西安移动WLAN AC双机热备部署方案指导.docx
- 文档编号:4107736
- 上传时间:2022-11-27
- 格式:DOCX
- 页数:22
- 大小:216.72KB
西安移动WLAN AC双机热备部署方案指导.docx
《西安移动WLAN AC双机热备部署方案指导.docx》由会员分享,可在线阅读,更多相关《西安移动WLAN AC双机热备部署方案指导.docx(22页珍藏版)》请在冰豆网上搜索。
西安移动WLANAC双机热备部署方案指导
陕西移动WLAN双机热备割接方案
拟制:
Draftedby:
日期:
Date:
审核:
Reviewedby:
日期:
Date:
审核:
Reviewedby:
日期:
Date:
批准:
Approvedby:
日期:
Date:
华为技术有限公司
HuaweiTechnologiesCo.,Ltd.
版权所有XX
Allrightsreserved
1开局场景
1.1软件版本
ME60产品版本:
HuaweiVersatileRoutingPlatformSoftware
VRP(R)software,Version5.70(ME60V600R002C02SPCa00)
Copyright(C)2000-2011HuaweiTechnologiesCo.,Ltd.
ME60产品补丁:
PatchPackageName:
cfcard:
/me60v600r002spc030.pat
PatchPackageVersion:
V600R002SPC030
设备License:
ItemnameItemtypeValueDescription
-------------------------------------------------------------
LME0HAGF01FunctionYESHAG
LME0BSVC00FunctionYESFIB
LME0VPDN01FunctionYESHAG
LME0CONN01Resource132KMEUserNum
LME0WLAN00Resource32WLAN
Masterboardlicensestate:
Normal.
版本入网许可证号:
数-H12011
1.2组网拓扑
说明:
目前现网两台AC分别侧挂在锦业路和崇业路两台BAS,热点AP采用三层隧道模式的组网方式,这种组网模式已经不能满足业务的发展需求。
为了达到链路和设备级冗灾需求,出现故障时客户仍能无感知的享受网络,需要把现网改造为双机热备模式。
本指导书以如下拓扑和端口关系为基础,详细描述AC双机热备部署。
1.3业务部署需求
1.3.1AC热备规划
根据现网情况,本次热备规划使用目前成熟的独享地址池+网络侧隧道迂回方案进行部署,针对WLAN业务实现热备。
WLAN-AC组网及IP地址分配:
1.主备AC各配置2个聚合组Trunk-1和Trunk-2。
Trunk-1用于和BAS互联;
Trunk-2用于两台AC互联;
2.AC侧Trunk-1需要配置3个子接口,分别终结公网地址、内网1地址、内网2地址。
子接口与封装VLAN保持一致。
VLAN规划为:
1001,1002,1003,1004
VLAN1001用于VRRP主AC:
192.168.1.2/29备AC:
192.168.1.3/29Virtual-ip192.168.1.1
VLAN1002、1004用于AC与BAS公网互联
主AC地址:
211.137.138.234/30BAS地址:
211.137.138.233/30
备AC地址:
211.137.138.238/30BAS地址:
211.137.138.237/30
VLAN1003用户AP管理地址互联:
主AC地址:
172.16.218.43/29BAS地址:
172.16.218.41/29
备AC地址:
172.16.218.42/29BAS地址:
172.16.218.41/29
3.主备AC各使用一个32位地址,用于设备管理。
LoopBack0
主AC:
120.192.243.47/32备AC:
120.192.243.48/32
4.主备AC使用相同的NAS-IP32位地址。
LoopBack100
主AC:
211.137.138.122/32备AC:
211.137.138.122/32
5.内网地址1使用29掩码地址段,启用VRRP协议。
用于AC主备的区分。
6.内网地址2使用29掩码地址段,用户AP管理的接口地址,用于建立CAPWAP隧道。
7.AP管理地址池:
192.168.12.1/24
8.用户业务地址池:
111.20.61.1/24
以上部分数据域现网不一致,仅用于举例
1.3.2路由规划
1.AC与Bras之间运行OSPF路由发布用户地址段和NAS-IP(L1地址),并且备AC发布的NAS-IP的cost值大,详见如下配置指导。
OSPF路由
router-id
AC使用管理地址做ROUTER-ID.
