H3C WLAN Controller Configuration | Enterprise Wireless project Setup step by step
Summary Insights:
- In our Enterprise solution section in last post we had covered the Huawei WLAN Controller setup, today we will focus on how to configure H3C WLAN controller & complete wireless project end to end to configure Switch, AP, AC & Firewall with internet mentioned in diagram.In last section of post I will add all device configuration step by step.
Design Description:
First let me explain you the diagram ,there are two Access point (AP,s) , one Switch , one Access controller (AC) & one firewall connected uplink with internet, in this article all device are from H3C.I will explain you H3C WLAN Controller configuration & enterprise wireless design all in different part as below.
VLAN (Control & Service) :
As you know that in wireless Network there are two type of VLAN one for control/Management VLAN to manage all Access points (AP,s) and another is service VLAN for end user like laptop , mobile phone etc to connect with internet.
In our design VLAN 50 for management & VLAN 100 for service.
DHCP Server Configuration :
I will configure DHCP server configuration on switch , two DHCP pool , one will dynamically assign IP address to AP,s & another to assign IP addresses to end user nodes.
Static Routing:
We will configure default static configuration on WLAN Controller toward Switch, from switch to Firewall & on Firewall toward Internet ISP & reverse routing for VLAN 50 & VLAN 100 as well.I will show you all configuration step by step.
Wireless SSID Configuration:
One SSID (ReadTech-Wifi-1) will configure on wireless controller for internet.
Devices Configuration:
WLAN Controller Configuration:
Below are two vlan configuration & vlanif/svi interface ip address on VLAN-50 & VLAN-100.
WLAN Group & Service Template configuration :
AP configuration on Controller:
Interface & static Route configurations:
Switch Configuration:
Below are the VLAN & VLANIF/SVI interface configurations on switch.
DHCP server configuration:
Two DHCP pool ,one for AP,s & another for services(user) ,we have fobidden controller vlan ip addresses from both DHCP pool.
forbidden ip also called excluded ip address means that don’t assign this ip to client from DHCP Pool.
Physical Interface & Static Routing:
There are four physcial ports from switch side one with Access controller , one with uplink Firewall and two ports connected with AP,s.
Default static routing toward Firewall
Firewall configurations:
On firewall there are multiple type of configuration required like Security Zone,Security policy ,static routing & other basic configuration.
Interface configurations:
Bydefualt ping is not allowed on firewall ports, we need to allow manually for both inbound & outbound direction.
#
interface GigabitEthernet1/0/1
port link-mode route
description toward-core-sw
ip address 10.10.1.1 255.255.255.252
manage ping inbound
manage ping outbound
#
interface GigabitEthernet1/0/4
port link-mode route
description toward-ISP-Internet
ip address 192.168.9.136 255.255.255.0
nat outbound
manage ping inbound
manage ping outbound
#
Security Zone:
Add LAN side interface in Trust Zone & WAN side interface in Untrust Zone.
#
security-zone name Trust
import interface GigabitEthernet1/0/1
#
security-zone name Untrust
import interface GigabitEthernet1/0/4
#
Security policy:
I will configure any any security policy just for testing purpose , you can configure as per your/customer requirments.
#
security-policy ip
rule 1 name Trust-untrsut
action pass
#
Static Routing:
On firewall three static routing first one toward Internet ISP device and two reverse routing for VLAN 50 & VLAN 100.
#
ip route-static 0.0.0.0 0 192.168.9.254
ip route-static 192.168.50.0 24 10.10.1.2
ip route-static 192.168.100.0 24 10.10.1.2
#
Verification on WLAN Controller AP online:
You can see below screenshot that both AP,s online in access controller & end user device also connected.
AP,s online
AP,s got ip address from VLAN 50
Two clients connected & get ip address from VLAN 100
Verification for Internet Access
Below wifi connected in my laptop & internet is pinging from CLI
Google is pinging from my laptop CLI
Thanks for reading if have any issue ,Please write comment I will share answer in comment section.will also happy to see your experience in comment section.
If you’d like to read about Huawei WLAN Controller & Firewall configuration, click the link below.
Hi readteknology.com Admin!
Hi Leora,
Thanks for your comment! How can I help you?