VRRP热备?也可用在无线局域网
当前,企业为保证业务的正常运营,希望提高网络可靠性,同时还希望减少配置维护的工作量。为满足用户的需求,可以采用VRRP热备份下应用无线配置同步的方案。这种方案下,主、备AC通常部署在同一地理位置,但其业务切换速度非常快,可靠性比双链路热备份更高;接下来看一个实例:(华为官网)
组网拓扑
VRRP热备份场景下的无线配置同步组网图(直接转发)
组网需求
· AC组网方式:旁挂二层组网。
· DHCP部署方式:AC作为DHCP服务器为AP和STA分配IP地址。
· 业务数据转发方式:直接转发。
· 交换机集群:核心层两台交换机SwitchB和SwitchC采用集群卡集群方式进行组网,其中SwitchB为主交换机,SwitchC为备交换机。
数据规划
配置思路
1、在SwitchB、SwitchC上配置集群卡集群功能,提高核心层可靠性,并使SwitchB成为主交换机。
2、配置AP、AC和其他网络设备之间实现网络互通。
3、在AC1和AC2上配置VRRP备份组。其中,AC1上配置较高优先级,作为主用设备承担流量转发;AC2上配置较低优先级,作为备用设备。
4、配置WLAN基本业务,保证用户能够通过WLAN网络接入Internet。
5、配置双机热备份功能,将AC1上的业务信息通过备份链路批量备份和实时备份到AC2上,保证在主设备故障时业务能够不中断地顺利切换到备份设备。
6、配置VRRP热备份场景下的无线配置同步功能。
注意事项
1、纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。配置方法请参见:如何配置组播报文抑制,减小大量低速组播报文对无线网络造成的冲击?
业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。
2、建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。
3、隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。
4、配置时,用户还需关注有线网络的实际组网是否有环路存在。如果存在环路,需要为相关网元配置MSTP功能。
操作步骤
01
配置集群卡集群功能
# 配置SwitchB的集群连接方式为集群卡集群,集群ID为1,集群优先级为100。
<HUAWEI> system-view[HUAWEI] sysname SwitchB[SwitchB] set css mode css-card[SwitchB] set css id 1[SwitchB] set css priority 100# 配置SwitchC的集群连接方式为集群卡集群,集群ID为2,集群优先级为10。
<HUAWEI> system-view[HUAWEI] sysname SwitchC[SwitchC] set css mode css-card[SwitchC] set css id 2[SwitchC] set css priority 10查看SwitchB上的集群配置信息。
[SwitchB] display css status savedCurrent Id Saved Id CSS Enable CSS Mode Priority Master force ------------------------------------------------------------------------------ 1 1 Off CSS card 100查看SwitchC上的集群配置信息。
[SwitchC] display css status savedCurrent Id Saved Id CSS Enable CSS Mode Priority Master force ------------------------------------------------------------------------------ 1 2 Off CSS card 10# 使能SwitchB的集群功能并重新启动SwitchB。
[SwitchB] css enableWarning: The CSS configuration will take effect only after the system is rebooted. The next CSS mode is CSS card. Reboot now? [Y/N]:y# 使能SwitchC的集群功能并重新启动SwitchC。
[SwitchC] css enableWarning: The CSS configuration will take effect only after the system is rebooted. The next CSS mode is CSS card. Reboot now? [Y/N]:y# 通过任意主控板上的Console口本地登录集群,使用命令行查看集群组建是否成功。
<SwitchB> display deviceChassis 1 (Master Switch)S12708's Device status:Slot Sub Type Online Power Register Status Role -------------------------------------------------------------------------------1 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 5 - ET1D2G48SEC0 Present PowerOn Registered Normal NA 7 - ET1D2X16SSC0 Present PowerOn Registered Normal NA 9 - ET1D2MPUA000 Present PowerOn Registered Normal Slave 10 - ET1D2MPUA000 Present PowerOn Registered Normal Master12 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 13 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 14 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA PWR1 - - Present PowerOn Registered Normal NA PWR2 - - Present PowerOn Registered Normal NA CMU2 - EH1D200CMU00 Present PowerOn Registered Normal MasterFAN1 - - Present PowerOn Registered Normal NA FAN2 - - Present PowerOn