今天继续给大家介绍WLAN相关内容,本文主要内容是利用VRRP实现AC双机备份的详细原理,并使用华为eNSP模拟器,实现了一个典型场景下的配置实例。
一、VRRP实现AC双机备份原理详解
VRRP可以配置在WLAN中,实现AC的双机备份,防止AC设备单点故障,以提升网络的健壮性。
在VRRP方式实现AC双机热备场景下,两个AC之间建立VRRP并对外映射为一个虚拟IP地址,AP寻找AC时AC使用该虚拟IP地址进行响应,最终结果为AP与VRRP组的主AC的虚拟IP地址之间建立CAPWAP隧道。AC之间会通过HSB主备服务同步配置。
在这种配置下,HSB主备服务负责在两个互为备份的设备之间建立主备备份通道,并维护主备通道的链路状态,为其他业务提供其它的收发服务,并在备份链路上发生故障时通知主备备份进行相应的处理。因此,HSB的主要作用有两点,一是建立主备备份通道,而是维护主备通道的链路状态。
二、实验拓扑与目的
下面,我使用华为eNSP模拟器,实现VRRP配置AC双链路备份的配置实例,实验拓扑如下所示:
实验拓扑图如上所示,AC和AP采用三层组网、隧道转发配置,实验要求按照图中要求完成VRRP实现AC双机备份配置。
三、实验配置过程
本实验需要在配置完WLAN基础配置结束后进行,如果您对WLAN基本配置还存在疑惑,欢迎查阅文章:WLAN配置实例(一)——二层组网直接转发、WLAN配置实例(二)——三层组网隧道转发,或者查阅本文最后的设备配置命令,但是关于WLAN的具体配置在这里就不详细介绍了。
VRRP实现AC双机热备主要有以下四步:
(一)VLANif接口配置VRRP
首先,在配置CAPWAP源端口时,必须要指定VRRP的虚拟IP地址,而不能使用指定接口的方式,否则AC设备对于AP设备发送的目的地址是VRRP虚拟IP地址的CAPWAP Discover包将不予响应。此外,在CAPWAP源端口的VLANif接口上,必须配置admin-vrrp vrid 1,表示使用VRRP控制HSB。相关配置命令如下所示:
capwap source ip-address 192.168.150.100#interface Vlanif150ip address 192.168.150.101 255.255.255.0vrrp vrid 1 virtual-ip 192.168.150.100admin-vrrp vrid 1 #
(二)HSB服务配置
在配置HSB服务时,必须在AC1和AC2设备上指定的本端、对端IP地址和端口号必须要对应起来,否则可能会配置失败。HSB服务相关配置如下:
#hsb-service 0service-ip-port local-ip 192.168.150.101 peer-ip 192.168.150.102 local-data-port 20001 peer-data-port 20002service-keep-alive detect retransmit 3 interval 6#hsb-service-type access-user hsb-group 0#hsb-service-type ap hsb-group 0#
(三)HSB组配置
HSB组配置需要在HSB Service配置完成的基础上进行,在配置时要特别注意,如果已经配置了hsb enable命令,则AC设备不会允许配置HSB Service,因此如果在HSB组配置完成后发现要修改HSBService,则必须先undo hsb enable,才可以进行修改。HSB组相关配置如下所示:
hsb-group 0track vrrp vrid 1 interface Vlanif150bind-service 0hsb enable#
(四)DHCP服务器配置
配置DHCP服务器按照正常WLAN三层组网时的配置即可,但是在这里要特别注意,在配置option43参数时,指向的IP地址是VRRP的虚拟IP地址。
dhcp enable#ip pool acgateway-list 192.168.100.254network 192.168.100.0 mask 255.255.255.0option 43 sub-option 3 ascii 192.168.150.100#interface Vlanif100ip address 192.168.100.254 255.255.255.0dhcp select global#
四、实验效果
(一)配置完成后通信正常
(二)VRRP和CAPWAP数据包如下
(三)查看VRRP组结果
(四)查看HSB Service结果
(五)查看HSB Group结果
五、附录——实验相关配置命令
下面,我将上述实验中各设备主要配置命令附录如下:
AR1:
interface GigabitEthernet0/0/0ip address 192.168.200.2 255.255.255.0 #ip route-static 0.0.0.0 0.0.0.0 192.168.200.1
LSW1:
vlan batch 10 20 100 150 200#dhcp enableip pool acgateway-list 192.168.100.254network 192.168.100.0 mask 255.255.255.0option 43 sub-option 3 ascii 192.168.150.100#interface Vlanif10ip address 192.168.10.254 255.255.255.0dhcp select interface#interface Vlanif20ip address 192.168.20.254 255.255.255.0dhcp select interface#interface Vlanif100ip address 192.168.100.254 255.255.255.0dhcp select global#interface Vlanif150ip address 192.168.150.254 255.255.255.0#interface Vlanif200ip address 192.168.200.1 255.255.255.0#interface GigabitEthernet0/0/1port link-type accessport default vlan 200#interface GigabitEthernet0/0/2port link-type trunkport trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/3port link-type trunkport trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/4port link-type trunkport trunk allow-pass vlan 2 to 4094
LSW2:
vlan batch 10 20 100#interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/2port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 2 to 4094#interface GigabitEthernet0/0/3port link-type trunkport trunk pvid vlan 100port trunk allow-pass vlan 2 to 4094
AC1:
