某客户因办公区域改造,部分线路需要拆除,但是WIFI覆盖又不能少,否则就没办法办公了,原来每个无线AP都是有网线连接到交换机的,现在有部分AP要改为通过MESH链路连接到网络,好在距离不是很远,采用MESH组网技术,扩展WIFI覆盖范围,问题不大。
现场简图如下所示,绘画水平极度有限,将就看吧。
AP1-4原来都是接入到SW1,从图片可以看到,AP3和4已经没有网线了,所以需要重新配置——将使用双MPP Mesh组网,使AP3和4通过Mesh链路无线接入AP1和AP2,从而扩大AP1、2的覆盖范围。
配置思路:
1、配置网络互通,AP1和AP2配置为MPP节点,通过有线的方式在AC上线;
2、配置Mesh业务,AP3和4配置为MP节点,通过无线Mesh链路在AC上线。
前期工作:
简易拓扑图
开始工作之前,弄个简易拓扑图,便于接线以及后期配置,上图虽然看着草率,却已经是后补的了,现场就是借个铅笔画画,更乱。
预定义参数
同理,一些配置参数,也要提前定义好,免得配置过程中,记混写错。
配置步骤:
配AC与AP1、AP2之间网络互通;
配置接入交换机SW1。将SW1的接口GE0/0/1、GE0/0/2加入VLAN100(管理VLAN),且其PVID为VLAN100。同时配置接口GE0/0/1、GE0/0/2和GE0/0/3允许携带VLAN100报文通过。
<HUAWEI> system-view
[HUAWEI] sysname SW1
[SW1] vlan batch 100
[SW1] interface gigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/1] port-isolate enable
[SW1-GigabitEthernet0/0/1] quit
[SW1] interface gigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type trunk
[SW1-GigabitEthernet0/0/2] port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/2] port-isolate enable
[SW1-GigabitEthernet0/0/2] quit
[SW1] interface gigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type trunk
[SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 100
[SW1-GigabitEthernet0/0/3] quit
配置汇聚交换机SW2。配置接口GE0/0/1允许携带VLAN100的报文通过,GE0/0/2允许携带VLAN100的报文通过。
<HUAWEI> system-view
[HUAWEI] sysname SW2
[SW2] vlan batch 100
[SW2] interface gigabitEthernet 0/0/1
[SW2-GigabitEthernet0/0/1] port link-type trunk
[SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[SW2-GigabitEthernet0/0/1] quit
[SW2] interface gigabitEthernet 0/0/2
[SW2-GigabitEthernet0/0/2] port link-type trunk
[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
[SW2-GigabitEthernet0/0/2] quit
配置AC连接汇聚交换机的接口GE1/0/1允许携带VLAN100的报文通过。
<HUAWEI> system-view
[HUAWEI] sysname AC
[AC] vlan batch 100
[AC] interface gigabitEthernet 1/0/1
[AC-GigabitEthernet1/0/1] port link-type trunk
[AC-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[AC-GigabitEthernet1/0/1] quit
配置AC的DHCP功能,为AP分配IP地址;
[AC] wlan
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] quit
3、配置AP组、国家码和AC的源接口
创建MPP的AP组和MP的AP组,用于将相同配置的AP都加入同一AP组中。
[AC] wlan
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] quit
创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。
[AC-wlan-view] regulatory-domain-profile name domain1
[AC-wlan-regulate-domain-domain1] country-code cn
[AC-wlan-regulate-domain-domain1] quit
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:y
[AC-wlan-ap-group-mesh-mp] quit
[AC-wlan-view] quit
配置AC的源接口。
[AC] capwap source interface vlanif 100
将AP1、AP2加入到AP组“mesh-mpp”中,将AP3、AP4加入到AP组“mesh-mp”中。
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth
[AC-wlan-view] ap-id 1 ap-mac 00e0-fc00-9601
[AC-wlan-ap-1] ap-name AP1
[AC-wlan-ap-1] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-1] quit
[AC-wlan-view] ap-id 2 ap-mac 00e0-fc00-9602
[AC-wlan-ap-2] ap-name AP2
[AC-wlan-ap-2] ap-group mesh-mpp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-2] quit
[AC-wlan-view] ap-id 3 ap-mac 00e0-fc00-9603
[AC-wlan-ap-3] ap-name AP3
[AC-wlan-ap-3] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-3] quit
[AC-wlan-view] ap-id 4 ap-mac 00e0-fc00-9604
[AC-wlan-ap-4] ap-name AP4
[AC-wlan-ap-4] ap-group mesh-mp
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-4] quit
4、配置Mesh业务参数
配置Mesh节点使用的主要射频参数。
