Example for Configuring VRRP HSB (Direct Forwarding)
Service Requirements
An enterprise deploys a WLAN to provide WLAN services to users. The enterprise requires that VRRP HSB be used to improve data transmission reliability.
Networking Requirements
- AC networking mode: Layer 2 networking in bypass mode
- DHCP deployment mode: The AC functions as a DHCP server to assign IP addresses to APs, and a CSS functions as a DHCP server to assign IP addresses to STAs.
- Service data forwarding mode: direct forwarding
- Switch cluster: A cluster is set up using CSS cards, containing SwitchB and SwitchC at the core layer. SwitchB is the master switch, and SwitchC is the standby switch.
Data Planning
Item |
Data |
|---|---|
AC1's source interface |
VLANIF 100: 10.23.100.3/24 |
AC2's source interface |
VLANIF 100: 10.23.100.3/24 |
Virtual IP address of the management VRRP group |
10.23.100.3/24 |
VAP profile |
|
AP group |
|
Regulatory domain profile |
|
SSID profile |
|
Security profile |
|
DHCP server |
The AC functions as a DHCP server to assign IP addresses to APs, and a CSS functions as a DHCP server to assign IP addresses to STAs. |
Gateway for APs |
VLANIF 100: 10.23.100.3/24 |
IP address pool for APs |
10.23.100.4-10.23.100.254/24 |
Gateway for STAs |
VLANIF 101: 10.23.101.1/24 |
IP address pool for STAs |
10.23.101.2-10.23.101.254/24 |
IP address and port number of the HSB channel for AC1 |
IP address: 10.23.102.1/24 of VLANIF 102 Port number: 10241 |
IP address and port number of the HSB channel for AC2 |
IP address: 10.23.102.2/24 of VLANIF 102 Port number: 10241 |
Configuration Roadmap
The configuration roadmap is as follows:
- Configure a cluster between SwitchB and SwitchC through cluster cards to improve the core layer reliability and configure SwitchB as the master switch.
- Configure network connectivity between the AC, APs, and other network devices.
- Configure basic WLAN services to ensure that users can connect to the Internet through the WLAN.
- Configure a VRRP group on AC1 and AC2. Configure a high priority for AC1 as the active device to forward traffic, and a low priority for AC2 as the standby device.
- Configure the hot standby (HSB) function so that service information on AC1 is backed up to AC2 in real time or in a batch, ensuring seamless service switchover from the active AC to the standby AC.
During the configuration, check whether loops occur on the wired network. If so, configure MSTP on corresponding NEs.
Configuration Notes
- No ACK mechanism is provided for multicast packet transmission on air interfaces. In addition, wireless links are unstable. To ensure stable transmission of multicast packets, they are usually sent at low rates. If a large number of such multicast packets are sent from the network side, the air interfaces may be congested. You are advised to configure multicast packet suppression to reduce impact of a large number of low-rate multicast packets on the wireless network. Exercise caution when configuring the rate limit; otherwise, the multicast services may be affected.
- In direct forwarding mode, you are advised to configure multicast packet suppression on switch interfaces connected to APs.
- In tunnel forwarding mode, you are advised to configure multicast packet suppression in traffic profiles of the AC.
Configure port isolation on the interfaces of the device directly connected to APs. If port isolation is not configured and direct forwarding is used, a large number of unnecessary broadcast packets may be generated in the VLAN, blocking the network and degrading user experience.
In tunnel forwarding mode, the management VLAN and service VLAN cannot be the same. Only packets from the management VLAN are transmitted between the AC and APs. Packets from the service VLAN are not allowed between the AC and APs.
In the VRRP HSB networking, the configurations of the DHCP address pools on the master and backup ACs must be consistent. For example, the ranges of IP addresses that cannot be automatically assigned to clients in the DHCP address pools must be consistent.
Procedure
- Establish a cluster using CSS card.
