华为配置双链路热备份场景下的无线配置同步示例

配置双链路热备份场景下的无线配置同步示例

组网图形

华为配置双链路热备份场景下的无线配置同步示例_第1张图片

图1 配置双链路热备份示例组网图

  • 业务需求
  • 组网需求
  • 数据规划
  • 配置思路
  • 配置注意事项
  • 操作步骤
  • 配置文件

业务需求

某企业为保证业务的正常运营,希望提高网络可靠性,同时还希望减少配置维护的工作量。为满足用户的需求,可以采用双链路热备份下应用无线配置同步的方案。这种方案下,主、备AC不受地理位置限制,部署灵活。

组网需求
  • AC组网方式:旁挂二层组网。
  • DHCP部署方式:Router作为DHCP服务器为AP和STA分配IP地址。
  • 业务数据转发方式:直接转发。

数据规划

表1 AC数据规划表

项目

数据

AP管理VLAN

VLAN100

STA业务VLAN

VLAN101

AC备份VLAN

VLAN102

DHCP服务器

Router作为AP和STA的DHCP服务器

STA网关:10.23.101.1/24

AP网关:10.23.100.1/24

AP地址池

10.23.100.4~10.23.100.254/24

STA地址池

10.23.101.2~10.23.101.254/24

AC源接口

VLANIF100

AC1管理IP地址

VLANIF100接口:10.23.100.2/24

AC2管理IP地址

VLANIF100接口:10.23.100.3/24

主用AC

AC1

备用AC

AC2

Master AC

AC1

Local AC

AC2

AP组

  • 名称:ap-group1

  • 引用模板:VAP模板wlan-net、域管理模板default

域管理模板

  • 名称:default
  • 国家码:中国

SSID模板

  • 名称:wlan-net

  • SSID名称:wlan-net

安全模板

  • 名称:wlan-net

  • 安全策略:WPA-WPA2+PSK+AES

  • 密码:a1234567

VAP模板

  • 名称:wlan-net

  • 转发模式:直接转发

  • 业务VLAN:VLAN101

  • 引用模板:SSID模板wlan-net、安全模板wlan-net

AP系统模板

  • 名称:wlan-net

  • 优选AC的IP地址:10.23.100.2

  • 备选AC的IP地址:10.23.100.3

无线配置同步定时同步

定时同步的起始时间:凌晨一点

定时同步的间隔时间:1440分钟

配置思路
  1. 配置AC1、AC2和其他网络设备实现网络互通。Router作为DHCP Server为AP和STA分配IP地址。
  2. 在AC1上配置WLAN基本业务,在AC2上仅配置WLAN私有配置。
  3. 配置AC1为主AC、AC2为备AC。先后在主备AC上配置双链路热备份功能。开启双链路热备份时,会重启所有AP。
  4. 配置双链路热备份场景下的无线配置同步。

配置注意事项
  • 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。
    • 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
    • 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。
  • 建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。

  • 隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。

  • V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。
  • V200R021C00版本开始,AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能,添加AP时AP会上线失败,此时需要先开启CAPWAP DTLS不认证方式(capwap dtls no-auth enable)让AP上线,以便AP获取安全凭证,AP上线后应及时关闭该功能(undo capwap dtls no-auth enable),避免未授权AP上线。

操作步骤
  1. 配置SwitchA、SwitchB和AC1和AC2,使AP与AC之间能够传输CAPWAP报文

    # 配置SwitchA连接AP的接口GE0/0/1的PVID为VLAN100(管理VLAN)并加入VLAN100和VLAN101,SwitchA连接SwitchB的接口GE0/0/2加入VLAN100和VLAN101。

     system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] vlan batch 100
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type trunk
    [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100
    [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [SwitchA-GigabitEthernet0/0/1] quit
    [SwitchA] interface gigabitethernet 0/0/2
    [SwitchA-GigabitEthernet0/0/2] port link-type trunk
    [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
    [SwitchA-GigabitEthernet0/0/2] quit

