由淺入深玩轉(zhuǎn)華為WLAN—20 漫游系列(8)不同AC之間三層漫游
轉(zhuǎn)載自微信公眾號(hào):網(wǎng)絡(luò)之路博客
三層漫游數(shù)據(jù)包的過(guò)程(隧道轉(zhuǎn)發(fā)模式下)
漫游前數(shù)據(jù)包的走向
1、STA發(fā)送數(shù)據(jù)報(bào)文給HAP
2、HAP通過(guò)CAPWAP隧道把報(bào)文發(fā)送給HAC
3、HAC收到以后把業(yè)務(wù)報(bào)文送給上層設(shè)備處理轉(zhuǎn)發(fā)
漫游后數(shù)據(jù)包的走向
1、STA發(fā)送數(shù)據(jù)報(bào)文給FAP
2、FAP通過(guò)CAPWAP隧道把報(bào)文發(fā)送給FAC
3、FAC通過(guò)AC間的隧道把報(bào)文發(fā)送給HAC
4、HAC把報(bào)文送往上層設(shè)備處理轉(zhuǎn)發(fā)
可以看到其實(shí)數(shù)據(jù)包最終還是由原來(lái)的AC處理,而FAC只是做了個(gè)代理通過(guò)AC之間的隧道來(lái)把數(shù)據(jù)包交給AC。
三層漫游數(shù)據(jù)包的過(guò)程(直接轉(zhuǎn)發(fā)模式下)
在AC間三層漫游的直接轉(zhuǎn)發(fā)比較麻煩,而且處理過(guò)程比隧道轉(zhuǎn)發(fā)還要多。
漫游前的數(shù)據(jù)轉(zhuǎn)發(fā)
1、STA發(fā)送數(shù)據(jù)包報(bào)文給HAP
2、HAP收到以后把數(shù)據(jù)包交給HAC(如果是旁?huà)炷J剑瑒t直接交給對(duì)應(yīng)VLAN的網(wǎng)關(guān)設(shè)備處理來(lái)路由到需要去的目的地)
3、HAC收到以后把數(shù)據(jù)報(bào)文交給上層設(shè)備處理轉(zhuǎn)發(fā)
漫游后的數(shù)據(jù)轉(zhuǎn)發(fā)
1、STA把數(shù)據(jù)包轉(zhuǎn)發(fā)給FAP
2、FAP收到報(bào)文后,交給HAC處理(如果旁?huà)炷J剑仨殞⒃摌I(yè)務(wù)的數(shù)據(jù)包由FAC處理,否則漫游后的數(shù)據(jù)包不通)
3、FAC收到后,把數(shù)據(jù)包從AC間的隧道發(fā)送給HAC
4、HAC收到后,把報(bào)文轉(zhuǎn)發(fā)給HAP
5、HAP在將數(shù)據(jù)報(bào)文按正常的方式轉(zhuǎn)發(fā)
可以看到三層漫游的直接轉(zhuǎn)發(fā)非常麻煩,通常情況下,我們理解直接轉(zhuǎn)發(fā)的處理過(guò)程肯定比隧道轉(zhuǎn)發(fā)要簡(jiǎn)便,但是在三層AC間漫游的過(guò)程中,確變得比較復(fù)雜,所以在三層AC間漫游的情況下,建議用隧道方式相比更加簡(jiǎn)單些。
家鄉(xiāng)代理的作用
其實(shí)可以看到在三層直接轉(zhuǎn)發(fā)的模式下相比來(lái)說(shuō)非常繁瑣,而家鄉(xiāng)代理的作用就是減輕HAP的負(fù)擔(dān),它可以指定HAC直接轉(zhuǎn)發(fā)數(shù)據(jù)包,省去了FAC把數(shù)據(jù)包通過(guò)隧道發(fā)給HAC的時(shí)候,在發(fā)給HAP做轉(zhuǎn)發(fā)的過(guò)程。
拓?fù)浣榻B
這里是官方給出的拓?fù)洌@里主要重點(diǎn)在于兩邊的業(yè)務(wù)VLAN都是同一個(gè),但是AC_1提供的在192.168.101.0/24網(wǎng)段,而AC_2的網(wǎng)段則提供在192.168.102.0/24網(wǎng)段,VLAN ID相同,但網(wǎng)段不一樣,這個(gè)其實(shí)也是屬于三層漫游的。
說(shuō)明:這里還是以官方給的拓?fù)渥鼋榻B,ENSP目前無(wú)法支持AC間漫游,所以這里無(wú)法演示。
Switch_1配置
[SW1] vlan batch 100 101
[SW1] interface gigabitethernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SW1-GigabitEthernet0/0/1] quit
[SW1] interface gigabitethernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type trunk
[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SW1-GigabitEthernet0/0/2] quit
Switch_2配置
[SW2] vlan batch 100 101
[SW2] interface gigabitethernet 0/0/1
[SW2-GigabitEthernet0/0/1] port link-type trunk
[SW2-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SW2-GigabitEthernet0/0/1] quit
[SW2] interface gigabitethernet 0/0/2
[SW2-GigabitEthernet0/0/2] port link-type trunk
[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SW2-GigabitEthernet0/0/2] quit
AC-1的配置(只包含AP上線(xiàn)以及WLAN業(yè)務(wù)配置)
[AC_1] dhcp enable
[AC_1] vlan batch 100 101
[AC_1] interface gigabitethernet 0/0/1
[AC_1-GigabitEthernet0/0/1] port link-type trunk
[AC_1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[AC_1-GigabitEthernet0/0/1] quit
[AC_1] interface gigabitethernet 0/0/2
[AC_1-GigabitEthernet0/0/2] port link-type trunk
[AC_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[AC_1-GigabitEthernet0/0/2] quit
[AC_1] interface vlanif 100
[AC_1-vlanif100] ip address 192.168.100.1 255.255.255.0
[AC_1-vlanif100] dhcp select interface
[AC_1-vlanif100] dhcp server excluded-ip-address 192.168.100.2
[AC_1-vlanif100] quit
[AC_1] interface vlanif 101
[AC_1-vlanif101] ip address 192.168.101.1 255.255.255.0
[AC_1-vlanif101] dhcp select interface
[AC_1-vlanif101] quit
[AC_1] interface wlan-ess 1
[AC_1-Wlan-Ess1] port hybrid pvid vlan 101
[AC_1-Wlan-Ess1] port hybrid untagged vlan 101
[AC_1] wlan
[AC_1-wlan-view] wlan ac source interface vlanif 100
[AC_1-wlan-view] ap id 1 type-id 19 mac 60de-4476-e360
[AC_1-wlan-view] wmm-profile name wmm id 1
[AC_1-wlan-wmm-prof-wmm] quit
[AC_1-wlan-view] radio-profile name radio id 1
[AC_1-wlan-radio-prof-radio] wmm-profile name wmm
[AC_1-wlan-radio-prof-radio] quit
[AC_1-wlan-view] security-profile name security id 1
[AC_1-wlan-sec-prof-security] quit
[AC_1-wlan-view] traffic-profile name traffic id 1
[AC_1-wlan-traffic-prof-traffic] quit
[AC_1-wlan-view] service-set name huawei1 id 1
[AC_1-wlan-service-set-huawei1] ssid huawei1
[AC_1-wlan-service-set-huawei1] wlan-ess 1
[AC_1-wlan-service-set-huawei1] security-profile name security
[AC_1-wlan-service-set-huawei1] traffic-profile name traffic
[AC_1-wlan-service-set-huawei1] service-vlan 101
[AC_1-wlan-service-set-huawei1] vlan-mobility-group 101 (必須)
[AC_1-wlan-service-set-huawei1] forward-mode tunnel
[AC_1-wlan-service-set-huawei1] quit
AC-2的配置(只包含AP上線(xiàn)以及WLAN業(yè)務(wù)配置)
[AC_2] dhcp enable
[AC_2] vlan batch 100 101
[AC_2] interface gigabitethernet 0/0/1
[AC_2-GigabitEthernet0/0/1] port link-type trunk
[AC_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[AC_2-GigabitEthernet0/0/1] quit
[AC_2] interface gigabitethernet 0/0/2
[AC_2-GigabitEthernet0/0/2] port link-type trunk
[AC_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[AC_2-GigabitEthernet0/0/2] quit
[AC_2] interface vlanif 100
[AC_2-vlanif100] ip address 192.168.100.2 255.255.255.0
[AC_2] interface vlanif 101
[AC_2-vlanif101] ip address 192.168.102.1 255.255.255.0
[AC_2-vlanif101] dhcp select interface
[AC_2] interface wlan-ess 1
[AC_2-Wlan-Ess1] port hybrid pvid vlan 101
[AC_2-Wlan-Ess1] port hybrid untagged vlan 101
[AC_2] wlan
[AC_2-wlan-view] wlan ac source interface vlanif 100
[AC_2-wlan-view] ap id 1 type-id 19 mac 60de-4476-e360
[AC_2-wlan-view] wmm-profile name wmm id 1
[AC_2-wlan-wmm-prof-wmm] quit
[AC_2-wlan-view] radio-profile name radio id 1
[AC_2-wlan-radio-prof-radio] wmm-profile name wmm
[AC_2-wlan-radio-prof-radio] quit
[AC_2-wlan-view] security-profile name security id 1
[AC_2-wlan-sec-prof-security] quit
[AC_2-wlan-view] traffic-profile name traffic id 1
[AC_2-wlan-traffic-prof-traffic] quit
[AC_2-wlan-view] service-set name huawei1 id 1
[AC_2-wlan-service-set-huawei1] ssid huawei1
[AC_2-wlan-service-set-huawei1] wlan-ess 1
[AC_2-wlan-service-set-huawei1] security-profile name security
[AC_2-wlan-service-set-huawei1] traffic-profile name traffic
[AC_2-wlan-service-set-huawei1] service-vlan 101
[AC_2-wlan-service-set-huawei1]forward-mode tunnel
[AC_2-wlan-service-set-huawei1] vlan-mobility-group 102 (必須,而且區(qū)分與AC_1)
[AC_2-wlan-service-set-huawei1] quit
漫游功能相關(guān)配置
[AC_1] master-controller enable
[AC_1] master controller
[AC_1-master-controller] ac id 1 ip 192.168.100.1
[AC_1-master-controller] ac id 2 ip 192.168.100.2
[AC_1-master-controller] mobility-group name mobility
[AC_1-mc-mg-mobility] member ac id 1
[AC_1-mc-mg-mobility] member ac id 2
說(shuō)明:AC_1的配置,它作為master controller,然后在controller里面定義了漫游組,屬于同一個(gè)漫游組的AC之間是可以漫游的。
[AC_2-wlan-view] master-controller ip 192.168.100.1
而AC_2的配置比較簡(jiǎn)單,只需要指定controller在哪即可,漫游組信息由master告訴其他AC成員。
下發(fā)業(yè)務(wù)給AP
[AC_1] wlan
[AC_1-wlan-view] ap 1 radio 0
[AC_1-wlan-radio-1/0] radio-profile name radio
[AC_1-wlan-radio-1/0] service-set name huawei1
[AC_1-wlan-radio-1/0] quit
[AC_1-wlan-view] commit ap 1
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
[AC_2] wlan
[AC_2-wlan-view] ap 1 radio 0
[AC_2-wlan-radio-1/0] radio-profile name radio
[AC_2-wlan-radio-1/0] service-set name huawei1
[AC_2-wlan-radio-1/0] quit
[AC_2-wlan-view] commit ap 1
Warning: Committing configuration may cause service interruption,continue?[Y/N]y
測(cè)試
這里把一個(gè)客戶(hù)端連接到AP_1上后,可以通過(guò)命令查看
[AC_1-wlan-view] display station assoc-info all
——————————————————————————
STA MAC AP ID RADIO ID SS ID SSID
——————————————————————————
0025-86aa-0d1c 1 0 1 huawei1
——————————————————————————
Total stations: 1
目前該客戶(hù)端關(guān)聯(lián)上來(lái)了,當(dāng)把客戶(hù)端從AP_1移動(dòng)到AP_2的范圍內(nèi)
[AC_2-wlan-view] display station assoc-info all
——————————————————————————
STA MAC AP ID RADIO ID SS ID SSID
——————————————————————————
0025-86aa-0d1c 1 0 1 huawei1
——————————————————————————
Total stations: 1
這時(shí)候AP_2上面已經(jīng)有關(guān)于客戶(hù)端的信息了。
[AC_2-wlan-view] display station roam-track sta 0025-86aa-0d1c
Access SSID:huawei1 Rx/Tx:Rx-Rate/Tx-Rate Mbps
——————————————————————————
L2/L3 AC IP
AP/Radio BSSID TIME In Rx/Tx RSSI Out Rx/Tx RSSI
——————————————————————————
— 192.168.100.1
1/0 60de-4476-e360 2014/01/03 11:46:12 61/61 -51 46/13 -48
L3 192.168.100.2
1/0 dcd2-fc04-b500 2014/01/03 11:48:17 61/61 -58 -/- –
——————————————————————————
Number of roam track: 1
說(shuō)明:
ENSP目前無(wú)法支持AC間漫游,所以這里無(wú)法演示。