# Set the CSS ID, CSS priority, and CSS connection mode to 1, 100, and CSS card connection for SwitchB.
<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] set css mode css-card [SwitchB] set css id 1 [SwitchB] set css priority 100
# Set the CSS ID, CSS priority, and CSS connection mode to 2, 10, and CSS card connection for SwitchC.
<HUAWEI> system-view [HUAWEI] sysname SwitchC [SwitchC] set css mode css-card [SwitchC] set css id 2 [SwitchC] set css priority 10
# Check the CSS configuration on SwitchB.
[SwitchB] display css status saved Current Id Saved Id CSS Enable CSS Mode Priority Master force ------------------------------------------------------------------------------ 1 1 Off CSS card 100 Off
# Check the CSS configuration on SwitchC.
[SwitchC] display css status saved Current Id Saved Id CSS Enable CSS Mode Priority Master force ------------------------------------------------------------------------------ 1 2 Off CSS card 10 Off
# Enable the CSS function on SwitchB and restart SwitchB.
[SwitchB] css enable Warning: The CSS configuration will take effect only after the system is rebooted. T he next CSS mode is CSS card. Reboot now? [Y/N]:y
# Enable the CSS function on SwitchC and restart SwitchC.
[SwitchC] css enable Warning: The CSS configuration will take effect only after the system is rebooted. T he next CSS mode is CSS card. Reboot now? [Y/N]:y
# Log in to the CSS through the console port on any MPU to check whether the CSS is established successfully.
<SwitchB> display device Chassis 1 (Master Switch) S12708's Device status: Slot Sub Type Online Power Register Status Role ------------------------------------------------------------------------------- 1 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 5 - ET1D2G48SEC0 Present PowerOn Registered Normal NA 7 - ET1D2X16SSC0 Present PowerOn Registered Normal NA 9 - ET1D2MPUA000 Present PowerOn Registered Normal Slave 10 - ET1D2MPUA000 Present PowerOn Registered Normal Master 12 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 13 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 14 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA PWR1 - - Present PowerOn Registered Normal NA PWR2 - - Present PowerOn Registered Normal NA CMU2 - EH1D200CMU00 Present PowerOn Registered Normal Master FAN1 - - Present PowerOn Registered Normal NA FAN2 - - Present PowerOn Registered Normal NA FAN3 - - Present PowerOn Registered Normal NA FAN4 - - Present PowerOn Registered Normal NA Chassis 2 (Standby Switch) S12708's Device status: Slot Sub Type Online Power Register Status Role ------------------------------------------------------------------------------- 1 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 3 - ET1D2G48SEC0 Present PowerOn Registered Normal NA 4 - ET1D2X16SSC0 Present PowerOn Registered Normal NA 9 - ET1D2MPUA000 Present PowerOn Registered Normal Slave 10 - ET1D2MPUA000 Present PowerOn Registered Normal Master 12 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 13 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 14 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA PWR1 - - Present PowerOn Registered Normal NA PWR2 - - Present PowerOn Registered Normal NA CMU1 - EH1D200CMU00 Present PowerOn Registered Normal Master FAN1 - - Present PowerOn Registered Normal NA FAN2 - - Present PowerOn Registered Normal NA FAN3 - - Present PowerOn Registered Normal NA FAN4 - - Present PowerOn Registered Normal NA <SwitchB> display css status CSS Enable switch On Chassis Id CSS Enable CSS Status CSS Mode Priority Master Force ------------------------------------------------------------------------------ 1 On Master CSS card 100 Off 2 On Standby CSS card 10 OffThe command output shows the card status and CSS status of both member switches, indicating that the CSS is established successfully.
# Check whether the cluster links are normal.
<SwitchB> display css channel Chassis 1 || Chassis 2 -------------------------------------------------------------------------------- Num [Port] [Speed] || [Speed] [Port] 1 1/1/0/1 10G 10G 2/1/0/1 2 1/1/0/2 10G 10G 2/1/0/2 3 1/1/0/3 10G 10G 2/1/0/3 4 1/1/0/4 10G 10G 2/1/0/4 5 1/1/0/5 10G 10G 2/1/0/5 6 1/1/0/6 10G 10G 2/1/0/6 7 1/1/0/7 10G 10G 2/1/0/7 8 1/1/0/8 10G 10G 2/1/0/8 9 1/12/0/1 10G 10G 2/12/0/1 10 1/12/0/2 10G 10G 2/12/0/2 11 1/12/0/3 10G 10G 2/12/0/3 12 1/12/0/4 10G 10G 2/12/0/4 13 1/12/0/5 10G 10G 2/12/0/5 14 1/12/0/6 10G 10G 2/12/0/6 15 1/12/0/7 10G 10G 2/12/0/7 16 1/12/0/8 10G 10G 2/12/0/8 17 1/13/0/1 10G 10G 2/13/0/1 18 1/13/0/2 10G 10G 2/13/0/2 19 1/13/0/3 10G 10G 2/13/0/3 20 1/13/0/4 10G 10G 2/13/0/4 21 1/13/0/5 10G 10G 2/13/0/5 22 1/13/0/6 10G 10G 2/13/0/6 23 1/13/0/7 10G 10G 2/13/0/7 24 1/13/0/8 10G 10G 2/13/0/8 25 1/14/0/1 10G 10G 2/14/0/1 26 1/14/0/2 10G 10G 2/14/0/2 27 1/14/0/3 10G 10G 2/14/0/3 28 1/14/0/4 10G 10G 2/14/0/4 29 1/14/0/5 10G 10G 2/14/0/5 30 1/14/0/6 10G 10G 2/14/0/6 31 1/14/0/7 10G 10G 2/14/0/7 32 1/14/0/8 10G 10G 2/14/0/8 --------------------------------------------------------------------------------The command output shows that all the cluster links are in Up state, indicating that the CSS has been established successfully.
- Configure SwitchA, SwitchB, SwitchC, AC1, and AC2 to ensure that APs and ACs can exchange CAPWAP packets.
If direct forwarding is used, configure port isolation on GE0/0/1 of SwitchA connected to the AP. If port isolation is not configured, many broadcast packets will be transmitted in the VLANs or WLAN users on different APs can directly communicate at Layer 2.
# On SwitchA, set the PVID of GE0/0/1 connected to the AP to management VLAN 100, add GE0/0/1 to VLAN 100 amd VLAN 101 (service VLAN), and add GE0/0/2 connected to SwitchB and GE0/0/3 connected to SwitchC to Eth-Trunk 10.
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 100 101 [SwitchA] interface gigabitethernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port link-type trunk [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100 [SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1 [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101 [SwitchA-GigabitEthernet0/0/1] port-isolate enable [SwitchA-GigabitEthernet0/0/1] quit [SwitchA] interface eth-trunk 10 [SwitchA-Eth-Trunk10] port link-type trunk [SwitchA-Eth-Trunk10] undo port trunk allow-pass vlan 1 [SwitchA-Eth-Trunk10] port trunk allow-pass vlan 100 101 [SwitchA-Eth-Trunk10] quit [SwitchA] interface gigabitethernet 0/0/2 [SwitchA-GigabitEthernet0/0/2] undo port link-type [SwitchA-GigabitEthernet0/0/2] eth-trunk 10 [SwitchA-GigabitEthernet0/0/2] quit [SwitchA] interface gigabitethernet 0/0/3 [SwitchA-GigabitEthernet0/0/3] undo port link-type [SwitchA-GigabitEthernet0/0/3] eth-trunk 10 [SwitchA-GigabitEthernet0/0/3] quit
# Add GE1/1/0/2 on SwitchB and GE2/1/0/2 on SwitchC to Eth-Trunk 10, and add E1/1/0/1 on SwitchB and GE2/1/0/1 on SwitchC both to VLAN 100.
[SwitchB] sysname CSS [CSS] vlan batch 100 101 [CSS] interface gigabitethernet 1/1/0/1 [CSS-GigabitEthernet1/1/0/1] port link-type trunk [CSS-GigabitEthernet1/1/0/1] undo port trunk allow-pass vlan 1 [CSS-GigabitEthernet1/1/0/1] port trunk allow-pass vlan 100 [CSS-GigabitEthernet1/1/0/1] quit [CSS] interface gigabitethernet 2/1/0/1 [CSS-GigabitEthernet2/1/0/1] port link-type trunk [CSS-GigabitEthernet2/1/0/1] undo port trunk allow-pass vlan 1 [CSS-GigabitEthernet2/1/0/1] port trunk allow-pass vlan 100 [CSS-GigabitEthernet2/1/0/1] quit [CSS] interface eth-trunk 10 [CSS-Eth-Trunk10] port link-type trunk [CSS-Eth-Trunk10] undo port trunk allow-pass vlan 1 [CSS-Eth-Trunk10] port trunk allow-pass vlan 100 101 [CSS-Eth-Trunk10] quit [CSS] interface gigabitethernet 1/1/0/2 [CSS-GigabitEthernet1/1/0/2] undo port link-type [CSS-GigabitEthernet1/1/0/2] eth-trunk 10 [CSS-GigabitEthernet1/1/0/2] quit [CSS] interface gigabitethernet 2/1/0/2 [CSS-GigabitEthernet2/1/0/2] undo port link-type [CSS-GigabitEthernet2/1/0/2] eth-trunk 10 [CSS-GigabitEthernet2/1/0/2] quit
# Add GE0/0/1 on AC1 connected to SwitchB to VLAN 100, and configure an IP address for VLANIF 100.
<HUAWEI> system-view [HUAWEI] sysname AC1 [AC1] vlan batch 100 101 [AC1] interface gigabitethernet 0/0/1 [AC1-GigabitEthernet0/0/1] port link-type trunk [AC1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1 [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AC1-GigabitEthernet0/0/1] quit [AC1] interface vlanif 100 [AC1-Vlanif100] ip address 10.23.100.1 24 [AC1-Vlanif100] quit
# Add GE0/0/1 on AC2 connected to SwitchC to VLAN 100, and configure an IP address for VLANIF 100.
<HUAWEI> system-view [HUAWEI] sysname AC2 [AC2] vlan batch 100 101 [AC2] interface gigabitethernet 0/0/1 [AC2-GigabitEthernet0/0/1] port link-type trunk [AC2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1 [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AC2-GigabitEthernet0/0/1] quit [AC2] interface vlanif 100 [AC2-Vlanif100] ip address 10.23.100.2 24 [AC2-Vlanif100] quit
- Configure the communication between AC1 and AC2.
# Add GE0/0/2 on AC1 connected to AC2 to VLAN 102.
[AC1] vlan batch 102 [AC1] interface gigabitethernet 0/0/2 [AC1-GigabitEthernet0/0/2] port link-type trunk [AC1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1 [AC1-GigabitEthernet0/0/2] port trunk allow-pass vlan 102 [AC1-GigabitEthernet0/0/2] quit [AC1] interface vlanif 102 [AC1-Vlanif102] ip address 10.23.102.1 24 [AC1-Vlanif102] quit
# Add GE0/0/2 on AC2 connected to AC1 to VLAN 102.
[AC2] vlan batch 102 [AC2] interface gigabitethernet 0/0/2 [AC2-GigabitEthernet0/0/2] port link-type trunk [AC2-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1 [AC2-GigabitEthernet0/0/2] port trunk allow-pass vlan 102 [AC2-GigabitEthernet0/0/2] quit [AC2] interface vlanif 102 [AC2-Vlanif102] ip address 10.23.102.2 24 [AC2-Vlanif102] quit
- Configure a DHCP server.Configure the DNS server as required. The common methods are as follows:
- In interface address pool scenarios, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.
- In global address pool scenarios, run the dns-list ip-address &<1-8> command in the IP address pool view.
# Configure AC1 as a DHCP server to assign IP addresses to APs and STAs. Exclude the following IP addresses from the interface address pools on the active and standby ACs: 10.23.100.1 of the active AC; 10.23.100.2 of the standby AC; and 10.23.100.3 of the VRRP group.
[AC1] dhcp enable [AC1] dhcp server database enable [AC1] dhcp server database recover [AC1] interface vlanif 100 [AC1-Vlanif100] dhcp select interface [AC1-Vlanif100] dhcp server excluded-ip-address 10.23.100.1 10.23.100.3 [AC1-Vlanif100] quit
# The configurations on AC2 are the same as those on AC1.
# Configure the CSS as a DHCP server to assign IP addresses to STAs.[CSS] dhcp enable [CSS] interface vlanif 101 [CSS-Vlanif101] ip address 10.23.101.1 24 [CSS-Vlanif101] dhcp select interface [CSS-Vlanif101] quit
- Configure VRRP HSB on AC1.
# Set the recovery delay of the VRRP group to 60 seconds.
[AC1] vrrp recover-delay 60
# Create a management VRRP group on AC1. Set the VRRP priority of AC1 to 120 and the preemption delay to 1800 seconds.
[AC1] interface vlanif 100 [AC1-Vlanif100] vrrp vrid 1 virtual-ip 10.23.100.3 [AC1-Vlanif100] vrrp vrid 1 priority 120 [AC1-Vlanif100] vrrp vrid 1 preempt-mode timer delay 1800 [AC1-Vlanif100] admin-vrrp vrid 1 [AC1-Vlanif100] quit
# Create HSB service 0 on AC1, and configure the IP addresses and port numbers for establishing an HSB channel. Set the retransmission time and interval of HSB packets.
[AC1] hsb-service 0 [AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241 [AC1-hsb-service-0] service-keep-alive detect retransmit 3 interval 6 [AC1-hsb-service-0] quit
# Create HSB group 0 on AC1, and bind HSB service 0 and the management VRRP group to the HSB group.
[AC1] hsb-group 0 [AC1-hsb-group-0] bind-service 0 [AC1-hsb-group-0] track vrrp vrid 1 interface vlanif 100 [AC1-hsb-group-0] quit
# Bind the NAC service to the HSB group.
[AC1] hsb-service-type access-user hsb-group 0
# Bind the WLAN service to the HSB group.
[AC1] hsb-service-type ap hsb-group 0
# Bind the DHCP service to the HSB group.
[AC1] hsb-service-type dhcp hsb-group 0
# Enable the HSB function.
[AC1] hsb-group 0 [AC1-hsb-group-0] hsb enable [AC1-hsb-group-0] quit
- Configure VRRP HSB on AC2.
# Set the recovery delay of the VRRP group to 60 seconds.
[AC2] vrrp recover-delay 60
# Create a management VRRP group on AC2.
[AC2] interface vlanif 100 [AC2-Vlanif100] vrrp vrid 1 virtual-ip 10.23.100.3 [AC2-Vlanif100] admin-vrrp vrid 1 [AC2-Vlanif100] quit
# Create HSB service 0 on AC2, and configure the IP addresses and port numbers for establishing an HSB channel. Set the retransmission time and interval of HSB packets.
[AC2] hsb-service 0 [AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241 [AC2-hsb-service-0] service-keep-alive detect retransmit 3 interval 6 [AC2-hsb-service-0] quit
# Create HSB group 0 on AC2, and bind HSB service 0 and the management VRRP group to the HSB group.
[AC2] hsb-group 0 [AC2-hsb-group-0] bind-service 0 [AC2-hsb-group-0] track vrrp vrid 1 interface vlanif 100 [AC2-hsb-group-0] quit
# Bind the NAC service to the HSB group.
[AC2] hsb-service-type access-user hsb-group 0
# Bind the WLAN service to the HSB group.
[AC2] hsb-service-type ap hsb-group 0
# Bind the DHCP service to the HSB group.
[AC2] hsb-service-type dhcp hsb-group 0
- Configure WLAN services on AC1. The configurations on AC2 are similar to those on AC1. The difference is that when an AP is in normal state on AC1, it is in standby state on AC2.
