No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples(V100 and V200)

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Standalone AC Solution: Core Switches Function as the Gateway for Wired and Wireless Users

Standalone AC Solution: Core Switches Function as the Gateway for Wired and Wireless Users

Networking Requirements

Core switches set up a CSS that functions as the core of the entire campus network to implement high network reliability and forwarding of a large amount of data. A standalone AC is deployed in off-path mode. It functions as a gateway to assign IP addresses to APs and centrally manages APs on the entire network.

Aggregation switches set up stacks to implement device-level backup and increase the interface density and forwarding bandwidth.

In this example, core switches set up a CSS that functions as the gateway for wired and wireless users on the entire network and is responsible for routing and forwarding of user services.

Figure 2-11 Core switches functioning as the gateway + standalone ACs

Device Requirements and Versions

Location

Device Requirement

Device Used in This Example

Version Used in This Example

Core layer

-

S12700E

V200R019C10

Aggregation layer

-

S5731-H

Access layer

-

S5735-L

AC

-

AC6605

AP

-

AP6050DN

V200R019C00

Deployment Roadmap

Step

Deployment Roadmap

Devices Involved

1

Configure CSS, stacking, MAD, and uplink and downlink Eth-Trunk interfaces on switches.

Core and aggregation switches

2

Configure interfaces and VLANs on the switches and ACs and configure IP addresses and routes for Layer 3 interfaces to ensure network connectivity.

Core, aggregation, and access switches and ACs

3

Configure DHCP on the CSS and ACs so that the CSS function as a DHCP server to assign IP addresses to wired and wireless users and that the ACs function as DHCP servers to assign IP addresses to APs.

Core switches and ACs

4

Configure VRRP and HSB on ACs.

ACs

5

Configure wireless services on ACs so that APs and STAs can go online.

ACs

6

Configure wireless configuration synchronization in the scenario where VRRP and HSB are configured.

ACs

Data Plan

Table 2-24 Service data plan for core switches

Item

VLAN ID

Network Segment

Service VLANs for wireless users (AP1)

VLAN 30

172.16.30.0/24

VLAN 40

172.16.40.0/24

Service VLAN for a wired user (PC1)

VLAN 50

172.16.50.0/24

Service VLAN for a wired user (PC2)

VLAN 60

172.16.60.0/24

VLAN for communication with CORE-ACs

VLAN 20

192.168.20.20/24

VLAN for communication with servers

VLAN 1000

192.168.11.254/24
Table 2-25 Service data plan for CORE-ACs

Item

VLAN ID

Network Segment

Management VLAN for APs

VLAN 20

172.16.20.0/24

VLAN for communication between CORE-AC1 and CORE-AC2

VLAN 100

172.16.100.0/24

VLAN for wireless configuration synchronization between CORE-AC1 and CORE-AC2 in an HSB group

VLAN 200

172.16.200.0/24
Table 2-26 Wireless service data plan for CORE-ACs

Item

Data

AP group

ap-group1

Regulatory domain profile

domain1

SSID profiles

test01, test02

VAP profiles

vap1, vap2 (The data forwarding mode in the VAP profiles is direct forwarding.)

CAPWAP source interface and IP address (CORE-AC1)

VLANIF 20: 192.168.20.1/24

CAPWAP source interface and IP address (CORE-AC2)

VLANIF 20: 192.168.20.2/24

Deployment Precautions

  • It is not recommended that VLAN 1 be used as the management VLAN or a service VLAN. Remove all interfaces from VLAN 1. Allow an interface to transparently transmit packets from a VLAN based on actual service requirements. Do not allow an interface to transparently transmit packets from all VLANs.
  • In direct forwarding mode, it is recommended that different VLANs be used as the management VLAN and service VLAN. Otherwise, service interruptions may occur. If a VLAN is configured as both the management VLAN and service VLAN, and the interface connecting a switch to an AP has the management VLAN ID as the PVID, downstream packets in the service VLAN are terminated when going out from the switch. In this case, services are interrupted.
  • In direct forwarding mode, service packets from APs are not encapsulated in CAPWAP tunnels, but are directly forwarded to the upper-layer network. Service packets and management packets can be transmitted properly only if the network between APs and the upper-layer network is added to the service VLAN and the network between ACs and APs is added to the management VLAN.
  • WLAN service configurations (for example, WMM profile, radio profile, radio, traffic profile, security profile, security policy, and WLAN ID) of the AP associated with the master and backup ACs must be consistent on the two ACs; otherwise, user services may be affected after a master/backup switchover between the ACs.

  • The models and software versions of the master and backup ACs must be the same.

  • When deploying the DHCP server in the scenario where VRRP and HSB are configured, note the following:
    • In versions earlier than V200R019C00, the DHCP server-enabled interface must be the interface on which a VRRP group is created. Otherwise, the master and backup ACs will allocate IP addresses at the same time. In V200R019C00 and later versions, there is no restriction on the DHCP server-enabled interface. Only the master AC allocates IP addresses. IP address allocation information on the master AC will be synchronized to the backup AC.
    • The IP address pools configured on the master and backup ACs must be the same. If they are different, data backup between the master and backup ACs will fail.
    • You need to run the hsb-service-type dhcp hsb-group group-index command to bind the DHCP service to the HSB group. Otherwise, IP address allocation information on the master and backup ACs cannot be backed up.

Procedure

  1. Configure CSS on core switches and stacking on aggregation switches, and configure MAD and uplink and downlink Eth-Trunk interfaces on the switches.

    For details, see Typical CSS and Stack Deployment.

  2. Configure interfaces and VLANs on CORE, which is a CSS of core switches.

    # Create VLANs.
    [CORE] vlan batch 20 30 40 50 60 1000

    # Configure an Eth-Trunk interface for connecting to AGG1, which is a stack of aggregation switches. The configuration of an Eth-Trunk interface for connecting to AGG2 (also a stack of aggregation switches) is similar.

    [CORE] interface eth-trunk 10
[CORE-Eth-Trunk10] description con to AGG1
[CORE-Eth-Trunk10] mode lacp
[CORE-Eth-Trunk10] port link-type trunk
[CORE-Eth-Trunk10] undo port trunk allow-pass vlan 1
[CORE-Eth-Trunk10] port trunk allow-pass vlan 20 30 40 50
[CORE-Eth-Trunk10] quit

    # Create an Eth-Trunk 1 interface for connecting to CORE-AC1 and add the interface to the Eth-Trunk. The configuration of the Eth-Trunk interface for connecting to CORE-AC2 is similar.

