- Table of Contents
-
- 12-WLAN advanced features
- 01-WLAN Probe Configuration Examples
- 02-Multicast Optimization Configuration Examples
- 03-Client Rate Limiting Configuration Examples
- 04-Inter-AC Roaming Configuration Examples
- 05-Inter-AC Roaming (IPv6) Configuration Examples
- 06-WLAN Load Balancing Configuration Examples
- 07-Static Blacklist Configuration Examples
- 08-Client Quantity Control Configuration Examples
- 09-AP License Synchronization Configuration Examples
- 10-EVI Tunneling Configuration Examples
- 11-BLE Module iBeacon Transmission Configuration Examples
- 12-Medical RFID Tag Management Configuration Examples
- 13-iBeacon Management Configuration Examples
- 14-Mesh Link Establishment Between a Fit AP and a Fat AP Configuration Examples
- 15-Mesh Link Establishment Between Fit APs Configuration Examples
- 16-Auto-DFS and Auto-TPC Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 10-EVI Tunneling Configuration Examples | 92.01 KB |
|
H3C Access Controllers |
|
Comware 7 EVI Tunneling |
|
Configuration Examples |
Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Introduction
The following information provides examples for setting up Ethernet Virtual Interconnect (EVI) tunnels between ACs.
EVI is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency.
EVI enables ACs to forward all traffic sent to or from wireless clients over EVI tunnels to specified network resources. The wireless clients cannot access the internal resources of an enterprise, which ensures security of the internal resources.
Prerequisites
This document applies to Comware 7-based ACs and APs. Procedures and information in the examples might be slightly different depending on the software or hardware version of the ACs and APs.
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of EVI and WLAN access.
Example: Setting up EVI tunnels between ACs
Network configuration
As shown in Figure 1, configure the devices as follows:
· Configure AC 1 and AC 2 as DHCP server to assign IP addresses to the AP and client.
· Set up an EVI tunnel between the ACs for the client to access the internal resources attached to AC 2.
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
AC 1 |
Vlan-int100 |
192.1.0.1/16 |
AC 2 |
Vlan-int100 |
192.1.0.3/16 |
|
|
Vlan-int200 |
192.2.0.1/16 |
|
Vlan-int200 |
192.2.0.2/16 |
|
Switch |
Vlan-int30 |
192.3.0.2/16 |
|
Vlan-int40 |
192.4.0.1/16 |
|
|
Vlan-int40 |
192.4.0.2/16 |
|
|
|
Restrictions and guidelines
When you configure the devices, follow these restrictions and guidelines:
· Use the serial ID labeled on the AP's rear panel to specify an AP.
· Assign the switch's interfaces attached to the ACs to different default VLANs.
Procedures
Configuring AC 1
1. Configure the interfaces of AC 1:
# Set the link type to access for GigabitEthernet 1/0/1 that connects AC 1 to the AP, and assign GigabitEthernet 1/0/1 to VLAN 100.
<AC1> system-view
[AC1] interface gigabitethernet 1/0/1
[AC1-GigabitEthernet1/0/1] port link-type access
[AC1-GigabitEthernet1/0/1] port access vlan 100
[AC1-GigabitEthernet1/0/1] quit
# Set the link type to access for GigabitEthernet 1/0/2 that connects AC 1 to the switch, and assign GigabitEthernet 1/0/2 to VLAN 30.
[AC1] interface gigabitethernet 1/0/2
[AC1-GigabitEthernet1/0/2] port link-type access
[AC1-GigabitEthernet1/0/2] port access vlan 30
[AC1-GigabitEthernet1/0/2] quit
# Create VLAN 100 and VLAN-interface 100, and assign IP address 192.1.0.1/16 to the interface. The AP will set up a CAPWAP tunnel to this IP address with AC 1.
[AC1] vlan 100
[AC1-vlan100] quit
[AC1] interface vlan-interface 100
[AC1-Vlan-interface100] ip address 192.1.0.1 16
[AC1-Vlan-interface100] quit
# Create VLAN 200 and VLAN-interface 200, and assign IP address 192.2.0.1/16 to the interface. AC 1 will use this IP address to forward traffic of the wireless client.
[AC1] vlan 200
[AC1-vlan200] quit
[AC1] interface vlan-interface 200
[AC1-Vlan-interface200] ip address 192.2.0.1 16
[AC1-Vlan-interface200] quit
# Create VLAN 30 and VLAN-interface 30, and assign IP address 192.3.0.1/16 to the interface. AC 1 will use this IP address to set up an EVI tunnel with AC 2.
[AC1] vlan 30
[AC1-vlan30] quit
[AC1] interface vlan-interface 30
[AC1-Vlan-interface30] ip address 192.3.0.1 16
[AC1-Vlan-interface30] quit
2. Configure the DHCP server:
# Enable DHCP server.
[AC1] dhcp enable
# Create IP pool 100, specify subnet 192.1.0.0/16 for dynamic allocation for the AP, and specify the gateway address as 192.1.0.1.