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 1
[AC-wlan-group-radio-mesh-mpp/1] channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-group-radio-mesh-mpp/1] coverage distance 3
[AC-wlan-group-radio-mesh-mpp/1] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] channel 40mhz-plus 157
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC-wlan-group-radio-mesh-mp/1] coverage distance 3
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit
配置AP有线口参数。本例中假设Mesh承载的业务VLAN为VLAN101,则需配置Mesh各节点的有线口以tagged形式加入VLAN101。
[AC-wlan-view] wired-port-profile name wired-port
[AC-wlan-wired-port-wired-port] vlan tagged 101
[AC-wlan-wired-port-wired-port] quit
配置Mesh链路使用的安全模板“mesh-sec”,Mesh仅支持WPA2+PSK+AES的安全策略。
[AC-wlan-view] security-profile name mesh-sec
[AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase YsHsjx_202206 aes
[AC-wlan-sec-prof-mesh-sec] quit
配置Mesh白名单。
[AC-wlan-view] mesh-whitelist-profile name mesh-list
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc00-9601
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc00-9602
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc00-9603
[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc00-9604
[AC-wlan-mesh-whitelist-mesh-list] quit
配置Mesh角色。配置AP1、AP2的Mesh角色为“mesh-portal”,缺省情况下Mesh角色为“mesh-node”,所以AP3、AP4可以使用默认配置。Mesh角色是通过AP系统模板配置的。
[AC-wlan-view] ap-system-profile name mesh-sys
[AC-wlan-ap-system-prof-mesh-sys] mesh-role mesh-portal
[AC-wlan-ap-system-prof-mesh-sys] quit
配置Mesh模板。配置Mesh网络的ID为“mesh-net”,Mesh链路老化时间为30秒,并引用安全模板和Mesh白名单。
[AC-wlan-view] mesh-profile name mesh-net
[AC-wlan-mesh-prof-mesh-net] mesh-id mesh-net
[AC-wlan-mesh-prof-mesh-net] link-aging-time 30
[AC-wlan-mesh-prof-mesh-net] security-profile mesh-sec
[AC-wlan-mesh-prof-mesh-net] quit
配置AP射频引用Mesh白名单模板。
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] radio 1
[AC-wlan-group-radio-mesh-mpp/1] mesh-whitelist-profile mesh-list
[AC-wlan-group-radio-mesh-mpp/1] quit
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] radio 1
[AC-wlan-group-radio-mesh-mp/1] mesh-whitelist-profile mesh-list
[AC-wlan-group-radio-mesh-mp/1] quit
[AC-wlan-ap-group-mesh-mp] quit
5、在AP组引用相关模板,使Mesh业务生效
配置AP组“mesh-mpp”和“mesh-mp”分别引用有线口模板“wired-port”,使AP的有线口参数在Mesh各节点上生效。本例假设AP均用GE0接口与SW1相连。
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] wired-port-profile wired-port gigabitethernet 0
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] wired-port-profile wired-port gigabitethernet 0
[AC-wlan-ap-group-mesh-mp] quit
配置AP组“mesh-mpp”引用AP系统模板“mesh-sys”,使MPP角色在AP1、AP2上生效。
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] ap-system-profile mesh-sys
[AC-wlan-ap-group-mesh-mpp] quit
配置AP组“mesh-mpp”和“mesh-mp”分别引用Mesh模板“mesh-net”,使Mesh业务生效。
[AC-wlan-view] ap-group name mesh-mpp
[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-net radio 1
[AC-wlan-ap-group-mesh-mpp] quit
[AC-wlan-view] ap-group name mesh-mp
[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-net radio 1
[AC-wlan-ap-group-mesh-mp] quit
6、验证Mesh业务配置结果
完成配置后,执行命令display ap all,查看Mesh各节点是否成功上线,当“State”字段显示为“nor”,则表示AP已成功上线。
双MPP的Mesh业务生效后,执行命令display wlan mesh link all,查看Mesh链路相关信息,
执行命令display wlan mesh route all,查看当前Mesh网络的Mesh路由。
双MPP Mesh组网还有个功能点:当AP2与AC间的链路出现了故障,AP2可以自动转换为MP,通过Mesh链路上线,AP1同理。
