Compare Products

Hide

Clear All

VS

Home> Support> Downloads>

Ruijie RG-WLAN Implementation Cookbook (V4.1)

2020-08-13 View:
Catalog

      Device Management

1.1      System Management

Default Settings

ACNo default IP address.

APDefault IP address is 192.168.110.1(or 192.168.1.1), and both console & telnet password are "admin", default enable password is "apdebug"

 

Following wall AP have different default settings

AP120-W

In Fit mode, IP address of both LAN port and Uplink port IP are 192.168.110.1/24

In Fat mode, IP address of LAN port is 192.168.111.1/24; IP address of Uplink port is 192.168.110.1/24

AP110-W

IP address of Rear panel is 192.168.110.1/24

IP address of Front panel is 192.168.111.1/24

 

1.1.1     Console Management

Connect cables as below diagram

 

Cables

console cable, USB to RS232 cable 

 

 

 

 

 

Putty

Open software Putty, set baud rate to 9600

 

1.1.2     Telnet Management

I. Network Topology

 

II. Configuration Steps

Configuring Telnet& enable password on AC

Ruijie>enable

Ruijie#configure terminal

Ruijie(config)#interface vlan 1 

Ruijie(config-if-vlan 1)#ip address 192.168.1.1 255.255.255.0

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

Ruijie(config)#line vty 0 4

Ruijie(config-line)#password ruijie

Ruijie(config-line)#login

Ruijie(config)#enable password ruijie

 

Configuring Telnet & Enable password on AP

Console connect to device and set passwords, default ap-mode is fit.

User Access Verification

Password:                                              default password is "ruijie"

Ruijie>

Ruijie>enable

Password:                                              default password is "apdebug"

Ruijie#configure terminal

Ruijie(config)#interface bvi 1

Ruijie(config-if-bvi 1)#ip address 192.168.1.1 255.255.255.0

Ruijie(config-if-bvi 1)#interface gigabitEthernet 0/1

Ruijie(config-if-GigabitEthernet 0/1)#encapsulation dot1Q 1

%Warning: Remove all IP address.

Ruijie(config-if-GigabitEthernet 0/1)#exit

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2 

Ruijie(config)#line vty 0 4

Ruijie(config-line)#password ruijie

Ruijie(config-line)#login

Ruijie(config)#enable password ruijie

 

Note: when ap-mode change from fit to fat, the default password changes as follow:

User Access Verification

Password:                                              default password is "admin"

Ruijie>

Ruijie>enable

Password:                                              no default password

Ruijie#configure terminal

 

III. Verification

 

Save configuration

Ruijie(config)#end

Ruijie#write

 

Note:

windows7&8 telent client function is not enabled by default, you need to enable the telnet functionality.

Taking Windows 7 as an example:

Control panel - procedures and functions - to open or close the windows function - check the telnet client - select "to determine"

 

1.1.3     SSH Management

I. Network Topology

 

II. Configuration Steps

Configuring SSH on AC

Ruijie>enable

Password:

Ruijie#configure terminal         

Ruijie(config)#enable service ssh-server    

Ruijie(config)#crypto key generate dsa       

Choose the size of the key modulus in the range of 360 to 2048 for your

Signature Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]:                

% Generating 512 bit DSA keys. ..[ok]

Ruijie(config)#interface vlan 1  

Ruijie(config-if-VLAN 1)#ip address 192.168.1.1 255.255.255.0

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.2

Ruijie(config)#enable password ruijie

 

Method 1Login with password

Ruijie(config)#line vty 0 4

Ruijie(config-line)#password ruijie      

Ruijie(config-line)#login                          

Ruijie(config-line)#end                                                  

Ruijie#write   

Building configuration...

[OK]

Ruijie#                                                              

 

Method 2Login with username & password

Ruijie(config)#line vty 0 4       

Ruijie(config-line)#login local                                

Ruijie(config-line)#exit

Ruijie(config)#username admin password ruijie        

Ruijie(config)#end    

Ruijie#write      

Building configuration...

[OK]

Ruijie#        

 

III. Verification

Open Putty, choose Connection type "SSH", input IP address.                                                 

 

 

    To display SSH service status, execute following commands

      

 

1.1.4     Web Management

I. Network Topology

 

 

II. Configuration Steps

Configuring WEB GUI on AC

Ruijie#configure terminal       

Ruijie(config)#enable service web-server 

Ruijie(config)#vlan 1   

Ruijie(config-vlan)#interface vlan 1      

Ruijie(config-if-VLAN 1)#ip address 192.168.1.1 255.255.255.0

Ruijie(config-if-VLAN 1)#exit

Ruijie(config)#webmaster level ?

  <0-2>  Web auth privilege level (0 is the highest level)

Ruijie(config)#webmaster level 0 username ruijie password ruijie

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254

Note:

1.     AM5528 does not support web management.

1.     Only user “admin” and “ruijie” could be created on cli page, for other account, If you have the web management requirements, please create it on web interface, relative err prompt are shown as follow:

 

III. Verification

Visit web GUI at http://192.168.1.1, it is recommended that access WEB GUI with IE 8.0 and above version in compatible mode.

 

 

1.1.5     Forget IP Address of Wall AP

If administrator forgot IP address of Wall-AP, and do not want to recover factory setting, follow below steps:

1. Power on AP, and connect AP as below diagram:

1. Open packet capture tool, here take Wireshark as example:

1.     Check ARP packets, and 192.168.51.54 is correct IP

 

1.     Try to telnet AP

 

1.     If above method doesn't work, suggest to restore factory default.

 

1.2      Firmware Upgrade

1.2.1 Upgrade for RGOS 11.x

1.2.1.1    Upgrade AC & Fit AP (for 11.X)

I. Network Topology

 

II. Requirements

 

1.     Visit official website at www.ruijienetworks.com to request firmware.

 

1.     Run TFTP Server, and put AP&AC firmware in the same folder. Here take Ruijie TFTPServer as example.

 

 TFTP Server should be able to communicate with AC.

1. AC has built CAPWAP tunnel with APs

1. Read Release Note carefully, pay attention to the "upgrade file"

1. DO NOT restart or POWER OFF AC&AP during upgrades.

1. Login AC CLI via console, telnet or SSH.

 

III. Configuration Steps

Upgrading AC

AttentionIn hot-backup scenario, please remove all networks cables on ACs in case of synchronization issue caused by inconsistent firmware.

1.     Display current firmware version and backup relative configuration files.

Ruijie# copy flash:config.text tftp://192.168.1.100/config.text --->backup the configuration files of AC to TFTP Server.

Ruijie# copy flash:ap-config.text tftp://192.168.1.100/ap-config.text ---> backup the configuration of AP to TFTP Server.

 

Ruijie#show version detail

System description     : Ruijie 10G Wireless Switch(WS6008) By Ruijie Networks.

System uptime          : 0:02:15:24

System hardware version: 1.0

System software version: AC_RGOS 11.1(5)B80P3, Release(04131820)

System patch number    : NA

System software number : M20361001182017

System serial number   : 1234942570002

System boot version    : 2.0.19.97cfa98(161210)

System core version    : 2.6.32.355270930a6bde

System cpu partition   : 4-11

 

1.     Transfer new firmware to AC, execute below commands:

Ruijie#upgrade download tftp://192.168.1.100/rgos.bin

 

III. Verification

After reloading, execute command "show version" to verify firmware version.

Ruijie#show version detail

System description     : Ruijie 10G Wireless Switch(WS6008) By Ruijie Networks.

System uptime          : 0:02:15:24

System hardware version: 1.0

System software version: AC_RGOS 11.1(5)B80P3, Release(04131820)

System patch number    : NA

System software number : M20361001182017

System serial number   : 1234942570002

System boot version    : 2.0.19.97cfa98(161210)

System core version    : 2.6.32.355270930a6bde

System cpu partition   : 4-11

 

Upgrading Fit APs
Attention
Generally, the fit ap and ac can work normally only when the versions of them are consistent

1.     Display current ap firmware version on AC, execute commands "show version all"

Ruijie#show version detail

System description     : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.

System start time      : 1969-12-31 23:59:59

System uptime: 0:00:01:09

System hardware version: 1.10    ------>hardware version

System software version: AP_RGOS 11.1(5)B3, Release(02160403)------>software version

System patch number    : NA

System software number : M03112104042015

System serial number: G1GDB16019485

System boot version    : 1.1.1.6822c2a(140920)

System core version    : 2.6.32.ab930e7d22374b   

 

1.     To transfer AP new firmware to AC,  execute below commands:

Ruijie#copy tftp://192.168.1.100/330.bin flash:330.bin

Press Ctrl+C to quit

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Copy success

 

1.     To configure ap-serial,  execute below commands:

Ruijie(config)#ac-controller

Ruijie(config-ac)#active-bin-file flash:330.bin

Ruijie(config-ac)#ap-image auto upgrade

 

1.     After AP reloading, APs will establish CAPWAP tunnel with AC.

 

III. Verification

1.     Display AP upgrading progress,  execute commands "show ap-config updating-list"

Ruijie#show ap-config updating-list

AP NAME                                  AP PID          File Tx                  Time               AP Reset Ready

----------------------           ---------------     --------               ------------     -----------

AP330-I                                  AP330-I          20 %                 00:00:06               N

 

1.     Display current ap firmware version on AC,  execute commands "show version all"

Ruijie>show version     

System description     : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.

System start time      : 1970-01-01 00:00:01

System uptime: 0:00:01:52

System hardware version: 1.10

System software version: AP_RGOS 11.1(5)B5, Release(02182520)

System patch number    : NA

System serial number: G1GDB16019485

System boot version    : 1.1.1

 

1.2.1.2    Upgrade Fat AP (for 11.X)

I. Network Topology

 

 

        

 

II. Requirements

1.     Visit official website at www.ruijienetworks.com to request firmware.

 

1.     Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.

TFTP Server should be able to communicate with AP.

 

1. Read Release Note carefully, pay attention to the "upgrade file"

1. DO NOT restart or POWER OFF AP during upgrades.

1. Login AP CLI via console, telnet or SSH.

 

Attention: Wall APs, like AP130 (W2) & AP130L, do not have console port. See Device Management -->Conventions to learn the default IP address.

 

III. Configuration Steps

Upgrading FAT APs

 

1.     Backup configuration files to TFTP Server, and display current firmware version

Ruijie#copy flash:config.text tftp://192.168.1.100/config.text --->backup configuration files of AP to TFTP Server

 

Ruijie#show version detail  ---> check version

System description     : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.

System start time      : 1969-12-31 23:59:59

System uptime: 0:00:01:09

System hardware version: 1.10

System software version: AP_RGOS 11.1(5)B3, Release(02160403)

System patch number    : NA

System software number : M03112104042015

System serial number   : G1GDB16019485

System boot version    : 1.1.1.6822c2a(140920)

System core version    : 2.6.32.ab930e7d22374b

 

1.     Display current ap mode

AP320#show ap-mode

current mode: fat

AP320#

 

1.     Transfer new firmware to AP,  execute below commands:

Ruijie#upgrade download tftp://192.168.1.100/330-b5.bin

Upgrade the device must be auto-reset after finish, are you sure upgrading now?[Y/n]y

Running this command may take some time, please wait.

Please wait for a moment......

Press Ctrl+C to quit

!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!.!!!

 

Begin to upgrade the install package 330-b5.bin...   --->reload automatically

*Jan  1 00:03:52: %7: Upgrade processing is 10%

Uncompress file 330-b5.bin. .......

 

IV. Verification

After reloading,  execute command "show version"  to verify firmware version.

Ruijie#show version  detail

System description     : Ruijie Indoor AP330-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.

System start time      : 1970-01-01 00:00:01

System uptime: 0:00:01:09

System hardware version: 1.10

System software version: AP_RGOS 11.1(5)B5, Release(02182520)

System patch number    : NA

System software number : M20085306252015

System serial number   : G1GDB16019485

System boot version    : 1.1.1.6822c2a(140920)

System core version    : 2.6.32.720c78d1a03d63

 

1.2.2     Upgrade from RGOS 10.x to 11.x

 

1.2.2.1     Upgrade AC & Fit AP from 10.X to 11.X

I. Network Topology

 

II. Requirements

1.     Visit official website at www.ruijienetworks.com to request firmware..

 

1.     Run TFTP Server, and put AP&AC firmware in the same folder. Here take Ruijie TFTPServer as example.

 

 TFTP Server should be able to communicate with AC.

1. AC has built CAPWAP tunnel with APs

1. Read Release Note carefully, pay attention to the "upgrade file"

1. DO NOT restart or POWER OFF AC&AP during upgrades.

1. Login AC CLI via console, telnet or SSH.

 

III. Configuration Steps

Upgrading AC

AttentionIn hot-backup scenario, please remove all networks cables on ACs in case of synchronization issue caused by inconsistent firmware.

1.     Display current firmware version and backup relative configuration files.

Ruijie#copy flash:config.text tftp://172.18.158.204/config.text --->backup the configuration files of AC to TFTP Server.

Ruijie#copy flash:ap-config.text tftp://172.18.158.204/ap-config.text ---> backup the configuration of AP to TFTP Server.

