HCIE-WLAN Lab Mock Exam

Version 1.0

Huawei Technologies CO., LTD.

All Rights Reserved
 HCIE-WLAN Lab Mock Exam

Contents

1 Lab Environment ............................................................................................................ 4

1.1 Physical Networking ................................................................................................................... 4
1.2 OSPFv2 & OSPFv3 ...................................................................................................................... 4
1.3 Data Plan.................................................................................................................................... 5
1.3.1 Layer 2 Parameter Planning for the HQ ............................................................................. 5
1.3.2 Layer 2 Parameter Planning for the Branch ....................................................................... 6
1.3.3 IP Address Plan for the HQ ................................................................................................ 6
1.3.4 IP Address Plan for the Branch ........................................................................................... 8
1.3.5 WLAN Parameter Planning for the HQ .............................................................................. 8
1.4 Architecture Overview ................................................................................................................ 9

2 Service Configuration for the HQ ................................................................................. 9

2.1 Performing Basic Network Configurations (20 Points) ............................................................... 9
2.2 Configuring Route Connectivity (30 Points) ............................................................................... 9
2.3 Configuring WAC HSB (100 Points) ............................................................................................ 9
2.4 Configuring IPv4 APs to Go Online (30 Points) .......................................................................... 9
2.5 Configuring IPv6 AP to Go Online and Configuring Mesh Services (150 Points) ........................ 9
2.6 Configuring WLAN Services at the HQ (220 Points) ..................................................................10
2.6.1 Configuring Portal Authentication (100 Points) ................................................................10
2.6.2 Configuring 802.1X Authentication (100 Points) ...............................................................10
2.6.3 Configuring WLAN Parameters (20 Points) .......................................................................10
2.7 Optimizing the WLAN at the HQ (100 Points) ..........................................................................10
2.7.1 Radio Calibration (50 Points) ............................................................................................10
2.7.2 WLAN Optimization (15 Points) ........................................................................................ 11
2.7.3 Application Identification and Traffic Control (35 Points) ................................................. 11
2.8 Configuring WLAN Service Reliability (100 Points).................................................................... 11
2.8.1 802.1X Authentication Bypass (50 Points) ......................................................................... 11
2.8.2 Portal Authentication Bypass (50 Points) .......................................................................... 11

3 Network Service Configurations for the Branch (250 Points) ................................. 11

3.1 Onboarding Devices (70 Points) ................................................................................................ 11
3.1.1 Onboarding AR2 (15 Points) ............................................................................................. 11
3.1.2 Configuring the LAN of AR2 (15 Points) ...........................................................................12
3.1.3 Configuring NAT (20 Points) .............................................................................................12
3.1.4 Onboarding SW4 and AP6 (20 Points) ..............................................................................12
3.2 Configuring Services for Cloud APs (180 Points) .......................................................................12
3.2.1 Creating DHCP Address Pools (30 Points) .........................................................................12
 HCIE-WLAN Lab Mock Exam

3.2.2 Creating an Authentication-Free Rule Profile (20 Points) .................................................12

3.2.3 Configuring the SSID HCIE-Guest (40 Points) ...................................................................12
3.2.4 Configuring the SSID HCIE-EM (40 Points) .......................................................................12
3.2.5 Configuring User Groups and Users (20 Points) ................................................................13
3.2.6 Creating Authentication and Authorization Rules (30 Points)...........................................13
 HCIE-WLAN Lab Mock Exam

1 Lab Environment

1.1 Physical Networking

1.2 OSPFv2 & OSPFv3

 HCIE-WLAN Lab Mock Exam

1.3 Data Plan

1.3.1 Layer 2 Parameter Planning for the HQ

Device Port Port Type VLAN Settings

AR1 GE0/0/1 Trunk PVID: 1

Allow-pass: VLANs 99 and 4090

Core-SW GE0/0/1 Trunk PVID: 1

Allow-pass: VLANs 10, 11, and 12

GE0/0/2 Trunk PVID: 1

Allow-pass: VLANs 11, 12, and 20

GE0/0/3 Trunk PVID: 1

Allow-pass: VLANs 10, 11, 12, and 20

GE0/0/5 Trunk PVID: 1

Allow-pass: VLANs 10, 11, 12, and 20

GE0/0/6 Access PVID: 4090

GE0/0/7 Access PVID: 99

Agg1 GE0/0/1 Trunk PVID: 1

Allow-pass: VLANs 10, 11, and 12

GE0/0/2 Trunk PVID: 10

Allow-pass: VLANs 10, 11, and 12

GE0/0/3 Trunk PVID: 10

Allow-pass: VLANs 10, 11, and 12

Agg2 GE0/0/1 Trunk PVID: 1

 HCIE-WLAN Lab Mock Exam

Device Port Port Type VLAN Settings

Allow-pass: VLANs 11, 12, and 20

GE0/0/2 Trunk PVID: 20

Allow-pass: VLANs 11, 12, and 20

WAC1 GE0/0/1 Trunk PVID: 1

Allow-pass: VLANs 99 and 4090

WAC2 GE0/0/1 Trunk PVID: 1

Allow-pass: VLANs 99 and 4090

1.3.2 Layer 2 Parameter Planning for the Branch

Device Port Port Type VLAN Settings

AR2 GE0/0/2 Trunk PVID: 1

Allow-pass: VLANs 100 and 200

SW4 GE0/0/1 Trunk PVID: 1

Allow-pass: VLANs 100 and 200

GE0/0/2 Trunk PVID: 1

Allow-pass: VLANs 100 and 200

1.3.3 IP Address Plan for the HQ

Device Interface IP Address

AR1 GE0/0/2 20.1.1.1/30

 HCIE-WLAN Lab Mock Exam

Device Interface IP Address

VLANIF 99 IPv4: 10.1.99.2/30

IPv6: FC01:99::2/64

Loopback 1 10.1.1.1/32

Loopback 2 FC01:2::2/64

Core-SW VLANIF 10 10.1.10.1/24

VLANIF 11 IPv4: 10.1.11.1/24

IPv6: FC01:11::1/64

VLANIF 12 IPv4: 10.1.12.1/24

IPv6: FC01:12::1/64

VLANIF 20 IPv6: FC01:20::1/64

VLANIF 99 IPv4: 10.1.99.1/30

IPv6: FC01:99::1/64

VLANIF 4090 192.168.9.1/24

WAC1 VLANIF 10 10.1.10.100/24

VRRP Virtual-IP: 10.1.10.254

VLANIF 100 FC01:100::100/64

VRRP6 virtual-IP: FC01:100::254

WAC2 VLANIF 10 10.1.10.101/24

VRRP virtual-IP: 10.1.10.254

VLANIF 100 FC01:100::101/64

VRRP6 virtual-IP: FC01:100::254
 HCIE-WLAN Lab Mock Exam

1.3.4 IP Address Plan for the Branch

Device Interface IP Address

AR2 VLANIF 1 192.168.10.1/24

VLANIF 100 192.168.100.1/24

VLANIF 200 192.168.200.1/24

GE0/0/1 20.1.1.2/30

SW4 VLANIF 1 Automatic allocation using DHCP

1.3.5 WLAN Parameter Planning for the HQ

Configuration Item Data Plan

Management VLAN IPv4: VLAN 10

IPv6: VLAN 20

Service VLAN VLANs 11 and 12

AP group HW
HW-Mesh

VAP profile HW-Guest

HW-EM

SSID profile HW-Guest

HW-EM

Security profile HW-Guest

HW-EM

Mesh-related profiles HW-Mesh

 HCIE-WLAN Lab Mock Exam

1.4 Architecture Overview

The hands-on lab environment involves two campus networks: HQ and branch. The HQ campus
network has a large scale, so the traditional WAC local deployment solution is applicable. The
branch campus network has a small scale, so the CloudCampus solution for small- and
medium-sized campus networks is applicable.

2 Network Service Configuration for the HQ (750 Points)

2.1 Performing Basic Network Configurations (20 Points)

Configure interfaces, VLANs, and IP addresses based on the preceding data plans. Ensure that
all parameters meet the planning requirements. Do not create other VLANs or IP addresses.

2.2 Configuring Route Connectivity (30 Points)

Configure OSPFv2, OSPFv3, and static routes on AR1, Core-SW, WAC1, and WAC2 to achieve the
connectivity within the HQ campus network and ensure that STAs can access the Internet. (The
minimum configuration is preferred.)