- Configure WLAN service parameters on AC1.# Create security profile wlan-net and configure a security policy.
In this example, the security policy is set to WPA-WPA2+PSK+AES and the password to a1234567. In actual situations, configure the security policy according to service requirements.
[AC1-wlan-view] security-profile name wlan-net [AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes [AC1-wlan-sec-prof-wlan-net] quit
# Create SSID profile wlan-net and set the SSID name to wlan-net.
[AC1-wlan-view] ssid-profile name wlan-net [AC1-wlan-ssid-prof-wlan-net] ssid wlan-net [AC1-wlan-ssid-prof-wlan-net] quit
# Create VAP profile wlan-net, set the data forwarding mode and service VLAN, and apply the security profile and SSID profile to the VAP profile.
[AC1-wlan-view] vap-profile name wlan-net [AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward [AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101 [AC1-wlan-vap-prof-wlan-net] security-profile wlan-net [AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net [AC1-wlan-vap-prof-wlan-net] quit
# Bind VAP profile wlan-net to the AP group and apply the profile to radio 0 and radio 1 of APs in the AP group.
[AC1-wlan-view] ap-group name ap-group1 [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0 [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1 [AC1-wlan-ap-group-ap-group1] quit [AC1-wlan-view] quit
- Configure WLAN service parameters on AC1.
- Enable HSB on AC2.
# Enable the HSB function.
[AC2] hsb-group 0 [AC2-hsb-group-0] hsb enable [AC2-hsb-group-0] quit
- Verify the configuration.
# After the configurations are complete, run the display vrrp command on AC1 and AC2. The State field of AC1 is displayed as Master and that of AC2 is displayed as Backup.
[AC1] display vrrp Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.23.100.3 Master IP : 10.23.100.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 1800 s TimerRun : 2 s TimerConfig : 2 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Backup-forward : disabled Create time : 2005-07-31 01:25:55 UTC+08:00 Last change time : 2005-07-31 02:48:22 UTC+08:00[AC2] display vrrp Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.23.100.3 Master IP : 10.23.100.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s TimerRun : 2 s TimerConfig : 2 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Backup-forward : disabled Create time : 2005-07-31 02:11:07 UTC+08:00 Last change time : 2005-07-31 03:40:45 UTC+08:00# Run the display hsb-service 0 command on AC1 and AC2 to check the HSB service status. The following command output shows that the Service State field displays Connected, indicating that the HSB channel has been established.
[AC1] display hsb-service 0 Hot Standby Service Information: ---------------------------------------------------------- Local IP Address : 10.23.102.1 Peer IP Address : 10.23.102.2 Source Port : 10241 Destination Port : 10241 Keep Alive Times : 2 Keep Alive Interval : 1 Service State : Connected Service Batch Modules : Shared-key : - ----------------------------------------------------------
[AC2] display hsb-service 0 Hot Standby Service Information: ---------------------------------------------------------- Local IP Address : 10.23.102.2 Peer IP Address : 10.23.102.1 Source Port : 10241 Destination Port : 10241 Keep Alive Times : 2 Keep Alive Interval : 1 Service State : Connected Service Batch Modules : Shared-key : - ----------------------------------------------------------
# Run the display hsb-group 0 command on AC1 and AC2 to check the running status of the HSB group.
[AC1] display hsb-group 0 Hot Standby Group Information: ---------------------------------------------------------- HSB-group ID : 0 Vrrp Group ID : 1 Vrrp Interface : Vlanif100 Service Index : 0 Group Vrrp Status : Master Group Status : Active Group Backup Process : Realtime Peer Group Device Name : AC2 Peer Group Software Version : V200R019C00 Group Backup Modules : Access-user DHCP AP ----------------------------------------------------------[AC2] display hsb-group 0 Hot Standby Group Information: ---------------------------------------------------------- HSB-group ID : 0 Vrrp Group ID : 1 Vrrp Interface : Vlanif100 Service Index : 0 Group Vrrp Status : Backup Group Status : Inactive Group Backup Process : Realtime Peer Group Device Name : AC1 Peer Group Software Version : V200R019C00 Group Backup Modules : Access-user DHCP AP ----------------------------------------------------------# The WLAN with SSID wlan-net is available for STAs connected to the AP, and these STAs can connect to the WLAN and go online normally.
