Example for Configuring Wireless Configuration Synchronization in Dual-Link HSB Scenarios

WLAN V200R019C00 Typical Configuration Examples

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Service Requirements

To ensure that services are running normally, an enterprise wants to improve network reliability while reducing the configuration maintenance workload. Wireless configuration synchronization can be deployed in dual-link HSB to meet this requirement. This solution frees active and standby ACs from location restrictions and allows both ACs to be flexibly deployed.

Networking Requirements

AC networking mode: Layer 2 bypass mode
DHCP deployment mode: The router functions as a DHCP server to assign IP addresses to APs and STAs.
Service data forwarding mode: direct forwarding

Figure 4-47 Networking diagram for configuring dual-link HSB

Data Planning

Table 4-45 AC data planning

Item	Data
Management VLAN for APs	VLAN100
Service VLAN for STAs	VLAN101
AC's backup VLAN	VLAN102
DHCP server	The Router functions as the DHCP server for the APs and STAs. STAs' gateway: 10.23.101.1/24 APs' gateway: 10.23.100.1/24
IP address pool for APs	10.23.100.4-10.23.100.254/24
IP address pool for STAs	10.23.101.2-10.23.101.254/24
AC's source interface	VLANIF100
AC1's management IP address	VLANIF 100: 10.23.100.2/24
AC2's management IP address	VLANIF 100: 10.23.100.3/24
Active AC	AC1
Standby AC	AC2
Master AC	AC1
Local AC	AC2
AP group	Name: ap-group1 Referenced profiles: VAP profile wlan-net and regulatory domain profile default
Regulatory domain profile	Name: default Country code: CN
SSID profile	Name: wlan-net SSID name: wlan-net
Security profile	Name: wlan-net Security policy: WPA-WPA2+PSK+AES Password: a1234567
VAP profile	Name: wlan-net Forwarding mode: direct forwarding Service VLAN: VLAN 101 Referenced profiles: SSID profile wlan-net and security profile wlan-net
AP system profile	Name: wlan-net Primary AC's IP address: 10.23.100.2 Backup AC's IP address: 10.23.100.3
Scheduled wireless configuration synchronization	Start time of scheduled synchronization: 01:00 Interval for scheduled synchronization: 1440 minutes

Configuration Roadmap

Configure network connectivity between AC1, AC2, and other network devices. Configure the Router as a DHCP server to assign IP addresses to APs and STAs.
Configure basic WLAN services on AC1 and only private WLAN service parameters on AC2.
Configure AC1 as the active AC and AC2 as the standby AC. Configure dual-link HSB on the active AC first and then on the standby AC. When dual-link HSB is enabled, all APs are restarted.
Configure wireless configuration synchronization in the dual-link HSB scenarios.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure SwitchA, SwitchB, AC1, and AC2 to ensure that APs and ACs can exchange CAPWAP packets.

# On SwitchA, set the PVID on GE0/0/1 connected to the AP to the management VLAN 100 and add the interface to VLAN 100 and VLAN 101. Add GE0/0/2 connected to SwitchB to VLAN 100 and VLAN 101.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SwitchA-GigabitEthernet0/0/2] quit

# On SwitchB, add GE0/0/1 (connected to SwitchA) to VLAN 100 and VLAN 101, and GE0/0/2 (connected to AC1) and GE0/0/3 (connected to AC2) to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/3] quit

# Add GE0/0/1 on AC1 connected to SwitchB to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname AC1
[AC1] vlan batch 100
[AC1] interface gigabitethernet 0/0/1
[AC1-GigabitEthernet0/0/1] port link-type trunk
[AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC1-GigabitEthernet0/0/1] quit

# Add GE0/0/1 on AC2 connected to SwitchB to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname AC2
[AC2] vlan batch 100
[AC2] interface gigabitethernet 0/0/1
[AC2-GigabitEthernet0/0/1] port link-type trunk
[AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[AC2-GigabitEthernet0/0/1] quit

Configure the communication between AC1, AC2, and Router.

