华为配置主备方式的双链路热备份示例

配置主备方式的双链路热备份示例

组网图形

图1 配置双链路热备份示例组网图

• 业务需求
• 组网需求
• 数据规划
• 配置思路
• 配置注意事项
• 操作步骤
• 配置文件

业务需求

某企业构建了无线局域网，为用户提供WLAN上网服务。现在企业希望采用双链路热备份的方式提高无线用户的数据传输的可靠性。

组网需求

• AC组网方式：旁挂二层组网。
• DHCP部署方式：Router作为DHCP服务器为AP和STA分配IP地址。
• 业务数据转发方式：直接转发。

数据规划

表1 AC数据规划表

配置项	数据
AP管理VLAN	VLAN100
STA业务VLAN	VLAN101
AC备份VLAN	VLAN102
DHCP服务器	Router作为DHCP服务器，为AP和STA分配地址 STA网关：10.23.101.1/24 AP网关：10.23.100.1/24
AP地址池	10.23.100.4～10.23.100.254/24
STA地址池	10.23.101.2～10.23.101.254/24
AC源接口	VLANIF100
AC1的管理IP地址	VLANIF100接口：10.23.100.2/24
AC2的管理IP地址	VLANIF100接口：10.23.100.3/24
AC1的主备通道IP地址和端口号	IP地址：VLANIF102，10.23.102.1/24 端口号：10241
AC2的主备通道IP地址和端口号	IP地址：VLANIF102，10.23.102.2/24 端口号：10241
AP组	名称：ap-group1 引用模板：VAP模板wlan-net、域管理模板default、AP系统模板wlan-net
域管理模板	名称：default 国家码：中国
SSID模板	名称：wlan-net SSID名称：wlan-net
安全模板	名称：wlan-net 安全策略：WPA-WPA2+PSK+AES 密码：a1234567
VAP模板	名称：wlan-net 转发模式：直接转发 业务VLAN：VLAN101 引用模板：SSID模板wlan-net、安全模板wlan-net
AP系统模板	名称：wlan-net 主AC：10.23.100.2 备AC：10.23.100.3

配置思路

采用如下的思路配置双链路热备份：

1. 配置AC1、AC2和其他网络设备之间实现网络互通。
2. 配置WLAN基本业务，保证用户能够访问企业内部网络。
3. 使用AC全局配置方式配置双链路备份。
4. 配置双机热备份功能，将AC1上的WLAN和NAC业务信息通过备份链路批量备份和实时备份到AC2上，实现当AC1故障时，AC2接替AC1继续工作，保证用户业务不中断。

配置注意事项

• 纯组播报文由于协议要求在无线空口没有ACK机制保障，且无线空口链路不稳定，为了纯组播报文能够稳定发送，通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入，则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击，建议配置组播报文抑制功能。配置前请确认是否有组播业务，如果有，请谨慎配置限速值。
  • 业务数据转发方式采用直接转发时，建议在直连AP的交换机接口上配置组播报文抑制。
  • 业务数据转发方式采用隧道转发时，建议在AC的流量模板下配置组播报文抑制。
  配置方法请参见：如何配置组播报文抑制，减小大量低速组播报文对无线网络造成的冲击？

• 建议在与AP直连的设备接口上配置端口隔离，如果不配置端口隔离，尤其是业务数据转发方式采用直接转发时，可能会在VLAN内形成大量不必要的广播报文，导致网络阻塞，影响用户体验。

• 隧道转发模式下，管理VLAN和业务VLAN不能配置为同一VLAN，且AP和AC之间只能放通管理VLAN，不能放通业务VLAN。

• 双链路热备份不支持备份DHCP信息，如果AC作为DHCP服务器为AP和STA分配IP地址，主AC故障后，AP和STA需要重新获取IP，所以建议Router作为DHCP服务器。如果必须使用AC作为DHCP服务器，需要在主、备AC上手动规划不同范围的地址池，防止重复分配IP地址。

