No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN V200R008C10 Typical Configuration Examples

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Dual-Link HSB in Active/Standby Mode

Example for Configuring Dual-Link HSB in Active/Standby Mode

Service Requirements

An enterprise deploys a WLAN to provide WLAN services to users. The enterprise requires dual-link HSB to improve data transmission reliability.

Networking Requirements

  • AC networking mode: Layer 2 bypass mode
  • DHCP deployment mode: The router functions as a DHCP server to assign IP addresses to APs and STAs.
  • Service data forwarding mode: direct forwarding
Figure 4-47 Networking for configuring dual-link HSB for ACs

Data Planning

Table 4-45 AC data planning
Item Data

Management VLAN for APs

VLAN 100

Service VLAN for STAs

VLAN 101

AC's backup VLAN

VLAN 102

DHCP server

The router functions as a DHCP server to assign IP addresses to APs and STAs.

STAs' gateway: 10.23.101.1/24

APs' gateway: 10.23.100.1/24

IP address pool for APs

10.23.100.4-10.23.100.254/24

IP address pool for STAs

10.23.101.2-10.23.101.254/24

AC's source interface

VLANIF 100

AC1's management IP address

VLANIF 100: 10.23.100.2/24

AC2's management IP address

VLANIF 100: 10.23.100.3/24

Active AC

AC1

Local priority: 0

Standby AC

AC2

Local priority: 1

IP addresses and port numbers for the active and standby channels of AC1

IP address: VLANIF 102, 10.23.102.1/24

Port number: 10241

IP addresses and port numbers for the active and standby channels of AC2

IP address: VLANIF 102, 10.23.102.2/24

Port number: 10241

AP group

  • Name: ap-group1

  • Referenced profiles: VAP profile wlan-net and regulatory domain profile default

Regulatory domain profile

  • Name: default
  • Country code: China

SSID profile

  • Name: wlan-net

  • SSID name: wlan-net

Security profile

  • Name: wlan-net

  • Security policy: WPA-WPA2+PSK+AES

  • Password: a1234567

VAP profile

  • Name: wlan-net

  • Forwarding mode: direct forwarding

  • Service VLAN: VLAN 101

  • Referenced profiles: SSID profile wlan-net and security profile wlan-net

Configuration Roadmap

  1. Configure network interworking of the AP1, AC2, and other network devices.
  2. Configure basic WLAN services to ensure that users can access the enterprise network.
  3. Configure global dual-link backup on the ACs.
  4. Configure hot standby on the ACs so that the WLAN and NAC services on AC1 are backed up to AC2 in real time or in a batch. If AC1 is faulty, AC2 takes over services from AC1. User services are not interrupted.

Configuration Notes

  • No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
    • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
    • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
    For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
  • Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

  • In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

  • Dual-link backup cannot back up DHCP information. When the AC functions as the DHCP server to assign IP addresses to APs and STAs, APs and STAs need to re-obtain IP addresses if the active AC is faulty. It is recommended that Router function as the DHCP server. If the AC must be used as the DHCP server, configure address pools containing different IP addresses on the active and standby ACs to prevent IP address conflicts.

Procedure

  1. Configure SwitchA, SwitchB, AC1, and AC2 to ensure that the APs and ACs can exchange CAPWAP packets.

    # Set the PVID on GE0/0/1 of SwitchA to management VLAN 100 and add the interface to VLAN 100 and VLAN 101. Add GE0/0/2 of SwitchA to VLAN 100 and VLAN 101.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] vlan batch 100
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type trunk
    [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/1] quit
    [SwitchA] interface gigabitethernet 0/0/2
    [SwitchA-GigabitEthernet0/0/2] port link-type trunk
    [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [SwitchA-GigabitEthernet0/0/2] quit
    

