No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN V200R008C10 Typical Configuration Examples

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VRRP HSB

Example for Configuring VRRP HSB

Service Requirements

An enterprise deploys a WLAN to provide WLAN services to users. The enterprise requires VRRP HSB to improve data transmission reliability.

Networking Requirements

  • AC networking mode: Layer 2 bypass mode
  • DHCP deployment mode: The AC functions as a DHCP server to assign IP addresses to APs and STAs.
  • Service data forwarding mode: direct forwarding
  • Switch cluster: A cluster is set up using a CSS card, containing SwitchB and SwitchC at the core layer. SwitchB is the active switch and SwitchC is the standby switch.
Figure 4-48 Configuring VRRP HSB (direct forwarding)

Data Planning

Table 4-46 AC Data Planning

Item

Configuration

AC1's source interface

VLANIF 100: 10.23.100.3/24

AC2's source interface

VLANIF 100: 10.23.100.3/24

Virtual IP address of the management VRRP group

10.23.100.3/24

Virtual IP address of the service VRRP group

10.23.101.3/24

VAP profile

  • Name: wlan-net
  • Forwarding mode: direct forwarding
  • Service VLAN: VLAN 101
  • Referenced profiles: SSID profile wlan-net and security profile wlan-net

AP group

  • Name: ap-group1
  • Referenced profiles: VAP profile wlan-net and regulatory domain profile default

Regulatory domain profile

  • Name: default
  • Country code: China

SSID profile

  • Name: wlan-net
  • SSID name: wlan-net

Security profile

  • Name: wlan-net
  • Security policy: WPA-WPA2+PSK+AES
  • Password: a1234567

DHCP server

The AC functions as the DHCP server to assign IP addresses to APs and STAs.

AP's gateway

VLANIF 100: 10.23.100.3/24

IP address pool for APs

10.23.100.4 to 10.23.100.254/24

STA's gateway

VLANIF 101: 10.23.101.3/24

IP address pool for STAs

10.23.101.4 to 10.23.101.254/24

IP addresses and port numbers for the active and standby channels of AC1

IP address: VLANIF 102, 10.23.102.1/24

Port number: 10241

IP addresses and port numbers for the active and standby channels of AC2

IP address: VLANIF 102, 10.23.102.2/24

Port number: 10241

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a cluster between SwitchB and SwitchC through cluster cards to improve the core layer reliability and configure SwitchB as the master switch.
  2. Set up connections between the AP, ACs, and other network devices.
  3. Configure basic WLAN services to ensure that users can access the Internet through WLAN.
  4. Configure a VRRP group on AC1 and AC2 and configure a high priority for AC1 as the active device to forward traffic, and a low priority for AC2 as the standby device.
  5. Configure the hot standby (HSB) function so that service information on AC1 is backed up to AC2 in batches in real time, ensuring seamless service switchover from the active device to the standby device.
NOTE:

Check whether loops occur on the wired network. If loops occur, configure MSTP on corresponding NEs.

Configuration Notes

  • No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
    • In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
    • In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
    For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
  • Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.

  • In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

  1. Establish a cluster through cluster cards.

    # Set the CSS ID, CSS priority, and CSS connection mode to 1, 100, and CSS card connection for SwitchB.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchB
    [SwitchB] set css mode css-card
    [SwitchB] set css id 1
    [SwitchB] set css priority 100
    

    # Set the CSS ID, CSS priority, and CSS connection mode to 2, 10, and CSS card connection for SwitchC.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchC
    [SwitchC] set css mode css-card
    [SwitchC] set css id 2
    [SwitchC] set css priority 10
    

    # Check the CSS configuration on SwitchB.

    [SwitchB] display css status saved
    Current Id   Saved Id     CSS Enable   CSS Mode    Priority    Master force     
    ------------------------------------------------------------------------------  
    1            1            Off          CSS card    100         Off             

    # Check the CSS configuration on SwitchC.

    [SwitchC] display css status saved
    Current Id   Saved Id     CSS Enable   CSS Mode    Priority    Master force     
    ------------------------------------------------------------------------------  
    1            2            Off          CSS card    10          Off              

    # Enable the CSS function on SwitchB and restart SwitchB.

    [SwitchB] css enable
    Warning: The CSS configuration will take effect only after the system is rebooted. T
    he next CSS mode is CSS card. Reboot now? [Y/N]:y