Registered Normal NA FAN3 - - Present PowerOn Registered Normal NA FAN4 - - Present PowerOn Registered Normal NA Chassis 2 (Standby Switch)S12708's Device status:Slot Sub Type Online Power Register Status Role -------------------------------------------------------------------------------1 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 3 - ET1D2G48SEC0 Present PowerOn Registered Normal NA 4 - ET1D2X16SSC0 Present PowerOn Registered Normal NA 9 - ET1D2MPUA000 Present PowerOn Registered Normal Slave 10 - ET1D2MPUA000 Present PowerOn Registered Normal Master12 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 13 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA 14 - ET1D2SFUD000 Present PowerOn Registered Normal NA 1 EH1D2VS08000 Present PowerOn Registered Normal NA PWR1 - - Present PowerOn Registered Normal NA PWR2 - - Present PowerOn Registered Normal NA CMU1 - EH1D200CMU00 Present PowerOn Registered Normal MasterFAN1 - - Present PowerOn Registered Normal NA FAN2 - - Present PowerOn Registered Normal NA FAN3 - - Present PowerOn Registered Normal NA FAN4 - - Present PowerOn Registered Normal NA <SwitchB> display css statusCSS Enable switch On Chassis Id CSS Enable CSS Status CSS Mode Priority Master Force ------------------------------------------------------------------------------ 1 On Master CSS card 100 Off 2 On Standby CSS card 10 Off以上显示信息中,能够查看到两台成员交换机的单板状态及集群状态,表示集群建立完成。
# 查看集群链路状态是否正常。
<SwitchB> display css channel Chassis 1 || Chassis 2 --------------------------------------------------------------------------------Num [Port] [Speed] || [Speed] [Port] 1 1/1/0/1 10G 10G 2/1/0/1 2 1/1/0/2 10G 10G 2/1/0/2 3 1/1/0/3 10G 10G 2/1/0/3 4 1/1/0/4 10G 10G 2/1/0/4 5 1/1/0/5 10G 10G 2/1/0/5 6 1/1/0/6 10G 10G 2/1/0/6 7 1/1/0/7 10G 10G 2/1/0/7 8 1/1/0/8 10G 10G 2/1/0/8 9 1/12/0/1 10G 10G 2/12/0/1 10 1/12/0/2 10G 10G 2/12/0/2 11 1/12/0/3 10G 10G 2/12/0/3 12 1/12/0/4 10G 10G 2/12/0/4 13 1/12/0/5 10G 10G 2/12/0/5 14 1/12/0/6 10G 10G 2/12/0/6 15 1/12/0/7 10G 10G 2/12/0/7 16 1/12/0/8 10G 10G 2/12/0/8 17 1/13/0/1 10G 10G 2/13/0/1 18 1/13/0/2 10G 10G 2/13/0/2 19 1/13/0/3 10G 10G 2/13/0/3 20 1/13/0/4 10G 10G 2/13/0/4 21 1/13/0/5 10G 10G 2/13/0/5 22 1/13/0/6 10G 10G 2/13/0/6 23 1/13/0/7 10G 10G 2/13/0/7 24 1/13/0/8 10G 10G 2/13/0/8 25 1/14/0/1 10G 10G 2/14/0/1 26 1/14/0/2 10G 10G 2/14/0/2 27 1/14/0/3 10G 10G 2/14/0/3 28 1/14/0/4 10G 10G 2/14/0/4 29 1/14/0/5 10G 10G 2/14/0/5 30 1/14/0/6 10G 10G 2/14/0/6 31 1/14/0/7 10G 10G 2/14/0/7 32 1/14/0/8 10G 10G 2/14/0/8 --------------------------------------------------------------------------------以上显示信息中,所有集群连接的链路都显示正常,至此可以说明集群组建完全成功。
02
配置SwitchA、SwitchB、SwitchC、AC1和AC2,使AP与AC之间能够传输CAPWAP报文
