WX系列AC实现跨AC三层漫游典型配置(IPv4业务和IPv6业务)
一、组网需求:
WX系列AC、FIT AP、便携机(安装有无线网卡)
二、组网图:
本典型配置举例中AC使用WX5004无线控制器,AP1注册在AC1上, AP2注册在AC2上。IPv4业务为192.168.201.0/24和192.168.202.0/24,IPv6业务为2001:101::0/64和2001:102:0/64。SW上配置DHCP Server为AP和IPv4 Client分配IP地址信息。IPv6 Client通过无状态地址配置根据自己的链路层地址及SW发布的前缀信息自动配置IPv6地址及相关信息。
三、特性介绍:
IACTP(Inter Access Controller Tunneling Protocol 访问控制器间隧道协议)是H3C公司自主研发的隧道协议,该协议定义了AC(Access Controller,无线控制器)与AC之间是如何通信的。IACTP提供了无线控制器间报文的通用封装和传输机制,保证了AC之间的安全传输。无线控制器间通信的建立采用标准的TCP C/S模式。
多个无线控制器可以通过IACTP协议建立漫游组。漫游组的建立和维护均由IACTP协议完成。IACTP协议为应用(共享与交换信息)提供了一个控制通道,也同时提供封装AC间传输数据的数据通道。IACTP协议同时支持IPv4和IPv6。
在无线网络实际应用中,存在一种场景,如客户需要覆盖一个校园,而校园的不同区域被划分了不同子网。在这种场景中,AC 位于骨干网中,而AP 需要分布在不同区域中,即分布在不同子网中。这种场景下,当用户从一个区域漫游到另一个区域时,就是一种三层漫游情况。
四、配置信息:
1.SW的配置信息:
#
version 5.20, Release 6701
#
sysname SW
#
domain default enable system
#
ipv6
#
switch-mode standard
switch-mode normal slot 2
switch-mode normal slot 4
switch-mode normal slot 5
switch-mode normal slot 6
#
vlan 1
#
vlan 11 to 12
#
vlan 101 to 102
#
vlan 200 to 202
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool ap01
network 192.168.11.0 mask 255.255.255.0
gateway-list 192.168.11.254
#
dhcp server ip-pool ap02
network 192.168.12.0 mask 255.255.255.0
gateway-list 192.168.12.254
#
dhcp server ip-pool ipv4-01
network 192.168.201.0 mask 255.255.255.0
gateway-list 192.168.201.254
#
dhcp server ip-pool ipv4-02
network 192.168.202.0 mask 255.255.255.0
gateway-list 192.168.202.254
#
user-group system
group-attribute allow-guest
#
interface NULL0
#
interface Vlan-interface11
ip address 192.168.11.254 255.255.255.0
#
interface Vlan-interface12
ip address 192.168.12.254 255.255.255.0
#
interface Vlan-interface101
undo ipv6 nd ra halt
ipv6 address 2001:101::1/64
#
interface Vlan-interface102
undo ipv6 nd ra halt
ipv6 address 2001:102::1/64
#
interface Vlan-interface201
ip address 192.168.201.254 255.255.255.0
#
interface Vlan-interface202
ip address 192.168.202.254 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 12
#
interface GigabitEthernet2/0/31
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 11 101 to 102 201 to 202
#
interface GigabitEthernet2/0/32
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 12 101 to 102 201 to 202
#
interface M-Ethernet0/0/0
#
dhcp enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface aux 0
user-interface vty 0 15
#
return
2.AC1的配置信息:
#
version 5.20, Release 2308P07
#
sysname AC1
#
domain default enable system
#
ipv6
#
telnet server enable
#
port-security enable
#
sysnetid AC1
#
vlan 1
#
vlan 11
#
vlan 101 to 102
#
vlan 201 to 202
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
user-group system
group-attribute allow-guest
#
local-user admin
password simple admin
authorization-attribute level 3
service-type telnet
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 clear
ssid h3c-ipv6
bind WLAN-ESS 1
service-template enable
#
wlan service-template 2 clear
ssid h3c-ipv4
