Partners
Log in
Compare Products
Hide
VS
Default Settings
AC:No default IP address.
AP:Default IP address is 192.168.110.1(or 192.168.1.1), and both console & telnet password are "admin", default enable password is "apdebug"
Following wall AP have different default settings
AP120-W
In Fit mode, IP address of both LAN port and Uplink port IP are 192.168.110.1/24
In Fat mode, IP address of LAN port is 192.168.111.1/24; IP address of Uplink port is 192.168.110.1/24
AP110-W
IP address of Rear panel is 192.168.110.1/24
IP address of Front panel is 192.168.111.1/24
Connect cables as below diagram
Cables
console cable, USB to RS232 cable
Putty
Open software Putty, set baud rate to 9600
I. Network Topology
II. Configuration Steps
Configuring Telnet& enable password on AC
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#interface vlan 1
Ruijie(config-if-vlan 1)#ip address 192.168.1.1 255.255.255.0
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
Ruijie(config)#line vty 0 4
Ruijie(config-line)#password ruijie
Ruijie(config-line)#login
Ruijie(config)#enable password ruijie
Configuring Telnet & Enable password on AP
Console connect to device and set passwords, default ap-mode is fit.
User Access Verification
Password: default password is "ruijie"
Ruijie>
Ruijie>enable
Password: default password is "apdebug"
Ruijie#configure terminal
Ruijie(config)#interface bvi 1
Ruijie(config-if-bvi 1)#ip address 192.168.1.1 255.255.255.0
Ruijie(config-if-bvi 1)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#encapsulation dot1Q 1
%Warning: Remove all IP address.
Ruijie(config-if-GigabitEthernet 0/1)#exit
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
Ruijie(config)#line vty 0 4
Ruijie(config-line)#password ruijie
Ruijie(config-line)#login
Ruijie(config)#enable password ruijie
Note: when ap-mode change from fit to fat, the default password changes as follow:
User Access Verification
Password: default password is "admin"
Ruijie>
Ruijie>enable
Password: no default password
Ruijie#configure terminal
III. Verification
Save configuration
Ruijie(config)#end
Ruijie#write
Note:
windows7&8 telent client function is not enabled by default, you need to enable the telnet functionality.
Taking Windows 7 as an example:
Control panel - procedures and functions - to open or close the windows function - check the telnet client - select "to determine"
I. Network Topology
II. Configuration Steps
Configuring SSH on AC
Ruijie>enable
Password:
Ruijie#configure terminal
Ruijie(config)#enable service ssh-server
Ruijie(config)#crypto key generate dsa
Choose the size of the key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit DSA keys. ..[ok]
Ruijie(config)#interface vlan 1
Ruijie(config-if-VLAN 1)#ip address 192.168.1.1 255.255.255.0
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2
Ruijie(config)#enable password ruijie
Method 1:Login with password
Ruijie(config)#line vty 0 4
Ruijie(config-line)#password ruijie
Ruijie(config-line)#login
Ruijie(config-line)#end
Ruijie#write
Building configuration...
[OK]
Ruijie#
Method 2:Login with username & password
Ruijie(config)#line vty 0 4
Ruijie(config-line)#login local
Ruijie(config-line)#exit
Ruijie(config)#username admin password ruijie
Ruijie(config)#end
Ruijie#write
Building configuration...
[OK]
Ruijie#
III. Verification
Open Putty, choose Connection type "SSH", input IP address.
To display SSH service status, execute following commands
I. Network Topology
II. Configuration Steps
Configuring WEB GUI on AC
Ruijie#configure terminal
Ruijie(config)#enable service web-server
Ruijie(config)#vlan 1
Ruijie(config-vlan)#interface vlan 1
Ruijie(config-if-VLAN 1)#ip address 192.168.1.1 255.255.255.0
Ruijie(config-if-VLAN 1)#exit
Ruijie(config)#webmaster level ?
<0-2> Web auth privilege level (0 is the highest level)
Ruijie(config)#webmaster level 0 username ruijie password ruijie
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254
Note:
1. AM5528 does not support web management.
1. Only user “admin” and “ruijie” could be created on cli page, for other account, If you have the web management requirements, please create it on web interface, relative err prompt are shown as follow:
III. Verification
Visit web GUI at http://192.168.1.1, it is recommended that access WEB GUI with IE 8.0 and above version in compatible mode.
If administrator forgot IP address of Wall-AP, and do not want to recover factory setting, follow below steps:
1. Power on AP, and connect AP as below diagram:
1. Open packet capture tool, here take Wireshark as example:
1. Check ARP packets, and 192.168.51.54 is correct IP 
1. Try to telnet AP
1. If above method doesn't work, suggest to restore factory default.
I. Network Topology
II. Requirements
1. Visit official website at www.ruijienetworks.com to request firmware.
1. Run TFTP Server, and put AP&AC firmware in the same folder. Here take Ruijie TFTPServer as example.
TFTP Server should be able to communicate with AC.
1. AC has built CAPWAP tunnel with APs
1. Read Release Note carefully, pay attention to the "upgrade file"
1. DO NOT restart or POWER OFF AC&AP during upgrades.
1. Login AC CLI via console, telnet or SSH.
III. Configuration Steps
Upgrading AC
Attention:In hot-backup scenario, please remove all networks cables on ACs in case of synchronization issue caused by inconsistent firmware.
1. Display current firmware version and backup relative configuration files.
Ruijie# copy flash:config.text tftp://192.168.1.100/config.text --->backup the configuration files of AC to TFTP Server.
Ruijie# copy flash:ap-config.text tftp://192.168.1.100/ap-config.text ---> backup the configuration of AP to TFTP Server.
Ruijie#show version detail
System description : Ruijie 10G Wireless Switch(WS6008) By Ruijie Networks.
System uptime : 0:02:15:24
System hardware version: 1.0
System software version: AC_RGOS 11.1(5)B80P3, Release(04131820)
System patch number : NA
System software number : M20361001182017
System serial number : 1234942570002
System boot version : 2.0.19.97cfa98(161210)
System core version : 2.6.32.355270930a6bde
System cpu partition : 4-11
1. Transfer new firmware to AC, execute below commands:
Ruijie#upgrade download tftp://192.168.1.100/rgos.bin
III. Verification
After reloading, execute command "show version" to verify firmware version.
Ruijie#show version detail
System description : Ruijie 10G Wireless Switch(WS6008) By Ruijie Networks.
System uptime : 0:02:15:24
System hardware version: 1.0
System software version: AC_RGOS 11.1(5)B80P3, Release(04131820)
System patch number : NA
System software number : M20361001182017
System serial number : 1234942570002
System boot version : 2.0.19.97cfa98(161210)
System core version : 2.6.32.355270930a6bde
System cpu partition : 4-11
Upgrading Fit APs
Attention:Generally, the fit ap and ac can work normally only when the versions of them are consistent
1. Display current ap firmware version on AC, execute commands "show version all"
Ruijie#show version detail
System description : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.
System start time : 1969-12-31 23:59:59
System uptime: 0:00:01:09
System hardware version: 1.10 ------>hardware version
System software version: AP_RGOS 11.1(5)B3, Release(02160403)------>software version
System patch number : NA
System software number : M03112104042015
System serial number: G1GDB16019485
System boot version : 1.1.1.6822c2a(140920)
System core version : 2.6.32.ab930e7d22374b
1. To transfer AP new firmware to AC, execute below commands:
Ruijie#copy tftp://192.168.1.100/330.bin flash:330.bin
Press Ctrl+C to quit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Copy success
1. To configure ap-serial, execute below commands:
Ruijie(config)#ac-controller
Ruijie(config-ac)#active-bin-file flash:330.bin
Ruijie(config-ac)#ap-image auto upgrade
1. After AP reloading, APs will establish CAPWAP tunnel with AC.
III. Verification
1. Display AP upgrading progress, execute commands "show ap-config updating-list"
Ruijie#show ap-config updating-list
AP NAME AP PID File Tx Time AP Reset Ready
---------------------- --------------- -------- ------------ -----------
AP330-I AP330-I 20 % 00:00:06 N
1. Display current ap firmware version on AC, execute commands "show version all"
Ruijie>show version
System description : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.
System start time : 1970-01-01 00:00:01
System uptime: 0:00:01:52
System hardware version: 1.10
System software version: AP_RGOS 11.1(5)B5, Release(02182520)
System patch number : NA
System serial number: G1GDB16019485
System boot version : 1.1.1
I. Network Topology
II. Requirements
1. Visit official website at www.ruijienetworks.com to request firmware.
1. Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.
TFTP Server should be able to communicate with AP.
1. Read Release Note carefully, pay attention to the "upgrade file"
1. DO NOT restart or POWER OFF AP during upgrades.
1. Login AP CLI via console, telnet or SSH.
Attention: Wall APs, like AP130 (W2) & AP130L, do not have console port. See Device Management -->Conventions to learn the default IP address.
III. Configuration Steps
Upgrading FAT APs
1. Backup configuration files to TFTP Server, and display current firmware version
Ruijie#copy flash:config.text tftp://192.168.1.100/config.text --->backup configuration files of AP to TFTP Server
Ruijie#show version detail ---> check version
System description : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.
System start time : 1969-12-31 23:59:59
System uptime: 0:00:01:09
System hardware version: 1.10
System software version: AP_RGOS 11.1(5)B3, Release(02160403)
System patch number : NA
System software number : M03112104042015
System serial number : G1GDB16019485
System boot version : 1.1.1.6822c2a(140920)
System core version : 2.6.32.ab930e7d22374b
1. Display current ap mode
AP320#show ap-mode
current mode: fat
AP320#
1. Transfer new firmware to AP, execute below commands:
Ruijie#upgrade download tftp://192.168.1.100/330-b5.bin
Upgrade the device must be auto-reset after finish, are you sure upgrading now?[Y/n]y
Running this command may take some time, please wait.
Please wait for a moment......
Press Ctrl+C to quit
!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!.!!!
Begin to upgrade the install package 330-b5.bin... --->reload automatically
*Jan 1 00:03:52: %7: Upgrade processing is 10%
Uncompress file 330-b5.bin. .......
IV. Verification
After reloading, execute command "show version" to verify firmware version.
Ruijie#show version detail
System description : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.
System start time : 1970-01-01 00:00:01
System uptime: 0:00:01:09
System hardware version: 1.10
System software version: AP_RGOS 11.1(5)B5, Release(02182520)
System patch number : NA
System software number : M20085306252015
System serial number : G1GDB16019485
System boot version : 1.1.1.6822c2a(140920)
System core version : 2.6.32.720c78d1a03d63
I. Network Topology
II. Requirements
1. Visit official website at www.ruijienetworks.com to request firmware.. 
1. Run TFTP Server, and put AP&AC firmware in the same folder. Here take Ruijie TFTPServer as example.
TFTP Server should be able to communicate with AC.
1. AC has built CAPWAP tunnel with APs
1. Read Release Note carefully, pay attention to the "upgrade file"
1. DO NOT restart or POWER OFF AC&AP during upgrades.
1. Login AC CLI via console, telnet or SSH.
III. Configuration Steps
Upgrading AC
Attention:In hot-backup scenario, please remove all networks cables on ACs in case of synchronization issue caused by inconsistent firmware.
1. Display current firmware version and backup relative configuration files.
Ruijie#copy flash:config.text tftp://172.18.158.204/config.text --->backup the configuration files of AC to TFTP Server.
Ruijie#copy flash:ap-config.text tftp://172.18.158.204/ap-config.text ---> backup the configuration of AP to TFTP Server.
1. Transfer new firmware to AC, execute below commands:
Ruijie#copy tftp://172.18.158.204/AC_RGOS10.x_TO_11.x(Mid)_G1C5-01_02172111.bin flash:rgos.bin
After reloading, execute command "show version" to verify firmware 
1. Because the configuration files will lost when upgrade to mid version, need to import the config.text, and test the connection between AC and terminal, then Downgrade AC to target version 11.x
Ruijie#upgrade download tftp://192.168.1.100/AC_RGOS11.1(5)B8_G1C5-01_03151003_install.bin
IV. Verification
After reloading, execute command "show version" to verify firmware version
Upgrading Fit APs
1. Transfer 11.x and mid version of AP to AC, execute below commands:
Ruijie#copy tftp://172.18.158.204/AP_RGOS10.x_TO_11.x(Mid)_S2C3-01_02201910.bin flash:ap530-mid.bin
Ruijie#copy tftp://172.18.158.204/AP_RGOS11.1(5)B8_S2C3-01_03151007_install.bin flash:ap530.bin
1. To configure ap-serial, execute below commands:
Ruijie(config)#ac-controller
Ruijie(config-ac)#active-bin-file ap530-mid.bin rgos10
Ruijie(config-ac)#active-bin-file ap530.bin
Ruijie(config-ac)#ap-serial ap530 AP530-I hw-ver 1.x
Ruijie(config-ac)#ap-image ap530-mid.bin ap530
Ruijie(config-ac)#ap-image ap530.bin ap530
IV. Verification
1. After reloading, execute command "show version" to verify firmware version
1. After AP reloading, APs will build CAPWAP tunnel with AC.
I. Network Topology
II. Requirements
1. Visit official website at www.ruijienetworks.com to request firmware.
1. Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.
TFTP Server should be able to communicate with AP.
1. Read Release Note carefully, pay attention to the "upgrade file"
1. DO NOT restart or POWER OFF AP during upgrades.
1. Login AP CLI via console, telnet or SSH.
Attention: Upgrade from 10.X to 11.X, configuration will lost, backup the configuration before downgrading; need to downgrade to mid version first.
III. Configuration Steps
Upgrading FAT APs
1. Backup configuration files to TFTP Server, and display current firmware version
Ruijie#copy flash:config.text tftp://192.168.111.2/config.text --->backup configuration files of AP to TFTP Server
1. Display current ap mode
Ruijie#show ap-mode
current mode: fat
1. Transfer new firmware to AP, execute below commands:
Ruijie#copy tftp://192.168.111.2/AP_RGOS10.x_TO_11.x(Mid)_S2C3-01_02201910.bin flash:rgos.bin
Upgrade the device must be auto-reset after finish, are you sure upgrading now?[Y/n]y
Running this command may take some time, please wait.
Please wait for a moment......
Press Ctrl+C to quit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Verification
1. downgrade to target version 11.x
Ruijie# upgrade download tftp://192.168.111.2/AP_RGOS11.1(5)B8_S2C3-01_03151007_install.bin
1. reload and verification
I. Network Topology
II. Requirements
1. Visit official website at www.ruijienetworks.com to request firmware.
1. Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.
TFTP Server should be able to communicate with AP.
1. Read Release Note carefully, pay attention to the "upgrade file"
1. DO NOT restart or POWER OFF AP during upgrades.
1. Login AP CLI via console, telnet or SSH.
Attention: Downgrade from 11.X to 10.X, configuration will lost, backup the configuration before downgrading; need to downgrade to mid version first.
III. Configuration Tips
Downgrading FIT APs
1. Backup configuration files on ac
1. Transfer mid version of AP to AC
TFTP Server should be able to communicate with AC.
