connection

R
between access switches and aggregation switches, connection between ACs, and

g
connection between ACs and the upper-layer network.
n
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Check the segment between a STA and an AP. The STA can be a laptop, tablet computer,

:h
or Wi-Fi-supported mobile phone. You must check the STA and the wireless environment.


e s
Check the segment between an AP and a switch, including the AP hardware and PoE
power supply.
r c
ou


es
Check the segment between a switch and an AC, including the switch, hardware version,
software version, and configurations of the AC.
R
g
For example, in an area where users can only access the Wi-Fi network at a low rate,
n
ni
troubleshooting can be performed from the STA. First, check whether the low access rate is

a r
caused by the STA. Then, check whether a fault occurs on the AP. Finally, check whether a

L e
fault occurs on the switch or AC.

e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
The replacement troubleshooting method can quickly locate a fault and find out proper

:h
troubleshooting solutions. Its operation is fast and simple.

e s
Network adapter: Replace the built-in network adapter with an external network
c


r
adapter, or reinstall the network adapter driver.
u


s o
STA: If there are several STAs, replace them with other STAs of the same type or
e
different types.
R


n g
AP: Fit APs can start with no configurations, and it is convenient to replace them.

ni
When Fat APs are replaced, you need to configure them again.

a r
Network cable: When the cable on a specified network segment is suspected to be
e


e L faulty, replace the network cable for testing.

or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Trace command:
t t


s :h
Trace command is classified into two types: tracert command in Windows and

r c e
traceroute command in Linux.

ou
This diagnostic program sends ICMP packets with different time to live (TTL) values

s
to determine the route to the destination
e
 Debug command:
R
n g
When a network fault occurs, run the debug command to obtain information about

ni


r
packets and frames exchanged, which is of vital importance in fault locating.

e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Response to ICMP Echo Request messages sent by a local device: If no Response message

:h
is received within a certain period, the message "Request time out" is displayed in the

s
output. Otherwise, the number of bytes, the sequence number, TTL, and response time of
e
c
the Response message are displayed.
r

ou
Packet statistics include the total number of packets sent and Response packets received,

es
percentage of packets that receive no response, and minimum, maximum, and average
response times. R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :

t t
The common display commands help to query and display information about device
versions and configurations.
s :h


r c e
Devices from different vendors may support different commands.


ou
Run the display current-configuration command to display the current configurations of
the system.
es

R
Run the display interface command to display interface information.

n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :

t t
Check the status of all APs on the current AC.


s :h
Display information about APs, including the AP ID, MAC address, name, group, IP

r c e
address, type, state, number of associated STAs, and uptime. Information about one

u
AP is displayed in one line. The total number of APs is displayed in the last line.

o


es
If an AP goes online successfully, normal is displayed in the AP State column. If an

R
AP cannot go online, fault is displayed in the AP State column. (download is

n g
displayed during the upgrade. config-failed is displayed when an AP fails to

r ni
initialize the configuration).

e a
Check the IP address.
L


display arp all

e


or IP ADDRESS MAC ADDRESS EXPIRED(M) TYPE-VLAN INTERFACE VPN-INSTANCE

M 10.1.10.250 e8bd-d1f7-75c0 20 D-0 GE0/0/8

 The displayed information includes the IP address, MAC address, remaining lifetime
(in minutes), entry type and slot number on which the entry is obtained, type and
number of the interface that learns the entry, and name of the VPN instance to
which the ARP entry belongs.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The display access-user command displays information about online users.

s :h
If user-id is specified, detailed information about the specified user is displayed.

c e
Currently, username contains only letters, digits, or special characters, but does not
r
u
support other languages such as Chinese characters.

o
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :

t t
inSSIDer is a new open-source Wi-Fi scanner. It is developed by MetaGeek, who is also the

:h
developer of the Wi-Spy spectrum analysis program. inSSIDer is a common signal scanning
s
r c e
tool with simple operations and concise GUI.


ou
inSSIDer can display the change of signal strength in the time axis and the distribution of

s
signal strength on each AP channel by figure. This tool can also filter AP information based
e
R
on the frequency band, channel ID, signal strength, and encryption mode of APs.