# Add GE0/0/1 on AC1 to VLAN 102 (backup VLAN).

[AC1] vlan batch 101 102
[AC1] interface vlanif 100
[AC1-Vlanif100] ip address 10.23.100.2 24
[AC1-Vlanif100] quit
[AC1] interface vlanif 102
[AC1-Vlanif102] ip address 10.23.102.1 24
[AC1-Vlanif102] quit
[AC1] interface gigabitethernet 0/0/1
[AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
[AC1-GigabitEthernet0/0/1] quit

# Add GE0/0/1 on AC2 to VLAN 102.

[AC2] vlan batch 101 102
[AC2] interface vlanif 100
[AC2-Vlanif100] ip address 10.23.100.3 24
[AC2-Vlanif100] quit
[AC2] interface vlanif 102
[AC2-Vlanif102] ip address 10.23.102.2 24
[AC2-Vlanif102] quit
[AC2] interface gigabitethernet 0/0/1
[AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
[AC2-GigabitEthernet0/0/1] quit

# On SwitchB, add GE0/0/2 and GE0/0/3 to VLAN 102, and add GE0/0/4 connected to Router to VLAN 100 and VLAN 101.

[SwitchB] vlan batch 101 102
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 102
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] port link-type trunk
[SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 101
[SwitchB-GigabitEthernet0/0/4] quit

Configure Router to assign IP addresses to STAs and APs.

Configure the DNS server as required. The common methods are as follows:

In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.

<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 100 101
[Router] dhcp enable
[Router] ip pool sta
[Router-ip-pool-sta] network 10.23.101.0 mask 24
[Router-ip-pool-sta] gateway-list 10.23.101.1
[Router-ip-pool-sta] quit
[Router] ip pool ap
[Router-ip-pool-ap] network 10.23.100.0 mask 24
[Router-ip-pool-ap] excluded-ip-address 10.23.100.2
[Router-ip-pool-ap] excluded-ip-address 10.23.100.3
[Router-ip-pool-ap] gateway-list 10.23.100.1
[Router-ip-pool-ap] quit
[Router] interface vlanif 100
[Router-Vlanif100] ip address 10.23.100.1 24
[Router-Vlanif100] dhcp select global
[Router-Vlanif100] quit
[Router] interface vlanif 101
[Router-Vlanif101] ip address 10.23.101.1 24
[Router-Vlanif101] dhcp select global
[Router-Vlanif101] quit
[Router] interface gigabitethernet 0/0/1
[Router-GigabitEthernet0/0/1] port link-type trunk
[Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[Router-GigabitEthernet0/0/1] quit

Configure basic WLAN services on AC1.

Configure system parameters for AC1.

[AC1] wlan
[AC1-wlan-view] ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1] quit
[AC1-wlan-view] regulatory-domain-profile name default
[AC1-wlan-regulate-domain-default] country-code cn
[AC1-wlan-regulate-domain-default] quit
[AC1-wlan-view] ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1] regulatory-domain-profile default
Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y  
[AC1-wlan-ap-group-ap-group1] quit
[AC1-wlan-view] quit
[AC1] capwap source interface vlanif 100
[AC1] wlan

Configure AC1 to manage APs.

[AC1-wlan-view] ap auth-mode mac-auth
[AC1-wlan-view] ap-id 0 ap-mac 00e0-fc76-e360
[AC1-wlan-ap-0] ap-name area_1
[AC1-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y  
[AC1-wlan-ap-0] quit
[AC1-wlan-view] display ap all

Total AP information: 
nor  : normal          [1] 
Extrainfo : Extra information 
P  : insufficient power supply 
-------------------------------------------------------------------------------------------------- 
ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo 
-------------------------------------------------------------------------------------------------- 
0    00e0-fc76-e360 area_1 ap-group1 10.23.100.254 AP5030DN        nor   0   10S         - 
-------------------------------------------------------------------------------------------------- 
Total: 1

Configure WLAN service parameters on AC1.

# Create security profile wlan-net and set the security policy in the profile.

In this example, the security policy is set to WPA-WPA2+PSK+AES and password to a1234567. In actual situations, the security policy must be configured according to service requirements.

[AC1-wlan-view] security-profile name wlan-net
[AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
[AC1-wlan-sec-prof-wlan-net] quit

# Create SSID profile wlan-net and set the SSID name to wlan-net.

[AC1-wlan-view] ssid-profile name wlan-net
[AC1-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC1-wlan-ssid-prof-wlan-net] quit

# Create VAP profile wlan-net, set the data forwarding mode and service VLAN, and apply the security profile and SSID profile to the VAP profile.