bind WLAN-ESS 2
service-template enable
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.0.100 255.255.255.0
#
interface Vlan-interface11
ip address 192.168.11.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 11 101 to 102 201 to 202
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface Ten-GigabitEthernet1/0/5
#
interface WLAN-ESS1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 101 untagged
mac-vlan enable
#
interface WLAN-ESS2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 201 untagged
mac-vlan enable
#
wlan ap ap01 model WA2210-AG id 1
serial-id 210235A29DB095000845
radio 1
service-template 1 vlan-id 101
service-template 2 vlan-id 201
radio enable
#
wlan mobility-group 1
member ip 192.168.12.1
source ip 192.168.11.1
mobility-group enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.11.254
#
undo info-center logfile enable
#
arp-snooping enable
#
load xml-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
3.AC2的配置信息:
AC2配置与AC1配置类似。
五、主要配置步骤:
1.SW配置:
#创建VLAN,端口加入VLAN,并配置VLAN接口IP地址。
system-view [SW] vlan 11
[SW –vlan11] port GigabitEthernet2/0/1
[SW –vlan11] quit
[SW] vlan 12
[SW –vlan12] port GigabitEthernet2/0/2
[SW –vlan12] quit
[SW] vlan 101
[SW –vlan101] quit
[SW] vlan 102
[SW –vlan102] quit
[SW] vlan 201
[SW –vlan201] quit
[SW] vlan 202
[SW –vlan202] quit
[SW] interface GigabitEthernet2/0/31
[SW- GigabitEthernet2/0/31] port link-type trunk
[SW- GigabitEthernet2/0/31] undo port trunk permit vlan 1
[SW- GigabitEthernet2/0/31] port trunk permit vlan 11 101 to 102 201 to 202
[SW- GigabitEthernet2/0/31] quit
[SW] interface GigabitEthernet2/0/32
[SW- GigabitEthernet2/0/32] port link-type trunk
[SW- GigabitEthernet2/0/32] undo port trunk permit vlan 1
[SW- GigabitEthernet2/0/32] port trunk permit vlan 12 101 to 102 201 to 202
[SW- GigabitEthernet2/0/32] quit
[SW] interface Vlan-interface11
[SW-Vlan-interface11] ip address 192.168.11.254 255.255.255.0
[SW-Vlan-interface11] quit
[SW] interface Vlan-interface12
[SW-Vlan-interface12] ip address 192.168.12.254 255.255.255.0
[SW-Vlan-interface12] quit
[SW] interface Vlan-interface201
[SW-Vlan-interface201] ip address 192.168.201.254 255.255.255.0
[SW-Vlan-interface201] quit
[SW] interface Vlan-interface202
[SW-Vlan-interface202] ip address 192.168.202.254 255.255.255.0
[SW-Vlan-interface202] quit
#使能交换机的IPv6转发功能。
[SW] ipv6
#配置VLAN接口IPv6地址。
[SW] interface Vlan-interface101
[SW-Vlan-interface101] ipv6 address 2001:101::1/64
[SW-Vlan-interface101] undo ipv6 nd ra halt
[SW-Vlan-interface101] quit
[SW] interface Vlan-interface102
[SW-Vlan-interface102] ipv6 address 2001:102::1/64
[SW-Vlan-interface102] undo ipv6 nd ra halt
[SW-Vlan-interface102] quit
#配置DHCP server。
[SW] dhcp enable
[SW] dhcp server ip-pool ap01
[SW- dhcp server ip-pool ap01] network 192.168.11.0 mask 255.255.255.0
[SW- dhcp server ip-pool ap01] gateway-list 192.168.11.254
[SW- dhcp server ip-pool ap01] quit
[SW] dhcp server ip-pool ap02
[SW- dhcp server ip-pool ap02] network 192.168.12.0 mask 255.255.255.0
[SW- dhcp server ip-pool ap02] gateway-list 192.168.12.254
[SW- dhcp server ip-pool ap02] quit
[SW] dhcp server ip-pool ipv4-01
[SW- dhcp server ip-pool ipv4-01] network 192.168.201.0 mask 255.255.255.0
[SW- dhcp server ip-pool ipv4-01] gateway-list 192.168.201.254
[SW- dhcp server ip-pool ipv4-01] quit
[SW] dhcp server ip-pool ipv4-02
[SW- dhcp server ip-pool ipv4-02] network 192.168.202.0 mask 255.255.255.0
[SW- dhcp server ip-pool ipv4-02] gateway-list 192.168.202.254
[SW- dhcp server ip-pool ipv4-02] quit
2.AC1配置:
#创建VLAN,端口加入VLAN,并配置VLAN接口IP地址。
system-view [AC1] vlan 11
[AC1–vlan11] quit
[AC1] vlan 101
[AC1–vlan101] quit
[AC1] vlan 102
[AC1–vlan102] quit
[AC1] vlan 201
[AC1–vlan201] quit
[AC1] vlan 202
[AC1–vlan202] quit
[AC1] interface GigabitEthernet1/0/1
[AC1- GigabitEthernet1/0/1] port link-type trunk
[AC1- GigabitEthernet1/0/1] undo port trunk permit vlan 1
[AC1- GigabitEthernet1/0/1] port trunk permit vlan 11 101 to 102 201 to 202
[AC1- GigabitEthernet1/0/1] quit
[AC1] interface Vlan-interface11
[AC1-Vlan-interface11] ip address 192.168.11.1 255.255.255.0
[AC1- Vlan-interface11] quit
#使能AC的arp-snooping功能。
[AC1] arp-snooping enable
#使能AC的IPv6转发功能。
[AC1] ipv6
#配置默认路由。
[AC1] ip route-static 0.0.0.0 0.0.0.0 192.168.11.254
#使能端口安全。
[AC1] port-security enable
#配置WLAN ESS接口。
[AC1] interface WLAN-ESS1
[AC1-WLAN-ESS1] port link-type hybrid
[AC1-WLAN-ESS1] undo port hybrid vlan 1
[AC1-WLAN-ESS1] port hybrid vlan 101 untagged
[AC1-WLAN-ESS1] mac-vlan enable
[AC1-WLAN-ESS1] quit
[AC1] interface WLAN-ESS2
[AC1-WLAN-ESS2] port link-type hybrid
[AC1-WLAN-ESS2] undo port hybrid vlan 1
[AC1-WLAN-ESS2] port hybrid vlan 201 untagged
[AC1-WLAN-ESS2] mac-vlan enable
[AC1-WLAN-ESS2] quit
#配置service-template服务模板。
[AC1] wlan service-template 1 clear
[AC1-wlan-st-1] ssid h3c-ipv6
[AC1-wlan-st-1] bind WLAN-ESS 1
[AC1-wlan-st-1] service-template enable
[AC1-wlan-st-1] quit
[AC1] wlan service-template 2 clear
[AC1-wlan-st-2] ssid h3c-ipv4
[AC1-wlan-st-2] bind WLAN-ESS 2
[AC1-wlan-st-2] service-template enable
[AC1-wlan-st-2] quit
#配置ap01。
[AC1] wlan ap ap01 model WA2210-AG
[AC1-wlan-ap-ap01] serial-id 210235A29DB095000845
[AC1-wlan-ap-ap01] radio 1
[AC1- wlan-ap-ap01-radio-1] service-template 1 vlan-id 101
[AC1- wlan-ap-ap01-radio-1] service-template 2 vlan-id 201
[AC1- wlan-ap-ap01-radio-1] radio enable
[AC1- wlan-ap-ap01-radio-1] quit
[AC1-wlan-ap-ap01] quit
# 配置启用漫游域。
[AC1] wlan mobility-group 1
[AC1- wlan-mg-1] member ip 192.168.12.1
[AC1- wlan-mg-1] source ip 192.168.11.1
[AC1- wlan-mg-1] mobility-group enable
[AC1- wlan-mg-1] quit
3.AC2配置:
AC2配置与AC1配置类似。
六、结果验证:
1.IPv6业务:
(1)AP1成功注册在AC1上,AP2成功注册在AC2上。
(2)Client成功关联AP2,SSID“h3c-ipv6”,并获取IPv6地址。
(3)通过在AP2上命令radio disable触发漫游,Client漫游到AP1上。
(4)期间client ping网关,没有丢包。
2.IPv4业务:
IPv4业务验证过程与IPv6业务类似。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作