当前位置:网站首页>基于华为WAC双机VRRP热备份下旁挂三层组网隧道转发模式解决方案
基于华为WAC双机VRRP热备份下旁挂三层组网隧道转发模式解决方案
2022-07-13 18:27:00 【Eda_月白秋心】
基于华为WAC双机VRRP热备份下旁挂三层组网隧道转发模式解决方案
组网拓扑
方案思路
(1)
本案例是旁挂三层组网,隧道转发模式,AP与WAC之间是CAPWAP隧道,业务数据流量通过CAPWAP隧道转发;
其中ap管理vlan为10,业务vlan为500;
(2)
Master WAC和Backup WAC之间起VRRP双机热备份,VLAN为100,其中:
Master VRRP IP:192.168.1.11/24
Backup VRRP IP:192.168.1.21/24
VRRP Virtual-IP:192.168.1.1/24
WAC上capwap隧道的source ip add为vrrp virtual-ip 192.168.1.1;
(3)
Master WAC和Backup WAC之间互联的链路为心跳线,起HSB,同步AP组、用户接入、DHCP等信息,HSB vlan为200,其中:
Master HSB IP:192.168.2.11/24
Backup HSB IP:192.168.2.21/24
(4)
Master WAC和Backup WAC之间还需要配置同步配置来同步无线公有配置,后续Master AC上的任意公有配置操作,会自动同步给Backup Master AC;
(5)
Core Switch作为AP和业务vlan的DHCP Pool,并且也是作为AP以及业务流量的网关,其中:
AP vlan:10,gateway:10.251.1.254/24
STA vlan:500,gatwway:10.250.1.254/24
并且Core Switch上配置vlanif100:192.168.1.254/24作为VRRP的gateway;
(6)
Core Switch连接Access Switch以下的链路为2层链路,g0/0/3只需放通ap管理vlan 10;
Core Switch连接WAC的链路为3层链路,g0/0/1以及g0/0/2放通vrrp vlan 100,以及业务vlan500,不需要放通vlan10,并disable stp;
WAC的g0/0/1口放通vrrp vlan 100,以及业务vlan500,并disable stp;g0/0/2口只需要放通hsb vlan 200;
Access Switch的接口g0/0/1-g0/0/3放通ap管理vlan10,并且连接ap的接口g0/0/2-g0/0/3 pvid为vlan 10;
AP上线配置流程图
设备详细配置
Acc Switch
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk pvid vlan 10
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
Core Switch
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 500
stp disable
#
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 500
stp disable
#
#
interface GigabitEthernet0/0/3
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
#//作为WAC VRRP vlan100的gateway
interface Vlanif100
ip address 192.168.1.254 255.255.255.0
#
//配置AP管理vlan10的DHCP地址池,并且配置option43字段让AP发现AC来完成AP上线
#
interface Vlanif10
ip address 10.251.1.254 255.255.255.0
dhcp select interface
dhcp server option 43 sub-option 2 ip-address 192.168.1.1
#
//配置业务vlan500的DHCP地址池
#
interface Vlanif500
ip address 10.250.1.254 255.255.255.0
dhcp select interface
#
Master WAC
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 500
stp disable
#
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200
#
//配置vrrp
#
interface Vlanif100
ip address 192.168.1.11 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 1800
vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 30
#
#
interface Vlanif200
ip address 192.168.2.11 255.255.255.0
#
//配置hsb service 0
#
hsb-service 0
service-ip-port local-ip 192.168.2.11 peer-ip 192.168.2.21 local-data-port 1024
1 peer-data-port 10241
#
//配置hsb组,并绑定hsb service 0和track vrrp
#
hsb-group 0
track vrrp vrid 1 interface Vlanif100
bind-service 0
hsb enable
#
//配置VRRP热备份场景下的无线配置同步
#
wlan //进入WLAN视图
master controller //进入Master Controller视图
master-redundancy peer-ip ip-address 192.168.1.21 local-ip ip-address 192.168.1.11 psk [email protected] //配置AC对端和本端的IP地址,Master AC和Backup Master AC上配置的参数psk必须一致
master-redundancy track-vrrp vrid 1 interface Vlanif100 //开启VRRP通过监视接口的状态实现Master AC和Backup Master AC角色协商的功能
#
//在Master AC上手动触发无线配置同步
#
synchronize-configuration
#
//配置WAC的源接口为vrrp虚拟地址192.168.1.1
#
capwap source ip-address 192.168.1.1
#
//配置路由
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
#
//配置AP上线
#
wlan
regulatory-domain-profile name default //创建域管理模板,在域管理模板下配置AC的国家码
country-code MO //澳门地区
ap-group name ap-group1//创建AP组,用于将相同配置的AP都加入同一AP组中,AP组下引用域管理模板
regulatory-domain-profile default
ap auth-mode mac-auth //配置ap的认证方式为mac认证,默认为mac认证可以不配
ap-id 0 ap-mac 00e0-fc5e-4990 //添加ap,并且ap命名,加入到ap组中,ap的mac地址可在ap上dis int g0/0/0查看
ap-name huaweiap1
ap-group ap-group1
ap-id 1 ap-mac 00e0-fc0d-5330
ap-name huaweiap2
ap-group ap-group1