2.3 Configuring WAC HSB (100 Points)

Configure WAC1 and WAC2 based on the data plans to implement dual-stack hot standby
(HSB).

WAC1 and WAC2 need to work in HSB mode on both IPv4 and IPv6 networks. In this manner,
when the active WAC recovers from a fault, traffic can be switched back to the active WAC to
ensure stable running of APs.

Configure wireless configuration synchronization between WAC1 and WAC2 to ensure that the
public configurations are consistent between the WACs. If the public configurations are
inconsistent on WAC1 and WAC2, no point is given to this exercise.

2.4 Configuring IPv4 APs to Go Online (30 Points)

Configure AP1 and AP2 to go online on WACs. The MAC addresses of the APs are not provided
here, and you need to discover them by yourself. After the configuration is complete, the
expected AP state on WAC1 is normal and that on WAC2 is standby.

2.5 Configuring IPv6 AP to Go Online and Configuring Mesh

Services (150 Points)
Configure AP3, AP4, and AP5 to go online on WACs. The MAC addresses of the APs are not
provided here, and you need to discover them by yourself. After the configuration is complete,
the expected AP state on WAC1 is normal and that on WAC2 is standby. In addition, the APs
have obtained IPv6 addresses.

AP4 and AP5 serve as MPs and connect to the network through Mesh to provide network
services for sentry boxes in the HQ campus.
 HCIE-WLAN Lab Mock Exam

AP3, AP4, and AP5 set up mesh links using radio 1, and the channel bandwidth is 40 MHz.

2.6 Configuring WLAN Services at the HQ (220 Points)

APs at the HQ advertise two SSIDs: HW-Guest and HW-EM. Configure a WAC as the NAC
device to connect to iMaster-NCE Campus.

The SSID HW-Guest uses Portal authentication, and HW-EM uses 802.1X authentication.
iMaster-NCE Campus serves as both the RADIUS and Portal servers and has an IP address of
172.21.59.102. Initially, only the system administrator account admin and password
Huawei@123 are provided. You need to create a tenant administrator account and set the user
name to hcie-wlan1234 and the password to Huawei@123.

2.6.1 Configuring Portal Authentication (100 Points)

To enable STAs on HW-Guest to access the network through Portal authentication, meet the
following requirements:

Set the role to Guest, account to huawei01, password to Huawei@123, and user group to
HW-Guest. During authorization, set the IP network segment to 10.1.12.0/24 and the SSID to
HW-Guest.

After successful authentication and authorization, the user can access network resources at
10.2.2.2. The maximum downstream rate is 20 Mbps, and the maximum upstream rate is 10
Mbps.

The Portal page needs to use the HTTPS protocol. Enter www.HCIE-WLAN.com in the address
box of the browser. The authentication page is automatically displayed.

2.6.2 Configuring 802.1X Authentication (100 Points)

STAs on HW-EM can access the network through 802.1X authentication and access network
resources at 10.1.1.1. The maximum downstream rate is 50 Mbps, and the maximum upstream
rate is 20 Mbps.

During authentication, set the role to EM, account to huawei02, password to Huawei@123,
and user group to HW-EM.

2.6.3 Configuring WLAN Parameters (20 Points)

Set WLAN parameters for HW-Guest and HW-EM according to the data plans.

2.7 Optimizing the WLAN at the HQ (100 Points)

2.7.1 Radio Calibration (50 Points)
Use automatic radio calibration for the WLAN at the HQ for network optimization.

If the scheduled radio calibration mode is used, configure global calibration at 03:00 every day.
On the 5 GHz frequency band, the global calibration channel set includes channels 36 to 64 and
channels 149 to 165.
 HCIE-WLAN Lab Mock Exam

The frequency bandwidth is automatically adjusted. For 5 GHz radio calibration, the power
ranges from 13 dBm to 26 dBm. For 2.4 GHz radio calibration, the power ranges from 10 dBm to
22 dBm.

2.7.2 WLAN Optimization (15 Points)

To ensure Internet access quality, restrict the access of STAs whose signal-to-noise ratio (SNR)
exceeds 12 dB.

2.7.3 Application Identification and Traffic Control (35 Points)

The administrator requires that STAs connected to HW-Guest be not allowed to access gaming
or online multimedia video resources, and needs to identify the actual service usage of guests
after they associate with the WLAN.