    # 配置汇聚交换机SwitchB连接SwitchA的接口GE0/0/1加入VLAN100和VLAN101,SwitchB连接AC1的接口GE0/0/2和SwitchB连接AC2的接口GE0/0/3加入VLAN100。

     system-view
    [HUAWEI] sysname SwitchB
    [SwitchB] vlan batch 100
    [SwitchB] interface gigabitethernet 0/0/1
    [SwitchB-GigabitEthernet0/0/1] port link-type trunk
    [SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [SwitchB-GigabitEthernet0/0/1] quit
    [SwitchB] interface gigabitethernet 0/0/2
    [SwitchB-GigabitEthernet0/0/2] port link-type trunk
    [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
    [SwitchB-GigabitEthernet0/0/2] quit
    [SwitchB] interface gigabitethernet 0/0/3
    [SwitchB-GigabitEthernet0/0/3] port link-type trunk
    [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
    [SwitchB-GigabitEthernet0/0/3] quit

    # 配置AC1连接SwitchB的接口GE0/0/1加入VLAN100。

     system-view
    [HUAWEI] sysname AC1
    [AC1] vlan batch 100
    [AC1] interface gigabitethernet 0/0/1
    [AC1-GigabitEthernet0/0/1] port link-type trunk
    [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AC1-GigabitEthernet0/0/1] quit

    # 配置AC2连接SwitchB的接口GE0/0/1加入VLAN100。

     system-view
    [HUAWEI] sysname AC2
    [AC2] vlan batch 100
    [AC2] interface gigabitethernet 0/0/1
    [AC2-GigabitEthernet0/0/1] port link-type trunk
    [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
    [AC2-GigabitEthernet0/0/1] quit
  2. 配置AC1、AC2和Router互通

    # 配置AC1的接口GE0/0/1加入VLAN102(备份VLAN)。

    [AC1] vlan batch 101 102
    [AC1] interface vlanif 100
    [AC1-Vlanif100] ip address 10.23.100.2 24
    [AC1-Vlanif100] quit
    [AC1] interface vlanif 102
    [AC1-Vlanif102] ip address 10.23.102.1 24
    [AC1-Vlanif102] quit
    [AC1] interface gigabitethernet 0/0/1
    [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
    [AC1-GigabitEthernet0/0/1] quit

    # 配置AC2的接口GE0/0/1加入VLAN102。

    [AC2] vlan batch 101 102
    [AC2] interface vlanif 100
    [AC2-Vlanif100] ip address 10.23.100.3 24
    [AC2-Vlanif100] quit
    [AC2] interface vlanif 102
    [AC2-Vlanif102] ip address 10.23.102.2 24
    [AC2-Vlanif102] quit
    [AC2] interface gigabitethernet 0/0/1
    [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 102
    [AC2-GigabitEthernet0/0/1] quit

    # 配置SwitchB的接口GE0/0/2和GE0/0/3加入VLAN102,SwitchB连接Router的接口GE0/0/4加入VLAN100和VLAN101。

    [SwitchB] vlan batch 101 102
    [SwitchB] interface gigabitethernet 0/0/2
    [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 102
    [SwitchB-GigabitEthernet0/0/2] quit
    [SwitchB] interface gigabitethernet 0/0/3
    [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 102
    [SwitchB-GigabitEthernet0/0/3] quit
    [SwitchB] interface gigabitethernet 0/0/4
    [SwitchB-GigabitEthernet0/0/4] port link-type trunk
    [SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 101
    [SwitchB-GigabitEthernet0/0/4] quit
  3. 配置Router给STA和AP分配IP地址

    DNS服务器地址请根据实际需要配置。常用配置方法如下:
    • 接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
    • 全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
     system-view
    [Huawei] sysname Router
    [Router] vlan batch 100 101
    [Router] dhcp enable
    [Router] ip pool sta
    [Router-ip-pool-sta] network 10.23.101.0 mask 24
    [Router-ip-pool-sta] gateway-list 10.23.101.1
    [Router-ip-pool-sta] quit
    [Router] ip pool ap
    [Router-ip-pool-ap] network 10.23.100.0 mask 24
    [Router-ip-pool-ap] excluded-ip-address 10.23.100.2
    [Router-ip-pool-ap] excluded-ip-address 10.23.100.3
    [Router-ip-pool-ap] gateway-list 10.23.100.1
    [Router-ip-pool-ap] quit
    [Router] interface vlanif 100
    [Router-Vlanif100] ip address 10.23.100.1 24
    [Router-Vlanif100] dhcp select global
    [Router-Vlanif100] quit
    [Router] interface vlanif 101
    [Router-Vlanif101] ip address 10.23.101.1 24
    [Router-Vlanif101] dhcp select global
    [Router-Vlanif101] quit
    [Router] interface gigabitethernet 0/0/1
    [Router-GigabitEthernet0/0/1] port link-type trunk
    [Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
    [Router-GigabitEthernet0/0/1] quit
  4. 配置AC1的WLAN基本业务
    1. 配置AC1的系统参数。

