配置双链路热备份

KiriSoyer

已于 2022-05-31 16:42:26 修改

阅读量2.4k

点赞数 4

文章标签：网络 web安全安全

于 2022-05-25 20:08:38 首次发布

本文链接：https://blog.csdn.net/Shryuie/article/details/124971254

版权

在这里插入图片描述

1.LSW1、LSW2、AC1、AC2 基础配置

LSW1

sy
vlan b 100 101
int g 0/0/1
p l t
p t p v 100
p t a v 100 101
int g 0/0/2
p l t
p t a v 100 101

LSW2

sy
vlan b 100 101 102
int g 0/0/1
p l t
p t a v 100 101
int g 0/0/2
p l t
p t a v 100 102
int g 0/0/3
p l t
p t a v 100 102
int g 0/0/4
p l t
p t a v 100 101

AC1

sy
vlan b 100 101 102
int g 0/0/1
p l t
p t a v 100 102
int vlan 100
ip add 10.23.100.2 24
int vlan 102
ip add 10.23.102.1 24

AC2

sy
vlan b 100 101 102
int g 0/0/1
p l t
p t a v 100 102
int vlan 100
ip add 10.23.100.3 24
int vlan 102
ip add 10.23.102.2 24

2.配置Router给STA和AP分配IP地址

sy
dhcp enable
vlan b 100 101
int g 0/0/1
portswitch
p l t
p t a v 100 101
ip pool ap
network 10.23.100.0 mask 24
gateway-list 10.23.100.1
ip pool sta
network 10.23.101.0 mask 24
gateway-list 10.23.101.1
int vlan 100
ip add 10.23.100.1 24
dhcp select global
int vlan 101
ip add 10.23.101.1 24
dhcp select global

3.配置AC1的WLAN基本业务

wlan
ap-group name ap-group1
q
regulatory-domain-profile name default
country-code cn
q
ap-group name ap-group1
regulatory-domain-profile default	---y
q
q
capwap source interface vlan 100

// Mac地址 => dis int g 0/0/0
wlan
ap auth-mode mac-auth
ap-id 0 ap-mac 00e0-fcbe-0890
ap-name area_1
ap-group ap-group1		---y
q
dis ap all

security-profile name wlan-net
security wpa-wpa2 psk pass-phrase 12345678 aes	---y
q

ssid-profile name wlan-net
ssid wlan-net
q

vap-profile name wlan-net
forward-mode direct-forward
service-vlan vlan-id 101 
security-profile wlan-net
ssid-profile wlan-net 
q

ap-group name ap-group1
vap-profile wlan-net wlan 1 radio 0
vap-profile wlan-net wlan 1 radio 1
q
q

4.配置AC2的WLAN私有配置

capwap source interface Vlanif 100

5.配置AC间控制隧道DTLS加密

AC1

capwap dtls inter-controller psk a1234567
capwap dtls inter-controller control-link encrypt	---y

AC2

capwap dtls inter-controller psk a1234567
capwap dtls inter-controller control-link encrypt	---y

6.配置主用AC1和备用AC2双链路备份功能

AC1

wlan
ap-system-profile name wlan-net
primary-access ip-address 10.23.100.2
backup-access ip-address 10.23.100.3
q
ap-group name ap-group1
ap-system-profile wlan-net	---y
q
undo ac protect restore disable
ac protect enable	---y

// 若双链路备份功能已开启，此处再执行命令ac protect enable不会重启AP，需要在主AC上继续执行
// 命令ap-reset重启AP，AP重启后，双链路备份功能开始生效。
ap-reset all	---y
q

AC2

wlan
ap-system-profile name wlan-net
primary-access ip-address 10.23.100.2
backup-access ip-address 10.23.100.3
q
ap-group name ap-group1
ap-system-profile wlan-net	---y
q
undo ac protect restore disable
ac protect enable	---y

7.配置双机热备份功能

AC1

hsb-service 0
service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241
q
hsb-service-type ap hsb-service 0
hsb-service-type access-user hsb-service 0

AC2

hsb-service 0
service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241
q
hsb-service-type ap hsb-service 0
hsb-service-type access-user hsb-service 0

8.验证配置结果

dis ap-system-profile name wlan-net

在这里插入图片描述

dis ac protect

在这里插入图片描述

dis hsb-service 0

在这里插入图片描述

KiriSoyer

关注

4
点赞
踩
29

收藏

觉得还不错? 一键收藏
打赏
0
评论
配置双链路热备份

1.LSW1、LSW2、AC1、AC2 基础配置LSW1syvlan b 100 101int g 0/0/1p l tp t p v 100p t a v 100 101int g 0/0/2p l tp t a v 100 101LSW2syvlan b 100 101 102int g 0/0/1p l tp t a v 100 101int g 0/0/2p l tp t a v 100 102int g 0/0/3p l tp t a v 1.
复制链接

扫一扫