1. Active version of AP
1. Read Release Note carefully, pay attention to the "downgrade file"
1. DO NOT restart or POWER OFF AC&AP during upgrades.
1. Login AC CLI via console, telnet or SSH.
IV. Configuration Steps
Downgrading AC
Attention:In hot-backup scenario, please remove all networks cables on ACs in case of synchronization issue caused by inconsistent firmware.
1. Display current firmware version
Downgrading Fit APs
1. To transfer AP new firmware to AC, execute below commands:
Ruijie#copy tftp://192.168.1.100/AP_RGOS11.1(2)B1_AP320_v2.0_degrade.bin flash:320-mid.bin
2 To configure ap-serial, execute below commands:
Ruijie#config terminal
Ruijie(config)#ac-controller
Ruijie(config-ac)#active-bin-file 320-mid.bin
Ruijie(config-ac)#ap-serial ap320 AP320-I hw-ver 1.x
Ruijie(config-ac)#ap-image ap320-mid.bin ap320
Ruijie(config-ac)#end
Ruijie#wr
1. telnet APs and verify the current version
Ruijie#show version
System description : Ruijie Indoor AP320-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.
System start time : 1970-01-01 0:0:0
System uptime: 0:0:0:44
System hardware version: 1.10
System software version: RGOS 10.4(1b19)p2, Release(175879)
System boot version : 10.4.155446(Master), 10.4.155446(Slave) -àmid version of AP
System serial number : G1GDC13025434
1. Downgrade AC from 11.X to 11.X_to_10.X(Mid), execute below commands:
Ruijie#upgrade download tftp://172.18.158.204/AC_RGOS11.x_TO_10.x(Mid)_G1C5-02_02172016.bin force
Verification
After reloading, execute command "show version" to verify firmware 
1. Because the configuration files will lost when downgrade to mid version, need to import the config.text, and test the connection between AC and terminal, then Downgrade AC to target version 10.x
Ruijie#copy tftp://172.18.158.205/WLAN-AC-50XX_10.4(1b19)p2_R179742.bin flash:rgos.bin
Ruijie#reload
Verification
1. After downgrading the AC, the configuration will loss, need to import the ac configuration.
Ruijie#copy tftp://192.168.1.100/config.text flash:config.text
Ruijie#copy tftp://192.168.1.100/ap-config.text flash:ap-config.text
Ruijie#reload
1. Downgrade AP to target version 10.x
Ruijie#copy tftp://192.168.1.100/AP320_10.4(1b19)p2_R179742.bin flash 320I.bin
Ruijie#configure terminal
Ruijie(config)#ac-controller
Ruijie(config-ac)#active-bin-file 320I.bin
Ruijie(config-ac)#ap-serial ap320 AP320-I hw-ver 1.x
Ruijie(config-ac)#ap-image 320I.bin ap320
Ruijie(config-ac)#end
Ruijie#wr
V. Verification
Ruijie#show version
System description : Ruijie Indoor AP320-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.
System start time : 2015-01-05 12:37:41
System uptime: 4:0:24:8
System hardware version: 1.10
System software version: RGOS 10.4(1b19)p2, Release(179742)
System boot version : 10.4.155446(Master), 10.4.155446(Slave)
System serial number : G1GD91300419A
I. Network Topology
II. Requirements
1. Visit official website at www.ruijienetworks.com to request firmware.
1. Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.
TFTP Server should be able to communicate with AP.
1. Read Release Note carefully, pay attention to the "upgrade file"
1. DO NOT restart or POWER OFF AP during upgrades.
1. Login AP CLI via console, telnet or SSH.
Attention: Downgrade from 11.X to 10.X, configuration will lost, backup the configuration before downgrading; need to downgrade to mid version first.
III. Configuration Steps
Downgrading FAT APs
1. Backup configuration files to TFTP Server, and display current firmware version
Ruijie#copy flash:config.text tftp://192.168.111.2/config.text --->backup configuration files of AP to TFTP Server
1. Display current ap mode
Ruijie#show ap-mode
current mode: fat
1. Transfer new firmware to AP, execute below commands:
Ruijie#upgrade download tftp://192.168.111.2/AP_RGOS11.x_TO_10.x(Mid)_S2C3-01_02180712.bin
Upgrade the device must be auto-reset after finish, are you sure upgrading now?[Y/n]y
Running this command may take some time, please wait.
Please wait for a moment......
Press Ctrl+C to quit
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*Jan 1 00:04:27: %7:
*Jan 1 00:04:27: %7: Begin to upgrade the install package AP_RGOS11.x_TO_10.x(Mid)_S2C3-01_02180712.bin...
*Jan 1 00:04:27: %7: Upgrade processing is 10%
RG-UPGRADE:package.c:621]Old md5 value(/rootfs.ubi):
[RG-UPGRADE:rpm_opt.c:374]:e2d4e747428247db1ca518ade88d0bb1
Verification
1. downgrade to target version 10.x
Ruijie#copy tftp://192.168.111.2/AP530-PPC_10.4(1b19)p2_R179742.bin flash:rgos.bin
1. reload and verification
I. Network Topology
II. Requirements
1. Generally, we recover firmware under BOOT mode if we deletes firmware on Main Mode by mistake, firmware broken or any other unknown reasons that devices cannot boot up and enter Main Mode.
1. Finish reading Device Management --> System Management --> Firmware Upgrade, have knowledge of how to transfer firmware with TFTP server.
1. It's applicable for both AC and APs with console port. Not applicable for Wall APs without console port.
Note: remember to turn off Windows Defender protection and system firewall.
III. Configuration Steps
1. Restart devices, press "CTRL + C" when system prompts, enter BOOT Mode, Input 0
1. Input 1, then upgrade firmware with the following steps.
1. Input "yes"
1. Press "CTRL+Z" return to upper level, then choose "2" to run main
IV. Verification
Devices succeed to enter Main mode, execute command "show version", check the firmware version.
Ruijie#show version
I. Network Topology
II. Requirements
1. Generally, we recover firmware under BOOT mode if we deletes firmware on Main Mode by mistake, firmware broken or any other unknown reasons that devices cannot boot up and enter Main Mode.
1. Finish reading Device Management --> System Management & --> Firmware Upgrade, have knowledge of how to transfer firmware with TFTP server.
III. Configuration Steps
1. Open Wireshark, load a packet capture process as below. AP 192.168.64.163 lost firmware and is requesting 192.168.64.1 for firmware.
1. Assign IP address 192.168.64.1 to laptop, enable TFTP Server and also prepare the firmware.
1. Edit a notepad name as "FileList.txt", put it in the same folder as shown above, the content is the firmware name you're going to transfer
1. AP will begin downloading firmware soon, verify by viewing TFTP Server connection status.
1. AP will reload when finish recovering firmware
IV. Verification
Login AP via telnet and AP is recovered.
I. Network Topology
II. Requirements
1. Finish reading System Management --> Console Management.
1. Login AC CLI via Console.
III. Configuration Steps
Recovering AC password (configuration file remains)
1. Power off AC, then power up.
1. Press CTRL + C, enter CTRL mode.
1. Input CTRL+Q, enter uboot mode. And then input "main_config_password_clear"
1. Device will reload automatically.
1. When finish reloading, enter CLI without input password.
Note: The default timeout period is 10min. Please change your password before time out.
1. Change password, and then use the command “wr” to save your configuration.
1. save configuration
Re-login AC, execute commands "show runing-config" to check configurations.
I. Requirements
1. Finish reading Device Management --> System Management
1. Login CLI via console, telnet or SSH
II. Configuration Steps
Execute command "dir" to check file system
Ruijie#dir
Mode Link Size MTime Name
-------- ---- --------- ------------------- ------------------
1 1600 1970-01-02 01:31:10 config.text
1 11729 2015-06-18 02:03:26 cw_teardown_info.txt
<DIR> 1 0 1970-01-01 00:00:00 dev/
1 33 2015-06-03 00:04:25 dhcp_bind.dat
<DIR> 4 0 1970-01-01 00:00:18 pkistore/
<DIR> 5 0 1970-01-01 00:00:11 portal/
<DIR> 0 0 1970-01-01 00:00:00 proc/
<DIR> 1 0 1970-01-01 00:00:01 ram/
1 1529 2015-03-09 16:31:28 reset.txt
1 8359680 2015-03-09 16:31:26 rgos.bin
<DIR> 2 0 1970-01-01 00:00:08 tmp/
1 150740 1970-01-01 00:00:12 ucs_big5.db
1 239708 1970-01-01 00:00:12 ucs_gb.db
<DIR> 4 0 1970-01-01 00:00:12 web/
1 2766752 1970-01-01 00:00:10 web_management_pack.upd
--------------------------------------------------------------
12 Files (Total size 12243866 Bytes), 7 Directories.
Total 132120576 bytes (126MB) in this device, 115515392 bytes (110MB) available.
"config.text" is configuration file, execute commands "del config.text" to set factory default
Ruijie#del config.text
Are you sure you want to delete "config.text"?[Yes/No]y
Ruijie#reload
Processed with reload? [no]y
After reloading, execute commands "show running-config" to check configuration.
I. Requirements
1. Finish reading Device Management --> System Management
1. Login CLI via console, telnet or SSH
II. Configuration Steps
Restore Factory Default
AC#conf t
AC(config)#ac-controller
AC(config-ac)#reset ?
all Reset the all APs in this AC.
single Reset the single ap.
Then the fit ap will restart automatically.
III. Verification
After reloading, execute commands "show running-config" to check configuration.
Especially, for Wall AP including AP110W, AP120W, AP130W
Long press "reset" button more than 8 seconds to set factory default.
I. Requirements
1. Finish reading System Management
1. Login device CLI via Console, telnet or SSH.
II. Configuration Steps
Execute command "dir" to check file system
WS6008#dir
Directory of flash:/
Number Properties Size Time Name
------ ---------- ------ ------------------------ --------------------
1 drwx 160B Mon Oct 10 19:27:37 2016 dev
2 drwx 160B Mon Mar 21 17:32:15 2016 rep
3 drwx 224B Mon Mar 21 17:32:16 2016 var
4 drwx 160B Mon Oct 10 19:27:40 2016 addr
5 -r-- 4.1k Wed Nov 2 16:27:00 2016 tmp_env.txt
6 -rwx 5.0k Mon Mar 21 17:32:36 2016 hwd.db
7 -rw- 2.9k Tue Oct 11 12:39:39 2016 virtual_switch.text
8 drwx 304B Mon Mar 21 17:32:42 2016 security
9 -rwx 180B Fri Nov 4 16:48:45 2016 config_vac.dat
10 -rw- 14.8k Fri Nov 4 16:48:46 2016 config.text
11 -rwx 384B Thu Sep 29 10:21:54 2016 LIC-WLAN-AP-3200000003956646.lic
12 -rwx 18B Mon Sep 26 17:35:26 2016 test.txt
13 -rw- 718B Tue Oct 11 09:14:18 2016 ap-standalone.text
14 -rwx 696B Mon Mar 21 17:32:30 2016 httpd_cert.crt
15 -rwx 21B Fri Nov 4 16:48:45 2016 syslog_rfc5424_flag.txt
16 drwx 424B Tue Mar 29 16:50:43 2016 portal
17 -rwx 44.4M Mon Oct 31 18:20:17 2016 AM_RGOS11.1(5)B9_G1B5-01_03211300_install.bin
18 -rwx 620B Tue Oct 11 12:39:27 2016 rsa_private.bin
19 -rwx 336B Sun Oct 30 15:32:36 2016 dsa_private.bin
20 -rw- 5.8k Thu Jun 30 14:35:03 2016 text.bak
21 -rwx 384B Wed Oct 12 17:17:05 2016 LIC-WLAN-AP-3200000003466646.lic
22 drwx 296B Thu Oct 13 13:45:02 2016 upgrade
23 drwx 160B Fri Nov 4 09:36:26 2016 tech_vsd0
24 drwx 448B Thu Sep 29 11:24:06 2016 rg_licns
25 drwx 312B Mon Oct 10 19:57:36 2016 syslog
26 -rw- 147B Tue Oct 11 12:39:39 2016 ap-virtual_switch.text
27 -rw- 723B Fri Nov 4 16:48:46 2016 ap-config.text
28 -rwx 187.1k Fri Nov 4 18:27:03 2016 log-13-may-5.txt
29 -rwx 77.8M Mon Oct 31 20:23:11 2016 AC_RGOS11.1(5)B9_G2C6-01_03201812_install.bin.up.tmp
30 -rwx 887B Mon Mar 21 17:32:30 2016 httpd_key.pem
31 -rw- 8.9k Tue Oct 11 09:14:18 2016 standalone.text
21 files, 10 directories
281,903,104 bytes data total (155,267,072 bytes free)
536,870,912 bytes flash total (155,267,072 bytes free)
"config.text" is configuration file, execute commands "copy flash:config.text flash:config.bak" to backup configuration file
"ap-config.text" is ap configuration file, execute commands "copy flash:ap-config.text flash:ap-config.bak" to backup ap configuration file
Ruijie#
Ruijie#copy flash:config.text flash:config.bak
Ruijie#copy flash:ap-config.text flash:ap-config.bak
III. Verification
To view backup file, execute command "dir" to display filesystem. The file size should match.