      [AC1] wlan
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] regulatory-domain-profile name default
      [AC1-wlan-regulate-domain-default] country-code cn
      [AC1-wlan-regulate-domain-default] quit
      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] regulatory-domain-profile default
      Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y  
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] quit
      [AC1] capwap source interface vlanif 100
      [AC1] wlan
    2. 在AC1上管理AP。

      [AC1-wlan-view] ap auth-mode mac-auth
      [AC1-wlan-view] ap-id 0 ap-mac 00e0-fc76-e360
      [AC1-wlan-ap-0] ap-name area_1
      [AC1-wlan-ap-0] ap-group ap-group1
      Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y  
      [AC1-wlan-ap-0] quit
      [AC1-wlan-view] display ap all
      Total AP information: 
      nor  : normal          [1] 
      Extrainfo : Extra information 
      P  : insufficient power supply 
      -------------------------------------------------------------------------------------------------- 
      ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo 
      -------------------------------------------------------------------------------------------------- 
      0    00e0-fc76-e360 area_1 ap-group1 10.23.100.254 AP5030DN        nor   0   10S         - 
      -------------------------------------------------------------------------------------------------- 
      Total: 1
    3. 配置AC1的WLAN业务参数。

      # 创建名为“wlan-net”的安全模板,并配置安全策略。

      举例中以配置WPA-WPA2+PSK+AES的安全策略为例,密码为“a1234567”,实际配置中请根据实际情况,配置符合实际要求的安全策略。

      [AC1-wlan-view] security-profile name wlan-net
      [AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes
      [AC1-wlan-sec-prof-wlan-net] quit

      # 创建名为“wlan-net”的SSID模板,并配置SSID名称为“wlan-net”。

      [AC1-wlan-view] ssid-profile name wlan-net
      [AC1-wlan-ssid-prof-wlan-net] ssid wlan-net
      [AC1-wlan-ssid-prof-wlan-net] quit

      # 创建名为“wlan-net”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。

      [AC1-wlan-view] vap-profile name wlan-net
      [AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward
      [AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
      [AC1-wlan-vap-prof-wlan-net] security-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net
      [AC1-wlan-vap-prof-wlan-net] quit

      # 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-net”的配置。

      [AC1-wlan-view] ap-group name ap-group1
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
      [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
      [AC1-wlan-ap-group-ap-group1] quit
      [AC1-wlan-view] quit
  5. 配置AC2的WLAN私有配置

    # 配置AC2的源接口。

    [AC2] capwap source interface vlanif 100
  6. 配置AC间控制隧道DTLS加密

    # 在AC1上配置AC间控制隧道DTLS加密
    [AC1] capwap dtls inter-controller psk a1234567
    [AC1] capwap dtls inter-controller control-link encrypt 
    Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y 
    [AC1] wlan

    # 在AC2上配置AC间控制隧道DTLS加密
    [AC2] capwap dtls inter-controller psk a1234567
    [AC2] capwap dtls inter-controller control-link encrypt 
    Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y 
    [AC2] wlan
  7. 配置主用AC1和备用AC2双链路备份功能

    # 在AC1上,配置优选AC的IP地址为AC1的源地址,备选AC的IP地址为AC2的源地址。

    缺省情况下,双链路备份功能未开启,执行命令ac protect enable会提示重启所有AP。AP重启后,双链路备份功能开始生效。

    若双链路备份功能已开启,此处再执行命令ac protect enable不会重启AP,需要在主AC上继续执行命令ap-reset重启AP,AP重启后,双链路备份功能开始生效。