    # Add GE0/0/1 (connecting to SwitchA) of SwitchB to VLAN 100 and VLAN 101. Add GE0/0/2 (connecting to AC1) of SwitchB, and GE0/0/3 (connecting to AC2) of SwitchB to VLAN 100.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchB
    [SwitchB] vlan batch 100
    [SwitchB] interface gigabitethernet 0/0/1
    [SwitchB-GigabitEthernet0/0/1] port link-type trunk
    [SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [SwitchB-GigabitEthernet0/0/1] quit
    [SwitchB] interface gigabitethernet 0/0/2
    [SwitchB-GigabitEthernet0/0/2] port link-type trunk
    [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [SwitchB-GigabitEthernet0/0/2] quit
    [SwitchB] interface gigabitethernet 0/0/3
    [SwitchB-GigabitEthernet0/0/3] port link-type trunk
    [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
    [SwitchB-GigabitEthernet0/0/3] quit
    

    # Add GE0/0/1 (connecting to SwitchB) of AC1 to VLAN 100.

    <AC6605> system-view
    [AC6605] sysname AC1
    [AC1] vlan batch 100
    [AC1] interface gigabitethernet 0/0/1
    [AC1-GigabitEthernet0/0/1] port link-type trunk
    [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AC1-GigabitEthernet0/0/1] quit

    # Add GE0/0/1 (connecting to SwitchB) of AC2 to VLAN 100.

    <AC6605> system-view
    [AC6605] sysname AC2
    [AC2] vlan batch 100
    [AC2] interface gigabitethernet 0/0/1
    [AC2-GigabitEthernet0/0/1] port link-type trunk
    [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AC2-GigabitEthernet0/0/1] quit

  2. Configure the communication between AC1, AC2, and Router.

    # Add GE0/0/1 of AC1 to backup VLAN 102.

    [AC1] vlan batch 101 102
    [AC1] interface vlanif 100
    [AC1-Vlanif100] ip address 10.23.100.2 24
    [AC1-Vlanif100] quit
    [AC1] interface vlanif 102
    [AC1-Vlanif102] ip address 10.23.102.1 24
    [AC1-Vlanif102] quit
    [AC1] interface gigabitethernet 0/0/1
    [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
    [AC1-GigabitEthernet0/0/1] quit

    # Add GE0/0/1 of AC2 to VLAN 102.

    [AC2] vlan batch 101 102
    [AC2] interface vlanif 100
    [AC2-Vlanif100] ip address 10.23.100.3 24
    [AC2-Vlanif100] quit
    [AC2] interface vlanif 102
    [AC2-Vlanif102] ip address 10.23.102.2 24
    [AC2-Vlanif102] quit
    [AC2] interface gigabitethernet 0/0/1
    [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
    [AC2-GigabitEthernet0/0/1] quit

    # Add GE0/0/2 and GE0/0/3 of SwitchB to VLAN 102 and add GE0/0/4 of SwitchB connecting to Router to both VLAN 100 and VLAN 101.

    [SwitchB] vlan batch 101 102
    [SwitchB] interface gigabitethernet 0/0/2
    [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
    [SwitchB-GigabitEthernet0/0/2] quit
    [SwitchB] interface gigabitethernet 0/0/3
    [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 102
    [SwitchB-GigabitEthernet0/0/3] quit
    [SwitchB] interface gigabitethernet 0/0/4
    [SwitchB-GigabitEthernet0/0/4] port link-type trunk
    [SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 101
    [SwitchB-GigabitEthernet0/0/4] quit
    

  3. Configure Router to assign IP addresses to STAs and APs.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
    <Huawei> system-view
    [Huawei] sysname Router
    [Router] vlan batch 100 101
    [Router] dhcp enable
    [Router] ip pool sta
    [Router-ip-pool-sta] network 10.23.101.0 mask 24
    [Router-ip-pool-sta] gateway-list 10.23.101.1
    [Router-ip-pool-sta] quit
    [Router] ip pool ap
    [Router-ip-pool-ap] network 10.23.100.0 mask 24
    [Router-ip-pool-ap] excluded-ip-address 10.23.100.2
    [Router-ip-pool-ap] excluded-ip-address 10.23.100.3
    [Router-ip-pool-ap] gateway-list 10.23.100.1
    [Router-ip-pool-ap] quit
    [Router] interface vlanif 100
    [Router-Vlanif100] ip address 10.23.100.1 24
    [Router-Vlanif100] dhcp select global
    [Router-Vlanif100] quit
    [Router] interface vlanif 101
    [Router-Vlanif101] ip address 10.23.101.1 24
    [Router-Vlanif101] dhcp select global
    [Router-Vlanif101] quit
    [Router] interface gigabitethernet 0/0/1
    [Router-GigabitEthernet0/0/1] port link-type trunk
    [Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [Router-GigabitEthernet0/0/1] quit
    

  4. Configure WLAN service parameters on AC1 and AC2.

    NOTE:

    Only the configurations on AC1 are provided here. The configurations on AC2 are the same as those on AC1.