[AC1] dhcp server ip-pool 100
[AC1-dhcp-pool-100] network 192.1.0.0 16
[AC1-dhcp-pool-100] gateway-list 192.1.0.1
[AC1-dhcp-pool-100] quit
3. Configure wireless services:
# Create service template 1 and enter its view.
[AC1] wlan service-template 1
# Configure the SSID as office.
[AC1-wlan-st-1] ssid office
# Assign clients coming online through service template 1 to VLAN 200.
[AC1-wlan-st-1] vlan 200
# Enable the service template.
[AC1-wlan-st-1] service-template enable
[AC1-wlan-st-1] quit
4. Configure the AP:
# Create manual AP officeap, and specify the AP model and serial ID.
[AC1] wlan ap officeap model WA4320i-ACN
[AC1-wlan-ap-officeap] serial-id 210235A1GQC152001076
# Bind service template 1 to radio 2, and enable radio 2.
[AC1-wlan-ap-officeap] radio 2
[AC1-wlan-ap-officeap-radio-2] service-template 1
[AC1-wlan-ap-officeap-radio-2] radio enable
[AC1-wlan-ap-officeap-radio-2] quit
[AC1-wlan-ap-officeap] quit
5. Set up an EVI tunnel:
# Create an IPv4 EVI tunnel interface.
[AC1] interface tunnel 0 mode evi
# Specify the source IP of the EVI tunnel as 192.3.0.1.
[AC1-Tunnel0] source 192.3.0.1
# Set the network ID to 1 for the EVI tunnel interface.
[AC1-Tunnel0] evi network-id 1
# Specify extended VLAN 200 on the EVI tunnel interface.
[AC1-Tunnel0] evi extend-vlan 200
# Configure AC 1 as an ENDS on the EVI tunnel interface.
[AC1-Tunnel0] evi neighbor-discovery server enable
[AC1-Tunnel0] quit
# Enable EVI on GigabitEthernet 1/0/2.
[AC1] interface gigabitethernet 1/0/2
[AC1-GigabitEthernet1/0/2] evi enable
[AC1-GigabitEthernet1/0/2] quit
6. Configure static routing:
# Configure a static route for subnet 192.4.0.0/16, and specify the next hop as the switch.
[AC1] ip route-static 192.4.0.0 16 192.3.0.2
Configuring AC 2
1. Configure the interfaces of AC 2:
# Set the link type to access for GigabitEthernet 1/0/1 that connects AC 2 to the server, and assign GigabitEthernet 1/0/1 to VLAN 200.
<AC2> system-view
[AC2] interface gigabitethernet 1/0/1
[AC2-GigabitEthernet1/0/1] port link-type access
[AC2-GigabitEthernet1/0/1] port access vlan 200
[AC2-GigabitEthernet1/0/1] quit
# Set the link type to access for GigabitEthernet 1/0/2 that connects AC 2 to the switch, and assign GigabitEthernet 1/0/2 to VLAN 40.
[AC2] interface gigabitethernet 1/0/2
[AC2-GigabitEthernet1/0/2] port link-type access
[AC2-GigabitEthernet1/0/2] port access vlan 40
[AC2-GigabitEthernet1/0/2] quit
# Create VLAN 200 and VLAN-interface 200, and assign IP address 192.2.0.2/16 to the interface. AC 2 will use this IP address to forward traffic of the wireless client.
[AC2] vlan 200
[AC2-vlan200] quit
[AC2] interface vlan-interface 200
[AC2-Vlan-interface200] ip address 192.2.0.2 16
[AC2-Vlan-interface200] quit
# Create VLAN 40 and VLAN-interface 40, and assign IP address 192.4.0.1/16 to the interface. AC 2 will use this IP address to set up an EVI tunnel with AC 1.
[AC2] vlan 40
[AC2-vlan40] quit
[AC2] interface vlan-interface 40
[AC2-Vlan-interface40] ip address 192.4.0.1 16
[AC2-Vlan-interface40] quit
2. Configure the DHCP server:
# Enable DHCP server.
[AC2] dhcp enable
# Create IP pool 200, specify subnet 192.2.0.0/16 for dynamic allocation for the wireless client, exclude 192.2.0.1, 192.2.0.2, and 192.2.0.3 from dynamic allocation, and specify the gateway address as 192.2.0.2.
[AC2] dhcp server ip-pool 200
[AC2-dhcp-pool-200] network 192.2.0.0 16
[AC2-dhcp-pool-200] forbidden-ip 192.2.0.1 192.2.0.3
[AC2-dhcp-pool-200] gateway-list 192.2.0.2
[AC2-dhcp-pool-200] quit
3. Set up an EVI tunnel:
# Create an IPv4 EVI tunnel interface.
[AC2] interface tunnel 0 mode evi
# Specify the source IP of the EVI tunnel as 192.4.0.1.
[AC2-Tunnel0] source 192.4.0.1
# Set the network ID to 1 for the EVI tunnel interface.
[AC2-Tunnel0] evi network-id 1
# Specify extended VLAN 200 on the EVI tunnel interface.
[AC2-Tunnel0] evi extend-vlan 200
# Configure AC 2 as an ENDC of AC 1.
[AC2-Tunnel0] evi neighbor-discovery client enable 192.3.0.1
[AC2-Tunnel0] quit
# Enable EVI on GigabitEthernet 1/0/2.
[AC2] interface gigabitethernet 1/0/2
[AC2-GigabitEthernet1/0/2] evi enable
[AC2-GigabitEthernet1/0/2] quit
4. Configure static routing:
# Configure a static route for subnet 192.3.0.0/16, and specify the next hop as the switch.
[AC2] ip route-static 192.3.0.0 16 192.4.0.2
Configuring the switch
# Create VLAN 30 and VLAN-interface 30, and assign IP address 192.3.0.2/16 to the interface. The switch will use this IP address to forward EVI traffic from AC 1.
[Switch] vlan 30
[Switch-vlan30] quit
[Switch] interface vlan-interface 30
[Switch-Vlan-interface30] ip address 192.3.0.2 16
[Switch-Vlan-interface30] quit
# Create VLAN 40 and VLAN-interface 40, and assign IP address 192.4.0.2/16 to the interface. The switch will use this IP address to forward EVI traffic from AC 2.
[Switch] vlan 40
[Switch-vlan40] quit
[Switch] interface vlan-interface 40
[Switch-Vlan-interface40] ip address 192.4.0.2 16
[Switch-Vlan-interface40] quit
# Assign GigabitEthernet 1/0/1 connected to AC 1 to VLAN 30.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port access vlan 30
[Switch-GigabitEthernet1/0/1] quit
# Assign GigabitEthernet 1/0/2 connected to AC 2 to VLAN 40.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port access vlan 40
[Switch-GigabitEthernet1/0/2] quit
Verifying the configuration
1. Verify the configuration on AC 1:
# Verify that the EVI tunnel interface is up.
[AC1] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmit unit: 64000
Internet protocol processing: Disabled
Tunnel source 192.3.0.1
Tunnel keepalive enabled, Period(5 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the EVI link to AC 2 is up.
[AC1] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 192.3.0.1 192.4.0.1
2. Verify the configuration on AC 2:
# Verify that the EVI tunnel interface is up.
[AC2] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmit unit: 64000
Internet protocol processing: Disabled
Tunnel source 192.4.0.1
Tunnel keepalive enabled, Period(5 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Verify that the EVI link to AC 1 is up.
[AC2] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 192.4.0.1 192.3.0.1
3. Verify that the wireless client can obtain an IP address in VLAN 200 and access the internal resources attached to AC 2. (Details not shown.)
Configuration files
· AC 1:
#
dhcp enable
#
vlan 30
#
vlan 100
#
vlan 200
#
dhcp server ip-pool vlan100
gateway-list 192.1.0.1
network 192.1.0.0 mask 255.255.0.0
#
wlan service-template 1
ssid office
vlan 200
service-template enable
#
interface Vlan-interface30
ip address 192.3.0.1 255.255.0.0
#
interface Vlan-interface100
ip address 192.1.0.1 255.255.0.0
#
interface Vlan-interface200
ip address 192.2.0.1 255.255.0.0
#
interface GigabitEthernet1/0/1
port access vlan 100
#
interface GigabitEthernet1/0/2
port access vlan 30
evi enable
#
ip route-static 192.4.0.0 16 192.3.0.2
#
wlan ap officeap model WA4320i-ACN
serial-id 210235A1GQC152001076
radio 1
radio 2
radio enable
service-template 1
#
interface tunnel 0 mode evi
source 192.3.0.1
evi network-id 1
evi extend-vlan 200
evi neighbor-discovery server enable
#
· AC 2:
#
dhcp enable
#
vlan 40
#
vlan 200
#
dhcp server ip-pool vlan200
gateway-list 192.2.0.2
network 192.2.0.0 mask 255.255.0.0
forbidden-ip 192.2.0.1
forbidden-ip 192.2.0.3
#
interface Vlan-interface40
ip address 192.4.0.1 255.255.0.0
#
interface Vlan-interface200
ip address 192.2.0.2 255.255.0.0
#
interface GigabitEthernet1/0/1
port access vlan 200
#
interface GigabitEthernet1/0/2
port access vlan 40
evi enable
#
ip route-static 192.3.0.0 16 192.4.0.2
#
interface tunnel 0 mode evi
source 192.4.0.1
evi network-id 1
evi extend-vlan 200
evi neighbor-discovery client enable 192.3.0.1
#
· Switch:
#
vlan 30
#
vlan 40
#
interface Vlan-interface30
ip address 192.3.0.2 255.255.0.0
#
interface Vlan-interface40
ip address 192.4.0.2 255.255.0.0
#
interface GigabitEthernet1/0/1
port access vlan 30
#
interface GigabitEthernet1/0/2
port access vlan 40
#
Related documentation
· EVI Command Reference in H3C Access Controllers Command References
· EVI Configuration Guide in H3C Access Controllers Configuration Guides
· WLAN Access Command Reference in H3C Access Controllers Command References
· WLAN Access Configuration Guide in H3C Access Controllers Configuration Guides