WS6008#dir
Directory of flash:/
Number Properties Size Time Name
------ ---------- ------ ------------------------ --------------------
1 drwx 160B Mon Oct 10 19:27:37 2016 dev
2 drwx 160B Mon Mar 21 17:32:15 2016 rep
3 drwx 224B Mon Mar 21 17:32:16 2016 var
4 drwx 160B Mon Oct 10 19:27:40 2016 addr
5 -r-- 4.1k Wed Nov 2 16:27:00 2016 tmp_env.txt
6 -rwx 5.0k Mon Mar 21 17:32:36 2016 hwd.db
7 -rw- 2.9k Tue Oct 11 12:39:39 2016 virtual_switch.text
8 drwx 304B Mon Mar 21 17:32:42 2016 security
9 -rwx 180B Fri Nov 4 16:48:45 2016 config_vac.dat
10 -rw- 14.8k Fri Nov 4 16:48:46 2016 config.text
11 -rwx 384B Thu Sep 29 10:21:54 2016 LIC-WLAN-AP-3200000003956646.lic
12 -rwx 18B Mon Sep 26 17:35:26 2016 test.txt
13 -rw- 718B Tue Oct 11 09:14:18 2016 ap-standalone.text
14 -rwx 696B Mon Mar 21 17:32:30 2016 httpd_cert.crt
15 -rwx 21B Fri Nov 4 16:48:45 2016 syslog_rfc5424_flag.txt
16 drwx 424B Tue Mar 29 16:50:43 2016 portal
17 -rwx 44.4M Mon Oct 31 18:20:17 2016 AM_RGOS11.1(5)B9_G1B5-01_03211300_install.bin
18 -rwx 620B Tue Oct 11 12:39:27 2016 rsa_private.bin
19 -rwx 336B Sun Oct 30 15:32:36 2016 dsa_private.bin
20 -rw- 14.8k Fri Nov 4 19:08:10 2016 config.bak
21 -rw- 5.8k Thu Jun 30 14:35:03 2016 text.bak
22 -rwx 384B Wed Oct 12 17:17:05 2016 LIC-WLAN-AP-3200000003466646.lic
23 drwx 296B Thu Oct 13 13:45:02 2016 upgrade
24 drwx 160B Fri Nov 4 09:36:26 2016 tech_vsd0
25 drwx 448B Thu Sep 29 11:24:06 2016 rg_licns
26 -rw- 723B Fri Nov 4 19:08:21 2016 ap-config.bak
27 drwx 312B Mon Oct 10 19:57:36 2016 syslog
28 -rw- 147B Tue Oct 11 12:39:39 2016 ap-virtual_switch.text
29 -rw- 723B Fri Nov 4 16:48:46 2016 ap-config.text
30 -rwx 187.1k Fri Nov 4 18:27:03 2016 log-13-may-5.txt
31 -rwx 77.8M Mon Oct 31 20:23:11 2016 AC_RGOS11.1(5)B9_G2C6-01_03201812_install.bin.up.tmp
32 -rwx 887B Mon Mar 21 17:32:30 2016 httpd_key.pem
33 -rw- 8.9k Tue Oct 11 09:14:18 2016 standalone.text
23 files, 10 directories
281,903,104 bytes data total (155,394,048 bytes free)
536,870,912 bytes flash total (155,394,048 bytes free)
Tips: To read text file in CLI, exeute command "more config.bak"
WS6008#more config.bak
version AC_RGOS 11.1(5)B9, Release(03201812)
hostname WS6008
!
wlan-config 1 cmcp
ssid-code utf-8
!
wlan-config 2 Eweb_BA832
ssid-code utf-8
band-select enable
schedule session 2
!
wlan-config 3 Eweb_BA833
ssid-code utf-8
!
wlan-config 4 oversea123
ssid-code utf-8
!
wlan-config 5 Eweb_BA835
ssid-code utf-8
!
wlan-config 13 test-for-sec
!
wlan-config 55 AM5528
band-select enable
I. Network Topology
II. Requirements
1. Finish reading System Management
1. Login device CLI via Console, telnet or SSH.
1. Run TFTP software in the PCs
1. TFTP Server is able to communicate with device
III. Configuration Steps
To copy files in flash to TFTP Server, execute commands "copy flash:config.text tftp:"
Ruijie#copy flash:config.text tftp://192.168.1.100/config.text
IV. Verification
The backup configuration file will be copied to TFTP Server.
Problem: Wireless license import failed.
Solution:
1. Confirm whether the SN is correct via the official website.
After login successfully, input authorization code, and then click “search” to check whether the relative device SN is consistent with the practical SN.
1. If the root case is the incorrect SN, unbind the License first
Step1:
Visit official website (http://www.ruijienetworks.com/service/License.aspx ), unbind License files.
Click "Service" ->”Support” ->"Product Licensing" ->choose "WLAN" for wireless license unbinding. Choose “Unbind License”-> choose “Wireless”-> click “Unbind License”, then click ”Complete” after filling in product info.
Note: Before unbinding the license files, you should register first if you do not have an account for login.
Then in the pop-up dialog box, click “finish” to submit an application.
Step2: After completing the application, submitted it to TAC for application via e-mail account: service_rj@ruijienetworks.com. And then waiting for approval.
Click "Service" ->”Support” ->"Product Licensing" ->choose "WLAN" for wireless license unbinding. Choose “Unbind License”-> choose “Wireless”-> Check the approval status, if approved, customer can apply for a new license with the original S/N.
Warm prompt:
After unbind the license successfully, if you have the requirement of Wireless License Registration, please follow the following steps to apply for new license.
Step1: Obtain the license register number.
Open the attachment in the Authorization Letter to obtain the Authentication Code..
Or obtain the authentication code from the CD. There is a pdf file in the CD which is shown as follow:
Step2: Visit the official website, bind License files.
Click "Service" ->”Support” ->"Product Licensing" ->choose "WLAN" for wireless license binding, after filling in the information, click “Complete”, it will jump to the download page of. lic file.
Step3: Install the authorization document
Note: If the license obtained by user is a. lic file, install the license with the following way
i) Upload the local license file to the wlc.
Configuration Example:
Ruijie#copy tftp://192.168.64.2/LIC-WLAN-AP-800000015692434.lic flash:/LIC-WLAN-AP- 800000015692434.lic
Press Ctrl+C to quit
!
Copy success.
ii) Install license file
Configuration Example:
Ruijie# license install flash:LIC-WLAN-AP-800000015692434.lic
Are you sure to install this license[y/n]:y
Success to install license file, service name: LIC-WLAN-AP-8.
Step3: Install the authorization document
Note: If the license obtained by user is a license key, install the license with the following way
i) The following shows the similar format of the license obtained by the user
XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
Record the generated license key, connect to the wlan-ac device, and use the set license license command. If it prompts it is correct, the register application is successful. If it prompts the error, contact the Ruijie Customer Service center for the related consultation.
ii) Configure the License Basic Features
Configuration Example:
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# set license AAAA-BBBB-CCCC-DDDD-EEEE-FFFF-GGGG-HHHH
Verification
Showing the License Configuration, you could find you have add new license successfully.
Ruijie# show license
Interaction between the AC and the RADIUS server is generally based on the RADIUS protocol and SNMP. The ports to be opened are:
RADIUS port: Based on UDP. The default authentication port is 1812 and the default accounting port is 1813, which are both on the RADIUS server.
SNMP port: Based on UDP. The port is 161, which is on the AC.
Check the user's MAC address:
WS#show ac-con client by-ap-name
Total Sta Num : 4
Cnt STA MACAP NAMEWlan Id Radio Id Vlan Id Valid
------ --------------- -------------------- --------- --------- --------- ---------
1.6a99.6c5aBF2_AP_031122091
2701a.04a9.a1b2BF2_AP_062123091
3 0026.c690.0a06 BF7_AP_011122091
4001f.3b3b.b435BF7_AP_011122091
Kick the user offline:
WS(config)#ac-controller
WS(config-ac)#client-kick H.H.H----->H.H.H is the user's MAC address.
Because the client will be automatically reconnected, when the show ac-con client by-ap-name command is run after the user is forced offline, the offline STA is still displayed.
It’s saved in the ap-config.text file in AC flash.
A VLAN-Group contains multiple VLANs. By associating with a VLAN-Group, a WLAN can map to multiple VLANs and VLANs can be flexibly allocated to STAs connected to the WLAN. The VLANs are allocated mainly in the following two modes:
After the STA passes the 802.1x authentication, the authentication server assigns a VLAN for the STA. The STA must be deployed in the 802.1x authentication mode and the authentication mode must be supported by the authentication server.
The server assigns the VLAN for the STA according to the idle status of the address pool.
Enable ip dhcp snooping and run the following command on AC:
ruijie#sh terminal-identify user
User entry list: 3
mac-address aging-time terminal-type
-----------------------------------------
68df.ddc7.de5a --:-- XIAOMI Phone Android 4.2
3859.f98b.658b --:-- PC Windows 7
a844.8130.c304 --:-- Nokia Phone Windows 8
Note: Due to terminal restrictions, the terminal may not be identified completely correct. When the terminal is connected to the wireless network, a DHCP packet is sent. The device reads the option 60 field in the packet. The field carries the terminal type information. However, not the DHCP packet of all the terminals carries the field, and thus the read success rate is not 100%.
The AP configuration under ap-config name takes effect first. If the AP under ap-config name is not configured, the ap-config all configuration takes effect.
Supplement the configuration AC(config)#ip name-server 8.8.8.8, which is used to set the DNS domain name for the device. You can modify the configuration based on the actual environment. Ensure that the AC normally communicates with the extranet.
Perform the following operation:
Ruijie(config)#no ap-config ap-name1
Ruijie(config)#no ap-config all ----Delete the ap-config of all the offline APs.
Only configurations of offline APs can be deleted.
Refer to the following configuration:
Ruijie(config)#ap-config 001a.a9bf.ffdc
Ruijie(config-ap)#location meeting room
Ruijie(config)#ac-controller
Ruijie(config-ac)#capwap ctrl-ip 2.2.2.2
Go to the WLAN configuration mode:
Ruijie(config)#wlan-config 1 ( “1” is the wlan sequence)
Ruijie(config-wlan)#ssid yy (yy is the new SSID)
Refer to the command: (when this parameter is modified, a tunnel is re-created.)
(1) Log on to the AP through the Console or Telnet port, and enter the global mode (the password is apdebug) to configure the static AP IP address, default route, and AC IP address:
Ruijie(config)#acip ipv4 1.1.1.1 // Configure the IP address for the AC.
Ruijie(config)#apip ipv4 172.16.1.34 255.255.255.0 172.16.1.109
(2) After the tunnel between the AP and the AC is created, log on to the AC to configure a static IP address for the AP:
Ruijie(config)#ap-config 220e
Ruijie(config-ap)#acip ipv4 1.1.1.1 ---->Configure the IP address of the AC.
Ruijie(config-ap)#ip address 172.16.1.34 255.255.255.0 172.16.1.109 ---->Configure the IP address, mask, and gateway for the AP. After configuration, the capwap tunnel will be re-created.
The configurations retain even the AP is restarted.
In fat mode, directly go to this radio and shut it down.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-dot11radio 1/0)#shutdown
In fit mode:
Ruijie(config)#ap-config ap-name ---->Go to the AP configuration mode
Ruijie(config-ap)#no enable-radio 1 ---->Disable the radio 1.
Ruijie(config)#advanced 802.11a channel global off
Ruijie(config)#advanced 802.11b channel global off
You can cancel AAA authentication for AC logon by modifying the configurations.
Ruijie(config)#aaa new-model
Ruijie(config)#aaa authentication login no-login none ---->Create an AAA logon authentication list named "no-login" and set the configuration to none (no authentication).
Ruijie(config)#line con 0
Ruijie(config-line)#login authentication no-login ---->Apply the no-login to the console line, which indicates that the AAA authentication is not used.
Ruijie(config-line)#line vty 0 35
Ruijie(config-line)#login authentication no-login ---->No password is needed for logon through the Telnet port.
1. On AP:
Ruijie(config)#interface gigabitEthernet0/1
Ruijie(config-if-GigabitEthernet 0/1)# media-type baset ---->Enable the electrical interface.
Ruijie(config-if-GigabitEthernet 0/1)#media-type basex ---->Enable the optical interface.
1. On AC:
Ruijie(config)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#medium-type copper
Ruijie(config-if-GigabitEthernet 0/1)#medium-type fiber
Ruijie(config-if-GigabitEthernet 0/1)#end
Ruijie#write
Ruijie(config)# ap-config AP0001 //Enter the specified AP configuration mode.
Ruijie(config-ap)# timestamp /Configure AP0001 to synchronize the time of the local AC to the AP.
To prevent that the network connection is affected by too large load caused by long-time running of the AP, the daily timed restart can be set for the AP to ensure the network connection quality.
Configure Ruijie-AP1 to restart the AP at 1:00:00 each day on AC:
Ruijie(config)#ap-config Ruijie-AP1
Ruijie(config-ap)#reload at 1:00:00
(1) Define a schedule session.
AC(config)#schedule session 1
AC(config)#schedule session 1 time-range 1 period Sun to Sat time 00:00 to 23:59
(2) Apply the schedule session on the AP
AC(config)#ap-config ap-name
AC(config-ap)#quiet-mode session 1
ruijie#sh ac-config
AC Configuration info:
max_wtp:32
sta_limit:1024
license wtp max:32
license sta max:1024
serial auth :Disable
password auth :Disable
certificate auth :Disable
Bind AP MAC :Disable
AP Priority :Disable
supp_psk_cer :Disable
ac_name:end
ac location :Ruijie_COM
WS6108#sh ac-config
AC State info:
sta_num :0
act_wtp :6
localIpAddr :1.1.1.1
localIpAddr6 :::
used wtp :6.0(6 normal 0 half 0 zero)
remain wtp :42 normal 84 half 634 zero
HW Ver :1.01
SW Ver :AC_RGOS 11.1(5)B7, Release(02231014)
Mac address :5869.6c20.726a
Product ID :WS6108
NET ID :9876543210012345
NAS ID :5869.6c20.726a
For VAC:
WS6108#show member
System description : WS6108
System Mac Address : 58:69:6C:20:72:6A
The administrator forgets the management address of WALL-AP but does not want to modify the device configurations or the factory settings of the device cannot be restored. This method is also applicable for devices with a Console port but cannot be logged onto through the Console port.
1. Configuration Tips
1. Execute the packet capture software on a PC to capture packets from the interface of the wired network.
1. Connect the WALL-AP cable to the PC and power on the AP.
1. Configuration Steps
1. Execute the packet capture software (using Wireshark for an example) to capture packets from the wired interface.
(1) Select the interface.
(2) Select the wired interface of the AP and click Start to capture the packets.
(3) Connect the wired interface of the PC to the AP Ethernet port that is not powered on.
(4) Power on the AP to view packets output by the packet capture software on the PC. Pay attention to the ARP packets.
Because the PC is directly connected to the AP, all the ARP packets except those sent by the PC are ARP packets sent by the AP.
(5) After getting the AP IP address from the ARP packets, try to log on to the AP through the Telnet port.
(6) The AP may not send the ARP resolution packets. In this case, you can use the LLDP packets to obtain the AP management address. The Management Address in the LLDP packets is the management address of the AP.
(7) If you still cannot log on to the AP, restore the factory settings of WALL-AP, which results in loss of all configurations. You can try to log on to APs with the Console port from a serial port.
It is found that during actual packet capture, the AP often does not send the ARP resolution packets. In this case, you can use the LLDP packets to obtain the AP management address.
1. The following is a packet capture screenshot:
1. Click to open the LLDP packet. The part in the red frame below is the management address of the AP:
1. Symptom
According to the AP320-I users, in case of logon through the Console port, there is information prompted, but no response is returned after Enter is pressed. Besides, no command can be entered.
1. Network Environment
The AP is new and just installed. It is logged onto through CRT.
1. Troubleshooting Steps
(1) Check whether the CRT or the HyperTerminal is used. If CRT is used, uncheck CTS/RTS.
(2) If an additional cable is used, confirm whether the driver is installed correctly.
(3) Change the baud rate. The baud rate for the version 1T8 is 115200 bps.
(4) Change the console cable and the PC.
1. Solution
Uncheck CTS/RTS.
1. Summary and Precautions
Summary: Other faults caused by the CRT traffic control function.
(1) You cannot use CRT to log on to the console.
(2) After CRT-based logon, the operation window is blank, the system outputs no information but the cursor flashes. The system has no response after you press Enter.
(3) After CRT-based logon, the operation window is blank, the system outputs no information but the cursor flashes. After you press Enter, the cursor moves but the system still outputs no information.
(4) After CRT-based logon, the system outputs information, but has no response after your press Enter and does not allow you to perform any operation.
(5) After HyperTerminal-based logon, the Data Traffic Control in COM attribute settings must be set to None.
A WALL-AP occupies only 0.5 license. "<=4000" means up to4,000 WALL-APs are supported.
