H3C无线控制器-双链路备份技术

【拓扑】

【需求】

AP和无线终端是通过DHCP方式获取IP

AP的网关在HJ

无线终端的网关在Core

无线业务是集中转发

AC1和AC2之间使用双链路备份技术来提高冗余

VLAN20：10.0.20.0/24（DHCP服务器）

VLAN25：10.0.25.0/24（AC）

VLAN12：10.0.12.0/24（互联地址）

VLAN60：10.0.60.0/24（AP管理地址）

VLAN70：10.0.70.0/24（AP管理地址）

VLAN100：10.0.100.0/24（office业务地址）

VLAN110：10.0.110.0/24（prd业务地址）

【配置】

-----------------------DHCP服务器------------

#

 dhcp enable

#

vlan 20

#

dhcp server ip-pool net60

 gateway-list 10.0.60.1

 network 10.0.60.0 mask 255.255.255.0

 dns-list 114.114.114.114

 expired day 0 hour 8

 option 43 hex 800b0000020a00190b0a00190c

#

dhcp server ip-pool net70

 gateway-list 10.0.70.1

 network 10.0.70.0 mask 255.255.255.0

 dns-list 114.114.114.114

 expired day 0 hour 8

 option 43 hex 800b0000020a00190b0a00190c

#

dhcp server ip-pool net100

 gateway-list 10.0.100.1

 network 10.0.100.0 mask 255.255.255.0

 dns-list 114.114.114.114

 expired day 0 hour 8

#

dhcp server ip-pool net110

 gateway-list 10.0.110.1

 network 10.0.110.0 mask 255.255.255.0

 dns-list 114.114.114.114

 expired day 0 hour 8

#

interface Vlan-interface20

 ip address 10.0.20.10 255.255.255.0

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 20

 combo enable fiber

#

 ip route-static 0.0.0.0 0 10.0.20.1

-----------------------Core交换机------------

ospf 1 router-id 1.1.1.1

 area 0.0.0.0

  network 10.0.12.1 0.0.0.0

  network 10.0.20.1 0.0.0.0

  network 10.0.25.1 0.0.0.0

#

 dhcp enable

#

vlan 12

#

vlan 20

#

vlan 25

#

vlan 100

#

vlan 110

#

interface Vlan-interface12

 ip address 10.0.12.1 255.255.255.0

 ospf network-type p2p

#

interface Vlan-interface20

 ip address 10.0.20.1 255.255.255.0

#

interface Vlan-interface25

 ip address 10.0.25.1 255.255.255.0

#

interface Vlan-interface100

 ip address 10.0.100.1 255.255.255.0

 ospf 1 area 0.0.0.0

 dhcp select relay

 dhcp relay server-address 10.0.20.10

#

interface Vlan-interface110

 ip address 10.0.110.1 255.255.255.0

 ospf 1 area 0.0.0.0

 dhcp select relay

 dhcp relay server-address 10.0.20.10

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 25 100 110

 combo enable fiber

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 25 100 110

 combo enable fiber

#

interface GigabitEthernet1/0/3

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 12

 combo enable fiber

#

interface GigabitEthernet1/0/4

 port link-mode bridge

 port access vlan 20

 combo enable fiber

#

-----------------------HJ交换机------------

ospf 1 router-id 2.2.2.2

 area 0.0.0.0

  network 10.0.12.2 0.0.0.0

  network 10.0.60.1 0.0.0.0

  network 10.0.70.1 0.0.0.0

#

 dhcp enable

#

 dhcp snooping enable

#

vlan 12

#

vlan 60

#

vlan 70

#

interface Vlan-interface12

 ip address 10.0.12.2 255.255.255.0

 ospf network-type p2p

#

interface Vlan-interface60

 ip address 10.0.60.1 255.255.255.0

 dhcp select relay

 dhcp relay server-address 10.0.20.10

#

interface Vlan-interface70

 ip address 10.0.70.1 255.255.255.0

 dhcp select relay

 dhcp relay server-address 10.0.20.10

#

interface GigabitEthernet1/0/1

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 12

 combo enable fiber

 dhcp snooping trust

#

interface GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 60

 combo enable fiber

#

interface GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 70

 combo enable fiber

#

-----------------------AC1------------

vlan 25

#

vlan 100

#

vlan 110

#

wlan service-template office

 ssid office

 akm mode psk

 preshared-key pass-phrase cipher $c$3$WfQ37wqd2o8TLxruBlpU2SsVxxkr7dGgS0dRbw==

 cipher-suite ccmp

 security-ie rsn

 service-template enable

#

wlan service-template prd

 ssid prd

 akm mode psk

 preshared-key pass-phrase cipher $c$3$qhW2B3aegbcIZEH4dqc6RiGEYt0agb+noj91TA==

 cipher-suite ccmp

 security-ie rsn

 service-template enable

#

interface Vlan-interface25

 ip address 10.0.25.11 255.255.255.0

#

interface GigabitEthernet1/0/0

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 25 100 110

 combo enable fiber

#

 ip route-static 0.0.0.0 0 10.0.25.1

#

wlan ap-group default-group

 priority 7

 wlan tunnel-preempt enable

 backup-ac ip 10.0.25.12

 vlan 1

 ap-mode fit

 ap-model WA6320-HCL

  radio 1

  radio 2

  gigabitethernet 1

#

wlan ap AP1 model WA6320-HCL

 serial-id H3C_24-41-C1-4A-05-00

 vlan 1

 radio 1

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 radio 2

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 gigabitethernet 1

#

wlan ap AP2 model WA6320-HCL

 serial-id H3C_24-41-C7-87-06-00

 vlan 1

 radio 1

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 radio 2

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 gigabitethernet 1

#

-----------------------AC2------------

vlan 25

#

vlan 100

#

vlan 110

#

wlan service-template office

 ssid office

 akm mode psk

 preshared-key pass-phrase cipher $c$3$lyCMUkYMO4R4kEg7m8mUu3kgS7knJJWjpfTzgg==

 cipher-suite ccmp

 security-ie rsn

 service-template enable

#

wlan service-template prd

 ssid prd

 akm mode psk

 preshared-key pass-phrase cipher $c$3$Hwo3ZqgOeJdWZScfyPrTNgMWlKSUBdl2uQhdag==

 cipher-suite ccmp

 security-ie rsn

 service-template enable

#

interface Vlan-interface25

 ip address 10.0.25.12 255.255.255.0

#

interface GigabitEthernet1/0/0

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 25 100 110

 combo enable fiber

#

 ip route-static 0.0.0.0 0 10.0.25.1

#

wlan ap AP1 model WA6320-HCL

 serial-id H3C_24-41-C1-4A-05-00

 vlan 1

 radio 1

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 radio 2

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 gigabitethernet 1

#

wlan ap AP2 model WA6320-HCL

 serial-id H3C_24-41-C7-87-06-00

 vlan 1

 radio 1

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 radio 2

  radio enable

  service-template office vlan 100

  service-template prd vlan 110

 gigabitethernet 1

#

【效果】

模拟AC 1故障，将AC 1的Vlan-interface25接口关闭，等待一段时间（根据CAPWAP隧道保活时间而定，默认为30秒，集中转发模式时，期间流量会中断），AP会切换至AC 2上线，在AC 2上通过display wlan ap all命令查看AP的状态为R/M。

capwap隧道定时器过期后

当AC1从故障恢复后，需要等待10分钟，AP才能重新连接到AC1上。