    [CORE] interface eth-trunk 1
[CORE-Eth-Trunk1] description con to CORE-AC1
[CORE-Eth-Trunk1] mode lacp
[CORE-Eth-Trunk1] port link-type trunk
[CORE-Eth-Trunk1] undo port trunk allow-pass vlan 1
[CORE-Eth-Trunk1] port trunk allow-pass vlan 20
[CORE-Eth-Trunk1] quit
[CORE] interface xgigabitethernet 1/1/0/3
[CORE-XGigabitEthernet1/1/0/3] eth-trunk 1
[CORE-XGigabitEthernet1/1/0/3] quit
[CORE] interface xgigabitethernet 2/1/0/3
[CORE-XGigabitEthernet2/1/0/3] eth-trunk 1
[CORE-XGigabitEthernet2/1/0/3] quit

    # Add the interface connected to the server zone to VLAN 1000.

    [CORE] interface xgigabitethernet 1/2/0/1
[CORE-XGigabitEthernet1/2/0/1] port link-type access
[CORE-XGigabitEthernet1/2/0/1] port default vlan 1000
[CORE-XGigabitEthernet1/2/0/1] quit

  3. Configure interfaces and VLANs on AGG1. The configuration on AGG2 is similar.

    # Create VLANs.

    [AGG1] vlan batch 20 30 40 50

    # Configure an Eth-Trunk interface for connecting to CORE.

    [AGG1] interface eth-trunk 10
[AGG1-Eth-Trunk10] description connect to CORE
[AGG1-Eth-Trunk10] mode lacp
[AGG1-Eth-Trunk10] port link-type trunk
[AGG1-Eth-Trunk10] undo port trunk allow-pass vlan 1
[AGG1-Eth-Trunk10] port trunk allow-pass vlan 20 30 40 50
[AGG1-Eth-Trunk10] quit

    # Configure a downlink interface for connecting to ACC1.

    [AGG1] interface eth-trunk 30
[AGG1-Eth-Trunk30] mode lacp
[AGG1-Eth-Trunk30] port link-type trunk
[AGG1-Eth-Trunk30] undo port trunk allow-pass vlan 1
[AGG1-Eth-Trunk30] port trunk allow-pass vlan 20 30 40 50
[AGG1-Eth-Trunk30] port-isolate enable
[AGG1-Eth-Trunk30] quit

  4. Configure interfaces and VLANs on ACC1. The configuration on ACC2 is similar.

    # Create VLANs.

    [ACC1] vlan batch 20 30 40 50

    # Configure an uplink interface for connecting to AGG1.

    [ACC1] interface eth-trunk 30
[ACC1-Eth-Trunk30] mode lacp
[ACC1-Eth-Trunk30] port link-type trunk
[ACC1-Eth-Trunk30] undo port trunk allow-pass vlan 1
[ACC1-Eth-Trunk30] port trunk allow-pass vlan 20 30 40 50
[ACC1-Eth-Trunk30] quit

    # Configure downlink interfaces connected to a user PC and AP1, and configure the interfaces as edge ports.

    [ACC1] interface gigabitethernet 0/0/3
[ACC1-GigabitEthernet0/0/3] port link-type access
[ACC1-GigabitEthernet0/0/3] port default vlan 50
[ACC1-GigabitEthernet0/0/3] port-isolate enable
[ACC1-GigabitEthernet0/0/3] stp edged-port enable
[ACC1-GigabitEthernet0/0/3] quit
[ACC1] interface gigabitethernet 0/0/4
[ACC1-GigabitEthernet0/0/4] port link-type trunk
[ACC1-GigabitEthernet0/0/4] port trunk pvid vlan 20
[ACC1-GigabitEthernet0/0/4] port trunk allow-pass vlan 20 30 40
[ACC1-GigabitEthernet0/0/4] port-isolate enable
[ACC1-GigabitEthernet0/0/4] stp edged-port enable
[ACC1-GigabitEthernet0/0/4] quit

  5. Configure interfaces and VLANs on CORE-AC1. The configuration on CORE-AC2 is similar.

    # Configure a downlink interface for connecting to CORE.

    <AC6605> system-view
[AC6605] sysname CORE-AC1
[CORE-AC1] vlan batch 20 100
[CORE-AC1] interface eth-trunk 1
[CORE-AC1-Eth-Trunk1] mode lacp
[CORE-AC1-Eth-Trunk1] port link-type trunk
[CORE-AC1-Eth-Trunk1] undo port trunk allow-pass vlan 1
[CORE-AC1-Eth-Trunk1] port trunk allow-pass vlan 20
[CORE-AC1-Eth-Trunk1] quit
[CORE-AC1] interface xgigabitethernet0/0/21
[CORE-AC1-XGigabitEthernet0/0/21] eth-trunk 1
[CORE-AC1-XGigabitEthernet0/0/21] quit
[CORE-AC1] interface xgigabitethernet0/0/22
[CORE-AC1-XGigabitEthernet0/0/22] eth-trunk 1
[CORE-AC1-XGigabitEthernet0/0/22] quit
[CORE-AC1] interface vlanif 20
[CORE-AC1-Vlanif20] ip address 192.168.20.1 255.255.255.0
[CORE-AC1-Vlanif20] quit

    # Configure an interface for connecting CORE-AC1 to CORE-AC2.

    [CORE-AC1] interface gigabitethernet 0/0/2
[CORE-AC1-GigabitEthernet0/0/2] port link-type trunk
[CORE-AC1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
[CORE-AC1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[CORE-AC1-GigabitEthernet0/0/2] quit
[CORE-AC1] interface vlanif 100
[CORE-AC1-Vlanif100] ip address 172.16.100.1 255.255.255.0
[CORE-AC1-Vlanif100] quit

  6. Configure DHCP on CORE so that CORE functions as a DHCP server to assign IP addresses to wired and wireless users.

    # Enable DHCP globally and configure DHCP snooping for service VLANs.

    [CORE] dhcp enable
[CORE] dhcp snooping enable
[CORE] vlan 30
[CORE-vlan30] dhcp snooping enable
[CORE-vlan30] quit
[CORE] vlan 40
[CORE-vlan40] dhcp snooping enable
[CORE-vlan40] quit
[CORE] vlan 50
[CORE-vlan50] dhcp snooping enable
[CORE-vlan50] quit
[CORE] vlan 60
[CORE-vlan60] dhcp snooping enable
[CORE-vlan60] quit

    # Create Layer 3 interfaces VLANIF 30 and VLANIF 40 for wireless services and configure CORE to assign IP addresses to STAs from the interface address pools.

