|
本文主要描述兩台AC做冗餘備份的功能,冗余備份利用VRRP協議,將兩台或多台AC放置在網路中,當主AC發生故障失效時,備用AC能立即接管主AC上的AP,並繼續工作,保證用戶的無線網路不會中斷。
測試產品型號及固件版本:
-
AC(WNAC7512): AW1.3.10.5742a.X7X5
-
AP(WNDAP350): 1.3.6.2
一、拓撲結構圖
-
AP連在二層交換機GS748TPS的vlan100中,且連接AP的埠打上了vlan2的tag,從而讓無線用戶資料直接進入vlan2(本例使用本地轉發模式,AP採用手動關聯方式)。
-
三層交換機GSM7252PS的1號,2號埠(已經劃分到vlan100)分別連接兩台AC。
-
AC通過三層介面(VLAN2,已啟用高級路由模式)連接到交換機的vlan100。
-
兩台AC之間也是通過三層介面Eth1-1(高級路由模式)或vlan連接一條心跳線。心跳線的作用是檢查對方是否工作。
-
具體IP和vlan規劃見上圖
二、配置說明
在配置VRRP之前,兩台AC均先做如下預配置
-
創建兩個三層介面(高級路由模式),一個介面用於心跳線連接,一個用於連接到三層交換機,並與AP實現關聯。例如,在圖中Master的eth1-1設置為10.0.0.1(心跳線),VLAN2設置為192.168.10.1(連接三層交換機)。
-
創建指向三層交換機的三層路由。例中即ip route 0.0.0.0/0 192.168.10.254。
-
創建相同的安全策略、wlan配置和AP列表。例中使用的是wpa_p安全策略,wlan映射到vlan2。
-
其他相關網路設置
三、注意事項:
-
AP關聯AC時使用的IP是虛擬IP,在例中即是192.168.10.100。因此若是跨三層部署,需要注意在DHCP Option43設置或AP手工指定AC的IP時,使用虛擬IP位址。
-
建議不要在AC上做DHCP伺服器,如果兩台AC都開啟了DHCP,可能造成AP反復從兩台AC上獲取位址,造成不穩定的情況。
-
兩台AC的AP license數量都要能滿足現網AP使用的數量。
-
禁用搶佔模式。
-
二層部署也建議開啟Option 43,或者在AP上指定AC的位址,AC的IP為虛擬位址。
-
在1.3固件版本之後配置VRRP,除在AC上面創建VLAN,路由,及給相應介面配置IP位址在config t下面配置以外,其他的如安全策略,WLAN策略,WLAN服務開啟,策略綁定,添加AP均在config hansi-profile 模式下面配置。
-
在1.3固件版本後,VRRP的配置目前只能通過命令行(CLI)配置,不能通過WEB配置。
-
AP在其中一台AC上面關聯之後,需要手動把註冊上來後的AP資訊複製到另外一台AC。
四、相關配置
1、AC1的主要配置(紅色部分需在config hansi-profile 模式下配置):
create vlan 2 vlan2
config vlan 2
add port 1/3 untag
add port 1/2 untag
exit
interface eth1-1
advanced-routing enable
exit
interface vlan2
advanced-routing enable
exit
interface eth1-1
bandwidth 1000000
ip address 10.0.0.1/24
exit
interface vlan2
bandwidth 1000000
ip address 192.168.10.1/24
exit
config hansi-profile 1 //配置VRRP 1
create security 1 wpa_p
config security 1
security type wpa_p
encryption type aes
security ascii key 12345678
exit
create wlan 1 wlan1 NG1_WPA
config wlan 1
apply securityID 1
wlan apply interface vlan2
set local wlan-vlan 2
exit
create wtp 1 WNDAP350 model&mac WNDAP350 mac 00:26:F2:8B:71:80
config wtp 1
wtp apply interface vlan2
set wtp sn 00:26:F2:8B:71:80
exit
config radio 4
radio apply wlan 1
beaconinterval 400
mode 11b/g/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
config radio 5
radio apply wlan 1
beaconinterval 400
mode 11a/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
create wtp 2 WNDAP350 model&mac WNDAP350 mac 30:46:9A:16:59:20
config wtp 2
wtp apply interface vlan2
set wtp sn 30:46:9A:16:59:20
exit
config radio 8
radio apply wlan 1
beaconinterval 400
mode 11b/g/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
config radio 9
radio apply wlan 1
beaconinterval 400
mode 11a/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
config wlan 1
service enable
exit
config wtp 1
wtp used
exit
config wtp 2
wtp used
exit
set neighbordead interval 900
config heartbeatlink eth1-1 10.0.0.1 //配置心跳線,輸入連接心跳線的埠和IP
config downlink vlan2 192.168.10.100 priority 200 //配置下行介面虛擬IP,以及優先順序(下行介面即與AP關聯的介面,例中下行介面是eth1-1。優先順序數值大者優先成為master。)
config hansi advertime 1 ///配置廣告時間(秒為單位)
config hansi preempt no ///配置禁用搶佔模式
config service enable ///啟用VRRP服務
exit
ip route 0.0.0.0/0 192.168.10.254
2、AC2的主要配置(紅色部分需在config hansi-profile 模式下配置):
create vlan 2 vlan2
config vlan 2
add port 1/3 untag
add port 1/2 untag
exit
interface eth1-1
advanced-routing enable
exit
interface vlan2
advanced-routing enable
exit
interface eth1-1
bandwidth 1000000
ip address 10.0.0.2/24
exit
interface vlan2
bandwidth 1000000
ip address 192.168.10.2/24
exit
config hansi-profile 1 //配置VRRP 1
create security 1 wpa_p
config security 1
security type wpa_p
encryption type aes
security ascii key 12345678
exit
create wlan 1 wlan1 NG1_WPA
