A WLAN mesh network allows for wireless connections between APs, making the WLAN more mobile and flexible. Also, you can establish multi-hop wireless links between APs. In these ways, a WLAN mesh network differs from a traditional WLAN. However, a WLAN mesh network is no different from a traditional WLAN for end users.

Basic concepts

Figure 1 Typical WLAN mesh network

The concepts involved in WLAN mesh are described below.

Concept	Description
Access controller (AC)	Device that controls and manages all the APs in the WLAN.
Mesh point (MP)	Wireless AP that connects to a mesh portal point (MPP) through a wireless connection but cannot have any client attached.
Authenticator MP	MP that acts as an authenticator in forming the link between two MPs.
Candidate peer MP	Neighbor MP to which a mesh link has not been established, but it meets eligibility requirements to become a peer MP.
Link metric	Criterion used to characterize the performance/quality/eligibility of a mesh link for use in a mesh path.
Mesh	Network consisting of two or more mesh points that communicate with each other via mesh services.
Mesh access point (MAP)	AP providing the mesh service and the access service concurrently.
Mesh action frame	802.11 management frame that has mesh specific action category.
Mesh link	Link between two MPs.
Mesh portal point (MPP)	Wireless AP that connects to an AC through a wired connection.
Peer MP	Peer MP to which the local MP has established a mesh link.
Station (STA)	Wireless terminal (a PC or laptop) with a wireless network card.

WLAN mesh advantages

In the current WLAN solution, APs have to be interconnected by using cables, switches, routers, and power supplies, making the wireless network complex and costly and requiring a lot of time to deploy.

The WLAN mesh technology is a totally new approach for deploying wireless networks. It allows operators to easily deploy wireless networks anywhere and anytime.

WLAN mesh has the following advantages:

· Low cost and high performance

· Expandable without the need of new wiring or access points

· Easy to deploy

· Applicable to areas such as metro, company, office, large warehouses, manufacturing, ports and waterfronts

· Avoidance of single point failures because of multi-path availability

Deployment scenarios

This section covers deployment scenarios of WLAN mesh, which come into two categories: one is for subway networking and the other is for normal networking.

Normal WLAN mesh deployment

· Normal AC + fit MP scenario

Figure 2 Normal AC + fit MP scenario

As shown in Figure 2, two mesh networks are controlled by the same AC. At least one MPP in a mesh has wired connectivity with the AC. When an MP comes up, it scans the network and forms temporary connections with all available MPs in its vicinity. The temporary connections allow the MP to connect to the AC for downloading its configurations. After downloading its configurations from the AC, the MP establishes secure connections with neighbors.

· One MP with two radios, each on a different mesh

Figure 3 One fit MP with two radios, each on a different mesh

As shown in Figure 3, an MP has two radios, each of which is present in a different mesh network. The only constraint is that both meshes have to be managed by the same AC.

· One fit MP with two radios on the same mesh

Figure 4 Two radios on different meshes

As shown in Figure 4, Radio 1 of MP 1 joins the mesh through the MPP. In this case, only Radio 1 can provide access for downstream MPs. Radio 2 cannot access the mesh automatically and provide the mesh service.

Subway WLAN mesh deployment

Subway is an important traffic means for a modern city. In a subway system, control information needs to be sent to trains to manage trains effectively and provide various services to customers. As shown in Figure 5, a subway WLAN mesh solution has MPs deployed both on the train and along the rail, which are managed by the same AC. A train MP continuously scans new rail MPs, and sets up active/dormant links with the rail MPs with the best signal quality. The active mesh link is used for data transmission, and the dormant mesh link acts as the backup link.

Figure 5 Subway deployment of mesh

The subway WLAN mesh deployment is based on the Mobile Link Switch Protocol (MLSP), which is a proprietary protocol developed by H3C for obtaining high-speed link switch with zero packet loss during train movement. H3C has adopted new IEEE standard 802.11s as the underlying protocol for link formation and communication between mobile radio (MR) and wayside AP. Train MPs are not required to act as authenticators.

WLAN mesh security

A WLAN network uses air as the communication medium, so it is vulnerable to malicious attacks. In a mesh network, a wireless connection passes through multiple hops, and thus a mesh network is more vulnerable to malicious attacks. Therefore, WLAN mesh network security becomes an essential part of WLAN mesh networks. Security involves encryption algorithms and distribution and management of keys. Currently, PSK + CCMP combination is used for securing mesh networks.

