Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
WEP shared key authentication uses the RC4 symmetric stream cipher to encrypt data. This authentication method requires the same static key pre-configured on the server and client. Both the encryption mechanism and encryption algorithm can bring security risks to the network. The Wi-Fi Alliance developed Wi-Fi Protected Access (WPA) to overcome the shortcomings of WEP before more secure policies were provided in 802.11i. WPA still uses the RC4 algorithm, but it uses an 802.1X authentication framework and supports Extensible Authentication Protocol-Protected Extensible Authentication Protocol (EAP-PEAP) and EAP-Transport Layer Security (EAP-TLS) authentication, and defines the Temporal Key Integrity Protocol (TKIP) encryption algorithm. Later, 802.11i defined WPA2. WPA2 uses Counter Mode with CBC-MAC Protocol (CCMP), a more secure encryption algorithm than those used in WPA. Both WPA and WPA2 support 802.1X authentication and the TKIP/CCMP encryption algorithms, ensuring better compatibility. The two protocols provide almost the same security level and their difference lies in the protocol packet format. The WPA/WPA2 security policy involves four steps:
Link authentication can be completed in open system authentication or shared key authentication mode. WPA and WPA2 support only open system authentication. For details, see "Link Authentication" in STA Access. WPA and WPA2 have an enterprise edition and a personal edition.
802.1X authentication can be used to authenticate wireless and wired users, whereas PSK authentication is specific to wireless users. PSK authentication requires that a STA and an AC be configured with the same PSK. The STA and AC authenticate each other through key negotiation. During key negotiation, the STA and AC use their PSKs to decrypt the message sent from each other. If the messages are successfully decrypted, the STA and AC have the same PSK. If they use the same PSK, PSK authentication is successful; otherwise, PSK authentication fails. 802.11i defines two key hierarchies: pairwise key hierarchy and group key hierarchy. The pairwise key hierarchy protects unicast data exchanged between STAs and APs. The group key hierarchy protects broadcast or multicast data exchanged between STAs and APs. During key negotiation, a STA and an AC use the pairwise master key (PMK) to generate a pairwise transient key (PTK) and a group temporal key (GTK). The PTK is used to encrypt unicast packets, and the GTK is used to encrypt multicast and broadcast packets.
Key negotiation consists of unicast key negotiation and multicast key negotiation.
WPA and WPA2 support the TKIP and CCMP encryption algorithms.
This Document Applies to these Products Page 2
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Wired Equivalent Privacy (WEP), defined in IEEE 802.11, is used to protect the data of authorized users from tampering during transmission on a WLAN. WEP uses the RC4 algorithm to encrypt data using a 64-bit, 128-bit, or 152-bit encryption key. An encryption key contains a 24-bit initialization vector (IV) generated by the system, so the length of key configured on the WLAN server and client is 40-bit, 104-bit, or 128-bit. WEP uses a static encryption key. That is, all STAs associating with the same SSID use the same key to connect to the wireless network. A WEP security policy defines a link authentication mechanism and a data encryption mechanism. Link authentication mechanisms include open system authentication and shared key authentication. For details about link authentication, see "Link Authentication" in STA Access.
This Document Applies to these Products Page 3
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
A WDS profile contains major parameters required for configuring the WDS function. To enable radios of an AP group or a specified AP to set up Mesh links, a WDS profile must be applied to the radios. When configuring WDS services, use the WDS profile with the following profiles:
By default, the system provides the WDS profile default. By default, the security profile default-wds with the security policy WPA2+PSK+AES is referenced by a WDS profile regardless of whether the WDS profile is the default profile provided by the system or a WDS profile created by users. If the default security profile default-wds is used, you are advised to change the security key of the profile to ensure security. The default username and password are available in WLAN Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it. For details, see Configuring a WDS Profile.
This Document Applies to these Products Page 4
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
WIDS profiles provide mechanisms to protect WLAN networks. WIDS profiles are bound to AP groups or APs so that they can take effect. A WIDS profile supports the following functions:
This Document Applies to these Products Page 5
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
An AP communicates with an IoT card through a serial port. Each IoT card interface uses independent serial communication parameters and framing parameters. The serial communication parameters and framing parameters can be set in a serial profile.