# 配置SwitchA连接AP的接口GE0/0/1的PVID为VLAN100(管理VLAN)并加入VLAN100和VLAN101(业务VLAN),SwitchA连接SwitchB的接口GE0/0/2和SwitchA连接SwitchC的接口GE0/0/3加入Eth-Trunk10。
<HUAWEI> system-view[HUAWEI] sysname SwitchA[SwitchA] vlan batch 100 101[SwitchA] interface gigabitethernet 0/0/1[SwitchA-GigabitEthernet0/0/1] port link-type trunk[SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100[SwitchA-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101[SwitchA-GigabitEthernet0/0/1] port-isolate enable[SwitchA-GigabitEthernet0/0/1] quit[SwitchA] interface eth-trunk 10[SwitchA-Eth-Trunk10] port link-type trunk[SwitchA-Eth-Trunk10] undo port trunk allow-pass vlan 1[SwitchA-Eth-Trunk10] port trunk allow-pass vlan 100 101[SwitchA-Eth-Trunk10] quit[SwitchA] interface gigabitethernet 0/0/2[SwitchA-GigabitEthernet0/0/2] undo port link-type[SwitchA-GigabitEthernet0/0/2] eth-trunk 10[SwitchA-GigabitEthernet0/0/2] quit[SwitchA] interface gigabitethernet 0/0/3[SwitchA-GigabitEthernet0/0/3] undo port link-type[SwitchA-GigabitEthernet0/0/3] eth-trunk 10[SwitchA-GigabitEthernet0/0/3] quit# 配置SwitchB的接口GE1/1/0/2和SwitchC的接口GE2/1/0/2加入Eth-Trunk10,SwitchB的接口E1/1/0/1和SwitchC的接口GE2/1/0/1加入VLAN100和VLAN101。
[SwitchB] sysname CSS[CSS] vlan batch 100 101[CSS] interface gigabitethernet 1/1/0/1[CSS-GigabitEthernet1/1/0/1] port link-type trunk[CSS-GigabitEthernet1/1/0/1] undo port trunk allow-pass vlan 1[CSS-GigabitEthernet1/1/0/1] port trunk allow-pass vlan 100 101[CSS-GigabitEthernet1/1/0/1] quit[CSS] interface gigabitethernet 2/1/0/1[CSS-GigabitEthernet2/1/0/1] port link-type trunk[CSS-GigabitEthernet2/1/0/1] undo port trunk allow-pass vlan 1[CSS-GigabitEthernet2/1/0/1] port trunk allow-pass vlan 100 101[CSS-GigabitEthernet2/1/0/1] quit[CSS] interface eth-trunk 10[CSS-Eth-Trunk10] port link-type trunk[CSS-Eth-Trunk10] undo port trunk allow-pass vlan 1[CSS-Eth-Trunk10] port trunk allow-pass vlan 100 101[CSS-Eth-Trunk10] quit[CSS] interface gigabitethernet 1/1/0/2[CSS-GigabitEthernet1/1/0/2] undo port link-type[CSS-GigabitEthernet1/1/0/2] eth-trunk 10[CSS-GigabitEthernet1/1/0/2] quit[CSS] interface gigabitethernet 2/1/0/2[CSS-GigabitEthernet2/1/0/2] undo port link-type[CSS-GigabitEthernet2/1/0/2] eth-trunk 10[CSS-GigabitEthernet2/1/0/2] quit# 配置AC1连接SwitchB的接口GE0/0/1加入VLAN100和VLAN101,并配置VLANIF100和VLANIF101。
<AC6605> system-view[AC6605] sysname AC1[AC1] vlan batch 100 101[AC1] interface gigabitethernet 0/0/1[AC1-GigabitEthernet0/0/1] port link-type trunk[AC1-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1[AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101[AC1-GigabitEthernet0/0/1] quit[AC1] interface vlanif 100[AC1-Vlanif100] ip address 10.23.100.1 24[AC1-Vlanif100] quit[AC1] interface vlanif 101[AC1-Vlanif101] ip address 10.23.101.1 24[AC1-Vlanif101] quit# 配置AC2连接SwitchC的接口GE0/0/1加入VLAN100和101,并配置VLANIF100和VLANIF101。
<AC6605> system-view[AC6605] sysname AC2[AC2] vlan batch 100 101[AC2] interface gigabitethernet 0/0/1[AC2-GigabitEthernet0/0/1] port link-type trunk[AC2-GigabitEthernet0/0/1] undo port trunk allow-pass vlan 1[AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101[AC2-GigabitEthernet0/0/1] quit[AC2] interface vlanif 100[AC2-Vlanif100] ip address 10.23.100.2 24[AC2-Vlanif100] quit[AC2] interface vlanif 101[AC2-Vlanif101] ip address 10.23.101.2 24[AC2-Vlanif101] quit03
配置AC1和AC2互通