MLSP

MLSP creates and breaks links during train movement to ensure that an active link is available on a train MP at any given time.

Terminology of MLSP

As shown in Figure 6, when the train is moving, it needs to break the existing active link with rail MP 2 and create a new active link with another rail MP.

Figure 6 Diagram for MLSP

· Active Link—Logical link through which all data communication from/to a train MP happens.

· Dormant Link—Logical link over which no data transfer happens, but it satisfies all the criteria for becoming an active link.

MLSP advantages

1. MLSP makes that the link switch time is less than 30 milliseconds.

2. MLSP works well even if the chipset gets saturated at high power level.

3. MLSP achieves zero packet loss during link switch.

Operation of MLSP

MLSP establishes multiple links at any given time between a train MP and multiple rail MPs to provide link redundancy, ensuring high performance and good robustness for the network.

The following four parameters are considered by MLSP for link switch. Based on the deployment, all these parameters are tunable to achieve best results.

· Link formation RSSI/link hold RSSI—This is the minimum RSSI to allow a link to be formed and held. Therefore, the minimum RSSI must be ensured at any given point in the tunnel. Otherwise, the error rate can be very high.

· Link switch margin—If the RSSI of the new link is greater than that of the current active link by the link switch margin, active link switch happens.

· Link hold time—An active link remains up within the link hold time, even if the link switch margin is reached. This mechanism is used to avoid frequent link switch.

· Link saturation RSSI—This is the upper limit of RSSI on the active link. If the value is reached, the chipset is saturated and link switch happens.

Formation of dormant links

A train MP performs active scanning to find neighboring rail MPs by sending probe requests at a very high rate. Based on probe responses received, the train MP forms a neighbor table.

After that, the train MP creates dormant links with rail MPs that have an RSSI value greater than the link formation RSSI.

Selection of active link

A train MP selects the active link from dormant links based on the following rules:

1. If no dormant link is available, the active link cannot be formed.

2. Active link switch does not happen within the link hold time, except the following two conditions:

¡ Condition 1—The active link RSSI exceeds the link saturation RSSI.

¡ Condition 2—The active link RSSI is below the link hold RSSI.

3. When the link hold timer expires, if no dormant link has RSSI greater than the active link RSSI by the link switch margin, link switch does not happen.

4. In normal scenarios, active link switch happens when all of the following conditions are met:

¡ The link hold timer expires.

¡ The dormant link's RSSI is higher than the current active link's RSSI by the link switch margin.

¡ The dormant link RSSI is not greater than the link saturation RSSI.

¡ The RSSI of the new link should be increasing.

5. Once the RSSI of the active and dormant links have gone below the link hold RSSI, links should be broken. However, to ensure service availability in worse cases, if the active link RSSI has gone below the link hold RSSI and no dormant links exist, the active link is not broken.

Deployment scenarios

The mesh feature supports the following three topologies, implemented by specifying peer MAC addresses for each AP.

Topology 1 Peer to Peer Connection (Point to Point): In this topology, you can specify the peer MAC addresses for the APs to establish a mesh link.

Figure 7 Point to point topology

Topology 2 Centralized Bridging (Point to multipoint): In this topology, a centralized bridging device forms wireless links with multiple MPs to bridge data among multiple LAN segments. As shown in Figure 8, data transferred between different LAN segments goes via AP 1.

Figure 8 Point to multipoint topology

Topology 3 (Self Topology Detection and Bridging): In this topology, MPs automatically detect neighbors and form wireless links to provide wireless connectivity between LAN segments, as shown in Figure 9. This topology can cause loops. You can configure mesh routing to remove loops and implement link redundancy when a mesh link fault occurs.

Figure 9 Self topology detection and bridging

Protocols and standards

· Draft P802.11s_D1.06

· ANSI/IEEE Std 802.11, 1999 Edition

· IEEE Std 802.11a

· IEEE Std 802.11b

· IEEE Std 802.11g

· IEEE Std 802.11i

· IEEE Std 802.11s

· IEEE Std 802.11-2004

WLAN mesh configuration task list

Task	Remarks
Setting an MKD ID	Required.
Configuring mesh port security	Required.
Configuring a mesh profile	Required.
Configuring mesh portal service	Optional.
Configuring an MP policy	Optional.
Configuring MLSP proxy on an MP	Optional.
Mapping a mesh profile to the radio of an MP	Required.
Mapping an MP policy to the radio of an MP	Required.
Specifying a mesh working channel	Required.
Specifying a peer on the radio	Required.
Disabling the temporary link formation function	Optional.
Specifying the mesh signal transmission media	Optional.

