How to Guide - Wireless Network Solutions

WiNG 5.2.2 MeshConnex tm 

How To 

April 2012 

Revision V2.2 

MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered 

trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are 

the property of their respective owners. 

© 2012 Motorola Solutions, Inc. All Rights Reserved.

1. Table Of Contents 

1. Table Of Contents .................................................................................................................. 2 

2. Preface ................................................................................................................................. 3 

2.1.1 How to Guide Pre-Requisites: ................................................................................... 3 

2.1.2 Product and Technical Requirements: ........................................................................ 3 

2.1.3 What is Meshing & MeshConnex ............................................................................ 4 

2.1.4 MeshConnex (MCX) Terminology ............................................................................ 4 

3. MeshConnex and VLANs ...................................................................................................... 6 

3.1 Non Tunneled VLANs ...................................................................................................... 6 

3.2 Tunneled VLANs ............................................................................................................. 6 

3.3 Hybrid / Tunneled and Non Tunneled ............................................................................... 7 

3.4 Note on MCX Control VLAN ............................................................................................. 7 

4. Configuring MeshConnex ..................................................................................................... 7 

4.1 Configuring MeshConnex / Non Tunneled VLANs ............................................................. 8 

4.1.1 Configure a MeshConnex Policy .............................................................................. 8 

4.1.2 Profile Configuration...............................................................................................12 

4.1.3 Profile Configuration...............................................................................................18 

4.2 Smart-RF policy configuration and assignment ..................................................................18 

4.3 Adding Profiles ..............................................................................................................22 

4.4 Configuring MeshConnex / Tunneled VLANs ..................................................................26 

4.4.1 Configure a MeshConnex Policy .............................................................................26 

4.4.2 Profile Configurations .............................................................................................28 

4.5 Configuring MeshConnex / Tunneled & Non Tunneled ....................................................41 

4.5.1 Configure a MeshConnex Policy .............................................................................41 

4.5.2 Profile Configurations .............................................................................................42 

5. RFS 6000 Running-Configuration ............................................................................................46 

5.1 Non Tunneled ...............................................................................................................46 

5.2 Tunneled ......................................................................................................................50 

5.3 Tunneled / Non Tunneled ...............................................................................................55

2. Preface 

This HOW TO guide is designed to aid the configuration of MeshConnex within the WiNG 5 

architecture and supported devices and controllers and should be used as a tool to understand 

configuration parameters to allow supported devices to mesh successfully using Mesh Connex. This 

document does not represent any form of network design criteria nor operation considerations for 

mesh networking. The guide is focused on configuring Mesh Connex with the use of a WiNG 5.2.2 

controlled management appliance (RFS Controller). MeshConnex can be configured using a Stand- 

Alone AP, or Virtual Controller. Neither of these modes is covered in this guide. 

2.1.1 How to Guide Pre-Requisites: 

Before using this guide it is important that the following pre-requisites are completed at minimum; 

- Training and certification on WiNG Architecture http://support.symbol.com. 

- You should have a working knowledge of WiNG 5.x profiles and Device Over-Ride Features 

- Have a Windows 2008 server Enterprise or Existing LAN infrastructure for client data 

transactions 

- Your network and devices should be upgraded to WiNG 5.2.2 firmware. This HOW TO guide 

does not cover upgrading of devices to the appropriate firmware revision. Product 

requirements and support are detailed below. 

- The reader has read the appropriate WiNG documentation for the release and at minimum, 

Release Notes, Motorola RFS Series Wireless LAN Controllers - WiNG System Reference 

Guide. 

Registered users may download the latest software and firmware from the Motorola 

Technical Support Site http://support.symbol.com. 

2.1.2 Product and Technical Requirements: 

NOTE :WiNG 5.2.2 is only supported on the following platforms 

- AP 71XX platforms – AP 7131 / AP 7161 

- RFS 4000, 6000, 7000 Controllers 

Prior to attempting the configuration steps below at minimum you should have the following 

working network to attempt this configuration: 

- 2 or more AP71XX 802.11n Access Points installed, configured and running WiNG 5.2.2. 

- Optional RFS Switch installed and running WiNG 5.2.2. as per the above supported platforms 

- One (or more) wireless workstations/device(s) for testing operation. 

The equipment and devices utilized for this guide were based on the following Motorola hardware 

and software versions: 

 

RFS-6000 

Motorola Solutions Motorola Solutions How To – WiNG 5.2.2 MeshConnex 3

(2) AP7161 and (1) 7131 Access Point 

WiNG 5.2.2 Firmware 

2.1.3 What is Meshing & MeshConnex 

When Wireless Access Points (AP’s) are “meshed,” they turn into a powerful, interconnected 

network that can blanket a coverage area that has no wired access such as a parking lot, industrial 

facility or even an entire city with wireless broadband access. Mesh-enabled access points not only 

deliver WiFi to users, they also act as router/repeaters for other access points in the network. The 

result is a self-forming, self-healing wireless cloud that reduces the cost of backhaul, deployment 

and system engineering. 

WiNG v5.2.2 delivers key enhancements focusing on the integration of Motorola’s patented 

MeshConnex Routing Engine into the WiNG architecture. The MeshConnex Routing Engine 

provides efficient routing, low hop latency, low routing overhead, high-speed handoffs and proven 

scalability. MeshConnex uses Motorola’s patented Layer 2 routing technology to find and establish 

throughput-optimized connections. MeshConnex compliments the existing MiNT based hop 

meshing which is an alternative meshing option. In addition ORLA, the Opportunistic Radio Link 

Adaptation, is a new rate control selection method introduced in WiNG5.2.2, which is an improved 

element of rate selection for AP7161 outdoor deployments. The guide will talk to how to enable 

this rate selection algorithm when configuring devices. 

2.1.4 MeshConnex (MCX) Terminology 

When using MCX (MeshConnex ) The APs in an (MCX) mesh are called nodes. A node with a wired 

connection back to the network is called a root node. The function of the MCX software is to 

determine the shortest path from a node, to a root node and passing packets along the path, which 

is the link(s) being utilized to allow communications between two nodes /or mesh points. Paths are 

dynamically created in MCX. The path to the root is selected by the MCX algorithm based on path 

metrics which are dictated by device topology and RF environment. A sample diagram showing this 

concept is shown in figure below. 

The Opportunistic Radio Link Adaptation (ORLA) algorithm is a key decision-making element 

designed to select data rates that will provide the best throughput. Instead of using local conditions 

to decide whether a data rate is acceptable or not, ORLA is designed to proactively probe other 

rates to determine if greater throughput is available. If these other rates do provide improved 

throughput, ORLA intelligently adjusts its selection tables to favor higher performance. ORLA 

provides improvements both on the client side of a mesh network as well as in the backhaul 

capabilities. 



3. MeshConnex and VLANs 

Before configuring MeshConnex routing it is important to understand the different configuration 

options possible when working with VLANs. Each option will require slightly different configurations. 

3.1 Non Tunneled VLANs 

With this option, WLAN traffic and Ethernet traffic from a meshed AP is forwarded via MeshConnex. 

Traffic is not tunneled over MINT. VLANs must be added to the Allowed VLAN filter in the 

MeshConnex Policy. It is not necessary to define any VLANs in the node’s bridge VLANs settings unless 

other bridging functions are required. 

3.2 Tunneled VLANs 

With this option VLANs will be created and the bridging mode set to tunnel. 

The user also has the option to tunnel the WLAN separately (the user would not create a separate 

bridge VLAN for the WLAN since it is tunneled directly). 


3.3 Hybrid / Tunneled and Non Tunneled 

With this option one of the WLANs is configured with a VLAN that is marked tunnel. The other WLAN 

and the Ethernet traffic are not tunneled. It is important to note that the tunneled WLAN VLAN should 

NOT be included in the allowed VLAN list. 

3.4 Note on MCX Control VLAN 

Note that MeshConnex utilizes a control VLAN. This VLAN is used to isolate MCX messaging 

over the wire between Root nodes. This VLAN is MCX specific and is not to be confused with 

any other control VLAN. The MCX control VLAN is configured in the Mesh Connex Policy. As 

described in the Tunneled VLAN example the MCX control VLAN must not be tunneled. 

However when using a Non tunneled VLAN setup the MCX VLAN can also be used for data. 

4. Configuring MeshConnex 

This is a 3 step process. There is an additional 4th step for auto assignment of channels for the radios in 

mesh. 

1. Configure a mesh point (node). 

2. Create profiles for AP71xx device types – (AP7131 and AP7161). In the section below we 

describe creating 2 profiles, one profile for devices to be configured as ROOT nodes (wired 

Access Points) and one more profile for Non Root nodes. 

3. Auto assign the above configured profiles for new AP71XX devices plugged into the network. Or 

manually assign these profiles to the respective APs. 

4. If the user intends to use automatic channel assignment (smart channel assignment) in the mesh 

then additional configuration is required. A Smart RF policy would need to be created and 

assigned to the RF Domain. 

Note: In the configuration steps below perform a “commit and save” after each configuration change 

unless otherwise noted. 

Note: Once all of the configuration steps below have been completed on the RFSx000 controller; 

connect all of the APs to the Ethernet switch. The controller will then configure the APs once they are 

adopted by the controller. Once configurations have been pushed to all APs, disconnect the Ethernet 

cables of all non-root nodes. 


4.1 Configuring MeshConnex / Non Tunneled VLANs 

4.1.1 Configure a MeshConnex Policy 

1. Access the GUI of the RFS x000 controller (https://) and click on: 

ConfigurationWirelessMeshConnex Policy. 

2. Click on the “Add” button at the bottom right which will take you to the MeshConnex policy 

configuration page. On this page configure the following items: 

a. Configure the Mesh Point Name. 

b. Configure the Mesh ID. (This value is sent out in beacons which identify the Mesh Point). 

c. Mesh Point status should be set to: “Enabled” 

d. Use the Beacon Format drop-down menu to select “mesh-point” or “access-point”. 

Select “mesh-point” for new installations. Select “access-point” to support compatibility 

with legacy mesh devices like the MotoMesh DUO. 


e. Leave the setting “is Root” unchecked. 

f. Set the control VLAN to “VLAN 1” for the purpose of this example. 

g. The allowed VLAN list should contain all VLANs that you wish to allow on the Mesh link 

(in this example all VLANs are available 1-4094). 

h. Set the “Neighbor Idle Timeout” value to 1 minute 

i. Provide description as required. (Optional) 

Note: Make sure the Neighbor Idle Timeout is set to 1 minute. In the CLI this is referred to 

as the neighbor inactivity-timeout. 

 

Click on OK to continue the configuration process. The “Security” and “Radio Rates” 

tabs should now be available. 


3. Click on the “Security” tab for MeshConnex security settings. 

 

 

By default the “Security Mode” configuration parameter is set to “None” 

Set this to PSK so traffic on the Mesh Links will be encrypted. 

Note: In Release 5.2.2 there is an open issue with PSK security which can cause secure 

links to not form correctly stranding devices. This bug has been fixed and will be 

available in a subsequent maintenance release. It is recommended that PSK not be used 

until the maintenance release is available. 


Once PSK is selected, you can configure the Pre-Shared key. 

Keep the Unicast and Broadcast key rotation interval at their default values. 

Click on OK and exit this configuration page. 

 

The configured parameters can be verified from the Policy page. 


4.1.2 Profile Configuration 

Profiles will be configured for your Root APs and Non-Root APs. A Root AP is an AP which has its GE1 

interface connected to the LAN (core network). In this first configuration example there is only one 

difference between the Root and Non-Root profiles (in the Non Root Profile the “is Root” option will not 

be selected under Mesh Point settings. Note that Mesh Point settings is a different configuration item 

from the MeshConnex Policy). 

1. Click on ConfigurationProfiles. Select to “Add” a new profile 

 

 

Configure a profile name that we intend to use for Root APs. 

Set the AP type to AP71XX 

2. Click on OK to active the other tabs on the page. 

3. Click on InterfaceRadios and select the 5 GHz radio. 

4. Under Radio Settings, set the Channel to a static channel (in this example 149+ was chosen). 

5. Select the Radio Placement. 


NOTE: Set the “rate selection method” as opportunistic. This is the recommended setting for outdoor 

deployments. The recommendation is based on the outdoor tests carried out proving opportunistic 

rate selection performing better in outdoor environments over standard rate selection. Also note that 

“Dynamic Chain Selection” is checked. Dynamic chain selection is useful when communicating with 

devices that don not interoperate well with 802.11n radios. The majority of 802.11abg radios do not 

require this to be selected. 

6. Click on OK. 

7. Select the WLAN/Mesh Mapping tab. 

8. Map the Mesh Point configured, to the radio. Click on OK and ext this change. 


9. Select Mesh Point from the profile configuration page and click on “Add”. 

10. Set the MeshConnex policy to the earlier configured policy name. 

11. Set “Is Root” to true. Click OK. 


12. Repeat the above steps to configure the Profile for the Non Root. 


Note: This example does not include adding a WLAN. However if the user decided to add a WLAN to this Non 

Tunneled VLAN setup the WLAN should be set to have its configured VLAN bridging mode set to “local”. Also, 

the VLAN assigned to the WLAN should be included in the Mesh Connex Policy’s “Allowed VLANs” list. This Non 

Tunneled VLAN example has the Allowed VLANs list set to 1-4094 thus any VLAN assigned to a WLAN would flow 

through the mesh. 

NOTE: The “Is Root” option should be set to None. 



4.1.3 Profile Configuration 

An additional recommended step for the Non-Root AP profile is the configuration of misconfiguration 

recovery time. This configuration is currently available from CLI in WiNG 5.2.2. 

This configuration would delay the rejection of the newest configuration push from the controller which 

might have caused the loss of adopting. 

The additional delay added is to handle cases when the new configuration from the controller causes 

the root AP to move from current operation channel to other channels resulting in mesh link going down 

and in turn non-root APs losing adoption. This delay is to accommodate the time needed for the nonroot 

AP to scan all the channels, and find the best root node and start operation on the new channel and 

then establish the mesh link re- adopt to the switch. (For countries that use DFS, the scan time is also 

factored in for the configured value). If the AP fails to find a suitable root node within this time then this 

new config is a misconfiguration and the device would reject the latest config. 

For outdoor APs running V5.2.2.0 it is recommended that the misconfiguration-recovery-time be 

disabled. This can be accomplished by setting the value to 0. Update the non root ap71xx profiles on 

the controller to include this change. 

Using an appropriate console terminal and or connection to your device log on to the CLI and follow 

these steps: 

rfs6000-xxxxxx>enable 

rfs6000-xxxxxx #configure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

rfs6000-xxxxxx (config)#profile ap71xx Non-Root AP71xx 

rfs6000-xxxxxx (config-profile-Non-Root-AP71xx)#misconfiguration-recovery-time 0 

rfs6000-xxxxxx (config-profile-Non-Root-AP71xx)# 

4.2 Smart-RF policy configuration and assignment 

If you intend to use Channel type as “Smart”, you have to configure a Smart RF policy first. Then you 

need to apply this policy to the RF Domain configured in your device profiles. Once configured and 

applied nodes will scan for the best available channels. Root nodes will pick the cleanest channel in the 

channel list (configured in your smart-rf policy). Non-root APs will also scan the channels in the 

channel-list to find the best Root AP. 

Notes on Smart RF: 

Smart channel assignment is done only if the channel configuration for a radio is set to smart 

and a smart-rf policy is applied to the rf-domain of the radios. 

Set the channel-list in the smart-rf policy to specific channels you want the APs in the mesh to 

operate. The smaller the number of channels in the channel-list the shorter the time an AP takes 

to converge to an operating channel. 

Also note if there are any DFS channels in the channel list. If a root node selects a DFS channel 

then non-root nodes may take several minutes to lock on to same channel as root (once an AP 

moves to a DFS channel it must wait and observe the CAC time before transmitting on this 

channel). This time may take up to 20 to 30 minutes depending on the CAC time of the DFS 

channel. 


1. Select the Smart RF Policy tab from Configuration Wireless 

2. Click on “Add” to take you to the Smart RF configuration page. 

- Configure the Smart RF policy name. 

- Enable the policy by clicking the check box. 


3. Click OK to confirm this configuration. 

4. The other parameters can be left to their default values unless and until they require to be 

changed. 

5. “Exit’ this configuration page. 

6. Select or configure a new RF Domain from Configuration RF Domains 

- Map the configured Smart RF Policy into the same. 



4.3 Adding Profiles 

1. Connect the AP that will be used as a root node to the wired network. 

2. Go to InterfaceConfigurationDevices 

3. After the AP is adopted click edit. 

4. Under Profile select the Root profile previously created and click OK. 

5. Repeat these steps for all of the Root nodes. 


After the Root Profile has been applied to all of the Root nodes the process is repeated on the Non Root 

nodes using the Non Root profile. 

6. Connect the Non Root AP that will be used as a root node to the wired network. 

7. Go to InterfaceConfigurationDevices 

8. After the AP is adopted click edit. 

1. Under Profile select the Non Root profile previously created and click OK. 


Important: Make sure that after commiting your profile that a save is performed. Verify that the save 

has been performed by either the CLI (show startup-config) or viewing the startup configuration from 

the Operations tab in the RFS GUI. After the Non Root profile is applied (commit / save) remove the 

wired connection to the Non Root AP. Failure to remove the wired connection could result in a 

bridging loop. 

2. Repeat these steps for all Non Root nodes 

In this example network we have (1) Root node and (2) Non Root Nodes. 

Under to StatisticsMesh Point for the Root node we see both our Non Root nodes in the Path table. 


Reminder 

In this example Non Tunneled VLANs were used. 

In our MeshConnex Policy we configured the Mesh Point to pass all VLANs 1-4094 in the Allowed 

VLANs box. 


4.4 Configuring MeshConnex / Tunneled VLANs 

In the next example MeshConnex will be configured to support Tunneled VLANs. The previously 

configured Policy and Profiles will be edited. 

This example will use the following VLAN configuration: 

Device Management 

10.0.4.0/26 - VLAN 4 

WLAN 

10.0.20.0/26 - VLAN 20 

Non Root GE1 Ethernet 

10.0.30.0/26 - VLAN 30 

Note: The RFS6000 and each AP71xx node has already been configured with virtual interface VLAN 4. A 

DHCP server has also been configured on the RFS6000 to support these VLANs. 


1. Access the GUI of the device (https://) and click on 

ConfigurationWirelessMeshConnex Policy and edit the MeshConnex Policy. 


2. Make sure the Allowed VLANs box is empty. 

3. Neighbor Idle Timeout should be 1 minute 

4. Click OK. 

Note: In this example the control VLAN utilized by Mesh is set for VLAN 1. Make sure that the data 

VLANs used are not the same as the control VLAN. In this example our data VLANs are 20 and 30. 

Thus for Release 5.2.2 do not make the Control VLAN the same as any configured tunneled VLAN. 


4.4.2 Profile Configurations 

In the next several steps the previously created profiles will be edited. 

4.4.2.1 Configure Bridge VLANs 

First edit the RFS switch profile. 

1. In the default-rfs6000 profile select Bridge VLAN and click Add. 

2. Add VLAN 4 and set the bridge mode to tunnel. Click OK. 


3. Next add VLAN 20 and set the bridging mode to tunnel. Click OK. 

4. Add VLAN 30 and set the bridging mode to tunnel. Click OK. 


You should now see all three VLANs in the default-rfs6000 profile. Commit/Save. 

5. Edit the Non Root 71xx profile Click on Bridge VLAN and click Add. 

Repeat the process and add VLANs 4, 20, and 30. 



You should now see all three VLANs added in the AP71xx Non Root profile. Commit/Save. 

6. Edit the Root AP71xx profile Click on Bridge VLAN and click Add. 

Repeat the process and add VLANs 4, 20, and 30. 


You should now see all three VLANs added in the AP71xx Root profile. Commit/Save. 


4.4.2.2 Configure WLAN 

Create a WLAN with PSK security and configure it to use VLAN 20. 

1. Click ConfigurationWireless and select Wireless LANs. Click Add. 

2. Add a WLAN name (e.g. Test). Set the bridging mode to Local (it will be tunneled since it will be 

configured with a bridge VLAN that is set to tunneled). Set the VLAN to 20. 


3. Click Security. 

4. Select PSK, WPA2-CCMP, and configure a Pre-Shared Key. 

In this example we will be adding this WLAN to our Non Root nodes. 

5. Edit the Non Root 71xx profile. Select ConfigurationProfilesNon Root 71xx and click edit. 


6. Select InterfaceRadios. Select radio1 and click edit. 


7. Under WLAN Mapping / Mesh Mapping add WLAN test to the radio. 

8. Commit / Save. 

Now any wireless station connecting to WLAN Test will be using VLAN 20. 

4.4.2.3 Configure Non Root Ethernet ports to use VLAN 30 

Next edit the Non Root Profile and configure the GE1 interface to use VLAN 30. In this 

example we are not going to trunk VLAN 30 since the devices connected to VLAN 30 will not 

be VLAN aware. 

1. Edit the Non Root 71xx profile. Select ConfigurationProfilesNon Root 71xx and click edit. 


2. Select InterfaceEthernet PortsGE1 and click edit. 

3. Change the Native VLAN to 30. Click ok. 


You should now see VLAN 30 on GE1. Commit/Save. 

Now any device connected to GE1 on any Non Root node will use VLAN 30 e.g. a laptop connected 

would receive an IP address from the DHCP pool on 10.0.30.0/26. 

Below is a screenshot of the DHCP Server Policy on the RFS6000. 


Reminder 

In this example Non Tunneled VLANs were used. 

In our MeshConnex Policy we removed all VLANs from the Allowed VLANs box. 


4.5 Configuring MeshConnex / Tunneled & Non Tunneled 

In this example the existing MeshConnex Policy and device profiles will be edited to tunnel the WLAN 

VLAN 20 and configure VLAN 4 and 30 to pass straight to MCX. 

Note: Since we will be editing the previous configured profiles which include bridge VLANs we will 

make all of the required changes first. After all of the changes have been made a commit/save will be 

performed. 


1. Access the GUI of the device (https://) and click on 

ConfigurationWirelessMeshConnex Policy and edit the MeshConnex Policy. 


2. Add VLAN 4 and VLAN 30 to the allowed VLAN list. Click OK. 

4.5.2 Profile Configurations 

1. Edit the default-rfs6000 profile. Click on NetworkBridge VLAN. Delete VLAN 4 and VLAN 30. 

Click Exit. 


2. Edit the Non Root 71xx profile. Click on NetworkBridge VLAN. Delete VLAN 4 and VLAN 30. 

Click Exit. 

3. Edit the Root AP71xx profile. Click on NetworkBridge VLAN. Delete VLAN 4 and VLAN 30. 

Click Exit. 


4. Edit WLAN test. Click on ConfigurationWirelessWireless LANs. Change the Bridging Mode 

to tunnel. Click OK. 

Click commit / save. 

Reminder 

In this example a combination of Tunneled and Non Tunneled VLANs were used. 

In our MeshConnex Policy we configured the Mesh Point to pass VLAN 4 and VLAN 30 in the Allowed 

VLANs box. 



5. RFS 6000 Running-Configuration 

5.1 Non Tunneled 

! 

! Configuration of RFS6000 version 5.2.2.0-073R 

! 

! 

version 2.1 

! 

! 

ip access-list BROADCAST-MULTICAST-CONTROL 

permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic" 

permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies" 

deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios" 

deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast" 

deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast" 

permit ip any any rule-precedence 100 rule-description "permit all IP traffic" 

! 

mac access-list PERMIT-ARP-AND-IPv4 

permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic" 

permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic" 

! 

firewall-policy default 

no ip dos tcp-sequence-past-window 

! 

firewall-policy no_firewall 

no ip dos smurf 

no ip dos twinge 

no ip dos invalid-protocol 

no ip dos router-advt 

no ip dos router-solicit 

no ip dos option-route 

no ip dos ascend 

no ip dos chargen 

no ip dos fraggle 

no ip dos snork 

no ip dos ftp-bounce 

no ip dos tcp-intercept 

no ip dos broadcast-multicast-icmp 

no ip dos land 

no ip dos tcp-xmas-scan 

no ip dos tcp-null-scan 

no ip dos winnuke 

no ip dos tcp-fin-scan 

no ip dos udp-short-hdr 

no ip dos tcp-post-syn 

no ip dos tcphdrfrag 

no ip dos ip-ttl-zero 

no ip dos ipspoof 

no ip dos tcp-bad-sequence 


no firewall enable 

! 

! 

mint-policy global-default 

! 

meshpoint-qos-policy default 

! 

wlan-qos-policy default 

qos trust dscp 

qos trust wmm 

! 


adio-qos-policy default 

! 

wlan Test 

ssid Test 

vlan 20 

bridging-mode local 

encryption-type ccmp 

authentication-type none 

wpa-wpa2 psk 0 symbol@123 

! 

ap300 default-ap300 

interface radio1 


! 

meshpoint Mesh-Connex 

meshid Mesh 

beacon-format mesh-point 

control-vlan 1 

allowed-vlans 1-4094 

neighbor inactivity-timeout 60 

security-mode psk 

wpa2 psk 0 symbol@123 

no root 

! 

smart-rf-policy Smart\ RF 

! 

dhcp-server-policy Telemetry 

dhcp-pool WLAN 

network 10.0.20.0/26 

address range 10.0.20.10 10.0.20.62 

domain-name cqe.mesh.net 

default-router 10.0.20.1 

dns-server 10.0.2.4 

dhcp-pool Ethernet 

network 10.0.30.0/26 

address range 10.0.30.10 10.0.30.62 




dhcp-pool Devices 

network 10.0.4.0/26 

address range 10.0.4.10 10.0.4.62 




! 

! 

management-policy default 

telnet 

http server 

https server 

ssh 

user admin password 1 e44b419340d0b973a154eddb646a572b59170594ee7112e3758e5e044a76dd35 role superuser access all 

user operator password 1 c1b5ac3b680b9f622eed6a6a9b482a998f81b67c190d6e15eacf2503b85a5a9e role monitor access all 

no snmp-server manager v2 

snmp-server community public ro 

snmp-server community private rw 

snmp-server user snmpoperator v3 encrypted des auth md5 0 operator 

snmp-server user snmptrap v3 encrypted des auth md5 0 motorola 

snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola 

idle-session-timeout 0 

! 

profile rfs6000 default-rfs6000 

ip name-server 10.0.2.4 

ip domain-name cqe.mesh.net 

autoinstall configuration 


autoinstall firmware 

crypto isakmp policy default 

crypto ipsec transform-set default esp-aes-256 esp-sha-hmac 

interface me1 

ip address 10.1.1.100/24 

interface up1 

ip dhcp trust 


qos trust 802.1p 

interface ge1 

ip dhcp trust 



no power 

interface ge2 

ip dhcp trust 



interface ge3 

ip dhcp trust 



interface ge4 

ip dhcp trust 



interface ge5 

ip dhcp trust 



interface ge6 

ip dhcp trust 



interface ge7 

ip dhcp trust 



interface ge8 

ip dhcp trust 



interface vlan1 

ip address dhcp 

interface wwan1 

use dhcp-server-policy Telemetry 

use firewall-policy default 

service pm sys-restart 

! 

profile ap71xx Non\ Root\ 71xx 

no autoinstall configuration 

no autoinstall firmware 


wlan Test bss 1 primary 


channel 149+ 

rate-selection opportunistic 

placement outdoor 

meshpoint Mesh-Connex bss 1 


interface ge1 

switchport mode access 

switchport access vlan 30 

ip dhcp trust 




interface ge2 

ip dhcp trust 








meshpoint-device Mesh-Connex 

name Mesh-Connex 

! 

profile ap71xx Root\ AP71xx 





channel 149+ 





interface ge1 

switchport mode trunk 

switchport trunk native vlan 1 

no switchport trunk native tagged 

switchport trunk allowed vlan 1,4,20,30 

ip arp trust 

ip dhcp trust 



interface ge2 

ip dhcp trust 










root 

! 

rf-domain default 

timezone America/New_York 

country-code us 

use smart-rf-policy Smart\ RF 

! 

rfs6000 5C-0E-8B-18-F5-7A 

use profile default-rfs6000 

use rf-domain default 

hostname rfs6000-18F57A 

license AP 

ip default-gateway 10.0.4.1 

interface ge1 




switchport trunk allowed vlan 1-4094 

ip arp trust 


ip address 10.0.4.3/26 

no ip dhcp client request options all 


ip address 10.0.30.2/26 



use firewall-policy no_firewall 

! 

ap71xx 00-15-70-C7-93-58 

use profile Non\ Root\ 71xx 


hostname ap7161-C79358 

! 

ap71xx 00-15-70-E5-A7-F8 

use profile Root\ AP71xx 


hostname AP7161-Root-49:20 

! 

ap71xx 00-23-68-0B-FA-FC 



hostname ap7131-0BFAFC 

! 

! 

end 

rfs6000-18F57A# 

5.2 Tunneled 

! 


! 

! 

version 2.1 

! 

! 








! 




! 



! 





























! 

! 


! 


! 



qos trust wmm 

! 

radio-qos-policy default 

! 

wlan Test 

ssid Test 

vlan 20 

bridging-mode local 




! 




! 


meshid Mesh 






no root 

! 


! 



network 10.0.20.0/26 

address range 10.0.20.10 10.0.20.62 





network 10.0.30.0/26 

address range 10.0.30.10 10.0.30.62 





network 10.0.4.0/26 

address range 10.0.4.10 10.0.4.62 




! 

! 


telnet 


http server 

https server 

ssh 










! 


bridge vlan 4 

bridging-mode tunnel 

ip igmp snooping 

ip igmp snooping querier 

bridge vlan 20 














interface me1 

ip address 10.1.1.100/24 

interface up1 

ip dhcp trust 



interface ge1 

ip dhcp trust 



no power 

interface ge2 

ip dhcp trust 



interface ge3 

ip dhcp trust 



interface ge4 

ip dhcp trust 



interface ge5 

ip dhcp trust 



interface ge6 

ip dhcp trust 



interface ge7 

ip dhcp trust 




interface ge8 

ip dhcp trust 









! 


bridge vlan 4 

















channel 149+ 





interface ge1 



ip dhcp trust 



interface ge2 

ip dhcp trust 










! 


bridge vlan 4 

















channel 149+ 





interface ge1 





ip arp trust 

ip dhcp trust 



interface ge2 

ip dhcp trust 










root 

! 





! 

rfs6000 5C-0E-8B-18-F5-7A 




license AP 96a945bf56a7eba8a410d4594797fecd2c4f7b55dd6d11179921fc5f1912f4a4d4482e94b9ee0d26 


interface ge1 





ip arp trust 


ip address 10.0.4.3/26 



ip address 10.0.30.2/26 



! 

ap71xx 00-15-70-C7-93-58 




! 

ap71xx 00-15-70-E5-A7-F8 




! 


ap71xx 00-23-68-0B-FA-FC 




! 

! 

end 

rfs6000-18F57A# 

5.3 Tunneled / Non Tunneled 

! 


! 

! 

version 2.1 

! 

! 








! 




! 



! 




























! 

! 



! 


! 



qos trust wmm 

! 

radio-qos-policy default 

! 

wlan Test 

ssid Test 

vlan 20 





! 




! 


meshid Mesh 



allowed-vlans 4,30 




no root 

! 


! 



network 10.0.20.0/26 

address range 10.0.20.10 10.0.20.62 





network 10.0.30.0/26 

address range 10.0.30.10 10.0.30.62 





network 10.0.4.0/26 

address range 10.0.4.10 10.0.4.62 




! 

! 


telnet 

http server 

https server 

ssh 











! 












interface me1 

ip address 10.1.1.100/24 

interface up1 

ip dhcp trust 



interface ge1 

ip dhcp trust 



no power 

interface ge2 

ip dhcp trust 



interface ge3 

ip dhcp trust 



interface ge4 

ip dhcp trust 



interface ge5 

ip dhcp trust 



interface ge6 

ip dhcp trust 



interface ge7 

ip dhcp trust 



interface ge8 

ip dhcp trust 









! 












channel 149+ 





interface ge1 



ip dhcp trust 



interface ge2 

ip dhcp trust 










! 










channel 149+ 





interface ge1 





ip arp trust 

ip dhcp trust 



interface ge2 

ip dhcp trust 










root 

! 






! 

rfs6000 5C-0E-8B-18-F5-7A 




license AP 


interface ge1 





ip arp trust 


ip address 10.0.4.3/26 



ip address 10.0.30.2/26 



! 

ap71xx 00-15-70-C7-93-58 




! 

ap71xx 00-15-70-E5-A7-F8 




! 

ap71xx 00-23-68-0B-FA-FC 




! 

! 

end

How to Guide - Wireless Network Solutions

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?