H3C WA系列AP自动信道桥接配置
一、 组网需求
无线控制器(AC)、无线接入点(FIT AP),无线桥接设备(FAT AP),网管服务器(MIB Browser)。
二、 组网图
本次配置举例中使用AC为WX5004,FIT AP为WA2620i-AGN,FAT AP 为WA2220E-AG,AC作为DHCP 服务器,AP在AC上自动获取IP地址(192.168.1.0/24),并在AC上注册成功。AC对FIT AP下发桥接相关配置,FAT AP上配置好桥接参数,保证与FIT AP桥接成功。NMS通过网管软件MIB Browser设置FAT AP信道为自动信道,FAT AP通过扫描信道与FIT AP建立MESH链路并转发数据报文。
三、 特性介绍
无线网桥是无线射频技术和传统的有线网桥技术相结合的产物,无线网桥可以无缝地将相隔较远距离的局域网络连接在一起,创建统一的企业或小型城域网络系统,在最简单的网络构架中,网桥的以太网端口连接到局域网中的某个接入层的交换机上,信号发射端口则通过电缆和天线相连接,通过这样的方式实现现有网络系统的扩展。其特点就是省去了有线的架设,可以方便地将有线网络或者无线网络孤岛连接到一个现有的网络中,或者将几个有线或者无线网络的孤岛连接成一个局域网络,并在两点之间提供数据传输,而传输链路包括两个方面的内容:
? 链路的建立:通过在对等体之间交换消息来建立连接
? 链路的安全:提供PSK+CCMP的无线安全连接
在轨道交通车辆段方案上,可以采用自动信道方式建立MESH链路,解决车辆段数据传送问题。当列车回库时,列车根据压轨信号通知网管服务器更改车载MR信道为自动信道,MR切换为自动信道后,扫描各个信道桥接信号,当扫描到桥接信号之后将与轨旁的AP建立MESH链路并转发数据。车辆段轨旁AP可以部署多个不同信道,降低信道拥塞率,提高空间转发带宽,解决车辆段干扰大、带宽小的问题。
四、 配置步骤
1. AC配置信息
(1) 开启端口安全
[AC]port-security enable
(2) 使能MKD服务绑定,为Mesh Profile使能MKD服务
[AC]mkd-service enable mesh-profile 1
(3) 配置桥接接口
[AC]int wlan-mesh 1
[AC-WLAN-MESH1] port link-type trunk
[AC-WLAN-MESH1] port trunk permit vlan all
[AC-WLAN-MESH1]port-security port-mode psk
[AC-WLAN-MESH1] port-security tx-key-type 11key
[AC-WLAN-MESH1]port-security preshared-key pass-phrase mesh1234
(4) 配置桥接mesh-profile
[AC]wlan mesh-profile 1
[AC-wlan-mshp-1]mesh-id mesh1
[AC-wlan-mshp-1]bind WLAN-MESH 1
[AC-wlan-mshp-1]mesh-profile enable
(5) 配置AP模板
[AC]wlan ap 1 model WA2620i-AGN id 1
[AC-wlan-ap-1] serial-id 5866-BA6B-F2C0
[AC-wlan-ap-1] portal-service enable
[AC-wlan-ap-1]radio 1
[AC-wlan-ap-1-radio-1] channel 149
[AC-wlan-ap-1-radio-1] mesh-profile 1
[AC-wlan-ap-1-radio-1] radio enable
2. FAT(车载MR)配置
(1) 开启端口安全
[MR]port-security enable
(2) 配置桥接接口
[MR]int wlan-mesh 1
[MR-WLAN-MESH1] port link-type trunk
[MR-WLAN-MESH1] port trunk permit vlan all
[MR-WLAN-MESH1]port-security port-mode psk
[MR-WLAN-MESH1] port-security tx-key-type 11key
[MR-WLAN-MESH1]port-security preshared-key pass-phrase mesh1234
(3) 配置桥接mesh-profile
[MR]wlan mesh-profile 1
[MR-wlan-mshp-1]mesh-id mesh1
[MR-wlan-mshp-1]bind WLAN-MESH 1
[MR-wlan-mshp-1]mesh-profile enable
(4) 射频口绑定信息
[MR-WLAN-Radio1/0/1] mesh-profile 1
3. 网管设置车载AP为自动信道
h3cDot11RadioCfgChannel :1.3.6.1.4.1.2011.10.2.75.4.4.1.1.10
在网管软件MiB Browser上找到节点,右击选择set:
点击set之后弹出新的对话框,instance对于数值3和4分别代表射频1和射频2,选择桥接的射频并设值:
点击instance数值之后弹出新的对话框,按照下面步骤设值
设值之后,网管软件反馈设值之后的数值,数值0代表自动信道:
***** SNMP SET-RESPONSE START *****
1: h3cDot11RadioCfgChannel.3 (H3cDot11ChannelScopeType) 0
***** SNMP SET-RESPONSE END *****
在轨道交通车辆段应用中,当车辆进入车辆段时,MR(FAT AP)的信道由固定信道切换至可变自动信道,在这个过程中原有MESH链路会断开,相关日志:
#Aug 13 15:17:22:956 2013 MR IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.3
: Interface 13369344 is Down, ifAdminStatus is 1, ifOperStatus is 2 %Aug 13 15:17:22:957 2013 MR IFNET/3/LINK_UPDOWN: WLAN-MESHLINK4 link status is DOWN.
%Aug 13 15:17:22:957 2013 MR WMSH/6/WMESH_PEER_LINK_CLOSED: Peer link is closed with neighbor 5866-ba6b-f2c0 for reason:LINK_CANCELLED.
而MR(FAT AP)会扫描信道,并建立新的MESH链路:
%Aug 13 15:17:28:034 2013 MR WMAC/6/WMAC_CHANNEL_CHANGE: Channel change for APID 1, RadioId 1 from channel 0 to channel 165.
#Aug1315:17:54:9942013MRWMAC/4/ChannelChange: Channel:1.3.6.1.4.1.2011.10.2.75.2.3.0.5
Serial Id:210235A29FB094000055 Serial Id:210235A29FB094000055 Radio Id:12386305 ChangeMode:2 Old:165 New:0 Count:2 %Aug 13 15:17:54:995 2013 MR WMAC/6/WMAC_CHANNEL_CHANGE: Channel change for APID 1, RadioId 1 from channel 165 to channel 0.
#Aug 13 15:17:57:465 2013 MR IFNET/4/INTERFACE UPDOWN:
Trap 1.3.6.1.6.3.1.1.5.4
: Interface 13369344 is Up, ifAdminStatus is 1, ifOperStatus is 1 %Aug 13 15:17:57:466 2013 MR IFNET/3/LINK_UPDOWN: WLAN-MESHLINK6 link status is UP.
%Aug 13 15:17:57:466 2013 MR WMSH/6/WMESH_PEER_LINK_ESTABLISH: Peer link is established with neighbor 5866-ba6b-f2c0 in MESH h3c,on radio 1 with BSSID 000f-e2fb-f8e0.
%Aug 13 15:17:57:486 2013 MR WMSH/6/WMESH_AUTH_SUCCESS: Authentication success with neighbor 5866-ba6b-f2c0 in MESH h3c,on radio 1 with BSSID 000f-e2fb-f8e0.
#Aug13 15:17:58:008 2013 MR WMAC/4/Channel Change: Channel:1.3.6.1.4.1.2011.10.2.75.2.3.0.5
Serial Id:210235A29FB094000055 Serial Id:210235A29FB094000055 Radio Id:12386305 ChangeMode:2 Old:0 New:149 Count:3 %Aug 13 15:17:58:009 2013 MR WMAC/6/WMAC_CHANNEL_CHANGE: Channel change for APID 1, RadioId 1 from channel 0 to channel 149.
五、 配置信息:
1. AC配置信息
display current-configuration #
version 5.20, Release 2507P18
#
sysname AC
#
domain default enable system
#
telnet server enable
#
port-security enable
#
password-recovery enable
#
vlan 1
#
vlan 2
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool 1
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$c4L1HLDZysGa7aqT0aMAtJ4t1fQpw3KL
authorization-attribute level 3
service-type telnet
#
wlan mesh-profile 1
mesh-id h3c
bind WLAN-MESH 1
mesh-profile enable
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan ap-group default_group
ap ap1
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk permit vlan 1 3 to 4094
#
interface Ten-GigabitEthernet1/0/5
#
interface WLAN-MESH1
port link-type trunk
port trunk permit vlan all
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$cXqAkh+F7V0/MmTapJ0tk8XM3OMV/BMiy9AI
#
wlan ap ap1 model WA2620i-AGN id 1
serial-id 5866-BA6B-F2C0
portal-service enable
radio 1
channel 149
mesh-profile 1
radio enable
radio 2
radio enable
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
undo info-center logfile enable
#
dhcp enable
#
mkd-service enable mesh-profile 1
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
2. MR配置信息
display current-configuration #
version 5.20, Feature 1117P17
#
sysname MR
#
domain default enable system
#
telnet server enable
#
port-security enable
#
password-recovery enable
#
vlan 1
#
vlan 2
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$BcBPzkTT/3nGrNIPRy/ZlGOYjw7fCH7LGkpyUTg=
authorization-attribute level 3
service-type telnet
#
wlan mesh-profile 1
mesh-id h3c
bind WLAN-MESH 1
mesh-profile enable
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
interface NULL0
#
interface Vlan-interface1
ip address dhcp-alloc
#
interface Vlan-interface2
ip address 192.168.2.2 255.255.255.0
#
interface Ethernet1/0/1
port link-type trunk
port trunk permit vlan all
#
interface WLAN-MESH1
port link-type trunk
port trunk permit vlan all
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$hCExxOrUqQDAHtoNnmBMe/57F1tx3CrR4ELn
#
interface WLAN-Radio1/0/1
mesh-profile 1
#
interface WLAN-Radio1/0/2
#
snmp-agent
snmp-agent local-engineid 800063A203000FE2FBF8E0
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
arp-snooping enable
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
六、 结果验证:
1. 查看MESH链路
display wlan mesh-link all Peer Link Information
-------------------------------------------------------------------------------
Nbr-Mac(rssi) BSSID Interface Link-state Uptime(hh:mm:ss)
-------------------------------------------------------------------------------
5866-ba6b-f2c0(43) 000f-e2fb-f8e0 WLAN-MESHLINK7 Active 0: 3:40
-------------------------------------------------------------------------------
2. MR自动获取IP地址,能够与AC通信
ping 192.168.1.1 PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=2 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=2 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=2 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/3 ms
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作