Setting an MKD ID

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Set the mesh key distributor (MKD) ID.	wlan mkd-id mkd-id	By default, the MKD ID is 000F-E200-0001.

Configuring mesh port security

For more information about the port-security tx-key-type 11key, port-security preshared-key, and port-security port-mode commands, see Security Command Reference.

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter WLAN mesh interface view.	interface wlan-mesh interface-number	N/A
3. Enable 11key negotiation.	port-security tx-key-type 11key	By default, 11key negotiation is disabled.
4. Set a PSK.	port-security preshared-key { pass-phrase \| raw-key } [ cipher \| simple ] key	By default, no PSK is configured.
5. Configure the port to operate in PSK mode.	port-security port-mode psk	By default, the port operates in noRestrictions mode.

Configuring a mesh profile

A mesh profile is created and mapped to an MP so that it can provide mesh services to other MPs that have the same mesh profile mapped.

To configure a mesh profile:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create a mesh profile and enter mesh profile view.	wlan mesh-profile mesh-profile-number	N/A
3. Set the mesh ID.	mesh-id mesh-id-name	By default, no mesh ID is set for the mesh profile.
4. Bind a WLAN mesh interface.	bind wlan-mesh interface-index	By default, no interface is bound to the mesh profile.
5. Set the mesh link keep alive interval.	link-keep-alive keep-alive-interval	Optional. By default, the mesh link keep-alive interval is 2 seconds.
6. Set the backhaul radio rate.	link-backhaul-rate rate-value	Optional. The default link backhaul rate depends on the radio type of the AP.
7. Enable the mesh profile.	mesh-profile enable	By default, the mesh profile is disabled.
8. Return to system view.	quit	N/A
9. Enable the mesh key distributor (MKD) service for the mesh profile.	mkd-service enable mesh-profile mesh-profile-number	By default, the MKD service is disabled for all mesh profiles.

Configuring mesh portal service

Mesh portal service should be enabled for an MP to act as a mesh portal point (MPP).

Enable mesh portal service only for MPPs (APs connected to the AC through wired connection).

To configure mesh portal service:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create an AP template and enter AP template view.	wlan ap ap-name [ model model-name [ id ap-id ] ]	The model number needs to be specified only during new AP template creation.
3. Enable the portal service.	portal-service enable	By default, the portal service is disabled.

Configuring an MP policy

Link formation and maintenance are driven by the attributes specified in the MP policy.

To configure an MP policy:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create an MP policy and enter MP policy view.	wlan mp-policy policy-name	By default, there is a default MP policy default_mp_plcy, which cannot be deleted or modified.
3. Enable link initiation.	link-initiation enable	Optional. By default, link initiation is enabled.
4. Set the maximum number of links.	link-maximum-number max-link-number	Optional. By default, the maximum number is 2.
5. Set the link formation/link hold RSSI.	link-hold-rssi value	Optional. The default is 15 dBm.
6. Set the link hold time.	link-hold-time value	Optional. The default is 4000 milliseconds.
7. Set the link switch margin.	link-switch-margin value	Optional. The default is 10 dBm.
8. Set the link saturation RSSI.	link-saturation-rssi value	Optional. The default is 150 dBm.
9. Set the probe request interval.	probe-request-interval interval-value	Optional. By default, the probe request interval is 1000 ms.
10. Enable MLSP.	mlsp enable	Optional. By default, MLSP is disabled. If MLSP is disabled on a radio, the MLSP proxy MAC address configured under the current MP policy is removed.
11. Enable the device to act as an authenticator based on negotiation results.	role-authenticator enable	Optional. By default, whether a device acts as an authenticator is based on negotiation results.
12. Set the link rate mode.	link rate-mode { fixed \| real-time }	Optional. The default link rate mode is fixed.
13. Enable the temporary link function.	temporary-link enable	Optional. By default, the temporary link function is enabled.

The mlsp enable and mlsp-proxy mac-address commands are only applicable to subway WLAN mesh networks.