Run the show ac-c command in AC to display license occupation information. The meaning of four, normal, half, and zero is described below.
four: The AP occupies four licenses. Currently, only APs of the model AM5528 and AM5528(ES) occupy four licenses each. APs of the model AM5514 only occupy two licenses each.
normal: An ordinary AP occupies only one license, including AP220-E, AP320-I, and AP520.
half: A WALL-AP occupies only 0.5 license.
zero: The AP occupies no license. The AP is AP(MAP552(SR)) and APD-M.
AC#show ap-config product
Product ID Hardware Version Count Used Wtp
-------------------- ---------------- -------- --------
AM5528 1.00 245 980.0
AP520 1.00 906 906.0
AP630(IDA) 1.50 33 33.0
AP630(IODA) 1.00 83 83.0
(1) Upgrade the device version to RGOS 11.1(5)B9 or a later version.
For authentication code:
Run the AC(config)#no set license activation-key command to unbind the authorized code. (The activation-key is a 32-bit activation code.)
For authentication file:
Run the AC#license unbind authorized file name command to unbind the authorized file to get the verification code.
You can run the show license unbind-code or show apmg debug unbind command to display the verification code.
Note: after activation code of the unbound license is deleted, the license cannot be installed on the device again.
(2) Submit the device serial number, the license activation code, and verification code on Ruijie authentication system(http://pa.ruijie.com.cn:8001/main_wireless.jsf) to unbind the license on the authorization system. Contact Ruijie TAC to approve the unbinding.
(3) To bind the license again, submit the serial number of the new device and authorization code to register the license. A new activation code is obtained.
(4) Install the new activation code to the new AC.
For More details, please refer to WLAN License Activation Guide:
You can apply for a temporary license for an AC three times. The application is automatically reviewed and approved. Only one temporary license of the same specifications can be imported into an AC. The second license overwrites the first. Multiple temporary licenses of different specifications can coexist in one AC. For example, when two temporary licenses can manage 32 APs are applied for the same AC, only one license can be imported to the AC. When a license can manage 32 APs and a license can management 128 APs are applied for the same AC, both licenses can be imported to the AC.
(1) When VAC deployment is not finished yet, the procedure is same to that of normal AC
(2) When VAC deployment is finished, the procedure is basically the same. Bind the corresponding license authorization code to the device according to its serial number.
For authentication code, use set license command to bind the authentication code on main AC.
For authentication files, all the authorization files must be imported to the main AC and operated by running the following commands.
AC#license auto-install flash: LIC-WLAN-AP-51200000001765223.lic
The authorization files can be automatically uploaded.
If the authorization file is operated on the standby AC, the message "% Can’t execute this command in redundancy slave" is prompted.
(3) AC#license install means that the authorization file is only installed in this host.
No. The AP will not go offline unless it goes offline actively or the AC is restarted. As long as the current AP does not actively go offline and the AC is not restarted, the AP will always be online.
No. APs will not be kicked offline due to deletion of temporary or formal authorization. The system judges whether the licenses are sufficient only when the AP is getting online. APs that go offline after authorization expire cannot go online again.
Summarize
With the development of wireless LAN, WLAN technology has been widely used in various fields such as family, enterprise and public places etc. The transmission of wireless frame between access point and wireless terminations in the form of electromagnetic wave instead of wired medium, which makes the wireless terminals movable freely. WLAN technology is the integration of Ethernet and wireless technology and makes wireless terminals easy to access to the wireless local area network. Access point is the middle-transfer-device between wireless terminals and Access Controller in WLAN. When there are plenty of access points in WLAN, how to manage these Aps is key problem in operation.
FAT AP Architecture
In the traditional network architecture, the WTPs completely implement and terminate the 802.11 function so that frames on the wired LAN are 802.3 frames. Each WTP can be independently managed as a separate network entity on the network. The access point in such a network is often called a “Fat AP”.
FIT AP Architecture
The thin AP architecture is a hierarchical architecture that involves a WLAN controller that is responsible for configuration, control, and management of several WTPs. The WLAN controller is also known as the Access Controller (AC). The 802.11 function is split between the WTP and the AC. Because the WTPs in this model have a reduced function as compared to the fat AP architecture, they are called “Fit APs.”
Fit AP Architecture Advantages
Centralized management
Automatic software upgrade
High security and low interference
Since the distinct advantages of fit AP architecture, it’s generally adopted especially in large networks with many APs. The CAPWAP framework is used to define the interface and protocol between an AC and its controlled APs.
Currently, each manufacturer adopts their own private tunnel protocols to exchange messages between AC and AP and this leads to the problem that the AC and AP from different manufacturers cannot communicate with each other.
To solve this problem, IETFCAPWAP working group is set up in 2005 to standardize the tunnel protocols between AC and AP (RFC5415).
2 Terms Explanation
CAPWAP Control and Provisioning of Wireless Access Points
Local MAC Local Medium Access Control
Split MAC Split Medium Access Control
DTLS Datagram Transport Layer Security
WTP Wireless Terminal Point
AC Access Control
AP Access Point
3 CAPWAP Overview
CAPWAP (Control and Provisioning of Wireless Access Points) is a generic protocol that enables a controller to manage a collection of Wireless Terminal Point (WTP). The CAPWAP protocol is described in RFC 5415 which does not include specific wireless technologies; instead, it relies on a binding specification to extend the technology to a particular wireless technology. The binding specifications for the IEEE 802.11 wireless protocol are defined in RFC5416.
CAPWAP is an application layer protocol over UDP. It uses the Datagram Transport Layer Security (DTLS) encryption mechanism which is standard IETF protocol based on TLS.
CAPWAP Main Functions
To centralize the authentication and policy enforcement functions for a wireless network. The AC may also provide centralized bridging, forwarding and encryption of user traffic.
To enable shifting of the higher-level protocol processing from the WTP. This leaves the time-critical applications of wireless control and access in the WTPs, which are subject to severe cost pressure.
To provide an extensible protocol that is not bound to a specific wireless technology.
The CAPWAP tunnel is divided into:
Control tunnel: to transport the CAPWAP control messages
Data tunnel: to transport the CAPWAP data messages
See the figure below for CAPWAP tunnel:
2.1 Local MAC and Split MAC
In the split MAC mode, all the layer 2 wireless data and management frames will be encapsulated by CAPWAP protocol and exchanged between AC and WTP.
As shown in figure 1, the wireless frames received from the station will be directly encapsulated and forwarded to AC.
In the local MAC mode, the data frames can be forwarded through local bridge or 802.3 frames as shown in figure 2. In this mode, layer 2 management frames is encapsulated to802.3 frames on WTP and then forwarded to AC.
The functionassignment of Local MAC and Split MAC in CAPWAP protocol is listed in the table below:
2.2 CAPWAP Working Process
Once one WTP is connected to the network, it will enter the state of AC discovery. WTP sends “discovery request” by means of broadcast, multicast or unicast. When unicast is used, WTP needs to obtain the IP address table of AC through DHCP or DNS. The ACs that receive “discovery request” will send “discovery response” to WTP.WTP will then select one among all responding ACs to establish DTLS connection. After DTLS is established successfully, WTP will send “john request” and AC will reply “john response” to confirm. If the firmware’s version on the WTP is overdue, the firmware update process is started and the WTP will download the latest firmware from AC. After firmware updating successfully, the WTP will restart and enter the discovery process again. If the firmware is the latest, the WTP will download the configuration parameters from AC and then enter the “run” process.
The whole process is illustrated in the figure below:
2.3 CAPWAP Session Establishment Process
The ladder diagram below illustrates the CAPWAP session establishment and message exchanges process between a WTP and AC.
2. WTP sends “discovery request” by means of broadcast, multicast or unicast to discover the available ACs in the network.
2. After receiving the “discovery request” from WTP, AC responds a “Discovery Response” message to WTP to tell the supported service.
2. When the DTLS connection is established, WTP sends the “Join Request” to the AC to request service.
2. AC responds “Join Response” message to inform the WTP that AC can provide service to it.
2. WTP sends “Image data request” message to AC.
2. AC responds “Image data response” message to WTP and WTP can download firmware from AC.
2. WTP sends the current configuration information in “Configuration Status Request” message to AC.
2. AC provides the configuration parameters by responding “Configuration Status Response” message to WTP and WTP request configuration is covered.
2. WTP informs AC that WTP radio state is changed by sending “Change State Event Request” message to AC.
2. AC responds “Change State Event Response” message to WTP.
2. WTP sends “Echo Request” to keep the connection alive when other messages are not exchanged.
2. AC responds “Echo Response” to WTP.
2.4 FIT AP Network Topology
In this topology, SKG1000 (AC) is responsible to manage a number of ACs and the communication between AC and AP is realized through CAPWAP tunnels.
As a powerful and high performance AC developed by SKSpurce, SKG1000 can support up to 20000APs and 220K users.
Scenario
With fit APs, a network consists of a wired switch, access controllers (ACs) and fit APs. APs are simple wireless access points without management and control functions. The AC manages all APs and sends control policies, which are not configured on each AP, to specified APs, as shown in the following figure. The AC is connected with multiple APs via the wired network, and users only need to configure and manage associated APs with the AC.
I. Requirements
a. AC distribute the configuration to all APs, and manage all Aps
b. All APs emit radio signals and connect STA
II. Network Topology
III. Configuration Tips
1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"
2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step:
Ruijie>enable ------>enter the previlege mode
Ruijie#configure terminal ------>enter the config mode
Ruijie(config)#ap-mode fit ------>modify to fit-mode
Ruijie(config)#end ------>exit the config mode
Ruijie#write ------>save the config
IV. Configuration Steps
1) Configure AC
Step1: config Vlan, include user vlan and interconnect vlan,
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 20 ------>user vlan
Ruijie(config-vlan)#name sta
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 30 ------>user vlan
Ruijie(config-vlan)#name sta
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 40 ------>interconnect vlan for ac and sw1
Ruijie(config-vlan)#exit
Ruijie(config)#interface vlan 20 ------>user interface vlan(must config)
Ruijie(config-int-vlan)#ip add 192.168.20.2 255.255.255.0 ----->(optional config), in this case, user gateway is configured on sw1, so ip address for this
interface can be configured or not.
Ruijie(config)#interface vlan 30 ------>user interface vlan(must config)
Ruijie(config-int-vlan)#ip add 192.168.30.2 255.255.255.0 ----->(optional config), in this case, user gateway is configured on sw1, so ip address for this
interface can be configured or not.
Ruijie(config-int-vlan)#exit
Step2:Config ssid (multi ssid)
Ruijie(config)#wlan-config 1 Ruijie1
Ruijie(config-wlan)#enable-broad-ssid ------->enable broadcast ssid
Ruijie(config-wlan)#exit
Ruijie(config)#wlan-config 2 Ruijie2
Ruijie(config-wlan)#enable-broad-ssid ------->enable broadcast ssid
Ruijie(config-wlan)#exit
Step3:Config ag-group
Ruijie(config)#ap-group default
Ruijie(config-ap-group)#interface-mapping 1 20 ------->associate wlan-config 1 with user vlan 30
Ruijie(config-ap-group)#interface-mapping 2 30 ------->associate wlan-config 2 with user vlan 30
Ruijie(config-ap-group)#exit
Note:If config ag-goup default, then all AP will asscociate to " ap-group default" group
Step4:Config svi and routing
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.40.1 ------->default routing to sw1
Ruijie(config)#interface vlan 40 ------->interconnect vlan with sw1
Ruijie(config-int-vlan)#ip address 192.168.40.2 255.255.255.0
Ruijie(config-int-vlan)#exit
Ruijie(config)#interface loopback 0
Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.0 ------->AC initialize CAPWAP tunnel setup from loopback 0 interface
Ruijie(config-int-loopback)#exit
Ruijie(config)#interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk ------->connect to sw1, trunk port, allow user vlan、AP vlan、AC-to-SW1 vlan
Step5:Save config
Ruijie(config-int-GigabitEthernet 0/1)#end
Ruijie#write
2) Configure core switch(SW1)
Step1:Vlan config, config user vlan, ap vlan and interconnect vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 10 ------>ap vlan
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 20 ------>user vlan
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 30 ------>user vlan
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 40 ------>interconnect vlan with AC
Ruijie(config-vlan)#exit
Step2:Config interface and svi
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk ------->uplink port, connect to AC, trunk port,allow user vlan、AP vlan、AC-to-SW1 vlan
Ruijie(config-int-GigabitEthernet 0/1)#exit
Ruijie(config)#interface GigabitEthernet 0/2
Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk ------->downlink port, connect to SW2,trunk port,allow user vlan、AP vlan
Ruijie(config-int-GigabitEthernet 0/2)#exit
Ruijie(config)#interface vlan 10 ------>ap gateway
Ruijie(config-int-vlan)#ip address 192.168.10.1 255.255.255.0
Ruijie(config-int-vlan)#interface vlan 20 ------->sta gateway
Ruijie(config-int-vlan)#ip address 192.168.20.1 255.255.255.0
Ruijie(config-int-vlan)#interface vlan 30 ------->sta gateway
Ruijie(config-int-vlan)#ip address 192.168.30.1 255.255.255.0
Ruijie(config-int-vlan)#interface vlan 40 ------->interconnect with ac
Ruijie(config-int-vlan)#ip address 192.168.40.1 255.255.255.0
Ruijie(config-int-vlan)#exit
Step3:Conifg ip dhcp server
Ruijie(config)#service dhcp
Ruijie(config)#ip dhcp pool ap_ruijie ------->create dhcp pool for ap,pool name is ap_ruijie
Ruijie(config-dhcp)#option 138 ip 1.1.1.1 ------->config option 138, assign ac loopaback 0 ip address
Ruijie(config-dhcp)#network 192.168.10.0 255.255.255.0 ------->assign these address to ap
Ruijie(config-dhcp)#default-route 192.168.10.1 ------->assign the gateway to ap
Ruijie(config-dhcp)#exit
Ruijie(config)#ip dhcp pool user_ruijie1 ------->create dhcp pool for sta,pool name is user_ruijie
Ruijie(config-dhcp)#network 192.168.20.0 255.255.255.0 ------->assign these address to sta
Ruijie(config-dhcp)#default-route 192.168.20.1 ------->assign the gateway to sta
Ruijie(config-dhcp)#dns-server 8.8.8.8 ------->assign the dns to sta
Ruijie(config-dhcp)#exit
Ruijie(config)#ip dhcp pool user_ruijie2 ------->create dhcp pool for sta,pool name is user_ruijie
Ruijie(config-dhcp)#network 192.168.30.0 255.255.255.0 ------->assign these address to sta
Ruijie(config-dhcp)#default-route 192.168.30.1 ------->assign the gateway to sta
Ruijie(config-dhcp)#dns-server 8.8.8.8 ------->assign the dns to sta
Ruijie(config-dhcp)#exit
//Note: when there is no dhcp pool for AP, You could also excute command to assign acip and apip for ap. configuration example is as follow:
Ruijie(config)#acip ipv4 x.x.x.x
Ruijie(config)#apip ipv4 x.x.x.x
Step4:Config static routing
Ruijie(config)#ip route 1.1.1.1 255.255.255.255 192.168.40.2 ------->config static route, route to AC loopback0
Step5:Save configuration
Ruijie(config)#exit
Ruijie#write
3) Configure access switch (SW2)
Step1:Config vlan, create ap vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 10
Ruijie(config-vlan)#exit
Step2:Config interface
Ruijie(config)#interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport access vlan 10 ------->connect to AC, access port, allow ap vlan
Ruijie(config-int-GigabitEthernet 0/1)#exit
Ruijie(config)#interface GigabitEthernet 0/2
Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk ------->connect to SW1, trunk port
Step3:Save configuration
Ruijie(config-int-GigabitEthernet 0/2)#end
Ruijie#write
V. Verification
1) STA connect to the ssid
2) Check ap config on AC
Ruijie#show ap-config summary
========= show ap status =========
Radio: E = enabled, D = disabled, N = Not exist
Current Sta number
Channel: * = Global
Power Level = Percent
Online AP number: 1
Offline AP number: 0
AP Name IP Address Mac Address Radio 1 Radio 2 Up/Off time State
---------------------------------------- --------------- -------------- ------------------- ------------------- ------------- -----
1414.4b13.c248 192.168.10.2 1414.4b13.c248 E 1 6* 100 E 0 153* 100 0:09:04:28 Run
3) Check sta information on AC
Ruijie#show ac-config client by-ap-name
========= show sta status =========
AP : ap name/radio id
Status: Speed/Power Save/Work Mode, E = enable power save, D = disable power save
Total Sta Num: 1
STA MAC IPV4 Address AP Wlan Vlan Status Asso Auth Net Auth Up time
-------------- --------------- ---------------------------------------- ---- ---- -------------- --------- --------- -------------
2.27b0.169f 192.168.20.2 1414.4b13.c248/1 1 20 58.0M/D/bn WPA2_PSK 0:00:11:21
8ca9.829a.b1ea 192.168.30.2 1414.4b13.c248/1 2 30 58.0M/D/bn WPA2_PSK 0:03:22:31
What if it don’t work?
