中国移动局点纯BAC设备下挂SR应用组网典型配置
一、应用环境
为解决AC/IAG架构在中国移动应用中存在的网管、容量瓶颈问题,我司WX6000系列AC在B96分支版本开始支持BAC单独组网的WLAN应用架构。本配置案例为AC直接下挂SR,AC做1+1 PORTAL热备的典型应用组网。
二、注意事项
(1)纯AC单独组网,业务地址池可以选择放在SR,或者AC上。若业务地址池放在AC上,则不同的AC1+1备份组需采用单独的业务地址池。本配置案例中业务地址池放在AC上。
(2)纯AC在当前的版本(2308P10及之前) 不支持SuperVLAN应用,即业务VLAN无法做模糊终结。在单一业务VLAN的情况下,设备支持通过基于AP的精细化NAS-ID配置来区分热点。
(3)AC板卡不支持动态路由,由AC的交换单板完成和SR的动态路由对接。
(4)N+1备份环境下的纯AC组网不支持Portal热备。本配置案例采用AC1+1热备组网。
三、组网需求:
按照AC 1+1备份(PORTAL双机热备)进行组网。AC下挂同一台SR。AC使用的是WX6000系列无线控制器(WX6108E)。
四、组网图:
五、组网说明:
(1)WX6000旁挂SR(NE40),AP采用三层注册的方式向AC注册,无线用户的DHCP地址池在AC板卡上,AP通过option43方式获取AC列表,注册到AC公网地址接口;AP的地址分配方式按省公司具体情况确定,本配置案例未涉及;
(2)AC板卡之间做1+1的热备份;
(3)AC之间添加独立的心跳线。心跳线为二层线路,透传所有业务VLAN及热备VLAN等,实现AC备份及用户网关的备份。
六、配置方法:
1.配置思路
? AC上配置CMCC无线业务;业务网关终结在AC上;
? AC配置用户业务地址池;
? AC上配置Portal认证的radius策略、domain,并启用Portal 1+1热备和DHCP备份;
? AC配置静态路由指向SR;
? 交换板配置到AC业务网段的静态路由,并发布到与SR邻接的OSPF进程中;
? AC上联虚接口、用户网关配置nqa,Track互联SR地址,联动VRRP保证上联虚接口、用户网关同步切换;
? 主备AC之间互联心跳线,二层透传业务vlan及热备vlan。
2.配置步骤
(1)主AC上的配置信息:
dis cu #
version 5.20, R2308P07
#
sysname XXXX
#
clock timezone BEIJING add 08:00:00
#
super password level 3 cipher 4*>F/QZZBKF9S,G%)\D@SA!!
#
configure-user count 5
#
nas device-id 1 //Portal热备编号,主、备AC分别为1、2
#
domain default enable system
#
dhbk enable backup-type symmetric-path //Portal、DHCP热备,配置对称路径
dhbk vlan 50 //Portal、DHCP热备VLAN,不同的1+1备份组需配置不同的热备VLAN
#
portal server cmcc ip 221.176.1.140 url http://221.176.1.140:8080/wlan/index.php server-type cmcc
portal free-rule 0 source any destination ip 211.0.0.66 mask 255.255.255.255
portal device-id 0731.0371.371.00 //配置Portal的AC_NAME
#
undo ip http enable
#
wlan country-code CN
#
wlan backup-ac ip 120.0.0.244 //配置AC备份的IP地址
#
hot-backup enable domain 1 //AC热备domain
hot-backup vlan 50 //AC热备VLAN,不同的1+1备份组配置不同的热备VLAN
#
acl number 2000
description used-by-access-limit
rule 10 permit source 211.0.0.96 0.0.0.7
rule 15 permit source 211.0.0.128 0.0.0.31
#
vlan 1
#
vlan 50
description TO_HD
#
vlan 132
description TO_NE40
#
vlan 1005 to 1006
#
radius scheme cmcc //配置cmcc的radius策略
server-type extended
primary authentication 221.176.1.138 1645
primary accounting 221.176.1.138 1646
key authentication cipher abQuGU4cQTpZL8rzyG52eg==
key accounting cipher abQuGU4cQTpZL8rzyG52eg==
timer realtime-accounting 30
user-name-format keep-original
nas-ip 120.0.0.242
retry stop-accounting 10
#
domain cmcc //配置cmcc的domain
authentication portal radius-scheme cmcc
authorization portal radius-scheme cmcc
accounting portal radius-scheme cmcc
access-limit disable
state active
idle-cut enable 15 1024
self-service-url disable
#
dhcp server ip-pool cmcc //配置cmcc的业务地址池
network 223.0.0.0 mask 255.255.255.0
gateway-list 223.0.0.1
dns-list 211.138.24.66 211.138.30.66
expired day 0 hour 0 minute 30
#
user-group system
group-attribute allow-guest
#
wlan service-template 1 clear //创建cmcc服务模板
ssid CMCC
bind WLAN-ESS 1
user-isolation enable
service-template enable
#
interface Bridge-Aggregation1
description internet
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
interface Vlan-interface132 //配置和NE40、61E互联的三层接口,VRRP备份
description TO_NE40
ip address 120.0.0.243 255.255.255.240
vrrp vrid 1 virtual-ip 120.0.0.242
vrrp vrid 1 priority 120
vrrp vrid 1 track 1 reduced 50 //配置track联动VRRP
#
interface Vlan-interface1005 //配置业务网关接口,VRRP备份
description GateWay_of_CMCC
ip address 223.0.0.2 255.255.255.0
vrrp vrid 2 virtual-ip 223.0.0.1
vrrp vrid 2 priority 120
vrrp vrid 2 track 1 reduced 50 //配置track联动VRRP
portal server cmcc method direct //启用portal认证
portal domain cmcc //指定portal强制认证域
portal nas-port-type wireless
portal backup-group 1 //配置portal备份组
portal nas-ip 120.0.0.242 //配置portal nas-ip
access-user detect type arp retransmit 5 interval 120
#
interface M-GigabitEthernet1/0/0
#
interface Ten-GigabitEthernet1/0/1
description internet
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
dhcp-snooping trust
#
interface Ten-GigabitEthernet1/0/2
description internet
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
dhcp-snooping trust
#
interface WLAN-ESS1
port access vlan 1005
#
nqa entry wlan cmcc //配置nqa,跟踪上联SR三层互联口互通状态
type icmp-echo
destination ip 120.0.0.241
frequency 2000
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
#
wlan ap zz_1091_001_26 model WA2610E-GNP id 284
description 1F出货梯左转第一个房间
ap-name HAZZ-AP-3300-001-HSWA2610
trap enable
priority level 7
serial-id 219801A0CSC123010005
radio 1
channel 1
radio-policy 1
service-template 1 nas-id 1091037137100460
radio enable
#
dhcp-snooping
#
ip route-static 0.0.0.0 0.0.0.0 120.0.0.241 //配置静态路由,下一条指向SR
#
info-center source default channel 2 log level warnings
info-center loghost 211.0.0.141
info-center logbuffer size 1024
info-center logfile size-quota 10
#
snmp-agent
snmp-agent local-engineid 800063A2033822D6D5B4BF
snmp-agent community write HA.ChinaMobile
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 211.138.31.141 params securityname public v2c
#
track 1 nqa entry wlan cmcc reaction 1 //定义track
#
dhcp server forbidden-ip 223.88.17.1
#
dhcp enable
#
nqa schedule wlan cmcc start-time now lifetime forever //创建nqa schedule
#
ntp-service unicast-server 211.138.24.98 priority
ntp-service unicast-server 211.138.24.99
#
load xml-configuration
#
user-interface con 0
user-interface aux 0
authentication-mode none
user privilege level 0
user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme
user privilege level 0
protocol inbound ssh
#
return
(2)主SW板上的配置信息:
dis cu #
version 5.20, Feature 6619L09
#
sysname HAZZ-WLAN-MPU731-HSWX6108
#
super password level 3 cipher 4*>F/QZZBKF9S,G%)\D@SA!!
#
domain default enable system
#
switch-mode standard
switch-mode normal slot 2
switch-mode normal slot 3
switch-mode normal slot 4
#
acl number 2000
description used-by-access-limit
rule 10 permit source 211.0.0.96 0.0.0.7
#
vlan 1
#
vlan 50
description TO_HD
#
vlan 60
description TO_HD
#
vlan 132
description TO_NE40
#
vlan 1005 to 1006
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
monitor-link group 1 //创建monitor-link group,监控上行SR链路up/down
#
interface Bridge-Aggregation1 //与AC内联口,作为monitor-link下行口
port link-type trunk
port trunk permit vlan all
port monitor-link group 1 downlink
#
interface Bridge-Aggregation2 //与AC内联口,作为monitor-link下行口
port link-type trunk
port trunk permit vlan all
port monitor-link group 1 downlink
#
interface Bridge-Aggregation3 //主、备AC互联心跳聚合接口
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 50 60 1000 to 3000 //放通业务vlan和热备vlan
#
interface NULL0
#
interface Vlan-interface132 //与SR、AC互联的三层接口
description TO_NE40
ip address 120.0.0.248 255.255.255.240
ospf cost 15 //主、备OSPF cost分别为15、20
ospf timer hello 1
ospf authentication-mode md5 1 cipher -6DXUSR,U%GQ=^Q`MAF4<1!!
#
interface GigabitEthernet2/0/1 //与SR对接的二层物理口
port link-mode bridge
description TO-RT30-5/0/8
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 132 //放通SR互联VLAN
speed 1000
duplex full
port monitor-link group 1 uplink //与SR互联口作为monitor-link上行口
#
interface GigabitEthernet2/0/2
port link-mode bridge
#
interface GigabitEthernet2/0/24
port link-mode bridge
#
interface GigabitEthernet2/0/25 //主、备61E互联心跳线物理口,配置聚合链路
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 50 60 1000 to 3000 //放通业务vlan、热备vlan
port link-aggregation group 3
#
interface GigabitEthernet2/0/26 //主、备61E互联心跳线物理口,配置聚合链路
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 50 60 1000 to 3000 //放通业务vlan、热备vlan
port link-aggregation group 3
#
interface GigabitEthernet2/0/32
port link-mode bridge
shutdown
#
interface M-Ethernet0/0/0
#
interface Ten-GigabitEthernet3/0/1 //AC内联口,配置链路聚合
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet3/0/2 //AC内联口,配置链路聚合
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
ospf 1 router-id 120.0.0.248 //配置和SR的ospf路由协议对接
import-route static cost 15 //重发布到AC业务网段的静态路由,主、备61E交换的cost值分别为15、20
bandwidth-reference 10000
area 0.0.0.204
authentication-mode md5
network 120.0.0.240 0.0.0.15 //network SW、AC、SR互联的三层接口网段
nssa //配置nssa区域
#
ip route-static 183.0.0.0 255.255.255.0 120.0.0.242 //到AC业务网段静态路由下一条到AC与SW互联三层口vrrp虚地址
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
authentication-mode scheme
#
return
(3)备AC上的配置信息:
dis cu #
version 5.20, R2308P07
#
sysname HAZZ-WLAN-AC732-HSWX6108
#
clock timezone BEIJING add 08:00:00
#
super password level 3 cipher 4*>F/QZZBKF9S,G%)\D@SA!!
#
configure-user count 5
#
nas device-id 2 //Portal热备编号,主、备AC分别为1、2
#
domain default enable system
#
dhbk enable backup-type symmetric-path //Portal、DHCP热备,配置对称路径
dhbk vlan 50 //Portal、DHCP热备VLAN,不同的1+1备份组需配置不同的热备VLAN
#
portal server cmcc ip 221.176.1.140 url http://221.176.1.140:8080/wlan/index.php server-type cmcc
portal free-rule 0 source any destination ip 211.0.0.66 mask 255.255.255.255
portal device-id 0731.0371.371.00 //配置Portal的AC_NAME
#
undo ip http enable
#
wlan backup-ac ip 120.0.0.243 //配置AC备份的IP地址
#
hot-backup enable domain 1 //AC热备domain
hot-backup vlan 50 //AC热备VLAN,不同的1+1备份组配置不同的热备VLAN
#
acl number 2000
description used-by-access-limit
rule 10 permit source 211.138.24.96 0.0.0.7
rule 15 permit source 211.138.24.128 0.0.0.31
#
vlan 1
#
vlan 50
description TO_HD
#
vlan 132
description TO_NE40
#
vlan 1005 to 1006
#
radius scheme cmcc //配置cmcc的radius策略
server-type extended
primary authentication 221.176.1.138 1645
primary accounting 221.176.1.138 1646
key authentication cipher abQuGU4cQTpZL8rzyG52eg==
key accounting cipher abQuGU4cQTpZL8rzyG52eg==
timer realtime-accounting 30
user-name-format keep-original
nas-ip 120.0.0.242
retry stop-accounting 10
#
domain cmcc //配置cmcc的domain
authentication portal radius-scheme cmcc
authorization portal radius-scheme cmcc
accounting portal radius-scheme cmcc
access-limit disable
state active
idle-cut enable 15 1024
self-service-url disable
#
dhcp server ip-pool cmcc //配置cmcc的业务地址池
network 223.0.0.0 mask 255.255.255.0
gateway-list 223.0.0.1
dns-list 211.138.24.66 211.138.30.66
expired day 0 hour 0 minute 30
#
user-group system
group-attribute allow-guest
#
wlan service-template 1 clear //创建cmcc服务模板
ssid CMCC
bind WLAN-ESS 1
user-isolation enable
service-template enable
#
interface Bridge-Aggregation1
description internet
port link-type trunk
port trunk permit vlan all
dhcp-snooping trust
#
interface NULL0
#
interface Vlan-interface132 //配置和NE40、61E互联的三层接口,VRRP备份
description TO_NE40
ip address 120.0.0.244 255.255.255.240
vrrp vrid 1 virtual-ip 120.0.0.242
#
interface Vlan-interface1005 //配置业务网关接口,VRRP备份
description GateWay_of_CMCC
ip address 223.0.0.3 255.255.255.0
vrrp vrid 2 virtual-ip 223.0.0.1
portal server cmcc method direct //启用portal认证
portal domain cmcc //指定portal强制认证域
portal nas-port-type wireless
portal backup-group 1 //配置portal备份组
portal nas-ip 120.0.0.242 //配置portal nas-ip
access-user detect type arp retransmit 5 interval 120
#
interface M-GigabitEthernet1/0/0
#
interface Ten-GigabitEthernet1/0/1
description internet
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
dhcp-snooping trust
#
interface Ten-GigabitEthernet1/0/2
description internet
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
dhcp-snooping trust
#
interface WLAN-ESS1
port access vlan 1005
#
wlan ap zz_1091_001_26 model WA2610E-GNP id 284
description 1F出货梯左转第一个房间
ap-name HAZZ-AP-3300-001-HSWA2610
trap enable
serial-id 219801A0CSC123010005
radio 1
channel 1
radio-policy 1
service-template 1 nas-id 1091037137100460
radio enable
#
dhcp-snooping
#
ip route-static 0.0.0.0 0.0.0.0 120.0.0.241 //配置静态路由,下一条指向SR
#
info-center source default channel 2 log level warnings
info-center loghost 211.138.31.141
info-center logbuffer size 1024
info-center logfile size-quota 10
#
snmp-agent
snmp-agent local-engineid 800063A2033822D6D5B4BF
snmp-agent community write HA.ChinaMobile
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 211.138.31.141 params securityname public v2c
#
dhcp server forbidden-ip 223.88.17.1
#
dhcp enable
#
ntp-service unicast-server 211.138.24.98 priority
ntp-service unicast-server 211.138.24.99
#
load xml-configuration
#
user-interface con 0
user-interface aux 0
authentication-mode none
user privilege level 0
user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme
user privilege level 0
protocol inbound ssh
#
return
(4)备SW上的配置信息:
dis cu #
version 5.20, Feature 6619L09
#
sysname HAZZ-WLAN-MPU732-HSWX6108
#
super password level 3 cipher 4*>F/QZZBKF9S,G%)\D@SA!!
#
domain default enable system
#
telnet server enable
#
switch-mode standard
switch-mode normal slot 2
switch-mode normal slot 3
switch-mode normal slot 4
#
acl number 2000
description used-by-access-limit
rule 10 permit source 211.138.24.96 0.0.0.7
#
vlan 1
#
vlan 50
description TO_HD
#
vlan 60
description TO_HD
#
vlan 132
description TO_NE40
#
vlan 1005 to 1006
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
#
monitor-link group 1 //创建monitor-link group,监控上行SR链路up/down
#
interface Bridge-Aggregation1 //与AC内联口,作为monitor-link下行口
port link-type trunk
port trunk permit vlan all
port monitor-link group 1 downlink
#
interface Bridge-Aggregation2 //与AC内联口,作为monitor-link下行口
port link-type trunk
port trunk permit vlan all
port monitor-link group 1 downlink
#
interface Bridge-Aggregation3 //主、备AC互联心跳聚合接口
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 50 60 1000 to 3000 //放通业务vlan和热备vlan
#
interface NULL0
#
interface Vlan-interface132 //与SR、AC互联的三层接口
description TO_NE40
ip address 120.0.0.249 255.255.255.240
ospf cost 20 //主、备OSPF cost分别为15、20
ospf timer hello 1
ospf authentication-mode md5 1 cipher -6DXUSR,U%GQ=^Q`MAF4<1!!
#
interface GigabitEthernet2/0/1 //与SR对接的二层物理口
port link-mode bridge
description TO-RT30-5/0/8
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 132 //放通SR互联VLAN
speed 1000
duplex full
port monitor-link group 1 uplink //与SR互联口作为monitor-link上行口
#
interface GigabitEthernet2/0/2
port link-mode bridge
#
interface GigabitEthernet2/0/24
port link-mode bridge
#
interface GigabitEthernet2/0/25 //主、备61E互联心跳线物理口,配置聚合链路
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 50 60 1000 to 3000 //放通业务vlan、热备vlan
port link-aggregation group 3
#
interface GigabitEthernet2/0/26 //主、备61E互联心跳线物理口,配置聚合链路
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 50 60 1000 to 3000 //放通业务vlan、热备vlan
port link-aggregation group 3
#
interface GigabitEthernet2/0/32
port link-mode bridge
shutdown
#
interface M-Ethernet0/0/0
#
interface Ten-GigabitEthernet3/0/1 //AC内联口,配置链路聚合
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet3/0/2 //AC内联口,配置链路聚合
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
ospf 1 router-id 120.0.0.249 //配置和SR的ospf路由协议对接
import-route static cost 20 //重发布到AC业务网段的静态路由,主、备61E交换的cost值分别为15、20
bandwidth-reference 10000
area 0.0.0.204
authentication-mode md5
network 120.0.0.240 0.0.0.15 //network SW、AC、SR互联的三层接口网段
nssa //配置nssa区域
#
ip route-static 183.0.0.0 255.255.255.0 120.0.0.242 //到AC业务网段静态路由下一跳到AC与SW互联三层口vrrp虚地址
#
load xml-configuration
#
user-interface aux 0
user-interface vty 0 15
authentication-mode scheme
#
return
3.配置关键点
(1)主AC板上进行配置:
# 创建WLAN-ESS1接口,并进入该视图。
[AC1] interface WLAN-ESS 1
# 设置虚接口的授权的业务VLAN。
[AC1-WLAN-ESS1] port access vlan 1005
# 创建clear的服务模板。
[AC1] wlan service-template 1 clear
# 设置当前服务模板的SSID(服务模板的标识)为CMCC。
[AC1-wlan-st-1] ssid CMCC
# 将WLAN-ESS1接口绑定到服务模板1。
[AC1-wlan-st-1] bind WLAN-ESS 1
# 使能无线模板。
[AC1-wlan-st-1] service-template enable
# 在AC下绑定无线服务模板。
注意:AP的配置需要根据具体AP的型号和序列号进行配置。
# 创建AP管理模板,其名称为zz_1091_001_26,型号名称这里选择WA2610E-GNP。
[AC1] wlan ap zz_1091_001_26 model WA2610E-GNP
# 设置AP的序列号为219801A0CSC123010005。
[AC1-wlan-ap-zz_1091_001_26] serial-id 219801A0CSC123010005
# 进入radio1射频视图。
[AC1-wlan-ap-zz_1091_001_26] radio 2
# 将在AC上配置的服务模板1与射频2进行关联,并帮定nas-id属性。
[AC1-wlan-ap-zz_1091_001_26-radio-2] service-template 1 nas-id 1091037137100460
#手动指定信道为1
[AC1-wlan-ap-zz_1091_001_26-radio-2] channel 1
# 使能zz_1091_001_26的radio 1
[AC1-wlan-ap-zz_1091_001_26-radio-1] radio enable
[AC1-wlan-ap-zz_1091_001_26-radio-1] quit
[AC1-wlan-ap-zz_1091_001_26] quit
# 配置Portal热备的nas device-id,主备分别为1、2
[AC1] nas device-id 1
# 配置Portal热备份
[AC1] dhbk enable backup-type symmetric-path
[AC1] dhbk vlan 50
# 配置Portal服务器
[AC1] portal server cmcc ip 221.176.1.140 url http://221.176.1.140:8080/wlan/index.php server-type cmcc
# 配置NAS设备的AC NAME
[AC1] portal device-id 0731.0371.371.00
# 配置AC的1+1热备份
[AC1] wlan backup-ac ip 120.0.0.244
[AC1] hot-backup enable domain 1
[AC1] hot-backup vlan 50
# 配置portal业务的radius策略和认证domain域(略)
# 创建和NE40、61E交换互联的三层接口
[AC1] interface Vlan-interface132
# 配置互联三层口的vrrp备份、track联动vrrp
[AC1-Vlan-interface132] ip address 120.0.0.243 255.255.255.240
[AC1-Vlan-interface132] vrrp vrid 1 virtual-ip 120.0.0.242
[AC1-Vlan-interface132] vrrp vrid 1 priority 120
[AC1-Vlan-interface132] vrrp vrid 1 track 1 reduced 50
# 创建业务网关的三层接口
[AC1] interface Vlan-interface1005
# 配置三层业务口的vrrp备份、track联动vrrp(略)
# 三层业务口启用portal认证
[AC1-Vlan-interface1005] portal server cmcc method direct
# 配置Portal备份组
[AC1-Vlan-interface1005] portal backup-group 1
# 配置nqa跟踪上联SR三层互联口互通状态(略)
# 配置静态路由,下一跳指向SR
[AC1] ip route-static 0.0.0.0 0.0.0.0 120.0.0.241
(2)主SW板上进行配置:
# 创建monitor-link组。
[SW1] monitor-link group 1
# 配置与SR对接的二层物理口,放通互联vlan 132,且作为monitor-link组上行口。
[SW1] interface GigabitEthernet2/0/1
[SW1-GigabitEthernet2/0/1] port link-type trunk
[SW1-GigabitEthernet2/0/1] port trunk permit vlan 132
[SW1-GigabitEthernet2/0/1] port monitor-link group 1 uplink
# 配置与AC板的内联聚合接口,作为monitor-link组下行口。
[SW1] interface Bridge-Aggregation1
[SW1-Bridge-aggregation1] port monitor-link group 1 downlink
# 配置主、备AC互联心跳聚合接口,放通业务vlan和热备vlan
[SW1] interface Bridge-Aggregation3
[SW1-Bridge-aggregation3] port link-type trunk
[SW1-Bridge-aggregation3] port trunk permit vlan 50 60 1000 to 3000
# 配置与SR、AC互联的三层接口,设置ospf接口参数。
[SW1] interface Vlan-interface132
[SW1-Vlan-interface132]ip address 120.0.0.248 255.255.255.240
[SW1-Vlan-interface132]ospf cost 15
[SW1-Vlan-interface132]ospf timer hello 1
# 配置ospf路由,重发布AC业务网段静态路由到ospf进程
[SW1] ospf 1 router-id 120.0.0.248
[SW1-ospf-1] import-route static cost 15
[SW1-ospf-1] area 0.0.0.204
# ospf区域中network SW、AC、SR互联三层接口网段,并配置nssa区域。
[SW1-ospf-1-area-0.0.0.24] network 120.0.0.240 0.0.0.15
[SW1-ospf-1-area-0.0.0.24] nssa
# 配置到AC业务网段静态路由,下一跳指向AC与SW互联三层口vrrp虚地址。
[SW1] ip route-static 183.0.0.0 255.255.255.0 120.0.0.242
(3)备AC上进行配置:
# 创建WLAN-ESS1接口,并进入该视图。
[AC2] interface WLAN-ESS 1
# 设置虚接口的授权的业务VLAN。
[AC2-WLAN-ESS1] port access vlan 1005
# 创建clear的服务模板。
[AC2] wlan service-template 1 clear
# 设置当前服务模板的SSID(服务模板的标识)为CMCC。
[AC2-wlan-st-1] ssid CMCC
# 将WLAN-ESS1接口绑定到服务模板1。
[AC2-wlan-st-1] bind WLAN-ESS 1
# 使能无线模板。
[AC2-wlan-st-1] service-template enable
# 在AC下绑定无线服务模板。
注意:AP的配置需要根据具体AP的型号和序列号进行配置。
# 创建AP管理模板,其名称为zz_1091_001_26,型号名称这里选择WA2610E-GNP。
[AC2] wlan ap zz_1091_001_26 model WA2610E-GNP
# 设置AP的序列号为219801A0CSC123010005。
[AC2-wlan-ap-zz_1091_001_26] serial-id 219801A0CSC123010005
# 进入radio1射频视图。
[AC2-wlan-ap-zz_1091_001_26] radio 2
# 将在AC上配置的服务模板1与射频2进行关联,并帮定nas-id属性。
[AC2-wlan-ap-zz_1091_001_26-radio-2] service-template 1 nas-id 1091037137100460
#手动指定信道为1
[AC2-wlan-ap-zz_1091_001_26-radio-2] channel 1
# 使能zz_1091_001_26的radio 1
[AC2-wlan-ap-zz_1091_001_26-radio-1] radio enable
[AC2-wlan-ap-zz_1091_001_26-radio-1] quit
[AC2-wlan-ap-zz_1091_001_26] quit
# 配置Portal热备的nas device-id,主备分别为1、2
[AC2] nas device-id 2
# 配置Portal热备份
[AC2] dhbk enable backup-type symmetric-path
[AC2] dhbk vlan 50
# 配置Portal服务器
[AC2] portal server cmcc ip 221.176.1.140 url http://221.176.1.140:8080/wlan/index.php server-type cmcc
# 配置NAS设备的AC NAME
[AC2] portal device-id 0731.0371.371.00
# 配置AC的1+1热备份
[AC2] wlan backup-ac ip 120.0.0.243
[AC2] hot-backup enable domain 1
[AC2] hot-backup vlan 50
# 配置portal业务的radius策略和认证domain域(略)
# 创建和NE40、61E交换互联的三层接口
[AC2] interface Vlan-interface132
# 配置互联三层口的vrrp备份
[AC2-Vlan-interface132] ip address 120.0.0.244 255.255.255.240
[AC2-Vlan-interface132] vrrp vrid 1 virtual-ip 120.0.0.242
# 创建业务网关的三层接口
[AC2] interface Vlan-interface1005
# 配置三层业务口的vrrp备份 (略)
# 三层业务口启用portal认证
[AC2-Vlan-interface1005] portal server cmcc method direct
# 配置Portal备份组
[AC2-Vlan-interface1005] portal backup-group 1
# 配置nqa跟踪上联SR三层互联口互通状态(略)
# 配置静态路由,下一跳指向SR
[AC2] ip route-static 0.0.0.0 0.0.0.0 120.0.0.241
(4)备SW上进行配置:
# 创建monitor-link组。
[SW2] monitor-link group 1
# 配置与SR对接的二层物理口,放通互联vlan 132,且作为monitor-link组上行口。
[SW2] interface GigabitEthernet2/0/1
[SW2-GigabitEthernet2/0/1] port link-type trunk
[SW2-GigabitEthernet2/0/1] port trunk permit vlan 132
[SW2-GigabitEthernet2/0/1] port monitor-link group 1 uplink
# 配置与AC板的内联聚合接口,作为monitor-link组下行口。
[SW2] interface Bridge-Aggregation1
[SW2-Bridge-aggregation1] port monitor-link group 1 downlink
# 配置主、备AC互联心跳聚合接口,放通业务vlan和热备vlan
[SW2] interface Bridge-Aggregation3
[SW2-Bridge-aggregation3] port link-type trunk
[SW2-Bridge-aggregation3] port trunk permit vlan 50 60 1000 to 3000
# 配置与SR、AC互联的三层接口,设置ospf接口参数。
[SW2] interface Vlan-interface132
[SW2-Vlan-interface132]ip address 120.0.0.249 255.255.255.240
[SW2-Vlan-interface132]ospf cost 20
[SW2-Vlan-interface132]ospf timer hello 1
# 配置ospf路由,重发布AC业务网段静态路由到ospf进程
[SW2] ospf 1 router-id 120.0.0.249
[SW2-ospf-1] import-route static cost 20
[SW2-ospf-1] area 0.0.0.204
# ospf区域中network SW、AC、SR互联三层接口网段,并配置nssa区域。
[SW2-ospf-1-area-0.0.0.24] network 120.0.0.240 0.0.0.15
[SW2-ospf-1-area-0.0.0.24] nssa
# 配置到AC业务网段静态路由,下一跳指向AC与SW互联三层口vrrp虚地址。
[SW2] ip route-static 183.0.0.0 255.255.255.0 120.0.0.242
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作