Configuring MLSP proxy on an MP

In a subway mesh network as shown in Figure 10, two rail MPs AP 1 and AP 2 and an AC are connected to a Layer-3 switch, and a train MP establishes an active link with AP 1, and a dormant link with AP 2. Device A receives traffic from Device B (a multicast source for example). When a link switchover occurs (the link between the train MP and AP 2 becomes the active link), the train MP, if configured with MLSP proxy for Device A, sends a gratuitous ARP packet in the name of Device A so the switch can quickly update the ARP entry to avoid traffic interruption between Device B and Device A.

Figure 10 Network diagram

Configure MLSP proxy on the train MP as follows:

· If Device A, Device B, the rail MPs, the train MP, and the AC are in the same VLAN, configure the mlsp-proxy mac-address mac-address [ vlan vlan-id ] command on the train MP, where the mac-address argument represents the MAC address of Device A. If Device A is not in VLAN 1, specify a VLAN for Device A.

· If Device A and Device B are in different VLANs, configure the mlsp-proxy mac-address mac-address [ vlan vlan-id ] ip ip-address command on the train MP, where the mac-address and ip-address arguments represent the MAC address and IP address of Device A. If Device A is not in VLAN 1, specify a VLAN for Device A.

To configure MLSP proxy on an MP:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter MP policy view.	wlan mp-policy policy-name	By default, there is a default MP policy default_mp_plcy, which cannot be deleted or modified.
3. Enable MLSP.	mlsp enable	By default, MLSP is disabled. Disabling MLSP removes the configuration of the mlsp-proxy command.
4. Configure MLSP proxy for a connected device.	mlsp-proxy mac-address mac-address [ vlan vlan-id ] [ ip ip-address ]	By default, no MLSP proxy is configured. This command is available only when MLSP is enabled.

Mapping a mesh profile to the radio of an MP

For an MP to advertise mesh capabilities, a mesh profile should be mapped to the radio of the MP.

To map a mesh profile to a radio:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter AP template view.	wlan ap ap-name [ model model-name [ id ap-id ] ]	The model number needs to be specified only during new AP template creation.
3. Enter radio view.	radio radio-number [ type { dot11a \| dot11an \| dot11b \| dot11g \| dot11gn } ]	The default value depends on the AP model.
4. Map the mesh profile to the radio.	mesh-profile mesh-profile-number	By default, no mesh profile is mapped to the radio.

Mapping an MP policy to the radio of an MP

An MP policy should be mapped to a radio so that link formation and maintenance on the radio can be driven by the attributes specified in the MP policy.

To map an MP policy to the radio of an MP:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter AP template view.	wlan ap ap-name [ model model-name [ id ap-id ] ]	The model number needs to be specified only during new AP template creation.
3. Enter radio view.	radio radio-number [ type { dot11a \| dot11an \| dot11b \| dot11g \| dot11gn } ]	The default value depends on the AP model.
4. Map the MP policy to the radio.	mp-policy policy-name	By default, the radio uses the default MP policy default_mp_plcy.

Specifying a mesh working channel

Use one of the following methods to specify a mesh working channel:

· Use the channel channel-number command to manually specify a mesh working channel. The APs on the two ends of a mesh link must operate on the same channel.

· Use the channel auto command to enable APs to automatically negotiate a working channel when they establish a mesh link.

No matter which method is used, as long as an AP detects radar signals on its working channel, the AP and any other AP that establish a mesh link switch to another available working channel.

In some countries, most available channels on the 802.11a band are radar channels. As a best practice, use the auto mode to establish mesh links on the 802.11a band.

Specifying a peer on the radio

Specify the MAC addresses of allowed peers on the local radio interface.

To specify a peer MAC address on a radio:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter AP template view.	wlan ap ap-name [ model model-name [ id ap-id ] ]	The model number needs to be specified only during new AP template creation.
3. Enter radio view.	radio radio-number [ type { dot11a \| dot11an \| dot11b \| dot11g \| dot11gn } ]	The default value depends on the AP model.
4. Specify a permitted peer and specify the cost of the mesh link to the peer.	mesh peer-mac-address mac-address [ cost cost ]	By default, the radio has no peer MAC address configured, all neighbors are permitted, and the link cost for the mesh link is automatically computed.

Disabling the temporary link formation function

When a train MP goes offline and loses its configuration, it asks to form a temporary link. If you disable the temporary link formation function on the AC, surrounding train MPs refuse to provide the AC access service for the offline MP. The offline MP must wait to connect to the AC through a wired connection.

To disable the temporary link formation function:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter MP policy view.	wlan mp-policy policy-name	N/A
3. Disable the temporary link formation function.	undo temporary-link enable	By default, the temporary link formation function is enabled.