# 配置AC1连接AC2的接口GE0/0/2加入VLAN102。
[AC1] vlan batch 102[AC1] interface gigabitethernet 0/0/2[AC1-GigabitEthernet0/0/2] port link-type trunk[AC1-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1[AC1-GigabitEthernet0/0/2] port trunk allow-pass vlan 102[AC1-GigabitEthernet0/0/2] quit[AC1] interface vlanif 102[AC1-Vlanif102] ip address 10.23.102.1 24[AC1-Vlanif102] quit# 配置AC2连接AC1的接口GE0/0/2加入VLAN102。
[AC2] vlan batch 102[AC2] interface gigabitethernet 0/0/2[AC2-GigabitEthernet0/0/2] port link-type trunk[AC2-GigabitEthernet0/0/2] undo port trunk allow-pass vlan 1[AC2-GigabitEthernet0/0/2] port trunk allow-pass vlan 102[AC2-GigabitEthernet0/0/2] quit[AC2] interface vlanif 102[AC2-Vlanif102] ip address 10.23.102.2 24[AC2-Vlanif102] quit04
配置DHCP服务器
# 配置AC1作为DHCP服务器为AP和STA分配IP地址。
[AC1] dhcp enable[AC1] dhcp server database enable[AC1] dhcp server database recover[AC1] interface vlanif 100[AC1-Vlanif100] dhcp select interface[AC1-Vlanif100] dhcp server excluded-ip-address 10.23.100.2[AC1-Vlanif100] quit[AC1] interface vlanif 101[AC1-Vlanif101] dhcp select interface[AC1-Vlanif101] dhcp server excluded-ip-address 10.23.101.2[AC1-Vlanif101] quit# AC2的配置与AC1类似。
05
在AC1上配置VRRP方式的双机热备份
# 配置VRRP备份组的状态恢复延迟时间为60秒。
[AC1] vrrp recover-delay 60# 在AC1上创建管理VRRP备份组,配置AC1在该备份组中的优先级为120,并配置抢占时间为1800秒,配置备份组中Master发送VRRP报文的时间间隔为2秒。
[AC1] interface vlanif 100[AC1-Vlanif100] vrrp vrid 1 virtual-ip 10.23.100.3[AC1-Vlanif100] vrrp vrid 1 priority 120[AC1-Vlanif100] vrrp vrid 1 preempt-mode timer delay 1800[AC1-Vlanif100] admin-vrrp vrid 1[AC1-Vlanif100] vrrp vrid 1 timer advertise 2[AC1-Vlanif100] quit# 在AC1上创建业务VRRP备份组,并配置抢占时间为1800秒,配置备份组中Master发送VRRP报文的时间间隔为2秒。
[AC1] interface vlanif 101[AC1-Vlanif101] vrrp vrid 2 virtual-ip 10.23.101.3[AC1-Vlanif101] vrrp vrid 2 preempt-mode timer delay 1800[AC1-Vlanif101] vrrp vrid 2 track admin-vrrp interface vlanif 100 vrid 1 unflowdown[AC1-Vlanif101] vrrp vrid 2 timer advertise 2[AC1-Vlanif101] quit# 在AC1上创建HSB主备服务0,并配置其主备通道IP地址和端口号,配置HSB主备服务报文的重传次数和发送间隔。
[AC1] hsb-service 0[AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241[AC1-hsb-service-0] service-keep-alive detect retransmit 3 interval 6[AC1-hsb-service-0] quit# 在AC1上创建HSB备份组0,并配置其绑定HSB主备服务0和管理VRRP备份组。
[AC1] hsb-group 0[AC1-hsb-group-0] bind-service 0[AC1-hsb-group-0] track vrrp vrid 1 interface vlanif 100[AC1-hsb-group-0] quit# 配置NAC业务绑定HSB备份组。
[AC1] hsb-service-type access-user hsb-group 0# 配置WLAN业务绑定HSB备份组。
[AC1] hsb-service-type ap hsb-group 0# 配置DHCP业务绑定HSB备份组。
[AC1] hsb-service-type dhcp hsb-group 0# 使能双机热备功能。
[AC1] hsb-group 0[AC1-hsb-group-0] hsb enable[AC1-hsb-group-0] quit06
在AC2上配置VRRP方式的双机热备份
# 配置VRRP备份组的状态恢复延迟时间为60秒。
[AC2] vrrp recover-delay 60# 在AC2上创建管理VRRP备份组,配置备份组中Master发送VRRP报文的时间间隔为2秒。
[AC2] interface vlanif 100[AC2-Vlanif100] vrrp vrid 1 virtual-ip 10.23.100.3[AC2-Vlanif100] admin-vrrp vrid 1[AC2-Vlanif100] vrrp vrid 1 timer advertise 2[AC2-Vlanif100] quit# 在AC2上创建业务VRRP备份组,配置备份组中Master发送VRRP报文的时间间隔为2秒。
[AC2] interface vlanif 101[AC2-Vlanif101] vrrp vrid 2 virtual-ip 10.23.101.3[AC2-Vlanif101] vrrp vrid 2 track admin-vrrp interface vlanif 100 vrid 1 unflowdown[AC2-Vlanif101] vrrp vrid 2 timer advertise 2[AC2-Vlanif101] quit# 在AC2上创建HSB主备服务0,并配置其主备通道IP地址和端口号,配置HSB主备服务报文的重传次数和发送间隔。
