H3C WA系列AP自动信道桥接配置

H3C WA系列AP自动信道桥接配置

一、    组网需求

无线控制器（AC）、无线接入点（FIT AP），无线桥接设备（FAT AP），网管服务器（MIB Browser）。

二、    组网图

本次配置举例中使用AC为WX5004，FIT AP为WA2620i-AGN，FAT AP 为WA2220E-AG，AC作为DHCP 服务器，AP在AC上自动获取IP地址（192.168.1.0/24），并在AC上注册成功。AC对FIT AP下发桥接相关配置，FAT AP上配置好桥接参数，保证与FIT AP桥接成功。NMS通过网管软件MIB Browser设置FAT AP信道为自动信道，FAT AP通过扫描信道与FIT AP建立MESH链路并转发数据报文。

三、    特性介绍

无线网桥是无线射频技术和传统的有线网桥技术相结合的产物，无线网桥可以无缝地将相隔较远距离的局域网络连接在一起，创建统一的企业或小型城域网络系统，在最简单的网络构架中，网桥的以太网端口连接到局域网中的某个接入层的交换机上，信号发射端口则通过电缆和天线相连接,通过这样的方式实现现有网络系统的扩展。其特点就是省去了有线的架设，可以方便地将有线网络或者无线网络孤岛连接到一个现有的网络中，或者将几个有线或者无线网络的孤岛连接成一个局域网络，并在两点之间提供数据传输，而传输链路包括两个方面的内容：

?  链路的建立：通过在对等体之间交换消息来建立连接

?  链路的安全：提供PSK＋CCMP的无线安全连接

在轨道交通车辆段方案上，可以采用自动信道方式建立MESH链路，解决车辆段数据传送问题。当列车回库时，列车根据压轨信号通知网管服务器更改车载MR信道为自动信道，MR切换为自动信道后，扫描各个信道桥接信号，当扫描到桥接信号之后将与轨旁的AP建立MESH链路并转发数据。车辆段轨旁AP可以部署多个不同信道，降低信道拥塞率，提高空间转发带宽，解决车辆段干扰大、带宽小的问题。

四、    配置步骤

1.   AC配置信息

(1) 开启端口安全

[AC]port-security enable

(2) 使能MKD服务绑定，为Mesh Profile使能MKD服务

[AC]mkd-service  enable  mesh-profile  1

(3) 配置桥接接口

[AC]int wlan-mesh 1

[AC-WLAN-MESH1] port link-type trunk

[AC-WLAN-MESH1] port trunk permit vlan all

[AC-WLAN-MESH1]port-security port-mode psk

[AC-WLAN-MESH1] port-security tx-key-type 11key

[AC-WLAN-MESH1]port-security preshared-key pass-phrase mesh1234

(4) 配置桥接mesh-profile

[AC]wlan mesh-profile  1

[AC-wlan-mshp-1]mesh-id mesh1

[AC-wlan-mshp-1]bind WLAN-MESH 1

[AC-wlan-mshp-1]mesh-profile enable

(5) 配置AP模板

[AC]wlan ap 1 model WA2620i-AGN id 1

[AC-wlan-ap-1] serial-id 5866-BA6B-F2C0

[AC-wlan-ap-1] portal-service enable

[AC-wlan-ap-1]radio 1

[AC-wlan-ap-1-radio-1] channel 149

[AC-wlan-ap-1-radio-1] mesh-profile 1

[AC-wlan-ap-1-radio-1] radio enable

2.  FAT（车载MR）配置

(1) 开启端口安全

[MR]port-security enable

(2) 配置桥接接口

[MR]int wlan-mesh 1

[MR-WLAN-MESH1] port link-type trunk

[MR-WLAN-MESH1] port trunk permit vlan all

[MR-WLAN-MESH1]port-security port-mode psk

[MR-WLAN-MESH1] port-security tx-key-type 11key

[MR-WLAN-MESH1]port-security preshared-key pass-phrase mesh1234

(3) 配置桥接mesh-profile

[MR]wlan mesh-profile  1

[MR-wlan-mshp-1]mesh-id mesh1

[MR-wlan-mshp-1]bind WLAN-MESH 1

[MR-wlan-mshp-1]mesh-profile enable

(4) 射频口绑定信息

[MR-WLAN-Radio1/0/1] mesh-profile 1

3.   网管设置车载AP为自动信道

h3cDot11RadioCfgChannel ：1.3.6.1.4.1.2011.10.2.75.4.4.1.1.10

在网管软件MiB Browser上找到节点，右击选择set：

点击set之后弹出新的对话框，instance对于数值3和4分别代表射频1和射频2，选择桥接的射频并设值：

点击instance数值之后弹出新的对话框，按照下面步骤设值

设值之后，网管软件反馈设值之后的数值，数值0代表自动信道：

***** SNMP SET-RESPONSE START *****

1: h3cDot11RadioCfgChannel.3 (H3cDot11ChannelScopeType) 0

***** SNMP SET-RESPONSE END *****

 