n g
If a large number of APs need to be managed, the inSSIDer tool also supports GPS

ni
functions to locate the positions of APs on Google Maps.
r
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 Descriptions of each column in the figure:
t t


s :h
Column 1: SSID, which is short for service set identifier and also called network
name

r c e


ou
Column 2: signal strength, in dBm

es
Column 3: channel ID used by different wireless signals

R
Column 4: encryption mode, which can be WEP, WPA2-PSK, or open (no encryption)
g


ni n
Column 5: MAC address of the hotspot, which is unique

a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 Signal strength figure:
t t


s :h
This figure shows the change of signal strength at different times. Different signals

r c e
are marked by different colors.

 Channel usage figure:

ou


es
This figure shows the signals and strengths of different channels, and channel

R
bandwidth. You can click to select a 2.4 GHz or 5 GHz channel.

n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
 WLAN fault locating process
t t


s :h
Check the services on STAs --> check the received signal strength --> check the AP --

r c e
> check the wired network devices --> check the AC --> check the uplinks

ou
Locate the fault step by step.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Ask the user about the fault symptoms and reproduce the faults.

 Check the STA:

s :h


c e
Check whether the wireless network adapter is enabled.
r


ou
Check the signal strength.

es
Check the surrounding interference sources.
R


n g
Check WLAN services using a self-brought device:

r ni
Implement troubleshooting on the common services, including FTP unloading, FTP

e a downloading, and webpage browsing.

e L  Check whether specific services such as voice and video are normal.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :

t t
Scan the surrounding signals with common network diagnostic tools, such as inSSIDer.

:h
Analyze the influences of various signal strengths on the local signal. In most cases, the
s
r c e
RSSI in major coverage areas should range from -40 dBm to -65 dBm; the RSSI in edge

u
areas should be larger than -75 dBm; co-channel interference should be smaller than -80

o
dBm.
es

R
Through network diagnostic tools, the local signal strength and the strength of other

g
signals in the same channel can be detected. Weak local signal strength is usually caused
n
ni
by the poor hardware performance or poor wireless environment. When a large number of

a r
other signals with strong signal strength co-exist in the channel, change a signal channel.

L e
For example, channels with less signal interference, such as channel 1, 6, or 11, can be

eselected for the 2.4 G frequency band.

or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :

t t
The appearances differ for APs of various types. However, all APs have the radio signal

:h
indicator, system status indicator, and link status indicator.
s


r c e
If the indicator is steady on, the related functions are enabled. If the indicator blinks,

u
data is transmitted or the device is starting. If the indicator is off, the related

o
s
functions are disabled.
e

R
For some APs, there is only one indicator — PWR.


n g
After logging in to an AC, you can check the status of an AP by running a display

ni
command. For example, you can run the display ap all command to check the working
r
a
status of all APs.
e
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Check whether the switch is obviously extruded or damaged.

s :h
Log in to the switch through the console port to check whether the switch is correctly
configured.

r c e


ou
Check the network status to see whether broadcast storms or packet attacks occur.

es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
WLAN supports four authentication modes: Wired Equivalent Privacy (WEP), Wi-Fi

:h
Protected Access (WPA), WPA2, and Privacy Infrastructure (WAPI).


e s
Different devices support different authentication and encryption modes. Check whether

r c
the AC supports the configured authentication and encryption modes.

ou


es
Check whether services are correctly configured on the AC.


R
The configurations of basic AC services include:

n g
AC ID and carrier ID

ni


a r
Country code

L e
 Source interface

e
or
 The configurations of AP radios and VAP parameters include:

M 


AP WMM profile and radio profile

WLAN-ESS, security profile, traffic profile, and WLAN service set

 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
If the AC and its downlink devices all work properly, check the AC uplink devices. First,

:h
check whether the hardware is damaged. Then, check whether the router is correctly
configured.
e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
When performing routine maintenance on wireless devices, comply with the regulations to

:h
ensure the normal running of devices, prevent potential faults, and rectify the existing
faults in a timely manner.
e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
During the installation of antennas (especially outdoor antennas), carry out operations

