H3C Access Controllers
Comware 7 EVI Tunneling
Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contents

Introduction· 1

Prerequisites· 1

Example: Setting up EVI tunnels between ACs· 1

Network configuration· 1

Restrictions and guidelines· 2

Procedures· 2

Configuring AC 1· 2

Configuring AC 2· 4

Configuring the switch· 5

Verifying the configuration· 6

Configuration files· 7

Related documentation· 9

 

Introduction

The following information provides examples for setting up Ethernet Virtual Interconnect (EVI) tunnels between ACs.

EVI is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency.

EVI enables ACs to forward all traffic sent to or from wireless clients over EVI tunnels to specified network resources. The wireless clients cannot access the internal resources of an enterprise, which ensures security of the internal resources.

Prerequisites

This document applies to Comware 7-based ACs and APs. Procedures and information in the examples might be slightly different depending on the software or hardware version of the ACs and APs.

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of EVI and WLAN access.

Example: Setting up EVI tunnels between ACs

Network configuration

As shown in Figure 1, configure the devices as follows:

·     Configure AC 1 and AC 2 as DHCP server to assign IP addresses to the AP and client.

·     Set up an EVI tunnel between the ACs for the client to access the internal resources attached to AC 2.

Figure 1 Network diagram

 

Device	Interface	IP address	Device	Interface	IP address
AC 1	Vlan-int100	192.1.0.1/16	AC 2	Vlan-int100	192.1.0.3/16
	Vlan-int200	192.2.0.1/16		Vlan-int200	192.2.0.2/16
Switch	Vlan-int30	192.3.0.2/16		Vlan-int40	192.4.0.1/16
	Vlan-int40	192.4.0.2/16

 

Restrictions and guidelines

When you configure the devices, follow these restrictions and guidelines:

·     Use the serial ID labeled on the AP's rear panel to specify an AP.

·     Assign the switch's interfaces attached to the ACs to different default VLANs.

Procedures

Configuring AC 1

1.     Configure the interfaces of AC 1:

# Set the link type to access for GigabitEthernet 1/0/1 that connects AC 1 to the AP, and assign GigabitEthernet 1/0/1 to VLAN 100.

<AC1> system-view

[AC1] interface gigabitethernet 1/0/1

[AC1-GigabitEthernet1/0/1] port link-type access

[AC1-GigabitEthernet1/0/1] port access vlan 100

[AC1-GigabitEthernet1/0/1] quit

# Set the link type to access for GigabitEthernet 1/0/2 that connects AC 1 to the switch, and assign GigabitEthernet 1/0/2 to VLAN 30.

[AC1] interface gigabitethernet 1/0/2

[AC1-GigabitEthernet1/0/2] port link-type access

[AC1-GigabitEthernet1/0/2] port access vlan 30

[AC1-GigabitEthernet1/0/2] quit

# Create VLAN 100 and VLAN-interface 100, and assign IP address 192.1.0.1/16 to the interface. The AP will set up a CAPWAP tunnel to this IP address with AC 1.

[AC1] vlan 100

[AC1-vlan100] quit

[AC1] interface vlan-interface 100

[AC1-Vlan-interface100] ip address 192.1.0.1 16

[AC1-Vlan-interface100] quit

# Create VLAN 200 and VLAN-interface 200, and assign IP address 192.2.0.1/16 to the interface. AC 1 will use this IP address to forward traffic of the wireless client.

[AC1] vlan 200

[AC1-vlan200] quit

[AC1] interface vlan-interface 200

[AC1-Vlan-interface200] ip address 192.2.0.1 16

[AC1-Vlan-interface200] quit

# Create VLAN 30 and VLAN-interface 30, and assign IP address 192.3.0.1/16 to the interface. AC 1 will use this IP address to set up an EVI tunnel with AC 2.

[AC1] vlan 30

[AC1-vlan30] quit

[AC1] interface vlan-interface 30

[AC1-Vlan-interface30] ip address 192.3.0.1 16

[AC1-Vlan-interface30] quit

2.     Configure the DHCP server:

# Enable DHCP server.

[AC1] dhcp enable

# Create IP pool 100, specify subnet 192.1.0.0/16 for dynamic allocation for the AP, and specify the gateway address as 192.1.0.1.