    1. Configure system parameters for AC1.

      [AC1] wlan
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] regulatory-domain-profile name default
      [AC1-wlan-regulate-domain-default] country-code cn
      [AC1-wlan-regulate-domain-default] quit
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] regulatory-domain-profile default
      Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
      e?[Y/N]:y 
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] quit
      [AC1] capwap source interface vlanif 100
      [AC1] wlan
      

    2. Configure AC1 to manage APs.

      [AC1-wlan-view] ap auth-mode mac-auth
      [AC1-wlan-view] ap-id 0 ap-mac 60de-4476-e360
      [AC1-wlan-ap-0] ap-name area_1
      [AC1-wlan-ap-0] ap-group ap-group1
      Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
      s of the radio, Whether to continue? [Y/N]:y 
      [AC1-wlan-ap-0] quit
      [AC1-wlan-view] display ap all
      Total AP information:
      nor  : normal          [1]
      Extra information:
      P  : insufficient power supply
      --------------------------------------------------------------------------------------------------
      ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
      --------------------------------------------------------------------------------------------------
      0    60de-4476-e360 area_1 ap-group1 10.23.100.254 AP5030DN        nor   0   10S         -
      --------------------------------------------------------------------------------------------------
      Total: 1

    3. Configure WLAN service parameters on AC1.

      # Create security profile wlan-net and set the security policy in the profile.
      NOTE:

      In this example, the security policy is set to WPA-WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

      [AC1-wlan-view] security-profile name wlan-net
      [AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
      [AC1-wlan-sec-prof-wlan-net] quit
      

      # Create SSID profile wlan-net and set the SSID name to wlan-net.

      [AC1-wlan-view] ssid-profile name wlan-net
      [AC1-wlan-ssid-prof-wlan-net] ssid wlan-net
      [AC1-wlan-ssid-prof-wlan-net] quit
      

      # Create VAP profile wlan-net, set the data forwarding mode and service VLAN, and apply the security profile and SSID profile to the VAP profile.

      [AC1-wlan-view] vap-profile name wlan-net
      [AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward
      [AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
      [AC1-wlan-vap-prof-wlan-net] security-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] quit
      

      # Bind VAP profile wlan-net to the AP group, and apply the profile to radio 0 and radio 1 of the AP.

      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
      [AC1-wlan-ap-group-ap-group1] quit
      

  5. Configure dual-link backup on AC1 and AC2.

    # Configure the AC1 priority and AC2 IP address on AC1 to implement dual-link backup.

    [AC1-wlan-view] ac protect enable
    Warning: This operation maybe cause AP reset, continue?[Y/N]:y
    [AC1-wlan-view] ac protect protect-ac 10.23.100.3 priority 0
    

    # Configure the AC2 priority and AC1 IP address on AC2 to implement dual-link backup.

    [AC2-wlan-view] ac protect enable
    Warning: This operation maybe cause AP reset, continue?[Y/N]:y
    [AC2-wlan-view] ac protect protect-ac 10.23.100.2 priority 1
    [AC2-wlan-view] quit

    # Restart the AP on AC1 and deliver the dual-link backup configuration to the AP.

    [AC1-wlan-view] ap-reset all
    Warning: Reset AP(s), continue?[Y/N]:y
    [AC1-wlan-view] quit

  6. Configure the hot standby function.

    # Create HSB service 0 on AC1 and configure the IP addresses and port numbers for the active and standby channels.

    [AC1] hsb-service 0
    [AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
    [AC1-hsb-service-0] quit