2.8 Configuring WLAN Service Reliability (100 Points)

2.8.1 802.1X Authentication Bypass (50 Points)
When the WAC at the HQ is disconnected from the authentication server, STAs can still use local
802.1X authentication to connect to the network. Set the local authentication account to
backup and the password to Huawei@123 to ensure that STAs can access services.

2.8.2 Portal Authentication Bypass (50 Points)

High reliability of WLAN services is required at the branch. When the authentication server is
disconnected from the native AC, STAs can still access the network and services.

3 Network Service Configurations for the Branch (250 Points)

Use iMaster-NCE Campus to manage devices at the branch, including AR2, SW4, and AP6.

Set the site name to Branch.

You can select a management mode as required. Ensure that devices on the branch network can
be managed by iMaster-NCE Campus. AP6 advertises two SSIDs: HCIE-Guest and HCIE-EM.

3.1 Onboarding Devices (70 Points)

You need to log in to AR2, SW4, and AP6 to obtain their ESNs.

3.1.1 Onboarding AR2 (15 Points)

Configure a static route to ensure that AR2 can access the southbound interface address
172.21.59.102 of iMaster-NCE Campus.

Configure iMaster-NCE Campus to manage AR2. There is no restriction on the management

mode. (If AR2 cannot be managed, no point is given to this chapter — network service
configuration for the branch.)
 HCIE-WLAN Lab Mock Exam

3.1.2 Configuring LAN Parameters for AR2 (15 Points)

To enable SW4 and AP6 to obtain their IP addresses and the IP address of iMaster-NCE Campus,
create a DHCP address pool with the network segment to 192.168.10.0/24 on VLANIF 1 of AR2.

3.1.3 Configuring NAT (20 Points)

To ensure that SW4 and AP6 can access iMaster NCE-Campus, configure NAT on AR2 to achieve
network connectivity.

3.1.4 Onboarding SW4 and AP6 (20 Points)

Create VLANIF 1 on SW4 and configure SW4 to obtain an IP address through DHCP. AP6 can
obtain an IP address and go online on iMaster NCE-Campus.

3.2 Configuring Services for Cloud APs (180 Points)

AP6 advertises two SSIDs: HCIE-Guest and HCIE-EM. HCIE-Guest uses Portal authentication,
and HCIE-EM uses 802.1X authentication.

3.2.1 Creating DHCP Address Pools (30 Points)

On iMaster NCE-Campus, create two DHCP address pools: For_Guest and For_EM based on
VLAN 100 and VLAN 200, respectively, on AR2. Configure the network segment
192.168.100.0/24 for For_Guest and the network segment 192.168.200.0/24 for For_EM.

HCIE-Guest uses Portal authentication, and HCIE-EM uses 802.1X authentication.

3.2.2 Creating an Authentication-Free Rule Profile (20 Points)

Create an ACL invoked by the authentication-free rule to permit DNS resolution traffic of users.

3.2.3 Configuring the SSID HCIE-Guest (40 Points)

Configure wireless services for guests. Specifically, set the SSID to HCIE-Guest, forwarding
mode to Layer 2 forwarding, and user VLAN to VLAN 100. Also, enable Portal authentication
and configure user-based traffic limiting (maximum downstream rate: 20 Mbps; maximum
upstream rate: 10 Mbps). Create a to-be-authenticated user named huawei01 and set the
password to Huawei@123.

3.2.4 Configuring the SSID HCIE-EM (40 Points)

Configure wireless services for employees. Specifically, set the SSID to HCIE-EM, forwarding
mode to Layer 2 forwarding, and user VLAN to VLAN 200. Also, enable 802.1X authentication
and configure user-based traffic limiting (maximum downstream rate: 50 Mbps; maximum
upstream rate: 20 Mbps). Create a to-be-authenticated user named huawei02 and set the
password to Huawei@123.
 HCIE-WLAN Lab Mock Exam

3.2.5 Configuring User Groups and Users (20 Points)

Create two user groups Branch-Guest and Branch-EM.

Create users huawei01 and huawei02, and set their passwords to Huawei@123 and
Huawei@123, respectively.

3.2.6 Creating Authentication and Authorization Rules (30 Points)

Create authentication and authorization rules to ensure that users can be authenticated.