参数
AreaID
areaID号码根据设备厂商区分:
华为200
区域类型
nssa
认证方式
接口认证MD5
认证密码
wlanac,key-id为1,两端保持一致。
参考带宽
10G
Hello间隔
1s
Holddown
4s
OSPF端口模式
缺省模式广播
路由发布
IP城域网BAS向AC发布缺省路由default-always;AC仅向IP城域网汇聚路由器发布该AC下的业务网段和互联网段。
2业务部署
2.1路由配置
崇业路主AC配置:
interfaceLoopBack0
descriptionFor-Manage
ipaddress120.192.243.47255.255.255.255
#
interfaceLoopBack100
descriptionNAS-IP
ipaddress211.137.138.122255.255.255.255
#
ipip-prefixnasipindex10permit211.137.138.12232
ipip-prefixserviceipindex10permit111.20.61.024
#
route-policynasippermitnode10
if-matchip-prefixnasip
applycost+50
#
route-policyserviceippermitnode10
if-matchip-prefixserviceip
#
ospf1router-id120.192.243.47
import-routedirectroute-policynasip
import-routeunrroute-policyserviceip
silent-interfaceLoopBack0
bandwidth-reference10000
area0.0.0.200
authentication-modemd51cipher-6DXUSR,U%GQ=^Q`MAF4<1!
!
network211.137.138.2320.0.0.3
network120.192.243.470.0.0.0
nssa
#
iproute-static120.192.243.48255.255.255.255192.168.11.2descriptionTo-AC0002-RUI
iproute-static192.168.12.0255.255.255.0172.16.218.41
#
崇业路备AC配置:
interfaceLoopBack0
descriptionFor-Manage
ipaddress120.192.243.48255.255.255.255
#
interfaceLoopBack100
descriptionNAS-IP
ipaddress211.137.138.122255.255.255.255
#
ipip-prefixnasipindex10permit211.137.138.12232
ipip-prefixserviceipindex10permit111.20.61.024
#
route-policynasippermitnode10
if-matchip-prefixnasip
applycost+100
#
route-policyserviceippermitnode10
if-matchip-prefixserviceip
applycost+100
#
ospf1router-id120.192.243.48
import-routedirectroute-policynasip
import-routeunrroute-policyserviceip
silent-interfaceLoopBack0
bandwidth-reference10000
area0.0.0.200
authentication-modemd51cipher-6DXUSR,U%GQ=^Q`MAF4<1!
!
network120.192.243.480.0.0.0
network211.137.138.2360.0.0.3
nssa
#
iproute-static120.192.243.47255.255.255.255192.168.11.1descriptionTo-AC0001-RUI
iproute-static192.168.12.0255.255.255.0172.16.218.41
#
AC接入BAS的配置:
ospf2
default-route-advertisealways
area0.0.0.200
descriptionTO-HuaWeiAc
authentication-modemd51cipher-6DXUSR,U%GQ=^Q`MAF4<1!
!
network211.137.138.2320.0.0.3
network211.137.138.2360.0.0.3
nssa
#
bgp64650
ipv4-familyunicast
network120.192.243.47255.255.255.255
network120.192.243.48255.255.255.255
network111.20.61.1255.255.255.0
network211.137.138.122255.255.255.255
2.2静态LACP配置
主AC配置:
interfaceEth-Trunk1
mac-address707b-e888-dbca
description[SNXA-WLAN-AC0001-HW-ME60-X3]-[SNXA-MC-CMNET-BAS15-CYL-ME60]
modelacp-static
#
interfaceEth-Trunk2
descriptionTo-[SNXA-WLAN-AC0002-HW-ME60-X3]-ETrunk2
modelacp-static
#
备AC配置:
#
interfaceEth-Trunk1
mac-address781d-bacf-26d5
descriptionTo-[SNXA-MC-CMNET-BAS15-CYL-ME60]-ETrunk16
modelacp-static
interfaceEth-Trunk2
descriptionTo-[SNXA-WLAN-AC0002-HW-ME60-X3]-ETrunk2
modelacp-static
#
BAS配置:
#
interfaceEth-Trunk15
portswitch
descriptionTo-[SNYD-CYL-HWME60-X3-AC0001]-ETrunk1
portlink-typetrunk
porttrunkallow-passvlan1001to1003
modelacp-static
#
interfaceEth-Trunk16
portswitch
portlink-typetrunk
porttrunkallow-passvlan10011003to1004
modelacp-static
2.3配置双机热备
1、AC与BAS互联配置
崇业路主AC配置:
interfaceEth-Trunk1.1001
vlan-typedot1q1001
descriptionFor-Master&Slave
ipaddress192.168.10.3255.255.255.248
vrrpvrid10virtual-ip192.168.10.1
admin-vrrpvrid10
vrrpvrid10priority120
vrrpvrid10preempt-modetimerdelay270
#
interfaceEth-Trunk1.1002
vlan-typedot1q1002
descriptionTo-[SNXA-MC-CMNET-BAS15-CYL-ME60]-ETrunk3
ipaddress211.137.138.234255.255.255.252
ospftimerhello1
#
interfaceEth-Trunk1.1003
vlan-typedot1q1003
description[SNXA-WLAN-AC0001-HW-ME60-X3-APManage]
ipaddress172.16.218.43255.255.255.248