**接下来配置WLAN业务**
// WAC上配置业务vlan pool,用于给终端SAT分配所属vlan
#
vlan pool huawei
vlan 500
#
// 创建名为“huawei”的安全模板,并配置安全策略
#
wlan
security-profile name huawei
security wpa-wpa2 psk pass-phrase [email protected] aes
#
// 创建名为“huawei”的SSID模板,并配置SSID名称为“huawei”
#
wlan
ssid-profile name huawei
ssid huawei
#
// 创建名为“huawei”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板
#
wlan
vap-profile name huawei
forward-mode tunnel
service-vlan vlan-pool huawei
ssid-profile huawei
security-profile huawei
#
//最后在AP组内引用VAP模板,AP上射频0和射频1都调用VAP模板“huawei”的配置。
#
wlan
ap-group name ap-group1
vap-profile wlan-net wlan 1 radio 0
vap-profile wlan-net wlan 1 radio 1
#
Backup WAC
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100 500
stp disable
#
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200
#
#
interface Vlanif100
ip address 192.168.1.21 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1
#
#
interface Vlanif200
ip address 192.168.2.21 255.255.255.0
#
#
hsb-service 0
service-ip-port local-ip 192.168.2.21 peer-ip 192.168.2.11 local-data-port 1024
1 peer-data-port 10241
#
#
hsb-group 0
track vrrp vrid 1 interface Vlanif100
bind-service 0
hsb enable
#
//配置VRRP热备份场景下的无线配置同步
#
wlan //进入WLAN视图
master controller //进入Master Controller视图
master-redundancy peer-ip ip-address 192.168.1.11 local-ip ip-address 192.168.1.21 psk [email protected] //配置AC对端和本端的IP地址,Master AC和Backup Master AC上配置的参数psk必须一致
master-redundancy track-vrrp vrid 1 interface Vlanif100 //开启VRRP通过监视接口的状态实现Master AC和Backup Master AC角色协商的功能
#
//配置WAC的源接口为vrrp虚拟地址192.168.1.1
#
capwap source ip-address 192.168.1.1
#
//配置路由
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
#
配置验证
(1) dis vrrp brief
(2) display hsb-service 0
(3) display hsb-group 0
(4) dis capwap configuration
(5) dis ap all
(6) dis station ssid huawei
可以看到终端STA能拿到业务vlan500内的地址
并且能ping通192.168.1.1,192.168.1.254,10.250.1.254
边栏推荐
- dareu键盘灯光怎么关
- Cat and dog classification vgg16 finetune
- CVPR | self enhanced unpaired image defogging based on density and depth decomposition
- 实在智能获两大全球顶级市场调研机构双料认证,进入全球卓越阵营
- About blog migration
- Functional model
- Suddenly announce the dissolution!
- 从全球价值链视角看,京东云数智供应链对未来经济有何影响?
- 杰理之对箱左右声道设置【篇】
- [u-boot] summary of compilation, construction and use of u-boot sandbox
猜你喜欢
Image style conversion
图像风格转换
Small program graduation project of wechat enterprise company (7) Interim inspection report
小程序毕设作品之微信教室预约小程序毕业设计(2)小程序功能
Catégorisation des chiens et des chats - vgg16 bottleeck
【每日一题】二叉搜索树与双向链表
Knowledge drop personality analysis: MBTI model
How does the distribution system bring a revolution in transaction efficiency to chain convenience stores?
Wechat classroom appointment of applet completion works applet graduation design (2) applet function
From the perspective of global value chain, how will JD cloud digital intelligence supply chain affect the future economy?
随机推荐
Catégorisation des chiens et des chats - vgg16 bottleeck
一、mysql的安装部署
Force buckle 732 My schedule III
解决GD32F20X支持包安装后打开官方例程无法识别芯片问题
Fis3 create project
常用DOS命令
杰理之电话本同步蓝牙可能会没有声音【篇】
猫狗分类-VGG16-Finetune
测试基础4
Introduction to word2vec and the application of CNN in natural language
Functional model
Image style conversion
CVPR | 基于密度与深度分解的自增强非成对图像去雾
Small program graduation project of wechat enterprise company (4) opening report
malloc,vmalloc与kmalloc,free,kfree与vfree的区别和联系
word2vec介绍及CNN在自然语言中的应用
Wechat classroom reservation of applet completion works applet graduation design (3) background function
【每日一题】在二叉树中找到两个节点的最近公共祖先
2022-07 Microsoft vulnerability announcement
小程序毕设作品之微信企业公司小程序毕业设计(1)开发概要