# Simulate a master AC fault by restarting the master AC to verify the backup configuration. Restart AC1. When an AP detects a fault on the link connected to AC1, AC2 takes the active role, ensuring service stability.Before restarting the AC, run the save command to save the configuration file on the AC to prevent configuration loss after the restart.
# During the restart of AC1, services on the STAs are not interrupted. The AP goes online on AC2. Run the display ap all command on AC2. The command output shows that the AP status changes from standby to normal.
# After AC1 recovers from the restart, an active/standby switchback is triggered. The AP automatically goes online on AC1.
Configuration Files
SwitchA configuration file
# sysname SwitchA # vlan batch 100 to 101 # interface Eth-Trunk10 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 to 101 port-isolate enable group 1 # interface GigabitEthernet0/0/2 eth-trunk 10 # interface GigabitEthernet0/0/3 eth-trunk 10 # return
CSS configuration file
# sysname CSS # vlan batch 100 to 101 # dhcp enable # interface Vlanif101 ip address 10.23.101.1 255.255.255.0 dhcp select interface # interface Eth-Trunk10 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet1/1/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 # interface GigabitEthernet1/1/0/2 eth-trunk 10 # interface GigabitEthernet2/1/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 # interface GigabitEthernet2/1/0/2 eth-trunk 10 # return
- AC1 and AC2 have similar configuration files, which are listed in the following table. (Configurations highlighted in bold are the dual-link backup configurations on AC1 and AC2.)
Table 4-44 Configuration files of AC1 and AC2
AC1
AC2
# sysname AC1 # vrrp recover-delay 60 # vlan batch 100 to 102 # dhcp enable # dhcp server database enable dhcp server database recover # interface Vlanif100 ip address 10.23.100.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.23.100.3 admin-vrrp vrid 1 vrrp vrid 1 priority 120 vrrp vrid 1 preempt-mode timer delay 1800 dhcp select interface dhcp server excluded-ip-address 10.23.100.1 10.23.100.3 # interface Vlanif102 ip address 10.23.102.1 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 102 # capwap source ip-address 10.23.100.3 # hsb-service 0 service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241 service-keep-alive detect retransmit 3 interval 6 # hsb-group 0 track vrrp vrid 1 interface Vlanif100 bind-service 0 hsb enable # hsb-service-type access-user hsb-group 0 # hsb-service-type dhcp hsb-group 0 # hsb-service-type ap hsb-group 0 # wlan security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#G.DGWgjG./fvyr*oM)KMgc*sR}!GUWLa"%G_E.^B%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net regulatory-domain-profile name default ap-group name ap-group1 radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 # return
# sysname AC2 # vrrp recover-delay 60 # vlan batch 100 to 102 # dhcp enable # dhcp server database enable dhcp server database recover # interface Vlanif100 ip address 10.23.100.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.23.100.3 admin-vrrp vrid 1 dhcp select interface dhcp server excluded-ip-address 10.23.100.1 10.23.100.3 # interface Vlanif102 ip address 10.23.102.2 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 102 # capwap source ip-address 10.23.100.3 # hsb-service 0 service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241 service-keep-alive detect retransmit 3 interval 6 # hsb-group 0 track vrrp vrid 1 interface Vlanif100 bind-service 0 hsb enable # hsb-service-type access-user hsb-group 0 # hsb-service-type dhcp hsb-group 0 # hsb-service-type ap hsb-group 0 # wlan security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#G.DGWgjG./fvyr*oM)KMgc*sR}!GUWLa"%G_E.^B%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net regulatory-domain-profile name default ap-group name ap-group1 radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 # return