评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置动态负载均衡示例
配置流程
WLAN不同的特性和功能需要在不同类型的模板下进行配置和维护,这些模板统称为WLAN模板,如域管理模板、射频模板、VAP模板、AP系统模板、AP有线口模板、WIDS模板、WDS模板。当用户在配置WLAN业务功能时,需要在对应功能的WLAN模板中进行参数配置,配置完成后,须将此模板引用到AP组或AP中,配置下发到AP,进而配置的功能在AP上生效。由于模板之间是存在各相互引用关系的,因此在用户配置过程中,需要提前了解各个模板之间存在的逻辑关系。模板的逻辑关系和基本配置流程请参见WLAN业务配置流程。
组网需求
如图5-11所示,现有网络中AC连接上层网络,并通过汇聚交换机和接入交换机连接并管理AP。
当大量用户通过同一个AP接入Internet进行业务访问时,会造成AP负载过重,降低用户无线上网体验。企业希望各AP射频下的数据流量能够做到相对均衡,以避免某一个AP射频下流量过多而导致负载过重。
配置思路
采用如下的思路配置动态负载均衡:
- 配置AP、AC和上层网络设备之间实现网络互通。
- 配置AC作为DHCP服务器为STA和AP分配IP地址。
- 配置AP上线。
- 创建AP组,用于将需要进行相同配置的AP都加入到AP组,实现统一配置。
- 配置AC的系统参数,包括国家码、AC与AP之间通信的源接口。
- 配置AP上线的认证方式并离线导入AP,实现AP正常上线。
- 配置WLAN业务参数,实现STA访问WLAN网络功能。
- 配置动态负载均衡功能,避免某一个AP负载过重。
表5-5 为完成配置任务,需规划以下数据项
配置项 |
数据 |
|---|---|
| DHCP服务器 | AC作为DHCP服务器为STA和AP分配IP地址 |
| AP的IP地址池 | 10.10.10.2~10.10.10.254/24 |
| STA的IP地址池 | 10.10.11.2~10.10.11.254/24 10.10.12.2~10.10.12.254/24 |
| AC的源接口IP地址 | VLANIF100:10.10.10.1/24 |
| AP组 | 名称:guest 引用模板:VAP模板guest、域管理模板domain1 |
名称:employee 引用模板:VAP模板employee、域管理模板domain1 |
|
| 域管理模板 | 名称:domain1 国家码:CN |
| SSID模板 | 名称:guest SSID名称:guest |
名称:employee SSID名称:employee |
|
| 安全模板 | 名称:guest
|
名称:employee
|
|
| VAP模板 | 名称:guest
|
名称:employee
|
|
| 5G射频模板 |
|
| 2G射频模板 |
|
| RRM模板 |
|
配置注意事项
纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。
- 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
- 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。
- 管理VLAN和业务VLAN不能配置为同一VLAN。
在配置多个VAP模板,且多个VAP模板共用同一个service-vlan的场景下,如果配置数据转发方式为tunnel模式,则需要启动service-vlan间的Proxy ARP功能。
操作步骤
- 配置AP与AC之间网络互通
# 将接口Eth2/0/0和Eth2/0/1加入VLAN100(管理VLAN)、VLAN101和VLAN102(业务VLAN)。
建议在AC连接AP的接口Eth2/0/0和Eth2/0/1上配置端口隔离,如果不配置端口隔离,可能会在VLAN内存在不必要的广播报文,或者导致不同AP间的WLAN用户二层互通的问题。
<Huawei> system-view [Huawei] sysname AC [AC] vlan batch 100 to 102 [AC] interface ethernet 2/0/0 [AC-Ethernet2/0/0] port link-type trunk [AC-Ethernet2/0/0] port trunk pvid vlan 100 [AC-Ethernet2/0/0] port trunk allow-pass vlan 100 to 102 [AC-Ethernet2/0/0] port-isolate enable [AC-Ethernet2/0/0] quit [AC] interface ethernet 2/0/1 [AC-Ethernet2/0/1] port link-type trunk [AC-Ethernet2/0/1] port trunk pvid vlan 100 [AC-Ethernet2/0/1] port trunk allow-pass vlan 100 to 102 [AC-Ethernet2/0/1] port-isolate enable [AC-Ethernet2/0/1] quit
- 配置AC作为DHCP服务器,为AP和STA分配IP地址
[AC] dhcp enable [AC] interface vlanif 100 [AC-Vlanif100] ip address 10.10.10.1 255.255.255.0 [AC-Vlanif100] dhcp select interface [AC-Vlanif100] quit [AC] interface vlanif 101 [AC-Vlanif101] ip address 10.10.11.1 255.255.255.0 [AC-Vlanif101] dhcp select interface [AC-Vlanif101] quit [AC] interface vlanif 102 [AC-Vlanif102] ip address 10.10.12.1 255.255.255.0 [AC-Vlanif102] dhcp select interface [AC-Vlanif102] quit
- 配置AP上线
# 创建AP组“guest”和“employee”。
[AC] wlan ac [AC-wlan-view] ap-group name guest Info: This operation may take a few seconds. Please wait for a moment..done. [AC-wlan-ap-group-guest] quit [AC-wlan-view] ap-group name employee Info: This operation may take a few seconds. Please wait for a moment..done. [AC-wlan-ap-group-employee] quit
# 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
[AC-wlan-view] regulatory-domain-profile name domain1 [AC-wlan-regulate-domain-domain1] country-code cn Info: The current country code is same with the input country code. [AC-wlan-regulate-domain-domain1] quit [AC-wlan-view] ap-group name guest [AC-wlan-ap-group-guest] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AC-wlan-ap-group-guest] quit [AC-wlan-view] ap-group name employee [AC-wlan-ap-group-employee] regulatory-domain-profile domain1 Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu e?[Y/N]:y [AC-wlan-ap-group-employee] quit [AC-wlan-view] quit