config wlan 1
apply securityID 1
wlan apply interface vlan2
set local wlan-vlan 2
exit
create wtp 1 WNDAP350 model&mac WNDAP350 mac 00:26:F2:8B:71:80
config wtp 1
wtp apply interface vlan2
set wtp sn 00:26:F2:8B:71:80
exit
config radio 4
radio apply wlan 1
beaconinterval 400
mode 11b/g/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
config radio 5
radio apply wlan 1
beaconinterval 400
mode 11a/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
create wtp 2 WNDAP350 model&mac WNDAP350 mac 30:46:9A:16:59:20
config wtp 2
wtp apply interface vlan2
set wtp sn 30:46:9A:16:59:20
exit
config radio 8
radio apply wlan 1
beaconinterval 400
mode 11b/g/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
config radio 9
radio apply wlan 1
beaconinterval 400
mode 11a/n
set radio diversity enable
set radio txantenna auto
11n cwmode ht40
11n mcs 15
exit
config wlan 1
service enable
exit
config wtp 1
wtp used
exit
config wtp 2
wtp used
exit
set neighbordead interval 900
config heartbeatlink eth1-1 10.0.0.2 //配置心跳線,輸入連接心跳線的埠和IP
config downlink vlan2 192.168.10.100 priority 100 //虛擬IP與master一致,但優先順序要小於master
config hansi advertime 1 //配置廣告時間(秒為單位)
config hansi preempt no //配置禁用搶佔模式
config service enable //啟用VRRP服務
exit
ip route 0.0.0.0/0 192.168.10.254
3、三層交換機GSM7252PS主要配置:
(GSM7252PS) #show running-config
!Current Configuration:
!System Description "GSM7252PS - 48-Port GE L2+ Managed Stackable PoE Switch with 2 10GE SFP+ ports"
!System Software Version "8.0.3.11"
!System Up Time"0 days 22 hrs 38 mins 38 secs"
!Additional PackagesFASTPATH QOS,FASTPATH Multicast,FASTPATH IPv6,FASTPATH Stacking
!Current SNTP Synchronized Time: Not Synchronized
network protocol none
vlan database
vlan 2,100
vlan routing 1 1
vlan routing 2 2
vlan routing 100 100
exit
configure
sntp client mode unicast
! sntp server status is active
sntp server time-d.netgear.com
stack
member 1 7
exit
slot 1/0 8
set slot power 1/0
no set slot disable 1/0
ipv6 router ospf
exit
ip routing
line console
exit
line telnet
exit
line ssh
exit
spanning-tree configuration name "00-26-F2-F6-B3-10"
!
interface 1/0/1 連接AC1
vlan pvid 100
vlan participation include 100
exit
interface 1/0/2 連接AC2
vlan pvid 100
vlan participation include 100
exit
interface 1/0/3
vlan pvid 100
vlan participation include 100
exit
interface 1/0/4
vlan pvid 100
vlan participation include 100
exit
interface 1/0/11
vlan pvid 2
vlan participation include 2
exit
interface 1/0/12
vlan pvid 2
vlan participation include 2
exit
interface 1/0/47
vlan participation include 2,100
vlan tagging 2,100
exit
interface 1/0/48連接GS748TPS交換機
vlan participation include 2,100
vlan tagging 2,100
exit
interface 1/0/49
no auto-negotiate
exit
interface 1/0/50
no auto-negotiate
exit
interface 1/0/51
no auto-negotiate
exit
interface 1/0/52
no auto-negotiate
exit
interface vlan 1
routing
ip address192.168.1.254255.255.255.0
exit
interface vlan 2
routing
ip address192.168.2.254255.255.255.0
exit
interface vlan 100
routing
ip address192.168.10.254255.255.255.0
exit
router rip
exit
router ospf
exit
service dhcp
ip dhcp pool "vlan2"
lease 2 0 0
default-router 192.168.2.254
network 192.168.2.0 255.255.255.0
exit
ip dhcp pool "vlan100"
lease 2 0 0
default-router 192.168.10.254
network 192.168.10.0 255.255.255.0
option 43 ip 192.168.10.100AC 雙機備份的時候建議DHCP開啟Option 43
exit
exit
(GSM7252PS) #
4、二層千兆POE交換機GS748TPS配置:
五、AC上面主備狀態查看方法:
在Master用show wtp list ,show hansi 1命令,可以看到VRRP的狀態如下:
在Standby用show wtp list,show hansi 1命令,可以看到VRRP的狀態如下:
|
.jpg)
.jpg "各類手錶手機,品項齊全")