[AC1-wlan-view] vap-profile name wlan-net
[AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward
[AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
[AC1-wlan-vap-prof-wlan-net] security-profile wlan-net
[AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC1-wlan-vap-prof-wlan-net] quit

# Bind VAP profile wlan-net to the AP group and apply the profile to radio 0 and radio 1 of the AP.

[AC1-wlan-view] ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
[AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
[AC1-wlan-ap-group-ap-group1] quit
[AC1-wlan-view] quit

Configure private WLAN service parameters on AC2.
# Configure the source interface of AC2.
```
[AC2] capwap source interface vlanif 100
```

Configure DTLS encryption for an inter-AC control tunnel.

# Configure DTLS encryption for an inter-AC control tunnel on AC1.

[AC1] capwap dtls inter-controller psk a1234567
[AC1] capwap dtls inter-controller control-link encrypt 
Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y 
[AC1] wlan

# Configure DTLS encryption for an inter-AC control tunnel on AC2.

[AC2] capwap dtls inter-controller psk a1234567
[AC2] capwap dtls inter-controller control-link encrypt 
Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y 
[AC2] wlan

Configure dual-link backup for AC1 and AC2.

# On AC1, configure the IP address of the primary AC as the source IP address of AC1, and the IP address of the backup AC as the source IP address of AC2.

By default, dual-link backup is disabled, and running the ac protect enable command restarts all APs. After the APs are restarted, the dual-link backup function takes effect.

If dual-link backup is enabled, running the ac protect enable command does not restart APs. You need to run the ap-reset command on the active AC to restart all APs and make the dual-link backup function take effect.

[AC1-wlan-view] ap-system-profile name wlan-net
[AC1-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2
[AC1-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3
[AC1-wlan-ap-system-prof-wlan-net] quit
[AC1-wlan-view] ap-group name ap-group1
[AC1-wlan-ap-group-ap-group1] ap-system-profile wlan-net
[AC1-wlan-ap-group-ap-group1] quit
[AC1-wlan-view] undo ac protect restore disable
[AC1-wlan-view] ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]: y

# On AC2, configure the IP address of the primary AC as the source IP address of AC1, and the IP address of the backup AC as the source IP address of AC2.

[AC2-wlan-view] ap-system-profile name wlan-net
[AC2-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2
[AC2-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3
[AC2-wlan-ap-system-prof-wlan-net] quit
[AC2-wlan-view] ap-group name ap-group1
[AC2-wlan-ap-group-ap-group1] ap-system-profile wlan-net
[AC2-wlan-ap-group-ap-group1] quit
[AC2-wlan-view] undo ac protect restore disable
[AC2-wlan-view] ac protect enable
Warning: This operation maybe cause AP reset, continue?[Y/N]: y

# Restart the AP on AC1 and deliver the dual-link backup configuration to the AP.

[AC1-wlan-view] ap-reset all
Warning: Reset AP(s), continue?[Y/N]:y
[AC1-wlan-view] quit

Configure the hot standby function.

# Create HSB service 0 on AC1 and configure the IP addresses and port numbers for the active and standby channels.

[AC1] hsb-service 0
[AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
[AC1-hsb-service-0] quit

# Bind the WLAN and NAC services to AC1.

[AC1] hsb-service-type ap hsb-service 0
[AC1] hsb-service-type access-user hsb-service 0

# Create HSB service 0 on AC2 and configure the IP addresses and port numbers for the active and standby channels.

[AC2-wlan-view] quit
[AC2] hsb-service 0
[AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
[AC2-hsb-service-0] quit

# Bind the WLAN and NAC services to AC2.

[AC2] hsb-service-type ap hsb-service 0
[AC2] hsb-service-type access-user hsb-service 0

Configure the master AC and local AC.

# Configure AC1 as the master AC and specify the IP address of a local AC.

[AC1] wlan
[AC1-wlan-view] master controller
[AC1-master-controller] local-controller ip-address 10.23.100.3 psk H@123456
[AC1-master-controller] quit

# Configure AC2 as a local AC and specify the IP address of the master AC.

[AC2] wlan
[AC2-wlan-view] master-controller ip-address 10.23.100.2 psk H@123456

# Configure scheduled wireless configuration synchronization on AC1.

[AC1-wlan-view] synchronize-configuration auto interval 1440 start-time 01:00:00

Trigger wireless configuration synchronization manually.