#
interfaceEth-Trunk2
ipaddress10.0.0.1255.255.255.252
#
崇业路备AC配置:
interfaceEth-Trunk1.1001
vlan-typedot1q1001
descriptionFor-Master&Slave
ipaddress192.168.10.2255.255.255.248
vrrpvrid10virtual-ip192.168.10.1
admin-vrrpvrid10
#
interfaceEth-Trunk1.1003
vlan-typedot1q1003
description[SNXA-WLAN-AC0001-HW-ME60-X3-APManage]
ipaddress172.16.218.42255.255.255.248
#
interfaceEth-Trunk1.1004
vlan-typedot1q1004
ipaddress211.137.138.238255.255.255.252
#
interfaceEth-Trunk2
ipaddress10.0.0.2255.255.255.252
#
AC接入BAS配置:
interfaceVlanif1001
descriptionTo-HuaWeiAc-Vrrp
ipaddress192.168.10.4255.255.255.248
#
interfaceVlanif1002
descriptionTO-SNXA-WLAN-AC0001-HW-ME60-X3-CYL01
ipaddress211.137.138.233255.255.255.252
ospftimerhello1
#
interfaceVlanif1003
descriptionTo-HuaWeiAc-ApMange
ipbindingvpn-instanceChinaMobile_CMNET_WLAN
ipaddress172.16.218.41255.255.255.248
#
interfaceVlanif1004
descriptionTo-HuaWeiAc0002-gongwang
ipaddress211.137.138.237255.255.255.252
ospftimerhello1
interfaceEth-Trunk15
portswitch
descriptionTo-[SNYD-CYL-HWME60-X3-AC0001]-ETrunk1
portlink-typetrunk
porttrunkallow-passvlan1001to1003
modelacp-static
#
interfaceEth-Trunk16
portswitch
descriptionTo-[SNYD-CYL-HWME60-X3-AC0002]-ETrunk1
portlink-typetrunk
porttrunkallow-passvlan10011003to1004
modelacp-static
2、配置双机热备RBS
崇业路主AC配置:
remote-backup-serviceac0001-ac0002
peer120.192.243.48source120.192.243.47port12000
#
remote-backup-profilewlan-01
service-typebras
backup-id200remote-backup-serviceac0001-ac0002
peer-backuphot
vrrp-id10interfaceEth-Trunk1.1001
ip-poolwlan-001
naslogic-ip211.137.138.122
#
崇业路备AC配置:
remote-backup-serviceac0001-ac0002
peer120.192.243.47source120.192.243.48port12000
#
remote-backup-profilewlan-01
service-typebras
backup-id200remote-backup-serviceac0001-ac0002
peer-backuphot
vrrp-id10interfaceEth-Trunk1.1001
ip-poolwlan-001
naslogic-ip211.137.138.122
#
3、配置BAS接口绑定RBP
崇业路主AC配置:
slot1
hostcarcir512
wlantunnel-accessinterfacevirtual-ethernet1/0/2
#
interfaceVirtual-Ethernet1/0/1
ve-group1l2-terminate
interfaceVirtual-Ethernet1/0/2
ve-group1l3-access
#
interfaceVirtual-Ethernet1/0/2.10001
descriptionTO-[xibuguoji-test]
user-vlan100
remote-backup-profilewlan-01
wlanenable
bas
#
access-typelayer2-subscriberdefault-domainpre-authenticationwlan-hotauthenticationwlan.sn-hot
nas-port-type802.11
authentication-methodweb
#
崇业路备AC配置:
slot1
hostcarcir512
wlantunnel-accessinterfacevirtual-ethernet1/0/2
#
interfaceVirtual-Ethernet1/0/1
ve-group3l2-terminat
interfaceVirtual-Ethernet1/0/2
ve-group3l3-access
#
interfaceVirtual-Ethernet1/0/2.10001
descriptionTO-[xibuguoji-test]
user-vlan100
remote-backup-profilewlan-01
wlanenable
bas
#
access-typelayer2-subscriberdefault-domainpre-authenticationwlan-hotauthenticationwlan.sn-hot
nas-port-type802.11
authentication-methodweb
#
2.4配置认证数据
崇业路主AC配置:
aaa
nas-serial0027.0029.290.00
http-redirectenable
#authentication-schemewlan
authentication-modenone
authentication-schemecmcc-hot
#accounting-schemewlan
accounting-modenone
#accounting-schemecmcc-hot
#domainwlan-hot
authentication-schemewlan
accounting-schemewlan
ip-poolwlan-001
user-groupwlan
idle-cut150
web-server221.176.1.140
web-serverurlhttp:
//221.176.1.140/wlan/index.php
web-serverurl-parameter
#
domainwlan.sn-hot
authentication-schemecmcc-hot
accounting-schemecmcc-hot
ip-poolwlan-001
radius-servergroupsnmcc
idle-cut150
#
ippoolwlan-001baslocal
gateway111.20.61.1255.255.255.0
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 西安移动WLAN AC双机热备部署方案指导 西安 移动 WLAN AC 双机 部署 方案 指导
![提示](https://static.bdocx.com/images/bang_tan.gif)