[AC1] dhcp server ip-pool 100

[AC1-dhcp-pool-100] network 192.1.0.0 16

[AC1-dhcp-pool-100] gateway-list 192.1.0.1

[AC1-dhcp-pool-100] quit

3.     Configure wireless services:

# Create service template 1 and enter its view.

[AC1] wlan service-template 1

# Configure the SSID as office.

[AC1-wlan-st-1] ssid office

# Assign clients coming online through service template 1 to VLAN 200.

[AC1-wlan-st-1] vlan 200

# Enable the service template.

[AC1-wlan-st-1] service-template enable

[AC1-wlan-st-1] quit

4.     Configure the AP:

# Create manual AP officeap, and specify the AP model and serial ID.

[AC1] wlan ap officeap model WA4320i-ACN

[AC1-wlan-ap-officeap] serial-id 210235A1GQC152001076

# Bind service template 1 to radio 2, and enable radio 2.

[AC1-wlan-ap-officeap] radio 2

[AC1-wlan-ap-officeap-radio-2] service-template 1

[AC1-wlan-ap-officeap-radio-2] radio enable

[AC1-wlan-ap-officeap-radio-2] quit

[AC1-wlan-ap-officeap] quit

5.     Set up an EVI tunnel:

# Create an IPv4 EVI tunnel interface.

[AC1] interface tunnel 0 mode evi

# Specify the source IP of the EVI tunnel as 192.3.0.1.

[AC1-Tunnel0] source 192.3.0.1

# Set the network ID to 1 for the EVI tunnel interface.

[AC1-Tunnel0] evi network-id 1

# Specify extended VLAN 200 on the EVI tunnel interface.

[AC1-Tunnel0] evi extend-vlan 200

# Configure AC 1 as an ENDS on the EVI tunnel interface.

[AC1-Tunnel0] evi neighbor-discovery server enable

[AC1-Tunnel0] quit

# Enable EVI on GigabitEthernet 1/0/2.

[AC1] interface gigabitethernet 1/0/2

[AC1-GigabitEthernet1/0/2] evi enable

[AC1-GigabitEthernet1/0/2] quit

6.     Configure static routing:

# Configure a static route for subnet 192.4.0.0/16, and specify the next hop as the switch.

[AC1] ip route-static 192.4.0.0 16 192.3.0.2

Configuring AC 2

1.     Configure the interfaces of AC 2:

# Set the link type to access for GigabitEthernet 1/0/1 that connects AC 2 to the server, and assign GigabitEthernet 1/0/1 to VLAN 200.

<AC2> system-view

[AC2] interface gigabitethernet 1/0/1

[AC2-GigabitEthernet1/0/1] port link-type access

[AC2-GigabitEthernet1/0/1] port access vlan 200

[AC2-GigabitEthernet1/0/1] quit

# Set the link type to access for GigabitEthernet 1/0/2 that connects AC 2 to the switch, and assign GigabitEthernet 1/0/2 to VLAN 40.

[AC2] interface gigabitethernet 1/0/2

[AC2-GigabitEthernet1/0/2] port link-type access

[AC2-GigabitEthernet1/0/2] port access vlan 40

[AC2-GigabitEthernet1/0/2] quit

# Create VLAN 200 and VLAN-interface 200, and assign IP address 192.2.0.2/16 to the interface. AC 2 will use this IP address to forward traffic of the wireless client.

[AC2] vlan 200

[AC2-vlan200] quit

[AC2] interface vlan-interface 200

[AC2-Vlan-interface200] ip address 192.2.0.2 16

[AC2-Vlan-interface200] quit

# Create VLAN 40 and VLAN-interface 40, and assign IP address 192.4.0.1/16 to the interface. AC 2 will use this IP address to set up an EVI tunnel with AC 1.

[AC2] vlan 40

[AC2-vlan40] quit

[AC2] interface vlan-interface 40

[AC2-Vlan-interface40] ip address 192.4.0.1 16

[AC2-Vlan-interface40] quit

2.     Configure the DHCP server:

# Enable DHCP server.

[AC2] dhcp enable

# Create IP pool 200, specify subnet 192.2.0.0/16 for dynamic allocation for the wireless client, exclude 192.2.0.1, 192.2.0.2, and 192.2.0.3 from dynamic allocation, and specify the gateway address as 192.2.0.2.

[AC2] dhcp server ip-pool 200

[AC2-dhcp-pool-200] network 192.2.0.0 16

[AC2-dhcp-pool-200] forbidden-ip 192.2.0.1 192.2.0.3

[AC2-dhcp-pool-200] gateway-list 192.2.0.2

[AC2-dhcp-pool-200] quit

3.     Set up an EVI tunnel:

# Create an IPv4 EVI tunnel interface.

[AC2] interface tunnel 0 mode evi

# Specify the source IP of the EVI tunnel as 192.4.0.1.

[AC2-Tunnel0] source 192.4.0.1

# Set the network ID to 1 for the EVI tunnel interface.

[AC2-Tunnel0] evi network-id 1

# Specify extended VLAN 200 on the EVI tunnel interface.

[AC2-Tunnel0] evi extend-vlan 200

# Configure AC 2 as an ENDC of AC 1.

[AC2-Tunnel0] evi neighbor-discovery client enable 192.3.0.1

[AC2-Tunnel0] quit

# Enable EVI on GigabitEthernet 1/0/2.

[AC2] interface gigabitethernet 1/0/2

[AC2-GigabitEthernet1/0/2] evi enable

[AC2-GigabitEthernet1/0/2] quit

4.     Configure static routing:

# Configure a static route for subnet 192.3.0.0/16, and specify the next hop as the switch.

[AC2] ip route-static 192.3.0.0 16 192.4.0.2

Configuring the switch

# Create VLAN 30 and VLAN-interface 30, and assign IP address 192.3.0.2/16 to the interface. The switch will use this IP address to forward EVI traffic from AC 1.