:h
strictly confirming to the regulations. Ensure strong signal strength first, and take surge

s
protection and waterproof measures to avoid accidents.
e
r c
For example, the two antennas on the same AP should be installed at a proper distance
u


o
according to the regulations. An improper distance between antennas may result in
s
Re
saturated received signals and severe interference. The two antennas in the left figure
should be installed at a larger distance.

n g
ni
 When the antennas are installed in the vertical direction, the distance between

a r
antennas should be around 1 meter. When the antennas are installed in the

L e horizontal direction, the distance between antennas should be around 2 meters.

e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :
1.

t t
Check whether the STA is working properly (the wireless adapter is enabled or not).

2.

s :h
Check whether surrounding wireless signals are normal. By using network diagnostic tools

r c e
(such as inSSIDer), you can check the status of the current signals and other signal
interference sources, such as a microwave oven.

ou
3.

correct password. es
Check whether the password is valid and correct. If the password is incorrect, enter the

R
4.

n g
Check whether the certificate is correctly installed for users who adopt dot1x

ni
authentication.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :
 Check whether the AP is faulty.
t t


s :h
Check whether the PWR indicators and network cable indicators are blinking
properly.

r c e


ou
Log in to the AC to check the AP status.


es
Check whether the AP obtains an IP address.

R
Run the display ip pool command on the DHCP server to check the IP address pool

n g
configuration.


r ni
If the AP does not obtain an IP address, configure the DHCP server to assign an IP

e a address to the AP.

e L
If the AP and AC cannot ping each other or one end cannot ping another end, modify the

or


VLAN configuration.

M  If the AP fails to be authenticated, add the AP to the whitelist.

 Check whether the number of APs connected to the AC reaches the upper limit.
 If no license is loaded, the AC6605 supports a maximum of four APs.
 If the number of connected APs reaches the upper limit, apply for and load an AP
license.
 Check whether the MAC address or SN of the AP conflicts with that of another AP.
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Note: If the power supply indicator (PWR) is off during the routine maintenance of an AP,

:h
the AP is powered off or the power supply (PoE/power adapter) is faulty.


e s
The status of indicators helps to locate the faults.

r c


ou
The indicators on APs produced by different vendors vary from each other slightly. For APs

s
of different types, the number of indicators and their locations are not the same.
e
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g .h
ni n
ar
// le
p :
 What are the WLAN troubleshooting methods?
t t
 Block troubleshooting method
s :h


c e
Segment troubleshooting method
r


ou
Replacement troubleshooting method


es
Which command can be used to check the status of all APs on an AC?
R


n g
Run the display ap all command to display the status of all APs.

r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
Small campus networks are deployed in small- and medium-sized enterprises. Its WLAN

:h
deployment scale is smaller than that on a large campus network but is greater than that

s
on a SOHO network. To reduce costs, a small campus network does not use dedicated
e
c
network management devices or authentication servers, resulting in low reliability. A small
r
u
campus network often uses the centralized AC networking. An independent AC or a
o
s
switch integrating AC functions can be deployed to implement the centralized AC
e
networking.
R
n g
This figure shows a centralized AC networking mode. After the WLAN is deployed, APs fail

ni


to go online.

a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
// le
p :
 The following lists common AP states:
t t
 idle: The AP is in idle state.
s :h


c e
normal: The AP is functioning properly.
r


ou
type-not-match: The AP type is not supported by the AC.

es
fault: The AP fails.
R


n g
config: The AP is initializing the configuration.

r ni
config-failed: The AP fails to initialize the configuration.

e

a download: The AP is loading the upgrade software.

e L committing: The WLAN service configuration is being committed.

or


 commit-failed: The WLAN service configuration fails to be committed.

M  standby: AP state on the standby AC

 ver-mismatch: The AP version does not match the AC version.

 If the AP status is fault, troubleshooting is required.

 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The IP address pool is ap on the AC. You can run the display ip pool name ap used

:h
command to check IP addresses in the pool. If there is an IP address, ping it. If the ping

s
operation succeeds, the AP successfully obtains an IP address. If the ping operation fails,
e
c
the AP fails to obtain an IP addresses or its IP address has expired.
r

ou
If another device functions as a DHCP server, to check whether the AP has obtained an IP

es
address on the DHCP server.
R


n g
If the AP does not obtain an IP address, check the following:

ni
 Whether the management VLAN is configured for all devices from the AP to the AC.

a r
Whether the AP's uplink ports to the AC are correctly configured.
e


e L  Whether Option 43 is configured in the IP address pool if Layer 3 networking is

or
deployed between the AP and AC.

M  In this case, the AC serves as a DHCP server, and the AP has obtained an IP address. This
indicates that the link between the AP and AC is normal. Check whether the AP passes
authentication.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
If the authentication mode is MAC address or SN authentication, run the display ap

:h
unauthorized record command to check whether unauthenticated APs exist. In this case,
add the AP offline to the AC.
e s
r c
If the authentication mode is none authentication or the AP has been added to the
u


o
authentication list, go to the next step.
s
Re
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
To address the authentication issue, you can run the ap-mac ap-mac [ type-id type-id |

:h
ap-type ap-type ] [ ap-id ap-id ] [ ap-sn ap-sn ] command in the WLAN view to add the
AP offline.
e s
r c
You can add APs in any of the following modes:
u


s o
Importing APs offline: The APs' MAC addresses and SNs are configured on an AC
e
before APs go online. The AC starts to set up connections with the APs if the MAC
R
g
addresses or SNs of the APs match the configured ones.

n
ni
 Automatically discovering APs: This mode applies to the scenario when the AP

a r
authentication mode is set to none authentication or the AP authentication mode is

L e set to MAC address or SN authentication and the AP whitelist is configured on the

e AC. When an AP in the whitelist connects to the AC, the AC automatically discovers

or the AP, and the AP goes online.

M  Manually authenticating APs in the unauthorized AP list: The AP authentication

mode is set to MAC address or SN authentication, and the AP whitelist is configured
on the AC. When an AP out of the whitelist connects to the AC, the AC adds the AP
to the list of unauthorized APs. The AP can go online only after the AP identity is
manually confirmed.

 In the AP view, you only need to enter the MAC address of the AP. If the specified AP
MAC address does not exist, the AP is added on the AC and the AP view is displayed.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The default authentication mode is MAC address authentication. You can also use the

:h
whitelist or add APs offline.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Weak signals usually include two types: low signal strength and poor signal quality.

s :h
Low signal strength makes STAs unable to properly go online or access the Internet.

r c e
It may result from low AP power or receiver sensitivity of the STA NIC. To address
the problem, adjust AP power or signal coverage.

ou


es
Poor signal quality is generally caused by severe interference in a wireless
environment. Typical issues caused by poor signal quality include difficult STA
R
g
association, frequent STA offline, and slow forwarding speed (packet loss or large

n
ni
delay in ping tests).

a r
L e
e
or
M
 n
/e
o m
e i.c
aw
u
g.h
ni n
ar
//le
p :


t t
Check the maximum number of concurrent users and the number of current online users

:h
on a VAP. If the parameter interface wlan-dbss in the command is not specified, the

s
maximum number of concurrent users and the number of current online users on all VAPs
e
are displayed.
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
The STA whitelist contains the MAC addresses of STAs that are allowed to connect to the

:h
WLAN. If the whitelist function is enabled but the STA MAC address not in the whitelist,
the STA cannot go online.
e s
r c
The STA blacklist contains MAC addresses of STAs that are not allowed to connect to the
u


o
WLAN. STAs in the blacklist cannot go online.
s


Re
If the blacklist function is enabled on the AP and the STA is in the blacklist, run the

g
undo ap blacklist mac ap-mac1 [ to ap-mac2 ] command to delete the STA from

n
ni
the blacklist.


a r
The blacklist/whitelist is classified into global AP blacklist/whitelist and VAP

L e
blacklist/whitelist. If an AP and a VAP are configured with the blacklist or whitelist function,

ea STA can connect to the WLAN only when it is permitted by both the configuration on

or the AP and VAP.

M  If the whitelist is enabled for the AP, run the ap-whitelist mac ap-mac1 to ap-
mac2 command to add the specified STA MAC address to the whitelist.
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
Check that dot1x authentication configurations are correct.

s :h
Check whether the security profile and authentication profile are bound to the VAP
profile.

r c e


ou
Check whether the WPA/WPA2-802.1x authentication policy is configured on the

s
security profile.
e

R
Check whether a dot1x access profile is bound to the authentication profile.

n g
Check the authentication mode configured in the dot1x access profile.

ni


a r
L e
e
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
If authentication fails, check the user name and password configuration on the RADIUS

:h
server.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
//le
p :


t t
On the Manage wireless networks page, it is found that the wireless network is not

:h
manually added. This is the fault cause. Manually add the wireless network.

e s
r c
ou
es
R
n g
r ni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :


t t
In the dialog box that is displayed, set the network name and security type, and then click

:h
Next.


e s
Click Change connection settings.

r c


ou
Click Properties. In the displayed dialog box, deselect Validate server certificate and

es
click Configure. Deselect Automatically use my Windows logon name and password
(and domain if any) and click OK.
R
n g
r ni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
 n
/e
o m
e i.c
aw
u
g .h
ni n
ar
// le
p :
 What methods can be used to add APs?
t t


s :h
You can add APs in any of the following modes:

c e
Importing APs offline: The APs' MAC addresses and SNs are configured on an
r
u
AC before APs go online. The AC starts to set up connections with the APs if

o
s
the MAC addresses or SNs of the APs match the configured ones.
e

R
Automatically discovering APs: This mode applies to the scenario when the AP

g
authentication mode is set to none authentication or the AP authentication
n
ni
mode is set to MAC address or SN authentication and the AP whitelist is

a r configured on the AC. When an AP in the whitelist connects to the AC, the AC

L e automatically discovers the AP, and the AP goes online.

e
or
 Manually authenticating APs in the unauthorized AP list: The AP
authentication mode is set to MAC address or SN authentication, and the AP
M whitelist is configured on the AC. When an AP out of the whitelist connects to
the AC, the AC adds the AP to the list of unauthorized APs. The AP can go
online only after the AP identity is manually confirmed.

 What command displays the maximum number of STAs connected to an AP?

 Run the display access-user-num command to view the maximum number of

concurrent users allowed on a VAP or an AP and the number of online users.
 n
/e
o m
ei.c
aw
u
g.h
ni n
ar
//le
p :
t t
s:h
r c e
ou
es
R
n g
rni
e a
e L
or
M
The privilege of HCNA/HCNP/HCIE:
With any Huawei Career Certification, you have the privilege on http://learning.huawei.com/en to enjoy:
n
 1、e-Learning Courses： Logon http://learning.huawei.com/en and enter Huawei Training/e-Learning
/e


o m
If you have the HCNA/HCNP certificate：You can access Huawei Career Certification and Basic Technology e-Learning
courses.
e i .c
If you have the HCIE certificate: You can access all the e-Learning courses which marked for HCIE Certification Users.

aw


Methods to get the HCIE e-Learning privilege : Please associate HCIE certificate information with your Huawei account, and

hu


email the account to Learning@huawei.com to apply for HCIE e-Learning privilege.

g .
 2、 Training Material Download
i n


arn
Content: Huawei product training material and Huawei career certification training material.


//le
Method：Logon http://learning.huawei.com/en and enter Huawei Training/Classroom Training ,then you can download
training material in the specific training introduction page.
p :
 3、 Priority to participate in Huawei Online Open Class (LVC)
t t


s :h
The Huawei career certification training and product training covering all ICT technical domains like R&S, UC&C, Security,

4、Learning Tools: rc e
Storage and so on, which are conducted by Huawei professional instructors.

u


s o
eNSP ：Simulate single Router&Switch device and large network.


R e
WLAN Planner ：Network planning tools for WLAN AP products.


n g
In addition, Huawei has built up Huawei Technical Forum which allows candidates to discuss technical issues with Huawei experts ,

ni
share exam experiences with others or be acquainted with Huawei Products.

a r
 Statement:
L e
r e
This material is for personal use only, and can not be used by any individual or organization for any commercial purposes.
o
M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1