Use the following steps while aps cannot go online:
1) Confirm whether the versions of AC and AP are consistent, if not, recommend to upgrade first, the latest firmware could be download from our official website: http://www.ruijienetworks.com/service/download.aspx
2) Confirm whether the AP obtain ip address and ACIP successfully or not with command below:
AP# Show ip int br
AP#show capwap client sta
3) Confirm the connectivity between AP and ACIP, if disconnected, check the ip routes on AP:
AP# show ip route
If there is not ip route pointing to ACIP, add an ip route,examples are as follows
AP(config)# ip route 1.1.1.1 255.255.255.0 192.168.1.2
4) Confirm whether the license is not enough.
Examples are as follows:
WS5302#sh ac-config
AC Configuration info:
max_wtp :32 // configure wtp limit on ac-con mode to limit the AP number.
sta_limit :1024
license wtp max :32 //ap numbers can be supported on ac.
license sta max :1024
serial auth :Disable
password auth :Disable
certificate auth:Disable
supp_psk_cer :Disable
r_mac :Enable
da_dtls :Disable
ac_name :Ac_001aa917151c
udp_lite :UDP
ECN_Sup :Disable
mtu :1500
ap_sw_ver :
ac location :Ac_COM
ac_ipv4_num :0
ac_namewp_num :0
AC State info:
sta_num :0
act_wtp :1
WS5302#show license //check the license
Serial Number : 9071FH4280024
No. Activation Key AP Number
-------------------------------------------------------
-------------------------------------------------------
Total 32 access points are supported.
WS5302#show ap-config summary
========= show ap status =========
Radio: E = enabled, D = disabled, N = Not exist
Current Sta number
Channel: * = Global
Power Level = Percent
Online AP number: 1 //online AP number
Offline AP number: 0
AP Name IP Address Mac Address Radio 1 Radio 2 Up/Off time State
---------------------------------------- --------------- -------------- ------------------- ------------------- ------------- -----
001a.a94e.d529 192.168.100.3 001a.a94e.d529 E 0 11* 100 E 0 157* 100 0:03:09:17 Run
5) If the AP still could not go online successfully after checking the infomation above, collect the info with the following command list and submit a case to our case portal http://case.ruijienetworks.com/login_page.php for further checking:
1) collect info on AC:
show version
show running
show ac-config
show license
show ap-config summary
show capwap sta
show cpu
show memory
show ip route
show ip interface brief
2)Collect info on AP:
show version
show ap-mode
show capwap sta
show ip route
show log
show ap-statistic aclist (confirm whether ap obtains option 138 address)
show capwap client state (11.x)
I. Requirements
1) AC connect to AP directly
2) This scene is usually used in the lab in usual.
II. Network Topology
III. Configuration Tips
1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"
2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step:
Ruijie>enable ------>enter the previlege mode
Ruijie#configure terminal ------>enter the config mode
Ruijie(config)#ap-mode fit ------>modify to fit-mode
Ruijie(config)#end ------>exit the config mode
Ruijie#write ------>save the config
IV. Configuration Steps
Step1: config vlan, create user vlan and ap vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 1
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 2
Ruijie(config-vlan)#exit
Step2: config AP, STA gateway and loopback 0
Ruijie(config)#interface vlan 1 ------>ap gateway
Ruijie(config-int-vlan)#ip address 172.16.1.1 255.255.255.0
Ruijie(config-int-vlan)#exit
Ruijie(config)#interface vlan 2 ------>sta gateway
Ruijie(config-int-vlan)#ip address 172.16.2.1 255.255.255.0
Ruijie(config-int-vlan)#exit
Ruijie(config)#interface loopback 0
Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.0
Ruijie(config-int-loopback)#exit
Step3: config SSID
config Wlan-config
Ruijie(config)#wlan-config 1 Ruijie-test ------->config ssid named Ruijie-test
Ruijie(config-wlan)#enable-broad-ssid ------->enable brocast ssid
Ruijie(config-wlan)#exit
config ap-group
Ruijie(config)#ap-group default
Ruijie(config-ap-group)#interface-mapping 1 2 ------->associate with wlan-config 1 and vlan2
Ruijie(config-ap-group)#exit
Step4: config AC interface
Ruijie(config-int-loopback)#interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport access vlan 1 ------->connect to ap, allow ap vlan
Step5: config ip dhcp server for AP
Ruijie(config)#service dhcp
Ruijie(config)#ip dhcp pool ap_ruijie ------->config dhcp pool, named ap_ruijie
Ruijie(config-dhcp)#option 138 ip 1.1.1.1
Ruijie(config-dhcp)#network 172.16.1.0 255.255.255.0 ------->assign the address to ap
Ruijie(config-dhcp)#default-route 172.16.1.1 ------->assign the gateway to ap
Ruijie(config-dhcp)#exit
Note: When there is no dhcp for AP, you could also excute command to assign acip and apip for ap. configuration example is as follow:
Ruijie(config)#acip ipv4 x.x.x.x
Ruijie(config)#apip ipv4 x.x.x.x
Step6: config ip dhcp server for STA
Ruijie(config)#ip dhcp pool user_ruijie ------->config dhcp pool, named user_ruijie
Ruijie(config-dhcp)#network 172.16.2.0 255.255.255.0 ------->assign the address to STA
Ruijie(config-dhcp)#default-route 172.16.2.1 ------->assign the gateway to STA
Ruijie(config-dhcp)#dns-server 8.8.8.8 ------->assign the dns to STA
Ruijie(config-dhcp)#exit
Step7: save configuration
Ruijie(config)#exit
Ruijie#write
V. Verification
1) STA connect to the ssid.
2) Check ap config on AC
Ruijie#show ap-config summary
========= show ap status =========
Radio: E = enabled, D = disabled, N = Not exist
Current Sta number
Channel: * = Global
Power Level = Percent
Online AP number: 1
Offline AP number: 0
AP Name IP Address Mac Address Radio 1 Radio 2 Up/Off time State
---------------------------------------- --------------- -------------- ------------------- ------------------- ------------- -----
1414.4b13.c248 172.16.1.2 1414.4b13.c248 E 1 6* 100 E 0 153* 100 0:06:03:00 Run
3) Check sta information on AC
Ruijie#show ac-config client by-ap-name
========= show sta status =========
AP : ap name/radio id
Status: Speed/Power Save/Work Mode, E = enable power save, D = disable power save
Total Sta Num: 1
STA MAC IPV4 Address AP Wlan Vlan Status Asso Auth Net Auth Up time
-------------- --------------- ---------------------------------------- ---- ---- -------------- --------- --------- -------------
2.27b0.169f 172.16.2.2 1414.4b13.c248/1 1 2 30 0.0M/D/bn WPA2_PSK 0:00:01:01
Note: Recommand upgrade the AP&AC to the latest and more stable version, to avoid the compatibility issues
I. Requirements
Assign the front ports of AP110-W & AP120-W to different vlan
II. Network Topology
III. Configuration Tips
1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"
2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step:
Ruijie>enable ------>enter the previlege mode
Ruijie#configure terminal ------>enter the config mode
Ruijie(config)#ap-mode fit ------>modify to fit-mode
Ruijie(config)#end ------>exit the config mode
Ruijie#write ------>save the config
Note: If the version of AP is earlier than B8, you should execute command “no bridge-l2-isolation” on global mode in case the PC can not access to the network
Ruijie(config)#no bridge-l2-isolation
IV. Configuration Steps
1) AC configuration
Step1: configuring Vlan, include user vlan and interconnect vlan,
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 20 ------>user vlan
Ruijie(config-vlan)#name sta
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 30 ------>interconnect vlan for ac and sw1
Ruijie(config-vlan)#exit
Ruijie(config)#interface vlan 20 ------>user interface vlan(must config)
Ruijie(config-int-vlan)#ip add 192.168.20.2 255.255.255.0 ----->(optional config), in this case, user gateway is configured on sw1, so ip address for this interface can be configured or not.
Ruijie(config-int-vlan)#exit
Step2:Configuring ssid
Ruijie(config)#wlan-config 1 Ruijie
Ruijie(config-wlan)#enable-broad-ssid ------->enable broadcast ssid
Ruijie(config-wlan)#exit
Step3:Configuring ag-group
Ruijie(config)#ap-group b8fd.3200.3aa3 ------->enter ap-group with ap's mac-address
Ruijie(config-ap-group)#interface-mapping 1 20 ------->associate wlan-config id with vlan
Ruijie(config)#ap-config ap120-w
Ruijie(config-ap)#ap-group b8fd.3200.3aa3
Ruijie(config-ap)#wired-vlan 100 port 1 ------>assign fa0/2 to vlan 100
Ruijie(config-ap)#exit
Note:If config ag-goup default, then all AP will asscociate to "ap-group default" group
Step4: Configuring svi and routing
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.30.1 ------->default routing to sw1
Ruijie(config)#interface vlan 30 ------->interconnect vlan with sw1
Ruijie(config-int-vlan)#ip address 192.168.30.2 255.255.255.0
Ruijie(config-int-vlan)#exit
Ruijie(config)#interface loopback 0
Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.0 ------->AC initialize CAPWAP tunnel setup from loopback 0 interface
Ruijie(config-int-loopback)#exit
Ruijie(config)#interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk ------->connect to sw1, trunk port, allow user vlan、AP vlan、AC-to-SW1 vlan
Step5:Save configurations
Ruijie(config-int-GigabitEthernet 0/1)#end
Ruijie#write
2) Config core switch (SW1)
Step1:Configuring user vlan,ap vlan and interconnect vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 10 ------>ap vlan
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 20 ------>user vlan
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 30 ------>interconnect vlan with AC
Ruijie(config-vlan)#exit
Step2:Configuring interfaces and svi
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk ------->uplink port, connect to AC, trunk port,allow user vlan、AP vlan、AC-to-SW1 vlan
Ruijie(config-int-GigabitEthernet 0/1)#exit
Ruijie(config)#interface GigabitEthernet 0/2
Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk ------->downlink port, connect to SW2,trunk port,allow user vlan、AP vlan
Ruijie(config-int-GigabitEthernet 0/2)#exit
Ruijie(config)#interface vlan 10 ------>ap gateway
Ruijie(config-int-vlan)#ip address 192.168.10.1 255.255.255.0
Ruijie(config-int-vlan)#interface vlan 20 ------->wireless user gateway
Ruijie(config-int-vlan)#ip address 192.168.20.1 255.255.255.0
Ruijie(config-int-vlan)#interface vlan 30 ------->interconnect with ac
Ruijie(config-int-vlan)#ip address 192.168.30.1 255.255.255.0
Ruijie(config-int-vlan)#interface vlan 100 ------->gateway for ap120-w front port fa0/2
Ruijie(config-int-vlan)#ip address 192.168.100.1 255.255.255.0
Ruijie(config-int-vlan)#exit
Step3:Conifguring ip dhcp server
Ruijie(config)#service dhcp
Ruijie(config)#ip dhcp pool ap_ruijie ------->create dhcp pool for ap,pool name is ap_ruijie
Ruijie(config-dhcp)#option 138 ip 1.1.1.1 ------->config option 138, assign ac loopaback 0 ip address
Ruijie(config-dhcp)#network 192.168.10.0 255.255.255.0 ------->assign these address to ap
Ruijie(config-dhcp)#default-route 192.168.10.1 ------->assign the gateway to ap
Ruijie(config-dhcp)#exit
Ruijie(config)#ip dhcp pool user_ruijie ------->create dhcp pool for sta,pool name is user_ruijie
Ruijie(config-dhcp)#network 192.168.20.0 255.255.255.0 ------->assign these address to sta
Ruijie(config-dhcp)#default-route 192.168.20.1 ------->assign the gateway to sta
Ruijie(config-dhcp)#dns-server 8.8.8.8 ------->assign the dns to sta
Ruijie(config-dhcp)#exit
Step4:Configuring static routing
Ruijie(config)#ip route 1.1.1.1 255.255.255.255 192.168.30.2 ------->config static route, route to AC loopback0
Step5:Save configuration
Ruijie(config)#exit
Ruijie#write
3) Configuring access switch (SW2)
Step1:Configuring vlan, create ap vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 10
Ruijie(config-vlan)#exit
Step2:Configuring interface
Ruijie(config)#interface GigabitEthernet 0/1 ------->connect to AP120-W
Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk
Ruijie(config-int-GigabitEthernet 0/1)#switchport trunk native vlan 10 ---->config ap vlan as native vlan
Ruijie(config-int-GigabitEthernet 0/1)#exit
Ruijie(config)#interface GigabitEthernet 0/2
Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk ------->connect to SW1, trunk port
Step3:Save configuration
Ruijie(config-int-GigabitEthernet 0/2)#end
Ruijie#write
V. Verification
1) login ap120-w,look into the interface configuration, it shows as follow:
interface FastEthernet 0/1.100
encapsulation dot1Q 100
!
interface FastEthernet 0/2
encapsulation dot1Q 100
I. Requirements
1) AC and AP located in different site
2) The CAPWAP tunnel is established through NAT
II. Network Topology
III. Configuration Tips
1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"
2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step:
Ruijie>enable ------>enter the previlege mode
Ruijie#configure terminal ------>enter the config mode
Ruijie(config)#ap-mode fit ------>change to fit-mode
Ruijie(config)#end ------>exit the config mode
Ruijie#write ------>save the config
3) configuration guide summarize:
a. On AC site, configure AC to make sure it can connect to Internet;
b. Map AC's loopback0 ip into public ip, so that AP could establish capwap tunnel with AC by using public ip;
c. On AP site, translate the AP IP and User IP into public ip, so that AP could establish capwap tunnel with AC by using public ip, also user could access to internet resource.
