WX系列AC实现跨AC三层漫游典型配置（IPv4业务和IPv6业务）

一、组网需求：

WX系列AC、FIT AP、便携机（安装有无线网卡）

二、组网图：

本典型配置举例中AC使用WX5004无线控制器，AP1注册在AC1上， AP2注册在AC2上。IPv4业务为192.168.201.0/24和192.168.202.0/24，IPv6业务为2001:101::0/64和2001:102:0/64。SW上配置DHCP Server为AP和IPv4 Client分配IP地址信息。IPv6 Client通过无状态地址配置根据自己的链路层地址及SW发布的前缀信息自动配置IPv6地址及相关信息。

三、特性介绍：

IACTP（Inter Access Controller Tunneling Protocol 访问控制器间隧道协议）是H3C公司自主研发的隧道协议，该协议定义了AC（Access Controller，无线控制器）与AC之间是如何通信的。IACTP提供了无线控制器间报文的通用封装和传输机制，保证了AC之间的安全传输。无线控制器间通信的建立采用标准的TCP C/S模式。

多个无线控制器可以通过IACTP协议建立漫游组。漫游组的建立和维护均由IACTP协议完成。IACTP协议为应用（共享与交换信息）提供了一个控制通道，也同时提供封装AC间传输数据的数据通道。IACTP协议同时支持IPv4和IPv6。

在无线网络实际应用中，存在一种场景，如客户需要覆盖一个校园，而校园的不同区域被划分了不同子网。在这种场景中，AC 位于骨干网中，而AP 需要分布在不同区域中，即分布在不同子网中。这种场景下，当用户从一个区域漫游到另一个区域时，就是一种三层漫游情况。

四、配置信息：

1．SW的配置信息：

#

 version 5.20, Release 6701

#

 sysname SW

#

 domain default enable system

#

 ipv6

#

switch-mode standard

switch-mode normal slot 2

switch-mode normal slot 4

switch-mode normal slot 5

switch-mode normal slot 6

#

vlan 1

#

vlan 11 to 12

#

vlan 101 to 102

#

vlan 200 to 202

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

dhcp server ip-pool ap01

 network 192.168.11.0 mask 255.255.255.0

 gateway-list 192.168.11.254

#

dhcp server ip-pool ap02

 network 192.168.12.0 mask 255.255.255.0

 gateway-list 192.168.12.254

#

dhcp server ip-pool ipv4-01

 network 192.168.201.0 mask 255.255.255.0

 gateway-list 192.168.201.254

#

dhcp server ip-pool ipv4-02

 network 192.168.202.0 mask 255.255.255.0

 gateway-list 192.168.202.254

#

user-group system

 group-attribute allow-guest

#

interface NULL0

#

interface Vlan-interface11

 ip address 192.168.11.254 255.255.255.0

#

interface Vlan-interface12

 ip address 192.168.12.254 255.255.255.0

#

interface Vlan-interface101

 undo ipv6 nd ra halt

 ipv6 address 2001:101::1/64

#

interface Vlan-interface102

 undo ipv6 nd ra halt

 ipv6 address 2001:102::1/64

#

interface Vlan-interface201

 ip address 192.168.201.254 255.255.255.0

#              

interface Vlan-interface202

 ip address 192.168.202.254 255.255.255.0

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet2/0/2

 port link-mode bridge

 port access vlan 12

#

interface GigabitEthernet2/0/31

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 11 101 to 102 201 to 202

#

interface GigabitEthernet2/0/32

 port link-mode bridge

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 12 101 to 102 201 to 202

#

interface M-Ethernet0/0/0

#

 dhcp enable

#

 load xml-configuration

#

 load tr069-configuration

#

user-interface aux 0

user-interface vty 0 15

#

return

2．AC1的配置信息：

#

 version 5.20, Release 2308P07

#

 sysname AC1

#

 domain default enable system

#

 ipv6

#

 telnet server enable

#

 port-security enable

#

 sysnetid AC1

#

vlan 1

#

vlan 11

#

vlan 101 to 102

#

vlan 201 to 202

#

domain system  

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

user-group system

 group-attribute allow-guest

#

local-user admin

 password simple admin

 authorization-attribute level 3

 service-type telnet

#

wlan rrm

 dot11a mandatory-rate 6 12 24

 dot11a supported-rate 9 18 36 48 54

 dot11b mandatory-rate 1 2

 dot11b supported-rate 5.5 11

 dot11g mandatory-rate 1 2 5.5 11

 dot11g supported-rate 6 9 12 18 24 36 48 54

#

wlan service-template 1 clear

 ssid h3c-ipv6 

 bind WLAN-ESS 1

 service-template enable

#

wlan service-template 2 clear

 ssid h3c-ipv4

 bind WLAN-ESS 2

 service-template enable

#

interface NULL0

#

interface Vlan-interface1

 ip address 192.168.0.100 255.255.255.0

#

interface Vlan-interface11

 ip address 192.168.11.1 255.255.255.0

#

interface GigabitEthernet1/0/1

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 11 101 to 102 201 to 202

#

interface GigabitEthernet1/0/2

#              

interface GigabitEthernet1/0/3

#

interface GigabitEthernet1/0/4

#

interface Ten-GigabitEthernet1/0/5

#

interface WLAN-ESS1

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 101 untagged

 mac-vlan enable

#

interface WLAN-ESS2

 port link-type hybrid

 undo port hybrid vlan 1

 port hybrid vlan 201 untagged

 mac-vlan enable

#

wlan ap ap01 model WA2210-AG id 1

 serial-id 210235A29DB095000845

 radio 1

  service-template 1 vlan-id 101

  service-template 2 vlan-id 201

  radio enable

#

wlan mobility-group 1

 member ip 192.168.12.1

 source ip 192.168.11.1

 mobility-group enable

#

 ip route-static 0.0.0.0 0.0.0.0 192.168.11.254

#

 undo info-center logfile enable

#

 arp-snooping enable

#

 load xml-configuration

#

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

 user privilege level 3

#

return

3．AC2的配置信息：

AC2配置与AC1配置类似。

五、主要配置步骤：

1．SW配置：

#创建VLAN，端口加入VLAN，并配置VLAN接口IP地址。

system-view

[SW] vlan 11

[SW –vlan11] port GigabitEthernet2/0/1

[SW –vlan11] quit

[SW] vlan 12

[SW –vlan12] port GigabitEthernet2/0/2

[SW –vlan12] quit

[SW] vlan 101

[SW –vlan101] quit

[SW] vlan 102

[SW –vlan102] quit

[SW] vlan 201

[SW –vlan201] quit

[SW] vlan 202

[SW –vlan202] quit

[SW] interface GigabitEthernet2/0/31

[SW- GigabitEthernet2/0/31] port link-type trunk

[SW- GigabitEthernet2/0/31] undo port trunk permit vlan 1

[SW- GigabitEthernet2/0/31] port trunk permit vlan 11 101 to 102 201 to 202

[SW- GigabitEthernet2/0/31] quit

[SW] interface GigabitEthernet2/0/32

[SW- GigabitEthernet2/0/32] port link-type trunk

[SW- GigabitEthernet2/0/32] undo port trunk permit vlan 1

[SW- GigabitEthernet2/0/32] port trunk permit vlan 12 101 to 102 201 to 202

[SW- GigabitEthernet2/0/32] quit

[SW] interface Vlan-interface11

[SW-Vlan-interface11] ip address 192.168.11.254 255.255.255.0

[SW-Vlan-interface11] quit

[SW] interface Vlan-interface12

[SW-Vlan-interface12] ip address 192.168.12.254 255.255.255.0

[SW-Vlan-interface12] quit

[SW] interface Vlan-interface201

[SW-Vlan-interface201] ip address 192.168.201.254 255.255.255.0

[SW-Vlan-interface201] quit

[SW] interface Vlan-interface202

[SW-Vlan-interface202] ip address 192.168.202.254 255.255.255.0

[SW-Vlan-interface202] quit

#使能交换机的IPv6转发功能。

[SW] ipv6

#配置VLAN接口IPv6地址。

[SW] interface Vlan-interface101

[SW-Vlan-interface101] ipv6 address 2001:101::1/64

[SW-Vlan-interface101] undo ipv6 nd ra halt

[SW-Vlan-interface101] quit

[SW] interface Vlan-interface102

[SW-Vlan-interface102] ipv6 address 2001:102::1/64

[SW-Vlan-interface102] undo ipv6 nd ra halt

[SW-Vlan-interface102] quit

#配置DHCP server。

[SW] dhcp enable

[SW] dhcp server ip-pool ap01

[SW- dhcp server ip-pool ap01] network 192.168.11.0 mask 255.255.255.0

[SW- dhcp server ip-pool ap01] gateway-list 192.168.11.254

[SW- dhcp server ip-pool ap01] quit

[SW] dhcp server ip-pool ap02

[SW- dhcp server ip-pool ap02] network 192.168.12.0 mask 255.255.255.0

[SW- dhcp server ip-pool ap02] gateway-list 192.168.12.254

[SW- dhcp server ip-pool ap02] quit

[SW] dhcp server ip-pool ipv4-01

[SW- dhcp server ip-pool ipv4-01] network 192.168.201.0 mask 255.255.255.0

[SW- dhcp server ip-pool ipv4-01] gateway-list 192.168.201.254

[SW- dhcp server ip-pool ipv4-01] quit

[SW] dhcp server ip-pool ipv4-02

[SW- dhcp server ip-pool ipv4-02] network 192.168.202.0 mask 255.255.255.0

[SW- dhcp server ip-pool ipv4-02] gateway-list 192.168.202.254

[SW- dhcp server ip-pool ipv4-02] quit

2．AC1配置：

#创建VLAN，端口加入VLAN，并配置VLAN接口IP地址。

system-view

[AC1] vlan 11

[AC1–vlan11] quit

[AC1] vlan 101

[AC1–vlan101] quit

[AC1] vlan 102

[AC1–vlan102] quit

[AC1] vlan 201

[AC1–vlan201] quit

[AC1] vlan 202

[AC1–vlan202] quit

[AC1] interface GigabitEthernet1/0/1

[AC1- GigabitEthernet1/0/1] port link-type trunk

[AC1- GigabitEthernet1/0/1] undo port trunk permit vlan 1

[AC1- GigabitEthernet1/0/1] port trunk permit vlan 11 101 to 102 201 to 202

[AC1- GigabitEthernet1/0/1] quit

[AC1] interface Vlan-interface11

[AC1-Vlan-interface11] ip address 192.168.11.1 255.255.255.0

[AC1- Vlan-interface11] quit

#使能AC的arp-snooping功能。

[AC1] arp-snooping enable

#使能AC的IPv6转发功能。

[AC1] ipv6

#配置默认路由。

[AC1] ip route-static 0.0.0.0 0.0.0.0 192.168.11.254

#使能端口安全。

[AC1] port-security enable

#配置WLAN ESS接口。

[AC1] interface WLAN-ESS1

[AC1-WLAN-ESS1] port link-type hybrid

[AC1-WLAN-ESS1] undo port hybrid vlan 1

[AC1-WLAN-ESS1] port hybrid vlan 101 untagged

[AC1-WLAN-ESS1] mac-vlan enable

[AC1-WLAN-ESS1] quit

[AC1] interface WLAN-ESS2

[AC1-WLAN-ESS2] port link-type hybrid

[AC1-WLAN-ESS2] undo port hybrid vlan 1

[AC1-WLAN-ESS2] port hybrid vlan 201 untagged

[AC1-WLAN-ESS2] mac-vlan enable

[AC1-WLAN-ESS2] quit

#配置service-template服务模板。

[AC1] wlan service-template 1 clear

[AC1-wlan-st-1] ssid h3c-ipv6

[AC1-wlan-st-1] bind WLAN-ESS 1

[AC1-wlan-st-1] service-template enable

[AC1-wlan-st-1] quit

[AC1] wlan service-template 2 clear

[AC1-wlan-st-2] ssid h3c-ipv4

[AC1-wlan-st-2] bind WLAN-ESS 2

[AC1-wlan-st-2] service-template enable

[AC1-wlan-st-2] quit

#配置ap01。

[AC1] wlan ap ap01 model WA2210-AG

[AC1-wlan-ap-ap01] serial-id 210235A29DB095000845

[AC1-wlan-ap-ap01] radio 1

[AC1- wlan-ap-ap01-radio-1] service-template 1 vlan-id 101

[AC1- wlan-ap-ap01-radio-1] service-template 2 vlan-id 201

[AC1- wlan-ap-ap01-radio-1] radio enable

[AC1- wlan-ap-ap01-radio-1] quit

[AC1-wlan-ap-ap01] quit

# 配置启用漫游域。

[AC1] wlan mobility-group 1

[AC1- wlan-mg-1] member ip 192.168.12.1

[AC1- wlan-mg-1] source ip 192.168.11.1

[AC1- wlan-mg-1] mobility-group enable

[AC1- wlan-mg-1] quit

3．AC2配置：

AC2配置与AC1配置类似。

六、结果验证：

1．IPv6业务：

（1）AP1成功注册在AC1上，AP2成功注册在AC2上。

（2）Client成功关联AP2，SSID“h3c-ipv6”，并获取IPv6地址。

（3）通过在AP2上命令radio disable触发漫游，Client漫游到AP1上。

（4）期间client ping网关，没有丢包。

2．IPv4业务：

IPv4业务验证过程与IPv6业务类似。