    [CORE] interface vlanif 30
[CORE-Vlanif30] ip address 172.16.30.1 255.255.255.0
[CORE-Vlanif30] dhcp select interface
[CORE-Vlanif30] dhcp server dns-list 192.168.11.2 //Configure the DNS server for terminals.
[CORE-Vlanif30] arp-proxy inner-sub-vlan-proxy enable  //Enable intra-VLAN proxy ARP in a service VLAN for wireless users. Otherwise, wireless users cannot communicate with each other through the AC. Determine whether to configure this command based on actual requirements.
[CORE-Vlanif30] quit
[CORE] interface vlanif 40
[CORE-Vlanif40] ip address 172.16.40.1 255.255.255.0
[CORE-Vlanif40] dhcp select interface
[CORE-Vlanif40] dhcp server dns-list 192.168.11.2 //Configure the DNS server for terminals.
[CORE-Vlanif40] arp-proxy inner-sub-vlan-proxy enable  //Enable intra-VLAN proxy ARP in a service VLAN for wireless users. Otherwise, wireless users cannot communicate with each other through the AC. Determine whether to configure this command based on actual requirements.
[CORE-Vlanif40] quit

    # Create Layer 3 interfaces VLANIF 50 and VLANIF 60 for wired services and configure CORE to assign IP addresses to wired terminals from the interface address pools.

    [CORE] interface vlanif 50
[CORE-Vlanif50] ip address 172.16.50.1 255.255.255.0
[CORE-Vlanif50] dhcp select interface
[CORE-Vlanif50] dhcp server dns-list 192.168.11.2  //Configure the DNS server for terminals.
[CORE-Vlanif50] arp-proxy inner-sub-vlan-proxy enable  //Enable intra-VLAN proxy ARP in a service VLAN for wired users. Otherwise, wired users cannot communicate with each other. Determine whether to configure this command based on actual requirements.
[CORE-Vlanif50] quit
[CORE] interface vlanif 60
[CORE-Vlanif60] ip address 172.16.60.1 255.255.255.0
[CORE-Vlanif60] dhcp select interface
[CORE-Vlanif60] dhcp server dns-list 192.168.11.2  //Configure the DNS server for terminals.
[CORE-Vlanif60] arp-proxy inner-sub-vlan-proxy enable  //Enable intra-VLAN proxy ARP in a service VLAN for wired users. Otherwise, wired users cannot communicate with each other. Determine whether to configure this command based on actual requirements.
[CORE-Vlanif60] quit

    # Create Layer 3 interface VLANIF 20 for connecting to the ACs.

    [CORE] interface vlanif 20
[CORE-Vlanif20] ip address 192.168.20.20 255.255.255.0
[CORE-Vlanif20] quit

    # Create Layer 3 interface VLANIF 1000 for connecting to a server.

    [CORE] interface vlanif 1000
[CORE-Vlanif1000] ip address 192.168.11.254 255.255.255.0
[CORE-Vlanif1000] quit

  7. Configure DHCP on CORE-AC1 so that CORE-AC1 functions as a DHCP server to assign IP addresses to APs. The configuration on CORE-AC2 is similar.

    [CORE-AC1] dhcp enable
[CORE-AC1] interface vlanif 20
[CORE-AC1-Vlanif20] dhcp select interface
[CORE-AC1-Vlanif20] dhcp server excluded-ip-address 192.168.20.2
[CORE-AC1-Vlanif20] dhcp server excluded-ip-address 192.168.20.20
[CORE-AC1-Vlanif20] quit

  8. Configure routes from CORE-AC1 to the network segments of wired users and the server area. The configuration on CORE-AC2 is similar.

    [CORE-AC1] ip route-static 172.16.50.0 255.255.255.0 192.168.20.20
[CORE-AC1] ip route-static 172.16.60.0 255.255.255.0 192.168.20.20
[CORE-AC1] ip route-static 192.168.11.0 255.255.255.0 192.168.20.20

  9. Configure VRRP and HSB on CORE-AC1. The configuration on CORE-AC2 is similar.

    # Set the recovery delay of the VRRP group to 60 seconds.

    [CORE-AC1] vrrp recover-delay 60

    # Create a management VRRP group on CORE-AC1. Set the priority of CORE-AC1 in the VRRP group to 120 and set the preemption time to 1200 seconds.

    [CORE-AC1] interface vlanif 20
[CORE-AC1-Vlanif20] vrrp vrid 1 virtual-ip 192.168.20.3
[CORE-AC1-Vlanif20] vrrp vrid 1 priority 120
[CORE-AC1-Vlanif20] vrrp vrid 1 preempt-mode timer delay 1200
[CORE-AC1-Vlanif20] admin-vrrp vrid 1
[CORE-AC1-Vlanif20] quit

    # Create HSB service 0 on CORE-AC1 and configure IP addresses and port numbers for the HSB channel.

    [CORE-AC1] hsb-service 0
[CORE-AC1-hsb-service-0] service-ip-port local-ip 172.16.100.1 peer-ip 172.16.100.2 local-data-port 10241 peer-data-port 10241
[CORE-AC1-hsb-service-0] quit

    # Create HSB group 0 on CORE-AC1, and bind HSB service 0 and the management VRRP group to HSB group 0.

    [CORE-AC1] hsb-group 0
[CORE-AC1-hsb-group-0] bind-service 0
[CORE-AC1-hsb-group-0] track vrrp vrid 1 interface vlanif 20
[CORE-AC1-hsb-group-0] quit

    # Bind the CORE-AC1 service to HSB group 0.

    [CORE-AC1] hsb-service-type access-user hsb-group 0
[CORE-AC1] hsb-service-type ap hsb-group 0
[CORE-AC1] hsb-service-type dhcp hsb-group 0
[CORE-AC1] hsb-group 0
[CORE-AC1-hsb-group-0] hsb enable
[CORE-AC1-hsb-group-0] quit

    # After the configuration is complete, run the display vrrp command on CORE-AC1 and CORE-AC2. The command output shows that the State field of CORE-AC1 displays Master and that of CORE-AC2 displays Backup.

    [CORE-AC1] display vrrp
  Vlanif20 | Virtual Router 1
    State : Master
    Virtual IP : 192.168.20.3
    Master IP : 192.168.20.1
    PriorityRun : 120
    PriorityConfig : 120
    MasterPriority : 120
    Preempt : YES   Delay Time : 1200 s
    TimerRun : 2 s
    TimerConfig : 2 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-0101
    Check TTL : YES
    Config type : admin-vrrp
    Backup-forward : disabled
    Track SysHealth Priority reduced : 254
    SysHealth state : UP
    Create time : 2019-11-05 15:30:25
    Last change time : 2019-11-05 15:30:31
    [CORE-AC2] display vrrp
  Vlanif20 | Virtual Router 1
    State : Backup
    Virtual IP : 192.168.20.3
    Master IP : 192.168.20.1
    PriorityRun : 100
    PriorityConfig : 100
    MasterPriority : 120
    Preempt : YES   Delay Time : 0 s
    TimerRun : 2 s
    TimerConfig : 2 s
    Auth type : NONE
    Virtual MAC : 0000-5e00-0101
    Check TTL : YES
    Config type : admin-vrrp
    Backup-forward : disabled
    Track SysHealth Priority reduced : 254
    SysHealth state : UP
    Create time : 2019-11-05 11:12:13
    Last change time : 2019-11-05 11:13:23

    # Check the HSB service status on CORE-AC1 and CORE-AC2. The following command output shows that the Service State field displays Connected, indicating that the HSB channel has been established.

    [CORE-AC1] display hsb-service 0
Hot Standby Service Information:
----------------------------------------------------------
  Local IP Address       : 172.16.100.1
  Peer IP Address        : 172.16.100.2
  Source Port            : 10241
  Destination Port       : 10241
  Keep Alive Times       : 5
  Keep Alive Interval    : 3
  Service State          : Connected
  Service Batch Modules  :
  Shared-key             : -
----------------------------------------------------------
    [CORE-AC2] display hsb-service 0
Hot Standby Service Information:
----------------------------------------------------------
  Local IP Address       : 172.16.100.2
  Peer IP Address        : 172.16.100.1
  Source Port            : 10241
  Destination Port       : 10241
  Keep Alive Times       : 5
  Keep Alive Interval    : 3
  Service State          : Connected
  Service Batch Modules  :
  Shared-key             : -
----------------------------------------------------------

    # Run the display hsb-group 0 command on CORE-AC1 and CORE-AC2 to check the service status of HSB group 0.

    [CORE-AC1] display hsb-group 0
Hot Standby Group Information:
----------------------------------------------------------
  HSB-group ID                : 0
  Vrrp Group ID               : 1
  Vrrp Interface              : Vlanif20
  Service Index               : 0
  Group Vrrp Status           : Master
  Group Status                : Active
  Group Backup Process        : Realtime
  Peer Group Device Name      : AC6605
  Peer Group Software Version : V200R007C10
  Group Backup Modules        : Access-user
                                AP
                                DHCP
----------------------------------------------------------
    [CORE-AC2] display hsb-group 0
Hot Standby Group Information:
----------------------------------------------------------
  HSB-group ID                : 0
  Vrrp Group ID               : 1
  Vrrp Interface              : Vlanif20
  Service Index               : 0
  Group Vrrp Status           : Backup
  Group Status                : Inactive
  Group Backup Process        : Realtime
  Peer Group Device Name      : AC6605
  Peer Group Software Version : V200R007C10
  Group Backup Modules        : Access-user
                                DHCP
                                AP
----------------------------------------------------------

  10. Configure APs to go online on CORE-AC1.

    # Configure the AC's source interface.

    [CORE-AC1] capwap source interface vlanif 20

    # Create an AP group to add APs with the same configurations to the AP group.

    [CORE-AC1] wlan
[CORE-AC1-wlan-view] ap-group name ap-group1
[CORE-AC1-wlan-ap-group-ap-group1] quit

    # Create a regulatory domain profile, configure a country code in the profile, and apply the profile to the AP group.

    [CORE-AC1-wlan-view] regulatory-domain-profile name domain1
[CORE-AC1-wlan-regulate-domain-domain1] country-code cn  
[CORE-AC1-wlan-regulate-domain-domain1] quit
[CORE-AC1-wlan-view] ap-group name ap-group1
[CORE-AC1-wlan-ap-group-ap-group1] regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[CORE-AC1-wlan-ap-group-ap-group1] quit

    # Add target APs to the AP group and configure names for the APs based on their deployment locations.

    [CORE-AC1-wlan-view] ap auth-mode mac-auth
[CORE-AC1-wlan-view] ap-id 1 ap-mac 00e0-fc12-6660
[CORE-AC1-wlan-ap-1] ap-name area_1
[CORE-AC1-wlan-ap-1] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[CORE-AC1-wlan-ap-1] quit
[CORE-AC1-wlan-view] ap-id 2 ap-mac 00e0-fc12-6670
[CORE-AC1-wlan-ap-2] ap-name area_2
[CORE-AC1-wlan-ap-2] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, whether to continue? [Y/N]:y
Info: This operation may take a few seconds. Please wait for a moment.. done.
[CORE-AC1-wlan-ap-2] quit
[CORE-AC1-wlan-view] quit

    # After powering on the APs, run the display ap all command on CORE-AC1 to check the AP running status. The command output shows that the State field displays nor, indicating that the APs are in normal state.