    # Enable the CSS function on SwitchC and restart SwitchC.

    [SwitchC] css enable
    Warning: The CSS configuration will take effect only after the system is rebooted. T
    he next CSS mode is CSS card. Reboot now? [Y/N]:y

    # Log in to the CSS through the console port on any MPU to check whether the CSS is established successfully.

    <SwitchB> display device
    Chassis 1 (Master Switch)
    S12708's Device status:
    Slot  Sub Type         Online    Power      Register       Status     Role  
    -------------------------------------------------------------------------------
    1     -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    5     -   ET1D2G48SEC0 Present   PowerOn    Registered     Normal     NA    
    7     -   ET1D2X16SSC0 Present   PowerOn    Registered     Normal     NA    
    9     -   ET1D2MPUA000 Present   PowerOn    Registered     Normal     Slave 
    10    -   ET1D2MPUA000 Present   PowerOn    Registered     Normal     Master
    12    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    13    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    14    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    PWR1  -   -            Present   PowerOn    Registered     Normal     NA    
    PWR2  -   -            Present   PowerOn    Registered     Normal     NA    
    CMU2  -   EH1D200CMU00 Present   PowerOn    Registered     Normal     Master
    FAN1  -   -            Present   PowerOn    Registered     Normal     NA    
    FAN2  -   -            Present   PowerOn    Registered     Normal     NA    
    FAN3  -   -            Present   PowerOn    Registered     Normal     NA    
    FAN4  -   -            Present   PowerOn    Registered     Normal     NA    
    Chassis 2 (Standby Switch)
    S12708's Device status:
    Slot  Sub Type         Online    Power      Register       Status     Role  
    -------------------------------------------------------------------------------
    1     -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    3     -   ET1D2G48SEC0 Present   PowerOn    Registered     Normal     NA    
    4     -   ET1D2X16SSC0 Present   PowerOn    Registered     Normal     NA    
    9     -   ET1D2MPUA000 Present   PowerOn    Registered     Normal     Slave 
    10    -   ET1D2MPUA000 Present   PowerOn    Registered     Normal     Master
    12    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    13    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    14    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA    
          1   EH1D2VS08000 Present   PowerOn    Registered     Normal     NA    
    PWR1  -   -            Present   PowerOn    Registered     Normal     NA    
    PWR2  -   -            Present   PowerOn    Registered     Normal     NA    
    CMU1  -   EH1D200CMU00 Present   PowerOn    Registered     Normal     Master
    FAN1  -   -            Present   PowerOn    Registered     Normal     NA    
    FAN2  -   -            Present   PowerOn    Registered     Normal     NA    
    FAN3  -   -            Present   PowerOn    Registered     Normal     NA    
    FAN4  -   -            Present   PowerOn    Registered     Normal     NA    
    <SwitchB> display css status
    CSS Enable switch On                                                            
                                                                                    
    Chassis Id   CSS Enable   CSS Status      CSS Mode    Priority    Master Force  
    ------------------------------------------------------------------------------  
    1            On           Master          CSS card    100         Off           
    2            On           Standby         CSS card    10          Off   

    The command output shows card status and CSS status of both member switches, indicating that the CSS is established successfully.