# 配置AC的源接口。
# 在AC上离线导入AP。将部署在前台大厅的AP都加入到AP组“guest”,部署在办公区域的AP都加入到AP组“employee”,并且根据AP的部署位置为AP配置名称,便于从名称上就能够了解AP的部署位置。例如MAC地址为60de-4476-e360的AP部署在办公区域的1号房间,命名此AP为“area_1”。ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth。
[AC] wlan ac [AC-wlan-view] ap auth-mode mac-auth [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360 [AC-wlan-ap-0] ap-name area_1 [AC-wlan-ap-0] ap-group guest Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-0] quit [AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640 [AC-wlan-ap-1] ap-name area_2 [AC-wlan-ap-1] ap-group employee Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y Info: This operation may take a few seconds. Please wait for a moment.. done. [AC-wlan-ap-1] quit
# 将AP上电后,当执行命令display ap all查看到AP的“State”字段为“nor”时,表示AP正常上线。
[AC-wlan-view] display ap all Info: This operation may take a few seconds. Please wait for a moment.done. Total AP information: nor : normal [2] -------------------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime -------------------------------------------------------------------------------------------- 0 60de-4476-e360 area_1 guest 10.10.10.253 AP6010DN-AGN nor 0 1M:22S 1 60de-4474-9640 area_2 employee 10.10.10.254 AP6010DN-AGN nor 0 5S -------------------------------------------------------------------------------------------- Total: 2 - 配置WLAN业务参数# 创建名为“guest”和“employee”的安全模板,并配置安全策略。
举例中以配置WEP-40和WPA2+PSK+AES的安全策略为例,密码分别为“a1234”和“b1234567”,实际配置中请根据实际情况,配置符合实际要求的安全策略。
[AC-wlan-view] security-profile name guest [AC-wlan-sec-prof-guest] security wep share-key [AC-wlan-sec-prof-guest] wep key 0 wep-40 pass-phrase a1234 Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-sec-prof-guest]wep default-key 0 Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-sec-prof-guest] quit [AC-wlan-view] security-profile name employee [AC-wlan-sec-prof-employee] security wpa2 psk pass-phrase b1234567 aes [AC-wlan-sec-prof-employee] quit
# 创建名为“guest”和“employee”的SSID模板,并分别配置SSID名称为“guest”和“employee”。
[AC-wlan-view] ssid-profile name guest [AC-wlan-ssid-prof-guest] ssid guest Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-ssid-prof-guest] quit [AC-wlan-view] ssid-profile name employee [AC-wlan-ssid-prof-employee] ssid employee Warning: This action may cause service interruption. Continue?[Y/N]y Info: This operation may take a few seconds, please wait.done. [AC-wlan-ssid-prof-employee] quit
# 创建名为“guest”和“employee”的VAP模板,配置业务VLAN,并且引用安全模板和SSID模板。
[AC-wlan-view] vap-profile name guest [AC-wlan-vap-prof-guest] service-vlan vlan-id 101 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-guest] security-profile guest Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-guest] ssid-profile guest Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-guest] quit [AC-wlan-view] vap-profile name employee [AC-wlan-vap-prof-employee] service-vlan vlan-id 102 Info: This operation may take a few seconds, please wait.done. [AC-wlan-vap-prof-employee] security-profile employee Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-employee] ssid-profile employee Info: This operation may take a few seconds, please wait..done. [AC-wlan-vap-prof-employee] quit
# 配置AP组引用VAP模板,AP上射频都使用VAP模板的配置。
[AC-wlan-view] ap-group name guest [AC-wlan-ap-group-guest] vap-profile guest wlan 1 radio all Info: This operation may take a few seconds, please wait..done. [AC-wlan-ap-group-guest] quit [AC-wlan-view] ap-group name employee [AC-wlan-ap-group-employee] vap-profile employee wlan 1 radio all Info: This operation may take a few seconds, please wait..done. [AC-wlan-ap-group-employee] quit
- 配置动态负载均衡功能
# 创建RRM模板“loadbalance-dynamic”,在RRM模板“loadbalance-dynamic”使能动态负载均衡功能,并指定动态负载均衡的起始门限为15个,差值门限为25%。
[AC-wlan-view] rrm-profile name loadbalance-dynamic [AC-wlan-rrm-prof-loadbalance-dynamic] sta-load-balance dynamic enable [AC-wlan-rrm-prof-loadbalance-dynamic] sta-load-balance dynamic start-threshold 15 [AC-wlan-rrm-prof-loadbalance-dynamic] sta-load-balance dynamic gap-threshold 25 [AC-wlan-rrm-prof-loadbalance-dynamic] quit
# 创建2G射频模板“radio2g”,并在该模板下引用RRM模板“loadbalance-dynamic”。
[AC-wlan-view] radio-2g-profile name radio2g [AC-wlan-radio-2g-prof-radio2g] rrm-profile loadbalance-dynamic [AC-wlan-radio-2g-prof-radio2g] quit
# 创建5G射频模板“radio5g”,并在该模板下引用RRM模板“loadbalance-dynamic”。
[AC-wlan-view] radio-5g-profile name radio5g [AC-wlan-radio-5g-prof-radio5g] rrm-profile loadbalance-dynamic [AC-wlan-radio-5g-prof-radio5g] quit
# 在名为“guest”的AP组下引用5G射频模板“radio5g”和2G射频模板“radio2g”。
[AC-wlan-view] ap-group name guest [AC-wlan-ap-group-guest] radio-5g-profile radio5g radio all Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-guest] radio-2g-profile radio2g radio all Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-guest] quit
# 在名为“employee”的AP组下引用5G射频模板“radio5g”和2G射频模板“radio2g”。
[AC-wlan-view] ap-group name employee [AC-wlan-ap-group-employee] radio-5g-profile radio5g radio all Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-employee] radio-2g-profile radio2g radio all Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-ap-group-employee] quit
# 提交配置。
[AC-wlan-view] commit all Warning: Committing configuration may cause service interruption, continue?[Y/N]:y
- 验证配置结果
# STA搜索到名为“guest”的无线网络,输入密码“a1234”并正常关联后,在AC上执行命令display station ssid guest,可以查看到用户已经接入到无线网络“guest”中。
[AC-wlan-view] display station ssid guest Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ------------------------------------------------------------------------------------------ a81b-5a06-dc1e 0 area_1 0/1 2.4G 11g 7/44 -50 101 10.10.11.253 ------------------------------------------------------------------------------------------ Total: 1 2.4G: 1 5G: 0
# STA搜索到名为“employee”的无线网络,输入密码“b1234567”并正常关联后,在AC上执行命令display station ssid employee,可以查看到用户已经接入到无线网络“employee”中。
[AC-wlan-view] display station ssid employee Rf/WLAN: Radio ID/WLAN ID Rx/Tx: link receive rate/link transmit rate(Mbps) ------------------------------------------------------------------------------------------ STA MAC AP ID Ap name Rf/WLAN Band Type Rx/Tx RSSI VLAN IP address ------------------------------------------------------------------------------------------ cc3a-61cf-6344 1 area_2 0/1 2.4G 11n 36/56 -44 102 10.10.12.254 ------------------------------------------------------------------------------------------ Total: 1 2.4G: 1 5G: 0
# 在AC上执行命令display rrm-profile name loadbalance-dynamic,可以查看到动态负载均衡的配置。
[AC-wlan-view] display rrm-profile name loadbalance-dynamic ------------------------------------------------------------ Auto channel select : enable Auto transmit power select : enable PER threshold for trigger channel/power select(%) : 60 Airtime fairness schedule : disable Dynamic adjust EDCA parameter : disable Band steer deny threshold : 2 Band balance start threshold : 10 Band balance gap threshold(%) : 20 Client's band expire based on continuous probe counts : 35 Station load balance : enable Station load balance start threshold : 15 Station load balance gap threshold(%) : 25 Station load balance deny threshold : 3 ------------------------------------------------------------
# 在AC上执行命令display station load-balance sta-mac cc3a-61cf-6344查看参与动态负载均衡的AP射频。
[AC-wlan-view] display station load-balance sta-mac cc3a-61cf-6344 Station load balance status: balance ------------------------------------------------------------------------------ AP name Radio ID ------------------------------------------------------------------------------ area_2 0 area_1 0 ------------------------------------------------------------------------------ Total: 2
# 新用户想连接到AP area_1时,AC会根据AP的上报情况执行动态负载均衡算法,让新用户接入负载相对较小的AP。
配置文件
AC的配置文件
# sysname AC # vlan batch 100 to 102 # dhcp enable # interface Vlanif100 ip address 10.10.10.1 255.255.255.0 dhcp select interface # interface Vlanif101 ip address 10.10.11.1 255.255.255.0 dhcp select interface # interface Vlanif102 ip address 10.10.12.1 255.255.255.0 dhcp select interface # interface Ethernet2/0/0 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 to 102 port-isolate enable group 1 # interface Ethernet2/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 to 102 port-isolate enable group 1 # capwap source interface vlanif100 # wlan ac security-profile name guest security wep share-key wep key 0 wep-40 pass-phrase %^%#z*z]6]#!|%n:n}Xz'mhKE{PfN|cIj*eU$jJYH48S%^%# security-profile name employee security wpa2 psk pass-phrase %^%#H{1<-b]4~"*+Y:4-'/URy;$+,33UgQf)@9I(Yl]V%^%# aes ssid-profile name guest ssid guest ssid-profile name employee ssid employee vap-profile name guest service-vlan vlan-id 101 ssid-profile guest security-profile guest vap-profile name employee service-vlan vlan-id 102 ssid-profile employee security-profile employee regulatory-domain-profile name domain1 rrm-profile name loadbalance-dynamic sta-load-balance dynamic enable sta-load-balance dynamic start-threshold 15 sta-load-balance dynamic gap-threshold 25 radio-2g-profile name radio2g rrm-profile loadbalance-dynamic radio-5g-profile name radio5g rrm-profile loadbalance-dynamic ap-group name guest regulatory-domain-profile domain1 radio 0 radio-2g-profile radio2g radio-5g-profile radio5g vap-profile guest wlan 1 radio 1 radio-5g-profile radio5g vap-profile guest wlan 1 radio 2 radio-2g-profile radio2g radio-5g-profile radio5g vap-profile guest wlan 1 ap-group name employee regulatory-domain-profile domain1 radio 0 radio-2g-profile radio2g radio-5g-profile radio5g vap-profile employee wlan 1 radio 1 radio-5g-profile radio5g vap-profile employee wlan 1 radio 2 radio-2g-profile radio2g radio-5g-profile radio5g vap-profile employee wlan 1 ap-id 0 type-id 19 ap-mac 60de-4476-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group guest ap-id 1 type-id 19 ap-mac 60de-4474-9640 ap-sn 210235554710CB000075 ap-name area_2 ap-group employee # return