This Document Applies to these Products Page 6
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
You can add APs in any of the following modes:
Depending on its location on a WDS network, an AP can work in root, middle, or leaf mode. As shown in Figure 15-10, AP1 is a root node, AP2 is a middle node, and AP3 is a leaf node. You can configure an AP's working mode based on actual situations. Figure 15-10 WDS networking
This Document Applies to these Products Page 7
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
You can add APs in any of the following modes:
On a Mesh network, you can deploy an AP as an MPP or MP based on the location of the AP, as shown in Figure 16-7. Select a proper method to add APs on an AC according to actual situations. Figure 16-7 Mesh networking diagram
This Document Applies to these Products Page 8
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
You can add APs in any of the following modes:
When you add an AP in any of the preceding modes, the AP cannot connect to the AC if the MAC address of the AP is in the AP blacklist. After you add an AP to an AC offline and configure AP parameters, for example, AP group which the AP joins by default, the AP can go online and use the configured data to work. When the AC is configured to automatically discover APs, an AP uses the default parameters to work after going online. Adding an AP offline is recommended when the MAC address or SN of the AP is already learned. The AP blacklist and whitelist can be configured at the same time. However, the MAC address of an AP cannot be added to the AP blacklist and whitelist at the same time. If AP whitelist and blacklist are all configured, check whether an AP is on the blacklist first. The number of APs managed by an AC is restricted by the following factors:
This Document Applies to these Products Page 9
This Document Applies to these Products Page 10
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
When patients need infusions, nurses use barcode printers to print barcodes and paste them on fluid bags. They use handheld digital terminals to scan barcodes on patients' wrist straps and fluid bags, and associate fluid information with patient information. The infusion management system monitors infusion conditions in real time. When the fluid dripping speed is too fast or slow, or infusion is complete, audible alarms are generated on the LCD at nurse workstations. After hearing the alarms, nurses can adjust the fluid dripping speed or take other actions. Manage infusions according to related documents obtained from the infusion management system vendor. The detailed operations are not described in this document.
This Document Applies to these Products Page 11
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
This Document Applies to these Products Page 12
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
This Document Applies to these Products Page 13
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Figure 15-1 WDS networking
A WDS network can be deployed in point-to-point or point-to-multipoint mode.
This Document Applies to these Products Page 14
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
This Document Applies to these Products Page 15
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
If an AP cannot work properly after being upgraded, reset the AP. You can run the display ap all command to check the AP State field to determine whether an AP is working properly. If the State field displays name-conflicted, ver-mismatch, config, config-failed, committing, or commit-failed, an AP fails to work properly.
Exercise caution when resetting an AP because services on the AP will be interrupted.
This Document Applies to these Products Page 16
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
To disconnect an AP from the current AC or enable an AP to go online on another AC, you can delete the AP from the current AC.
Deleting an AP will interrupt services of STAs connected to the AP. Exercise caution when you delete an AP.
This Document Applies to these Products Page 17
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
On an AC + Fit AP network, one AC manages many APs. Usually, you need to perform the same configurations on the APs. In this situation, you can add the APs to an AP group and perform configurations uniformly in the AP group, which simplifies operations. All APs in the group use the same configurations. Each AP must and can only join one AP group. An AP group contains configurations shared by all APs. You can configure configurations specific to a single AP in the AP view. By default, an AP automatically joins the AP group default. The AP group default cannot be deleted, but you can modify configurations in the default AP group. By default, an AP group has the following profiles bound: AP system profile default, 2G radio profile default, 5G radio profile default, regulatory domain profile default, WIDS profile default, and AP wired port profile default.
Before creating an AP group, perform the task of CLI Login Configuration.
After an AP group is created, you need to add APs to the AP group so that the APs can use configurations in the group. For details, see Adding APs.