    # Bind the WLAN and NAC services to AC1.

    [AC1] hsb-service-type ap hsb-service 0
    [AC1] hsb-service-type access-user hsb-service 0

    # Create HSB service 0 on AC2 and configure the IP addresses and port numbers for the active and standby channels.

    [AC2] hsb-service 0
    [AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
    [AC2-hsb-service-0] quit

    # Bind the WLAN and NAC services to AC2.

    [AC2] hsb-service-type ap hsb-service 0
    [AC2] hsb-service-type access-user hsb-service 0

  7. Verify the configuration.

    # Run the display ac protect command on AC1 and AC2 to view dual-link backup information.

    [AC1] display ac protect
    ------------------------------------------------------------
    Protect state             : enable
    Protect AC                : 10.23.100.3
    Priority                  : 0
    Protect restore           : enable
    ...
    ------------------------------------------------------------ 
    [AC2] display ac protect
    ------------------------------------------------------------
    Protect state             : enable
    Protect AC                : 10.23.100.2
    Priority                  : 1
    Protect restore           : enable
    ...
    ------------------------------------------------------------ 

    # Run the display hsb-service 0 command on AC1 and AC2 to check the HSB service status. The value of the Service State field is Connected, which indicates that the HSB channels are set up.

    [AC1] display hsb-service 0
    Hot Standby Service Information:
    ----------------------------------------------------------
      Local IP Address       : 10.23.102.1
      Peer IP Address        : 10.23.102.2
      Source Port            : 10241
      Destination Port       : 10241
      Keep Alive Times       : 5
      Keep Alive Interval    : 3
      Service State          : Connected
      Service Batch Modules  : AP
                               Access-user
      Shared-key             : -
     ----------------------------------------------------------
    
    [AC2] display hsb-service 0
    Hot Standby Service Information:
    ----------------------------------------------------------
      Local IP Address       : 10.23.102.2
      Peer IP Address        : 10.23.102.1
      Source Port            : 10241
      Destination Port       : 10241
      Keep Alive Times       : 5
      Keep Alive Interval    : 3
      Service State          : Connected
      Service Batch Modules  : AP
                               Access-user
      Shared-key             : -
    ----------------------------------------------------------
    

    The WLAN with SSID wlan-net is available for STAs connected to AP1, and these STAs can connect to the WLAN.

    When the AP detects a fault on the link connected to AC1, it instructs AC2 to take the active role. User services are not interrupted.

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 100
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    return
  • SwitchB configuration file

    #
    sysname SwitchB
    #
    vlan batch 100 to 102
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    interface GigabitEthernet0/0/3
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    interface GigabitEthernet0/0/4
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    return
  • Router configuration file

    #
     sysname Router
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    ip pool sta
     gateway-list 10.23.101.1
     network 10.23.101.0 mask 255.255.255.0
    #
    ip pool ap
     gateway-list 10.23.100.1
     network 10.23.100.0 mask 255.255.255.0
     excluded-ip-address 10.23.100.2 10.23.100.3      
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select global
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select global
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    return
  • AC1 configuration file

    #
     sysname AC1
    #
    vlan batch 100 to 102
    #
    interface Vlanif100
     ip address 10.23.100.2 255.255.255.0
    #
    interface Vlanif102
     ip address 10.23.102.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    capwap source interface vlanif100
    #
    hsb-service 0
     service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
    #
    hsb-service-type access-user hsb-service 0
    #
    hsb-service-type ap hsb-service 0
    #
    wlan
     ac protect enable protect-ac 10.23.100.3 priority 0
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     ap-group name ap-group1
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return
  • AC2 configuration file

    #
     sysname AC2
    #
    vlan batch 100 to 102
    #
    interface Vlanif100
     ip address 10.23.100.3 255.255.255.0
    #
    interface Vlanif102
     ip address 10.23.102.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    capwap source interface vlanif100
    #
    hsb-service 0
     service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
    #
    hsb-service-type access-user hsb-service 0
    #
    hsb-service-type ap hsb-service 0
    #
    wlan
     ac protect enable protect-ac 10.23.100.2 priority 1
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     ap-group name ap-group1
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000184389

Views: 90223

Downloads: 458

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next