Specifying the mesh signal transmission media

Mesh signals can be transmitted over the air or through waveguides, which provide less signal loss and higher availability.

To specify the mesh signal transmission media:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter MP policy view.	wlan mp-policy policy-name	N/A
3. Specify the mesh signal transmission media.	signal { air \| wave-guide }	By default, the mesh signal transmission media is air.
4. Set the air-transmitted RSSI threshold for an MP to switch the transmission media from waveguide to air.	waveguide-to-air rssi-threshold rssi-threshold	Optional. By default, the threshold is 20.

Displaying and maintaining WLAN mesh link

Task	Command	Remarks
Display mesh link information.	display wlan mesh-link ap { all \| name ap-name [ verbose ] } [ \| { begin \| exclude \| include } regular-expression ]	Available in any view.
Display mesh profile information.	display wlan mesh-profile { mesh-profile-number \| all } [ \| { begin \| exclude \| include } regular-expression ]	Available in any view.
Display MP policy information.	display wlan mp-policy { mp-policy-name \| all } [ \| { begin \| exclude \| include } regular-expression ]	Available in any view.
Perform a mesh link test on the specified AP and display the test results.	wlan mesh-link-test ap-name	Available in user view.

WLAN mesh configuration examples

Normal WLAN mesh configuration example

Network requirements

As shown in Figure 11, establish a mesh link between the MAP and the MPP, and configure 802.11gn on the MAP so the client can access the network.

Figure 11 Network diagram

Configuration procedure

1. Configure Mesh:

# Enable port security.

<AC> system-view

[AC] port-security enable

# Create WLAN mesh interface 1. Enable 11key negotiation, set a PSK, and set the port security mode as PSK mode for the interface.

[AC] interface wlan-mesh 1

[AC-wlan-mesh1] port-security tx-key-type 11key

[AC-wlan-mesh1] port-security preshared-key pass-phrase 12345678

[AC-wlan-mesh1] port-security port-mode psk

[AC-wlan-mesh1] quit

# Create mesh profile 1, and bind WLAN mesh interface 1 to it.

[AC] wlan mesh-profile 1

[AC-wlan-mshp-1] bind wlan-mesh 1

[AC-wlan-mshp-1] quit

# Configure an MKD-ID (an MKD-ID exists by default, and you can omit this command).

[AC] wlan mkd-id 0eab-01cd-ef00

# Enable the MKD service.

[AC] mkd-service enable mesh-profile 1

# Set the mesh ID as outdoor for mesh profile 1, and enable the mesh profile.

[AC] wlan mesh-profile 1

[AC-wlan-mshp-1] mesh-id outdoor

[AC-wlan-mshp-1] mesh-profile enable

[AC-wlan-mshp-1] quit

# A default MP policy exists by default. You can also configure an MP policy. The default MP policy is used in this example.

2. Configure MPP:

# Create AP template mpp, and specify the AP model and serial ID.

[AC] wlan ap mpp model WA3628i-AGN

[AC-wlan-ap-mpp] serial-id 59235B15D114C005623

# Create radio 1, specify channel 149, map mesh profile 1 to the radio, and then enable the radio.

[AC-wlan-ap-mpp] radio 1 type dot11an

[AC-wlan-ap-mpp-radio-1] channel 149

[AC-wlan-ap-mpp-radio-1] mesh-profile 1

[AC-wlan-ap-mpp-radio-1] radio enable

[AC-wlan-ap-mpp-radio-1] quit

# Enable the mesh portal service for MPP.

[AC-wlan-ap-mpp] portal-service enable

3. Configure MAP:

# Create AP template map, and specify the AP model and serial ID.

[AC] wlan ap map model WA3628i-AGN

[AC-wlan-ap-map] serial-id 21023529G007C000020

# Create radio 1, specify channel 149 for it, and map mesh profile 1 to it, and then enable the radio.

[AC-wlan-ap-map] radio 1 type dot11an

[AC-wlan-ap-map-radio-1] channel 149

[AC-wlan-ap-map-radio-1] mesh-profile 1

[AC-wlan-ap-map-radio-1] radio enable

[AC-wlan-ap-map-radio-1] quit

After the configuration, a mesh link will be established between the MAP and MPP, and they can ping each other.

4. Configure 802.11gn service on the MAP so that the client can access the network:

For the related configuration, see "Configuring WLAN access."