 

 

1.     Transfer new firmware to AC,  execute below commands:

Ruijie#copy tftp://172.18.158.204/AC_RGOS10.x_TO_11.x(Mid)_G1C5-01_02172111.bin flash:rgos.bin

 

After reloading, execute command "show version" to verify firmware

 

1.     Because the configuration files will lost when upgrade to mid version, need to import the config.text, and test the connection between AC and terminal, then Downgrade AC to target version 11.x

Ruijie#upgrade download tftp://192.168.1.100/AC_RGOS11.1(5)B8_G1C5-01_03151003_install.bin

 

IV. Verification

 

       After reloading, execute command "show version" to verify firmware version

 

 

Upgrading Fit APs

1.     Transfer 11.x and mid version of AP to AC,  execute below commands:

Ruijie#copy tftp://172.18.158.204/AP_RGOS10.x_TO_11.x(Mid)_S2C3-01_02201910.bin flash:ap530-mid.bin

Ruijie#copy tftp://172.18.158.204/AP_RGOS11.1(5)B8_S2C3-01_03151007_install.bin flash:ap530.bin

 

1.     To configure ap-serial,  execute below commands:

Ruijie(config)#ac-controller

Ruijie(config-ac)#active-bin-file ap530-mid.bin   rgos10

Ruijie(config-ac)#active-bin-file ap530.bin

Ruijie(config-ac)#ap-serial ap530 AP530-I hw-ver 1.x 

Ruijie(config-ac)#ap-image ap530-mid.bin ap530

Ruijie(config-ac)#ap-image ap530.bin ap530

 

IV. Verification

1.     After reloading, execute command "show version" to verify firmware version

 

1.     After AP reloading, APs will build CAPWAP tunnel with AC.

 

1.2.2.2    Upgrade Fat AP from 10.X to 11.X

I. Network Topology

        

 

II. Requirements

1.     Visit official website at www.ruijienetworks.com to request firmware.

1.     Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.

 

TFTP Server should be able to communicate with AP.

1. Read Release Note carefully, pay attention to the "upgrade file"

1. DO NOT restart or POWER OFF AP during upgrades.

1. Login AP CLI via console, telnet or SSH.

 

Attention: Upgrade from 10.X to 11.X, configuration will lost, backup the configuration before downgrading; need to downgrade to mid version first.

 

III. Configuration Steps

Upgrading FAT APs

1.     Backup configuration files to TFTP Server, and display current firmware version

Ruijie#copy flash:config.text tftp://192.168.111.2/config.text --->backup configuration files of AP to TFTP Server

 

 

1.     Display current ap mode

Ruijie#show ap-mode

current mode: fat

 

1.     Transfer new firmware to AP,  execute below commands:

Ruijie#copy tftp://192.168.111.2/AP_RGOS10.x_TO_11.x(Mid)_S2C3-01_02201910.bin flash:rgos.bin

Upgrade the device must be auto-reset after finish, are you sure upgrading now?[Y/n]y

Running this command may take some time, please wait.

Please wait for a moment......

Press Ctrl+C to quit

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

Verification

 

1.     downgrade to target version 11.x

Ruijie# upgrade download tftp://192.168.111.2/AP_RGOS11.1(5)B8_S2C3-01_03151007_install.bin

 

1.      reload and verification

 

1.2.3     Downgrade from RGOS 11.x to 10.x

1.2.3.1    Downgrade the AC & Fit AP from 11.X to the 10.X

I. Network Topology

 

        

II. Requirements

1.     Visit official website at www.ruijienetworks.com to request firmware.

1.     Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.

 

 TFTP Server should be able to communicate with AP.

1. Read Release Note carefully, pay attention to the "upgrade file"

1. DO NOT restart or POWER OFF AP during upgrades.

1. Login AP CLI via console, telnet or SSH.

 

Attention: Downgrade from 11.X to 10.X, configuration will lost, backup the configuration before downgrading; need to downgrade to mid version first.

 

III. Configuration Tips

Downgrading FIT APs

1.     Backup configuration files on ac

1.     Transfer mid version of AP to AC

TFTP Server should be able to communicate with AC.

1.     Active version of AP

1. Read Release Note carefully, pay attention to the "downgrade file"

1. DO NOT restart or POWER OFF AC&AP during upgrades.

1. Login AC CLI via console, telnet or SSH.

 

IV. Configuration Steps

Downgrading AC

AttentionIn hot-backup scenario, please remove all networks cables on ACs in case of synchronization issue caused by inconsistent firmware.

1.     Display current firmware version

 

Downgrading Fit APs
1.  To transfer AP new firmware to AC, execute below commands:

Ruijie#copy tftp://192.168.1.100/AP_RGOS11.1(2)B1_AP320_v2.0_degrade.bin flash:320-mid.bin

 

2      To configure ap-serial,  execute below commands:

Ruijie#config terminal

Ruijie(config)#ac-controller

Ruijie(config-ac)#active-bin-file 320-mid.bin

Ruijie(config-ac)#ap-serial ap320 AP320-I hw-ver 1.x

Ruijie(config-ac)#ap-image ap320-mid.bin ap320

Ruijie(config-ac)#end

Ruijie#wr

 

1.     telnet APs and verify the current version

Ruijie#show version

System description     : Ruijie Indoor AP320-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.

System start time      : 1970-01-01 0:0:0

System uptime: 0:0:0:44

System hardware version: 1.10

System software version: RGOS 10.4(1b19)p2, Release(175879)

System boot version    : 10.4.155446(Master), 10.4.155446(Slave) -àmid version of AP

System serial number   : G1GDC13025434

 

1.     Downgrade AC from 11.X to 11.X_to_10.X(Mid),  execute below commands:

Ruijie#upgrade download tftp://172.18.158.204/AC_RGOS11.x_TO_10.x(Mid)_G1C5-02_02172016.bin force

 

Verification

After reloading, execute command "show version" to verify firmware

       

1.     Because the configuration files will lost when downgrade to mid version, need to import the config.text, and test the connection between AC and terminal, then Downgrade AC to target version 10.x

Ruijie#copy tftp://172.18.158.205/WLAN-AC-50XX_10.4(1b19)p2_R179742.bin flash:rgos.bin

Ruijie#reload

 

     Verification

     

 

1.     After downgrading the AC, the configuration will loss, need to import the ac configuration.

Ruijie#copy tftp://192.168.1.100/config.text flash:config.text

Ruijie#copy tftp://192.168.1.100/ap-config.text flash:ap-config.text

Ruijie#reload 

 

1.     Downgrade AP to target version 10.x

Ruijie#copy tftp://192.168.1.100/AP320_10.4(1b19)p2_R179742.bin flash 320I.bin

Ruijie#configure terminal

Ruijie(config)#ac-controller

Ruijie(config-ac)#active-bin-file 320I.bin

Ruijie(config-ac)#ap-serial ap320 AP320-I hw-ver 1.x

Ruijie(config-ac)#ap-image 320I.bin ap320

Ruijie(config-ac)#end

Ruijie#wr

 

V. Verification     

Ruijie#show version

System description     : Ruijie Indoor AP320-I (802.11a/n and 802.11b/g/n) By Ruijie Networks.

System start time      : 2015-01-05 12:37:41

System uptime: 4:0:24:8

System hardware version: 1.10

System software version: RGOS 10.4(1b19)p2, Release(179742)

System boot version    : 10.4.155446(Master), 10.4.155446(Slave)

System serial number   : G1GD91300419A

 

1.2.3.2    Downgrade the Fat AP from 11.X to the 10.X

I. Network Topology

 

        

II. Requirements

1.     Visit official website at www.ruijienetworks.com to request firmware.

1.     Run TFTP Server, and put AP firmware in the same folder. Here take Ruijie TFTPServer as example.

 

TFTP Server should be able to communicate with AP.

1. Read Release Note carefully, pay attention to the "upgrade file"

1. DO NOT restart or POWER OFF AP during upgrades.

1. Login AP CLI via console, telnet or SSH.

 

Attention: Downgrade from 11.X to 10.X, configuration will lost, backup the configuration before downgrading; need to downgrade to mid version first.

 

III. Configuration Steps

Downgrading FAT APs

1.     Backup configuration files to TFTP Server, and display current firmware version

Ruijie#copy flash:config.text tftp://192.168.111.2/config.text --->backup configuration files of AP to TFTP Server

 

 

1.     Display current ap mode

Ruijie#show ap-mode

current mode: fat

 

1.     Transfer new firmware to AP, execute below commands:

Ruijie#upgrade download tftp://192.168.111.2/AP_RGOS11.x_TO_10.x(Mid)_S2C3-01_02180712.bin

Upgrade the device must be auto-reset after finish, are you sure upgrading now?[Y/n]y

Running this command may take some time, please wait.

Please wait for a moment......

Press Ctrl+C to quit

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

*Jan  1 00:04:27: %7:

*Jan  1 00:04:27: %7: Begin to upgrade the install package AP_RGOS11.x_TO_10.x(Mid)_S2C3-01_02180712.bin...

*Jan  1 00:04:27: %7: Upgrade processing is 10%

RG-UPGRADE:package.c:621]Old md5 value(/rootfs.ubi):

[RG-UPGRADE:rpm_opt.c:374]:e2d4e747428247db1ca518ade88d0bb1

 

Verification

 

1.     downgrade to target version 10.x

Ruijie#copy tftp://192.168.111.2/AP530-PPC_10.4(1b19)p2_R179742.bin flash:rgos.bin

 

1.     reload and verification

 

1.2.4     Recover Firmware under BOOT

1.2.4.1    AC & AP with Console Port

I. Network Topology

 

II. Requirements

1. Generally, we recover firmware under BOOT mode if we deletes firmware on Main Mode by mistake, firmware broken or any other unknown reasons that devices cannot boot up and enter Main Mode.

1. Finish reading Device Management --> System Management --> Firmware Upgrade, have knowledge of how to transfer firmware with TFTP server.

1. It's applicable for both AC and APs with console port. Not applicable for Wall APs without console port.

Note: remember to turn off Windows Defender protection and system firewall.

 

III. Configuration Steps

1.     Restart devices,   press "CTRL + C"  when system prompts,  enter BOOT Mode, Input 0

1.     Input 1, then upgrade firmware with the following steps.

1. Input "yes"   

 

1. Press "CTRL+Z" return to upper level, then choose "2" to run main

 

IV. Verification

Devices succeed to enter Main mode, execute command "show version", check the firmware version.

Ruijie#show version

 

1.2.4.2    Wall AP without Console Port

I. Network Topology

 

 

II. Requirements

1. Generally, we recover firmware under BOOT mode if we deletes firmware on Main Mode by mistake, firmware broken or any other unknown reasons that devices cannot boot up and enter Main Mode.

1. Finish reading Device Management --> System Management & --> Firmware Upgrade, have knowledge of how to transfer firmware with TFTP server.

        

III. Configuration Steps

1.     Open Wireshark, load a packet capture process as below.  AP 192.168.64.163 lost firmware and is requesting 192.168.64.1 for firmware.

 

1.  Assign IP address 192.168.64.1 to laptop, enable TFTP Server and also prepare the firmware.

 

1.     Edit a notepad name as "FileList.txt", put it in the same folder as shown above,   the content is the firmware name you're going to transfer

1. AP will begin downloading firmware soon, verify by viewing TFTP Server connection status.

1. AP will reload when finish recovering firmware

 

IV. Verification

Login AP via telnet and AP is recovered.

1.3      Password Recovery

1.3.1     Recover AC &Fat AP password

I. Network Topology

 

II. Requirements

1. Finish reading System Management --> Console Management.

1. Login AC CLI via Console.

 

III. Configuration Steps

Recovering AC password (configuration file remains)

1. Power off AC, then power up.

1. Press CTRL + C, enter CTRL mode.

 

1. Input CTRL+Q, enter uboot mode. And then input "main_config_password_clear"

 

1. Device will reload automatically.

 

1.     When finish reloading, enter CLI without input password.

Note: The default timeout period is 10min. Please change your password before time out.

 

1.     Change password, and then use the command “wr” to save your configuration.

 

1.     save configuration

 

Re-login AC, execute commands "show runing-config" to check configurations.

 

1.4      Restore Factory Default

1.4.1     Restoring AC & FAT AP

I. Requirements

1. Finish reading Device Management --> System Management

1. Login CLI via console, telnet or SSH

 

II. Configuration Steps

Execute command "dir" to check file system

Ruijie#dir

    Mode Link      Size               MTime Name

-------- ---- --------- ------------------- ------------------

            1      1600 1970-01-02 01:31:10 config.text

            1     11729 2015-06-18 02:03:26 cw_teardown_info.txt

   <DIR>    1         0 1970-01-01 00:00:00 dev/

            1        33 2015-06-03 00:04:25 dhcp_bind.dat

   <DIR>    4         0 1970-01-01 00:00:18 pkistore/

   <DIR>    5         0 1970-01-01 00:00:11 portal/

   <DIR>    0         0 1970-01-01 00:00:00 proc/

   <DIR>    1         0 1970-01-01 00:00:01 ram/

            1      1529 2015-03-09 16:31:28 reset.txt

            1   8359680 2015-03-09 16:31:26 rgos.bin

   <DIR>    2         0 1970-01-01 00:00:08 tmp/

            1    150740 1970-01-01 00:00:12 ucs_big5.db

            1    239708 1970-01-01 00:00:12 ucs_gb.db

   <DIR>    4         0 1970-01-01 00:00:12 web/

            1   2766752 1970-01-01 00:00:10 web_management_pack.upd

--------------------------------------------------------------

12 Files (Total size 12243866 Bytes), 7 Directories.

Total 132120576 bytes (126MB) in this device, 115515392 bytes (110MB) available.

 

"config.text" is configuration file, execute commands "del config.text" to set factory default

Ruijie#del config.text

Are you sure you want to delete "config.text"?[Yes/No]y 

Ruijie#reload

Processed with reload? [no]y

 

After reloading, execute commands "show running-config" to check configuration.

 

1.4.2     Restoring FIT AP

I. Requirements

1. Finish reading Device Management --> System Management

1. Login CLI via console, telnet or SSH

 

 

II. Configuration Steps

Restore Factory Default

AC#conf t

AC(config)#ac-controller

AC(config-ac)#reset ?

all     Reset the all APs in this AC.

single  Reset the single ap.

 

Then the fit ap will restart automatically.

 

III. Verification

After reloading, execute commands "show running-config" to check configuration.

 

1.4.3     Restoring WALL AP

Especially, for Wall AP including AP110W, AP120W, AP130W

Long press "reset" button more than 8 seconds to set factory default.

 

 

1.5      Backup Configuration

1.5.1     Backup to Flash

I. Requirements

1. Finish reading System Management

1. Login device CLI via Console, telnet or SSH.

 

II. Configuration Steps

Execute command "dir" to check file system

WS6008#dir

Directory of flash:/

Number  Properties   Size               Time                    Name

------  ----------  ------    ------------------------  --------------------

  1       drwx      160B      Mon Oct 10 19:27:37 2016  dev                

  2       drwx      160B      Mon Mar 21 17:32:15 2016  rep                

  3       drwx      224B      Mon Mar 21 17:32:16 2016  var                

  4       drwx      160B      Mon Oct 10 19:27:40 2016  addr               

  5       -r--      4.1k      Wed Nov  2 16:27:00 2016  tmp_env.txt        

  6       -rwx      5.0k      Mon Mar 21 17:32:36 2016  hwd.db             

  7       -rw-      2.9k      Tue Oct 11 12:39:39 2016  virtual_switch.text

  8       drwx      304B      Mon Mar 21 17:32:42 2016  security           

  9       -rwx      180B      Fri Nov  4 16:48:45 2016  config_vac.dat     

 10       -rw-      14.8k     Fri Nov  4 16:48:46 2016  config.text        

 11       -rwx      384B      Thu Sep 29 10:21:54 2016  LIC-WLAN-AP-3200000003956646.lic

 12       -rwx      18B       Mon Sep 26 17:35:26 2016  test.txt           

 13       -rw-      718B      Tue Oct 11 09:14:18 2016  ap-standalone.text 

 14       -rwx      696B      Mon Mar 21 17:32:30 2016  httpd_cert.crt     

 15       -rwx      21B       Fri Nov  4 16:48:45 2016  syslog_rfc5424_flag.txt

 16       drwx      424B      Tue Mar 29 16:50:43 2016  portal             

 17       -rwx      44.4M     Mon Oct 31 18:20:17 2016  AM_RGOS11.1(5)B9_G1B5-01_03211300_install.bin

 18       -rwx      620B      Tue Oct 11 12:39:27 2016  rsa_private.bin    

 19       -rwx      336B      Sun Oct 30 15:32:36 2016  dsa_private.bin    

 20       -rw-      5.8k      Thu Jun 30 14:35:03 2016  text.bak           

 21       -rwx      384B      Wed Oct 12 17:17:05 2016  LIC-WLAN-AP-3200000003466646.lic

 22       drwx      296B      Thu Oct 13 13:45:02 2016  upgrade            

 23       drwx      160B      Fri Nov  4 09:36:26 2016  tech_vsd0          

 24       drwx      448B      Thu Sep 29 11:24:06 2016  rg_licns           

 25       drwx      312B      Mon Oct 10 19:57:36 2016  syslog             

 26       -rw-      147B      Tue Oct 11 12:39:39 2016  ap-virtual_switch.text

 27       -rw-      723B      Fri Nov  4 16:48:46 2016  ap-config.text     

 28       -rwx      187.1k    Fri Nov  4 18:27:03 2016  log-13-may-5.txt   

 29       -rwx      77.8M     Mon Oct 31 20:23:11 2016  AC_RGOS11.1(5)B9_G2C6-01_03201812_install.bin.up.tmp

 30       -rwx      887B      Mon Mar 21 17:32:30 2016  httpd_key.pem      

 31       -rw-      8.9k      Tue Oct 11 09:14:18 2016  standalone.text    

21 files, 10 directories

281,903,104 bytes data total (155,267,072 bytes free)

536,870,912 bytes flash total (155,267,072 bytes free)

 

"config.text" is configuration file, execute commands "copy flash:config.text flash:config.bak" to backup configuration file

"ap-config.text" is ap configuration file, execute commands "copy flash:ap-config.text flash:ap-config.bak" to backup ap configuration file

Ruijie#

Ruijie#copy flash:config.text flash:config.bak

Ruijie#copy flash:ap-config.text flash:ap-config.bak

 

III. Verification

To view backup file, execute command "dir" to display filesystem. The file size should match.

WS6008#dir

Directory of flash:/

Number  Properties   Size               Time                    Name

------  ----------  ------    ------------------------  --------------------

  1       drwx      160B      Mon Oct 10 19:27:37 2016  dev                

  2       drwx      160B      Mon Mar 21 17:32:15 2016  rep                

  3       drwx      224B      Mon Mar 21 17:32:16 2016  var                

  4       drwx      160B      Mon Oct 10 19:27:40 2016  addr               

  5       -r--      4.1k      Wed Nov  2 16:27:00 2016  tmp_env.txt        

  6       -rwx      5.0k      Mon Mar 21 17:32:36 2016  hwd.db             

  7       -rw-      2.9k      Tue Oct 11 12:39:39 2016  virtual_switch.text

  8       drwx      304B      Mon Mar 21 17:32:42 2016  security           

  9       -rwx      180B      Fri Nov  4 16:48:45 2016  config_vac.dat     

 10       -rw-      14.8k     Fri Nov  4 16:48:46 2016  config.text        

 11       -rwx      384B      Thu Sep 29 10:21:54 2016  LIC-WLAN-AP-3200000003956646.lic

 12       -rwx      18B       Mon Sep 26 17:35:26 2016  test.txt           

 13       -rw-      718B      Tue Oct 11 09:14:18 2016  ap-standalone.text 

 14       -rwx      696B      Mon Mar 21 17:32:30 2016  httpd_cert.crt     

 15       -rwx      21B       Fri Nov  4 16:48:45 2016  syslog_rfc5424_flag.txt

 16       drwx      424B      Tue Mar 29 16:50:43 2016  portal             

 17       -rwx      44.4M     Mon Oct 31 18:20:17 2016  AM_RGOS11.1(5)B9_G1B5-01_03211300_install.bin

 18       -rwx      620B      Tue Oct 11 12:39:27 2016  rsa_private.bin    

 19       -rwx      336B      Sun Oct 30 15:32:36 2016  dsa_private.bin    

 20       -rw-      14.8k     Fri Nov  4 19:08:10 2016  config.bak         

 21       -rw-      5.8k      Thu Jun 30 14:35:03 2016  text.bak           

 22       -rwx      384B      Wed Oct 12 17:17:05 2016  LIC-WLAN-AP-3200000003466646.lic

 23       drwx      296B      Thu Oct 13 13:45:02 2016  upgrade            

 24       drwx      160B      Fri Nov  4 09:36:26 2016  tech_vsd0          

 25       drwx      448B      Thu Sep 29 11:24:06 2016  rg_licns           

 26       -rw-      723B      Fri Nov  4 19:08:21 2016  ap-config.bak      

 27       drwx      312B      Mon Oct 10 19:57:36 2016  syslog             

 28       -rw-      147B      Tue Oct 11 12:39:39 2016  ap-virtual_switch.text

 29       -rw-      723B      Fri Nov  4 16:48:46 2016  ap-config.text     

 30       -rwx      187.1k    Fri Nov  4 18:27:03 2016  log-13-may-5.txt   

 31       -rwx      77.8M     Mon Oct 31 20:23:11 2016  AC_RGOS11.1(5)B9_G2C6-01_03201812_install.bin.up.tmp

 32       -rwx      887B      Mon Mar 21 17:32:30 2016  httpd_key.pem      

 33       -rw-      8.9k      Tue Oct 11 09:14:18 2016  standalone.text    

23 files, 10 directories

281,903,104 bytes data total (155,394,048 bytes free)

536,870,912 bytes flash total (155,394,048 bytes free)

 

Tips: To read text file in CLI, exeute command "more config.bak"

WS6008#more config.bak

version AC_RGOS 11.1(5)B9, Release(03201812)

hostname WS6008

!

wlan-config 1 cmcp

 ssid-code utf-8

!

wlan-config 2 Eweb_BA832

 ssid-code utf-8

 band-select enable

 schedule session 2

!

wlan-config 3 Eweb_BA833

 ssid-code utf-8

!

wlan-config 4 oversea123

 ssid-code utf-8

!

wlan-config 5 Eweb_BA835

 ssid-code utf-8

!

wlan-config 13 test-for-sec

!

wlan-config 55 AM5528

 band-select enable

1.5.2     Backup to TFTP Server

I. Network Topology

 

        

II. Requirements

1. Finish reading System Management

1. Login device CLI via Console, telnet or SSH.

1. Run TFTP software in the PCs

1. TFTP Server is able to communicate with device

 

III. Configuration Steps

To copy files in flash to TFTP Server, execute commands "copy flash:config.text tftp:"

Ruijie#copy flash:config.text tftp://192.168.1.100/config.text

 

IV. Verification

The backup configuration file will be copied to TFTP Server.

 

1.6      License Application

Problem: Wireless license import failed.

 

Solution:

1.     Confirm whether the SN is correct via the official website.

 

After login successfully, input authorization code, and then click “search” to check whether the relative device SN is consistent with the practical SN.

 

1.     If the root case is the incorrect SN, unbind the License first

Step1:

Visit official website (http://www.ruijienetworks.com/service/License.aspx ), unbind License files.

 Click "Service" ->”Support” ->"Product Licensing" ->choose "WLAN" for wireless license unbinding. Choose “Unbind License”-> choose “Wireless”-> click “Unbind License”, then click ”Complete” after filling  in product info.

Note: Before unbinding the license files, you should register first if you do not have an account for login.

 

Then in the pop-up dialog box,  click “finish” to submit an application.

 

Step2: After completing the application, submitted it to TAC for application via e-mail account: service_rj@ruijienetworks.com. And then waiting for approval.

Click "Service" ->”Support” ->"Product Licensing" ->choose "WLAN" for wireless license unbinding. Choose “Unbind License”-> choose “Wireless”-> Check the approval status, if approved, customer can apply for a new license with the original S/N.

 

 

Warm prompt:

After unbind the license successfully, if you have the requirement of Wireless License Registration, please follow the following steps to apply for new license.

Step1: Obtain the license register number.

Open the attachment in the Authorization Letter to obtain the Authentication Code..

 

Or obtain the authentication code from the CD. There is a pdf file in the CD which is shown as follow:

 

Step2: Visit the official website, bind License files.

Click "Service" ->”Support” ->"Product Licensing" ->choose "WLAN" for wireless license binding, after filling in the information, click “Complete”, it will jump to the download page of. lic file.

 

Step3: Install the authorization document

Note: If the license obtained by user is a. lic file, install the license with the following way

 i) Upload the local license file to the wlc.

 Configuration Example:

Ruijie#copy tftp://192.168.64.2/LIC-WLAN-AP-800000015692434.lic flash:/LIC-WLAN-AP-  800000015692434.lic

Press Ctrl+C to quit

!

Copy success.

 

 

ii) Install license file

 Configuration Example:

Ruijie# license install flash:LIC-WLAN-AP-800000015692434.lic

 Are you sure to install this license[y/n]:y

Success to install license file, service name: LIC-WLAN-AP-8.

 

Step3: Install the authorization document

Note: If the license obtained by user is a license key, install the license with the following way

i) The following shows the similar format of the license obtained by the user

            XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX

Record the generated license key, connect to the wlan-ac device, and use the set license license command. If it prompts it is correct, the register application is successful. If it prompts the error, contact the Ruijie Customer Service center for the related consultation.

 

ii) Configure the License Basic Features

Configuration Example:

Ruijie# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Ruijie(config)# set license AAAA-BBBB-CCCC-DDDD-EEEE-FFFF-GGGG-HHHH  

 

Verification

Showing the License Configuration, you could find you have add new license successfully.

Ruijie# show license

1.7      FAQ

1.7.1     what traffic is need to be allowed to pass the firewall between the AC and the RADIUS server?

Interaction between the AC and the RADIUS server is generally based on the RADIUS protocol and SNMP. The ports to be opened are:

RADIUS port: Based on UDP. The default authentication port is 1812 and the default accounting port is 1813, which are both on the RADIUS server.

SNMP port: Based on UDP. The port is 161, which is on the AC.

1.7.2     How to kick a user offline

Check the user's MAC address:         

WS#show ac-con client by-ap-name

Total Sta Num : 4

Cnt    STA MACAP NAMEWlan Id   Radio Id  Vlan Id   Valid  

------ --------------- -------------------- --------- --------- --------- ---------

1.6a99.6c5aBF2_AP_031122091      

2701a.04a9.a1b2BF2_AP_062123091      

3   0026.c690.0a06  BF7_AP_011122091      

4001f.3b3b.b435BF7_AP_011122091   

Kick the user offline:

WS(config)#ac-controller

WS(config-ac)#client-kick  H.H.H----->H.H.H is the user's MAC address.

Because the client will be automatically reconnected, when the show ac-con client by-ap-name command is run after the user is forced offline, the offline STA is still displayed.

1.7.3     Where is the ap-config file saved on the AC?

It’s saved in the ap-config.text file in AC flash.

1.7.4     Does the wireless network support VLAN-Group?

A VLAN-Group contains multiple VLANs. By associating with a VLAN-Group, a WLAN can map to multiple VLANs and VLANs can be flexibly allocated to STAs connected to the WLAN. The VLANs are allocated mainly in the following two modes:

After the STA passes the 802.1x authentication, the authentication server assigns a VLAN for the STA. The STA must be deployed in the 802.1x authentication mode and the authentication mode must be supported by the authentication server.

The server assigns the VLAN for the STA according to the idle status of the address pool.

1.7.5     How to view the wireless terminal type and operating system information on the AC?

Enable ip dhcp snooping and run the following command on AC:

ruijie#sh terminal-identify user

User entry list: 3

  mac-address     aging-time  terminal-type

-----------------------------------------

  68df.ddc7.de5a     --:--    XIAOMI Phone Android 4.2

  3859.f98b.658b     --:--    PC Windows 7

  a844.8130.c304     --:--    Nokia Phone Windows 8

 

Note: Due to terminal restrictions, the terminal may not be identified completely correct. When the terminal is connected to the wireless network, a DHCP packet is sent. The device reads the option 60 field in the packet. The field carries the terminal type information. However, not the DHCP packet of all the terminals carries the field, and thus the read success rate is not 100%.

