Professional Documents
Culture Documents
Guide Huawei - Access Controllers (ACs)
Guide Huawei - Access Controllers (ACs)
(ACs)
Purpose
This guide shows how to configure a Huawei device with the following AP models running
V200R006C10SPC800:
firmware FitAP_Model_
● AP6010SN-GN
● AP6010DN-AGN
● AP6310SN-GN
● AP6510DN-AGN
● AP6610DN-AGN
● AP7110SN-GN
● AP7110DN-AGN
● AP5010SN-GN
● AP5010DN-AGN
● AP3010DN-AGN
● AP6510DN-AGN-US
● AP6610DN-AGN-US
● AP5030DN
● AP5130DN
● AP7030DE
● AP2010DN
● AP8130DN
● AP8030DN
● AP9330DN
● AP4030DN
● AP4130DN
● AP3030DN
● AP2030DN
● AP9131DN
● AP9132DN
● AP5030DN-S
● AP3010DN-V2
Please note that the images contained in this article may have outdated configuration data.
Please check the data in the article "Parameters for the Solution" at the bottom of the page, as
Prerequisites
The configuration procedure has been performed and tested on Huawei Access Controller
AC6005-8-PWR running firmware VRP (R) software, Version 5.130 (AC6005 V200R006C10)
Before integrating the Access Controller with Lyzntech Angaza, it is necessary that it is
connected to the Internet and reachable on the network and has open the UDP port 2000.
This guide will refer to the Access Controller AC6005 and the network architecture in the picture
below.
In this case:
By default, the Access Controller has the following IP address: 169.254.1.1. You can manage
and configure the AC by Telnet or by opening a web browser, visiting the following URL:
Network 1 (AC)
Ethernet interfaces and VLANs
● Configure a Service VLAN and the CapWap source IP address (in this example is the
In Telnet session, we start to configure the VLAN interface GigabitEthernet 0/0/1 as following:
<AC-6005>system-view
# Change the system name to the public IP address of the AC 6005. This is a mandatory step
and the name of the controller needs to be its public IP address. If AC controller uses
private IP address, then you need to provide public IP address after NATting.
[AC-6005]sysname 151.0.208.150
[151.0.208.150-Vlanif150]description public-ip-AC
[151.0.208.150-Vlanif150]quit
# Service VLAN with the address pool of the STAs (Client devices will connect to AP)
[151.0.208.150-Vlanif200]description service-VLAN
[151.0.208.150-Vlanif200]quit
[151.0.208.150]interface vlanif 30
[151.0.208.150-Vlanif30]description Management-VLAN
[151.0.208.150-Vlanif30]quit
[151.0.208.150]interface GigabitEthernet0/0/1
[151.0.208.150-GigabitEthernet0/0/1]quit
[151.0.208.150]quit
<151.0.208.150>save
The Portal version on the AC should be set to Ver 1. If the AC is running on a different version
Security consideration. To permit the connections between the Portal Server and the Access
Controller, it's necessary the AC is reachable from the Internet and have open the UDP port
# Free domains
dns
# RADIUS server
*.lyzntech.co.ke
*.facebook.com
*.facebook.net
# Lyzntech Angaza RADIUS server IP: 54.247.117.188 authentication port: 1812, accounting
port:1813
by Lyzntech Angaza
[151.0.208.150-radius]quit
[151.0.208.150]aaa
[151.0.208.150-aaa]authentication-scheme radius
[151.0.208.150-aaa-authen-radius]authentication-mode radius
[151.0.208.150-aaa-authen-radius]quit
[151.0.208.150-aaa]authorization-scheme radius
[151.0.208.150-aaa-author-radius]authorization-mode if-authenticated
[151.0.208.150-aaa-author-radius]quit
[151.0.208.150-aaa]accounting-scheme radius
[151.0.208.150-aaa-accounting-radius]accounting-mode radius
[151.0.208.150-aaa-accounting-radius]quit
[151.0.208.150-aaa]domain d1
[151.0.208.150-aaa-domain-d1]authentication-scheme radius
[151.0.208.150-aaa-domain-d1]authorization-scheme radius
[151.0.208.150-aaa-domain-d1]accounting-scheme radius
[151.0.208.150-aaa-domain-d1]radius-server radius
[151.0.208.150]url-template name u1
[151.0.208.150-url-template-u1]url
https://captiveportal.lyzntech.co.ke
# Uam parameters
[151.0.208.150-url-template-u1]url-parameter user-ipaddress
wlanuserip ac-ip wlanacip ac-mac wlanacmac ap-ip wlanapip ap-mac
[151.0.208.150]web-auth-server web
[151.0.208.150-web-auth-server-web]url-template u1
[151.0.208.150-web-auth-server-web]source-ip 151.0.208.150
[151.0.208.150-web-auth-server-web]quit
[151.0.208.150-portal-access-profile-portal]web-auth-server web
direct
[151.0.208.150-portal-access-profile-portal]quit
[151.0.208.150-authentication-profile-portal]portal-access-profile
portal
[151.0.208.150-authentication-profile-portal]free-rule-template free1
[151.0.208.150-authentication-profile-portal]access-domain d1
[151.0.208.150-authentication-profile-portal]authentication
roam-accounting
[151.0.208.150-authentication-profile-portal]update-session-mode
[151.0.208.150-authentication-profile-portal]authentication-scheme
radius
[151.0.208.150-authentication-profile-portal]accounting-scheme radius
[151.0.208.150-authentication-profile-portal]authorization-scheme
radius
[151.0.208.150-authentication-profile-portal]radius-server radius
[151.0.208.150]wlan
[151.0.208.150-C4W-huawei]ssid name_of_ssid
[151.0.208.150-C4W-huawei]quit
[151.0.208.150-wlan-vap-prof-C4W-huawei]ssid-profile C4W-huawei
[151.0.208.150-wlan-vap-prof-C4W-huawei]security-profile C4W-huawei
[151.0.208.150-wlan-vap-prof-C4W-huawei]authentication-profile portal
The following schema defines the functional priorities of the operations necessary to configure
For Huawei devices, the Lyzntech Angaza platform requires only the MAC address. The
1. The service VLAN with the same ID as the previously configured on the AC (Vlan200)
with a DHCP server for the STAs (customer devices) will connect through the SSID.
2. The Management VLAN for the APs with the same ID and pool as the previously
configured on the AC (Vlan30) with a DHCP server for the APs. In this case, the pool
will be 192.168.30.1/24.
Enter for each AP via telnet or ssh with the default credentials
admin/admin@huawei.com.
RADIUS IP address.
○ RADIUS server primary(Authentication) → 54.247.117.188 on port 1812
url https://captiveportal.lyzntech.co.ke
redirect-url wlanuserfirsturl
● Configure a VAP profile and associate it with WLAN and SSID profile.
security-profile C4W-huawei
authentication-profile portal
● Create an AP group and associate it with the VAP profile previously created.en
● On the switch, create one service VLAN with the same ID configured on AC in tagged
mode(Vlan200) and one for the AP management with the same ID and pool
configured on the AC (Vlan30)
● Create one DHCP server for the STAs and one for the APs (eventually with the option