[Switch] vlan 30

[Switch-vlan30] quit

[Switch] interface vlan-interface 30

[Switch-Vlan-interface30] ip address 192.3.0.2 16

[Switch-Vlan-interface30] quit

# Create VLAN 40 and VLAN-interface 40, and assign IP address 192.4.0.2/16 to the interface. The switch will use this IP address to forward EVI traffic from AC 2.

[Switch] vlan 40

[Switch-vlan40] quit

[Switch] interface vlan-interface 40

[Switch-Vlan-interface40] ip address 192.4.0.2 16

[Switch-Vlan-interface40] quit

# Assign GigabitEthernet 1/0/1 connected to AC 1 to VLAN 30.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] port access vlan 30

[Switch-GigabitEthernet1/0/1] quit

# Assign GigabitEthernet 1/0/2 connected to AC 2 to VLAN 40.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] port access vlan 40

[Switch-GigabitEthernet1/0/2] quit

Verifying the configuration

1.     Verify the configuration on AC 1:

# Verify that the EVI tunnel interface is up.

[AC1] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmit unit: 64000

Internet protocol processing: Disabled

Tunnel source 192.3.0.1

Tunnel keepalive enabled, Period(5 s), Retries(2)

Network ID 1

Tunnel protocol/transport GRE_EVI/IP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the EVI link to AC 2 is up.

[AC1] display evi link interface tunnel 0

Interface     Status Source          Destination

EVI-Link0     UP     192.3.0.1         192.4.0.1

2.     Verify the configuration on AC 2:

# Verify that the EVI tunnel interface is up.

[AC2] display interface tunnel 0

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmit unit: 64000

Internet protocol processing: Disabled

Tunnel source 192.4.0.1

Tunnel keepalive enabled, Period(5 s), Retries(2)

Network ID 1

Tunnel protocol/transport GRE_EVI/IP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# Verify that the EVI link to AC 1 is up.

[AC2] display evi link interface tunnel 0

Interface     Status Source          Destination

EVI-Link0     UP     192.4.0.1         192.3.0.1

3.     Verify that the wireless client can obtain an IP address in VLAN 200 and access the internal resources attached to AC 2. (Details not shown.)

Configuration files

·     AC 1:

#

dhcp enable

#

vlan 30

#

vlan 100

#

vlan 200

#

dhcp server ip-pool vlan100

 gateway-list 192.1.0.1

 network 192.1.0.0 mask 255.255.0.0

#

wlan service-template 1

 ssid office

 vlan 200

 service-template enable

#

interface Vlan-interface30

 ip address 192.3.0.1 255.255.0.0

#

interface Vlan-interface100

 ip address 192.1.0.1 255.255.0.0

#

interface Vlan-interface200

 ip address 192.2.0.1 255.255.0.0

#

interface GigabitEthernet1/0/1

 port access vlan 100

#

interface GigabitEthernet1/0/2

 port access vlan 30

 evi enable

#

 ip route-static 192.4.0.0 16 192.3.0.2

#

wlan ap officeap model WA4320i-ACN

 serial-id 210235A1GQC152001076

 radio 1

 radio 2

  radio enable

  service-template 1

#

interface tunnel 0 mode evi

 source 192.3.0.1

 evi network-id 1

 evi extend-vlan 200

 evi neighbor-discovery server enable

#

·     AC 2:

#

dhcp enable

#

vlan 40

#

vlan 200

#

dhcp server ip-pool vlan200

 gateway-list 192.2.0.2

 network 192.2.0.0 mask 255.255.0.0

 forbidden-ip 192.2.0.1

 forbidden-ip 192.2.0.3

#

interface Vlan-interface40

 ip address 192.4.0.1 255.255.0.0

#

interface Vlan-interface200

 ip address 192.2.0.2 255.255.0.0

#

interface GigabitEthernet1/0/1

 port access vlan 200

#

interface GigabitEthernet1/0/2

 port access vlan 40

 evi enable

#

ip route-static 192.3.0.0 16 192.4.0.2

#

interface tunnel 0 mode evi

 source 192.4.0.1

 evi network-id 1

 evi extend-vlan 200

 evi neighbor-discovery client enable 192.3.0.1

#

·     Switch:

#

vlan 30

#

vlan 40

#

interface Vlan-interface30

 ip address 192.3.0.2 255.255.0.0

#

interface Vlan-interface40

 ip address 192.4.0.2 255.255.0.0

#

interface GigabitEthernet1/0/1

 port access vlan 30

#

interface GigabitEthernet1/0/2

 port access vlan 40

#

Related documentation

·     EVI Command Reference in H3C Access Controllers Command References

·     EVI Configuration Guide in H3C Access Controllers Configuration Guides

·     WLAN Access Command Reference in H3C Access Controllers Command References

·     WLAN Access Configuration Guide in H3C Access Controllers Configuration Guides