Example for Configuring Dual-Link Hot Standby (HSB) for ACs

WLAN V200R019C00 Typical Configuration Examples

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Service Requirements

An enterprise deploys a WLAN to provide WLAN services. The enterprise requires that dual-link HSB be used to improve data transmission reliability.

Networking Requirements

AC networking mode: Layer 2 networking in bypass mode
DHCP deployment mode: The router functions as a DHCP server to assign IP addresses to APs and STAs.
Service data forwarding mode: direct forwarding

Figure 5-47 Networking diagram for configuring dual-link HSB

Data Planning

Table 5-49 AC data planning

Item	Data
Management VLANs for APs	VLAN 100
Service VLAN for STAs	VLAN 101
Backup VLAN for ACs	VLAN 102
DHCP server	The router functions as a DHCP server to assign IP addresses to AP and STA. STAs' gateway: 10.23.101.1/24 APs' gateway: 10.23.100.1/24
IP address pool for APs	10.23.100.4-10.23.100.254/24
IP address pool for STAs	10.23.101.2-10.23.101.254/24
AC's source interface	VLANIF 100
Management IP address of AC1	VLANIF 100: 10.23.100.2/24
Management IP address of AC2	VLANIF 100: 10.23.100.3/24
IP address and port number of the HSB channel for AC1	IP address: 10.23.102.1/24 of VLANIF 102 Port number: 10241
IP address and port number of the HSB channel for AC2	IP address: 10.23.102.2/24 of VLANIF 102 Port number: 10241
AP group	Name: ap-group1 Referenced profiles: VAP profile wlan-net, regulatory domain profile default, and AP system profile wlan-net
Regulatory domain profile	Name: default Country code: CN
SSID profile	Name: wlan-net SSID name: wlan-net
Security profile	Name: wlan-net Security policy: WPA-WPA2+PSK+AES Password: a1234567
VAP profile	Name: wlan-net Forwarding mode: direct forwarding Service VLAN: VLAN 101 Referenced profiles: SSID profile wlan-net and security profile wlan-net
AP system profile	Name: wlan-net Active AC: 10.23.100.2 Standby AC: 10.23.100.3

Configuration Roadmap

Configure network interworking of the APs, ACs, and other network devices.
Configure AC1 as the active AC and configure basic WLAN services on AC1.
Configure AC2 as the standby AC and configure basic WLAN services on AC2. Ensure that service configurations on AC1 and AC2 are the same.
Configure hot standby on the ACs so that the WLAN and NAC services on AC1 are backed up to AC2 in real time or in a batch. If AC1 is faulty, AC2 takes over services from AC1. User services are not interrupted.

Configuration Notes

No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
For details on how to configure traffic suppression, see How Do I Configure Multicast Packet Suppression to Reduce Impact of a Large Number of Low-Rate Multicast Packets on the Wireless Network?.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.

Procedure

Configure SwitchA and SwitchB to ensure that the APs and ACs can exchange CAPWAP packets.

# On SwitchA, set the PVID on GE0/0/1 connected to the AP to the management VLAN 100 and add the interface to VLAN 100 and VLAN 101. Add GE0/0/2 connected to SwitchB to VLAN 100 and VLAN 101.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 101
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SwitchA-GigabitEthernet0/0/2] quit

# On SwitchB, add GE0/0/1 (connected to SwitchA) to VLAN 100 and VLAN 101, and GE0/0/2 (connected to AC1) and GE0/0/3 (connected to AC2) to VLAN 100.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type trunk
[SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port link-type trunk
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port link-type trunk
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[SwitchB-GigabitEthernet0/0/3] quit

Configure the communication between Router, AC1, and AC2.

# On SwitchB, add GE0/0/2 and GE0/0/3 to VLAN 102, and add GE0/0/4 connected to Router to VLAN 100 and VLAN 101.

[SwitchB] vlan batch 101 102
[SwitchB] interface gigabitethernet 0/0/2
[SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
[SwitchB-GigabitEthernet0/0/2] quit
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 102
[SwitchB-GigabitEthernet0/0/3] quit
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] port link-type trunk
[SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 101
[SwitchB-GigabitEthernet0/0/4] quit

Configure Router to assign IP addresses to STAs and APs.

Configure the DNS server as required. The common methods are as follows:

In the interface address pool scenario, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
In the global address pool scenario, run the dns-list ip-address &<1-8> command in the IP address pool view.

<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 100 101
[Router] dhcp enable
[Router] ip pool sta
[Router-ip-pool-sta] network 10.23.101.0 mask 24
[Router-ip-pool-sta] gateway-list 10.23.101.1
[Router-ip-pool-sta] quit
[Router] ip pool ap
[Router-ip-pool-ap] network 10.23.100.0 mask 24
[Router-ip-pool-ap] excluded-ip-address 10.23.100.2
[Router-ip-pool-ap] excluded-ip-address 10.23.100.3
[Router-ip-pool-ap] gateway-list 10.23.100.1
[Router-ip-pool-ap] quit
[Router] interface vlanif 100
[Router-Vlanif100] ip address 10.23.100.1 24
[Router-Vlanif100] dhcp select global
[Router-Vlanif100] quit
[Router] interface vlanif 101
[Router-Vlanif101] ip address 10.23.101.1 24
[Router-Vlanif101] dhcp select global
[Router-Vlanif101] quit
[Router] interface gigabitethernet 0/0/1
[Router-GigabitEthernet0/0/1] port link-type trunk
[Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[Router-GigabitEthernet0/0/1] quit

Configure AC1.
1. Perform basic AC configurations.
  # Choose Configuration > Config Wizard > AC from the main menu. The Basic AC Configuration page is displayed.
  
  # Set Country/Region based on actual situations. For example, set Country/Region to China, System time to Manual, and Date and time to PC Time.
  
  # Click Next. The Port Configuration page is displayed.
2. Configure interfaces.
  # Select GigabitEthernet0/0/1 and expand Batch Modify. Set Interface type to Trunk and add GigabitEthernet0/0/1 to VLAN 100 and VLAN 102.
  
  If the AC and APs are directly connected, set the default VLAN of the interfaces connected to the APs to management VLAN 100.
  
  # Click Apply.
  
  # Click Next. The Network Interconnection Configuration page is displayed.
3. Configure network interconnection.
  # Click Create under Interface Configuration. The Create Interface Configuration page is displayed.
  
  # Set the IP address of VLANIF 100 to 10.23.100.2/24.
  
  # Click OK. VLANIF 100 is configured.
  
  # Repeat the preceding steps to configure VLANIF 102. Set the IP address of VLANIF 102 to 10.23.102.1/24.
  
  # Click Next. The AC Backup Configuration page is displayed.
  
  # Click Next. The AC Source Address page is displayed.
4. Configure the source address for AC1.
  # Set AC source address to VLANIF and set the IP address to Vlanif100.
  
  # Click Next. The Confirm Settings page is displayed.
5. Confirm the configuration.
  # Confirm the configuration and click Continue With AP Online.
Configure APs connected to AC1.
1. Configure APs to go online.
  # Click Batch Import. The Batch Import page is displayed. Click to download an AP template file to your local computer.
  # Fill in the template file with AP information according to the following example. To add multiple APs, fill in the file with information about the APs.
  - AP MAC: 60de-4476-e360
  - AP SN: 210235419610CB002287
  - AP Name: area_1
  - AP Group: ap-group1
  If you set AP authentication mode to MAC address authentication, the AP's MAC address is mandatory and the AP's SN is optional.
  If you set AP authentication mode to SN authentication, the AP's SN is mandatory and the AP's MAC address is optional.
  # Click next to Import AP File, select the template file with AP information, and click Import.
  
  # On the page that displays the template import result, click OK.
  
  # Click Next. The Group APs page is displayed.
2. Configure an AP group.
  # AP group information has been added in the template file. Click Next. The Confirm Configurations page is displayed.
3. Confirm the configuration.
  # Confirm the configuration and click Continue With Wireless Service Configuration.
Configure basic WLAN services on AC1.
# Click Create. The Basic Information page is displayed.

# Configure the SSID name, forwarding mode, and service VLAN ID.

Click Next. The Security Authentication page is displayed.

# Set Security settings to Key (applicable to personnel networks) and set the key.

# Click Next. The Access Control page is displayed.

# Set Binding the AP group to ap-group1.

Click Finish.
Configure AC2.
The configuration is similar to that on AC1. The difference is that the IP addresses of VLANIF 100 and VLANIF 102 are 10.23.100.3/24 and 10.23.102.2/24, respectively.
Add APs on AC2.
The configuration is similar to that on AC1.
Configure WLAN services on AC2.
The configuration is similar to that on AC1.
Configure IP addresses for primary ACs and the backup AC on AC_1.
1. # Choose Configuration > AP Config > AP Group > AP Group.
2. # In the AP group list, click ap-group1. Choose AP > AP System Profile. The AP System Profile page is displayed.
3. # Click Create. On the page that is displayed, set Profile name to wlan-net and click OK.
4. # On the Advanced Configuration page of the AP system profile, expand Dual-Link/N+1 Backup. Set Configuration mode to IP address-based, Primary AC IP address to 10.23.100.2, and Backup AC IP address to 10.23.100.3.
5. # Click Apply. In the dialog box that is displayed, click OK.
Configure IP addresses for primary ACs and the backup AC on AC_1.
The configuration is similar to that on AC1.
Configure dual-link HSB on AC1.
# Choose Configuration > Reliability > Reliability. The Reliability page is displayed.
# Set parameters as follows:
- Backup mode: Dual-link hot backup
- AC dual-link switchover status: ON
- Local AC IP address: 10.23.102.1
- Peer AC IP address: 10.23.102.2
- Local port: 10241
- Remote port: 10241
Configure dual-link HSB on AC2.
The configuration is similar to that on AC1. The following parameter settings are different:
- Local AC IP address: 10.23.102.2
- Peer AC IP address: 10.23.102.1
Verify the configuration.
# The WLAN with the SSID wlan-net is available for STAs connected to AP1 and AP2, and these STAs can connect to the WLAN and go online properly.

# Simulate a master AC fault by restarting the master AC to verify the backup configuration. Restart AC1. When an AP detects a fault on the link connected to AC1, AC2 takes the active role, ensuring service stability.

Before restarting the AC, click Save in the upper right corner of the web page to save the configuration file on the AC to prevent configuration loss after the restart.

# During the restart of AC1, services on the STAs are not interrupted. The AP goes online on AC2. On AC2, choose Monitoring > AP > AP Statistics Collection. It is found that the AP status changes from standby to normal.

# After AC1 recovers from the restart, an active/standby switchback is triggered. The AP automatically goes online on AC1.