[AC2] hsb-service 0[AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241[AC2-hsb-service-0] service-keep-alive detect retransmit 3 interval 6[AC2-hsb-service-0] quit# 在AC2上创建HSB备份组0,并配置其绑定HSB主备服务0和管理VRRP备份组。
[AC2] hsb-group 0[AC2-hsb-group-0] bind-service 0[AC2-hsb-group-0] track vrrp vrid 1 interface vlanif 100[AC2-hsb-group-0] quit# 配置NAC业务绑定HSB备份组。
[AC2] hsb-service-type access-user hsb-group 0# 配置WLAN业务绑定HSB备份组。
[AC2] hsb-service-type ap hsb-group 0# 配置DHCP业务绑定HSB备份组。
[AC2] hsb-service-type dhcp hsb-group 0# 使能双机热备功能。
[AC2] hsb-group 0[AC2-hsb-group-0] hsb enable[AC2-hsb-group-0] quit07
配置AC1的WLAN业务
a、配置AC1的系统参数。
[AC1] wlan[AC1-wlan-view] ap-group name ap-group1[AC1-wlan-ap-group-ap-group1] quit[AC1-wlan-view] regulatory-domain-profile name default[AC1-wlan-regulate-domain-default] country-code cn[AC1-wlan-regulate-domain-default] quit[AC1-wlan-view] ap-group name ap-group1[AC1-wlan-ap-group-ap-group1] regulatory-domain-profile defaultWarning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y [AC1-wlan-ap-group-ap-group1] quit[AC1-wlan-view] quit[AC1] capwap source ip-address 10.23.100.3b、在AC1上离线导入AP。
[AC1] wlan[AC1-wlan-view] ap auth-mode mac-auth[AC1-wlan-view] ap-id 0 ap-mac 60de-4476-e360[AC1-wlan-ap-0] ap-name area_1[AC1-wlan-ap-0] ap-group ap-group1Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configurations of the radio, Whether to continue? [Y/N]:y [AC1-wlan-ap-0] quit[AC1-wlan-view] display ap allTotal AP information:nor : normal [1]-------------------------------------------------------------------------------------ID MAC Name Group IP Type State STA Uptime-------------------------------------------------------------------------------------0 60de-4476-e360 area_1 ap-group1 10.23.100.254 AP5030DN nor 0 10S-------------------------------------------------------------------------------------Total: 1c、配置AC1的WLAN业务参数。
# 创建名为“wlan-net”的安全模板,并配置安全策略。
[AC1-wlan-view] security-profile name wlan-net[AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes[AC1-wlan-sec-prof-wlan-net] quit# 创建名为“wlan-net”的SSID模板,并配置SSID名称为“wlan-net”。
[AC1-wlan-view] ssid-profile name wlan-net[AC1-wlan-ssid-prof-wlan-net] ssid wlan-net[AC1-wlan-ssid-prof-wlan-net] quit# 创建名为“wlan-net”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
[AC1-wlan-view] vap-profile name wlan-net[AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward[AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101[AC1-wlan-vap-prof-wlan-net] security-profile wlan-net[AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net[AC1-wlan-vap-prof-wlan-net] quit# 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-net”的配置。
[AC1-wlan-view] ap-group name ap-group1[AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0[AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1[AC1-wlan-ap-group-ap-group1] quit[AC1-wlan-view] quit08
配置AC2的WLAN私有配置
# 配置AC2的源地址。
[AC2] capwap source ip-address 10.23.100.309
配置VRRP热备份场景下的无线配置同步功能
# 配置AC1上的无线配置同步功能。
[AC1] wlan[AC1-wlan-view] master controller[AC1-master-controller] master-redundancy peer-ip ip-address 10.23.102.2 local-ip ip-address 10.23.102.1 psk H@123456[AC1-master-controller] master-redundancy track-vrrp vrid 1 interface vlanif 100[AC1-master-controller] quit[AC1-wlan-view] quit# 配置AC2上的无线配置同步功能。
[AC2] wlan[AC2-wlan-view] master controller[AC2-master-controller] master-redundancy peer-ip ip-address 10.23.102.1 local-ip ip-address 10.23.102.2 psk H@123456[AC2-master-controller] master-redundancy track-vrrp vrid 1 interface vlanif 100[AC2-master-controller] quit[AC2-wlan-view] quit10
手动触发无线配置同步
# 执行命令display sync-configuration status查看无线配置同步状态信息,状态为“cfg-mismatch”。需要在Master AC上手动触发无线配置同步到Backup Master AC上。等待Backup Master AC自动重启完成。
[AC1] display sync-configuration statusController role:Master/Backup/Local------------------------------------------------------------------------------------Controller IP Role Device Type Version Status ------------------------------------------------------------------------------------10.23.102.2 Backup AC6605 V200R007C20 cfg-mismatch(config check fail) ------------------------------------------------------------------------------------Total: 1[AC1] synchronize-configurationWarning: This operation may reset the remote AC, synchronize configurations to it, and save all its configurations. Whether to continue? [Y/N]:y11
检查配置结果
a、检查VRRP。
# 完成上述配置以后,在AC1和AC2上分别执行display vrrp命令,可以看到AC1的State字段的显示为Master,AC2的State字段的显示为Backup。
[AC1] display vrrpVlanif100 | Virtual Router 1State : MasterVirtual IP : 10.23.100.3Master IP : 10.23.100.1PriorityRun : 120PriorityConfig : 120MasterPriority : 120Preempt : YES Delay Time : 1800 sTimerRun : 2 sTimerConfig : 2 sAuth type : NONEVirtual MAC : 0000-5e00-0101Check TTL : YESConfig type : admin-vrrpBackup-forward : disabledCreate time : 2020-08-17 16:58:22Last change time : 2020-08-17 16:58:25Vlanif101 | Virtual Router 2State : MasterVirtual IP : 10.23.101.3Master IP : 10.23.101.1PriorityRun : 100PriorityConfig : 100MasterPriority : 100Preempt : YES Delay Time : 1800 sTimerRun : 2 sTimerConfig : 2 sAuth type : NONEVirtual MAC : 0000-5e00-0102Check TTL : YESConfig type : member-vrrpBackup-forward : disabledCreate time : 2020-08-17 16:58:35Last change time : 2020-08-17 16:58:38
[AC2] display vrrpVlanif100 | Virtual Router 1State : BackupVirtual IP : 10.23.100.3Master IP : 10.23.100.1PriorityRun : 100PriorityConfig : 100MasterPriority : 120Preempt : YES Delay Time : 0 sTimerRun : 2 sTimerConfig : 2 sAuth type : NONEVirtual MAC : 0000-5e00-0101Check TTL : YESConfig type : admin-vrrpBackup-forward : disabledCreate time : 2020-08-17 02:31:42 UTC-07:00Last change time : 2020-08-17 02:32:21 UTC-07:00Vlanif101 | Virtual Router 2State : BackupVirtual IP : 10.23.101.3Master IP : 0.0.0.0PriorityRun : 100PriorityConfig : 100MasterPriority : 100Preempt : YES Delay Time : 0 sTimerRun : 2 sTimerConfig : 2 sAuth type : NONEVirtual MAC : 0000-5e00-0102Check TTL : YESConfig type : member-vrrpBackup-forward : disabledCreate time : 2020-08-17 02:31:42 UTC-07:00Last change time : 2020-08-17 02:32:21 UTC-07:00
# 在AC1和AC2上执行display hsb-service 0命令,查看主备服务的建立情况。可以看到Service State字段的显示为Connected,说明主备服务通道已经成功建立。
[AC1] display hsb-service 0Hot Standby Service Information:---------------------------------------------------------- Local IP Address : 10.23.102.1 Peer IP Address : 10.23.102.2 Source Port : 10241 Destination Port : 10241 Keep Alive Times : 3 Keep Alive Interval : 6 Service State : Connected Service Batch Modules : Shared-key : -----------------------------------------------------------[AC2] display hsb-service 0Hot Standby Service Information:---------------------------------------------------------- Local IP Address : 10.23.102.2 Peer IP Address : 10.23.102.1 Source Port : 10241 Destination Port : 10241 Keep Alive Times : 3 Keep Alive Interval : 6 Service State : Connected Service Batch Modules : Shared-key : -----------------------------------------------------------# 在AC1和AC2上执行display hsb-group 0命令,查看HSB备份组的运行情况。
[AC1] display hsb-group 0Hot Standby Group Information:---------------------------------------------------------- HSB-group ID : 0 Vrrp Group ID : 1 Vrrp Interface : Vlanif100 Service Index : 0 Group Vrrp Status : Master Group Status : Active Group Backup Process : Realtime Peer Group Device Name : AC6605 Peer Group Software Version : V200R007C20 Group Backup Modules : Access-user AP DHCP----------------------------------------------------------[AC2] display hsb-group 0Hot Standby Group Information:---------------------------------------------------------- HSB-group ID : 0 Vrrp Group ID : 1 Vrrp Interface : Vlanif100 Service Index : 0 Group Vrrp Status : Backup Group Status : Inactive Group Backup Process : Realtime Peer Group Device Name : AC6605 Peer Group Software Version : V200R007C20 Group Backup Modules : Access-user AP DHCP---------------------------------------------------------b、检查无线配置同步。
# 在Master AC和Backup Master AC上分别执行命令display sync-configuration status,查看无线配置同步状态信息。状态为“up”表示无线配置同步功能正常。
[AC1] display sync-configuration statusController role:Master/Backup/Local-------------------------------------------------------------------------Controller IP Role Device Type Version Status -------------------------------------------------------------------------10.23.102.2 Backup AC6605 V200R007C20 up -------------------------------------------------------------------------Total: 1[AC2] display sync-configuration statusController role:Master/Backup/Local-------------------------------------------------------------------------Controller IP Role Device Type Version Status -------------------------------------------------------------------------10.23.102.1 Master AC6605 V200R007C20 up -------------------------------------------------------------------------Total: 1c、AP下的无线接入用户可以搜索到SSID标识为“wlan-net”的WLAN网络并正常上线。
当SwitchA与SwitchB、AC1与SwitchB之间的链路中断后,AC2切换为主AC,保证业务传输的稳定性。
来源:oschina
链接:https://my.oschina.net/u/4410646/blog/4778080