    # Check whether the cluster links are normal.

    <SwitchB> display css channel
                   Chassis 1               ||             Chassis 2                 
    --------------------------------------------------------------------------------
    Num      [Port]         [Speed]        ||        [Speed]         [Port]
     1       1/1/0/1        10G                      10G             2/1/0/1      
     2       1/1/0/2        10G                      10G             2/1/0/2      
     3       1/1/0/3        10G                      10G             2/1/0/3      
     4       1/1/0/4        10G                      10G             2/1/0/4      
     5       1/1/0/5        10G                      10G             2/1/0/5      
     6       1/1/0/6        10G                      10G             2/1/0/6      
     7       1/1/0/7        10G                      10G             2/1/0/7      
     8       1/1/0/8        10G                      10G             2/1/0/8      
     9       1/12/0/1       10G                      10G             2/12/0/1      
    10       1/12/0/2       10G                      10G             2/12/0/2      
    11       1/12/0/3       10G                      10G             2/12/0/3      
    12       1/12/0/4       10G                      10G             2/12/0/4      
    13       1/12/0/5       10G                      10G             2/12/0/5      
    14       1/12/0/6       10G                      10G             2/12/0/6      
    15       1/12/0/7       10G                      10G             2/12/0/7      
    16       1/12/0/8       10G                      10G             2/12/0/8      
    17       1/13/0/1       10G                      10G             2/13/0/1      
    18       1/13/0/2       10G                      10G             2/13/0/2      
    19       1/13/0/3       10G                      10G             2/13/0/3      
    20       1/13/0/4       10G                      10G             2/13/0/4      
    21       1/13/0/5       10G                      10G             2/13/0/5      
    22       1/13/0/6       10G                      10G             2/13/0/6      
    23       1/13/0/7       10G                      10G             2/13/0/7      
    24       1/13/0/8       10G                      10G             2/13/0/8      
    25       1/14/0/1       10G                      10G             2/14/0/1      
    26       1/14/0/2       10G                      10G             2/14/0/2      
    27       1/14/0/3       10G                      10G             2/14/0/3      
    28       1/14/0/4       10G                      10G             2/14/0/4      
    29       1/14/0/5       10G                      10G             2/14/0/5      
    30       1/14/0/6       10G                      10G             2/14/0/6      
    31       1/14/0/7       10G                      10G             2/14/0/7      
    32       1/14/0/8       10G                      10G             2/14/0/8      
    --------------------------------------------------------------------------------

    The command output shows that all the cluster links are in Up state, indicating that the CSS has been established successfully.

  2. Configure SwitchA, SwitchB, SwitchC, AC1, and AC2 so that CAPWAP packets can be transmitted between the AP and ACs.

    NOTE:

    If direct forwarding is used, configure port isolation on GE0/0/1 of the SwitchA (connecting to the AP). If port isolation is not configured, many broadcast packets will be transmitted in the VLANs or WLAN users on different APs can directly communicate at Layer 2.

    # Set the PVID of GE0/0/1 on SwitchA connected to the AP to management VLAN 100 and add GE0/0/1 to VLAN 100 and service VLAN 101. Add GE0/0/2 on SwitchA connected to SwitchB to VLAN 100 and VLAN 101 and GE0/0/3 on SwitchA connected to SwitchC to Eth-Trunk 10.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] vlan batch 100 101
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type trunk
    [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
    [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [SwitchA-GigabitEthernet0/0/1] port-isolate enable
    [SwitchA-GigabitEthernet0/0/1] quit
    [SwitchA] interface eth-trunk 10
    [SwitchA-Eth-Trunk10] port link-type trunk
    [SwitchA-Eth-Trunk10] undo port trunk allow-pass vlan 1
    [SwitchA-Eth-Trunk10] port trunk allow-pass vlan 100 101
    [SwitchA-Eth-Trunk10] quit
    [SwitchA] interface gigabitethernet 0/0/2
    [SwitchA-GigabitEthernet0/0/2] undo port link-type
    [SwitchA-GigabitEthernet0/0/2] eth-trunk 10
    [SwitchA-GigabitEthernet0/0/2] quit
    [SwitchA] interface gigabitethernet 0/0/3
    [SwitchA-GigabitEthernet0/0/3] undo port link-type
    [SwitchA-GigabitEthernet0/0/3] eth-trunk 10
    [SwitchA-GigabitEthernet0/0/3] quit
    

    # Add GE1/1/0/2 on SwitchB and GE2/1/0/2 on SwitchC to Eth-Trunk 10, and add E1/1/0/1 on SwitchB and GE2/1/0/1 on SwitchC to VLANs 100 and 101, respectively.

    [SwitchB] sysname CSS
    [CSS] vlan batch 100 101
    [CSS] interface gigabitethernet 1/1/0/1
    [CSS-GigabitEthernet1/1/0/1] port link-type trunk
    [CSS-GigabitEthernet1/1/0/1] undo port trunk allow-pass vlan 1
    [CSS-GigabitEthernet1/1/0/1] port trunk allow-pass vlan 100 101
    [CSS-GigabitEthernet1/1/0/1] quit
    [CSS] interface gigabitethernet 2/1/0/1
    [CSS-GigabitEthernet2/1/0/1] port link-type trunk
    [CSS-GigabitEthernet2/1/0/1] undo port trunk allow-pass vlan 1
    [CSS-GigabitEthernet2/1/0/1] port trunk allow-pass vlan 100 101
    [CSS-GigabitEthernet2/1/0/1] quit
    [CSS] interface eth-trunk 10
    [CSS-Eth-Trunk10] port link-type trunk
    [CSS-Eth-Trunk10] undo port trunk allow-pass vlan 1
    [CSS-Eth-Trunk10] port trunk allow-pass vlan 100 101
    [CSS-Eth-Trunk10] quit
    [CSS] interface gigabitethernet 1/1/0/2
    [CSS-GigabitEthernet1/1/0/2] undo port link-type
    [CSS-GigabitEthernet1/1/0/2] eth-trunk 10
    [CSS-GigabitEthernet1/1/0/2] quit
    [CSS] interface gigabitethernet 2/1/0/2
    [CSS-GigabitEthernet2/1/0/2] undo port link-type
    [CSS-GigabitEthernet2/1/0/2] eth-trunk 10
    [CSS-GigabitEthernet2/1/0/2] quit

    # Add GE0/0/1 that connects AC1 to SwitchB to VLAN 100 and VLAN 101, and configure VLANIF 100 and VLANIF 101.

    <AC6605> system-view
    [AC6605] sysname AC1
    [AC1] vlan batch 100 101
    [AC1] interface gigabitethernet 0/0/1
    [AC1-GigabitEthernet0/0/1] port link-type trunk
    [AC1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
    [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [AC1-GigabitEthernet0/0/1] quit
    [AC1] interface vlanif 100
    [AC1-Vlanif100] ip address 10.23.100.1 24
    [AC1-Vlanif100] quit
    [AC1] interface vlanif 101
    [AC1-Vlanif101] ip address 10.23.101.1 24
    [AC1-Vlanif101] quit

    # Add GE0/0/1 that connects AC2 to SwitchC to VLAN 100 and VLAN 101, and configure VLANIF 100 and VLANIF 101.

    <AC6605> system-view
    [AC6605] sysname AC2
    [AC2] vlan batch 100 101
    [AC2] interface gigabitethernet 0/0/1
    [AC2-GigabitEthernet0/0/1] port link-type trunk
    [AC2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1
    [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [AC2-GigabitEthernet0/0/1] quit
    [AC2] interface vlanif 100
    [AC2-Vlanif100] ip address 10.23.100.2 24
    [AC2-Vlanif100] quit
    [AC2] interface vlanif 101
    [AC2-Vlanif101] ip address 10.23.101.2 24
    [AC2-Vlanif101] quit

  3. Configure AC1 to communicate with AC2.

    # Add GE0/0/2 on AC1 (connecting to AC2) to VLAN 102.

    [AC1] vlan batch 102
    [AC1] interface gigabitethernet 0/0/2
    [AC1-GigabitEthernet0/0/2] port link-type trunk
    [AC1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
    [AC1-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
    [AC1-GigabitEthernet0/0/2] quit
    [AC1] interface vlanif 102
    [AC1-Vlanif102] ip address 10.23.102.1 24
    [AC1-Vlanif102] quit
    

    # Add GE0/0/2 on AC2 (connecting to AC1) to VLAN 102.

    [AC2] vlan batch 102
    [AC2] interface gigabitethernet 0/0/2
    [AC2-GigabitEthernet0/0/2] port link-type trunk
    [AC2-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1
    [AC2-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
    [AC2-GigabitEthernet0/0/2] quit
    [AC2] interface vlanif 102
    [AC2-Vlanif102] ip address 10.23.102.2 24
    [AC2-Vlanif102] quit
    

  4. Configure a DHCP server.

    NOTE:
    Configure the DNS server as required. The common methods are as follows:
    • In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
    • In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.