IV. Configuration Steps
1) AC
Step1: configure vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 1 ------>the vlan using for AC interconnect with uplink device
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 200 ------>wireless user vlan
Ruijie(config-vlan)#
Step2: configure svi.
Ruijie(config)#interface vlan 200 ------>sta svi ( must config)
Ruijie(config-int-vlan)#exit
Step3: configure wlan-config, create ssid.
Ruijie(config)#wlan-config 1 NAT ------->wlan-config, id=1,SSID named NAT
Ruijie(config-wlan)#enable-broad-ssid ------->enable brocast ssid
Ruijie(config-wlan)#tunnel local ------->enable local forwarding,recommend config under NAT scene
Ruijie(config-wlan)#exit
Step4: configure ap-group, associate wlan-config id with vlan.
Ruijie(config)#ap-group default
Ruijie(config-ap-group)#interface-mapping 1 200 ------->“1”implied wlan-config,“200”implied sta vlan
Ruijie(config-ap-group)#exit
Step5: configure ip addree of ac uplink port and loopback 0
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254 ------->default route,192.168.1.254 is address of uplink device
Ruijie(config)#interface vlan 1 ------->config svi, layer3 communicate with uplink device
Ruijie(config-int-vlan)#ip address 192.168.1.253 255.255.255.0
Ruijie(config-int-vlan)#interface loopback 0 ------->config loopback0, using for capwap tunnel establish
Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.255 ------->1.1.1.1 should be translate to a public ip addree on egress router
Ruijie(config-int-loopback)#interface GigabitEthernet 0/1
Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk ------->connect to uplink device
Step6: Save changes
Ruijie(config-int-GigabitEthernet 0/1)#end
Ruijie#write
Other equipment of AC site
Configure the route to make sure AC can communicate with internet. AC loopback0 address could be forwarded (using NAT) on egress router.
Configuration guide:
a. Correctly config routing、vlan、interface and so on, each equipment could communicate wit
h each other;
b. Egress router config NAT, translate udp port 5246 & 5247 of ac loopback 0 address ( capwap address ) into public port, so that AP can establish capwap tunnel with AC successfully
2) SW1 (access switch, on AP site)
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 100 ------>config AP vlan
Ruijie(config-vlan)#vlan 200 ------>config sta vlan
Ruijie(config)#interface gigabitEthernet 0/1 ------>connect to ap
Ruijie(config-int-GigabitEthernet 0/1)#poe enable ------->enable poe (optional config, should be poe switch)
Ruijie(config-GigabitEthernet 0/1)#switchport mode trunk ------>trunk port,transmit ap vlan and sta vlan
Ruijie(config-GigabitEthernet 0/1)#switchport trunk native vlan 100 ------>config ap vlan as native vlan
Ruijie(config-GigabitEthernet 0/1)#interface gigabitEthernet 0/2 ------>connect to core-switch
Ruijie(config-GigabitEthernet 0/2)#switchport mode trunk ------>trunk port,transmit ap vlan and sta vlan
Ruijie(config-int-GigabitEthernet 0/2)#end
Ruijie#write
3) SW2 (core switch, on AP site)
Step1: config vlan, include sta vlan, interconnec vlan with egress router, ap vlan
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 10
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 100 ------>ap vlan
Ruijie(config-vlan)#exit
Ruijie(config)#vlan 200 ------>sta vlan
Ruijie(config-vlan)#exit
Step2: config svi
Ruijie(config)#interface VLAN 10 ------->interconnect address with egress router
Ruijie(config-int-vlan)#ip address 192.168.10.254 255.255.255.0
Ruijie(config-int-vlan)#exit
Ruijie(config)#interface vlan 100 ------->AP gateway
Ruijie(config-int-vlan)#ip address 192.168.100.254 255.255.255.0
Ruijie(config-int-vlan)#exit
Ruijie(config)#interface vlan 200 ------->user gateway
Ruijie(config-int-vlan)#ip address 192.168.200.254 255.255.255.0
Ruijie(config-int-vlan)#exit
Step3: config interface
Ruijie(config)# interface GigabitEthernet 0/1 ------->connect to egress router
Ruijie(config-int-GigabitEthernet 0/1)#switchport access vlan 10
Ruijie(config-int-GigabitEthernet 0/1)#interface GigabitEthernet 0/2
Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk ------->connect to sw1,transmit ap vlan and sta vlan
Ruijie(config-int-GigabitEthernet 0/2)#exit
Step4: config dhcp service, assign ip address to AP
Ruijie(config)#service dhcp ------->enable dhcp service
Ruijie(config)#ip dhcp pool AP_vlan ------->enable dhcp pool with name AP_vlan
Ruijie(dhcp-config)# option 138 ip 192.168.51.97 ----assign the capwap tunnel address, which is public address of AC loopback0
Ruijie(dhcp-config)# network 192.168.100.0 255.255.255.0 ------->assign the ip address to AP
Ruijie(dhcp-config)# default-router 192.168.100.254 ------->assign the gateway to AP
Ruijie(dhcp-config)#exit
Step5: config dhcp service, assign ip address to STA
Ruijie(config)#ip dhcp pool user_ruijie ------->enable dhcp pool with name user_ruijie
Ruijie(config-dhcp)#network 192.168.200.0 255.255.255.0 ------->assign the ip address to STA
Ruijie(config-dhcp)#default-route 192.168.200.254 ------->assign the gateway to STA
Ruijie(config-dhcp)#dns-server 218.85.157.99 218.85.152.99 ------->assign the dns to STA
Ruijie(config-dhcp)#exit
Step6: config routing
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1 ------->config static routing,route to egress router.
Step7: save routing
Ruijie(config)#exit
Ruijie#write
4) Configure R1 (Egress router on AP site)
a. configure routing, include default routing、static routing for AP and STA.
b. configure NAT, translate AP address into public address and route to R2 ( egress router on AC site);translate STA address into public address and could connect to internet.
V. Verification
1) STA connect to AP:
Ruijie#sh ac-config client by-ap-name
========= show sta status =========
AP : ap name/radio id
Status: Speed/Power Save/Work Mode, E = enable power save, D = disable power save
Total Sta Num: 1
STA MAC IPV4 Address AP Wlan Vlan Status Asso Auth Net Auth Up time
-------------- -------------- --------------------- ---------------- ----------- --------- ------------------ -------------
2.27b0.169f 192.168.200.1 1414.4b13.c248/1 1 200 65.0M/D/bn WPA2_PSK 0:00:02:06
2) Check AP config on AC:
Ruijie#sh ap-config summary
========= show ap status =========
Radio: E = enabled, D = disabled, N = Not exist
Current Sta number
Channel: * = Global
Power Level = Percent
Online AP number: 1
Offline AP number: 0
AP Name IP Address Mac Address Radio 1 Radio 2 Up/Off time State
AP name AP address AP mac-address 2.4G 5.8G AP connect time AP running state
---------------------------------------- --------------- -------------- ------------------- ------------------- -----------------
1414.4b13.c248 192.168.100.1 1414.4b13.c248 E 1 1* 100 E 0 149* 100 0:01:05:50 Run
Yes, it supports.
If the AP is on the NAT intranet,
You do not need to configure the static IP address mapping or port mapping for the AP. You just need to configure the source IP address conversion to ensure the connectivity between the AP and the AC.
If the AC is on the NAT intranet,
2. On the egress router, configure mapping for UDP ports 5246 (control channel) and 5247 (data channel) with an AC address indicated by option 138.
2. The IP address of the AC (optional 138 IP address) on the AP is the public network address of the AC after mapping.
If the AP and the AC are on its own NAT intranet, the above three configurations must be met.
(1) Communication between the AP and the AC is abnormal.
The AP fails to get the IP address.
The AP fails to get the Option 138 field.
The AP fails to ping the AC to create the tunnel.
The CAPWAP UDP ports 5246 and 5247 are discarded or filtered out by an intermediate device.
(2) The AC and AP are in abnormal status.
The AP cannot go online due to a high AC CPU usage.
show cpu
The AC license is insufficient.
show ac-config
show license
show ap-config summary
The AC and AP version span is large (recommend to use same version for AP and AC).
The AP name is not unique.
19 16:37:19: CD-AC4 %APMG-6-AP_ADD: Add AP(1414.4b5d.03af) fail. Online-AP(1414.4b5d.097f) with same name(XS10A4-1) has exist in this AC
Modifies name of online AP.
Collect the following information and contact Ruijie TAC.
(1) Collect the following information on the AC:
show version
show running
show ac-config
show license
show ap-config summary
show capwap sta
show cpu
show memory
show ip route
show ip interface brief
(2) Collect the following information on the AP:
show version
show ap-mode
show capwap sta
show ip route
show log
show capwap client state
When the link is normal and the AC has received the packet from the AP but the capwap tunnel cannot be established between the AP and the AC, run the show ap-config summary deny-ap command to display the specific cause or in combination with the logs displayed on the AC.
Ruijie#show ap-config summary deny-ap
Deny ap num: 1
Mac Address AP Name Reason
-------------- ---------------------------------------- -----------------
2.4b71.98a1 By conflict
By bind-ap-mac //The AP-MAC binding is rejected. The MAC whitelist bind-ap-mac is enabled on the AC but the MAC of this AP does not exist in ap-config.
By wtp-limit //Indicates that the maximum number of online APs has reached. A common cause is that the license is insufficient or the maximum number of online APs has reached. It is rarely caused by the wtp-limit configuration.
By conflict //Indicates that the AP name conflicts with the MAC name. It is because the AP name has already existed on the AC or other APs of this MAC are online or configured.
By deny-flag //The AC denies the AP to join it. A common cause is that deny-join is configured during networking and debugging.
By ap-auth //Indicates that the AP certification is restricted. Certification by the certificate, serial number or password is enabled on the AC but the AP does not carry any certification information.
By user-class //Indicates the APs belong to different classes. For example, SMB-AP can only access SMB-AC but cannot access ordinary ACs.
By overdue-ap //Indicates the AC has an expired AP. This problem is temporary generally. The AC will automatically clears expired APs and then the expired APs can join the AC again.
By master-ap-mac //Indicates that the satellite AP does not carry the master AP MAC. This problem is temporary generally and is caused by quick AP join during startup of the satellite AP.
By unknown //Indicates an unknown cause.
By radio num //Indicates that interconnection is not supported because the AP has too many RF interfaces. For example, the B7-version AC does not support AM5528.
By vendor id //Indicates that the interconnection is not supported because the AP of another vendor is used.
By new-ap-limit //Indicates that the number of the new APs reaches the upper limit. For example, WS5708 supports up to 100 B9-version APs of wave 2.
By local-limit //Indicates that the number of APs connected to the AC is limited due to the AC protection in VAC scenario. It is possibly because the switch load is unbalanced or the working ACs are insufficient.
By hot-backup //Indicates a hot-backup limit. For example, the AP uses the AP virtualization technology which does not support the hot-backup function. But hot-backup is enabled for this AP in the configuration.
By total-ap-num //The total number of APs (online + offline) and AP tunnels has reached the upper limit. Delete unwanted offline APs.
By none-radio //The AP is rejected because it does not carry radio. This problem is temporary generally and is caused by quick AP join during startup.
When the packet interaction between the AP and the AC is abnormal, capture packets from the intermediate line to locate the packet loss point and troubleshoot the wired network.
[Symptom]
The AC cannot distribute the configuration to the AP.
[Environment]
The AP goes online to the AC across the public network.
[Possible Causes]
(1) The AP does not go online.
(2) The software version conflicts.
(3) The extranet is restricted.
(4) The software has a fault (due to causes such as large version span).
[troubleshooting Steps]
(1) Remotely view whether the AP version is consistent with the AC version and whether the AP has gone online successfully.
(2) Run the show ap-conf run command to check whether the AP has joined the group and whether the active/standby configurations are consistent.
(3) Ping the AP to the AC. If the package size is 1500 bytes, the AC cannot be pinged. The dichotomic test result shows that the maximum package size that can be pinged is 1410 bytes. Modify the control tunnel MTU to 1410 to solve the problem:
ac-controller
capwap ctrl-mtu 1410
[Summary and Precautions]
In the cross-NAT go-online environment, the following problems may occur: the AC configuration cannot be issued, the tunnel cannot be established or is repeatedly established, and the terminal cannot be accessed. After troubleshooting, check whether the large-package communication between the AP and the AC is normal. For repeated tunnel establishment, check whether the NAT entry aging time of the egress is too short by testing the tunnel keepalive time.
[Symptom]
In cross-public-network mode, only part of APs can go online on the AC.
[Troubleshooting Steps]
(1) Check the network topology, wireless configuration and version.
A. Deploy the APs and the AC (a single AC, no active-standby ACs) across the public network. In hot-backup mode, check whether configurations of the active and standby ACs are the same. Configurations of normal APs and failed APs are exactly the same and the bind-ap-mac configuration is not set.
B. Requests of local users are locally forwarded, and gateway of APs and wireless users and the DHCP address pool are on the local aggregation switch. Troubleshot the local device.
C. The AC, normal APs and abnormal APs are all of the latest version, and online APs are of the same model. It means that the problem is not caused by the version and public network line of the carrier.
(2) Log on to the failed AP to check the AP mode and confirm whether any IP address is obtained. Check whether the large packet can be communicated on the tunnel used for the AP to ping the AC.
Onsite check finds that the failed APs are in fit mode, the IP address can be obtained, and the large packet can be communicated on the tunnel.
(3) After check, we do not find any configuration difference between the access switch and the normal and failed AP interfaces, and the switch is in normal status.
(4) Collect logs and debugs on the failed APs and the AC.
The failed APs are always sending discovery request packets. However, after the show capwap statistics command is run on the AC, the number of received discovery request packets does not increase. It is suspected that the discovery request packets are discarded by intermediate link. Since the APs go online cross the public network and there are normal and failed APs, the problem is not caused by the public network line. It may be caused by the local device.
(5) Check the local device topology, egress EG, aggregation switch, access AC, and APs and capture packets at the uplink interface of the aggregation switch. Discovery request packets of failed APs are found. It is suspected that the packets are discarded at the egress EG device. Because we cannot directly capture packets for analysis at the egress, it is suspected that the application cannot identify the packets or the packets are discarded because traffic of packets from the APs to the AC is too large, and thus some tunnels between APs and the AC cannot be created.
(6) Add the AP network segment to the egress device free of auditing and flow control, and place resources of users at this segment to the EG key channel for preferential forwarding. The test result shows that the failed APs can go online normally. After the resources are moved out of the key channel, the APs go offline after a period of time and cannot go online again.
[Cause]
Traffic on the key channel of the egress traffic control device is too large and thus the interaction packet for creating a tunnel between the AP and the AC is discarded.
[Solution]
Add traffic in the AP IP address segment to the key channel of EG egress, to ensure that the AP packets are preferentially forwarded.
[Other Operation Commands]
Ø On the AC, run the debug apmg join command to check whether the discovery request packet is received.
Ø On the AP, run the debug capwap client fsm command to check whether the packet is successfully sent.
Ø On the AP, run the debug capwap packet command to check whether the discover response packet is received. The prompt is displayed later.
If no response packet is received, run the following command on the AC:
debug efmp packet filter ipv4_sport range 5246 5247 counter 30
Ø If the AP tunnel cannot be created, run the following command on the AC to see whether a prompt is displayed:
debug efmp packet filter ipv4_sip host AP IP address ipv4_sport eq
10000 counter 10
run-system-shell
dmesg
Ø On the AC, run the show capwap ap tunnel id detail command to see the following information:
If the data port changes frequently, the traffic table is aging. You are recommended to adjust the channel keepalive time to a smaller value.
ap-config xxx
echo-interval xx (default: 30s; minimum: 5s; maximum: 255s)
[Symptom]
The AC and AP versions are the same but the AP cannot go online on the AC.
[Analysis]
2. View the log to check the CAPWAP tunnel status of the AP. The result shows the AP has communicated with the AC and its status after the join status is:
DTLS Teardown;
*Jan1 00:01:10: %CAPWAP-6-STATE_CHANGE: (peer - 1) [1.1.1.1] capwap state changed, from <DTLS Setup> to <Join>
*Jan1 00:01:10: %CAPWAP-6-STATE_CHANGE: (peer - 1) [1.1.1.1] capwap state changed, from <Join> to <DTLS TearDown>
2. After confirming the link between the AC and the AP is normal, run the show ap-config summary deny-ap command. The result shows that the fault reason is "By conflict", which means the AP name is not unique in the system and thus the AP cannot join the AC.
2. After you restore the default settings of the AP or change its name, the AP goes online successfully.
[Summary]
During the go-online process of the AP, the CAPWAP tunnel status is idle-->discover-->DTLS Setup-->Join-->config-->Data Check-->Run respectively. When the CAPWAP tunnel reaches the Run status, the AP has gone online successfully.
If the progress stops when the CAPWAP tunnel reaches the Join status, run the show ap-config summary deny-ap command to display the reason for access denying (the reason is not displayed when the AC version is 11.x and the AP version is 10.x due to a large version span).
The following are common causes for that the progress stops when the CAPWAP tunnel reaches the Join status:
(1) The AP name conflicts.
(2) The versions are inconsistent.
(3) The license is incorrect.
(4) The line has a fault.
(5) The AC has security restrictions, for example, bind-ap-mac.
[Symptom]
An offline AP is still displayed as "Online" on the AC.
[Analysis]
(1) Run the show run and show ap-configrun commands to display the configuration and check whether echo-interval is changed. (The default value is 30s.)
2. The result shows that the parameter value is still the default value. On the AC, run the show capwap index detail command several times. The keepalive value remains unchanged. It is suspected that the AP status is not updated on the AC because the keepalive function is disabled. Run the show capwap [ip addr] detail | inc Echo command. The result shows that the echo-interval is 0s.
AC-branch(config-ap)#show capwap 10.121.121.129 detail | in Echo
Echo interval is 0 secs, Dead interval is 0 secs Expire 4294967237 secs
2. Run the show cli record command to display the AC historical command records. The result shows that echo-interval disable is set for the AP-Group of the AP. Delete the configuration, the problem is solved.
[Summary]
This fault is caused by incorrect configuration of the hidden command. echo-interval disable is used to disable the echo function of the CAPWAP tunnel. After configuration, the AP echo function is disabled and the status of the AP is still displayed as "Run" after the AP goes offline. Besides, echo-interval disable is not displayed in the show run command.
The default echo interval between an AP and an AC is 30s. If the AC does not receive any echo packet from the AP within 30s, the AP goes offline.
The AP keeps alive the tunnel by sending an echo request every 30s. After receiving the echo request, the AC sends an echo response. If receiving no echo response within a certain period of time, the AP resends the echo request. The first retransmit starts at the 3rd second. When the time reaches the half of the echo interval, the AP deems that the tunnel is disconnected. The AP performs five retransmits within the 30s echo interval, that is, the 3rd second, 6th second, 12th second, 15th second, and 15th second.
Even if the echo interval is changed to another value, the calculation method for the retransmit time and count is still the same. The echo interval range is 5-255s, which is configured by the echo-interval *command in AP or AP group configuration mode.
I. Symptom
Most APs cannot go online, online APs often go offline and the tunnel status frequently changes.
II. Troubleshooting Steps
(1) Check the network topology, wireless configuration, version, and log.
The version configurations are consistent.
Oct 16 00:24:27: %CAPWAP-5-RETRANS_MAX: (*2) (peer - 47) [172.17.6.30 : 10000] reach maximum retransmit count [5], msg is [configuration update request], seq is [1], elem length is [34].
Oct 16 00:24:27: %CAPWAP-6-PEER_NOTIFY_DOWN: (*2) Peer <172.17.6.30 : 10000 : 5869.6cea.d18d> DOWN, reason <Retransmit MAX>.
The intermediate line may have a fault.
(2) Log on to the failed AP to check the AP mode and confirm whether any IP address is obtained. Check whether the large packet can be communicated on the tunnel used for the AP to ping the AC.
Packet loss is rare during AC ping on the AP. The intermediate line may have a loop or the broadcast traffic is too large.
(3) Log on to the AC and run the clear counters command to clear the interface traffic statistics. After show int counters summary is collected for three consecutive times, the broadcast packets at the interconnected interface increases quickly, as shown in the following figure:
(4) Log on to the interconnected core devices and run the clear counters command to clear the interface traffic statistics. After show int counters summary is collected for three consecutive times, the following figures are displayed:
A great amount of broadcast packets increase at the Te1/3/20, indicating that a loop may exist.
(5) After confirming that the device connected to the Te1/3/20 interface is the AP of the access switch, down the Te1/3/20 interface to check whether all the APs under the Te1/3/20 interface go online one after another and the network is recovered.
(6) Log on to the access switch and enable RLDP. It is found that one interface is in down state. Check connection status of the associated device. The result shows that the switch is a private switch and has a loop.
III. Cause
The switch connected to the access switch has a loop at a single port.
IV. Solution
shutdown the loop interface.
V. Summary
(1) When a tunnel cannot be established or is established repeatedly for some APs, a loop may exist. Even if no loop exists, packet loss is impossible when you ping the AC on the AP.
(2) After a similar fault occurs, check the fault scope and active-standby configuration consistency.
(3) If the load balancing policy is incorrectly configured in VAC, the AP may often go online and offline frequently or cannot go online.
(4) In case a loop exists, enable the tree generation or RLDP function and query the switch logs to check the information of the failed port having the loop.
Troubleshooting Method and Fault Information Collection for Tunnel Establishment Failure Due to the AP Fault
(1) Check the module and version of the AP and AC, and networking topology and solution.
(2) Run the following command to check whether the communication on loopback0 (or capwap ctrl-ip x.x.x.x) between the AP and the AC is normal:
(3) Check the logs on the AP and AC and collect the debug information about the AP and AC.
Log on to the AP:
show log //Collects the AP logs.
more ap_down.txt //Displays the cause for AP offline.
show capwap statistic //Collects the AP tunnel establishment status information. The information can be collected for multiple times, up to consecutive three times.
show capwap client state
//When the AP does not identify efmp, enable debug efmp for the run-system-shell configuration.
run-system-shell cd sbin
./efmp_demo &
exit
Collect the Debug Information
terminal monitor
debug capwap client fsm
debug capwap packet
debug efmp packet filter ipv4_sport range 5246 5247 count 30
Log on to the AC:
show log
show ap-config summary deny-ap
terminal monitor
debug capwap [apip] packet
debug apmg join
debug efmp packet filter ipv4_sport eq 5247 ipv4_sip host [apip] count 10
(4) If no log or debug information is returned from the device end, troubleshoot the intermediate line. Run the traceroute ip tunnel ip source [apip] command to trace the tunnel IP address record route on the AP to view which devices the AP packet has passed.
(5) Perform segmented packet capturing in the dichotomic method to check the sending and receiving of the packet that is used for establishing a tunnel between the AP and the AC and locate the packet loss point.
Yes. The following configurations must be set:
Ruijie(config)# ap-config ap-name
Ruijie(config-ap)# ap-vlan vlan-id (The vlan-id must be the ID of VLAN of the AP and wireless user and must be configured; otherwise, the wireless user cannot obtain the IP address.)
ap-vlan command parsing: In local forwarding mode, the vlan-id configured by this command must be same to that allocated by STA. The actual VLAN of STA is assigned by the access switch of the AP instead of the VLAN configured by this command or assigned by the vlan-group. If the ap-vlan command is not configured, VLAN 1 is used by default.
Note: In local forwarding mode, even when the wireless user resides on VLAN 1, ap-vlan id must be configured on the AP. Otherwise, the wireless user can obtain the IP address of the AP network segment but cannot obtain the IP address of VLAN 1.
Run the following command on AP 11.x:
Ruijie#debug fwd dump-mode
wlan 1 tunnel local
Besides, you can query the MAC address table of the connected AP interface on the access switch of the AP. In local forwarding mode, the MAC address table of the wireless user is displayed.
When the wireless user resides on VLAN 1 in local forwarding mode, the ap-vlan of the AP must be configured on the AC.
Ruijie(config)#ap-config 5869.6c84.b278 ---5869.6c84.b278 is the AP name.
Ruijie(config-ap)#ap-vlan 11 ---11 is the AP VLAN ID.
Scenario
The APs independently complete the conversation between 802.11 fames and 802.3 frames for communication between the wired and the wireless networks.
Advantage:No need to change the current wired network architecture, simple configuration
Disadvantage:Non-unified management and configuration
I. Requirements
Add a new AP to amplify the coverage of wireless network.
Fat AP brocast 2 ssids, STA can connect to each ssid
II. Network Topology
III. Configuration Tips
2.1 Connect console
2.2 Set AP mode fat
2.3 Create Vlan
2.4 Configure Dot1Q
2.5 Configure SSID
2.6 Configure Radio interface
2.7 Associate SSID
2.8 Configure MGMT IP and routing
2.9 Enable Broadcast
2.10 Configure Telnet
2.11 Configure switches
2.12 Other features of AP, like dhcp server、authentication of wireless and encapsulation method, and so on.
IV. Configuration Steps
Step1: Connect console
Default password:ruijie
Step2: Set AP mode fat
Default mode:fit
Ruijie>ap-mode fat
Step3:Create VLAN and dhcp server (ignore dhcp configuration when using other dhcp server)
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#vlan 1
Note:VLAN 1 is only of local meaning
Ruijie(config-vlan)#vlan 10 ------>create user vlan10
Ruijie(config-vlan)#vlan 20 ------>create user vlan20
Ruijie(config)#service dhcp ------>enable dhcp service
Ruijie(config)#ip dhcp excluded-address 172.16.10.253 172.16.10.254 ------>these address will not assign to user
Ruijie(config)#ip dhcp excluded-address 172.16.20.253 172.16.20.254
Ruijie(config)#ip dhcp pool test_10 ------>config dhcp pool named with test_10
Ruijie(dhcp-config)#network 172.16.10.0 255.255.255.0
Ruijie(dhcp-config)#dns-server 218.85.157.99
Ruijie(dhcp-config)#default-router 172.16.10.254
Ruijie(dhcp-config)#exit
Ruijie(config)#ip dhcp pool test_20 ------>config dhcp pool named with test_20
Ruijie(dhcp-config)#network 172.16.20.0 255.255.255.0
Ruijie(dhcp-config)#dns-server 218.85.157.99
Ruijie(dhcp-config)#default-router 172.16.20.254
Step4: Configure dot1q
Ruijie(config)#interface GigabitEthernet 0/1
Ruijie(config-if)#encapsulation dot1Q 1
Ruijie(config)#interface GigabitEthernet 0/1.10
Ruijie(config-if)#encapsulation dot1Q 10
Ruijie(config)#interface GigabitEthernet 0/1.20
Ruijie(config-if)#encapsulation dot1Q 20
Step5: Configure SSID
Ruijie(config)#dot11 wlan 10
Ruijie(dot11-wlan-config)#broadcast-ssid
Ruijie(dot11-wlan-config)#ssid ruijie1
Ruijie(config)#dot11 wlan 20
Ruijie(dot11-wlan-config)#broadcast-ssid
Ruijie(dot11-wlan-config)#ssid ruijie2
Step6: Configure Radio interface
Ruijie(config)#interface Dot11radio 1/0.1
Ruijie(config-if-Dot11radio 1/0.1)#encapsulation dot1Q 1
Ruijie(config)#interface Dot11radio 1/0.10
Ruijie(config-if-Dot11radio 1/0.10)#encapsulation dot1Q 10 ------>encapsulation vlan 10
Ruijie(config)#interface Dot11radio 1/0.20
Ruijie(config-if-Dot11radio 1/0.20)#encapsulation dot1Q 20 ------>encapsulation vlan 20
Ruijie(config)#interface Dot11radio 2/0.10
Ruijie(config-if-Dot11radio 2/0.10)#encapsulation dot1Q 10 ------>encapsulation vlan 10
Ruijie(config)#iinterface Dot11radio 2/0.20
Ruijie(config-if-Dot11radio 2/0.20)#encapsulation dot1Q 20 ------>encapsulation vlan 20
Step7:Associate SSID
Ruijie(config)#interface Dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#channel 1
Ruijie(config-if-Dot11radio 1/0)#power local 100
Ruijie(config-if-Dot11radio 1/0)#wlan-id 10
Config interface wlan id:10, SSID:ruijie1 // success log
Ruijie(config)#interface Dot11radio 1/0.1
Ruijie(config-if-Dot11radio 1/0.1)#wlan-id 20
Config interface wlan id:20, SSID:ruijie2 // success log
Ruijie(config)#interface Dot11radio 2/0
Ruijie(config-if-Dot11radio 2/0)#channel 149
Ruijie(config-if-Dot11radio 2/0)#power local 100
Ruijie(config-if-Dot11radio 2/0)#wlan-id 10
Config interface wlan id:10, SSID:ruijie1 // success log
Ruijie(config)#interface Dot11radio 2/0.1
Ruijie(config-if-Dot11radio 2/0.1)#wlan-id 20
Config interface wlan id:20, SSID:ruijie2 // success log
Note:Must follow up step 5、6、7 sequences exactly,check wifi signal after step 7
Step8:Configure MGMT IP and routing
Ruijie(config)#interface BVI 1 ------>configure MGMT IP address,vlan 1 map bvi 1
Ruijie(config-if)#ip address 172.16.1.253 255.255.255.0
Ruijie(config)#interface bvi 10
Ruijie(config-if-BVI 10)#ip address 172.16.10.253 255.255.255.0
Ruijie(config)#interface bvi 20
Ruijie(config-if-BVI 20)#ip address 172.16.20.253 255.255.255.0
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.254
Ruijie(config)#end
Ruijie#write
Step9:Enable Broadcast
Ruijie(config)#data-plane wireless-broadcast enable
Note:If dhcp server is configured on uplink equipment, please enable wireless brocast function on AP, otherwise, STA obtain dhcp address in unstable situation.