1.7.6   Which of “ap-conf all” and “ap-config name” takes effect first?

The AP configuration under ap-config name takes effect first. If the AP under ap-config name is not configured, the ap-config all configuration takes effect.

1.7.7     How to fix when the device cannot ping the domain name?

 

Supplement the configuration AC(config)#ip name-server 8.8.8.8, which is used to set the DNS domain name for the device. You can modify the configuration based on the actual environment. Ensure that the AC normally communicates with the extranet.

1.7.8     How to delete an offline AP?

Perform the following operation:

Ruijie(config)#no ap-config ap-name1

Ruijie(config)#no ap-config all   ----Delete the ap-config of all the offline APs.

Only configurations of offline APs can be deleted.

1.7.9     How to configure the location of a fit AP?

Refer to the following configuration:

Ruijie(config)#ap-config  001a.a9bf.ffdc

Ruijie(config-ap)#location meeting room

1.7.10  How to modify the address used by the AC to create the CAPWAP tunnel?

Ruijie(config)#ac-controller

Ruijie(config-ac)#capwap ctrl-ip 2.2.2.2

1.7.11  How to modify the SSID of the wireless network?

Go to the WLAN configuration mode:

 

Ruijie(config)#wlan-config 1 “1” is the wlan sequence

Ruijie(config-wlan)#ssid yy    (yy is the new SSID)

1.7.12  How to configure the static AP IP address in fit AP mode?

Refer to the command: (when this parameter is modified, a tunnel is re-created.)

(1) Log on to the AP through the Console or Telnet port, and enter the global mode (the password is apdebug) to configure the static AP IP address, default route, and AC IP address:

 

Ruijie(config)#acip ipv4 1.1.1.1 // Configure the IP address for the AC.

Ruijie(config)#apip ipv4 172.16.1.34 255.255.255.0 172.16.1.109

 

(2) After the tunnel between the AP and the AC is created, log on to the AC to configure a static IP address for the AP:

Ruijie(config)#ap-config 220e    

Ruijie(config-ap)#acip ipv4 1.1.1.1 ---->Configure the IP address of the AC.

Ruijie(config-ap)#ip address 172.16.1.34 255.255.255.0 172.16.1.109 ---->Configure the IP address, mask, and gateway for the AP. After configuration, the capwap tunnel will be re-created.

 

The configurations retain even the AP is restarted.

1.7.13  How to disable a radio of the AP?

In fat mode, directly go to this radio and shut it down.

Ruijie(config)#interface dot11radio 1/0

Ruijie(config-if-dot11radio 1/0)#shutdown

In fit mode:

Ruijie(config)#ap-config ap-name  ---->Go to the AP configuration mode

Ruijie(config-ap)#no enable-radio 1   ---->Disable the radio 1.

1.7.14  How to disable automatic adjustment for the RRM channel?

Ruijie(config)#advanced 802.11a channel global off

Ruijie(config)#advanced 802.11b channel global off

1.7.15  How to cancel AAA authentication for AC logon when AAA authentication is enabled on the AC?

You can cancel AAA authentication for AC logon by modifying the configurations.

Ruijie(config)#aaa new-model

Ruijie(config)#aaa authentication login no-login none ---->Create an AAA logon authentication list named "no-login" and set the configuration to none (no authentication).

Ruijie(config)#line con 0

Ruijie(config-line)#login authentication no-login ---->Apply the no-login to the console line, which indicates that the AAA authentication is not used.

Ruijie(config-line)#line vty 0 35

Ruijie(config-line)#login authentication no-login   ---->No password is needed for logon through the Telnet port.

1.7.16  How to configure switchover of the AC/AP O/E multiplexing interface

1.     On AP:

    Ruijie(config)#interface  gigabitEthernet0/1

   Ruijie(config-if-GigabitEthernet 0/1)# media-type baset ---->Enable the electrical interface.

Ruijie(config-if-GigabitEthernet 0/1)#media-type basex  ---->Enable the optical interface.

1.       On AC:

Ruijie(config)#interface gigabitEthernet 0/1

Ruijie(config-if-GigabitEthernet 0/1)#medium-type copper  

Ruijie(config-if-GigabitEthernet 0/1)#medium-type fiber

Ruijie(config-if-GigabitEthernet 0/1)#end

Ruijie#write

1.7.17  How to synchronize the AC time to the AP

Ruijie(config)# ap-config AP0001 //Enter the specified AP configuration mode.

Ruijie(config-ap)# timestamp /Configure AP0001 to synchronize the time of the local AC to the AP.

1.7.18  How to configure daily timed restart for the AP?

To prevent that the network connection is affected by too large load caused by long-time running of the AP, the daily timed restart can be set for the AP to ensure the network connection quality.

 

Configure Ruijie-AP1 to restart the AP at 1:00:00 each day on AC:

Ruijie(config)#ap-config Ruijie-AP1

Ruijie(config-ap)#reload at 1:00:00

1.7.19  How to close the LED indicator of the AP?

(1)   Define a schedule session.

AC(config)#schedule session 1

AC(config)#schedule session 1 time-range 1 period Sun to Sat time 00:00 to 23:59

(2)   Apply the schedule session on the AP

AC(config)#ap-config ap-name

AC(config-ap)#quiet-mode session 1

 

1.7.20  How to check the number of APs that can be supported by a device?

ruijie#sh ac-config

AC Configuration info:

max_wtp:32

sta_limit:1024

license wtp max:32

license sta max:1024

serial auth      :Disable

password auth    :Disable

certificate auth :Disable

Bind AP MAC      :Disable

AP Priority      :Disable

supp_psk_cer     :Disable

ac_name:end

ac location      :Ruijie_COM

1.7.21  How to view the MAC address of the AC?

WS6108#sh ac-config

AC State info:

sta_num          :0

act_wtp          :6

localIpAddr      :1.1.1.1

localIpAddr6     :::

used wtp         :6.0(6 normal 0 half 0 zero)

remain wtp       :42 normal 84 half 634 zero

HW Ver           :1.01

SW Ver           :AC_RGOS 11.1(5)B7, Release(02231014)

Mac address      :5869.6c20.726a

Product ID       :WS6108

NET ID           :9876543210012345

NAS ID           :5869.6c20.726a

 

For VAC:

WS6108#show member

System description      : WS6108

System Mac Address      : 58:69:6C:20:72:6A

 

 

1.7.22  How to fix when the AP management address is forgotten?

1. Networking Requirements

The administrator forgets the management address of WALL-AP but does not want to modify the device configurations or the factory settings of the device cannot be restored. This method is also applicable for devices with a Console port but cannot be logged onto through the Console port.

1. Configuration Tips

1. Execute the packet capture software on a PC to capture packets from the interface of the wired network.

1. Connect the WALL-AP cable to the PC and power on the AP.

1. Configuration Steps

1. Execute the packet capture software (using Wireshark for an example) to capture packets from the wired interface.

(1) Select the interface.

(2) Select the wired interface of the AP and click Start to capture the packets.

(3) Connect the wired interface of the PC to the AP Ethernet port that is not powered on.

(4) Power on the AP to view packets output by the packet capture software on the PC. Pay attention to the ARP packets.

Because the PC is directly connected to the AP, all the ARP packets except those sent by the PC are ARP packets sent by the AP.

(5) After getting the AP IP address from the ARP packets, try to log on to the AP through the Telnet port.

(6) The AP may not send the ARP resolution packets. In this case, you can use the LLDP packets to obtain the AP management address. The Management Address in the LLDP packets is the management address of the AP.

(7) If you still cannot log on to the AP, restore the factory settings of WALL-AP, which results in loss of all configurations. You can try to log on to APs with the Console port from a serial port.

It is found that during actual packet capture, the AP often does not send the ARP resolution packets. In this case, you can use the LLDP packets to obtain the AP management address.

1. The following is a packet capture screenshot:

1. Click to open the LLDP packet. The part in the red frame below is the management address of the AP:

1.7.23   How to fix when the system can output information but cannot be operated during CRT-based logon through the Console port?

1. Symptom

According to the AP320-I users, in case of logon through the Console port, there is information prompted, but no response is returned after Enter is pressed. Besides, no command can be entered.

1. Network Environment

The AP is new and just installed. It is logged onto through CRT.

1. Troubleshooting Steps

(1) Check whether the CRT or the HyperTerminal is used. If CRT is used, uncheck CTS/RTS.

(2) If an additional cable is used, confirm whether the driver is installed correctly.

(3) Change the baud rate. The baud rate for the version 1T8 is 115200 bps.

(4) Change the console cable and the PC.

1. Solution

Uncheck CTS/RTS.

1. Summary and Precautions

Summary: Other faults caused by the CRT traffic control function.

(1) You cannot use CRT to log on to the console.

(2) After CRT-based logon, the operation window is blank, the system outputs no information but the cursor flashes. The system has no response after you press Enter.

(3) After CRT-based logon, the operation window is blank, the system outputs no information but the cursor flashes. After you press Enter, the cursor moves but the system still outputs no information.

(4) After CRT-based logon, the system outputs information, but has no response after your press Enter and does not allow you to perform any operation.

(5) After HyperTerminal-based logon, the Data Traffic Control in COM attribute settings must be set to None.

1.7.24  How many APs can different AC Model manage?

A WALL-AP occupies only 0.5 license. "<=4000" means up to4,000 WALL-APs are supported.

Run the show ac-c command in AC to display license occupation information. The meaning of four, normal, half, and zero is described below.

four: The AP occupies four licenses. Currently, only APs of the model AM5528 and AM5528(ES) occupy four licenses each. APs of the model AM5514 only occupy two licenses each.

normal: An ordinary AP occupies only one license, including AP220-E, AP320-I, and AP520.

half: A WALL-AP occupies only 0.5 license.

zero: The AP occupies no license. The AP is AP(MAP552(SR)) and APD-M.

1.7.25  How to view the number of licenses occupied by different AP model on AC?

AC#show ap-config product

Product ID           Hardware Version    Count    Used Wtp

--------------------    ----------------          --------       --------

AM5528                      1.00                    245      980.0

AP520                         1.00                   906      906.0

AP630(IDA)                1.50                    33        33.0

AP630(IODA)              1.00                   83        83.0

1.7.26  How to migrate a wireless AC license to another device (unbinding license)

(1)   Upgrade the device version to RGOS 11.1(5)B9 or a later version.

For authentication code:

Run the AC(config)#no set license activation-key command to unbind the authorized code. (The activation-key is a 32-bit activation code.)

For authentication file:

Run the AC#license unbind authorized file name command to unbind the authorized file to get the verification code.

 

You can run the show license unbind-code or show apmg debug unbind command to display the verification code.

Note: after activation code of the unbound license is deleted, the license cannot be installed on the device again.

(2) Submit the device serial number, the license activation code, and verification code on Ruijie authentication system(http://pa.ruijie.com.cn:8001/main_wireless.jsf) to unbind the license on the authorization system. Contact Ruijie TAC to approve the unbinding.

(3) To bind the license again, submit the serial number of the new device and authorization code to register the license. A new activation code is obtained.

(4) Install the new activation code to the new AC.

 

For More details, please refer to WLAN License Activation Guide:

1.7.27   Can multiple temporary licenses be imported to the same device?

You can apply for a temporary license for an AC three times. The application is automatically reviewed and approved. Only one temporary license of the same specifications can be imported into an AC. The second license overwrites the first. Multiple temporary licenses of different specifications can coexist in one AC. For example, when two temporary licenses can manage 32 APs are applied for the same AC, only one license can be imported to the AC. When a license can manage 32 APs and a license can management 128 APs are applied for the same AC, both licenses can be imported to the AC.

1.7.28   How to bind a license on VAC

(1) When VAC deployment is not finished yet, the procedure is same to that of normal AC

 

(2) When VAC deployment is finished, the procedure is basically the same. Bind the corresponding license authorization code to the device according to its serial number.

 

For authentication code, use set license command to bind the authentication code on main AC.

For authentication files, all the authorization files must be imported to the main AC and operated by running the following commands.

   AC#license auto-install flash: LIC-WLAN-AP-51200000001765223.lic

The authorization files can be automatically uploaded.

If the authorization file is operated on the standby AC, the message "% Can’t execute this command in redundancy slave" is prompted.

(3) AC#license install means that the authorization file is only installed in this host.

1.7.29   Will APs go offline immediately if the license is unblind from AC?

No. The AP will not go offline unless it goes offline actively or the AC is restarted. As long as the current AP does not actively go offline and the AC is not restarted, the AP will always be online.

1.7.30   Will online Aps be kicked offline when the licenses are insufficient after temporary authorization expires?

No. APs will not be kicked offline due to deletion of temporary or formal authorization. The system judges whether the licenses are sufficient only when the AP is getting online. APs that go offline after authorization expire cannot go online again.

 

 

      Basic Features

2.1      Fit AP Configuration

2.1.1     CAPWAP

Summarize

With the development of wireless LAN, WLAN technology has been widely used in various fields such as family, enterprise and public places etc. The transmission of wireless frame between access point and wireless terminations in the form of electromagnetic wave instead of wired medium, which makes the wireless terminals movable freely. WLAN technology is the integration of Ethernet and wireless technology and makes wireless terminals easy to access to the wireless local area network. Access point is the middle-transfer-device between wireless terminals and Access Controller in WLAN. When there are plenty of access points in WLAN, how to manage these Aps is key problem in operation.

 

FAT AP Architecture

In the traditional network architecture, the WTPs completely implement and terminate the 802.11 function so that frames on the wired LAN are 802.3 frames. Each WTP can be independently managed as a separate network entity on the network. The access point in such a network is often called a “Fat AP”.