操作步骤

1. 配置SwitchA、SwitchB和AC1和AC2，使AP与AC之间能够传输CAPWAP报文

   # 配置SwitchA连接AP的接口GE0/0/1的PVID为VLAN100（管理VLAN）并加入VLAN100和VLAN101，SwitchA连接SwitchB的接口GE0/0/2加入VLAN100和VLAN101。

    system-view
   [HUAWEI] sysname SwitchA
   [SwitchA] vlan batch 100 101
   [SwitchA] interface gigabitethernet 0/0/1
   [SwitchA-GigabitEthernet0/0/1] port link-type trunk
   [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
   [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
   [SwitchA-GigabitEthernet0/0/1] quit
   [SwitchA] interface gigabitethernet 0/0/2
   [SwitchA-GigabitEthernet0/0/2] port link-type trunk
   [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
   [SwitchA-GigabitEthernet0/0/2] quit

   # 配置汇聚交换机SwitchB连接SwitchA的接口GE0/0/1加入VLAN100和VLAN101，SwitchB连接AC1的接口GE0/0/2和SwitchB连接AC2的接口GE0/0/3加入VLAN100。

    system-view
   [HUAWEI] sysname SwitchB
   [SwitchB] vlan batch 100
   [SwitchB] interface gigabitethernet 0/0/1
   [SwitchB-GigabitEthernet0/0/1] port link-type trunk
   [SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
   [SwitchB-GigabitEthernet0/0/1] quit
   [SwitchB] interface gigabitethernet 0/0/2
   [SwitchB-GigabitEthernet0/0/2] port link-type trunk
   [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
   [SwitchB-GigabitEthernet0/0/2] quit
   [SwitchB] interface gigabitethernet 0/0/3
   [SwitchB-GigabitEthernet0/0/3] port link-type trunk
   [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
   [SwitchB-GigabitEthernet0/0/3] quit

   # 配置AC1连接SwitchB的接口GE0/0/1加入VLAN100。

    system-view
   [HUAWEI] sysname AC1
   [AC1] vlan batch 100
   [AC1] interface gigabitethernet 0/0/1
   [AC1-GigabitEthernet0/0/1] port link-type trunk
   [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
   [AC1-GigabitEthernet0/0/1] quit

   # 配置AC2连接SwitchB的接口GE0/0/1加入VLAN100。

    system-view
   [HUAWEI] sysname AC2
   [AC2] vlan batch 100
   [AC2] interface gigabitethernet 0/0/1
   [AC2-GigabitEthernet0/0/1] port link-type trunk
   [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
   [AC2-GigabitEthernet0/0/1] quit

2. 配置AC1、AC2和Router互通

   # 配置AC1的接口GE0/0/1加入VLAN102（备份VLAN）。

   [AC1] vlan batch 101 102
   [AC1] interface vlanif 100
   [AC1-Vlanif100] ip address 10.23.100.2 24
   [AC1-Vlanif100] quit
   [AC1] interface vlanif 102
   [AC1-Vlanif102] ip address 10.23.102.1 24
   [AC1-Vlanif102] quit
   [AC1] interface gigabitethernet 0/0/1
   [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
   [AC1-GigabitEthernet0/0/1] quit

   # 配置AC2的接口GE0/0/1加入VLAN102。

   [AC2] vlan batch 101 102
   [AC2] interface vlanif 100
   [AC2-Vlanif100] ip address 10.23.100.3 24
   [AC2-Vlanif100] quit
   [AC2] interface vlanif 102
   [AC2-Vlanif102] ip address 10.23.102.2 24
   [AC2-Vlanif102] quit
   [AC2] interface gigabitethernet 0/0/1
   [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
   [AC2-GigabitEthernet0/0/1] quit

   # 配置SwitchB的接口GE0/0/2和GE0/0/3加入VLAN102，SwitchB连接Router的接口GE0/0/4加入VLAN100和VLAN101。

   [SwitchB] vlan batch 101 102
   [SwitchB] interface gigabitethernet 0/0/2
   [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
   [SwitchB-GigabitEthernet0/0/2] quit
   [SwitchB] interface gigabitethernet 0/0/3
   [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 102
   [SwitchB-GigabitEthernet0/0/3] quit
   [SwitchB] interface gigabitethernet 0/0/4
   [SwitchB-GigabitEthernet0/0/4] port link-type trunk
   [SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 101
   [SwitchB-GigabitEthernet0/0/4] quit