    # Configure AC1 as the DHCP server to assign IP addresses to the AP and STA.

    [AC1] dhcp enable
    [AC1] dhcp server database enable
    [AC1] dhcp server database recover
    [AC1] interface vlanif 100
    [AC1-Vlanif100] dhcp select interface
    [AC1-Vlanif100] dhcp server excluded-ip-address 10.23.100.2
    [AC1-Vlanif100] quit
    [AC1] interface vlanif 101
    [AC1-Vlanif101] dhcp select interface
    [AC1-Vlanif101] dhcp server excluded-ip-address 10.23.101.2
    [AC1-Vlanif101] quit
    

    The configuration for AC2 is similar to that for AC1 and is not mentioned here.

  5. Configure VRRP on AC1 to implement AC hot standby.

    # Set the recovery delay of the VRRP group to 60 seconds.

    [AC1] vrrp recover-delay 60
    

    # Create a management VRRP group on AC1, set AC1's VRRP priority to 120, and set the preemption delay to 1800s. Set the interval at which the master in the VRRP group sends VRRP packets to 2 seconds.

    [AC1] interface vlanif 100
    [AC1-Vlanif100] vrrp vrid 1 virtual-ip 10.23.100.3
    [AC1-Vlanif100] vrrp vrid 1 priority 120
    [AC1-Vlanif100] vrrp vrid 1 preempt-mode timer delay 1800
    [AC1-Vlanif100] admin-vrrp vrid 1
    [AC1-Vlanif100] vrrp vrid 1 timer advertise 2
    [AC1-Vlanif100] quit
    

    # Create a service VRRP group on AC1, set the preemption delay to 1800s, and set the interval at which the master in the VRRP group sends VRRP packets to 2 seconds.

    [AC1] interface vlanif 101
    [AC1-Vlanif101] vrrp vrid 2 virtual-ip 10.23.101.3
    [AC1-Vlanif101] vrrp vrid 2 preempt-mode timer delay 1800
    [AC1-Vlanif101] vrrp vrid 2 track admin-vrrp interface vlanif 100 vrid 1 unflowdown
    [AC1-Vlanif101] vrrp vrid 2 timer advertise 2
    [AC1-Vlanif101] quit

    # Create HSB service 0 on AC1, configure the IP addresses and port numbers for the active and standby channels, and set the retransmission times and interval of HSB packets.

    [AC1] hsb-service 0
    [AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
    [AC1-hsb-service-0] service-keep-alive detect retransmit 3 interval 6
    [AC1-hsb-service-0] quit

    # Create HSB group 0 on AC1, and bind it to HSB service 0 and the management VRRP group.

    [AC1] hsb-group 0
    [AC1-hsb-group-0] bind-service 0
    [AC1-hsb-group-0] track vrrp vrid 1 interface vlanif 100
    [AC1-hsb-group-0] quit
    

    # Bind the NAC service to the HSB group.

    [AC1] hsb-service-type access-user hsb-group 0

    # Bind the WLAN service to the HSB group.

    [AC1] hsb-service-type ap hsb-group 0

    # Bind the DHCP service to the HSB group.

    [AC1] hsb-service-type dhcp hsb-group 0

    # Enable the HSB function.

    [AC1] hsb-group 0
    [AC1-hsb-group-0] hsb enable
    [AC1-hsb-group-0] quit

  6. Configure VRRP on AC2 to implement AC HSB.

    # Set the recovery delay of the VRRP group to 60 seconds.

    [AC2] vrrp recover-delay 60
    

    # Create a management VRRP group on AC2 and set the interval at which the master in the VRRP group sends VRRP packets to 2 seconds.

    [AC2] interface vlanif 100
    [AC2-Vlanif100] vrrp vrid 1 virtual-ip 10.23.100.3
    [AC2-Vlanif100] admin-vrrp vrid 1
    [AC2-Vlanif100] vrrp vrid 1 timer advertise 2
    [AC2-Vlanif100] quit
    

    # Create a service VRRP group on AC2 and set the interval at which the master in the VRRP group sends VRRP packets to 2 seconds.

    [AC2] interface vlanif 101
    [AC2-Vlanif101] vrrp vrid 2 virtual-ip 10.23.101.3
    [AC2-Vlanif101] vrrp vrid 2 track admin-vrrp interface vlanif 100 vrid 1 unflowdown
    [AC2-Vlanif101] vrrp vrid 2 timer advertise 2
    [AC2-Vlanif101] quit

    # Create HSB service 0 on AC2, configure the IP addresses and port numbers for the active and standby channels, and set the retransmission times and interval of HSB packets.

