华为WLAN通过双链路实现AC热备

原创

Tony7483 2021-02-09 22:35:02 ©著作权

©著作权归作者所有：来自51CTO博客作者Tony7483的原创作品，请联系作者获取转载授权，否则将追究法律责任

1.交换机的配置 [SW]vlan batch 10 to 14 801 [SW-GigabitEthernet0/0/10]port link-type trunk [SW-GigabitEthernet0/0/10]port trunk pvid vlan 10 [SW-GigabitEthernet0/0/10]port trunk allow-pass vlan 10 to 14 [SW-GigabitEthernet0/0/11]port link-type trunk
[SW-GigabitEthernet0/0/11]port trunk pvid vlan 10 [SW-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 to 14 [SW-GigabitEthernet0/0/1]port link-type trunk
[SW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 14 801 [SW-GigabitEthernet0/0/2]port link-type trunk [SW-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 14 801 [SW-Vlanif801]ip address 10.1.201.1 24 //用于交换机和AC通信配置各业务的网关 [SW-Vlanif10]ip address 10.1.10.1 24 [SW-Vlanif11]ip address 10.1.11.1 24 [SW-Vlanif12]ip address 10.1.12.1 24 [SW-Vlanif13]ip address 10.1.13.1 24 [SW-Vlanif14]ip address 10.1.14.1 24 [SW]int LoopBack 0 [SW-LoopBack0]ip add 101.101.101.101 32 //模拟公网 2.AC1的基础配置 [AC1]vlan batch 10 to 14 801 [AC1-GigabitEthernet0/0/8]port link-type trunk [AC1-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801 配置vlan相应的三层接口IP地址 [AC1-Vlanif10]ip add 10.1.10.100 24 [AC1-Vlanif11]ip add 10.1.11.100 24 [AC1-Vlanif12]ip add 10.1.12.100 24 [AC1-Vlanif13]ip add 10.1.13.100 24 [AC1-Vlanif14]ip add 10.1.14.100 24 [AC1-Vlanif801]ip add 10.1.201.100 24 检查配置结果 [AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1 //配置静态路由指向交换机 3.创建AP组 [AC1]wlan [AC1-wlan-view]ap-group name ap-g1 [AC2]wlan [AC2-wlan-view]ap-group name ap-g1 4.配置AP上线开启DHCP服务 [AC1]dhcp enable [AC1]ip pool ap [AC1-ip-pool-ap]network 10.1.10.0 mask 24 [AC1-ip-pool-ap]gateway-list 10.1.10.1 [AC1-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100 [AC1-Vlanif10]dhcp select global [AC1]ip pool sta1 [AC1-ip-pool-sta1]network 10.1.11.0 mask 24 [AC1-ip-pool-sta1]gateway-list 10.1.11.1 [AC1]ip pool sta2 [AC1-ip-pool-sta2]gateway-list 10.1.12.1 [AC1-ip-pool-sta2]network 10.1.12.0 mask 24 [AC1]ip pool sta3 [AC1-ip-pool-sta3]network 10.1.13.0 mask 24 [AC1-ip-pool-sta3]gateway-list 10.1.13.1
[AC1]ip pool sta4 [AC1-ip-pool-sta4]network 10.1.14.0 mask 24 [AC1-ip-pool-sta4]gateway-list 10.1.14.1 [AC1-Vlanif11]dhcp select global [AC1-Vlanif12]dhcp select global [AC1-Vlanif13]dhcp select global [AC1-Vlanif14]dhcp select global 配置业务vlan pool：vlan分配算法为hash [AC1]vlan pool sta-p1 [AC1-vlan-pool-sta-p1]vlan 11 12 [AC1-vlan-pool-sta-p1]assignment hash [AC1]vlan pool sta-p2 [AC1-vlan-pool-sta-p2]vlan 13 14 [AC1-vlan-pool-sta-p2]assignment hash 配置域管理模板 [AC1-wlan-view]regulatory-domain-profile name dom1 [AC1-wlan-regulate-domain-dom]country-code cn [AC1]capwap source interface Vlanif 801 //AC1的源接口配置AP认证：MAC认证 [AC1]wlan [AC1-wlan-view]ap auth-mode mac-auth [AC1-wlan-view]ap-mac 00e0-fc96-3580 ap-id 0 [AC1-wlan-ap-0]ap-group ap-g1 [AC1-wlan-ap-0]ap-name ap1 [AC1-wlan-view]ap-mac 00e0-fcb5-5820 ap-id 1 [AC1-wlan-ap-1]ap-group ap-g1 [AC1-wlan-ap-1]ap-name ap2 5.AC1上配置WLAN业务创建安全模板，配置安全策略 [AC1]wlan [AC1-wlan-view]security-profile name kh1 [AC1-wlan-sec-prof-kh1]security open [AC1-wlan-view]security-profile name zg1 [AC1-wlan-sec-prof-zg1]security wpa2 psk pass-phrase a1234567 aes 创建SSID模板 [AC1-wlan-view]ssid-profile name kh1 [AC1-wlan-ssid-prof-kh1]ssid kh1 [AC1-wlan-view]ssid-profile name zg1 [AC1-wlan-ssid-prof-zg1]ssid zg1 创建vap模板，并引用安全和SSID模板 [AC1-wlan-view]vap-profile name kh1 [AC1-wlan-vap-prof-kh1]forward-mode direct-forward [AC1-wlan-vap-prof-kh1]service-vlan vlan-pool sta-p1 [AC1-wlan-vap-prof-kh1]security-profile kh1 [AC1-wlan-vap-prof-kh1]ssid-profile kh1 [AC1-wlan-view]vap-profile name zg1 [AC1-wlan-vap-prof-zg1]forward-mode direct-forward [AC1-wlan-vap-prof-zg1]service-vlan vlan-pool sta-p2 [AC1-wlan-vap-prof-zg1]security-profile zg1 [AC1-wlan-vap-prof-zg1]ssid-profile zg1 AP组引用域管理模板和vap模板 [AC1-wlan-view]ap-group name ap-g1 [AC1-wlan-ap-group-ap-g1]regulatory-domain-profile dom1 [AC1-wlan-ap-group-ap-g1]vap-profile kh1 wlan 1 radio all [AC1-wlan-ap-group-ap-g1]vap-profile zg1 wlan 2 radio all 查看vap状态 6.配置备用AC2的基础 [AC2]vlan batch 10 to 14 801 [AC2-GigabitEthernet0/0/8]port link-type trunk [AC2-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801 [AC2-Vlanif10]ip add 10.1.10.200 24 [AC2-Vlanif11]ip add 10.1.11.200 24 [AC2-Vlanif12]ip add 10.1.12.200 24 [AC2-Vlanif13]ip add 10.1.13.200 24 [AC2-Vlanif14]ip add 10.1.14.200 24 [AC2-Vlanif801]ip add 10.1.201.200 24 [AC2]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1 创建AP组 [AC2-wlan-view]ap-group name ap-g1 开启DHCP服务 [AC2]dhcp enable [AC2]ip pool ap [AC2-ip-pool-ap]network 10.1.10.0 mask 24 [AC2-ip-pool-ap]gateway-list 10.1.10.1 [AC2-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100 [AC2-Vlanif10]dhcp select global [AC2]ip pool sta1 [AC2-ip-pool-sta1]network 10.1.11.0 mask 24 [AC2-ip-pool-sta1]gateway-list 10.1.11.1 [AC2]ip pool sta2 [AC2-ip-pool-sta2]network 10.1.12.0 mask 24 [AC2-ip-pool-sta2]gateway-list 10.1.12.1
[AC2-ip-pool-sta2]ip pool sta3 [AC2-ip-pool-sta3]network 10.1.13.0 mask 24 [AC2-ip-pool-sta3]gateway-list 10.1.13.1
