Huawei wireless devices are configured with ACL based message filtering

To configure LSW and AC, send AP And AC Can transmit between CAPWAP message
[LSW1]vlan batch 100
[LSW1-GigabitEthernet0/0/1]port link-type trunk
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 100
[LSW1-GigabitEthernet0/0/2]port trunk pvid vlan 100
[AC1]vlan batch 100 101
[AC1-GigabitEthernet0/0/1]port link-type trunk
[AC1-GigabitEthernet0/0/1]port trunk allow-pass vlan 100

To configure AC Interworking with the upper network equipment
[AC1-GigabitEthernet0/0/2]port link-type trunk
[AC1-GigabitEthernet0/0/2]port trunk allow-pass vlan 101

To configure AC As DHCP The server , by STA and AP Distribute IP Address
[AC1]dhcp enable
[AC1-Vlanif100]ip add 10.1.100.1 24
[AC1-Vlanif100]dhcp select interface
[AC1-Vlanif100]int Vlanif 101
[AC1-Vlanif101]ip add 10.1.101.1 24
[AC1-Vlanif101]dhcp select interface

To configure AP go online
[AC1-wlan-view]ap-group name ap-group1 // establish AP Group
[AC1-wlan-view]regulatory-domain-profile name domain1 // Create domain management template , Configure... Under the domain management template AC Country code and in AP Reference domain management template under group
[AC1-wlan-regulate-domain-domain1]country-code cn
[AC1-wlan-view]ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
[AC1]capwap source interface Vlanif 100 // To configure AC Source interface of
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth // stay AC Import online and offline AP, And will AP Join in AP Group
[AC1-wlan-view]ap-id 0 ap-mac 00e0-fc60-4940
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-ap-0]ap-group ap-group1

To configure WLAN Business parameters
[AC1-wlan-view]security-profile name wlan-security // Create a security template , And configure the security policy
[AC1-wlan-sec-prof-wlan-security]security wpa2 psk pass-phrase [email protected] aes
[AC1-wlan-view]ssid-profile name wlan-ssid // establish SSID Templates , And configuration SSID name
[AC1-wlan-ssid-prof-wlan-ssid]ssid wlan-net
[AC1-wlan-view]vap-profile name wlan-vap // establish VAP Templates , Configure business data forwarding mode 、 Business VLAN, And reference security templates and SSID Templates
[AC1-wlan-vap-prof-wlan-vap]forward-mode tunnel
[AC1-wlan-vap-prof-wlan-vap]service-vlan vlan-id 101
[AC1-wlan-vap-prof-wlan-vap]security-profile wlan-security
[AC1-wlan-vap-prof-wlan-vap]ssid-profile wlan-ssid
[AC1-wlan-view]ap-group name ap-group1 // To configure AP Group reference VAP Templates ,AP RF on 0 And RF 1 All use VAP Template configuration
[AC1-wlan-ap-group-ap-group1]vap-profile wlan-vap wlan 1 radio all

To configure AP RF channel and power
[AC1-wlan-view]rrm-profile name default // Turn off the RF channel and power auto tuning function
[AC1-wlan-rrm-prof-default]calibrate auto-channel-select disable
[AC1-wlan-rrm-prof-default]calibrate auto-txpower-select disable
[AC1-wlan-view]ap-id 0 // To configure AP radio frequency 0 Channel and power
[AC1-wlan-ap-0]radio 0
[AC1-wlan-radio-0/0]channel 20mhz 6
[AC1-wlan-radio-0/0]eirp 127
[AC1-wlan-ap-0]radio 1 // To configure AP radio frequency 1 Channel and power
[AC1-wlan-radio-0/1]channel 20mhz 149
[AC1-wlan-radio-0/1]eirp 127

To configure WMM Function and Airtime Dispatch
[AC1-wlan-view]radio-2g-profile name wlan-radio2g // establish 2G RF template , And configuration WMM The function enables video services to give priority to network bandwidth
[AC1-wlan-radio-2g-prof-wlan-radio2g]wmm edca-ap ac-vo ecw ecwmin 3 ecwmax 4 txoplimit 94
[AC1-wlan-radio-2g-prof-wlan-radio2g]wmm edca-ap ac-vi ecw ecwmin 2 ecwmax 3 txoplimit 47
[AC1-wlan-view]ap-group name ap-group1 // stay AP Group references 2G RF template
[AC1-wlan-ap-group-ap-group1]radio-2g-profile wlan-radio2g radio all
[AC1-wlan-view]ssid-profile name wlan-ssid // Get into SSID Templates , And configuration WMM The function enables video services to give priority to network bandwidth
[AC1-wlan-ssid-prof-wlan-ssid]wmm edca-client ac-vo ecw ecwmin 3 ecwmax 4 txoplimit 94
[AC1-wlan-ssid-prof-wlan-ssid]wmm edca-client ac-vi ecw ecwmin 2 ecwmax 3 txoplimit 47
[AC1-wlan-view]rrm-profile name rrm // establish RRM Templates , Can make Airtime Scheduling function
[AC1-wlan-rrm-prof-rrm]airtime-fair-schedule enable
[AC1-wlan-view]radio-2g-profile name wlan-radio2g // stay 2G Quoted in the RF template RRM Templates
[AC1-wlan-radio-2g-prof-wlan-radio2g]rrm-profile rrm

Configuration is based on ACL Message filtering
[AC1]acl 3001 // Configure qualified advanced ACL
[AC1-acl-adv-3001]rule deny ip source 10.1.100.10 0 destination 10.1.100.11 0
[AC1-wlan-view]traffic-profile name traffic
[AC1-wlan-traffic-prof-traffic]traffic-filter inbound ipv4 acl 3001

Configure priority mapping relationship
[AC1-wlan-view]traffic-profile name traffic // Create traffic template , And configure the priority mapping relationship
[AC1-wlan-traffic-prof-traffic]priority-map downstream trust dscp
downstream dscp 48 to 55 dot11e 4
[AC1-wlan-traffic-prof-traffic]priority-map downstream dscp 56 to 63 dot11e 5
[AC1-wlan-traffic-prof-traffic]priority-map downstream dscp 32 to 39 dot11e 6
[AC1-wlan-traffic-prof-traffic]priority-map downstream dscp 40 to 47 dot11e 7
[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream trust dot11e
[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 6 dscp 32
[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 7 dscp 40
[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 4 dscp 48
[AC1-wlan-traffic-prof-traffic]priority-map tunnel-upstream dot11e 5 dscp 56
[AC1-wlan-traffic-prof-traffic]rate-limit client up 2048 // Configure flow supervision parameters
[AC1-wlan-traffic-prof-traffic]rate-limit vap up 30720
[AC1-wlan-view]vap-profile name wlan-vap // stay VAP Bind the traffic template in the template
[AC1-wlan-vap-prof-wlan-vap]traffic-profile traffic