    [AC2] hsb-service 0
    [AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
    [AC2-hsb-service-0] service-keep-alive detect retransmit 3 interval 6
    [AC2-hsb-service-0] quit

    # Create HSB group 0 on AC2, and bind it to HSB service 0 and the management VRRP group.

    [AC2] hsb-group 0
    [AC2-hsb-group-0] bind-service 0
    [AC2-hsb-group-0] track vrrp vrid 1 interface vlanif 100
    [AC2-hsb-group-0] quit
    

    # Bind the NAC service to the HSB group.

    [AC2] hsb-service-type access-user hsb-group 0

    # Bind the WLAN service to the HSB group.

    [AC2] hsb-service-type ap hsb-group 0

    # Bind the DHCP service to the HSB group.

    [AC2] hsb-service-type dhcp hsb-group 0

    # Enable the HSB function.

    [AC2] hsb-group 0
    [AC2-hsb-group-0] hsb enable
    [AC2-hsb-group-0] quit

  7. Configure WLAN services on AC1. The configurations on AC2 are similar to those on AC1. An AP in normal state on the active AC is in standby state on AC2.
    1. Configure system parameters for AC1.

      [AC1] wlan
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] regulatory-domain-profile name default
      [AC1-wlan-regulate-domain-default] country-code cn
      [AC1-wlan-regulate-domain-default] quit
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] regulatory-domain-profile default
      Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
      e?[Y/N]:y 
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] quit
      [AC1] capwap source ip-address 10.23.100.3

    2. Import an AP offline on AC1.

      [AC1] wlan
      [AC1-wlan-view] ap auth-mode mac-auth
      [AC1-wlan-view] ap-id 0 ap-mac 60de-4476-e360
      [AC1-wlan-ap-0] ap-name area_1
      [AC1-wlan-ap-0] ap-group ap-group1
      Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
      s of the radio, Whether to continue? [Y/N]:y 
      [AC1-wlan-ap-0] quit
      [AC1-wlan-view] display ap all
      Total AP information:
      nor  : normal          [1]
      Extra information:
      P  : insufficient power supply
      --------------------------------------------------------------------------------------------------
      ID   MAC            Name   Group     IP              Type            State STA Uptime      ExtraInfo
      --------------------------------------------------------------------------------------------------
      0    60de-4476-e360 area_1 ap-group1 10.23.100.254   AP5030DN        nor   0   10S         -
      --------------------------------------------------------------------------------------------------
      Total: 1

    3. Configure WLAN service parameters on AC1.

      # Create security profile wlan-net and set the security policy in the profile.
      NOTE:

      In this example, the security policy is set to WPA-WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

      [AC1-wlan-view] security-profile name wlan-net
      [AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
      [AC1-wlan-sec-prof-wlan-net] quit
      

      # Create SSID profile wlan-net and set the SSID name to wlan-net.

      [AC1-wlan-view] ssid-profile name wlan-net
      [AC1-wlan-ssid-prof-wlan-net] ssid wlan-net
      [AC1-wlan-ssid-prof-wlan-net] quit
      

      # Create VAP profile wlan-net, set the data forwarding mode and service VLAN, and apply the security profile and SSID profile to the VAP profile.

      [AC1-wlan-view] vap-profile name wlan-net
      [AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward
      [AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
      [AC1-wlan-vap-prof-wlan-net] security-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] quit
      

      # Bind VAP profile wlan-net to the AP group and apply the profile to radio 0 and radio 1 of the AP.

      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] quit

  8. Verify the configuration.

    # After the configurations are complete, run the display vrrp command on AC1 and AC2. The command output shows that the State field of AC1 is Master and that of AC2 is Backup.