# Run the display sync-configuration status command to check the wireless configuration synchronization status. The command output displays cfg-mismatch. Wireless configuration synchronization must be manually triggered from the master AC to the local AC. Wait until the local AC completes automatic restart.

[AC1-wlan-view] display sync-configuration status
Controller role:Master/Backup/Local
----------------------------------------------------------------------------------------------------
Controller IP Role    Device Type     Version        Status                           Last synced
----------------------------------------------------------------------------------------------------
10.23.100.3   Local   AC6805          V200R019C00    cfg-mismatch(config check fail)  -
----------------------------------------------------------------------------------------------------
Total: 1
[AC1-wlan-view] synchronize-configuration
Warning: This operation may reset the remote AC, synchronize configurations to it, and save all its configurations. Whether to conti
nue? [Y/N]:y

Verify the configuration.

# Run the display sync-configuration status command on the master AC and local AC to view the wireless configuration synchronization status. If the status is up, the wireless configuration synchronization function is normal.

[AC1-wlan-view] display sync-configuration status
Controller role:Master/Backup/Local
-----------------------------------------------------------------------------------------
Controller IP Role    Device Type     Version              Status        Last synced
-----------------------------------------------------------------------------------------
10.23.100.3   Local   AC6805          V200R019C00          up       2017-09-01/11:18:15
-----------------------------------------------------------------------------------------
Total: 1

[AC2-wlan-view] display sync-configuration status
Controller role:Master/Backup/Local
-----------------------------------------------------------------------------------------
Controller IP Role    Device Type     Version              Status        Last synced
-----------------------------------------------------------------------------------------
10.23.100.2   Master  AC6805          V200R019C00          up       2017-09-01/11:18:25
-----------------------------------------------------------------------------------------
Total: 1

# When the public configuration is modified on the master AC, the modification is automatically synchronized to the local AC.

# Simulate a master AC fault by restarting the master AC to verify the backup configuration. Restart AC1. When an AP detects a fault on the link connected to AC1, AC2 takes the active role, ensuring service stability.

Before restarting the AC, run the save command to save the configuration file on the AC to prevent configuration loss after the restart.

# During the restart of AC1, services on the STAs are not interrupted. The AP goes online on AC2. Run the display ap all command on AC2. The command output shows that the AP status changes from standby to normal.

# After AC1 recovers from the restart, an active/standby switchback is triggered. The AP automatically goes online on AC1.

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
vlan batch 100
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 100 to 102
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 102
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 102
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
return

Router configuration file

#
 sysname Router
#
vlan batch 100 to 101
#
dhcp enable
#
ip pool sta
 gateway-list 10.23.101.1
 network 10.23.101.0 mask 255.255.255.0
#
ip pool ap
 gateway-list 10.23.100.1
 network 10.23.100.0 mask 255.255.255.0
 excluded-ip-address 10.23.100.2 10.23.100.3      
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 dhcp select global
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select global
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
return

Comparison between AC1 and AC2 configuration files (The information in bold is settings about the HSB and wireless configuration synchronization functions. The information in italic is public configurations automatically synchronized from AC1 to AC2.)