    [AC1-wlan-view] ap-system-profile name wlan-net
    [AC1-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2
    [AC1-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3
    [AC1-wlan-ap-system-prof-wlan-net] quit
    [AC1-wlan-view] ap-group name ap-group1
    [AC1-wlan-ap-group-ap-group1] ap-system-profile wlan-net
    [AC1-wlan-ap-group-ap-group1] quit
    [AC1-wlan-view] undo ac protect restore disable
    [AC1-wlan-view] ac protect enable
    Warning: This operation maybe cause AP reset, continue?[Y/N]: y
    # 在AC2上,配置优选AC的IP地址为AC1的源地址,备选AC的IP地址为AC2的源地址。
    [AC2-wlan-view] ap-system-profile name wlan-net
    [AC2-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2
    [AC2-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3
    [AC2-wlan-ap-system-prof-wlan-net] quit
    [AC2-wlan-view] ap-group name ap-group1
    [AC2-wlan-ap-group-ap-group1] ap-system-profile wlan-net
    [AC2-wlan-ap-group-ap-group1] quit
    [AC2-wlan-view] undo ac protect restore disable
    [AC2-wlan-view] ac protect enable
    Warning: This operation maybe cause AP reset, continue?[Y/N]: y

    # 在AC1上重启AP,下发双链路备份配置信息至AP。

    [AC1-wlan-view] ap-reset all
    Warning: Reset AP(s), continue?[Y/N]:y
    [AC1-wlan-view] quit
  8. 配置双机热备份功能

    # 在AC1上创建HSB主备服务0,并配置其主备通道IP地址和端口号。

    [AC1] hsb-service 0
    [AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
    [AC1-hsb-service-0] quit

    # 配置将WLAN业务与NAC业务绑定AC1的HSB主备服务。

    [AC1] hsb-service-type ap hsb-service 0
    [AC1] hsb-service-type access-user hsb-service 0

    # 在AC2上创建HSB主备服务0,并配置其主备通道IP地址和端口号。

    [AC2-wlan-view] quit
    [AC2] hsb-service 0
    [AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
    [AC2-hsb-service-0] quit

    # 配置将WLAN业务与NAC业务绑定AC2的HSB主备服务。

    [AC2] hsb-service-type ap hsb-service 0
    [AC2] hsb-service-type access-user hsb-service 0
  9. 配置Master AC和Local AC

    # 在AC1上配置AC1作为Master AC,并指定Local AC的IP地址。
    [AC1] wlan
    [AC1-wlan-view] master controller
    [AC1-master-controller] local-controller ip-address 10.23.100.3 psk H@123456
    [AC1-master-controller] quit
    # 在AC2上配置AC2作为Local AC,并指定Master AC的IP地址。
    [AC2] wlan
    [AC2-wlan-view] master-controller ip-address 10.23.100.2 psk H@123456

    # 在AC1上配置定时同步功能。

    [AC1-wlan-view] synchronize-configuration auto interval 1440 start-time 01:00:00
  10. 手动触发无线配置同步

    # 执行命令display sync-configuration status查看无线配置同步状态信息,状态为“cfg-mismatch”。需要在Master AC上手动触发无线配置同步到Local AC上。等待Local AC自动重启完成。

    [AC1-wlan-view] display sync-configuration status
    Controller role:Master/Backup/Local
    ----------------------------------------------------------------------------------------------------
    Controller IP Role    Device Type     Version        Status                           Last synced
    ----------------------------------------------------------------------------------------------------
    10.23.100.3   Local   ACxxxx          V200R019C10    cfg-mismatch(config check fail)  -
    ----------------------------------------------------------------------------------------------------
    Total: 1
    [AC1-wlan-view] synchronize-configuration
    Warning: This operation may reset the remote AC, synchronize configurations to it, and save all its configurations. Whether to conti
    nue? [Y/N]:y
  11. 验证配置结果

    # 在Master AC和Local AC上分别执行命令display sync-configuration status,查看无线配置同步状态信息。状态为“up”表示无线配置同步功能正常。

    [AC1-wlan-view] display sync-configuration status
    Controller role:Master/Backup/Local
    -----------------------------------------------------------------------------------------
    Controller IP Role    Device Type     Version              Status        Last synced
    -----------------------------------------------------------------------------------------
    10.23.100.3   Local   ACxxxx          V200R019C10          up       2017-09-01/11:18:15
    -----------------------------------------------------------------------------------------
    Total: 1
    [AC2-wlan-view] display sync-configuration status
    Controller role:Master/Backup/Local
    -----------------------------------------------------------------------------------------
    Controller IP Role    Device Type     Version              Status        Last synced
    -----------------------------------------------------------------------------------------
    10.23.100.2   Master  ACxxxx          V200R019C10          up       2017-09-01/11:18:25
    -----------------------------------------------------------------------------------------
    Total: 1

    # 在Master AC上修改公有配置时,会自动同步到Local AC上。

    # 通过重启主AC的方式,模拟主AC故障的场景,验证备份配置。重启AC1,当AP与AC1的链路中断后,AC2切换为主AC,保证业务的稳定

    重启AC前,请执行命令save保存AC上的配置文件,以免重启后配置丢失。

    # AC1重启期间,STA上业务不中断。AP切换到AC2上线,在AC2上执行命令display ap all可以查看AP的状态由standby变为normal

    # AC1重启恢复正常,触发主备回切后,AP会自动重新到AC1正常上线。

配置文件
  • SwitchA的配置文件

    #
    sysname SwitchA
    #
    vlan batch 100
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    return
  • SwitchB的配置文件

    #
    sysname SwitchB
    #
    vlan batch 100 to 102
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    interface GigabitEthernet0/0/2
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    interface GigabitEthernet0/0/3
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    interface GigabitEthernet0/0/4
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    return
  • Router的配置文件

    #
     sysname Router
    #
    vlan batch 100 to 101
    #
    dhcp enable
    #
    ip pool sta
     gateway-list 10.23.101.1
     network 10.23.101.0 mask 255.255.255.0
    #
    ip pool ap
     gateway-list 10.23.100.1
     network 10.23.100.0 mask 255.255.255.0
     excluded-ip-address 10.23.100.2 10.23.100.3      
    #
    interface Vlanif100
     ip address 10.23.100.1 255.255.255.0
     dhcp select global
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select global
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 to 101
    #
    return
  • AC1和AC2的配置文件对比(加粗内容为AC1和AC2上的双机备份配置和无线配置同步配置,斜体内容为AC1自动同步到AC2的公有配置)
    表2 配置文件对比

    AC1

    AC2

    #
     sysname AC1
    #
    vlan batch 100 to 102
    #
    interface Vlanif100
     ip address 10.23.100.2 255.255.255.0
    #
    interface Vlanif102
     ip address 10.23.102.1 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    capwap source interface vlanif100
    capwap dtls inter-controller control-link encrypt
    capwap dtls inter-controller psk %^%#*w\Zhsb-service 0
     service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
    #
    hsb-service-type access-user hsb-service 0
    #
    hsb-service-type ap hsb-service 0
    #
    wlan
     ac protect enable
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}%m9$2xA+y-fNA
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     ap-system-profile name wlan-net
      primary-access ip-address 10.23.100.2
      backup-access ip-address 10.23.100.3
     synchronize-configuration auto interval 1440 start-time 01:00:00
     ap-group name ap-group1
      ap-system-profile wlan-net
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
     master controller
      local-controller ip-address 10.23.100.3 psk %^%#/q6ITBsonPkeDGXiV;!'^htAMm[n"(Z{^ES|5[^.%^%#
    #
    return
    #
     sysname AC2
    #
    vlan batch 100 to 102
    #
    interface Vlanif100
     ip address 10.23.100.3 255.255.255.0
    #
    interface Vlanif102
     ip address 10.23.102.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 102
    #
    capwap source interface vlanif100
    capwap dtls inter-controller control-link encrypt
    capwap dtls inter-controller psk %^%#*w\Zhsb-service 0
     service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
    #
    hsb-service-type access-user hsb-service 0
    #
    hsb-service-type ap hsb-service 0
    #
    wlan
     ac protect enable
     security-profile name wlan-net
      security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}%m9$2xA+y-fNA
     ssid-profile name wlan-net
      ssid wlan-net
     vap-profile name wlan-net
      service-vlan vlan-id 101
      ssid-profile wlan-net
      security-profile wlan-net
     regulatory-domain-profile name default
     ap-system-profile name wlan-net
      primary-access ip-address 10.23.100.2
      backup-access ip-address 10.23.100.3
     master-controller ip-address 10.23.100.2 psk %^%#mh|sYMl/}'U|"W/rBd\9HICmNy{,BIi0c^F:z;V#%^%#
     synchronize-configuration auto interval 1440 start-time 01:00:00
     ap-group name ap-group1
      ap-system-profile wlan-net
      radio 0
       vap-profile wlan-net wlan 1
      radio 1
       vap-profile wlan-net wlan 1
     ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042
      ap-name area_1
      ap-group ap-group1
    #
    return

你可能感兴趣的:(网络,华为)