3. 配置Router给STA和AP分配IP地址
   DNS服务器地址请根据实际需要配置。常用配置方法如下：
   • 接口地址池场景，需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
   • 全局地址池场景，需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。

    system-view
   [Huawei] sysname Router
   [Router] vlan batch 100 101
   [Router] dhcp enable
   [Router] ip pool sta
   [Router-ip-pool-sta] network 10.23.101.0 mask 24
   [Router-ip-pool-sta] gateway-list 10.23.101.1
   [Router-ip-pool-sta] quit
   [Router] ip pool ap
   [Router-ip-pool-ap] network 10.23.100.0 mask 24
   [Router-ip-pool-ap] excluded-ip-address 10.23.100.2
   [Router-ip-pool-ap] excluded-ip-address 10.23.100.3
   [Router-ip-pool-ap] gateway-list 10.23.100.1
   [Router-ip-pool-ap] quit
   [Router] interface vlanif 100
   [Router-Vlanif100] ip address 10.23.100.1 24
   [Router-Vlanif100] dhcp select global
   [Router-Vlanif100] quit
   [Router] interface vlanif 101
   [Router-Vlanif101] ip address 10.23.101.1 24
   [Router-Vlanif101] dhcp select global
   [Router-Vlanif101] quit
   [Router] interface gigabitethernet 0/0/1
   [Router-GigabitEthernet0/0/1] port link-type trunk
   [Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
   [Router-GigabitEthernet0/0/1] quit

4. 配置AC1和AC2的WLAN业务参数

   仅给出AC1的配置过程，AC2的配置参数跟AC1保持一致。

   1. 配置AC1的系统参数。

      [AC1] wlan
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] regulatory-domain-profile name default
      [AC1-wlan-regulate-domain-default] country-code cn
      [AC1-wlan-regulate-domain-default] quit
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] regulatory-domain-profile default
      Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continu
      e?[Y/N]:y 
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] quit
      [AC1] capwap source interface vlanif 100
      [AC1] wlan

   2. 在AC1上管理AP。

      [AC1-wlan-view] ap auth-mode mac-auth
      [AC1-wlan-view] ap-id 0 ap-mac 00e0-fc76-e360
      [AC1-wlan-ap-0] ap-name area_1
      [AC1-wlan-ap-0] ap-group ap-group1
      Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration
      s of the radio, Whether to continue? [Y/N]:y 
      [AC1-wlan-ap-0] quit
      [AC1-wlan-view] display ap all
      Total AP information:
      nor  : normal          [1]
      Extra information:
      P  : insufficient power supply
      --------------------------------------------------------------------------------------------------
      ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
      --------------------------------------------------------------------------------------------------
      0    00e0-fc76-e360 area_1 ap-group1 10.23.100.254 AP5030DN        nor   0   10S         -
      --------------------------------------------------------------------------------------------------
      Total: 1

   3. 配置AC1的WLAN业务参数。
      # 创建名为“wlan-net”的安全模板，并配置安全策略。

      举例中以配置WPA-WPA2+PSK+AES的安全策略为例，密码为“a1234567”，实际配置中请根据实际情况，配置符合实际要求的安全策略。

      [AC1-wlan-view] security-profile name wlan-net
      [AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
      [AC1-wlan-sec-prof-wlan-net] quit

      # 创建名为“wlan-net”的SSID模板，并配置SSID名称为“wlan-net”。

      [AC1-wlan-view] ssid-profile name wlan-net
      [AC1-wlan-ssid-prof-wlan-net] ssid wlan-net
      [AC1-wlan-ssid-prof-wlan-net] quit

      # 创建名为“wlan-net”的VAP模板，配置业务数据转发模式、业务VLAN，并且引用安全模板和SSID模板。

      [AC1-wlan-view] vap-profile name wlan-net
      [AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward
      [AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
      [AC1-wlan-vap-prof-wlan-net] security-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] quit

      # 配置AP组引用VAP模板，AP上射频0和射频1都使用VAP模板“wlan-net”的配置。

      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
      [AC1-wlan-ap-group-ap-group1] quit

5. 配置AC1和AC2的双链路备份功能

   # 在AC1上，配置主备AC的IP地址。

   [AC1-wlan-view] ap-system-profile name wlan-net
   [AC1-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2
   [AC1-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3
   [AC1-wlan-ap-system-prof-wlan-net] quit
   [AC1-wlan-view] ap-group name ap-group1
   [AC1-wlan-ap-group-ap-group1] ap-system-profile wlan-net
   [AC1-wlan-ap-group-ap-group1] quit
   [AC1-wlan-view] ac protect enable
   Warning: This operation maybe cause AP reset, continue?[Y/N]:y

   # 在AC2上，配置主备AC的IP地址。

   [AC2-wlan-view] ap-system-profile name wlan-net
   [AC2-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2
   [AC2-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3
   [AC2-wlan-ap-system-prof-wlan-net] quit
   [AC2-wlan-view] ap-group name ap-group1
   [AC2-wlan-ap-group-ap-group1] ap-system-profile wlan-net
   [AC2-wlan-ap-group-ap-group1] quit
   [AC2-wlan-view] ac protect enable
   Warning: This operation maybe cause AP reset, continue?[Y/N]:y

   # 在主备AC上重启AP，下发双链路备份配置信息至AP。

   [AC1-wlan-view] ap-reset all
   Warning: Reset AP(s), continue?[Y/N]:y
   [AC1-wlan-view] quit
   [AC2-wlan-view] ap-reset all
   Warning: Reset AP(s), continue?[Y/N]:y
   [AC2-wlan-view] quit

6. 配置双机热备份功能

   # 在AC1上创建HSB主备服务0，并配置其主备通道IP地址和端口号。

   [AC1] hsb-service 0
   [AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
   [AC1-hsb-service-0] quit

   # 配置将WLAN业务与NAC业务绑定AC1的HSB主备服务。

   [AC1] hsb-service-type ap hsb-service 0
   [AC1] hsb-service-type access-user hsb-service 0

   # 在AC2上创建HSB主备服务0，并配置其主备通道IP地址和端口号。

   [AC2] hsb-service 0
   [AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
   [AC2-hsb-service-0] quit

   # 配置将WLAN业务与NAC业务绑定AC2的HSB主备服务。

   [AC2] hsb-service-type ap hsb-service 0
   [AC2] hsb-service-type access-user hsb-service 0

7. 检查配置结果

   # 在AC1和AC2上执行命令display ac protect和display ap-system-profile name wlan-net，可以查看到双链路备份的配置信息。

   [AC1] display ac protect
   ------------------------------------------------------------
   Protect state             : enable
   Protect AC IPv4           : -
   Protect AC IPv6           : -
   Priority                  : 0
   Protect restore           : enable
   ...
   ------------------------------------------------------------ 
   [AC1] display ap-system-profile name wlan-net
   ------------------------------------------------------------
   AC priority                                    : -
   Protect AC IP address                          : -
   Primary AC                                     : 10.23.100.2
   Backup AC                                      : 10.23.100.3
   ...
   [AC2] display ac protect
   ------------------------------------------------------------
   Protect state             : enable
   Protect AC IPv4           : -
   Protect AC IPv6           : -
   Priority                  : 0
   Protect restore           : enable
   ...
   ------------------------------------------------------------ 
   [AC2] display ap-system-profile name wlan-net
   ------------------------------------------------------------
   AC priority                                    : -
   Protect AC IP address                          : -
   Primary AC                                     : 10.23.100.2
   Backup AC                                      : 10.23.100.3
   ...

   # 在AC1和AC2上执行display hsb-service 0命令，查看主备服务的建立情况，可以看到Service State字段的显示为Connected，说明主备服务通道已经成功建立。

   [AC1] display hsb-service 0
   Hot Standby Service Information:
   ----------------------------------------------------------
     Local IP Address       : 10.23.102.1
     Peer IP Address        : 10.23.102.2
     Source Port            : 10241
     Destination Port       : 10241
     Keep Alive Times       : 5
     Keep Alive Interval    : 3
     Service State          : Connected
     Service Batch Modules  : AP
                              Access-user
     Shared-key             : -
   ----------------------------------------------------------
   [AC2] display hsb-service 0
   Hot Standby Service Information:
   ----------------------------------------------------------
     Local IP Address       : 10.23.102.2
     Peer IP Address        : 10.23.102.1
     Source Port            : 10241
     Destination Port       : 10241
     Keep Alive Times       : 5
     Keep Alive Interval    : 3
     Service State          : Connected
     Service Batch Modules  : AP
                              Access-user
     Shared-key             : -
   ----------------------------------------------------------
   

   # AP1下的无线接入用户可以搜索到SSID标识为“wlan-net”的WLAN网络并正常上线。

   # 通过重启主AC的方式，模拟主AC故障的场景，验证备份配置。重启AC1，当AP与AC1的链路中断后，AC2切换为主AC，保证业务的稳定。

   重启AC前，请执行命令save保存AC上的配置文件，以免重启后配置丢失。

   # AC1重启期间，STA上业务不中断。AP切换到AC2上线，在AC2上执行命令display ap all可以查看AP的状态由standby变为normal。

   # AC1重启恢复正常，触发主备回切后，AP会自动重新到AC1正常上线。

配置文件

• SwitchA的配置文件

  #
  sysname SwitchA
  #
  vlan batch 100 to 101
  #
  interface GigabitEthernet0/0/1
   port link-type trunk
   port trunk pvid vlan 100
   port trunk allow-pass vlan 100 to 101
  #
  interface GigabitEthernet0/0/2
   port link-type trunk
   port trunk allow-pass vlan 100 to 101
  #
  return

• SwitchB的配置文件

  #
  sysname SwitchB
  #
  vlan batch 100 to 102
  #
  interface GigabitEthernet0/0/1
   port link-type trunk
   port trunk allow-pass vlan 100 to 101
  #
  interface GigabitEthernet0/0/2
   port link-type trunk
   port trunk allow-pass vlan 100 102
  #
  interface GigabitEthernet0/0/3
   port link-type trunk
   port trunk allow-pass vlan 100 102
  #
  interface GigabitEthernet0/0/4
   port link-type trunk
   port trunk allow-pass vlan 100 to 101
  #
  return

• Router的配置文件

  #
   sysname Router
  #
  vlan batch 100 to 101
  #
  dhcp enable
  #
  ip pool sta
   gateway-list 10.23.101.1
   network 10.23.101.0 mask 255.255.255.0
  #
  ip pool ap
   gateway-list 10.23.100.1
   network 10.23.100.0 mask 255.255.255.0
   excluded-ip-address 10.23.100.2 10.23.100.3      
  #
  interface Vlanif100
   ip address 10.23.100.1 255.255.255.0
   dhcp select global
  #
  interface Vlanif101
   ip address 10.23.101.1 255.255.255.0
   dhcp select global
  #
  interface GigabitEthernet0/0/1
   port link-type trunk
   port trunk allow-pass vlan 100 to 101
  #
  return

• AC1和AC2的配置文件对比（加粗内容为AC1和AC2上的双机备份配置）

  表2 配置文件对比

  AC1

  AC2

  # sysname AC1 # vlan batch 100 to 102 # interface Vlanif100 ip address 10.23.100.2 255.255.255.0 # interface Vlanif102 ip address 10.23.102.1 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 102 # capwap source interface vlanif100 # hsb-service 0 service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241 # hsb-service-type access-user hsb-service 0 # hsb-service-type ap hsb-service 0 # wlan ac protect enable security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}%m9$2xA+y-fNA ap-system-profile name wlan-net primary-access ip-address 10.23.100.2 backup-access ip-address 10.23.100.3 ap-group name ap-group1 ap-system-profile wlan-net radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 # return

  # sysname AC2 # vlan batch 100 to 102 # interface Vlanif100 ip address 10.23.100.3 255.255.255.0 # interface Vlanif102 ip address 10.23.102.2 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 102 # capwap source interface vlanif100 # hsb-service 0 service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241 # hsb-service-type access-user hsb-service 0 # hsb-service-type ap hsb-service 0 # wlan ac protect enable security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}%m9$2xA+y-fNA ap-system-profile name wlan-net primary-access ip-address 10.23.100.2 backup-access ip-address 10.23.100.3 ap-group name ap-group1 ap-system-profile wlan-net radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 # return

父主题： 可靠性配置举例

版权所有 © 华为技术有限公司

< 上一节下一节 >