    [CORE-AC1] display ap all
Total AP information:
nor   : normal          [2]
ExtraInfo : Extra information
P     : insufficient power supply
---------------------------------------------------------------------------------------------------------
ID    MAC            Name   Group     IP             Type            State  STA Uptime ExtraInfo
---------------------------------------------------------------------------------------------------------
1     00e0-fc12-6660 area_1 ap-group1 192.168.20.41  AP6050DN        nor    0   5M:26S -
2     00e0-fc12-6670 area_2 ap-group1 192.168.20.164 AP6050DN        nor    0   2M:52S -
---------------------------------------------------------------------------------------------------------

  11. Configure STAs to go online on CORE-AC1.

    # Configure WLAN service parameters.

    [CORE-AC1] wlan
[CORE-AC1-wlan-view] security-profile name sec1
[CORE-AC1-wlan-sec-prof-sec1] security open
[CORE-AC1-wlan-sec-prof-sec1] quit
[CORE-AC1-wlan-view] ssid-profile name ssid1
[CORE-AC1-wlan-ssid-prof-ssid1] ssid test01
[CORE-AC1-wlan-ssid-prof-ssid1] quit
[CORE-AC1-wlan-view] traffic-profile name traff1
[CORE-AC1-wlan-traffic-prof-traff1] user-isolate l2
[CORE-AC1-wlan-traffic-prof-traff1] quit
[CORE-AC1-wlan-view] security-profile name sec2
[CORE-AC1-wlan-sec-prof-sec2] security open
[CORE-AC1-wlan-sec-prof-sec2] quit
[CORE-AC1-wlan-view] ssid-profile name ssid2
[CORE-AC1-wlan-ssid-prof-ssid2] ssid test02
[CORE-AC1-wlan-ssid-prof-ssid2] quit
[CORE-AC1-wlan-view] traffic-profile name traff2
[CORE-AC1-wlan-traffic-prof-traff2] user-isolate l2
[CORE-AC1-wlan-traffic-prof-traff2] quit

    # Create WLAN VAP profiles, configure the service data forwarding mode and service VLANs, apply security profiles and SSID profiles, and enable strict STA IP address learning through DHCP, IPSG, and dynamic ARP inspection.

    [CORE-AC1-wlan-view] vap-profile name vap1
[CORE-AC1-wlan-vap-prof-vap1] forward-mode direct-forward
[CORE-AC1-wlan-vap-prof-vap1] service-vlan vlan-id 30
[CORE-AC1-wlan-vap-prof-vap1] security-profile sec1
[CORE-AC1-wlan-vap-prof-vap1] ssid-profile ssid1
[CORE-AC1-wlan-vap-prof-vap1] traffic-profile traff1
[CORE-AC1-wlan-vap-prof-vap1] ip source check user-bind enable
[CORE-AC1-wlan-vap-prof-vap1] arp anti-attack check user-bind enable
[CORE-AC1-wlan-vap-prof-vap1] learn-client-address dhcp-strict
[CORE-AC1-wlan-vap-prof-vap1] quit
[CORE-AC1-wlan-view] vap-profile name vap2
[CORE-AC1-wlan-vap-prof-vap2] forward-mode direct-forward
[CORE-AC1-wlan-vap-prof-vap2] service-vlan vlan-id 40
[CORE-AC1-wlan-vap-prof-vap2] security-profile sec2
[CORE-AC1-wlan-vap-prof-vap2] ssid-profile ssid2
[CORE-AC1-wlan-vap-prof-vap2] traffic-profile traff2
[CORE-AC1-wlan-vap-prof-vap2] ip source check user-bind enable
[CORE-AC1-wlan-vap-prof-vap2] arp anti-attack check user-bind enable
[CORE-AC1-wlan-vap-prof-vap2] learn-client-address dhcp-strict
[CORE-AC1-wlan-vap-prof-vap2] quit

    IP packet check enabled using the ip source check user-bind enable command is based on binding entries. Therefore:

    • For DHCP users, enable DHCP snooping on the device to automatically generate dynamic binding entries.
    • For users using static IP addresses, manually configure static binding entries.

    The prerequisites for running the learn-client-address dhcp-strict command are as follows:

    • The DHCP trusted interface configured on an AP has been disabled using the undo dhcp trust port command in the VAP profile view.
    • STA IP address learning has been enabled using the undo learn-client-address { ipv4 | ipv6 } disable command in the VAP profile view.

    # Bind VAP profiles to the AP group.

    [CORE-AC1-wlan-view] ap-group name ap-group1
[CORE-AC1-wlan-ap-group-ap-group1] vap-profile vap1 wlan 1 radio 0
[CORE-AC1-wlan-ap-group-ap-group1] vap-profile vap2 wlan 2 radio 0
[CORE-AC1-wlan-ap-group-ap-group1] vap-profile vap1 wlan 1 radio 1
[CORE-AC1-wlan-ap-group-ap-group1] vap-profile vap2 wlan 2 radio 1
[CORE-AC1-wlan-ap-group-ap-group2] quit
[CORE-AC1-wlan-view] quit

  12. Configure wireless configuration synchronization in the scenario where VRRP and HSB are configured to synchronize wireless service configuration information from CORE-AC1 to CORE-AC2.

    # Configure the source interface of CORE-AC2.

    [CORE-AC2] capwap source interface vlanif 20

    # Configure wireless configuration synchronization on CORE-AC1.

    [CORE-AC1] wlan
[CORE-AC1-wlan-view] master controller
[CORE-AC1-master-controller] master-redundancy peer-ip ip-address 172.16.100.2 local-ip ip-address 172.16.100.1 psk YsHsjx_202206
[CORE-AC1-master-controller] master-redundancy track-vrrp vrid 1 interface vlanif 20
[CORE-AC1-master-controller] quit
[CORE-AC1-wlan-view] quit

    # Configure wireless configuration synchronization on CORE-AC2.

    [CORE-AC2] wlan
[CORE-AC2-wlan-view] master controller 
[CORE-AC2-master-controller] master-redundancy peer-ip ip-address 172.16.100.1 local-ip ip-address 172.16.100.2 psk YsHsjx_202206
[CORE-AC2-master-controller] master-redundancy track-vrrp vrid 1 interface vlanif 20
[CORE-AC2-master-controller] quit 
[CORE-AC2-wlan-view] quit

    # Run the display sync-configuration status command to check the status of the wireless configuration synchronization function. The command output shows that the Status field displays cfg-mismatch. In this case, you need to manually trigger wireless configuration synchronization from the master AC to the backup AC. Wait until the backup AC is restarted.

    [CORE-AC1] display sync-configuration status
Controller role:Master/Backup/Local
-----------------------------------------------------------------------------------------------------------------------------
Controller IP Role    Device   Type     Version               Status                          Last synced
-----------------------------------------------------------------------------------------------------------------------------
172.16.100.2  Backup  AP6050DN          V200R007C10           cfg-mismatch(config check fail) -
-----------------------------------------------------------------------------------------------------------------------------
Total: 1 
[CORE-AC1] synchronize-configuration
Warning: This operation may reset the remote AC, synchronize configurations to it, and save all its configurations. Whether to continue? [Y/N]:y

    After wireless configuration synchronization is manually triggered, the backup AC automatically restarts. After the backup AC restarts, run the display sync-configuration status command to check whether the wireless configuration synchronization function is normal.

    # Check whether the wireless configuration synchronization function is normal. If the status field displays up, the wireless configuration synchronization function is normal.

    [CORE-AC1] display sync-configuration status
Controller role:Master/Backup/Local
----------------------------------------------------------------------------------------------------
Controller IP Role    Device   Type     Version               Status Last synced
----------------------------------------------------------------------------------------------------
172.16.100.2  Backup  AP6050DN          V200R007C10           up     2019-11-05/19:09:14
----------------------------------------------------------------------------------------------------
Total: 1

Verifying the Deployment

Expected Result

Wired and wireless users can access the campus network.

Verification Method

  • Run the following command on CORE-AC1. The command output shows that APs have obtained IP addresses successfully.
    [CORE-AC1] display ip pool interface vlanif20 used
  Pool-name        : vlanif20
  Pool-No          : 0
  Lease            : 1 Days 0 Hours 0 Minutes
  Domain-name      : -
  DNS-server0      : -
  NBNS-server0     : -
  Netbios-type     : -
  Position         : Interface
  Status           : Unlocked
  Gateway-0        : -
  Network          : 192.168.20.0
  Mask             : 255.255.255.0
  Logging          : Disable
  Conflicted address recycle interval: -
  Address Statistic: Total       :254       Used        :2
                     Idle        :233       Expired     :0
                     Conflict    :0         Disabled    :19

 -------------------------------------------------------------------------------------
  Network section
         Start           End       Total    Used Idle(Expired) Conflict Disabled
 -------------------------------------------------------------------------------------
    192.168.20.1  192.168.20.254     254       2        233(0)       0    19
 -------------------------------------------------------------------------------------
 Client-ID format as follows:
   DHCP  : mac-address                 PPPoE   : mac-address
   IPSec : user-id/portnumber/vrf      PPP     : interface index
   L2TP  : cpu-slot/session-id         SSL-VPN : user-id/session-id
 -------------------------------------------------------------------------------------
  Index              IP             Client-ID    Type       Left   Status
 -------------------------------------------------------------------------------------
     40   192.168.20.41        00e0-fc12-6660    DHCP      72528   Used
    163  192.168.20.164        00e0-fc12-6670    DHCP      72813   Used
 -------------------------------------------------------------------------------------
  • Run the following commands on CORE. The command output shows that wired users have obtained IP addresses successfully.
    [CORE] display ip pool interface vlanif50 used
  Pool-name        : Vlanif50
  Pool-No          : 2
  Lease            : 1 Days 0 Hours 0 Minutes
  Domain-name      : -
  DNS-server0      : 192.168.11.2
  NBNS-server0     : -
  Netbios-type     : -
  Position         : Interface
  Status           : Unlocked
  Gateway-0        : -
  Network          : 172.16.50.0
  Mask             : 255.255.255.0
  VPN instance     : --
  Logging          : Disable
  Conflicted address recycle interval: -
  Address Statistic: Total       :254       Used        :1
                     Idle        :253       Expired     :0
                     Conflict    :0         Disabled    :0

 -------------------------------------------------------------------------------------
  Network section
         Start           End       Total    Used Idle(Expired) Conflict Disabled
 -------------------------------------------------------------------------------------
    172.16.50.1   172.16.50.254      254       1        253(0)       0     0
 -------------------------------------------------------------------------------------
 Client-ID format as follows:
   DHCP  : mac-address                 PPPoE   : mac-address
   IPSec : user-id/portnumber/vrf      PPP     : interface index
   L2TP  : cpu-slot/session-id         SSL-VPN : user-id/session-id
 -------------------------------------------------------------------------------------
  Index              IP             Client-ID    Type       Left   Status
 -------------------------------------------------------------------------------------
    109  172.16.50.110         00e0-fc12-3344    DHCP      48538   Used
 -------------------------------------------------------------------------------------
 -------------------------------------------------------------------------------------
    [CORE] display ip pool interface vlanif60 used
  Pool-name        : Vlanif60
  Pool-No          : 3
  Lease            : 1 Days 0 Hours 0 Minutes
  Domain-name      : -
  DNS-server0      : 192.168.11.2
  NBNS-server0     : -
  Netbios-type     : -
  Position         : Interface       
  Status           : Unlocked
  Gateway-0        : -
  Network          : 172.16.60.0
  Mask             : 255.255.255.0
  VPN instance     : --
  Logging          : Disable
  Conflicted address recycle interval: -
  Address Statistic: Total       :254       Used        :1
                     Idle        :253       Expired     :0
                     Conflict    :0         Disabled    :0

 -------------------------------------------------------------------------------------
  Network section
         Start           End       Total    Used Idle(Expired) Conflict Disabled
 -------------------------------------------------------------------------------------
     172.16.60.1   172.16.60.254     254       1        253(0)       0     0
 -------------------------------------------------------------------------------------
 Client-ID format as follows:
   DHCP  : mac-address                 PPPoE   : mac-address
   IPSec : user-id/portnumber/vrf      PPP     : interface index
   L2TP  : cpu-slot/session-id         SSL-VPN : user-id/session-id
 -------------------------------------------------------------------------------------
  Index              IP             Client-ID    Type       Left   Status
 -------------------------------------------------------------------------------------
    236   172.16.60.237        00e0-fc12-3377    DHCP      48050   Used
 -------------------------------------------------------------------------------------
 -------------------------------------------------------------------------------------
  • Wired and wireless users can communicate with each other.

    # AP1 can ping a device in the server zone.

    <area_1> ping 192.168.11.1
  PING 192.168.11.1: 56  data bytes, press CTRL_C to break
    Reply from 192.168.11.1: bytes=56 Sequence=1 ttl=63 time=1 ms
    Reply from 192.168.11.1: bytes=56 Sequence=2 ttl=63 time=1 ms
    Reply from 192.168.11.1: bytes=56 Sequence=3 ttl=63 time=1 ms
    Reply from 192.168.11.1: bytes=56 Sequence=4 ttl=63 time=1 ms
    Reply from 192.168.11.1: bytes=56 Sequence=5 ttl=63 time=1 ms

  --- 192.168.11.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/1/1 ms

    # After a wireless user connects to AP1, you can view information about the wireless user on CORE-AC1.

    [CORE-AC1] display station ssid test01
Rf/WLAN: Radio ID/WLAN ID                                                     
Rx/Tx: link receive rate/link transmit rate(Mbps)                             
-----------------------------------------------------------------------------------------------
STA MAC          AP ID Ap name  Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address            
-----------------------------------------------------------------------------------------------
00e0-fc12-3388   2     area_2   1/1      5G    11ac  173/144    -38   30    172.16.30.180          
-----------------------------------------------------------------------------------------------
Total: 1 2.4G: 0 5G: 1

    # PC1 can ping the user connected to AP1.

    C:\Users>ping 172.16.30.168

Pinging 172.16.30.168 with 32 bytes of data:
Reply from 172.16.30.168: bytes=32 time<1ms TTL=128
Reply from 172.16.30.168: bytes=32 time<1ms TTL=128
Reply from 172.16.30.168: bytes=32 time<1ms TTL=128
Reply from 172.16.30.168: bytes=32 time<1ms TTL=128

Ping statistics for 172.16.30.168:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Configuration Files

# CORE configuration file

#
vlan batch 20 30 40 50 60 1000
#
dhcp enable
#
dhcp snooping enable
#
vlan 30
 dhcp snooping enable
vlan 40
 dhcp snooping enable
vlan 50
 dhcp snooping enable
vlan 60
 dhcp snooping enable
#
interface Vlanif20
 ip address 192.168.20.20 255.255.255.0
#
interface Vlanif30
 ip address 172.16.30.1 255.255.255.0
 arp-proxy inner-sub-vlan-proxy enable
 dhcp select interface
 dhcp server dns-list 192.168.11.2
#
interface Vlanif40
 ip address 172.16.40.1 255.255.255.0
 arp-proxy inner-sub-vlan-proxy enable
 dhcp select interface
 dhcp server dns-list 192.168.11.2
#
interface Vlanif50
 ip address 172.16.50.1 255.255.255.0
 arp-proxy inner-sub-vlan-proxy enable
 dhcp select interface
 dhcp server dns-list 192.168.11.2
#
interface Vlanif60
 ip address 172.16.60.1 255.255.255.0
 arp-proxy inner-sub-vlan-proxy enable
 dhcp select interface
 dhcp server dns-list 192.168.11.2
#
interface Vlanif1000
 ip address 192.168.11.1 255.255.255.0
#
interface Eth-Trunk1
 description con to CORE-AC1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20
 mode lacp
#
interface Eth-Trunk2
 description con to CORE-AC2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20
 mode lacp
#
interface Eth-Trunk10
 description con to AGG1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 50
 mode lacp
#
interface Eth-Trunk20
 description con to AGG2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 60
 mode lacp
#
interface XGigabitEthernet1/1/0/1
 eth-trunk 10
#
interface XGigabitEthernet1/1/0/2
 eth-trunk 20
#
interface XGigabitEthernet1/1/0/3
 eth-trunk 1
#
interface XGigabitEthernet1/1/0/4
 eth-trunk 2
#
interface XGigabitEthernet1/1/0/10 
 mad detect mode direct 
# 
interface XGigabitEthernet1/2/0/1
 port link-type access
 port default vlan 1000
#
interface XGigabitEthernet2/1/0/1
 eth-trunk 20
#
interface XGigabitEthernet2/1/0/2
 eth-trunk 10
#
interface XGigabitEthernet2/1/0/3
 eth-trunk 1
#
interface XGigabitEthernet2/1/0/4
 eth-trunk 2
#
interface XGigabitEthernet2/1/0/10 
 mad detect mode direct 
# 
return

# AGG1 configuration file

#
vlan batch 20 30 40 50
#
interface Eth-Trunk10
 description connect to CORE
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 50
 mode lacp
#
interface Eth-Trunk30
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 50
 mode lacp
 port-isolate enable group 1
#
interface GigabitEthernet0/0/3 
 eth-trunk 30 
# 
interface GigabitEthernet0/0/10 
 mad detect mode direct 
# 
interface GigabitEthernet1/0/3 
 eth-trunk 30 
# 
interface GigabitEthernet1/0/10 
 mad detect mode direct 
# 
interface XGigabitEthernet0/0/1
 eth-trunk 10
#
interface XGigabitEthernet1/0/1
 eth-trunk 10
#
return

# AGG2 configuration file

#
vlan batch 20 30 40 60
#
interface Eth-Trunk20
 description connect to CORE
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 60
 mode lacp
#
interface Eth-trunk40
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 60
 mode lacp
 port-isolate enable group 1
#
interface GigabitEthernet0/0/10 
 mad detect mode direct 
# 
interface GigabitEthernet1/0/3 
 eth-trunk 40 
# 
interface GigabitEthernet1/0/10 
 mad detect mode direct 
#
interface XGigabitEthernet0/0/1
 eth-trunk 20
#
interface XGigabitEthernet1/0/1
 eth-trunk 20
#
return

# ACC1 configuration file

#
vlan batch 20 30 40 50
#
interface Eth-Trunk30
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 50
 mode lacp
#
interface GigabitEthernet0/0/1 
 eth-trunk 30 
# 
interface GigabitEthernet0/0/2 
 eth-trunk 30 
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 50
 stp edged-port enable
 port-isolate enable group 1
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 20
 port trunk allow-pass vlan 20 30 40
 stp edged-port enable
 port-isolate enable group 1
#
return

# ACC2 configuration file

#
vlan batch 20 30 40 60
#
interface Eth-Trunk40
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20 30 40 60
 mode lacp
#
interface GigabitEthernet0/0/1 
 eth-trunk 40 
# 
interface GigabitEthernet0/0/2 
 eth-trunk 40 
# 
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 60
 stp edged-port enable
 port-isolate enable group 1
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 20
 port trunk allow-pass vlan 20 30 40
 stp edged-port enable
 port-isolate enable group 1
#
return

# CORE-AC1 configuration file

#
 sysname CORE-AC1
#
vrrp recover-delay 60
#
vlan batch 20 100
#
dhcp enable
#
interface Vlanif20
 ip address 192.168.20.1 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.20.3
 admin-vrrp vrid 1
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 1200
 dhcp select interface
 dhcp server excluded-ip-address 192.168.20.2
 dhcp server excluded-ip-address 192.168.20.20
#
interface Vlanif100
 ip address 172.16.100.1 255.255.255.0
#
interface Eth-Trunk1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20
 mode lacp
#
interface GigabitEthernet0/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 100
#
interface XGigabitEthernet0/0/21
 eth-trunk 1
#
interface XGigabitEthernet0/0/22
 eth-trunk 1
#
ip route-static 172.16.50.0 255.255.255.0 192.168.20.20
ip route-static 172.16.60.0 255.255.255.0 192.168.20.20
ip route-static 192.168.11.0 255.255.255.0 192.168.20.20
#
capwap source interface vlanif20
#
hsb-service 0
 service-ip-port local-ip 172.16.100.1 peer-ip 172.16.100.2 local-data-port 10241 peer-data-port 10241
#
hsb-group 0
 track vrrp vrid 1 interface Vlanif20
 bind-service 0
 hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0
#
wlan
 traffic-profile name traff1
  user-isolate l2
 traffic-profile name traff2
  user-isolate l2
 security-profile name sec1
  security open
 security-profile name sec2
  security open
 ssid-profile name ssid1
  ssid test01
 ssid-profile name ssid2
  ssid test02
 vap-profile name vap1
  forward-mode direct-forward
  service-vlan vlan-id 30
  ssid-profile ssid1
  security-profile sec1
  traffic-profile traff1
  ip source check user-bind enable
  arp anti-attack check user-bind enable
  learn-client-address dhcp-strict
 vap-profile name vap2
  forward-mode direct-forward
  service-vlan vlan-id 40
  ssid-profile ssid2
  security-profile sec2
  traffic-profile traff2
  ip source check user-bind enable
  arp anti-attack check user-bind enable
  learn-client-address dhcp-strict
 regulatory-domain-profile name domain1
 ap-group name ap-group1
  regulatory-domain-profile domain1
  radio 0
   vap-profile vap1 wlan 1
   vap-profile vap2 wlan 2
  radio 1
   vap-profile vap1 wlan 1
   vap-profile vap2 wlan 2
 ap-id 1 type-id 30 ap-mac 00e0-fc12-6660 ap-sn 2102355547W0E3000316
  ap-name area_1
  ap-group ap-group1
 ap-id 2 type-id 56 ap-mac 00e0-fc12-6670 ap-sn 21500829352SGA900583
  ap-name area_2
  ap-group ap-group1
 master controller
  master-redundancy track-vrrp vrid 1 interface Vlanif20
  master-redundancy peer-ip ip-address 172.16.100.2 local-ip ip-address 172.16.100.1 psk %^%#5Vh&+;LCyDdLEV1gGJuP}9l(9W&u!+uHt";5T#yM%^%#
#
return

# CORE-AC2 configuration file

#
 sysname CORE-AC2
#
vrrp recover-delay 60
#
vlan batch 20 100
#
dhcp enable
#
interface Vlanif20
 ip address 192.168.20.2 255.255.255.0
 vrrp vrid 1 virtual-ip 192.168.20.3
 admin-vrrp vrid 1
 dhcp select interface
 dhcp server excluded-ip-address 192.168.20.1
 dhcp server excluded-ip-address 192.168.20.20
#
interface Vlanif100
 ip address 172.16.100.2 255.255.255.0
#
interface Eth-Trunk2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 20
 mode lacp
#
interface GigabitEthernet0/0/2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 100
#
interface XGigabitEthernet0/0/21
 eth-trunk 2
#
interface XGigabitEthernet0/0/22
 eth-trunk 2
#
ip route-static 172.16.50.0 255.255.255.0 192.168.20.20
ip route-static 172.16.60.0 255.255.255.0 192.168.20.20
ip route-static 192.168.11.0 255.255.255.0 192.168.20.20
#
capwap source interface vlanif20
#
hsb-service 0
 service-ip-port local-ip 172.16.100.2 peer-ip 172.16.100.1 local-data-port 10241 peer-data-port 10241
#
hsb-group 0
 track vrrp vrid 1 interface Vlanif20
 bind-service 0
 hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0
#
wlan
 traffic-profile name traff1
  user-isolate l2
 traffic-profile name traff2
  user-isolate l2
 security-profile name sec1
  security open
 security-profile name sec2
  security open
 ssid-profile name ssid1
  ssid test01
 ssid-profile name ssid2
  ssid test02
 vap-profile name vap1
  forward-mode direct-forward
  service-vlan vlan-id 30
  ssid-profile ssid1
  security-profile sec1
  traffic-profile traff1
  ip source check user-bind enable
  arp anti-attack check user-bind enable
  learn-client-address dhcp-strict
 vap-profile name vap2
  forward-mode direct-forward
  service-vlan vlan-id 40
  ssid-profile ssid2
  security-profile sec2
  traffic-profile traff2
  ip source check user-bind enable
  arp anti-attack check user-bind enable
  learn-client-address dhcp-strict
 regulatory-domain-profile name domain1
 ap-group name ap-group1
  regulatory-domain-profile domain1
  radio 0
   vap-profile vap1 wlan 1
   vap-profile vap2 wlan 2
  radio 1
   vap-profile vap1 wlan 1
   vap-profile vap2 wlan 2
 ap-id 1 type-id 30 ap-mac 00e0-fc12-6660 ap-sn 2102355547W0E3000316
  ap-name area_1
  ap-group ap-group1
 ap-id 2 type-id 56 ap-mac 00e0-fc12-6670 ap-sn 21500829352SGA900583
  ap-name area_2
  ap-group ap-group1
 master controller
  master-redundancy track-vrrp vrid 1 interface Vlanif20
  master-redundancy peer-ip ip-address 172.16.100.1 local-ip ip-address 172.16.100.2 psk %^%#QKK0'nRL%0U`y32S6bOSB40e=FJE^Lbs7.A]x)QQ%^%#
#
return
Translation
Español 日本語 Русский 简体中文
Download
Updated: 2023-07-29

Document ID: EDOC1000069520

Views: 1865944

Downloads: 41257

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :