Login
H3C AC Dual-Link Backup and AP License Synchronization Best Practices (V7)-6W101-book.pdf(490.40 KB)
- Released At: 20-03-2026
- Page Views:
- Downloads:
- Related Documents
-
H3C AC Dual-Link Backup and AP License Synchronization Best Practices (V7)
Copyright © 2026 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
This document provides generic technical information, some of which might not be applicable to your products.
Contents
Failover (through AP detection)
Configuration synchronization between ACs
Implementation of dual-link hot backup
Configuration example (for version R58xx)
Configuration example (for version R54xx)
Device models recommended by the application solution
Appendix A AC configuration synchronization
Introduction
Background
With the continuous development of wireless technologies, enterprises and campus networks now support more diverse services and face significantly higher traffic pressure. Especially in centralized forwarding mode, the AC must maintain status data for all APs and handle complex service calculations and heavy data forwarding tasks. In this case, deploying only one AC in the network poses a risk. If the AC fails, it will disrupt the entire wireless network service, causing widespread service outages. This setup cannot meet today's high availability requirements for wireless networks.
In this context, AP dual-link backup emerged. It offers a high availability networking solution for wireless networks, allowing users to simply configure two ACs to enable AP-based link redundancy, failover, and service switchback. This way, if one AC fails, the AP can switchover to the other AC and continue working. This greatly reduces network risks caused by a single point failure and improves the overall network reliability.
However, as enterprises increasingly demand higher continuity for wireless network services, the traditional dual-link backup solution shows its limitations in exposure. In traditional dual-link backup, APs take time (typically 30 seconds) to detect an AC failure before triggering a switchover between the master and backup links. During this period, users in centralized forwarding mode experience traffic disruption for at least 30 seconds. This is unacceptable for scenarios with strict reliability and non-disruption requirements.
To address this issue, dual-link hot backup has advanced further. It establishes an efficient fault detection mechanism between ACs to identify faulty ACs within milliseconds and quickly guide APs to switchover to the backup AC. With the client persistence function, the system ensures uninterrupted service during master/backup switchover and prevents client disconnections. This achieves seamless service switchover. Dual-link hot backup significantly improves wireless network reliability and enhances service continuity. It has become an essential technology in modern enterprise wireless network architectures.
Benefits
Dual-link backup
The dual-link backup technology offers the following advantages:
· Failover for fast service recovery
In a dual-link backup architecture, if the master AC fails, APs connected to it can quickly switchover to the backup AC. The backup AC then takes over to manage and maintain wireless services. This mechanism quickly restores wireless network functions to prevent out-of-service situations. When the original master AC recovers, it automatically becomes the backup AC to prepare for the next failure.
· Switchback to restore services to normal operation
Users can enable CAPWAP master tunnel preemption, so that APs can automatically return to the original master AC after a 10-minute delay once the AC recovers. This restores the wireless network to its pre-failure state.
· Load sharing improves performance and stability
Users can specify different master ACs for APs to achieve load sharing. For example, specify AC 1 as the master AC for some APs and specify AC 2 for the other APs. Compared to the single-AC scenario, this approach effectively reduces device load, improves processing efficiency and performance, and enhances overall network stability and reliability.
· License synchronization reduces costs
The dual-link backup solution supports license synchronization, so that users do not need to purchase a separate license for the backup AC. ACs in the network can synchronize licenses. If the master AC fails, the backup AC can still use the licenses, reducing maintenance costs. The system also supports using a license server for flexible license allocation and management.
· Configuration synchronization for easier operation and maintenance
The master and backup ACs can synchronize common wireless service configurations. This reduces manual maintenance and minimizes configuration errors.
Dual-link hot backup
Building on the benefits of dual-link backup, dual-link hot backup offers these additional advantages:
· Service continuity
With the client persistence function, user clients stay online even during a master/backup switchover. This ensures seamless service switchover and delivers a smooth user experience.
· Faster fault detection
The two ACs exchange keepalive messages to quickly detect AC failures within milliseconds. This significantly reduces the switchover time and improves network stability and reliability.
Dual-link backup mechanism
Basic concepts
Basic concepts
Dual-link backup provides two uplinks for the AP, establishing a master tunnel and a backup tunnel. It includes the following components:
· Master and backup links: In a dual-link networking setup, the AP uses the CAPWAP protocol to establish uplinks with two different ACs. One link acts as the master link and operates actively. It receives configurations from the AC and reports AP information. Its function matches the AC-AP link in traditional single-link networking. The other link acts as a backup and establishes based on the master link. It acts as a redundancy to ensure high network availability.
· AC roles: The AC connected to APs through the master link is the master AC. It delivers configurations and manages control. The AC connected to APs through the backup link is the backup AC. If the master AC fails or the link becomes unstable, the backup AC takes over APs immediately to ensure stable wireless network operation.
Network connection method
Dual-link backup supports the following networking modes: master/backup mode and load sharing mode.
· Master/backup mode: In this mode, all APs in the network set one AC as the master AC and another AC as the backup AC. Normally, the master AC handles all services, while the backup AC only takes over when the master AC fails and does not process services otherwise. This ensures network reliability, but reduces resource utilization on the backup AC.
· Load sharing mode: In master/backup mode, the master AC carries a heavy load while the backup AC remains idle, resulting in low overall resource utilization. To resolve this issue, use load sharing mode. Set AC1 as the master AC and AC2 as the backup for some APs, and set AC2 as the master AC and AC1 as the backup for the other APs. This way, both AC1 and AC2 process service data, ensuring balanced resource allocation and efficient utilization between the two ACs.
Figure 1 Master/backup mode
Figure 2 Load sharing mode
Establishing a backup link
Configure the backup AC's IP address for APs on the master AC. You can group APs for this configuration.
First, the AP establishes a master link with the master AC. After a successful operation, the system sends a Discovery request to the backup AC using the configured backup AC IP address. Except for the link attribute, the packet content matches that of a standard master link Discovery request. If the backup AC responds to the Discovery message normally, the two devices establish a backup link according to the CAPWAP protocol. If the link establishment fails, the AP re-initiates the establishment process.
Figure 3 Backup link establishment
You can view and configure AP information on the backup AC through the backup link. However, except for a few CAPWAP link attribute-related configurations, other configurations take effect on APs only after the backup link switches to the master link. The AP's real-time operating state remains under the control of the master AC.
Failover (through AP detection)
The AP monitors the master link state through a keepalive mechanism. When the master AC fails, a user manually triggers the AP to go offline, or network issues cause the master link keepalive to fail, the AP detects the master link disconnection. It then triggers a master/backup switchover, promoting the backup AC to the master AC. The new master AC takes over functions like AP configuration delivery and service data processing to quickly recover the existing wireless network. The detailed process is as follows:
1. After the master link fails, the AP actively notifies the backup AC to switch the backup link to master link.
2. After receiving the message, the backup AC coordinates with all service modules to perform link switchover. It switches the link state to the master link, upgrading its role to the master AC for the current AP.
3. When the AP receives the response from the backup AC, it destroys the control data block of the master link and switches the backup link control data block to the master one. Each service module then coordinates to adjust service data accordingly, adapting to the current uplink tunnel master link.
4. After the AP completes the link switchover, the new master AC takes over the wireless services based on this AP in the network. The AC can now properly deliver subscriber provisioning to the AP and process service data reported by the AP.
5. If the new master AC has a backup AC IP configured, the AP probes the backup AC to establish a backup link.
6. All APs associated with the faulty AC in the network can concurrently execute the above process to complete the full-network link switchover and wireless service recovery.
Figure 4 Failover diagram
Service switchback
In a dual-link backup networking environment, the backup AC promotes the CAPWAP backup tunnel to the master tunnel only when the master AC connected to the AP fails. If the original master AC enables CAPWAP master tunnel preemption and its configured AP connection precedence is higher than that of the original backup AC (new master AC), the original master AC will switch the CAPWAP tunnel back to the master tunnel after a specified delay upon recovery.
To preempt the original master AC link, meet the following conditions:
1. Configure the AP to enable the master tunnel preemption feature on the original master AC.
2. Set the CAPWAP tunnel precedence on the original master AC higher than that on the original backup AC (new master AC).
Figure 5 Service switchback
AP license synchronization
AP license synchronization group
The AP license synchronization group link establishment process is as follows:
1. After you configure the AP license synchronization group, the AC with the smaller IP address (assume AC 2) initiates the link setup request in a dual-link backup networking scenario.
2. When AC 1 receives the request, it checks the AP license synchronization group configuration. If the configuration is correct, AC 1 agrees to establish the link connection.
3. After the link is established, AC 2 with the smaller IP address initiates a license synchronization request.
4. AC 1 copies its local licenses to AC 2.
5. The AC with the larger IP address initiates the license synchronization request.
6. AC 2 copies its local licenses to AC 1.
Figure 6 Link establishment for an AP license synchronization group
Dual-link backup license synchronization model
|
|
IMPORTANT: · In a dual-link networking setup, both ACs within the AP license synchronization group must be configured as primary ACs, ensuring that the two ACs can mutually share licenses. · The AP license synchronization link performs license data synchronization between the two ACs every 10 minutes. |
Set up a backup network between two ACs using the AP dual-link method. The AP establishes master and backup CAPWAP links with both the master and backup ACs. When the master AC device fails and the master link becomes unavailable, the backup link takes over as the master link and starts working.
After you enable wireless license synchronization, the dual-link backup license master model works as follows:
· Install L1 licenses on AC 1 and L2 licenses on AC 2. Each AP establishes both master and backup CAPWAP links, where the master link consumes a license while the backup link does not. A license is only required when the backup link switches to the master link.
· Through the license synchronization mechanism, AC 1 can utilize its own L1 licenses and the L2 licenses shared from AC 2, totaling L1 + L2 licenses. Similarly, AC 2 can use its own L2 licenses and the L1 licenses shared from AC 1, also totaling L1 + L2 licenses.
· If one AC fails, the licenses obtained through synchronization on the other AC can continue to be used for 30 days. If the failed AC remains disconnected from the peer for more than 30 days, the synchronized AP licenses will become invalid on the peer AC. In this case, newly connected APs on the peer AC will no longer be able to use the synchronized licenses, but APs already connected using synchronized licenses will not be forcibly taken offline.
Figure 7 Dual-link backup license synchronization
Configuration synchronization between ACs
Background
As wireless networks continue to expand, enterprises and carriers increasingly demand higher reliability and high availability. In a dual-link deployment environment, deploy two ACs for backup to ensure wireless network continuity and stability. The dual-link backup mechanism requires identical WLAN configurations on both the master and backup ACs. However, WLAN configurations in real-world scenarios are complex. Manually configuring them line by line on two ACs is time-consuming and error-prone. This increases operational difficulty and risks configuration inconsistencies that may cause failures.
Basic concepts
Configuration synchronization between ACs refers to the technology that synchronizes WLAN-related configurations between two ACs. This technology requires users to manually synchronize configurations from one AC to another after users complete the setup on a single AC, ensuring consistent WLAN configurations across both devices.
The configurations that can be synchronized include those in AP view, AP group view, global configuration view, radio view, an AP group's radio view, and wireless service template view, and access authentication-related settings. For more information, see "Appendix A AC configuration synchronization."
Benefits
· Significantly reduce configuration effort: Configuration is required only on one AC and does not need repeating on the other AC.
· Prevent configuration omissions: Manual synchronization eliminates inconsistencies caused by operation errors.
· Enhance network reliability: Keep the configurations consistent between the master and backup ACs to ensure service stability during switchover.
· Easy configuration difference check: Automatically generate diff files to help administrators compare configurations between two ACs and flexibly control synchronous operations.
Operating mechanism
1. Communication channel
The synchronization function relies on the communication channel established by the SmartMC network. First, set up the SmartMC network between the two ACs to ensure reliable management message delivery.
2. Role division
¡ TM role: Manage all devices in the SmartMC network.
¡ TC role: A managed device in a SmartMC network.
3. Configuration synchronization process
a. Complete WLAN configurations (such as those in AP view, AP group view, global configuration view, radio view, and wireless service template view, and access authentication settings) on a single AC (preferably the TM-role AC).
b. Execute configuration synchronization.
c. The TM-role AC compares its configuration with that of the TC-role AC.
If they match, the system skips synchronization to avoid duplicate actions.
If they do not match, then:
- The TM-role AC automatically generates a file named wlan_cfgsync.diff to record configuration differences between two devices in detail. Operations staff can use the more command to view the diff file and acknowledge the differences.
- The system pushes WLAN configurations from one AC to the other through the synchronization mechanism to synchronize settings.
d. After synchronization completes, the master and backup ACs maintain consistent WLAN configurations.
|
|
NOTE: · Configure the synchronization function to enable two-way simultaneous sync between two ACs. As a best practice, complete configurations on the TM-role AC first, then sync them to the TC-role AC. This ensures configuration consistency and management compliance. · The synchronization function is a one-time operation. Once synchronization is completed, if subsequent configuration changes occur, the synchronization operation must be re-executed. |
Figure 8 Synchronization configuration flowchart
Implementation of dual-link hot backup
Basic concepts
Dual-link hot backup supports AC failure detection and client retention on top of dual-link backup. Use this function for scenarios requiring higher service continuity and reliability.
Failure detection between ACs
Background
As wireless networks become widely used in enterprises and large campuses, high availability and fast switchover are critical to ensuring business continuity. In a dual-AC hot backup setup, APs must quickly switchover to the backup AC when the master AC fails to prevent out of service. However, traditional fault detection relies on the AP to detect AC anomalies, which causes delays and leads to temporary service interruptions. To improve fault response speed and achieve millisecond-level switchover, the AC fault detection mechanism was introduced.
Basic concepts
ACs detect failures by periodically sending detection packets to each other, enabling real-time status monitoring. When an AC fails to receive detection packets from its peer AC for a specified number of times, it determines the peer has failed. This triggers a master/backup switchover process, ensuring APs quickly switch to the backup AC and maintain service continuity.
Benefits
· Reduce the fault detection time to milliseconds, significantly improving fault response speed.
· Minimize service loss caused by master AC failures and ensure uninterrupted wireless services.
· Allow flexible configuration of the detection interval and fail count to meet different service needs.
Operating mechanism
1. Detection packet exchange: Two ACs periodically send detection packets to each other.
2. Fault decision standard: When the local AC fails to receive detection packets from the peer AC for a specified number of consecutive times, it determines a peer failure and triggers an immediate master/backup switchover.
3. Master/backup switchover and AP switchover: The current AC (AC 2 in the diagram) actively sends a switchover notification to the APs that established a master link with the failed AC (AC 1 in the diagram).
4. Service recovery: After receiving the notification, the APs quickly switch over to the current AC (AC 2 in the diagram) to come online and restore service connectivity.
Figure 9 Fault detection between ACs
Client persistence
Background
In a dual-link backup network architecture, each AP establishes master and backup CAPWAP links with two ACs. This ensures the backup AC can quickly take over if the master AC fails, maintaining service continuity. Although backup link switchover reduces the out-of-service time caused by AC failure, clients still need to go offline and reconnect. This affects the overall network experience. To enhance user experience, the client persistence technology emerged.
Basic concepts
Client persistence is a mechanism that uses the backup AC to save temporary client entries. It ensures clients stay online during a master/backup switchover and prevents client disconnections caused by a master AC failure. This mechanism enables the master AC to temporarily maintain client connection states and basic services, minimizing the perception of out-of-service conditions during switchover. To fully restore client functions, configure client reconnection for client persistence. This ensures a smooth transition of temporary client entries to normal entries after an master/backup switchover.
Benefits
· Enhanced user experience: Keeps clients online during master/backup switchover, preventing disconnections and frequent reconnections to ensure uninterrupted basic service.
· Data smooth switchover: Seamlessly switch temporary client entries to normal client entries to ensure service integrity.
Operating mechanism
1. In a dual-link architecture, the AP establishes master and backup links with the master and backup ACs through the CAPWAP protocol.
2. When a client comes online, the AP immediately reports its information to the backup AC to add a temporary client entry.
3. When the master AC fails, the backup AC automatically takes over as the master AC and manages AP services.
4. After enabling the client persistence function, the new master AC after switchover uses temporary client entries to maintain client online status and prevent disconnections.
5. Temporary client entries ensure basic services run smoothly. For example, clients can communicate and come online or go offline normally. However, some advanced functions such as ACL access control, CAR rate limiting, accounting, and load balancing will not take effect. After you configure client reconnection for client persistence, the new master AC forces these clients offline in batches and deletes temporary client entries.
6. After the client comes online again, the new master AC generates complete normal client entries and restores all service functions for the client.
Figure 10 Client persistence operating mechanism
Using the document
· Inter-AC configuration synchronization is applicable only to devices using version R58xx.
· Inter-AC fault detection and client persistence are applicable only to devices using version R54xx.
Configuration example (for version R58xx)
|
|
NOTE: This section mainly introduces the configuration for dual-link backup through the inter-AC configuration synchronization function. If the inter-AC configuration synchronization function is not used, please ignore or delete the configurations related to SmartMC and the inter-AC configuration synchronization function. |
Network configuration
As shown in Figure 11, the AP connects to AC 1 and AC 2 through the access switch and core switch, respectively. Follow these requirements:
· Use dual-link backup to protect the ACs with master/backup redundancy. Set AC 1 as the master device and AC 2 as the backup device. When AC 1 fails or undergoes a switchover, APs automatically switch to AC 2 to maintain service. Once AC 1 recovers, APs reconnect to it.
· Install the license only on AC 1, and configure AP license synchronization to let AC 2 share the license resources of AC 1.
· Configure the client to access the wireless network through VLAN 200.
· Connect the ACs and AP over a Layer 3 network. The AP automatically obtains the AC's IP address through the Option 43 parameter assigned by the DHCP Server, enabling Layer 3 registration and management.
· Use inter-AC configuration synchronization and configure WLAN services on AC 1 only. Then, the configuration will be synchronized to AC 2 to reduce configuration workload.
|
|
NOTE: This configuration uses centralized forwarding as an example. The dual-link backup networking also applies to local forwarding mode. |
Network diagram
Restrictions and guidelines
· Before using the configuration synchronization function, set up a SmartMC network first.
· SmartMC networking establishes channels based on VLAN 1. Dual-link configuration synchronization relies on SmartMC channels. Therefore, before configuring the SmartMC network, make sure VLAN 1 is permitted and assign an IP address to VLAN-interface 1.
· Configure the configuration synchronization function only on the TM-role AC. You can configure the system to synchronize configuration from the TM to a TC or from a TC to the TM.
Configuring SmartMC
1. Configure VLAN-interface 1 on AC 1.
# Configure VLAN-interface 1. This interface will be used to establish SmartMC channels.
<AC1> system-view
[AC1] interface vlan-interface 1
[AC1-Vlan-interface1] ip address 192.168.2.1 24
[AC1-Vlan-interface1] quit
2. Configure SmartMC (using AC 1 as the TM).
# Enable HTTP and HTTPS services.
[AC1] ip http enable
[AC1] ip https enable
# Enable the Telnet service.
[AC1] telnet server enable
# Enable HTTP-based NETCONF over SOAP.
[AC1] netconf soap http enable
# Enable LLDP globally.
[AC1] lldp global enable
# Configure local user admin with password hello12345, set the service types to Telnet, HTTP, and HTTPS, and specify the RBAC role as network-admin.
[AC1] local-user admin
[AC1-luser-manage-admin] password simple hello12345
[AC1-luser-manage-admin] service-type telnet http https
[AC1-luser-manage-admin] authorization-attribute user-role network-admin
[AC1-luser-manage-admin] quit
# Enable scheme authentication for VTY lines 0 through 63.
[AC1] line vty 0 63
[AC1-line-vty0-63] authentication-mode scheme
[AC1-line-vty0-63] user-role network-admin
[AC1-line-vty0-63] quit
# Enable SmartMC, specify the device role as TM, specify the username as admin, and configure a plaintext password of hello12345.
[AC1] smartmc tm username admin password simple hello12345 enable
3. Configure VLAN-interface 1 for AC 2:
# Configure VLAN-interface 1. This interface will be used to establish SmartMC channels.
<AC2> system-view
[AC2] interface vlan-interface 1
[AC2-Vlan-interface1] ip address 192.168.2.2 24
[AC2-Vlan-interface1] quit
4. Configure SmartMC for AC 2 (using AC 2 as a TC):
# Enable HTTP and HTTPS services.
[AC2] ip http enable
[AC2] ip https enable
# Enable the Telnet service.
[AC2] telnet server enable
# Enable HTTP-based NETCONF over SOAP.
[AC2] netconf soap http enable
# Enable LLDP globally.
[AC2] lldp global enable
# Configure local user admin with password admin, set the service types to Telnet, HTTP, and HTTPS, and specify the RBAC role as network-admin. Before setting a password, reduce the complexity requirements of the device on local user passwords.
[AC2] local-user admin
[AC2-luser-manage-admin] password-control length 4
[AC2-luser-manage-admin] password-control composition type-number 1 type-length 1
[AC2-luser-manage-admin] undo password-control complexity user-name check
[AC2-luser-manage-admin] password simple admin
[AC2-luser-manage-admin] service-type telnet http https
[AC2-luser-manage-admin] authorization-attribute user-role network-admin
[AC2-luser-manage-admin] quit
# Enable scheme authentication for VTY lines 0 through 63.
[AC2] line vty 0 63
[AC2-line-vty0-63] authentication-mode scheme
[AC2-line-vty0-63] quit
# Enable SmartMC and specify the device role as TC.
[AC2] smartmc tc enable
5. Verify that the SmartMC network has been established:
# Use the display smartmc tc command on AC 1 to view member device information. If member device information is displayed, it indicates that the SmartMC network has been established.
Configuring AC 1
1. Install licenses.
# Install licenses on AC 1. (Details not shown.)
2. Configure interfaces on AC 1.
# Create VLAN 20 and VLAN-interface 20, and set the IP address of VLAN-interface 20 to 10.1.1.1/16. APs will use this IP address to establish a CAPWAP tunnel with AC 1.
[AC1] vlan 20
[AC1-vlan20] quit
[AC1] interface vlan-interface 20
[AC1-Vlan-interface20] ip address 10.1.1.1 16
[AC1-Vlan-interface20] quit
# Create VLAN 200. AC 1 uses this VLAN to forward client data packets.
[AC1] vlan 200
[AC1-vlan200] quit
# Specify GigabitEthernet 1/0/1 that connects AC 1 to the core switch as a trunk port and assign the port to VLAN 20 and VLAN 200.
[AC1] interface gigabitethernet 1/0/1
[AC1-GigabitEthernet1/0/1] port link-type trunk
[AC1-GigabitEthernet1/0/1] port trunk permit vlan 20 200
[AC1-GigabitEthernet1/0/1] quit
3. Configure Layer 3 routing.
# Configure a static route to specify the IP address of the core switch as the next hop.
[AC1] ip route-static 0.0.0.0 0 10.1.1.3
4. Configure dual-link backup.
# Create AP group group1 and set the AP connection priority to 7.
[AC1] wlan ap-group group1
[AC1-wlan-ap-group-group1] priority 7
# Specify the IP address of the backup AC as 10.1.1.2.
[AC1-wlan-ap-group-group1] backup-ac ip 10.1.1.2
# Configure CAPWAP tunnel preemption to allow APs to reconnect to the master AC after the AC recovers from a failure.
[AC1-wlan-ap-group-group1] wlan tunnel-preempt enable
[AC1-wlan-ap-group-group1] quit
5. Configure AP license synchronization.
# Configure AP license synchronization.
[AC1] wlan ap-license-group
[AC1-wlan-als-group] local ip 10.1.1.1
[AC1-wlan-als-group] member ip 10.1.1.2
[AC1-wlan-als-group] ap-license-synchronization enable
[AC1-wlan-als-group] quit
6. Configure a wireless service:
# Create service template 1 and enter its view.
[AC1] wlan service-template 1
# Set the SSID to service.
[AC1-wlan-st-1] ssid service
# Configure wireless clients to join VLAN 200 after they come online.
[AC1-wlan-st-1] vlan 200
# Specify the authentication and key management mode as PSK and set the PSK key to plaintext string 12345678.
[AC1-wlan-st-1] akm mode psk
[AC1-wlan-st-1] preshared-key pass-phrase simple 12345678
# Specify the cipher suite as CCMP and the security IE as RSN.
[AC1-wlan-st-1] cipher-suite ccmp
[AC1-wlan-st-1] security-ie rsn
# Enable the wireless service template.
[AC1-wlan-st-1] service-template enable
[AC1-wlan-st-1] quit
7. Configure the AP.
# Create AP ap1, and specify the AP model and serial number.
[AC1] wlan ap ap1 model WA6320
[AC1-wlan-ap-ap1] serial-id 219801A28N819CE0002T
[AC1-wlan-ap-ap1] quit
8. Configure AP grouping rules.
# Configure an AP name-based grouping rule.
[AC1] wlan ap-group group1
[AC1-wlan-ap-group-group1] ap ap1
9. Bind the wireless service.
# Bind wireless service template 1 to radio 2 of APs in AP group group1.
[AC1-wlan-ap-group-group1] ap-model WA6320
[AC1-wlan-ap-group-group1-ap-model-WA6320] radio 2
[AC1-wlan-ap-group-group1-ap-model-WA6320-radio-2] service-template 1
# Enable radio 2.
[AC1-wlan-ap-group-group1-ap-model-WA6320-radio-2] radio enable
[AC1-wlan-ap-group-group1-ap-model-WA6320-radio-2] quit
[AC1-wlan-ap-group-group1-ap-model-WA6320] quit
[AC1-wlan-ap-group-group1] quit
10. Configure inter-AC configuration synchronization.
# Before executing configuration synchronization, verify that the SmartMC network is established. Use the display smartmc tc command to view member device information. If member device information is displayed, it indicates that the SmartMC network has been established. If the SmartMC network is not established, set it up first. Then, synchronize the configurations between ACs.
[AC1] display smartmc tc
# Synchronize the WLAN configurations from AC 1 to AC 2.
[AC1] wlan sync-configuration to peer-ac 000f-e212-6103
|
|
NOTE: · Specify the MAC address of AC 2 as the address in the MacAddress field in the output from the display smartmc tc. · After the synchronization is completed, if the configuration is changed, you must re-execute the synchronization operation. |
# After synchronization completes, check whether the configurations of the two ACs are consistent.
[AC1] wlan sync-configuration check peer-ac 000f-e212-6103
Configuring AC 2
1. Configure interfaces on AC 2.
# Create VLAN 20 and VLAN-interface 20, and set the IP address of VLAN-interface 20 to 10.1.1.2/16. APs will use this IP address to establish a CAPWAP tunnel with AC 2.
|
|
NOTE: After you execute configuration synchronization, VLAN 20 settings can be synchronized between ACs and do not require additional manual configuration. |
[AC2] interface Vlan-interface 20
[AC2-Vlan-interface20] ip address 10.1.1.2 16
[AC2-Vlan-interface20] quit
# Create VLAN 200. AC 2 uses this VLAN to forward client data packets.
|
|
NOTE: After you execute configuration synchronization, VLAN 200 settings can be synchronized between ACs and do not require additional manual configuration. |
# Specify GigabitEthernet 1/0/1 that connects AC 2 to the core switch as a trunk port and assign the port to VLAN 20 and VLAN 200.
[AC2] interface gigabitethernet 1/0/1
[AC2-GigabitEthernet1/0/1] port link-type trunk
[AC2-GigabitEthernet1/0/1] port trunk permit vlan 20 200
[AC2-GigabitEthernet1/0/1] quit
2. Configure Layer 3 routing.
# Configure a static route to specify the IP address of the core switch as the next hop.
[AC2] ip route-static 0.0.0.0 0 10.1.1.3
3. Configure dual-link backup.
# Create AP group group1 and specify the IP address of the backup AC as 10.1.1.1. Keep the default setting for the AP connection priority.
[AC2] wlan ap-group group1
[AC2-wlan-ap-group-group1] backup-ac ip 10.1.1.1
[AC2-wlan-ap-group-group1] quit
4. Configure AP license synchronization.
# Configure AP license synchronization.
[AC2] wlan ap-license-group
[AC2-wlan-als-group] local ip 10.1.1.2
[AC2-wlan-als-group] member ip 10.1.1.1
[AC2-wlan-als-group] ap-license-synchronization enable
[AC2-wlan-als-group] quit
5. Configure a wireless service:
# The settings can be synchronized between ACs and do not require additional manual configuration.
6. Configure the AP.
# The settings can be synchronized between ACs and do not require additional manual configuration.
7. Configure AP grouping rules.
# The settings can be synchronized between ACs and do not require additional manual configuration.
8. Bind the wireless service.
# The settings can be synchronized between ACs and do not require additional manual configuration.
Configuring the core switch
1. Configure interfaces on the switch.
# Create VLAN 100 and VLAN 20, and assign IP addresses for the VLAN interfaces. The switch will use the interfaces to forward CAPWAP tunnel traffic between AC and AP.
<Core Switch> system-view
[Core Switch] vlan 100
[Core Switch-vlan100] quit
[Core Switch] interface vlan-interface 100
[Core Switch-Vlan-interface100] ip address 10.3.1.1 16
[Core Switch-Vlan-interface100] quit
[Core Switch] vlan 20
[Core Switch-vlan20] quit
[Core Switch] interface vlan-interface 20
[Core Switch-Vlan-interface20] ip address 10.1.1.3 16
[Core Switch-Vlan-interface20] quit
# Create VLAN 200 and specify an IP address for the VLAN interface. The client will use this VLAN to access the wireless network.
[Core Switch] vlan 200
[Core Switch-vlan200] quit
[Core Switch] interface vlan-interface 200
[Core Switch-Vlan-interface200] ip address 10.4.1.1 16
[Core Switch-Vlan-interface200] quit
# Specify GigabitEthernet 1/0/1 that connects the switch to AC 1 as a trunk port and assign the port to VLAN 20 and VLAN 200.
[Core Switch] interface gigabitethernet 1/0/1
[Core Switch-GigabitEthernet1/0/1] port link-type trunk
[Core Switch-GigabitEthernet1/0/1] port trunk permit vlan 20 200
[Core Switch-GigabitEthernet1/0/1] quit
# Specify GigabitEthernet 1/0/2 that connects the switch to AC 2 as a trunk port and assign the port to VLAN 20 and VLAN 200.
[Core Switch] interface gigabitethernet 1/0/2
[Core Switch-GigabitEthernet1/0/2] port link-type trunk
[Core Switch-GigabitEthernet1/0/2] port trunk permit vlan 20 200
[Core Switch-GigabitEthernet1/0/2] quit
# Specify GigabitEthernet 1/0/3 that connects the core switch to the access switch as a trunk port, assign the port to VLAN 100, and set the PVID to 100.
[Core Switch] interface gigabitethernet 1/0/3
[Core Switch-GigabitEthernet1/0/3] port link-type trunk
[Core Switch-GigabitEthernet1/0/3] port trunk permit vlan 100
[Core Switch-GigabitEthernet1/0/3] port trunk pvid vlan 100
[Core Switch-GigabitEthernet1/0/3] quit
2. Configuring the DHCP feature
# Create IP address pool 100 to allocate an address in subnet 10.3.0.0/16 to the AP, and specify the gateway address as 10.3.1.1.
[Core Switch] dhcp server ip-pool 100
[Core Switch-dhcp-pool-100] network 10.3.0.0 mask 255.255.0.0
[Core Switch-dhcp-pool-100] gateway-list 10.3.1.1
# Specify the hexadecimal IP addresses of AC 1 and AC 2 as the content of DHCP Option 43.
[Core Switch-dhcp-pool-100] option 43 hex 800b0000020a0101010a010102
[Core Switch-dhcp-pool-100] quit
# Create IP address pool 2 to allocate addresses in subnet 10.4.0.0/16 to the client. Specify the gateway address and the DNS server address. In this example, the DNS server address is the same as the gateway address.
[Core Switch] dhcp server ip-pool 2
[Core Switch-dhcp-pool-2] network 10.4.0.0 mask 255.255.0.0
[Core Switch-dhcp-pool-2] gateway-list 10.4.1.1
[Core Switch-dhcp-pool-2] dns-list 10.4.1.1
[Core Switch-dhcp-pool-2] quit
# Enable the DHCP server service.
[Core Switch] dhcp enable
3. Configure the core switch to connect to the external network.
# Create VLAN 400 and specify an IP address for the VLAN interface. The switch will use this interface to forward traffic to the external network.
[Core Switch] vlan 400
[Core Switch-vlan400] quit
[Core Switch] interface vlan-interface 400
[Core Switch-Vlan-interface400] ip address 10.10.1.1 16
[Core Switch-Vlan-interface400] quit
# Specify GigabitEthernet 1/0/4 that connects the switch to the external network as an access port, and assign the port to VLAN 400.
[Core Switch] interface gigabitethernet 1/0/4
[Core Switch-GigabitEthernet1/0/4] port link-type access
[Core Switch-GigabitEthernet1/0/4] port access vlan 400
[Core Switch-GigabitEthernet1/0/4] quit
# Configure a static route to specify the IP address of the router as the next hop.
[Core Switch] ip route-static 0.0.0.0 0 10.10.1.2
Configuring the access switch
# Create VLAN 100 for AP access.
<Access Switch> system-view
[Access Switch] vlan 100
[Access Switch-vlan100] quit
# Specify GigabitEthernet 1/0/1 that connects the access switch to the core switch as a trunk port, assign the port to VLAN 100, and set the PVID to 100.
[Access Switch] interface gigabitEthernet 1/0/1
[Access Switch-GigabitEthernet1/0/1] port link-type trunk
[Access Switch-GigabitEthernet1/0/1] port trunk permit vlan 100
[Access Switch-GigabitEthernet1/0/1] port trunk pvid vlan 100
[Access Switch-GigabitEthernet1/0/1] quit
# Specify GigabitEthernet 1/0/2 that connects the switch to the AP as an access port, and assign the port to VLAN 100.
[Access Switch] interface gigabitethernet 1/0/2
[Access Switch-GigabitEthernet1/0/2] port link-type access
[Access Switch-GigabitEthernet1/0/2] port access vlan 100
# Enable PoE on GigabitEthernet 1/0/2.
[Access Switch-GigabitEthernet1/0/2] poe enable
[Access Switch-GigabitEthernet1/0/2] quit
Verifying the configuration
1. On AC 1, execute the display wlan ap-license-group command to view the established AP license synchronization group. The total licenses in the group equal the sum of licenses on AC 1 and AC 2.
<AC1> display wlan ap-license-group
Group total licenses: 256
Group used licenses: 1
AP license synchronization: Enabled
Local IP: 10.1.1.1
Local role: Master
Member information: 1
IP address Total Used Member role State Online duration
10.1.1.2 0 0 Master UP 00hr 1min 51sec
2. On AC 1, execute the display wlan ap all command and verify that the AP status is R/M.
<AC1> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 384
Remaining APs: 383
Total AP licenses: 256
Local AP licenses: 256
Server AP licenses: 0
Remaining local AP licenses: 255
Sync AP licenses: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
Online time : Day:Hour:Minute:Second
AP name APID State Model Serial ID G
roup name Online time Clients Mode IP address
ap1 1 R/M WA6320 219801A28N819CE0002T group1 0:00:00:46 1 Fit 10.3.1.2
3. View client information on AC 1.
# Verify that the client has come online from radio 2.
<AC1> display wlan client
Total number of clients: 1
MAC address User name AP name R IP address VLAN
90b9-311a-bef6 N/A ap1 2 10.4.1.2 200
4. On AC 2, execute the display wlan ap all command. Verify that the AP status is R/M and the number of synchronized AP license seats is 256.
<AC2> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 384
Remaining APs: 383
Total AP licenses: 256
Local AP licenses: 256
Server AP licenses: 0
Remaining local AP licenses: 256
Sync AP licenses: 256
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
Online time : Day:Hour:Minute:Second
AP name APID State Model Serial ID G
roup name Online time Clients Mode IP address
ap1 1 R/B WA6320 219801A28N819CE0002T group1 0:00:00:56 1 Fit 10.3.1.2
5. To simulate an AC 1 failure, shut down VLAN-interface 20 on AC 1. Wait for a short time (depends on the CAPWAP tunnel keepalive interval, defaulting to 30 seconds). In centralized forwarding mode, network traffic may briefly disrupt. You can use the ping command to test it. The AP will then automatically switch over to AC 2 for registration. On AC 2, execute the display wlan ap all command. Verify that the AP status is R/M.
<AC2> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 384
Remaining APs: 383
Total AP licenses: 256
Local AP licenses: 256
Server AP licenses: 0
Remaining local AP licenses: 255
Sync AP licenses: 256
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
Online time : Day:Hour:Minute:Second
AP name APID State Model Serial ID G
roup name Online time Clients Mode IP address
ap1 1 R/M WA6320 219801A28N819CE0002T group1 0:00:30:46 1 Fit 10.3.1.2
6. Simulate AC 1 recovery. Bring up VLAN-interface 20 on AC 1. Due to CAPWAP tunnel preemption, the AP will reconnect to AC 1 after a while. Use the display wlan ap all command on AC 1 to verify that the AP status changes back to R/M. On AC 2, the AP status changes back to R/B.
Restrictions and guidelines
· Before using inter-AC configuration synchronization, set up a SmartMC network first.
· In dual-link backup networking, the model and software version must be consistent on both ACs.
· Use the serial ID labeled on the AP's rear panel to specify an AP.
· If you establish a CAPWAP tunnel manually, the AP names configured on both ACs must be completely identical, and the AP serial IDs or MAC addresses must be configured uniformly (both ACs must be configured with either serial IDs or MAC addresses).
· Before performing service configuration, install licenses on the AC first. As a best practice to simplify configuration and reduce costs, install licenses only on the master AC. The backup AC does not require installation. The AP license synchronization feature ensures that the backup AC can obtain licenses from the master AC.
· Before enabling the AP license synchronization function, you must configure the IP addresses of this AC and the member AC.
· In a dual-link networking setup, both ACs within the AP license synchronization group must be configured as master ACs, ensuring that the two ACs can mutually share licenses.
· In a dual-link backup networking environment with AP license synchronization enabled, if an AC is disconnected for more than 30 days, the AP licenses synchronized from that AC will become invalid on the other AC. At this time, newly connected APs on another AC will not be able to use the synchronized licenses, but already connected APs will not be forced offline.
Configuration example (for version R54xx)
|
|
NOTE: This section describes how to configure dual-link hot backup. If you only need dual link backup, ignore or delete the configurations related to AC failure detection and client persistence. |
Network configuration
As shown in Figure 12, the AP connects to AC 1 and AC 2 through the access switch and core switch, respectively. Follow these requirements:
· Use dual-link hot backup to protect the ACs with master/backup redundancy. Set AC 1 as the master device and AC 2 as the backup device. When AC 1 fails or undergoes a switchover, APs automatically switch to AC 2 to maintain service. Once AC 1 recovers, APs reconnect to it.
· Install the license only on AC 1, and configure AP license synchronization to let AC 2 share the license resources of AC 1.
· Configure the client to access the wireless network through VLAN 200.
· Connect the ACs and AP over a Layer 3 network. The AP automatically obtains the AC's IP address through the Option 43 parameter assigned by the DHCP Server, enabling Layer 3 registration and management.
|
|
NOTE: This configuration uses centralized forwarding as an example. The dual-link hot backup networking also applies to local forwarding mode. |
Network diagram
Configuring AC 1
1. Install licenses.
# Install licenses on AC 1. (Details not shown.)
2. Configure interfaces on AC 1.
# Create VLAN 20 and VLAN-interface 20, and set the IP address of VLAN-interface 20 to 10.1.1.1/16. APs will use this IP address to establish a CAPWAP tunnel with AC 1.
<AC1> system-view
[AC1] vlan 20
[AC1-vlan20] quit
[AC1] interface vlan-interface 20
[AC1-Vlan-interface20] ip address 10.1.1.1 16
[AC1-Vlan-interface20] quit
# Create VLAN 200. AC 1 uses this VLAN to forward client data packets.
[AC1] vlan 200
[AC1-vlan200] quit
# Specify GigabitEthernet 1/0/1 that connects AC 1 to the core switch as a trunk port and assign the port to VLAN 20 and VLAN 200.
[AC1] interface gigabitethernet 1/0/1
[AC1-GigabitEthernet1/0/1] port link-type trunk
[AC1-GigabitEthernet1/0/1] port trunk permit vlan 20 200
[AC1-GigabitEthernet1/0/1] quit
3. Configure Layer 3 routing.
# Configure a static route to specify the IP address of the core switch as the next hop.
[AC1] ip route-static 0.0.0.0 0 10.1.1.3
4. Configure dual-link backup.
# Create AP group group1 and set the AP connection priority to 7.
[AC1] wlan ap-group group1
[AC1-wlan-ap-group-group1] priority 7
# Specify the IP address of the backup AC as 10.1.1.2.
[AC1-wlan-ap-group-group1] backup-ac ip 10.1.1.2
# Configure CAPWAP tunnel preemption to allow APs to reconnect to the master AC after the AC recovers from a failure.
[AC1-wlan-ap-group-group1] wlan tunnel-preempt enable
[AC1-wlan-ap-group-group1] quit
5. Configure client persistence.
# Enable client persistence.
[AC1] wlan global-configuration
[AC1-wlan-global-configuration] client-persistence enable
# Configure client reconnection for client persistence. Configure the device to log off persistent clients in batches after a delay of 1 minute and log off all persistent clients within 40 minutes.
[AC1-wlan-global-configuration] client-persistence reconnect delay 1 period 40
[AC1-wlan-global-configuration] quit
6. Configure fault detection between ACs.
# Create fault detection policy aaa and enter its view. Specify the maximum number of consecutive lost fault detection packets between the master and backup ACs as 3 and set the keepalive interval to 1000 ms. You can adjust the fault detection parameters based on your actual environment.
[AC1] wlan fault-detection policy aaa
[AC1-wlan-fault-detection-policy-aaa] keepalive count 3
[AC1-wlan-fault-detection-policy-aaa] keepalive interval 1000
[AC1-wlan-fault-detection-policy-aaa] quit
# Apply fault detection policy aaa for redundant backup.
[AC1] wlan global-configuration
[AC1-wlan-global-configuration] redundant-backup fault-detection-policy aaa
[AC1-wlan-global-configuration] quit
7. Configure AP license synchronization.
# Configure AP license synchronization.
[AC1] wlan ap-license-group
[AC1-wlan-als-group] local ip 10.1.1.1
[AC1-wlan-als-group] member ip 10.1.1.2
[AC1-wlan-als-group] ap-license-synchronization enable
[AC1-wlan-als-group] quit
8. Configure wireless services.
# Create service template 1 and enter its view.
[AC1] wlan service-template 1
# Set the SSID to service.
[AC1-wlan-st-1] ssid service
# Configure wireless clients to join VLAN 200 after they come online.
[AC1-wlan-st-1] vlan 200
# Specify the authentication and key management mode as PSK and set the PSK key to plaintext string 12345678.
[AC1-wlan-st-1] akm mode psk
[AC1-wlan-st-1] preshared-key pass-phrase simple 12345678
# Specify the cipher suite as CCMP and the security IE as RSN.
[AC1-wlan-st-1] cipher-suite ccmp
[AC1-wlan-st-1] security-ie rsn
# Enable the wireless service template.
[AC1-wlan-st-1] service-template enable
[AC1-wlan-st-1] quit
9. Configure the AP.
# Create AP ap1, and specify the AP model and serial number.
[AC1] wlan ap ap1 model WA6320
[AC1-wlan-ap-ap1] serial-id 219801A28N819CE0002T
[AC1-wlan-ap-ap1] quit
10. Configure AP grouping rules.
# Configure an AP name-based grouping rule.
[AC1] wlan ap-group group1
[AC1-wlan-ap-group-group1] ap ap1
11. Bind the wireless service.
# Bind wireless service template 1 to radio 2 of APs in AP group group1.
[AC1-wlan-ap-group-group1] ap-model WA6320
[AC1-wlan-ap-group-group1-ap-model-WA6320] radio 2
[AC1-wlan-ap-group-group1-ap-model-WA6320-radio-2] service-template 1
# Enable radio 2.
[AC1-wlan-ap-group-group1-ap-model-WA6320-radio-2] radio enable
[AC1-wlan-ap-group-group1-ap-model-WA6320-radio-2] quit
[AC1-wlan-ap-group-group1-ap-model-WA6320] quit
[AC1-wlan-ap-group-group1] quit
Configuring AC 2
# Create VLAN 20 and VLAN-interface 20, and specify the IP address. APs will use this IP address to establish CAPWAP tunnels with AC 2.
<AC2> system-view
[AC2] vlan 20
[AC2-vlan20] quit
[AC2] interface Vlan-interface 20
[AC2-Vlan-interface20] ip address 10.1.1.2 16
[AC2-Vlan-interface20] quit
# Create VLAN 200. AC 2 will use this VLAN to forward wireless client data packets.
[AC2] vlan 200
[AC2-vlan200] quit
# Specify the link type of GigabitEthernet 1/0/1 that connects AC 2 to the core switch as trunk, and assign the port to VLAN 20 and VLAN 200.
[AC2] interface gigabitethernet 1/0/1
[AC2-GigabitEthernet1/0/1] port link-type trunk
[AC2-GigabitEthernet1/0/1] port trunk permit vlan 20 200
[AC2-GigabitEthernet1/0/1] quit
2. Configure a static route:
# Create a static route, and specify the next hop as the IP address of the core switch.
[AC2] ip route-static 0.0.0.0 0 10.1.1.3
3. Configure dual-link backup.
# Create AP group group1 and specify the IP address of the backup AC as 10.1.1.1. Keep the default setting for the AP connection priority.
[AC2] wlan ap-group group1
[AC2-wlan-ap-group-group1] backup-ac ip 10.1.1.1
[AC2-wlan-ap-group-group1] quit
4. Configure client persistence.
# Enable client persistence.
[AC2] wlan global-configuration
[AC2-wlan-global-configuration] client-persistence enable
# Configure client reconnection for client persistence. Configure the device to log off persistent clients in batches after a delay of 1 minute and log off all persistent clients within 40 minutes.
[AC2-wlan-global-configuration] client-persistence reconnect delay 1 period 40
[AC2-wlan-global-configuration] quit
5. Configure fault detection between ACs:
# Create fault detection policy aaa and enter its view. Specify the maximum number of consecutive lost fault detection packets between the master and backup ACs as 3 and set the keepalive interval to 1000 ms. You can adjust the fault detection parameters based on your actual environment.
[AC2] wlan fault-detection policy aaa
[AC2-wlan-fault-detection-policy-aaa] keepalive count 3
[AC2-wlan-fault-detection-policy-aaa] keepalive interval 1000
[AC2-wlan-fault-detection-policy-aaa] quit
# Apply fault detection policy aaa for redundant backup.
[AC2] wlan global-configuration
[AC2-wlan-global-configuration] redundant-backup fault-detection-policy aaa
[AC2-wlan-global-configuration] quit
6. Configure AP license synchronization.
# Configure AP license synchronization.
[AC2] wlan ap-license-group
[AC2-wlan-als-group] local ip 10.1.1.2
[AC2-wlan-als-group] member ip 10.1.1.1
[AC2-wlan-als-group] ap-license-synchronization enable
[AC2-wlan-als-group] quit
7. Configure wireless services.
# Create service template 1 and enter its view.
[AC2] wlan service-template 1
# Specify the SSID as service.
[AC2-wlan-st-1] ssid service
# Specify VLAN 200 for the service template, so that wireless clients can join the VLAN automatically after coming online.
[AC2-wlan-st-1] vlan 200
# Specify the AKM mode as PSK and specify the plaintext string password as 12345678.
[AC2-wlan-st-1] akm mode psk
[AC2-wlan-st-1] preshared-key pass-phrase simple 12345678
# Set the cipher suite to CCMP and security IE to RSN.
[AC2-wlan-st-1] cipher-suite ccmp
[AC2-wlan-st-1] security-ie rsn
# Enable the service template.
[AC2-wlan-st-1] service-template enable
[AC2-wlan-st-1] quit
8. Configure a manual AP:
# Create AP ap1, and specify the AP model and serial ID.
[AC2] wlan ap ap1 model WA6320
[AC2-wlan-ap-ap1] serial-id 219801A28N819CE0002T
[AC2-wlan-ap-ap1] quit
9. Configure AP grouping.
# Create an AP name-based grouping rule.
[AC2] wlan ap-group group1
[AC2-wlan-ap-group-group1] ap ap1
10. Bind the wireless service to a radio.
# Bind service template 1 to radio 2 in AP group group1.
[AC2-wlan-ap-group-group1] ap-model WA6320
[AC2-wlan-ap-group-group1-ap-model-WA6320] radio 2
[AC2-wlan-ap-group-group1-ap-model-WA6320-radio-2] service-template 1
# Enable radio 2.
[AC2-wlan-ap-group-group1-ap-model-WA6320-radio-2] radio enable
[AC2-wlan-ap-group-group1-ap-model-WA6320-radio-2] quit
[AC2-wlan-ap-group-group1-ap-model-WA6320] quit
[AC2-wlan-ap-group-group1] quit
Configuring the core switch
1. Configure interfaces on the switch.
# Create VLAN 100 and VLAN 20, and assign IP addresses for the VLAN interfaces. The switch will use the interfaces to forward CAPWAP tunnel traffic between AC and AP.
<Core Switch> system-view
[Core Switch] vlan 100
[Core Switch-vlan100] quit
[Core Switch] interface vlan-interface 100
[Core Switch-Vlan-interface100] ip address 10.3.1.1 16
[Core Switch-Vlan-interface100] quit
[Core Switch] vlan 20
[Core Switch-vlan20] quit
[Core Switch] interface vlan-interface 20
[Core Switch-Vlan-interface20] ip address 10.1.1.3 16
[Core Switch-Vlan-interface20] quit
# Create VLAN 200 and specify an IP address for the VLAN interface. The client will use this VLAN to access the wireless network.
[Core Switch] vlan 200
[Core Switch-vlan200] quit
[Core Switch] interface vlan-interface 200
[Core Switch-Vlan-interface200] ip address 10.4.1.1 16
[Core Switch-Vlan-interface200] quit
# Specify GigabitEthernet 1/0/1 that connects the switch to AC 1 as a trunk port and assign the port to VLAN 20 and VLAN 200.
[Core Switch] interface gigabitethernet 1/0/1
[Core Switch-GigabitEthernet1/0/1] port link-type trunk
[Core Switch-GigabitEthernet1/0/1] port trunk permit vlan 20 200
[Core Switch-GigabitEthernet1/0/1] quit
# Specify GigabitEthernet 1/0/2 that connects the switch to AC 2 as a trunk port and assign the port to VLAN 20 and VLAN 200.
[Core Switch] interface gigabitethernet 1/0/2
[Core Switch-GigabitEthernet1/0/2] port link-type trunk
[Core Switch-GigabitEthernet1/0/2] port trunk permit vlan 20 200
[Core Switch-GigabitEthernet1/0/2] quit
# Specify GigabitEthernet 1/0/3 that connects the core switch to the access switch as a trunk port, assign the port to VLAN 100, and set the PVID to 100.
[Core Switch] interface gigabitethernet 1/0/3
[Core Switch-GigabitEthernet1/0/3] port link-type trunk
[Core Switch-GigabitEthernet1/0/3] port trunk permit vlan 100
[Core Switch-GigabitEthernet1/0/3] port trunk pvid vlan 100
[Core Switch-GigabitEthernet1/0/3] quit
2. Configure the DHCP service:
# Create IP address pool 100 to allocate an address in subnet 10.3.0.0/16 to the AP, and specify the gateway address as 10.3.1.1.
[Core Switch] dhcp server ip-pool 100
[Core Switch-dhcp-pool-100] network 10.3.0.0 mask 255.255.0.0
[Core Switch-dhcp-pool-100] gateway-list 10.3.1.1
# Specify the hexadecimal IP addresses of AC 1 and AC 2 as the content of DHCP Option 43.
[Core Switch-dhcp-pool-100] option 43 hex 800b0000020a0101010a010102
[Core Switch-dhcp-pool-100] quit
# Create IP address pool 2 to allocate addresses in subnet 10.4.0.0/16 to the client. Specify the gateway address and the DNS server address. In this example, the DNS server address is the same as the gateway address.
[Core Switch] dhcp server ip-pool 2
[Core Switch-dhcp-pool-2] network 10.4.0.0 mask 255.255.0.0
[Core Switch-dhcp-pool-2] gateway-list 10.4.1.1
[Core Switch-dhcp-pool-2] dns-list 10.4.1.1
[Core Switch-dhcp-pool-2] quit
# Enable the DHCP server service.
[Core Switch] dhcp enable
3. Configure the core switch to connect to the external network.
# Create VLAN 400 and specify an IP address for the VLAN interface. The switch will use this interface to forward traffic to the external network.
[Core Switch] vlan 400
[Core Switch-vlan400] quit
[Core Switch] interface vlan-interface 400
[Core Switch-Vlan-interface400] ip address 10.10.1.1 16
[Core Switch-Vlan-interface400] quit
# Specify GigabitEthernet 1/0/4 that connects the switch to the external network as an access port, and assign the port to VLAN 400.
[Core Switch] interface gigabitethernet 1/0/4
[Core Switch-GigabitEthernet1/0/4] port link-type access
[Core Switch-GigabitEthernet1/0/4] port access vlan 400
[Core Switch-GigabitEthernet1/0/4] quit
# Configure a static route to specify the IP address of the router as the next hop.
[Core Switch] ip route-static 0.0.0.0 0 10.10.1.2
Configuring the access switch
# Create VLAN 100 for AP access.
<Access Switch> system-view
[Access Switch] vlan 100
[Access Switch-vlan100] quit
# Specify GigabitEthernet 1/0/1 that connects the access switch to the core switch as a trunk port, assign the port to VLAN 100, and set the PVID to 100.
[Access Switch] interface gigabitethernet 1/0/1
[Access Switch-GigabitEthernet1/0/1] port link-type trunk
[Access Switch-GigabitEthernet1/0/1] port trunk permit vlan 100
[Access Switch-GigabitEthernet1/0/1] port trunk pvid vlan 100
[Access Switch-GigabitEthernet1/0/1] quit
# Specify GigabitEthernet 1/0/2 that connects the switch to the AP as an access port, and assign the port to VLAN 100.
[Access Switch] interface gigabitethernet 1/0/2
[Access Switch-GigabitEthernet1/0/2] port link-type access
[Access Switch-GigabitEthernet1/0/2] port access vlan 100
# Enable PoE on GigabitEthernet 1/0/2.
[Access Switch-GigabitEthernet1/0/2] poe enable
[Access Switch-GigabitEthernet1/0/2] quit
Verifying the configuration
1. On AC 1, execute the display wlan ap-license-group command to view the established AP license synchronization group. The total licenses in the group equal the sum of licenses on AC 1 and AC 2.
<AC1> display wlan ap-license-group
Group total licenses: 256
Group used licenses: 1
AP license synchronization: Enabled
Local IP: 10.1.1.1
Local role: Master
Member information: 1
IP address Total Used Member role State Online duration
10.1.1.2 0 0 Master UP 00hr 1min 51sec
2. On AC 1, execute the display wlan ap all command and verify that the AP status is R/M.
<AC1> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 384
Remaining APs: 383
Total AP licenses: 256
Local AP licenses: 256
Server AP licenses: 0
Remaining local AP licenses: 255
Sync AP licenses: 0
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
Online time : Day:Hour:Minute:Second
AP name APID State Model Serial ID G
roup name Online time Clients Mode IP address
ap1 1 R/M WA6320 219801A28N819CE0002T group1 0:00:00:46 1 Fit 10.3.1.2
3. View client information on AC 1.
# Verify that the client has come online from radio 2.
<AC1> display wlan client
Total number of clients: 1
MAC address User name AP name R IP address VLAN
90b9-311a-bef6 N/A ap1 2 10.4.1.2 200
4. On AC 2, execute the display wlan ap all command. Verify that the AP status is R/M and the number of synchronized AP license seats is 256.
<AC2> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 384
Remaining APs: 383
Total AP licenses: 256
Local AP licenses: 256
Server AP licenses: 0
Remaining local AP licenses: 256
Sync AP licenses: 256
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
Online time : Day:Hour:Minute:Second
AP name APID State Model Serial ID G
roup name Online time Clients Mode IP address
ap1 1 R/B WA6320 219801A28N819CE0002T group1 0:00:00:56 1 Fit 10.3.1.2
5. On AC 2, execute the display wlan persistent-client command, and view information about persistent clients.
<AC2> display wlan persistent-client
Total number of persistent clients: 1
Reset Interval: N/A
Remain Time: N/A
MAC address APID RadioID AID BSSID
90b9-311a-bef6 1 2 1 6c87-2023-bd24
6. To simulate an AC 1 failure, shut down VLAN-interface 20 on AC 1. Wait for a short time (about 3 seconds, depending on the failure detection cycle between ACs). In centralized forwarding mode, network traffic may briefly disrupt. You can use the ping command to test it. The AP will then automatically switch over to AC 2 for registration. On AC 2, execute the display wlan ap all command. Verify that the AP status is R/M.
<AC2> display wlan ap all
Total number of APs: 1
Total number of connected APs: 1
Total number of connected manual APs: 1
Total number of connected auto APs: 0
Total number of connected common APs: 1
Total number of connected WTUs: 0
Total number of inside APs: 0
Maximum supported APs: 384
Remaining APs: 383
Total AP licenses: 256
Local AP licenses: 256
Server AP licenses: 0
Remaining local AP licenses: 255
Sync AP licenses: 256
AP information
State : I = Idle, J = Join, JA = JoinAck, IL = ImageLoad
C = Config, DC = DataCheck, R = Run, M = Master, B = Backup
Online time : Day:Hour:Minute:Second
AP name APID State Model Serial ID G
roup name Online time Clients Mode IP address
ap1 1 R/M WA6320 219801A28N819CE0002T group1 0:00:30:46 1 Fit 10.3.1.2
7. Simulate AC 1 recovery. Bring up VLAN-interface 20 on AC 1. Due to CAPWAP tunnel preemption, the AP will reconnect to AC 1 after a while. Use the display wlan ap all command on AC 1 to verify that the AP status changes back to R/M. On AC 2, the AP status changes back to R/B.
Restrictions and guidelines
· In a dual-link hot backup network, make sure the ACs have the same model and software version.
· Use the serial ID labeled on the AP's rear panel to specify an AP.
· Before configuring services, install licenses on the AC first. In a dual-link network, install the licenses only on the master AC and do not install licenses on the backup AC. The backup AC will synchronize AP licenses from the master AC to ensure license availability if the master AC fails.
· To successfully enable AP license synchronization, first configure the IP addresses of both ACs, and then enable synchronization feature.
· In a dual-link networking setup, configure both ACs in the AP license synchronization group as master ACs, ensuring the two ACs can share licenses.
· In a dual-link hot backup and AP license synchronization network, if an AC disconnects for over 30 days, its shared AP licenses become invalid on the other AC. Newly connected APs on the other AC cannot use the shared AP licenses, but existing APs remain online.
· In local forwarding mode, to use client persistence with portal authentication, enable MAC-trigger fast authentication to achieve seamless portal authentication. In centralized forwarding mode, to use client persistence with portal authentication, use remote MAC and remote portal to achieve seamless portal authentication.
Device models recommended by the application solution
The table below describes the wireless controllers recommended for dual-link backup and AP license synchronization.
|
Product series |
Software version |
|
WX2800X series |
R5819P14 and later versions |
|
WX5800X series |
R5489P02 and later versions |
|
WSG1800X |
R5819P14 and later versions |
Appendixes
Appendix A AC configuration synchronization
As a best practice to ensure configuration consistency on both ACs in a dual-link scenario, configure the TM-role AC first. Then, synchronize these settings to the TC-role AC.
The configurations that can be synchronized include those in AP view, AP group view, global configuration view, radio view, an AP group's radio view, and wireless service template view, as well as access authentication-related settings.
|
|
NOTE: As software versions continue to upgrade, synchronizable configuration items will also keep iterating and updating. Check the device specifications to confirm which configurations you can synchronize. |
Table 1 Synchronizable configurations
|
View |
Command |
Description |
Remarks |
|
System view |
wlan global-configuration |
Use this command to enter global configuration view. |
Executing the command enters the view. Commands in this view and its subviews will be synchronized, except the following: · control-address { ip ipv4-address | ipv6 ipv6-address } · priority priority · backup-ac { ip ipv4-address | ipv6 ipv6-address } · portal { bas-ip ipv4-address | bas-ipv6 ipv6-address } · nas-id nas-identifier · nas-port-id nas-port-id · nas-ip { ipv4-address | ipv6 ipv6-address } |
|
wlan ap |
Use this command to manually create an AP and enter its view. If the specified AP already exists, the command enters the AP view directly. |
||
|
wlan ap-group |
Use this command to create an AP group and enter its view. If the specified AP group already exists, the command enters the AP group view directly. |
||
|
wlan service-template |
Use this command to create a wireless service template and enter its view. If the specified wireless service template already exists, the command enters its view directly. |
||
|
user-profile |
Use this command to create a user profile and enter its view. If the specified user profile already exists, the command enters the user profile view directly. |
||
|
configuration profile |
Use this command to create a configuration profile, specify the AP model, and enter the profile view. If the specified configuration profile already exists, the command enters the configuration profile view directly. |
||
|
wlan accounting-policy |
Use this command to create an accounting policy and enter its view. If the specified accounting policy already exists, the command enters the accounting policy view directly. |
||
|
radius dynamic-author server |
Use this command to enable the RADIUS DAE service and enter RADIUS DAS view. |
||
|
radius scheme |
Use this command to create a RADIUS scheme and enter its view. If the specified RADIUS scheme already exists, the command enters its view directly. |
||
|
vlan-group |
Use this command to create a VLAN group and enter its view. If the specified VLAN group already exists, the command enters its view directly. |
||
|
vlan |
Use this command to create a VLAN and enter its view. If the specified VLAN already exists, the command enters its view directly. |
||
|
portal server |
Use this command to create a portal authentication server and enter its view. If the specified portal authentication server already exists, the command enters its view directly. |
||
|
domain |
Use this command to create an ISP domain and enter its view. If the specified ISP domain already exists, the command enters its view directly. |
||
|
eap-profile |
Use this command to create an EAP authentication profile and enter its view. If the specified EAP authentication profile already exists, the command enters its view directly. |
||
|
portal local-web-server |
Use this command to enable the local portal service and enter HTTP/HTTPS-based local portal Web service view. |
||
|
portal extend-auth-server |
Use this command to create a third-party authentication server and enter its view. If the specified third-party authentication server already exists, the command enters its view directly. |
||
|
portal mac-trigger-server |
Use this command to create a MAC binding server and enter its view. If the specified MAC binding server already exists, the command enters its view directly. |
||
|
System view |
acl logging interval |
Use this command to enable logging for packet filtering and set the interval. |
N/A |
|
acl trap interval |
Use this command to enable SNMP notifications for packet filtering and set the interval. |
||
|
wlan nas-port-id format |
Use this command to configure the NAS-Port-ID attribute format for wireless clients. |
||
|
radius session-control enable |
Use this command to enable RADIUS session control. |
||
|
port-security enable |
Use this command to enable port security. |
||
|
wlan client-security authentication clear-previous-connection |
Use this command to enable the function that clears old connections when authenticated clients reconnect. |
||
|
wlan authentication optimization |
Use this command to configure optimization parameters for authentication success rate and abnormal offline rate for 802.1X authentication, MAC authentication, and Layer 2 portal authentication. |
||
|
wlan password-failure-limit enable |
Use this command to enable password failure limit. |
||
|
dot1x authentication-method |
Use this command to configure the 802.1X authentication method. |
||
|
dot1x domain-delimiter |
Use this command to configure the domain name delimiter for 802.1X. |
||
|
dot1x retry |
Use this command to set the maximum number of attempts for sending an authentication request to a client. |
||
|
dot1x timer |
Use this command to configure 802.1X timer parameters. |
||
|
domain default enable |
Use this command to configure the default ISP domain. All users who log in without specifying an ISP domain belong to this domain. |
||
|
domain if-unknown |
Use this command to assign an ISP domain to users with unknown domain names. |
||
|
mac-authentication access-user log enable |
Use this command to enable logging for MAC authentication users. |
||
|
mac-authentication authentication-method |
Use this command to configure the authentication method for MAC authentication. |
||
|
mac-authentication timer |
Use this command to configure MAC authentication timer parameters. |
||
|
mac-authentication user-name-format |
Use this command to configure the account format for MAC authentication users. |
||
|
dns server |
Use this command to configure the IPv4 address of a domain name server. |
||
|
dns snooping enable |
Use this command to enable DNS snooping. |