After 802.11gn is configured on the MAP, the client and the AC can ping each other, and the client can access the network through the mesh link.

Verifying the configuration

# Display the mesh link information on the AC.

<AC> display wlan mesh-link ap all

Mesh Link Information

--------------------------------------------------------------------------------

AP Name: mpp

--------------------------------------------------------------------------------

Peer Local Status RSSI Packets(Rx/Tx)

--------------------------------------------------------------------------------

00ef-2231-0b4a 00aa-4433-6699 Forwarding 50 13442/134234

--------------------------------------------------------------------------------

AP Name: map

--------------------------------------------------------------------------------

Peer Local Status RSSI Packets(Rx/Tx)

--------------------------------------------------------------------------------

00aa-4433-6699 00ef-2231-0b4a Forwarding 54 231/14234

The output shows that the MPP and MAP have established a mesh link.

Subway WLAN mesh configuration example

Network requirements

As shown in Figure 12, configure WLAN mesh so the train MP (fat AP) can form links with rail MPs during movement, among them one link is the active link and all others are dormant links.

Figure 12 Network diagram

Configuration procedure

1. Configure AC:

# Enable port security.

<AC> system-view

[AC] port-security enable

# Create WLAN mesh interface 1. Enable 11key negotiation, set a PSK, and set the port security mode as PSK mode for the interface.

[AC] interface wlan-mesh 1

[AC-WLAN-MESH1] port-security tx-key-type 11key

[AC-WLAN-MESH1] port-security preshared-key pass-phrase 12345678

[AC-WLAN-MESH1] port-security port-mode psk

[AC-WLAN-MESH1] quit

# Create mesh profile 1, bind WLAN mesh interface 1 to it.

[AC] wlan mesh-profile 1

[AC-wlan-mshp-1] bind wlan-mesh 1

[AC-wlan-mshp-1] quit

# Configure an MKD-ID. The MKD-ID exists by default.

[AC] wlan mkd-id 0eab-01cd-ef00

# Enable the MKD service.

[AC] mkd-service enable mesh-profile 1

# Set the mesh ID as train for mesh profile 1, and enable the mesh profile.

[AC] wlan mesh-profile 1

[AC-wlan-mshp-1] mesh-id train

[AC-wlan-mshp-1] mesh-profile enable

[AC-wlan-mshp-1] quit

# Create MP policy rail_policy, disable link initiation, and disable the authenticator role.

[AC] wlan mp-policy rail_policy

[AC-wlan-mp-policy-rail_policy] undo link-initiation enable

[AC-wlan-mp-policy-rail_policy] undo role-authenticator enable

[AC-wlan-mp-policy-rail_policy] quit

# Create AP template railmp1, and specify the AP model and serial ID.

[AC] wlan ap railmp1 model WA2610X-GNP

[AC-wlan-ap-railmp1] serial-id 210235A42RB099000003

# Enable the mesh portal service.

[AC-wlan-ap-railmp1] portal-service enable

# Create radio 1, specify channel 1, map MP policy rail_policy and mesh profile 1 to the radio, and then enable the radio.

[AC-wlan-ap-railmp1] radio 1

[AC-wlan-ap-railmp1-radio-1] channel 1

[AC-wlan-ap-railmp1-radio-1] mp-policy rail_policy

[AC-wlan-ap-railmp1-radio-1] mesh-profile 1

[AC-wlan-ap-railmp1-radio-1] radio enable

[AC-wlan-ap-railmp1-radio-1] return

The configuration of other rail MPs is similar to rail MP 1.

2. Configure train MPs:

# Enable port security.

<TrainMP> system-view

[TrainMP] port-security enable

# Create WLAN mesh interface 1. Enable 11key negotiation, set a PSK, and set the port security mode as PSK mode for the interface.

[TrainMP] interface wlan-mesh 1

[TrainMP-WLAN-MESH1] port-security tx-key-type 11key

[TrainMP-WLAN-MESH1] port-security preshared-key pass-phrase 12345678

[TrainMP-WLAN-MESH1] port-security port-mode psk

[TrainMP-WLAN-MESH1] quit

# Create mesh profile 1, bind WLAN mesh interface 1 to it.

[TrainMP] wlan mesh-profile 1

[TrainMP-wlan-mshp-1] bind wlan-mesh 1

# Set the mesh ID as train for mesh profile 1, and enable the mesh profile.

[TrainMP-wlan-mshp-1] mesh-id train

[TrainMP-wlan-mshp-1] mesh-profile enable

[TrainMP-wlan-mshp-1] quit

# Create MP policy train_policy, set the value of maximum links to 8, enable MLSP, and configure the MAC address of the MLSP proxy as 000f-e287-8700.