    [AC1] display vrrp
      Vlanif100 | Virtual Router 1
        State : Master
        Virtual IP : 10.23.100.3
        Master IP : 10.23.100.1
        PriorityRun : 120
        PriorityConfig : 120
        MasterPriority : 120
        Preempt : YES   Delay Time : 1800 s
        TimerRun : 2 s
        TimerConfig : 2 s
        Auth type : NONE
        Virtual MAC : 0000-5e00-0101
        Check TTL : YES
        Config type : admin-vrrp
        Backup-forward : disabled
        Create time : 2005-07-31 01:25:55 UTC+08:00
        Last change time : 2005-07-31 02:48:22 UTC+08:00
                                                                                    
      Vlanif101 | Virtual Router 2
        State : Master
        Virtual IP : 10.23.101.3
        Master IP : 10.23.101.1
        PriorityRun : 100
        PriorityConfig : 100
        MasterPriority : 100
        Preempt : YES   Delay Time : 1800 s
        TimerRun : 2 s
        TimerConfig : 2 s
        Auth type : NONE
        Virtual MAC : 0000-5e00-0102
        Check TTL : YES
        Config type : member-vrrp
        Backup-forward : disabled
        Create time : 2005-07-30 23:45:50 UTC+08:00
        Last change time : 2005-07-31 02:48:22 UTC+08:00
    [AC2] display vrrp
      Vlanif100 | Virtual Router 1
        State : Backup
        Virtual IP : 10.23.100.3
        Master IP : 10.23.100.1
        PriorityRun : 100
        PriorityConfig : 100
        MasterPriority : 120
        Preempt : YES   Delay Time : 0 s
        TimerRun : 2 s
        TimerConfig : 2 s
        Auth type : NONE
        Virtual MAC : 0000-5e00-0101
        Check TTL : YES
        Config type : admin-vrrp
        Backup-forward : disabled
        Create time : 2005-07-31 02:11:07 UTC+08:00
        Last change time : 2005-07-31 03:40:45 UTC+08:00
    
      Vlanif101 | Virtual Router 2
        State : Backup
        Virtual IP : 10.23.101.3
        Master IP : 0.0.0.0
        PriorityRun : 100
        PriorityConfig : 100
        MasterPriority : 100
        Preempt : YES   Delay Time : 0 s
        TimerRun : 2 s
        TimerConfig : 2 s
        Auth type : NONE
        Virtual MAC : 0000-5e00-0102
        Check TTL : YES
        Config type : member-vrrp
        Backup-forward : disabled
        Create time : 2005-07-31 00:32:33 UTC+08:00
        Last change time : 2005-07-31 03:40:45 UTC+08:00

    # Run the display hsb-service 0 command on AC1 and AC2 to check the HSB service status. The command output shows that the Service State field is Connected, indicating that the HSB channel has been established.

    [AC1] display hsb-service 0
    Hot Standby Service Information:
    ----------------------------------------------------------
      Local IP Address       : 10.23.102.1
      Peer IP Address        : 10.23.102.2
      Source Port            : 10241
      Destination Port       : 10241
      Keep Alive Times       : 2
      Keep Alive Interval    : 1
      Service State          : Connected
      Service Batch Modules  : 
      Shared-key             : -
    ----------------------------------------------------------
    
    [AC2] display hsb-service 0
    Hot Standby Service Information:
    ----------------------------------------------------------
      Local IP Address       : 10.23.102.2
      Peer IP Address        : 10.23.102.1
      Source Port            : 10241
      Destination Port       : 10241
      Keep Alive Times       : 2
      Keep Alive Interval    : 1
      Service State          : Connected
      Service Batch Modules  : 
      Shared-key             : -
    ----------------------------------------------------------
    

    # Run the display hsb-group 0 command on AC1 and AC2 to check the HSB group status.

    [AC1] display hsb-group 0
    Hot Standby Group Information:
    ----------------------------------------------------------
      HSB-group ID                : 0
      Vrrp Group ID               : 1
      Vrrp Interface              : Vlanif100
      Service Index               : 0
      Group Vrrp Status           : Master
      Group Status                : Active
      Group Backup Process        : Realtime
      Peer Group Device Name      : AC6605
      Peer Group Software Version : V200R008C10
      Group Backup Modules        : Access-user
                                    DHCP
                                    AP
    ----------------------------------------------------------  
    [AC2] display hsb-group 0
    Hot Standby Group Information:
    ----------------------------------------------------------
      HSB-group ID                : 0
      Vrrp Group ID               : 1
      Vrrp Interface              : Vlanif100
      Service Index               : 0
      Group Vrrp Status           : Backup
      Group Status                : Inactive
      Group Backup Process        : Realtime
      Peer Group Device Name      : AC6605
      Peer Group Software Version : V200R008C10
      Group Backup Modules        : Access-user
                                    DHCP
                                    AP
    ----------------------------------------------------------  

    The WLAN with SSID wlan-net is available for STAs connected to AP, and these STAs can connect to the WLAN.

    When the links between SwitchA and SwitchB and between AC1 and SwitchB are disconnected, AC2 switches to the active AC. This ensures service transmission stability.

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 100 to 101
    #
    interface Eth-Trunk10
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
     port-isolate enable group 1
    #
    interface GigabitEthernet0/0/2
     eth-trunk 10
    #
    interface GigabitEthernet0/0/3
     eth-trunk 10
    #
    return
  • CSS configuration file

    #
    sysname CSS
    #
    vlan batch 100 to 101
    #
    interface Eth-Trunk10
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
    #  
    interface GigabitEthernet1/1/0/1
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet1/1/0/2
     eth-trunk 10
    #
    interface GigabitEthernet2/1/0/1
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet2/1/0/2
     eth-trunk 10
    #
    return
  • AC1 configuration file

    #
     sysname AC1
    #
    vrrp recover-delay 60
    #
    vlan batch 100 to 102
    #
    dhcp enable
    #
    dhcp server database enable
    dhcp server database recover
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     vrrp vrid 1 virtual-ip 10.23.100.3
     admin-vrrp vrid 1
     vrrp vrid 1 priority 120
     vrrp vrid 1 preempt-mode timer delay 1800
     vrrp vrid 1 timer advertise 2
     dhcp select interface
     dhcp server excluded-ip-address 10.23.100.2
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     vrrp vrid 2 virtual-ip 10.23.101.3
     vrrp vrid 2 preempt-mode timer delay 1800
     vrrp vrid 2 timer advertise 2
     vrrp vrid 2 track admin-vrrp interface Vlanif100 vrid 1 unflowdown
     dhcp select interface
     dhcp server excluded-ip-address 10.23.101.2
    #
    interface Vlanif102
     ip address 10.23.102.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 102
    #
    capwap source ip-address 10.23.100.3
    #
    hsb-service 0
     service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
     service-keep-alive detect retransmit 3 interval 6
    #
    hsb-group 0
     track vrrp vrid 1 interface Vlanif100
     bind-service 0
     hsb enable
    #
    hsb-service-type access-user hsb-group 0
    #
    hsb-service-type dhcp hsb-group 0
    #
    hsb-service-type ap hsb-group 0
    #
    wlan
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#G.DGWgjG./fvyr*oM)KMgc*sR}!GUWLa"%G_E.^B%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     ap-group name ap-group1
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return
  • AC2 configuration file

    #
     sysname AC2
    #
    vrrp recover-delay 60
    #
    vlan batch 100 to 102
    #
    dhcp enable
    #
    dhcp server database enable
    dhcp server database recover
    #
    interface Vlanif100
     ip address 10.23.100.2 255.255.255.0
     vrrp vrid 1 virtual-ip 10.23.100.3
     admin-vrrp vrid 1
     vrrp vrid 1 timer advertise 2
     dhcp select interface
    #
    interface Vlanif101
     ip address 10.23.101.2 255.255.255.0
     vrrp vrid 2 virtual-ip 10.23.101.3
     vrrp vrid 2 timer advertise 2
     vrrp vrid 2 track admin-vrrp interface Vlanif100 vrid 1 unflowdown
     dhcp select interface
    #
    interface Vlanif102
     ip address 10.23.102.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     undo port trunk allow-pass vlan 1
     port trunk allow-pass vlan 102
    #
    capwap source ip-address 10.23.100.3
    #
    hsb-service 0
     service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
     service-keep-alive detect retransmit 3 interval 6
    #
    hsb-group 0
     track vrrp vrid 1 interface Vlanif100
     bind-service 0
     hsb enable
    #
    hsb-service-type access-user hsb-group 0
    #
    hsb-service-type dhcp hsb-group 0
    #
    hsb-service-type ap hsb-group 0
    #
    wlan
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#G.DGWgjG./fvyr*oM)KMgc*sR}!GUWLa"%G_E.^B%^%# aes
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     ap-group name ap-group1
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000184389

Views: 90966

Downloads: 460

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next