[AC2-ip-pool-sta3]ip pool sta4 [AC2-ip-pool-sta4]network 10.1.14.0 mask 24 [AC2-ip-pool-sta4]gateway-list 10.1.14.1 使vlanif接口能DHCP功能 [AC2-Vlanif11]dhcp select global [AC2-Vlanif12]dhcp select global [AC2-Vlanif13]dhcp select global [AC2-Vlanif14]dhcp select global 配置vlan pool，用于业务vlan [AC2]vlan pool sta-p1 [AC2-vlan-pool-sta-p1]vlan 11 12 [AC2-vlan-pool-sta-p1]assignment hash [AC2]vlan pool sta-p2 [AC2-vlan-pool-sta-p2]vlan 13 14
[AC2-vlan-pool-sta-p2]assignment hash 7. 配置AC2域管理模板 [AC2-wlan-view]regulatory-domain-profile name dom1 [AC2-wlan-regulate-domain-dom]country-code cn 8.配置AC2的源接口 [AC2]capwap source interface Vlanif 801 9.配置AC2的AP认证 [AC2]wlan [AC2-wlan-view]ap auth-mode mac-auth [AC2-wlan-view]ap-mac 00e0-fc96-3580 ap-id 0 [AC2-wlan-ap-0]ap-group ap-g1 [AC2-wlan-ap-0]ap-name ap1 [AC2-wlan-view]ap-mac 00e0-fcb5-5820 ap-id 1 [AC2-wlan-ap-1]ap-name ap2 [AC2-wlan-ap-1]ap-group ap-g1 10.AC2上配置WLAN业务参数创建安全模板，配置安全策略 [AC2]wlan [AC2-wlan-view]security-profile name kh1 [AC2-wlan-sec-prof-kh1]security open [AC2-wlan-view]security-profile name zg1 [AC2-wlan-sec-prof-zg1]security wpa2 psk pass-phrase a1234567 aes 创建ssid模板 [AC2-wlan-view]ssid-profile name kh1 [AC2-wlan-ssid-prof-kh1]ssid kh1 [AC2-wlan-view]ssid-profile name zg1 [AC2-wlan-ssid-prof-zg1]ssid zg1 创建VAP模板，转发模式为直接转发，引用安全和ssid模板 [AC2-wlan-view]vap-profile name kh1 [AC2-wlan-vap-prof-kh1]forward-mode direct-forward [AC2-wlan-vap-prof-kh1]service-vlan vlan-pool sta-p1 [AC2-wlan-vap-prof-kh1]security-profile kh1 [AC2-wlan-vap-prof-kh1]ssid-profile kh1 [AC2-wlan-view]vap-profile name zg1 [AC2-wlan-vap-prof-zg1]forward-mode direct-forward [AC2-wlan-vap-prof-zg1]service-vlan vlan-pool sta-p2 [AC2-wlan-vap-prof-zg1]security-profile zg1 [AC2-wlan-vap-prof-zg1]ssid-profile zg1 AP组引用管理模板和VAP模板 [AC2-wlan-view]ap-group name ap-g1 [AC2-wlan-ap-group-ap-g1]regulatory-domain-profile dom1 [AC2-wlan-ap-group-ap-g1]vap-profile kh1 wlan 1 radio all [AC2-wlan-ap-group-ap-g1]vap-profile zg1 wlan 2 radio all 11.在主AC1和AC2上配置双链路备份 [AC1-wlan-view]ac protect enable [AC1-wlan-view]ac protect protect-ac 10.1.201.200 priority 1 [AC2-wlan-view]ac protect enable [AC2-wlan-view]ac protect protect-ac 10.1.201.100 priority 5 [AC1-wlan-view]ap-reset all //重启AP 12.配置双机热备份在主AC1上配置 [AC1]hsb-service 0 [AC1-hsb-service-0]service-ip-port local-ip 10.1.201.100 peer-ip 10.1.201.200 local-data-port 10241 peer-data-port 10241 //创建HSB主备服务0 [AC1]hsb-service-type ap hsb-service 0 //将wlan业务绑定HSB主备服务 [AC1]hsb-service-type access-user hsb-service 0 //将NAC业务绑定HSB主备服务在备AC2上配置 [AC2]hsb-service 0 [AC2-hsb-service-0]service-ip-port local-ip 10.1.201.200 peer-ip 10.1.201.100 local-data-port 10241 peer-data-port 10241 [AC2]hsb-service-type ap hsb-service 0 [AC2]hsb-service-type access-user hsb-service 0 13.结果验证查看双链路备份的配置信息查看主备服务建立情况查看AP情况将AC1与交换机连线断掉，1分30秒后在AC2上查看ap情况