Step10:Config telnet
Ruijie(config)#line vty 0 4
Ruijie(config-line)#password ruijie
Ruijie(config-line)#exit
Ruijie(config)#enable password ruijie
Step11:Config switch
Access_switch:
Aggregate_switch(config)#vlan 1
Aggregate_switch(config-vlan)#exit
Aggregate_switch(config)#interface vlan 1
Aggregate_switch(config-VLAN 1)#ip address 172.16.1.254 255.255.255.0
Aggregate_switch(config)#interface vlan 10
Aggregate_switch(config-VLAN 10)#ip address 172.16.10.254 255.255.255.0
Aggregate_switch(config)#interface vlan 20
Aggregate_switch(config-VLAN 20)#ip address 172.16.20.254 255.255.255.0
Aggregate_switch(config-VLAN 20)#exit
Aggregate_switch(config)#interface gigabitEthernet 0/1 // downlink to AP
Aggregate_switch(config-GigabitEthernet 0/1)#switchport mode trunk
Access_switch(config)#interface gigabitEthernet 0/2 //access switch uplink
Access_switch(config-GigabitEthernet 0/2)#switchport mode trunk
Tip:
Vlan 10, “10”represent vlan-id 10; dot11 wlan 10, “10”represent wlan-id 10.
Vlan 20, “20”represent vlan-id 20; dot11 wlan 20, “20”represent wlan-id 20.
V. Verification
1) Check whether WIFI signal has been broadcasted or not with command “show dot mb” on AP.
2) Check WIFI signal strength with command “show dot a a” on AP.
3) Check ip address and ping gateway
Scenario
The APs independently complete the conversation between 802.11 fames and 802.3 frames for communication between the wired and the wireless networks.
Advantage:No need to change the current wired network architecture, simple configuration
Disadvantage: Non-unified management and configuration
I. Requirements
Add a new AP to amplify the coverage of wireless network.
Tip:Only applicable for AP110-W and AP120-W
II. Network Topology
Tip:Access switch should support to set trunk port and native vlan
III. Configuration Tips
2. AP telnet management
2. Enter privileged mode
2. Set AP to fit mode
2. Set enable pwd
2. Save config file
2. Reconnect telnet
2. Create Vlan
2. Config Wan interface Dot1Q
2. Create SSID
2. Create radio sub-interface
2. Associate SSID
2. Enable wireless Broadcast
2. IP setting and routing
2. Configure switches
IV. Configuration Steps
AP configure
Port indexing:
Note:AP130-W default mode: Fit.
Default IP: 192.168.110.1
Default PWD: ruijie
Firmware version: From 10.4(1b19)p2 173487 to the latest version
Fa0/1(locate in the back of panel) default IP:2.168.110.1/24
Fa0/2(locate in the front of panel) default IP:2.168.111.1/24
Firmware version: prior to 10.4(1b19)p2 173487
Fa0/1(locate in the back of panel) default IP:2.168.1.1/24
Fa0/2(locate in the front of panel) default IP:2.168.2.1/24
IV. Configuration Steps
Step1. AP telnet management (take the latest firmware for example)
1) Power on AP, connect PC to FA0/1(in the back)
:PC---POE---(FA0/1)AP
2) PC IP address: 192.168.110.2
3) Telnet to AP
telnet 192.168.110.1
User Access Verification
Password:ruijie
2. Enter privilege mode
Ruijie>enable
Password:apdebug
Ruijie#
2. Set ap to fat mode
Ruijie#ap-mode fat
apmode will change to FAT.
Note:after mode change,FA0/1、FA0/2 change to layer 3 port,FA0/1 IP address:2.168.110.1/24,FA0/2 IP address:2.168.111.1/24
2. Set enable password
Ruijie(config)#enable password ruijie
2. Save config file
Ruijie#write
2. Create vlan
Ruijie(config)#vlan 10 ------>wireless user1 vlan
Ruijie(config-vlan)#vlan 20 ------>wireless user2 vlan
Ruijie(config-vlan)#vlan 30 ------>wired user vlan
Note:VID 10 is only of local meaning
Ruijie(config-vlan)#exit
2. IP setting
Ruijie(config)#interface BVI 30 ------>bvi 30 map to vlan 30
Ruijie(config-if-bvi)#ip address 172.16.30.100 255.255.255.0
Ruijie(config-if-bvi)#interface Fastethernet 0/2
Ruijie(config-if- Fastethernet )#encapsulation dot1Q 30 ------>port 1 (in the front of panel) encapsulation vlan30
Ruijie(config-if- Fastethernet )#line vty 0 4 ------>configure telnet password
Ruijie(config-line)#password ruijie
Ruijie(config-line)#login
2. Reconnect
1) PC connect to FA0/2 (front panel)
PC-(FA0/2) AP
2) PC IP address 172.16.30.10
3) Telnet AP
telnet 172.16.30.100
User Access Verification
Password:ruijie
Ruijie>enable
Password:Ruijie
2. Configure interface fa0/1
Ruijie(config)#interface fastEthernet 0/1
Ruijie(config-if-FastEthernet 0/1)#encapsulation dot1Q 30 ------>should be consistent with fa0/2 vlan
Ruijie(config-if-FastEthernet 0/1)#interface fastEthernet 0/1.10
Ruijie(config-if-FastEthernet 0/1.2)#encapsulation dot1Q 10 ------> encapsulate sub-interface
Ruijie(config-if-FastEthernet 0/1.2)#interface fastEthernet 0/1.20
Ruijie(config-if-FastEthernet 0/1.3)#encapsulation dot1Q 20
2. Define SSID
Ruijie(config)#dot11 wlan 1
Ruijie(dot11-wlan-config)#ssid ruijie1 ------>SSID “ruijie1”
Ruijie(dot11-wlan-config)#vlan 10 ------>wireless user1 vlan
Ruijie(config)#dot11 wlan 2
Ruijie(dot11-wlan-config)#ssid ruijie2
Ruijie(dot11-wlan-config)#vlan 20
2. Create radio sub-interface
Ruijie(config)#interface dot11radio 1/0.10
Ruijie(config-subif)#encapsulation dot1Q 10 // encapsulte radio sub-interface
Ruijie(config-subif)#mac-mode fat
Ruijie(config-subif)#interface dot11radio 1/0.20
Ruijie(config-subif)#encapsulation dot1Q 20 // encapsulte radio sub-interface
Ruijie(config-subif)#mac-mode fat
2. Associate SSID
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#wlan-id 1
Ruijie(config)#interface dot11radio 1/0.1
Ruijie(config-if-Dot11radio 1/0.1)#wlan-id 2
Note: MUST follow step 9,10,11,12 sequences exactly. check wifi signal after step 12
2. Enable wireless broadcast
Ruijie(config)#data-plane wireless-broadcast enable
2. Configure routing
Ruijie(config)#ip route 0.0.0.0 0.0.0.0 172.16.30.1
2. Configure DHCP service (optional feature)
Ruijie(config)#service dhcp ------>enable dhcp service
Ruijie(config)#ip dhcp excluded-address 172.16.10.1
Ruijie(config)#ip dhcp excluded-address 172.16.20.1
Ruijie(config)#ip dhcp excluded-address 172.16.30.1
Ruijie(config)#ip dhcp excluded-address 172.16.30.100
Ruijie(config)#ip dhcp pool ruijie1
Ruijie(dhcp-config)#network 172.16.10.0 255.255.255.0
Ruijie(dhcp-config)#dns-server 218.85.157.99
Ruijie(dhcp-config)#default-router 172.16.10.1
Ruijie(dhcp-config)#exit
Ruijie(config)#ip dhcp pool ruijie2
Ruijie(dhcp-config)#network 172.16.20.0 255.255.255.0
Ruijie(dhcp-config)#dns-server 218.85.157.99
Ruijie(dhcp-config)#default-router 172.16.20.1
Ruijie(dhcp-config)#exit
Ruijie(config)#ip dhcp pool ruijie3
Ruijie(dhcp-config)#network 172.16.30.0 255.255.255.0
Ruijie(dhcp-config)#dns-server 218.85.157.99
Ruijie(dhcp-config)#default-router 172.16.30.1
Ruijie(config)#interface bvi 10
Ruijie(config-if-BVI 1)#ip address 172.16.10.253 255.255.255.0
Ruijie(config-if-BVI 1)#interface bvi 20
Ruijie(config-if-BVI 2)#ip address 172.16.20.253 255.255.255.0
2. Save config file
Ruijie(dhcp-config)#end
Ruijie#write
Access switch:
2. configure interface
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#interface fastEthernet 0/1
Ruijie(config-if-FastEthernet 0/1)#switchport mode trunk
Ruijie(config-if-FastEthernet 0/1)#interface fastEthernet 0/2
Ruijie(config-if-FastEthernet 0/2)#switchport mode trunk
2. Create vlan
Ruijie(config)#vlan 10
Ruijie(config-vlan)#vlan 20
Ruijie(config-vlan)#vlan 30
Ruijie(config-vlan)#exit
2. Save config file
Ruijie(config)#end
Ruijie#write
Core switch:
2. Configure interface
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#interface fastEthernet 0/2
Ruijie(config-if-FastEthernet 0/2)#switchport mode trunk
Ruijie(config-if-FastEthernet 0/2)#exit
2. Create vlan
Ruijie(config)#vlan 10
Ruijie(config-vlan)#vlan 20
Ruijie(config-vlan)#vlan 30
Ruijie(config-vlan)#exit
2. Configure gateway
Ruijie(config)#interface vlan 10
Ruijie(config-if-vlan 10)#ip address 172.16.10.1 255.255.255.0
Ruijie(config-if-vlan 10)#interface vlan 20
Ruijie(config-if-vlan 20)#ip address 172.16.20.1 255.255.255.0
Ruijie(config-if-vlan 20)#interface vlan 30
Ruijie(config-if-vlan 30)#ip address 172.16.30.1 255.255.255.0
Ruijie(config-if-vlan 30)#exit
2. DHCP service (optional feature)
Note: dhcp service can be configured in ap or core switch, reference to ap config in step 15
2. save config file
Ruijie(config)#end
Ruijie#write
V. Verification
1) Check WIFI signal strength
2) Check ip address and ping gateway
I. Requirements
To make limited network resources serve more users, ensure that the device supports the traffic rate limit function. When the data traffic accords with the committed rate, data packets are allowed to pass. When the data traffic does not accord with the committed rate, data packets are discarded.
II. Configuration Steps
Configuring Rate Limit on AC for Fit AP
AP based Rate Limit
Ruijie(config)#ap-config ap-name
Ruijie(config-ap)#ap-based { per-user-limit | total-user-limit } {down-streams | up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate
Assign 800KBps average data rate and 1600KBps burst data rate to each wireless user connected to AP RJAP.
Ruijie(config)#ap-config RJAP
Ruijie(config-ap)#ap-based per-user-l
imit down-streams average-data-rate 800 burst-data-rate 1600
Attention: The unit is 8K Bit = 1K Byte.
Wlan based Rate Limit
AC(config)#wlan-config wlan-id
AC(config-wlan)#wlan-based { per-user-limit | total-user-limit | per-ap-limit } {down-streams | up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate
Assign 800KBps average data rate and 1600KBps burst data rate to each wireless user connected to WLAN "1".
AC(config)#wlan-config 1 RL
AC(config-wlan)#wlan-based per-user-limit down-streams average-data-rate 800 burst-data-rate 1600
MAC based Rate Limit
AC(config)#ac-controller
AC(config-ac)#netuser mac-address { inbound | outbound } average-data-rate average-data-rate burst-data-rate burst-data-rate
Assign 800KBps average data rate and 1600KBps burst data rate to a single wireless user whose MAC address is 0001-0001-0001.
AC(config)#ac-controller
AC(config-ac)#netuser 0001.0001.0001 inbound average-data-rate 800 burst-data-rate 1600
Notes
The priority of Rate Limit
(1) Netuser
(2) wlan-based peruser
(3) ap-based peruser
III. Verification
2. Connect to wlan and have speed test
2. Display QOS status on AC, execute commands "show dot11 ratelimit"
AC#show dot11 ratelimit wlan
Wlan Id TT_up-a-rt TT_up-b-rt TT_dw-a-rt TT_dw-b-rt PU-up-a-rt PU-up-b-rt PU-dw-a-rt PU-dw-b-rt PA_up-a-rt PA_up-b-rt PA_dw-a-rt PA_dw-b-rt
------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
1 0 0 0 0 0 0 800 1600 0 0 0 0
AC#show dot11 ratelimit user
MAC Address up-a-rate up-b-rate down-a-rate down-b-rate
-------------- ------------ ------------ ------------ ------------
2.0001.0001 800 1600 0 0
AC#show dot11 ratelimit ap
AP name:test123, ratelimit info(unit:8kbps):
Upstream : average rate - 0, burst rate - 0
Downstream: average rate - 800, burst rate - 1600
Total-user-limit:
Upstream : average rate - 0, burst rate - 0
Downstream: average rate - 0, burst rate �C 0
2. Total speed limit will be devided equally among all online users when configuring "wlan-based perap" or "ap total-user" on ap.
I. Requirements
To make limited network resources serve more users, ensure that the device supports the traffic rate limit function. When the data traffic accords with the committed rate, data packets are allowed to pass. When the data traffic does not accord with the committed rate, data packets are discarded.
II. Configuration Steps
Configuring Rate Limit on Fat AP
AP based Rate Limit
Format: FatAP(config)#wlan-qos ap-based { per-user-limit | total-user-limit } { down-streams | up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate
Assign 800KBps average data rate and 1600KBps burst data rate to each wireless user connected to this AP.
FatAP(config)#wlan-qos ap-based per-user-limit down-streams average-data-rate 800 burst-data-rate 1600
Attention: The unit is 8K Bit = 1K Byte.
Wlan based Rate Limit
Format: FatAP(config)#wlan-qos wlan-based {wlan-id |ssid } { per-user-limit | total-user-limit } {down-streams | up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate
Assign 800KBps average data rate and 1600KBps burst data rate to each STA connected to Wlan ID 1.
FatAP(config)#wlan-qos wlan-based 1 per-user-limit down-streams average-data-rate 800 burst-data-rate 1600
MAC based Rate Limit
Format: FatAP(config)#wlan-qos netuser mac-address { inbound | outbound } average-data-rate average-data-rate burst-data-rate burst-data-rate
Assign 800KBps average data rate and 1600KBps burst data rate to a certain wireless user whose MAC address is 0001-0001-0001
Ruijie(config)#wlan-qos netuser 0001.0001.0001 inbound average-data-rate 800 burst-data-rate 1600
III. Verification
2. Connect to wlan and have speed test.
2. Display QOS status on Fat AP, execute commands "show dot11 ratelimit"
FatAP#show dot11 ratelimit wlan
Wlan Id TT_up-a-rt TT_up-b-rt TT_dw-a-rt TT_dw-b-rt PU-up-a-rt PU-up-b-rt PU-dw-a-rt PU-dw-b-rt PA_up-a-rt PA_up-b-rt PA_dw-a-rt PA_dw-b-rt
------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----------
1 0 0 0 0 0 0 800 1600 0 &n
Global / EN