 

FIT AP Architecture

The thin AP architecture is a hierarchical architecture that involves a WLAN controller that is responsible for configuration, control, and management of several WTPs. The WLAN controller is also known as the Access Controller (AC). The 802.11 function is split between the WTP and the AC. Because the WTPs in this model have a reduced function as compared to the fat AP architecture, they are called “Fit APs.”

Fit AP Architecture Advantages

Centralized management

Automatic software upgrade

High security and low interference

Since the distinct advantages of fit AP architecture, it’s generally adopted especially in large networks with many APs. The CAPWAP framework is used to define the interface and protocol between an AC and its controlled APs.

Currently, each manufacturer adopts their own private tunnel protocols to exchange messages between AC and AP and this leads to the problem that the AC and AP from different manufacturers cannot communicate with each other.

To solve this problem, IETFCAPWAP working group is set up in 2005 to standardize the tunnel protocols between AC and AP (RFC5415).

 

2 Terms Explanation

CAPWAP       Control and Provisioning of Wireless Access Points

Local MAC    Local Medium Access Control

Split MAC      Split Medium Access Control

DTLS             Datagram Transport Layer Security

WTP              Wireless Terminal Point

AC                 Access Control

AP                 Access Point

 

3 CAPWAP Overview

CAPWAP (Control and Provisioning of Wireless Access Points) is a generic protocol that enables a controller to manage a collection of Wireless Terminal Point (WTP). The CAPWAP protocol is described in RFC 5415 which does not include specific wireless technologies; instead, it relies on a binding specification to extend the technology to a particular wireless technology. The binding specifications for the IEEE 802.11 wireless protocol are defined in RFC5416.

CAPWAP is an application layer protocol over UDP. It uses the Datagram Transport Layer Security (DTLS) encryption mechanism which is standard IETF protocol based on TLS.

CAPWAP Main Functions

To centralize the authentication and policy enforcement functions for a wireless network. The AC may also provide centralized bridging, forwarding and encryption of user traffic.

To enable shifting of the higher-level protocol processing from the WTP. This leaves the time-critical applications of wireless control and access in the WTPs, which are subject to severe cost pressure.

To provide an extensible protocol that is not bound to a specific wireless technology.

 

 The CAPWAP tunnel is divided into:

Control tunnel:  to transport the CAPWAP control messages

Data tunnel: to transport the CAPWAP data messages

 

See the figure below for CAPWAP tunnel:

2.1 Local MAC and Split MAC

In the split MAC mode, all the layer 2 wireless data and management frames will be encapsulated by CAPWAP protocol and exchanged between AC and WTP.

As shown in figure 1, the wireless frames received from the station will be directly encapsulated and forwarded to AC.

 

In the local MAC mode, the data frames can be forwarded through local bridge or 802.3 frames as shown in figure 2. In this mode, layer 2 management frames is encapsulated to802.3 frames on WTP and then forwarded to AC.

 

The functionassignment of Local MAC and Split MAC in CAPWAP protocol is listed in the table below:

2.2 CAPWAP Working Process

Once one WTP is connected to the network, it will enter the state of AC discovery. WTP sends “discovery request” by means of broadcast, multicast or unicast. When unicast is used, WTP needs to obtain the IP address table of AC through DHCP or DNS. The ACs that receive “discovery request” will send “discovery response” to WTP.WTP will then select one among all responding ACs to establish DTLS connection. After DTLS is established successfully, WTP will send “john request” and AC will reply “john response” to confirm. If the firmware’s version on the WTP is overdue, the firmware update process is started and the WTP will download the latest firmware from AC. After firmware updating successfully, the WTP will restart and enter the discovery process again. If the firmware is the latest, the WTP will download the configuration parameters from AC and then enter the “run” process.

The whole process is illustrated in the figure below:

 

 

2.3 CAPWAP Session Establishment Process

The ladder diagram below illustrates the CAPWAP session establishment and message exchanges process between a WTP and AC.

2. WTP sends “discovery request” by means of broadcast, multicast or unicast to discover the available ACs in the network.

2.  After receiving the “discovery request” from WTP, AC responds a “Discovery Response” message to WTP to tell the supported service.

2.  When the DTLS connection is established, WTP sends the “Join Request” to the AC to request service.

2.  AC responds “Join Response” message to inform the WTP that AC can provide service to it.

2.  WTP sends “Image data request” message to AC.

2. AC responds “Image data response” message to WTP and WTP can download firmware from AC.

2.  WTP sends the current configuration information in “Configuration Status Request” message to AC.

2. AC provides the configuration parameters by responding “Configuration Status Response” message to WTP and WTP request configuration is covered.

2. WTP informs AC that WTP radio state is changed by sending “Change State Event Request” message to AC.

2. AC responds “Change State Event Response” message to WTP.

2. WTP sends “Echo Request” to keep the connection alive when other messages are not exchanged.

2. AC responds “Echo Response” to WTP.

 

2.4 FIT AP Network Topology

In this topology, SKG1000 (AC) is responsible to manage a number of ACs and the communication between AC and AP is realized through CAPWAP tunnels.

As a powerful and high performance AC developed by SKSpurce, SKG1000 can support up to 20000APs and 220K users.

 

2.1.2     Basic Configuration

Scenario

With fit APs, a network consists of a wired switch, access controllers (ACs) and fit APs. APs are simple wireless access points without management and control functions. The AC manages all APs and sends control policies, which are not configured on each AP, to specified APs, as shown in the following figure. The AC is connected with multiple APs via the wired network, and users only need to configure and manage associated APs with the AC.

 

I. Requirements

a.     AC distribute the configuration to all APs, and manage all Aps

b.     All APs emit radio signals and connect STA             

 

II. Network Topology

III. Configuration Tips

1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"

2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step

Ruijie>enable                 ------>enter the previlege mode

Ruijie#configure terminal     ------>enter the config mode

Ruijie(config)#ap-mode fit   ------>modify to fit-mode

Ruijie(config)#end   ------>exit the config mode

Ruijie#write                   ------>save the config   

 

IV. Configuration Steps

1) Configure AC

Step1: config Vlan, include user vlan and interconnect vlan,

Ruijie>enable              

Ruijie#configure terminal   

Ruijie(config)#vlan 20    ------>user vlan

Ruijie(config-vlan)#name sta

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 30    ------>user vlan

Ruijie(config-vlan)#name sta

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 40    ------>interconnect vlan for ac and sw1

Ruijie(config-vlan)#exit

Ruijie(config)#interface vlan 20   ------>user interface vlan(must config)

Ruijie(config-int-vlan)#ip add 192.168.20.2 255.255.255.0  ----->(optional config), in this case, user gateway is configured on sw1, so ip address for this

interface can be configured or not.

Ruijie(config)#interface vlan 30   ------>user interface vlan(must config)

Ruijie(config-int-vlan)#ip add 192.168.30.2 255.255.255.0  ----->(optional config), in this case, user gateway is configured on sw1, so ip address for this

interface can be configured or not.

Ruijie(config-int-vlan)#exit   

 

Step2Config ssid (multi ssid)

Ruijie(config)#wlan-config 1  Ruijie1    

Ruijie(config-wlan)#enable-broad-ssid        ------->enable broadcast ssid

Ruijie(config-wlan)#exit

Ruijie(config)#wlan-config 2  Ruijie2    

Ruijie(config-wlan)#enable-broad-ssid        ------->enable broadcast ssid

Ruijie(config-wlan)#exit

 

Step3Config ag-group

Ruijie(config)#ap-group default           

Ruijie(config-ap-group)#interface-mapping 1 20      ------->associate wlan-config 1 with user vlan 30

Ruijie(config-ap-group)#interface-mapping 2 30       ------->associate wlan-config 2 with user vlan 30     

Ruijie(config-ap-group)#exit

NoteIf config ag-goup default, then all AP will asscociate to " ap-group default" group

 

Step4Config svi and routing

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.40.1   ------->default routing to sw1

Ruijie(config)#interface vlan 40    ------->interconnect vlan with sw1

Ruijie(config-int-vlan)#ip address 192.168.40.2 255.255.255.0      

Ruijie(config-int-vlan)#exit

Ruijie(config)#interface loopback 0

Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.0  ------->AC initialize CAPWAP tunnel setup from loopback 0 interface

Ruijie(config-int-loopback)#exit

Ruijie(config)#interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk       ------->connect to sw1, trunk port, allow user vlanAP vlanAC-to-SW1 vlan

 

Step5Save config

Ruijie(config-int-GigabitEthernet 0/1)#end       

Ruijie#write            

 

2) Configure core switch(SW1)

Step1Vlan config, config user vlan, ap vlan and interconnect vlan

Ruijie>enable              

Ruijie#configure terminal    

Ruijie(config)#vlan 10    ------>ap vlan

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 20    ------>user vlan

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 30    ------>user vlan

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 40    ------>interconnect vlan with AC

Ruijie(config-vlan)#exit

 

Step2Config interface and svi

Ruijie(config)# interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk       ------->uplink port, connect to AC, trunk port,allow user vlanAP vlanAC-to-SW1 vlan

Ruijie(config-int-GigabitEthernet 0/1)#exit

Ruijie(config)#interface GigabitEthernet 0/2

Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk       ------->downlink port, connect to SW2,trunk port,allow user vlanAP vlan

Ruijie(config-int-GigabitEthernet 0/2)#exit

Ruijie(config)#interface vlan 10   ------>ap gateway

Ruijie(config-int-vlan)#ip address  192.168.10.1 255.255.255.0

Ruijie(config-int-vlan)#interface vlan 20      ------->sta gateway

Ruijie(config-int-vlan)#ip address 192.168.20.1 255.255.255.0

Ruijie(config-int-vlan)#interface vlan 30       ------->sta gateway

Ruijie(config-int-vlan)#ip address 192.168.30.1 255.255.255.0

Ruijie(config-int-vlan)#interface vlan 40       ------->interconnect with ac

Ruijie(config-int-vlan)#ip address 192.168.40.1 255.255.255.0

Ruijie(config-int-vlan)#exit

 

Step3Conifg ip dhcp server

Ruijie(config)#service dhcp  

Ruijie(config)#ip dhcp pool ap_ruijie   ------->create dhcp pool for ap,pool name is ap_ruijie

Ruijie(config-dhcp)#option 138 ip 1.1.1.1   ------->config option 138, assign ac loopaback 0 ip address

Ruijie(config-dhcp)#network 192.168.10.0 255.255.255.0   ------->assign these address to ap

Ruijie(config-dhcp)#default-route 192.168.10.1   ------->assign the gateway to ap

Ruijie(config-dhcp)#exit

Ruijie(config)#ip dhcp pool user_ruijie1   ------->create dhcp pool for sta,pool name is user_ruijie

Ruijie(config-dhcp)#network 192.168.20.0 255.255.255.0   ------->assign these address to sta

Ruijie(config-dhcp)#default-route 192.168.20.1  ------->assign the gateway to sta

Ruijie(config-dhcp)#dns-server 8.8.8.8  ------->assign the dns to sta

Ruijie(config-dhcp)#exit

Ruijie(config)#ip dhcp pool user_ruijie2   ------->create dhcp pool for sta,pool name is user_ruijie

Ruijie(config-dhcp)#network 192.168.30.0 255.255.255.0   ------->assign these address to sta

Ruijie(config-dhcp)#default-route 192.168.30.1  ------->assign the gateway to sta

Ruijie(config-dhcp)#dns-server 8.8.8.8  ------->assign the dns to sta

Ruijie(config-dhcp)#exit

 

//Note: when there is no dhcp pool for AP, You could also excute command to assign acip and apip for ap. configuration example is as follow:

Ruijie(config)#acip ipv4 x.x.x.x

Ruijie(config)#apip ipv4 x.x.x.x

 

Step4Config static routing

Ruijie(config)#ip route 1.1.1.1 255.255.255.255 192.168.40.2   ------->config static route, route to AC loopback0

 

Step5Save configuration

Ruijie(config)#exit       

Ruijie#write 

 

3) Configure access switch (SW2)

Step1Config vlan, create ap vlan

Ruijie>enable                

Ruijie#configure terminal    

Ruijie(config)#vlan 10   

Ruijie(config-vlan)#exit

 

Step2Config interface

Ruijie(config)#interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport access vlan 10 ------->connect to AC,  access port, allow ap vlan

Ruijie(config-int-GigabitEthernet 0/1)#exit

Ruijie(config)#interface GigabitEthernet 0/2

Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk       ------->connect to SW1, trunk port

 

Step3Save configuration

Ruijie(config-int-GigabitEthernet 0/2)#end       

Ruijie#write            

 

V. Verification

1) STA connect to the ssid

2) Check ap config on AC

Ruijie#show ap-config summary

========= show ap status =========

Radio: E = enabled, D = disabled, N = Not exist

       Current Sta number     

       Channel: * = Global

       Power Level = Percent

Online AP number: 1

Offline AP number: 0

AP Name                                  IP Address      Mac Address    Radio 1             Radio 2             Up/Off time   State

---------------------------------------- --------------- -------------- ------------------- ------------------- ------------- -----

   1414.4b13.c248                           192.168.10.2    1414.4b13.c248 E   1       6*  100 E   0     153*  100    0:09:04:28 Run

 

3) Check sta information on AC

Ruijie#show ac-config client by-ap-name

========= show sta status =========

AP   : ap name/radio id

Status: Speed/Power Save/Work Mode, E = enable power save, D = disable power save

 

Total Sta Num: 1

STA MAC        IPV4 Address    AP                                       Wlan Vlan Status         Asso Auth Net Auth  Up time     

-------------- --------------- ---------------------------------------- ---- ---- -------------- --------- --------- -------------

2.27b0.169f  192.168.20.2    1414.4b13.c248/1               1    20   58.0M/D/bn      WPA2_PSK        0:00:11:21

8ca9.829a.b1ea   192.168.30.2    1414.4b13.c248/1              2     30  58.0M/D/bn      WPA2_PSK        0:03:22:31

 

 

 

What if it don’t work?

Use the following steps while aps cannot go online:

1)     Confirm whether the versions of AC and AP are consistent, if not, recommend to upgrade first, the latest firmware could be download from our official website: http://www.ruijienetworks.com/service/download.aspx

 

2)     Confirm whether the AP obtain ip address and ACIP successfully or not with command below:

AP# Show ip int br

AP#show capwap client sta

 

3)     Confirm the connectivity between AP and ACIP, if disconnected, check the ip routes on AP:

AP# show ip route

 

If there is not ip route pointing to ACIP, add an ip route,examples are as follows

AP(config)# ip route 1.1.1.1 255.255.255.0 192.168.1.2

 

4)     Confirm whether the license is not enough.

Examples are as follows:

WS5302#sh ac-config

AC Configuration info:

max_wtp         :32 // configure wtp limit on ac-con mode to limit the AP number.

sta_limit       :1024

license wtp max :32 //ap numbers can be supported on ac.

license sta max :1024

serial auth     :Disable

password auth   :Disable

certificate auth:Disable

supp_psk_cer    :Disable

r_mac           :Enable

da_dtls         :Disable

ac_name         :Ac_001aa917151c

udp_lite        :UDP

ECN_Sup         :Disable

mtu             :1500

ap_sw_ver       :

ac location     :Ac_COM

ac_ipv4_num     :0

ac_namewp_num   :0

 

AC State info:

sta_num         :0

act_wtp         :1

 

WS5302#show license //check the license

Serial Number   : 9071FH4280024

 

 No. Activation Key                          AP Number

-------------------------------------------------------

-------------------------------------------------------

Total 32 access points are supported.

WS5302#show ap-config summary 

========= show ap status =========

Radio: E = enabled, D = disabled, N = Not exist

       Current Sta number

       Channel: * = Global

       Power Level = Percent

 

Online AP number: 1 //online AP number

Offline AP number: 0

 

AP Name                                  IP Address      Mac Address    Radio 1             Radio 2             Up/Off time   State

---------------------------------------- --------------- -------------- ------------------- ------------------- ------------- -----

001a.a94e.d529                           192.168.100.3   001a.a94e.d529 E   0      11*  100 E   0     157*  100    0:03:09:17 Run

 

5)     If the AP still could not go online successfully after checking the infomation above, collect the info with the following command list and submit a case to our case portal http://case.ruijienetworks.com/login_page.php for further checking:

1)  collect info on AC:

show version

show running

show ac-config

show license

show ap-config summary

show capwap sta

show cpu

show memory

show ip route

show ip interface brief

 

2)Collect info on AP:

show version

show ap-mode

show capwap sta

show ip route

show log

show ap-statistic aclist (confirm whether ap obtains option 138 address)

show capwap client state (11.x)

 

 

2.1.3     AC Directly Connect to AP

I. Requirements

    1) AC connect to AP directly

    2) This scene is usually used in the lab in usual.

 

II. Network Topology

        

III. Configuration Tips

1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"

2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step

Ruijie>enable                 ------>enter the previlege mode

Ruijie#configure terminal     ------>enter the config mode

Ruijie(config)#ap-mode fit   ------>modify to fit-mode

Ruijie(config)#end   ------>exit the config mode

Ruijie#write                   ------>save the config  

 

IV. Configuration Steps

Step1: config vlan, create user vlan and ap vlan

Ruijie>enable                

Ruijie#configure terminal    

Ruijie(config)#vlan 1  

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 2   

Ruijie(config-vlan)#exit

 

Step2: config AP, STA gateway and loopback 0

Ruijie(config)#interface vlan 1   ------>ap gateway

Ruijie(config-int-vlan)#ip address  172.16.1.1 255.255.255.0

Ruijie(config-int-vlan)#exit

Ruijie(config)#interface vlan 2   ------>sta gateway

Ruijie(config-int-vlan)#ip address  172.16.2.1 255.255.255.0    

Ruijie(config-int-vlan)#exit

Ruijie(config)#interface loopback 0

Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.0 

Ruijie(config-int-loopback)#exit

 

Step3: config SSID

config Wlan-config

Ruijie(config)#wlan-config 1  Ruijie-test     ------->config ssid named Ruijie-test    

Ruijie(config-wlan)#enable-broad-ssid        ------->enable brocast ssid

Ruijie(config-wlan)#exit

config ap-group

Ruijie(config)#ap-group default                 

Ruijie(config-ap-group)#interface-mapping 1 2      ------->associate with wlan-config 1 and vlan2

Ruijie(config-ap-group)#exit

 

Step4: config AC interface  

Ruijie(config-int-loopback)#interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport access vlan 1       ------->connect to ap, allow ap vlan

 

Step5: config ip dhcp server for AP

Ruijie(config)#service dhcp 

Ruijie(config)#ip dhcp pool ap_ruijie   ------->config dhcp pool,  named ap_ruijie

Ruijie(config-dhcp)#option 138 ip 1.1.1.1  

Ruijie(config-dhcp)#network 172.16.1.0 255.255.255.0   ------->assign the address to ap

Ruijie(config-dhcp)#default-route 172.16.1.1   ------->assign the gateway to ap

Ruijie(config-dhcp)#exit

 

Note: When there is no dhcp for AP, you could also excute command to assign acip and apip for ap. configuration example is as follow:

Ruijie(config)#acip ipv4 x.x.x.x

Ruijie(config)#apip ipv4 x.x.x.x

 

Step6: config ip dhcp server for STA

Ruijie(config)#ip dhcp pool user_ruijie   ------->config dhcp pool,  named user_ruijie

Ruijie(config-dhcp)#network 172.16.2.0 255.255.255.0   ------->assign the address to STA

Ruijie(config-dhcp)#default-route 172.16.2.1   ------->assign the gateway to STA

Ruijie(config-dhcp)#dns-server 8.8.8.8 ------->assign the dns to STA

Ruijie(config-dhcp)#exit

 

Step7: save configuration

Ruijie(config)#exit       

Ruijie#write             

 

V. Verification

1) STA connect to the ssid.

2) Check ap config on AC

Ruijie#show ap-config summary

========= show ap status =========

Radio: E = enabled, D = disabled, N = Not exist

       Current Sta number

       Channel: * = Global

       Power Level = Percent

Online AP number: 1

Offline AP number: 0

 

AP Name                                  IP Address      Mac Address    Radio 1             Radio 2             Up/Off time   State

---------------------------------------- --------------- -------------- ------------------- ------------------- ------------- -----

   1414.4b13.c248                           172.16.1.2    1414.4b13.c248 E   1       6*  100 E   0     153*  100    0:06:03:00 Run

 

  3) Check sta information on AC

Ruijie#show ac-config client by-ap-name

========= show sta status =========

AP   : ap name/radio id

Status: Speed/Power Save/Work Mode, E = enable power save, D = disable power save

 

Total Sta Num: 1

STA MAC        IPV4 Address    AP                                       Wlan Vlan Status         Asso Auth Net Auth  Up time     

-------------- --------------- ---------------------------------------- ---- ---- -------------- --------- --------- -------------

2.27b0.169f  172.16.2.2    1414.4b13.c248/1                 1        2    30   0.0M/D/bn      WPA2_PSK              0:00:01:01

 

Note: Recommand upgrade the AP&AC to the latest and more stable version, to avoid the compatibility issues

 

2.1.4     Wall AP Front Port VLAN Assignment

I. Requirements

Assign the front ports of AP110-W & AP120-W to different vlan

     

II. Network Topology

        

III. Configuration Tips

1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"

2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step

Ruijie>enable                 ------>enter the previlege mode

Ruijie#configure terminal     ------>enter the config mode

Ruijie(config)#ap-mode fit   ------>modify to fit-mode

Ruijie(config)#end   ------>exit the config mode

Ruijie#write                   ------>save the config   

Note: If the version of AP is earlier than B8, you should execute command “no bridge-l2-isolation” on global mode in case the PC can not access to the network

Ruijie(config)#no bridge-l2-isolation          

 

 

IV. Configuration Steps

1) AC configuration

Step1: configuring Vlan, include user vlan and interconnect vlan,

Ruijie>enable              

Ruijie#configure terminal   

Ruijie(config)#vlan 20    ------>user vlan

Ruijie(config-vlan)#name sta

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 30    ------>interconnect vlan for ac and sw1

Ruijie(config-vlan)#exit

Ruijie(config)#interface vlan 20   ------>user interface vlan(must config)

Ruijie(config-int-vlan)#ip add 192.168.20.2 255.255.255.0  ----->(optional config), in this case, user gateway is configured on sw1, so ip address for this interface can be configured or not.

Ruijie(config-int-vlan)#exit    

 

Step2Configuring ssid

Ruijie(config)#wlan-config 1  Ruijie    

Ruijie(config-wlan)#enable-broad-ssid        ------->enable broadcast ssid

Ruijie(config-wlan)#exit

 

Step3Configuring ag-group

Ruijie(config)#ap-group b8fd.3200.3aa3              ------->enter ap-group with ap's mac-address

Ruijie(config-ap-group)#interface-mapping 1 20      ------->associate wlan-config id with vlan

Ruijie(config)#ap-config ap120-w

Ruijie(config-ap)#ap-group b8fd.3200.3aa3

Ruijie(config-ap)#wired-vlan 100 port 1 ------>assign fa0/2 to vlan 100

Ruijie(config-ap)#exit

NoteIf config ag-goup default, then all AP will asscociate to "ap-group default" group

 

Step4: Configuring svi and routing

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.30.1   ------->default routing to sw1

Ruijie(config)#interface vlan 30    ------->interconnect vlan with sw1

Ruijie(config-int-vlan)#ip address 192.168.30.2 255.255.255.0      

Ruijie(config-int-vlan)#exit

Ruijie(config)#interface loopback 0

Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.0  ------->AC initialize CAPWAP tunnel setup from loopback 0 interface

Ruijie(config-int-loopback)#exit

Ruijie(config)#interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk       ------->connect to sw1, trunk port, allow user vlanAP vlanAC-to-SW1 vlan

 

Step5Save configurations

Ruijie(config-int-GigabitEthernet 0/1)#end       

Ruijie#write            

 

2) Config core switch (SW1)

Step1Configuring user vlan,ap vlan and interconnect vlan

Ruijie>enable              

Ruijie#configure terminal    

Ruijie(config)#vlan 10    ------>ap vlan

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 20    ------>user vlan

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 30    ------>interconnect vlan with AC

Ruijie(config-vlan)#exit

 

Step2Configuring interfaces and svi

Ruijie(config)# interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk       ------->uplink port, connect to AC, trunk port,allow user vlanAP vlanAC-to-SW1 vlan

Ruijie(config-int-GigabitEthernet 0/1)#exit

Ruijie(config)#interface GigabitEthernet 0/2

Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk       ------->downlink port, connect to SW2,trunk port,allow user vlanAP vlan

Ruijie(config-int-GigabitEthernet 0/2)#exit

Ruijie(config)#interface vlan 10   ------>ap gateway

Ruijie(config-int-vlan)#ip address  192.168.10.1 255.255.255.0

Ruijie(config-int-vlan)#interface vlan 20      ------->wireless user gateway

Ruijie(config-int-vlan)#ip address 192.168.20.1 255.255.255.0

Ruijie(config-int-vlan)#interface vlan 30       ------->interconnect with ac

Ruijie(config-int-vlan)#ip address 192.168.30.1 255.255.255.0

Ruijie(config-int-vlan)#interface vlan 100       ------->gateway for ap120-w front port fa0/2

Ruijie(config-int-vlan)#ip address 192.168.100.1 255.255.255.0

Ruijie(config-int-vlan)#exit

 

Step3Conifguring ip dhcp server

Ruijie(config)#service dhcp  

Ruijie(config)#ip dhcp pool ap_ruijie   ------->create dhcp pool for ap,pool name is ap_ruijie

Ruijie(config-dhcp)#option 138 ip 1.1.1.1   ------->config option 138, assign ac loopaback 0 ip address

Ruijie(config-dhcp)#network 192.168.10.0 255.255.255.0   ------->assign these address to ap

Ruijie(config-dhcp)#default-route 192.168.10.1   ------->assign the gateway to ap

Ruijie(config-dhcp)#exit

Ruijie(config)#ip dhcp pool user_ruijie   ------->create dhcp pool for sta,pool name is user_ruijie

Ruijie(config-dhcp)#network 192.168.20.0 255.255.255.0   ------->assign these address to sta

Ruijie(config-dhcp)#default-route 192.168.20.1  ------->assign the gateway to sta

Ruijie(config-dhcp)#dns-server 8.8.8.8  ------->assign the dns to sta

Ruijie(config-dhcp)#exit

 

Step4Configuring static routing

Ruijie(config)#ip route 1.1.1.1 255.255.255.255 192.168.30.2   ------->config static route, route to AC loopback0

 

Step5Save configuration

Ruijie(config)#exit       

Ruijie#write             

 

3) Configuring access switch (SW2)

Step1Configuring vlan, create ap vlan

Ruijie>enable                

Ruijie#configure terminal    

Ruijie(config)#vlan 10   

Ruijie(config-vlan)#exit

 

Step2Configuring interface

Ruijie(config)#interface GigabitEthernet 0/1              ------->connect to AP120-W

Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk

Ruijie(config-int-GigabitEthernet 0/1)#switchport trunk native vlan 10     ---->config ap vlan as native vlan

Ruijie(config-int-GigabitEthernet 0/1)#exit

Ruijie(config)#interface GigabitEthernet 0/2

Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk       ------->connect to SW1, trunk port

 

Step3Save configuration

Ruijie(config-int-GigabitEthernet 0/2)#end       

Ruijie#write            

 

V. Verification

1) login ap120-w,look into the interface configuration,  it shows as follow

interface FastEthernet 0/1.100

 encapsulation dot1Q 100

!

interface FastEthernet 0/2

 encapsulation dot1Q 100

2.1.5     CAPWAP tunnel is established via NAT

I. Requirements

1)  AC and AP located in different site

2)  The CAPWAP tunnel is established through NAT             

 

II. Network Topology

III. Configuration Tips

1) Make sure that AC and AP's firmware should be consistent, using command in CLI "Ruijie>show version"

2) Make sure AP is working on fit mode, using command in CLI "Ruijie>show ap-mode " to check. If it shows fat mode, please modify as follow step

Ruijie>enable                 ------>enter the previlege mode

Ruijie#configure terminal     ------>enter the config mode

Ruijie(config)#ap-mode fit   ------>change to fit-mode

Ruijie(config)#end   ------>exit the config mode

Ruijie#write                   ------>save the config  

 

   3) configuration guide summarize

a. On AC site, configure AC to make sure it can connect to Internet;

b. Map AC's loopback0 ip into public ip, so that AP could establish capwap tunnel with AC by using public ip;

c. On AP site, translate the AP IP and User IP into public ip, so that AP could establish capwap tunnel with AC by using public ip, also user could access to internet resource.