This Document Applies to these Products Page 18
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
In a WIDS profile, you can configure various WIDS and WIPS services. You can create multiple WIDS profiles to carry different WIDS services and apply the profiles to different APs as required.
This Document Applies to these Products Page 19
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
An AP wired port profile provides configurations of AP wired ports. AP wired port link profiles can be bound to AP wired port profiles. AP wired port link profiles are used to configure link-layer parameters of AP wired ports. The following configurations are performed in an AP wired port profile:
For details, see Managing an AP's Wired Interface.
This Document Applies to these Products Page 20
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
After the rogue device containment function is enabled, rogue APs can be detected and contained. However, there may be APs of other vendors or on other networks working in the existing signal coverage areas. If these APs are contained, their services will be affected. To prevent this situation, you can configure the WIDS whitelist profile to add these APs to a WIDS whitelist which includes an authorized MAC address list, OUI list, and SSID list.
This Document Applies to these Products Page 21
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
On a WLAN, the operating status of APs is affected by the radio environment. For example, adjacent APs using the same working channel interfere with each other, and a large-power AP can interfere with adjacent APs if they work on overlapping channels. Radio calibration can dynamically adjust channels and power of APs managed by the same AC to ensure that the APs work in a way that optimizes performance.
Radio calibration requires the following components for implementation:
ACs support global radio calibration and partial radio calibration:
This Document Applies to these Products Page 22
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Before re-configuring online parameters of APs in the AP provisioning view, clear existing configurations. The cleared configurations cannot be restored. Exercise caution when you run the following command.
This Document Applies to these Products Page 23
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configurations in the AP provisioning view are not automatically delivered to APs. You have to manually deliver them to APs. After the configuration is committed, the AP receives the configuration and compares the configuration with its local configuration.
If the name or static IP address of an AP is specified in the AP provisioning view, the configuration is delivered only to the AP by specifying the AP name or MAC address, but cannot be delivered to APs in the specified AP group. If you commit configurations to a large number of APs simultaneously, some of the APs may fail to receive the configurations. In this case, you are advised to commit the configurations again.
This Document Applies to these Products Page 24
Page 25
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The band steering function enables an AP to steer STAs to the 5 GHz radio first, which reduces traffic load and interference on the 2.4 GHz radio and improves user experience. Before configuring band steering, complete the following tasks:
To allow a STA to preferentially associate with the 5 GHz radio and achieve a better access effect, configure larger power for the 5 GHz radio than the 2.4 GHz radio. Single-radio devices do not support the band steering function. The AP2010DN does not support the band steering function.
This Document Applies to these Products Page 26
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Most STAs on the live network support both 5 GHz and 2.4 GHz frequency bands. When attempting to join a WLAN, some of the STAs associate with the 2.4 GHz radio of APs by default. As a result, the 2.4 GHz frequency band with fewer channels is congested, heavily-loaded, and has severe interference. The 5 GHz frequency band with more channels and less interference is not well used. When the 2.4 GHz frequency band has many users or severe interference, the 5 GHz frequency band can provide better access service for wireless users. Users must manually select the 5 GHz radio to connect to it. The band steering function enables an AP to steer STAs to the 5 GHz radio first, which reduces traffic load and interference on the 2.4 GHz radio and improves user experience.
To implement band steering, an AP must have the same SSID and security policy on the 5 GHz and 2.4 GHz radios. Figure 8-9 shows the implementation of band steering, involving two phases: Figure 8-9 Band steering
For example, if a STA requests to associate with the AP on the 2.4 GHz radio but the number of access STAs on the AP has exceeded the start threshold for load balancing between radios, the AP implements load balancing between the 2.4 GHz and 5 GHz radios according to the value computed based on the formula: (Number of access STAs on the 5 GHz radio – Number of access STAs on the 2.4 GHz radio)/Number of access STAs on the 5 GHz radio x 100%. If the value is greater than the load difference threshold, the AP preferentially associates with the STA on the 2.4 GHz radio; otherwise, the AP preferentially associates with the STA on the 5 GHz radio.
This Document Applies to these Products |