[TrainMP] wlan mp-policy train_policy

[TrainMP-wlan-mp-policy-train_policy] link-maximum-number 8

[TrainMP-wlan-mp-policy-train_policy] mlsp enable

[TrainMP-wlan-mp-policy-train_policy] mlsp-proxy mac-address 000f-e287-8700

[TrainMP-wlan-mp-policy-train_policy] quit

# Create WLAN-Radio 1/0/2, specify channel 1, and map MP policy train_policy and mesh profile 1 to the radio.

[TrainMP] interface wlan-radio 1/0/2

[TrainMP-WLAN-Radio1/0/2] channel 1

[TrainMP-WLAN-Radio1/0/2] mp-policy train_policy

[TrainMP-WLAN-Radio1/0/2] mesh-profile 1

Troubleshooting WLAN mesh link

Authentication process not started

Symptom

A PMK MA request is sent successfully for client 000F-E27C-6C00, but the authentication process is not started.

Analysis

The portal service is enabled for an MP without wired connection.

Solution

Enter AP template view and use the display this command to verify that portal service is enabled. If yes, use command undo portal-service enable to disable the portal service.

Failure to ping MAP

Symptom

Ping from a station is not working through the MAP.

Analysis

The portal service is disabled and authenticator role is enabled for the MAP.

Solution

1. Enter AP template view and use the display this command to examine if portal service is disabled. If yes, use the portal-service enable command to enable the portal service for the MAP.

2. Enter radio view and verify if the MP policy mapped to the radio has role authenticator enabled. If yes, disable all the radios to which this MP policy is mapped.

3. Enter MP policy view and use the undo role-authenticator enable command to set the device not to play the role of an authenticator.

4. Enable all the radios.

Configuration download failure for zeroconfig device

Symptom

A zero-configuration device forms links but configuration download does not happen.

Analysis

· Channel configuration may be wrong.

· The mapped mesh profile may be wrong.

Solution

1. Go to radio view and use the display this command.

2. Verify that the channel is the same as the MPP. If not, change the channel by using the channel command.

3. Verify that the mesh profile mapped to the radio is the same as that mapped to the MPP's radio. If not, unmap the current mesh profile by using the undo mesh-profile command. Then map the correct mesh profile by using the mesh-profile command.

Configuration download failure for MP

Symptom

A mesh profile is mapped to the radio of an MP but configuration is not downloaded to the MP.

Analysis

· Verify that the security configuration has been made.

· Verify that the mapped mesh profile is enabled.

· Verify that the radio is enabled.

Solution

1. Configure the security parameters.

2. Enable the mapped mesh profile by using the mesh-profile enable command.

3. Enable the radio by using the radio enable command.

Debug error: neither local nor remote is connected to MKD

Symptom

Debug error: Neither local nor remote is connected to MKD.

Analysis

Verify if MKD service is enabled for the mapped mesh profile.

Solution

Enable the MKD service for the mesh profile by using the mkd-service enable command.

PMKMA delete is received by MPP for MP

Symptom

After the MPP comes up, an MP tries to connect to it. During this process, the AC will receive a number of PMKMA requests, and send back PMKMA responses. After that, PMKMA delete is sent to the MPP for the MP.

Analysis

Verify if intrusion detection is enabled.

Solution

If intrusion detection is enabled, disable it.

02-WLAN Configuration Guide

Normal WLAN mesh deployment

Subway WLAN mesh deployment

WLAN mesh security

Terminology of MLSP

MLSP advantages

Operation of MLSP

Formation of dormant links

Selection of active link

Deployment scenarios

Setting an MKD ID

Configuring a mesh profile

Configuring mesh portal service

Mapping a mesh profile to the radio of an MP

Mapping an MP policy to the radio of an MP

Specifying a peer on the radio

Displaying and maintaining WLAN mesh link

WLAN mesh configuration examples

Network requirements

Configuration procedure

Verifying the configuration

Network requirements

Configuration procedure

Troubleshooting WLAN mesh link

Symptom

Analysis

Solution

Symptom

Analysis

Solution

Symptom

Analysis

Solution

Symptom

Analysis

Solution

Symptom

Analysis

Solution

Symptom

Analysis

Solution

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us