 

IV. Configuration Steps

1) AC

Step1: configure vlan

Ruijie>enable                

Ruijie#configure terminal    

Ruijie(config)#vlan 1        ------>the vlan using for AC interconnect with uplink device

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 200    ------>wireless user vlan

Ruijie(config-vlan)#

 

Step2: configure svi.

Ruijie(config)#interface vlan 200   ------>sta svi ( must config)

Ruijie(config-int-vlan)#exit

 

Step3: configure wlan-config, create ssid.

Ruijie(config)#wlan-config 1  NAT    ------->wlan-config, id=1,SSID named NAT

Ruijie(config-wlan)#enable-broad-ssid        ------->enable brocast ssid

Ruijie(config-wlan)#tunnel local ------->enable local forwarding,recommend config under NAT scene

Ruijie(config-wlan)#exit

 

Step4: configure ap-group, associate wlan-config id with vlan.

Ruijie(config)#ap-group default               

Ruijie(config-ap-group)#interface-mapping 1 200     ------->“1”implied wlan-config,“200”implied sta vlan

Ruijie(config-ap-group)#exit

 

Step5: configure ip addree of ac uplink port and loopback 0

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254   ------->default route,192.168.1.254 is address of uplink device

Ruijie(config)#interface vlan 1    ------->config svi,  layer3 communicate with uplink device

Ruijie(config-int-vlan)#ip address 192.168.1.253 255.255.255.0      

Ruijie(config-int-vlan)#interface loopback 0 ------->config loopback0, using for capwap tunnel establish

Ruijie(config-int-loopback)#ip address 1.1.1.1 255.255.255.255  ------->1.1.1.1 should be translate to a public ip addree on egress router

Ruijie(config-int-loopback)#interface GigabitEthernet 0/1      

Ruijie(config-int-GigabitEthernet 0/1)#switchport mode trunk       ------->connect to uplink device

 

Step6: Save changes

Ruijie(config-int-GigabitEthernet 0/1)#end      

Ruijie#write                

 

Other equipment of AC site

Configure the route to make sure AC can communicate with internet.  AC loopback0 address could be forwarded (using NAT) on egress router.

Configuration guide

a.     Correctly config routingvlaninterface and so on, each equipment could communicate wit

h each other;

b. Egress router config NAT, translate udp port 5246 & 5247 of ac loopback 0 address ( capwap address ) into public port, so that AP can establish capwap tunnel with AC successfully

   

2) SW1 (access switch, on AP site)

Ruijie>enable               

Ruijie#configure terminal    

Ruijie(config)#vlan 100   ------>config AP vlan

Ruijie(config-vlan)#vlan 200  ------>config sta vlan

Ruijie(config)#interface gigabitEthernet 0/1 ------>connect to ap

Ruijie(config-int-GigabitEthernet 0/1)#poe enable ------->enable poe (optional config, should be poe switch)

Ruijie(config-GigabitEthernet 0/1)#switchport mode trunk ------>trunk port,transmit ap vlan and sta vlan

Ruijie(config-GigabitEthernet 0/1)#switchport trunk native vlan 100  ------>config ap vlan as native vlan

Ruijie(config-GigabitEthernet 0/1)#interface gigabitEthernet 0/2 ------>connect to core-switch

Ruijie(config-GigabitEthernet 0/2)#switchport mode trunk ------>trunk port,transmit ap vlan and sta vlan

Ruijie(config-int-GigabitEthernet 0/2)#end       

Ruijie#write             

 

3) SW2 (core switch, on AP site)

Step1: config vlan, include sta vlan, interconnec vlan with egress router, ap vlan

Ruijie>enable                

Ruijie#configure terminal    

Ruijie(config)#vlan 10   

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 100    ------>ap vlan

Ruijie(config-vlan)#exit

Ruijie(config)#vlan 200    ------>sta vlan

Ruijie(config-vlan)#exit

 

Step2: config svi

Ruijie(config)#interface VLAN 10  ------->interconnect address with egress router

Ruijie(config-int-vlan)#ip address 192.168.10.254 255.255.255.0

Ruijie(config-int-vlan)#exit

Ruijie(config)#interface vlan 100       ------->AP gateway

Ruijie(config-int-vlan)#ip address 192.168.100.254 255.255.255.0

Ruijie(config-int-vlan)#exit

Ruijie(config)#interface vlan 200       ------->user gateway

Ruijie(config-int-vlan)#ip address 192.168.200.254 255.255.255.0

Ruijie(config-int-vlan)#exit

 

Step3: config interface

Ruijie(config)# interface GigabitEthernet 0/1       ------->connect to egress router

Ruijie(config-int-GigabitEthernet 0/1)#switchport access vlan 10

Ruijie(config-int-GigabitEthernet 0/1)#interface GigabitEthernet 0/2      

Ruijie(config-int-GigabitEthernet 0/2)#switchport mode trunk       ------->connect to sw1,transmit ap vlan and sta vlan

Ruijie(config-int-GigabitEthernet 0/2)#exit      

 

Step4: config dhcp service, assign ip address to AP

Ruijie(config)#service dhcp   ------->enable dhcp service

Ruijie(config)#ip dhcp pool AP_vlan   ------->enable dhcp pool with name AP_vlan

Ruijie(dhcp-config)# option 138 ip 192.168.51.97  ----assign the capwap tunnel address,  which is public address of AC loopback0

Ruijie(dhcp-config)# network 192.168.100.0 255.255.255.0   ------->assign the  ip address to AP

Ruijie(dhcp-config)# default-router 192.168.100.254  ------->assign the gateway to AP

Ruijie(dhcp-config)#exit

 

Step5: config dhcp service, assign ip address to STA

Ruijie(config)#ip dhcp pool user_ruijie   ------->enable dhcp pool with name user_ruijie

Ruijie(config-dhcp)#network 192.168.200.0 255.255.255.0   ------->assign the  ip address to STA

Ruijie(config-dhcp)#default-route 192.168.200.254  ------->assign the gateway to STA

Ruijie(config-dhcp)#dns-server 218.85.157.99 218.85.152.99 ------->assign the dns to STA

Ruijie(config-dhcp)#exit

 

Step6: config routing

Ruijie(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1   ------->config static routing,route to egress router.

 

Step7: save routing

Ruijie(config)#exit     

Ruijie#write             

 

4) Configure R1 (Egress router on AP site)                

a. configure routing,  include default routingstatic routing for AP and STA.

b. configure NAT, translate AP address into public address and route to R2 ( egress router on AC site);translate STA address into public address and could connect to internet.

 

V. Verification

1) STA connect to AP

Ruijie#sh ac-config client by-ap-name

========= show sta status =========

AP   : ap name/radio id

Status: Speed/Power Save/Work Mode, E = enable power save, D = disable power save

 

Total Sta Num: 1

STA MAC           IPV4 Address                   AP                          Wlan               Vlan             Status     Asso Auth Net Auth          Up time     

--------------    --------------     ---------------------     ----------------    -----------    ---------     ------------------          -------------

2.27b0.169f    192.168.200.1   1414.4b13.c248/1                1                   200           65.0M/D/bn     WPA2_PSK                  0:00:02:06

 

 

2)     Check AP config on AC

Ruijie#sh ap-config summary

========= show ap status =========

Radio: E = enabled, D = disabled, N = Not exist

       Current Sta number

       Channel: * = Global

       Power Level = Percent

Online AP number: 1

Offline AP number: 0

AP Name                  IP Address         Mac Address          Radio 1             Radio 2             Up/Off time        State

 

AP name                  AP address        AP mac-address      2.4G                  5.8G             AP connect time     AP running state

 

---------------------------------------- --------------- -------------- ------------------- ------------------- -----------------

 

      1414.4b13.c248     192.168.100.1   1414.4b13.c248 E         1       1*  100 E   0   149*  100      0:01:05:50            Run

    

2.1.6     FAQ

2.1.6.1    Does the CAPWAP tunnel support cross-NAT networking?

Yes, it supports.

 

If the AP is on the NAT intranet,

You do not need to configure the static IP address mapping or port mapping for the AP. You just need to configure the source IP address conversion to ensure the connectivity between the AP and the AC.

 

If the AC is on the NAT intranet,

2. On the egress router, configure mapping for UDP ports 5246 (control channel) and 5247 (data channel) with an AC address indicated by option 138.

2. The IP address of the AC (optional 138 IP address) on the AP is the public network address of the AC after mapping.

 

If the AP and the AC are on its own NAT intranet, the above three configurations must be met.

2.1.6.2    The CAPWAP tunnel cannot be created.

(1) Communication between the AP and the AC is abnormal.

The AP fails to get the IP address.

The AP fails to get the Option 138 field.

The AP fails to ping the AC to create the tunnel.

The CAPWAP UDP ports 5246 and 5247 are discarded or filtered out by an intermediate device.

(2) The AC and AP are in abnormal status.

The AP cannot go online due to a high AC CPU usage.

    show cpu

The AC license is insufficient.

    show ac-config

    show license

show ap-config summary

 

The AC and AP version span is large (recommend to use same version for AP and AC).

The AP name is not unique.

19 16:37:19: CD-AC4 %APMG-6-AP_ADD: Add AP(1414.4b5d.03af) fail. Online-AP(1414.4b5d.097f) with same name(XS10A4-1) has exist in this AC     

Modifies name of online AP.

Collect the following information and contact Ruijie TAC.

(1)   Collect the following information on the AC:

show version

show running

show ac-config

show license

show ap-config summary

show capwap sta

show cpu

show memory

show ip route

show ip interface brief

(2)   Collect the following information on the AP:

show version

show ap-mode

show capwap sta

show ip route

show log

show capwap client state

2.1.6.3    How to check the reason why the AP is rejected from going online.

 

When the link is normal and the AC has received the packet from the AP but the capwap tunnel cannot be established between the AP and the AC, run the show ap-config summary deny-ap command to display the specific cause or in combination with the logs displayed on the AC.

Ruijie#show ap-config summary deny-ap

Deny ap num: 1

Mac Address    AP Name                                  Reason           

-------------- ---------------------------------------- -----------------

2.4b71.98a1                                          By conflict  

By bind-ap-mac           //The AP-MAC binding is rejected. The MAC whitelist bind-ap-mac is enabled on the AC but the MAC of this AP does not exist in ap-config.

By wtp-limit             //Indicates that the maximum number of online APs has reached. A common cause is that the license is insufficient or the maximum number of online APs has reached. It is rarely caused by the wtp-limit configuration.

By conflict              //Indicates that the AP name conflicts with the MAC name. It is because the AP name has already existed on the AC or other APs of this MAC are online or configured.

By deny-flag             //The AC denies the AP to join it. A common cause is that deny-join is configured during networking and debugging.

By ap-auth               //Indicates that the AP certification is restricted. Certification by the certificate, serial number or password is enabled on the AC but the AP does not carry any certification information.

By user-class            //Indicates the APs belong to different classes. For example, SMB-AP can only access SMB-AC but cannot access ordinary ACs.

By overdue-ap            //Indicates the AC has an expired AP. This problem is temporary generally. The AC will automatically clears expired APs and then the expired APs can join the AC again.

By master-ap-mac         //Indicates that the satellite AP does not carry the master AP MAC. This problem is temporary generally and is caused by quick AP join during startup of the satellite AP.

By unknown               //Indicates an unknown cause.

By radio num             //Indicates that interconnection is not supported because the AP has too many RF interfaces. For example, the B7-version AC does not support AM5528.

By vendor id             //Indicates that the interconnection is not supported because the AP of another vendor is used.

By new-ap-limit          //Indicates that the number of the new APs reaches the upper limit. For example, WS5708 supports up to 100 B9-version APs of wave 2.

By local-limit           //Indicates that the number of APs connected to the AC is limited due to the AC protection in VAC scenario. It is possibly because the switch load is unbalanced or the working ACs are insufficient.

By hot-backup            //Indicates a hot-backup limit. For example, the AP uses the AP virtualization technology which does not support the hot-backup function. But hot-backup is enabled for this AP in the configuration.

By total-ap-num          //The total number of APs (online + offline) and AP tunnels has reached the upper limit. Delete unwanted offline APs.

By none-radio            //The AP is rejected because it does not carry radio. This problem is temporary generally and is caused by quick AP join during startup.

When the packet interaction between the AP and the AC is abnormal, capture packets from the intermediate line to locate the packet loss point and troubleshoot the wired network.

2.1.6.4      The AC cannot distribute the configuration to the AP.

[Symptom]                                                                                     

The AC cannot distribute the configuration to the AP.

[Environment]

The AP goes online to the AC across the public network.

[Possible Causes]

(1) The AP does not go online.

(2) The software version conflicts.

(3) The extranet is restricted.

(4) The software has a fault (due to causes such as large version span).

[troubleshooting Steps]

(1) Remotely view whether the AP version is consistent with the AC version and whether the AP has gone online successfully.

(2) Run the show ap-conf run command to check whether the AP has joined the group and whether the active/standby configurations are consistent.

(3) Ping the AP to the AC. If the package size is 1500 bytes, the AC cannot be pinged. The dichotomic test result shows that the maximum package size that can be pinged is 1410 bytes. Modify the control tunnel MTU to 1410 to solve the problem:

ac-controller

capwap ctrl-mtu 1410

[Summary and Precautions]

In the cross-NAT go-online environment, the following problems may occur: the AC configuration cannot be issued, the tunnel cannot be established or is repeatedly established, and the terminal cannot be accessed. After troubleshooting, check whether the large-package communication between the AP and the AC is normal. For repeated tunnel establishment, check whether the NAT entry aging time of the egress is too short by testing the tunnel keepalive time.

2.1.6.5    In the cross-public-network scenario, only part of APs can go online on the AC.

[Symptom]

In cross-public-network mode, only part of APs can go online on the AC.

[Troubleshooting Steps]

(1) Check the network topology, wireless configuration and version.

A. Deploy the APs and the AC (a single AC, no active-standby ACs) across the public network. In hot-backup mode, check whether configurations of the active and standby ACs are the same. Configurations of normal APs and failed APs are exactly the same and the bind-ap-mac configuration is not set.

B. Requests of local users are locally forwarded, and gateway of APs and wireless users and the DHCP address pool are on the local aggregation switch. Troubleshot the local device.

C. The AC, normal APs and abnormal APs are all of the latest version, and online APs are of the same model. It means that the problem is not caused by the version and public network line of the carrier.

(2) Log on to the failed AP to check the AP mode and confirm whether any IP address is obtained. Check whether the large packet can be communicated on the tunnel used for the AP to ping the AC.

Onsite check finds that the failed APs are in fit mode, the IP address can be obtained, and the large packet can be communicated on the tunnel.

(3) After check, we do not find any configuration difference between the access switch and the normal and failed AP interfaces, and the switch is in normal status.

(4) Collect logs and debugs on the failed APs and the AC.

The failed APs are always sending discovery request packets. However, after the show capwap statistics command is run on the AC, the number of received discovery request packets does not increase. It is suspected that the discovery request packets are discarded by intermediate link. Since the APs go online cross the public network and there are normal and failed APs, the problem is not caused by the public network line. It may be caused by the local device.

(5) Check the local device topology, egress EG, aggregation switch, access AC, and APs and capture packets at the uplink interface of the aggregation switch. Discovery request packets of failed APs are found. It is suspected that the packets are discarded at the egress EG device. Because we cannot directly capture packets for analysis at the egress, it is suspected that the application cannot identify the packets or the packets are discarded because traffic of packets from the APs to the AC is too large, and thus some tunnels between APs and the AC cannot be created.

(6) Add the AP network segment to the egress device free of auditing and flow control, and place resources of users at this segment to the EG key channel for preferential forwarding. The test result shows that the failed APs can go online normally. After the resources are moved out of the key channel, the APs go offline after a period of time and cannot go online again.

[Cause]

Traffic on the key channel of the egress traffic control device is too large and thus the interaction packet for creating a tunnel between the AP and the AC is discarded.

[Solution]

Add traffic in the AP IP address segment to the key channel of EG egress, to ensure that the AP packets are preferentially forwarded.

[Other Operation Commands]

Ø  On the AC, run the debug apmg join command to check whether the discovery request packet is received.

Ø  On the AP, run the debug capwap client fsm command to check whether the packet is successfully sent.

Ø  On the AP, run the debug capwap packet command to check whether the discover response packet is received. The prompt is displayed later.

If no response packet is received, run the following command on the AC:

debug efmp packet filter ipv4_sport range 5246 5247 counter 30

Ø  If the AP tunnel cannot be created, run the following command on the AC to see whether a prompt is displayed:

debug efmp packet filter ipv4_sip host  AP IP address  ipv4_sport eq

10000 counter 10

run-system-shell

dmesg

 

Ø  On the AC, run the show capwap ap tunnel id detail command to see the following information:

If the data port changes frequently, the traffic table is aging. You are recommended to adjust the channel keepalive time to a smaller value.

ap-config xxx

echo-interval xx (default: 30s; minimum: 5s; maximum: 255s)

2.1.6.6    The AC and AP versions are the same but the AP cannot go online on the AC and the progress stops at Join.

[Symptom]

The AC and AP versions are the same but the AP cannot go online on the AC.

[Analysis]

2.     View the log to check the CAPWAP tunnel status of the AP. The result shows the AP has communicated with the AC and its status after the join status is:

DTLS Teardown

*Jan1 00:01:10: %CAPWAP-6-STATE_CHANGE: (peer - 1) [1.1.1.1] capwap state changed, from <DTLS Setup> to <Join>

*Jan1 00:01:10: %CAPWAP-6-STATE_CHANGE: (peer - 1) [1.1.1.1] capwap state changed, from <Join> to <DTLS TearDown>

2. After confirming the link between the AC and the AP is normal, run the show ap-config summary deny-ap command. The result shows that the fault reason is "By conflict", which means the AP name is not unique in the system and thus the AP cannot join the AC.

2. After you restore the default settings of the AP or change its name, the AP goes online successfully.

[Summary]

During the go-online process of the AP, the CAPWAP tunnel status is idle-->discover-->DTLS Setup-->Join-->config-->Data Check-->Run respectively. When the CAPWAP tunnel reaches the Run status, the AP has gone online successfully.

If the progress stops when the CAPWAP tunnel reaches the Join status, run the show ap-config summary deny-ap command to display the reason for access denying (the reason is not displayed when the AC version is 11.x and the AP version is 10.x due to a large version span).

The following are common causes for that the progress stops when the CAPWAP tunnel reaches the Join status:

(1) The AP name conflicts.

(2) The versions are inconsistent.

(3) The license is incorrect.

(4) The line has a fault.

(5) The AC has security restrictions, for example, bind-ap-mac.

2.1.6.7    An offline AP is still displayed as "Online" on the AC.

[Symptom]

An offline AP is still displayed as "Online" on the AC.

[Analysis]

(1) Run the show run and show ap-configrun commands to display the configuration and check whether echo-interval is changed. (The default value is 30s.)

2. The result shows that the parameter value is still the default value. On the AC, run the show capwap index detail command several times. The keepalive value remains unchanged. It is suspected that the AP status is not updated on the AC because the keepalive function is disabled. Run the show capwap [ip addr] detail | inc Echo command. The result shows that the echo-interval is 0s.

AC-branch(config-ap)#show capwap 10.121.121.129 detail | in Echo

Echo interval is 0 secs, Dead interval is 0 secs Expire 4294967237 secs

2. Run the show cli record command to display the AC historical command records. The result shows that echo-interval disable is set for the AP-Group of the AP. Delete the configuration, the problem is solved.

[Summary]

This fault is caused by incorrect configuration of the hidden command. echo-interval disable is used to disable the echo function of the CAPWAP tunnel. After configuration, the AP echo function is disabled and the status of the AP is still displayed as "Run" after the AP goes offline. Besides, echo-interval disable is not displayed in the show run command.

 

The default echo interval between an AP and an AC is 30s. If the AC does not receive any echo packet from the AP within 30s, the AP goes offline.

The AP keeps alive the tunnel by sending an echo request every 30s. After receiving the echo request, the AC sends an echo response. If receiving no echo response within a certain period of time, the AP resends the echo request. The first retransmit starts at the 3rd second. When the time reaches the half of the echo interval, the AP deems that the tunnel is disconnected. The AP performs five retransmits within the 30s echo interval, that is, the 3rd second, 6th second, 12th second, 15th second, and 15th second.

Even if the echo interval is changed to another value, the calculation method for the retransmit time and count is still the same. The echo interval range is 5-255s, which is configured by the echo-interval *command in AP or AP group configuration mode.

2.1.6.8    Most APs cannot go online, online APs often go offline and the tunnel status frequently changes.

I. Symptom

Most APs cannot go online, online APs often go offline and the tunnel status frequently changes.

II. Troubleshooting Steps

(1) Check the network topology, wireless configuration, version, and log.

The version configurations are consistent.

Oct 16 00:24:27: %CAPWAP-5-RETRANS_MAX: (*2) (peer - 47) [172.17.6.30 : 10000] reach maximum retransmit count [5], msg is [configuration update request], seq is [1], elem length is [34].

Oct 16 00:24:27: %CAPWAP-6-PEER_NOTIFY_DOWN: (*2) Peer <172.17.6.30 : 10000 : 5869.6cea.d18d> DOWN, reason <Retransmit MAX>.

 

The intermediate line may have a fault.

(2) Log on to the failed AP to check the AP mode and confirm whether any IP address is obtained. Check whether the large packet can be communicated on the tunnel used for the AP to ping the AC.

Packet loss is rare during AC ping on the AP. The intermediate line may have a loop or the broadcast traffic is too large.

(3) Log on to the AC and run the clear counters command to clear the interface traffic statistics. After show int counters summary is collected for three consecutive times, the broadcast packets at the interconnected interface increases quickly, as shown in the following figure:

(4) Log on to the interconnected core devices and run the clear counters command to clear the interface traffic statistics. After show int counters summary is collected for three consecutive times, the following figures are displayed:

A great amount of broadcast packets increase at the Te1/3/20, indicating that a loop may exist.

(5) After confirming that the device connected to the Te1/3/20 interface is the AP of the access switch, down the Te1/3/20 interface to check whether all the APs under the Te1/3/20 interface go online one after another and the network is recovered.

(6) Log on to the access switch and enable RLDP. It is found that one interface is in down state. Check connection status of the associated device. The result shows that the switch is a private switch and has a loop.

III. Cause

The switch connected to the access switch has a loop at a single port.

IV. Solution

shutdown the loop interface.

V. Summary

(1) When a tunnel cannot be established or is established repeatedly for some APs, a loop may exist. Even if no loop exists, packet loss is impossible when you ping the AC on the AP.

(2) After a similar fault occurs, check the fault scope and active-standby configuration consistency.

(3) If the load balancing policy is incorrectly configured in VAC, the AP may often go online and offline frequently or cannot go online.

(4) In case a loop exists, enable the tree generation or RLDP function and query the switch logs to check the information of the failed port having the loop.

2.1.6.9    Troubleshooting Method and Fault Information Collection for Tunnel Establishment Failure Due to the AP Fault

Troubleshooting Method and Fault Information Collection for Tunnel Establishment Failure Due to the AP Fault

(1) Check the module and version of the AP and AC, and networking topology and solution.

(2) Run the following command to check whether the communication on loopback0 (or capwap ctrl-ip x.x.x.x) between the AP and the AC is normal:

(3) Check the logs on the AP and AC and collect the debug information about the AP and AC.

Log on to the AP:

  show log   //Collects the AP logs.

more ap_down.txt //Displays the cause for AP offline.

show capwap statistic    //Collects the AP tunnel establishment status information. The information can be collected for multiple times, up to consecutive three times.

  show capwap client state  

//When the AP does not identify efmp, enable debug efmp for the run-system-shell configuration.

 

run-system-shell    cd sbin

    ./efmp_demo &

    exit

Collect the Debug Information

terminal monitor

debug capwap client fsm

debug capwap packet

debug efmp packet filter ipv4_sport range 5246 5247 count 30

Log on to the AC:

show log

show ap-config summary deny-ap

terminal monitor

debug capwap [apip] packet

debug apmg join

debug efmp packet filter ipv4_sport eq 5247 ipv4_sip host [apip] count 10

(4) If no log or debug information is returned from the device end, troubleshoot the intermediate line. Run the traceroute ip tunnel ip source [apip] command to trace the tunnel IP address record route on the AP to view which devices the AP packet has passed.

(5) Perform segmented packet capturing in the dichotomic method to check the sending and receiving of the packet that is used for establishing a tunnel between the AP and the AC and locate the packet loss point.

2.1.6.10  Can the AP and the user be in the same VLAN in the fit AP local forwarding mode?

Yes. The following configurations must be set:

Ruijie(config)# ap-config ap-name

Ruijie(config-ap)# ap-vlan vlan-id  (The vlan-id must be the ID of VLAN of the AP and wireless user and must be configured; otherwise, the wireless user cannot obtain the IP address.)

ap-vlan command parsing: In local forwarding mode, the vlan-id configured by this command must be same to that allocated by STA. The actual VLAN of STA is assigned by the access switch of the AP instead of the VLAN configured by this command or assigned by the vlan-group. If the ap-vlan command is not configured, VLAN 1 is used by default.

Note: In local forwarding mode, even when the wireless user resides on VLAN 1, ap-vlan id must be configured on the AP. Otherwise, the wireless user can obtain the IP address of the AP network segment but cannot obtain the IP address of VLAN 1. 

2.1.6.11  How to check whether the forwarding mode is local forwarding on the AP?

Run the following command on AP 11.x:

Ruijie#debug fwd dump-mode

wlan 1 tunnel local

Besides, you can query the MAC address table of the connected AP interface on the access switch of the AP. In local forwarding mode, the MAC address table of the wireless user is displayed.

2.1.6.12  When the wireless user resides on VLAN 1 while the AP resides on another VLAN in local forwarding mode, the IP address of the AP VLAN is obtained by the wireless user?

When the wireless user resides on VLAN 1 in local forwarding mode, the ap-vlan of the AP must be configured on the AC.

Ruijie(config)#ap-config 5869.6c84.b278        ---5869.6c84.b278 is the AP name.       

Ruijie(config-ap)#ap-vlan 11       ---11 is the AP VLAN ID.

 

2.2      Fat AP Configuration

2.2.1     FAT AP (General)

Scenario

The APs independently complete the conversation between 802.11 fames and 802.3 frames for communication between the wired and the wireless networks.

AdvantageNo need to change the current wired network architecture, simple configuration

DisadvantageNon-unified management and configuration