vlan batch 10 20 100 150#interface Vlanif150ip address 192.168.150.101 255.255.255.0vrrp vrid 1 virtual-ip 192.168.150.100admin-vrrp vrid 1 #interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 4094#ip route-static 0.0.0.0 0.0.0.0 192.168.150.254#capwap source ip-address 192.168.150.100#hsb-service 0service-ip-port local-ip 192.168.150.101 peer-ip 192.168.150.102 local-data-port 20001 peer-data-port 20002service-keep-alive detect retransmit 3 interval 6#hsb-group 0track vrrp vrid 1 interface Vlanif150bind-service 0hsb enable#hsb-service-type access-user hsb-group 0#hsb-service-type ap hsb-group 0#wlantraffic-profile name defaultsecurity-profile name 1security-profile name 2security-profile name defaultsecurity-profile name default-wdssecurity-profile name default-meshssid-profile name 1ssid huawei-1ssid-profile name 2ssid huawei-2ssid-profile name defaultvap-profile name 1forward-mode tunnelservice-vlan vlan-id 10ssid-profile 1security-profile 1vap-profile name 2forward-mode tunnelservice-vlan vlan-id 20ssid-profile 2security-profile 2vap-profile name defaultwds-profile name defaultmesh-handover-profile name defaultmesh-profile name defaultregulatory-domain-profile name 1regulatory-domain-profile name defaultair-scan-profile name defaultrrm-profile name defaultradio-2g-profile name defaultradio-5g-profile name defaultwids-spoof-profile name defaultwids-profile name defaultwireless-access-specificationap-system-profile name defaultport-link-profile name defaultwired-port-profile name defaultserial-profile name preset-enjoyor-toeap ap-group name defaultap-id 0 type-id 56 ap-mac 00e0-fcc3-7df0 ap-sn 21023544831005280875regulatory-domain-profile 1radio 0vap-profile 1 wlan 1channel 20mhz 1ap-id 1 type-id 56 ap-mac 00e0-fc50-5f60 ap-sn 2102354483106175AD53regulatory-domain-profile 1radio 0vap-profile 2 wlan 1channel 20mhz 6provision-ap#
AC2:
vlan batch 10 20 100 150#interface Vlanif150ip address 192.168.150.102 255.255.255.0vrrp vrid 1 virtual-ip 192.168.150.100admin-vrrp vrid 1 #interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 2 to 4094#ip route-static 0.0.0.0 0.0.0.0 192.168.150.254#capwap source ip-address 192.168.150.100#hsb-service 0service-ip-port local-ip 192.168.150.102 peer-ip 192.168.150.101 local-data-port 20002 peer-data-port 20001service-keep-alive detect retransmit 3 interval 6#hsb-group 0track vrrp vrid 1 interface Vlanif150bind-service 0hsb enable#hsb-service-type access-user hsb-group 0#hsb-service-type ap hsb-group 0#wlantraffic-profile name defaultsecurity-profile name 1security-profile name 2security-profile name defaultsecurity-profile name default-wdssecurity-profile name default-meshssid-profile name 1ssid huawei-1ssid-profile name 2ssid huawei-2ssid-profile name defaultvap-profile name 1forward-mode tunnelservice-vlan vlan-id 10ssid-profile 1security-profile 1vap-profile name 2forward-mode tunnelservice-vlan vlan-id 20ssid-profile 2security-profile 2vap-profile name defaultwds-profile name defaultmesh-handover-profile name defaultmesh-profile name defaultregulatory-domain-profile name 1regulatory-domain-profile name defaultair-scan-profile name defaultrrm-profile name defaultradio-2g-profile name defaultradio-5g-profile name defaultwids-spoof-profile name defaultwids-profile name defaultwireless-access-specificationap-system-profile name defaultport-link-profile name defaultwired-port-profile name defaultserial-profile name preset-enjoyor-toeap ap-group name defaultap-id 0 type-id 56 ap-mac 00e0-fcc3-7df0 ap-sn 21023544831005280875regulatory-domain-profile 1radio 0vap-profile 1 wlan 1channel 20mhz 1ap-id 1 type-id 56 ap-mac 00e0-fc50-5f60 ap-sn 2102354483106175AD53regulatory-domain-profile 1radio 0vap-profile 2 wlan 2channel 20mhz 6provision-ap#
原创不易,转载请说明出处:/weixin_40228200/article/details/120443622