在轨道交通车辆段应用中，当车辆进入车辆段时，MR（FAT AP）的信道由固定信道切换至可变自动信道，在这个过程中原有MESH链路会断开，相关日志：

#Aug 13 15:17:22:956 2013 MR IFNET/4/INTERFACE UPDOWN:

 Trap 1.3.6.1.6.3.1.1.5.3: Interface 13369344 is Down, ifAdminStatus is 1, ifOperStatus is 2 

%Aug 13 15:17:22:957 2013 MR IFNET/3/LINK_UPDOWN: WLAN-MESHLINK4 link status is DOWN.

%Aug 13 15:17:22:957 2013 MR WMSH/6/WMESH_PEER_LINK_CLOSED:  Peer link is closed with neighbor 5866-ba6b-f2c0 for reason:LINK_CANCELLED.

 

而MR（FAT AP）会扫描信道，并建立新的MESH链路：

%Aug 13 15:17:28:034 2013 MR WMAC/6/WMAC_CHANNEL_CHANGE:  Channel change for APID 1, RadioId 1 from channel 0 to channel 165.

#Aug1315:17:54:9942013MRWMAC/4/ChannelChange: Channel:1.3.6.1.4.1.2011.10.2.75.2.3.0.5 Serial Id:210235A29FB094000055 Serial Id:210235A29FB094000055 Radio Id:12386305 ChangeMode:2 Old:165 New:0 Count:2

%Aug 13 15:17:54:995 2013 MR WMAC/6/WMAC_CHANNEL_CHANGE:  Channel change for APID 1, RadioId 1 from channel 165 to channel 0.

#Aug 13 15:17:57:465 2013 MR IFNET/4/INTERFACE UPDOWN:

 Trap 1.3.6.1.6.3.1.1.5.4: Interface 13369344 is Up, ifAdminStatus is 1, ifOperStatus is 1 

%Aug 13 15:17:57:466 2013 MR IFNET/3/LINK_UPDOWN: WLAN-MESHLINK6 link status is UP.

%Aug 13 15:17:57:466 2013 MR WMSH/6/WMESH_PEER_LINK_ESTABLISH:  Peer link is established with neighbor 5866-ba6b-f2c0 in MESH h3c,on radio 1 with BSSID 000f-e2fb-f8e0.

%Aug 13 15:17:57:486 2013 MR WMSH/6/WMESH_AUTH_SUCCESS:  Authentication success with neighbor 5866-ba6b-f2c0 in MESH h3c,on radio 1 with BSSID 000f-e2fb-f8e0.

#Aug13 15:17:58:008 2013 MR WMAC/4/Channel Change: Channel:1.3.6.1.4.1.2011.10.2.75.2.3.0.5 Serial Id:210235A29FB094000055 Serial Id:210235A29FB094000055 Radio Id:12386305 ChangeMode:2 Old:0 New:149 Count:3

%Aug 13 15:17:58:009 2013 MR WMAC/6/WMAC_CHANNEL_CHANGE:  Channel change for APID 1, RadioId 1 from channel 0 to channel 149.

五、    配置信息：

1.   AC配置信息

display  current-configuration

#

 version 5.20, Release 2507P18

#

 sysname AC

#

 domain default enable system

#

 telnet server enable

#

 port-security enable

#

 password-recovery enable

#

vlan 1

#

vlan 2

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

dhcp server ip-pool 1

 network 192.168.1.0 mask 255.255.255.0

 gateway-list 192.168.1.1

#

user-group system

 group-attribute allow-guest

#

local-user admin

 password cipher $c$3$c4L1HLDZysGa7aqT0aMAtJ4t1fQpw3KL

 authorization-attribute level 3

 service-type telnet

#

wlan mesh-profile 1

 mesh-id h3c

 bind WLAN-MESH 1

 mesh-profile enable

#

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

#

wlan ap-group default_group

 ap ap1

#

interface NULL0

#

interface Vlan-interface1

 ip address 192.168.1.1 255.255.255.0

#

interface GigabitEthernet1/0/1

#

interface GigabitEthernet1/0/2

#

interface GigabitEthernet1/0/3

#

interface GigabitEthernet1/0/4

 port link-type trunk

 port trunk permit vlan 1 3 to 4094

#

interface Ten-GigabitEthernet1/0/5

#

interface WLAN-MESH1

 port link-type trunk

 port trunk permit vlan all

 port-security port-mode psk

 port-security tx-key-type 11key

 port-security preshared-key pass-phrase cipher $c$3$cXqAkh+F7V0/MmTapJ0tk8XM3OMV/BMiy9AI

#

wlan ap ap1 model WA2620i-AGN id 1

 serial-id 5866-BA6B-F2C0

 portal-service enable

 radio 1

  channel 149

  mesh-profile 1

 radio enable

 radio 2

 radio enable

#

wlan ips

 malformed-detect-policy default

 signature deauth_flood signature-id 1

 signature broadcast_deauth_flood signature-id 2

 signature disassoc_flood signature-id 3

 signature broadcast_disassoc_flood signature-id 4

 signature eapol_logoff_flood signature-id 5

 signature eap_success_flood signature-id 6

 signature eap_failure_flood signature-id 7

 signature pspoll_flood signature-id 8

 signature cts_flood signature-id 9

 signature rts_flood signature-id 10

 signature addba_req_flood signature-id 11

 signature-policy default

 countermeasure-policy default

 attack-detect-policy default

 virtual-security-domain default

  attack-detect-policy default

  malformed-detect-policy default

  signature-policy default

  countermeasure-policy default

#

 undo info-center logfile enable

#

 dhcp enable

#

 mkd-service enable mesh-profile 1

#

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

 user privilege level 3

#

return

2.  MR配置信息

display current-configuration

#

 version 5.20, Feature 1117P17

#

 sysname MR

#

 domain default enable system

#

 telnet server enable

#

 port-security enable

#

 password-recovery enable

#

vlan 1

#

vlan 2

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

user-group system

 group-attribute allow-guest

#

local-user admin

 password cipher $c$3$BcBPzkTT/3nGrNIPRy/ZlGOYjw7fCH7LGkpyUTg=

 authorization-attribute level 3

 service-type telnet

#

wlan mesh-profile 1

 mesh-id h3c

 bind WLAN-MESH 1

 mesh-profile enable

#

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

#

interface NULL0

#

interface Vlan-interface1

 ip address dhcp-alloc

#

interface Vlan-interface2

 ip address 192.168.2.2 255.255.255.0

#

interface Ethernet1/0/1

 port link-type trunk

 port trunk permit vlan all

#

interface WLAN-MESH1

 port link-type trunk

 port trunk permit vlan all

 port-security port-mode psk

 port-security tx-key-type 11key

 port-security preshared-key pass-phrase cipher $c$3$hCExxOrUqQDAHtoNnmBMe/57F1tx3CrR4ELn

#

interface WLAN-Radio1/0/1

 mesh-profile 1

#

interface WLAN-Radio1/0/2

#

 snmp-agent

 snmp-agent local-engineid 800063A203000FE2FBF8E0

 snmp-agent community read public

 snmp-agent community write private

 snmp-agent sys-info version all

#

 arp-snooping enable

#

 load xml-configuration

#

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

#

return

六、    结果验证：

1.   查看MESH链路

display wlan mesh-link all

                              Peer Link Information

-------------------------------------------------------------------------------

 Nbr-Mac(rssi)     BSSID         Interface        Link-state  Uptime(hh:mm:ss)

-------------------------------------------------------------------------------

 5866-ba6b-f2c0(43) 000f-e2fb-f8e0 WLAN-MESHLINK7    Active        0: 3:40

-------------------------------------------------------------------------------

2.   MR自动获取IP地址，能够与AC通信

ping 192.168.1.1

  PING 192.168.1.1: 56  data bytes, press CTRL_C to break

    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=2 ms

    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms

    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=2 ms

    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms

    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=2 ms

 

  --- 192.168.1.1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 2/2/3 ms