Table 4-46 Configuration files of AC1 and AC2

AC1	AC2
# sysname AC1 # vlan batch 100 to 102 # interface Vlanif100 ip address 10.23.100.2 255.255.255.0 # interface Vlanif102 ip address 10.23.102.1 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 102 # capwap source interface vlanif100 capwap dtls inter-controller control-link encrypt capwap dtls inter-controller psk %^%#w\Z<afXL3.gRk5g\|%CD62YcG!x.)Ks:m6(}V:PD%^% # hsb-service 0* service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241 # hsb-service-type access-user hsb-service 0 # hsb-service-type ap hsb-service 0 # wlan ac protect enable security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net regulatory-domain-profile name default ap-system-profile name wlan-net *primary-access ip-address 10.23.100.2* *backup-access ip-address 10.23.100.3* synchronize-configuration auto interval 1440 start-time 01:00:00 ap-group name ap-group1 ap-system-profile wlan-net radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 master controller local-controller ip-address 10.23.100.3 psk %^%#/q6ITBsonPkeDGXiV;!'^htAMm[n"(Z{^ES\|5[^.%^%# # return	# sysname AC2 # vlan batch 100 to 102 # interface Vlanif100 ip address 10.23.100.3 255.255.255.0 # interface Vlanif102 ip address 10.23.102.2 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 102 # capwap source interface vlanif100 capwap dtls inter-controller control-link encrypt capwap dtls inter-controller psk %^%#w\Z<afXL3.gRk5g\|%CD62YcG!x.)Ks:m6(}V:PD%^% # hsb-service 0* service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241 # hsb-service-type access-user hsb-service 0 # hsb-service-type ap hsb-service 0 # wlan ac protect enable security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net regulatory-domain-profile name default ap-system-profile name wlan-net *primary-access ip-address 10.23.100.2* *backup-access ip-address 10.23.100.3* master-controller ip-address 10.23.100.2 psk %^%#mh\|sYMl/}'U\|"W/rBd\9HICmNy{,BIi0c^F:z;V#%^%# synchronize-configuration auto interval 1440 start-time 01:00:00 ap-group name ap-group1 ap-system-profile wlan-net radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 # return

AC1

AC2

#
 sysname AC1
#
vlan batch 100 to 102
#
interface Vlanif100
 ip address 10.23.100.2 255.255.255.0
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 102
#
capwap source interface vlanif100
capwap dtls inter-controller control-link encrypt
capwap dtls inter-controller psk %^%#*w\Z<afXL3.gRk5g|%CD62YcG!x.)Ks:m6(}V:PD%^%
#
hsb-service 0
 service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
#
hsb-service-type access-user hsb-service 0
#
hsb-service-type ap hsb-service 0
#
wlan
 ac protect enable
 security-profile name wlan-net
  security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name wlan-net
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
 regulatory-domain-profile name default
 ap-system-profile name wlan-net
  primary-access ip-address 10.23.100.2
  backup-access ip-address 10.23.100.3
 synchronize-configuration auto interval 1440 start-time 01:00:00
 ap-group name ap-group1
  ap-system-profile wlan-net
  radio 0
   vap-profile wlan-net wlan 1
  radio 1
   vap-profile wlan-net wlan 1
 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042
  ap-name area_1
  ap-group ap-group1
 master controller
  local-controller ip-address 10.23.100.3 psk %^%#/q6ITBsonPkeDGXiV;!'^htAMm[n"(Z{^ES|5[^.%^%#
#
return

#
 sysname AC2
#
vlan batch 100 to 102
#
interface Vlanif100
 ip address 10.23.100.3 255.255.255.0
#
interface Vlanif102
 ip address 10.23.102.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 102
#
capwap source interface vlanif100
capwap dtls inter-controller control-link encrypt
capwap dtls inter-controller psk %^%#*w\Z<afXL3.gRk5g|%CD62YcG!x.)Ks:m6(}V:PD%^%
#
hsb-service 0
 service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
#
hsb-service-type access-user hsb-service 0
#
hsb-service-type ap hsb-service 0
#
wlan
 ac protect enable
 security-profile name wlan-net
  security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes
 ssid-profile name wlan-net
  ssid wlan-net
 vap-profile name wlan-net
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
 regulatory-domain-profile name default
 ap-system-profile name wlan-net
  primary-access ip-address 10.23.100.2
  backup-access ip-address 10.23.100.3
 master-controller ip-address 10.23.100.2 psk %^%#mh|sYMl/}'U|"W/rBd\9HICmNy{,BIi0c^F:z;V#%^%#
 synchronize-configuration auto interval 1440 start-time 01:00:00
 ap-group name ap-group1
  ap-system-profile wlan-net
  radio 0
   vap-profile wlan-net wlan 1
  radio 1
   vap-profile wlan-net wlan 1
 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042
  ap-name area_1
  ap-group ap-group1
#
return

Service Requirements
Networking Requirements
Data Planning
Configuration Roadmap
Configuration Notes

Translation

简体中文

Download

Updated: 2021-11-18

Document ID: EDOC1100096116

Downloads: 2542

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate