华为WLAN通过VRRP实现AC热备

1.交换机的配置

[SW]vlan batch 10 to 14 801

[SW-GigabitEthernet0/0/10]port link-type trunk

[SW-GigabitEthernet0/0/10]port trunk pvid vlan 10

[SW-GigabitEthernet0/0/10]port trunk allow-pass vlan 10 to 14

[SW-GigabitEthernet0/0/11]port link-type trunk

[SW-GigabitEthernet0/0/11]port trunk pvid vlan 10

[SW-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 to 14

[SW-GigabitEthernet0/0/1]port link-type trunk

[SW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 14 801

[SW-GigabitEthernet0/0/2]port link-type trunk

[SW-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 14 801

[SW-Vlanif801]ip address 10.1.201.1 24 //用于交换机和AC通信

配置各业务的网关

[SW-Vlanif10]ip address 10.1.10.1 24

[SW-Vlanif11]ip address 10.1.11.1 24

[SW-Vlanif12]ip address 10.1.12.1 24

[SW-Vlanif13]ip address 10.1.13.1 24

[SW-Vlanif14]ip address 10.1.14.1 24

[SW]int LoopBack 0

[SW-LoopBack0]ip add 101.101.101.101 32 //模拟公网

2.AC1的基础配置

[AC1]vlan batch 10 to 14 801

[AC1-GigabitEthernet0/0/8]port link-type trunk

[AC1-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801

配置vlan相应的三层接口IP地址

[AC1-Vlanif10]ip add 10.1.10.100 24

[AC1-Vlanif11]ip add 10.1.11.100 24

[AC1-Vlanif12]ip add 10.1.12.100 24

[AC1-Vlanif13]ip add 10.1.13.100 24

[AC1-Vlanif14]ip add 10.1.14.100 24

[AC1-Vlanif801]ip add 10.1.201.100 24

检查配置结果

[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1 //配置静态路由指向交换机

3.创建AP组

[AC1]wlan

[AC1-wlan-view]ap-group name ap-g1

[AC2]wlan

[AC2-wlan-view]ap-group name ap-g1

4.配置AP上线

开启DHCP服务

[AC1]dhcp enable

[AC1]ip pool ap

[AC1-ip-pool-ap]network 10.1.10.0 mask 24

[AC1-ip-pool-ap]gateway-list 10.1.10.1

[AC1-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100

[AC1-Vlanif10]dhcp select global

[AC1]ip pool sta1

[AC1-ip-pool-sta1]network 10.1.11.0 mask 24

[AC1-ip-pool-sta1]gateway-list 10.1.11.1

[AC1]ip pool sta2

[AC1-ip-pool-sta2]gateway-list 10.1.12.1

[AC1-ip-pool-sta2]network 10.1.12.0 mask 24

[AC1]ip pool sta3

[AC1-ip-pool-sta3]network 10.1.13.0 mask 24

[AC1-ip-pool-sta3]gateway-list 10.1.13.1

[AC1]ip pool sta4

[AC1-ip-pool-sta4]network 10.1.14.0 mask 24

[AC1-ip-pool-sta4]gateway-list 10.1.14.1

[AC1-Vlanif11]dhcp select global

[AC1-Vlanif12]dhcp select global

[AC1-Vlanif13]dhcp select global

[AC1-Vlanif14]dhcp select global

配置业务vlan pool：vlan分配算法为hash

[AC1]vlan pool sta-p1

[AC1-vlan-pool-sta-p1]vlan 11 12

[AC1-vlan-pool-sta-p1]assignment hash

[AC1]vlan pool sta-p2

[AC1-vlan-pool-sta-p2]vlan 13 14

[AC1-vlan-pool-sta-p2]assignment hash

配置域管理模板

[AC1-wlan-view]regulatory-domain-profile name dom

[AC1-wlan-regulate-domain-dom]country-code cn

[AC1]capwap source interface Vlanif 801 //AC1的源接口

配置AP认证：MAC认证

[AC1]wlan

[AC1-wlan-view]ap auth-mode mac-auth

[AC1-wlan-view]ap-mac 00e0-fc57-7ff0 ap-id 0

[AC1-wlan-ap-0]ap-group ap-g1

[AC1-wlan-ap-0]ap-name ap1

[AC1-wlan-view]ap-mac 00e0-fcab-3850 ap-id 1

[AC1-wlan-ap-1]ap-group ap-g1

[AC1-wlan-ap-1]ap-name ap2

5.AC1上配置WLAN业务

创建安全模板，配置安全策略

[AC1]wlan

[AC1-wlan-view]security-profile name yw1

[AC1-wlan-sec-prof-yw1]security open

[AC1-wlan-view]security-profile name yw2

[AC1-wlan-sec-prof-yw2]security wpa2 psk pass-phrase a1234567 aes

创建SSID模板

[AC1-wlan-view]ssid-profile name yw1

[AC1-wlan-ssid-prof-yw1]ssid yw1

[AC1-wlan-view]ssid-profile name yw2

[AC1-wlan-ssid-prof-yw2]ssid yw2

创建vap模板，并引用安全和SSID模板

[AC1-wlan-view]vap-profile name yw1

[AC1-wlan-vap-prof-yw1]forward-mode tunnel

[AC1-wlan-vap-prof-yw1]service-vlan vlan-pool sta-p1

[AC1-wlan-vap-prof-yw1]security-profile yw1

[AC1-wlan-vap-prof-yw1]ssid-profile yw1

[AC1-wlan-view]vap-profile name yw2

[AC1-wlan-vap-prof-yw2]forward-mode direct-forward

[AC1-wlan-vap-prof-yw2]service-vlan vlan-pool sta-p2

[AC1-wlan-vap-prof-yw2]security-profile yw2

[AC1-wlan-vap-prof-yw2]ssid-profile yw2

AP组引用域管理模板和vap模板

[AC1-wlan-view]ap-group name ap-g1

[AC1-wlan-ap-group-ap-g1]regulatory-domain-profile dom

[AC1-wlan-ap-group-ap-g1]vap-profile yw1 wlan 1 radio all

[AC1-wlan-ap-group-ap-g1]vap-profile yw2 wlan 2 radio all

查看vap状态

6.配置备用AC2的基础

[AC2]vlan batch 10 to 14 801

[AC2-GigabitEthernet0/0/8]port link-type trunk

[AC2-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801

[AC2-Vlanif10]ip add 10.1.10.200 24

[AC2-Vlanif11]ip add 10.1.11.200 24

[AC2-Vlanif12]ip add 10.1.12.200 24

[AC2-Vlanif13]ip add 10.1.13.200 24

[AC2-Vlanif14]ip add 10.1.14.200 24

[AC2-Vlanif801]ip add 10.1.201.200 24

[AC2]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1

创建AP组

[AC2-wlan-view]ap-group name ap-g1

开启DHCP服务

[AC2]dhcp enable

[AC2]ip pool ap

[AC2-ip-pool-ap]network 10.1.10.0 mask 24

[AC2-ip-pool-ap]gateway-list 10.1.10.1

[AC2-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100

[AC2-Vlanif10]dhcp select global

[AC2]ip pool sta1

[AC2-ip-pool-sta1]network 10.1.11.0 mask 24

[AC2-ip-pool-sta1]gateway-list 10.1.11.1

[AC2]ip pool sta2

[AC2-ip-pool-sta2]network 10.1.12.0 mask 24

[AC2-ip-pool-sta2]gateway-list 10.1.12.1

[AC2-ip-pool-sta2]ip pool sta3

[AC2-ip-pool-sta3]network 10.1.13.0 mask 24

[AC2-ip-pool-sta3]gateway-list 10.1.13.1

[AC2-ip-pool-sta3]ip pool sta4

[AC2-ip-pool-sta4]network 10.1.14.0 mask 24

[AC2-ip-pool-sta4]gateway-list 10.1.14.1

使vlanif接口能DHCP功能

[AC2-Vlanif11]dhcp select global

[AC2-Vlanif12]dhcp select global

[AC2-Vlanif13]dhcp select global

[AC2-Vlanif14]dhcp select global

配置vlan pool，用于业务vlan

[AC2]vlan pool sta-p1

[AC2-vlan-pool-sta-p1]vlan 11 12

[AC2-vlan-pool-sta-p1]assignment hash

[AC2]vlan pool sta-p2

[AC2-vlan-pool-sta-p2]vlan 13 14

[AC2-vlan-pool-sta-p2]assignment hash

7. 配置AC2域管理模板

   [AC2-wlan-view]regulatory-domain-profile name dom

   [AC2-wlan-regulate-domain-dom]country-code cn

   8.配置AC2的源接口

   [AC2]capwap source interface Vlanif 801

   9.配置AC2的AP认证

   [AC2]wlan

   [AC2-wlan-view]ap auth-mode mac-auth

   [AC2-wlan-view]ap-mac 00e0-fc57-7ff0 ap-id 0

   [AC2-wlan-ap-0]ap-group ap-g1

   [AC2-wlan-ap-0]ap-name ap1

   [AC2-wlan-view]ap-mac 00e0-fcab-3850 ap-id 1

   [AC2-wlan-ap-1]ap-name ap2

   [AC2-wlan-ap-1]ap-group ap-g1

   10.AC2上配置WLAN业务参数

   创建安全模板，配置安全策略

   [AC2]wlan

   [AC2-wlan-view]security-profile name yw1

   [AC2-wlan-sec-prof-yw1]security open

   [AC2-wlan-view]security-profile name yw2

   [AC2-wlan-sec-prof-yw2]security wpa2 psk pass-phrase a1234567 aes

   创建ssid模板

   [AC2-wlan-view]ssid-profile name yw1

   [AC2-wlan-ssid-prof-yw1]ssid yw1

   [AC2-wlan-view]ssid-profile name yw2

   [AC2-wlan-ssid-prof-yw2]ssid yw2

   创建VAP模板，转发模式为直接转发，引用安全和ssid模板

   [AC2-wlan-view]vap-profile name yw1

   [AC2-wlan-vap-prof-yw1]forward-mode tunnel

   [AC2-wlan-vap-prof-yw1]service-vlan vlan-pool sta-p1

   [AC2-wlan-vap-prof-yw1]security-profile yw1

   [AC2-wlan-vap-prof-yw1]ssid-profile yw1

   [AC2-wlan-view]vap-profile name yw2

   [AC2-wlan-vap-prof-yw2]forward-mode direct-forward

   [AC2-wlan-vap-prof-yw2]service-vlan vlan-pool sta-p2

   [AC2-wlan-vap-prof-yw2]security-profile yw2

   [AC2-wlan-vap-prof-yw2]ssid-profile yw2

   AP组引用管理模板和VAP模板

   [AC2-wlan-view]ap-group name ap-g1

   [AC2-wlan-ap-group-ap-g1]regulatory-domain-profile dom

   [AC2-wlan-ap-group-ap-g1]vap-profile yw1 wlan 1 radio all

   [AC2-wlan-ap-group-ap-g1]vap-profile yw2 wlan 2 radio all

   11.在主AC1上配置VRRP实现双机热备份

   创建管理vrrp备份组，优先级为120，抢占时间为120秒

   [AC1]int Vlanif 801

   [AC1-Vlanif801]vrrp vrid 1 Virtual-ip 10.1.201.3

   [AC1-Vlanif801]vrrp vrid 1 priority 120

   [AC1-Vlanif801]vrrp vrid 1 preempt-mode timer delay 120

   [AC1-Vlanif801]admin-vrrp vrid 1

   创建业务vrrp备份组

   [AC1]int Vlanif 10

   [AC1-Vlanif10]vrrp vrid 2 Virtual-ip 10.1.10.3

   [AC1-Vlanif10]vrrp vrid 2 preempt-mode timer delay 120

   [AC1-Vlanif10]vrrp vrid 2 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC1-Vlanif10]int Vlanif 11

   [AC1-Vlanif11]vrrp vrid 3 Virtual-ip 10.1.11.3

   [AC1-Vlanif11]vrrp vrid 3 preempt-mode timer delay 120

   [AC1-Vlanif11]vrrp vrid 3 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC1-Vlanif11]int Vlanif 12

   [AC1-Vlanif12]vrrp vrid 4 Virtual-ip 10.1.12.3

   [AC1-Vlanif12]vrrp vrid 4 preempt-mode timer delay 120

   [AC1-Vlanif12]vrrp vrid 4 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC1-Vlanif12]int Vlanif 13

   [AC1-Vlanif13]vrrp vrid 5 Virtual-ip 10.1.13.3

   [AC1-Vlanif13]vrrp vrid 5 preempt-mode timer delay 120

   [AC1-Vlanif13]vrrp vrid 5 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC1-Vlanif13]int Vlanif 14

   [AC1-Vlanif14]vrrp vrid 6 Virtual-ip 10.1.14.3

   [AC1-Vlanif14]vrrp vrid 6 preempt-mode timer delay 120

   [AC1-Vlanif14]vrrp vrid 6 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   配置VRRP备份组的状态恢复延迟时间为30秒

   [AC1]vrrp recover-delay 30

   创建HSB主备服务0：配置主备通道IP地址和端口号，报文重传次数和发送间隔

   [AC1]hsb-service 0

   [AC1-hsb-service-0]service-ip-port local-ip 10.1.201.100 peer-ip 10.1.201.200 local-data-port 10241 peer-data-port 10241

   [AC1-hsb-service-0]service-keep-alive detect retransmit 2 interval 1

   创建HSB备份组0，邦迪HSB主备服务0和管理vrrp备份组

   [AC1]hsb-group 0

   [AC1-hsb-group-0]bind-service 0

   [AC1-hsb-group-0]track vrrp vrid 1 interface Vlanif 801

   配置NAC业务绑定HSB备份组

   [AC1]hsb-service-type access-user hsb-group 0

   配置wlan业务绑定HSB备份组

   [AC1]hsb-service-type ap hsb-group 0

   配置dhcp业务绑定HSB备份组

   [AC1]hsb-service-type dhcp hsb-group 0

   使能双机热备功能

   [AC1]hsb-group 0

   [AC1-hsb-group-0]hsb enable

   更改AC1源接口

   [AC1]undo capwap source interface Vlanif 801

   [AC1]capwap source ip-address 10.1.201.3

   配置dhcp服务器的option 43字段

   [AC1]dhcp server database enable

   [AC1]dhcp server database recover

   [AC1-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.3

   12.备用AC2的配置

   创建管理vrrp备份组

   [AC2]int Vlanif 801

   [AC2-Vlanif801]vrrp vrid 1 Virtual-ip 10.1.201.3

   [AC2-Vlanif801]admin-vrrp vrid 1

   创建业务vlan备份组

   [AC2]int Vlanif 10

   [AC2-Vlanif10]vrrp vrid 2 Virtual-ip 10.1.10.3

   [AC2-Vlanif10]vrrp vrid 2 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC2]int Vlanif 11

   [AC2-Vlanif11]vrrp vrid 3 Virtual-ip 10.1.11.3

   [AC2-Vlanif11]vrrp vrid 3 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC2-Vlanif11]int Vlanif 12

   [AC2-Vlanif12]vrrp vrid 4 Virtual-ip 10.1.12.3

   [AC2-Vlanif12]vrrp vrid 4 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC2-Vlanif12]int Vlanif 13

   [AC2-Vlanif13]vrrp vrid 5 Virtual-ip 10.1.13.3

   [AC2-Vlanif13]vrrp vrid 5 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   [AC2-Vlanif13]int Vlanif 14

   [AC2-Vlanif14]vrrp vrid 6 Virtual-ip 10.1.14.3

   [AC2-Vlanif14]vrrp vrid 6 track admin-vrrp interface Vlanif 801 vrid 1 unflowdown

   配置备份组状态恢复延迟为30秒

   [AC2]vrrp recover-delay 30

   创建HSB主备服务0

   [AC2]hsb-service 0

   [AC2-hsb-service-0]service-ip-port local-ip 10.1.201.200 peer-ip 10.1.201.100 local-data-port 10241 peer-data-port 10241

   [AC2-hsb-service-0]service-keep-alive detect retransmit 2 interval 1

   创建HSB备份服务组0，绑定HSB主备服务0和管理vrrp备份组

   [AC2]hsb-group 0

   [AC2-hsb-group-0]bind-service 0

   [AC2-hsb-group-0]track vrrp vrid 1 interface Vlanif 801

   配置NAC业务绑定HSB备份组

   [AC2]hsb-service-type access-user hsb-group 0

   配置WLAN业务绑定HSB备份组

   [AC2]hsb-service-type ap hsb-group 0

   配置dhcp业务绑定备份组

   [AC2]hsb-service-type dhcp hsb-group 0

   使能双机热备功能

   [AC2]hsb-group 0

   [AC2-hsb-group-0]hsb enable

   更改AC2的源接口

   [AC2]undo capwap source interface Vlanif 801

   [AC2]capwap source ip-address 10.1.201.3

   修改DHCP服务器的option 43字段

   [AC2]dhcp server database enable

   [AC2]dhcp server database recover

   [AC2]ip pool ap

   [AC2-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.3

   12.结果验证