VRRP双机热备

VRRP双机热备

一、实验目录

二、实验目的：

1、AC1设置为 AP和STA的DHCP服务器

2、AC1和AC2 使用 VRRP 虚拟出两个IP地址：
A.虚拟出管理VRRP
B.虚拟出业务VRRP
【AC1为主，AC2为备】

3、wlan业务和AP配置：

三、实验步骤：

步骤:

​ A.配置好各设备的各接口角色
​ B.配置VRRP Vrid 1 并设置为 管理VRRP ====>10.100.1.10
​ C.配置 VRRP vrid 2 并设置为 虚拟业务vrrp ====>10.101.1.254
​ 同时绑定 管理VRRP vrid 1

​ D.配置AC1设置为 AP和STA的DHCP服务器

​ E.配置 HSB通道：
​ @配置 HSB服务 0 ==>指定通道源目地址和源目端口
​ @配置 HSB组 0 ==>绑定HSB服务0和 管理 vrrp
​ @把 HSB 服务类型 【数据、AP、DHCP】和 HSB组 0 绑定

​ F.AP上线 ===建立 capwap隧道

​ G.下发业务配置 ：
​ @创建AP组
​ @用MAC认证 离线导入 AP
​ @AP组里面引用 域管理模板、VAP模板
​ @域管理模板，配置国家码
​ @VAP模板，先配置安全模板和SSID模板
​ @VAP模板，引用 安全模板和SSID模板，和配置数据转发方式、配置业务vlan

四、实验命令：

==拓扑图=

1.配置好各设备的各接口角色、配置VRRP 、配置AC1设置为 AP和STA的DHCP服务器**

LSW2：
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#

LSW1：
#
VLAN batch 100 101
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
#
interface Vlanif100
 ip address 10.100.1.3 255.255.255.0
#

AC1：
#
vlan batch 100 to 101
#
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
#
ip pool 100
 gateway-list 10.100.1.254 
 network 10.100.1.0 mask 255.255.255.0 
 excluded-ip-address 10.100.1.1 10.100.1.3 
option 43 sub-option 2 ip-address 10.100.1.10
#
ip pool 101
 gateway-list 10.101.1.254 
 network 10.101.1.0 mask 255.255.255.0 
 excluded-ip-address 10.101.1.1 10.101.1.3 
#
dhcp enable
#
#
interface Vlanif100
 ip address 10.100.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.100.1.10
 admin-vrrp vrid 1 
 vrrp vrid 1 priority 150
 dhcp select global
#
#
interface Vlanif101
 ip address 10.101.1.1 255.255.255.0
 vrrp vrid 2 virtual-ip 10.101.1.254
 vrrp vrid 2 track admin-vrrp interface Vlanif100 vrid 1 unflowdown
 dhcp select global
#

AC2：
#
vlan batch 100 101
#
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
dhcp enable
#
#
ip pool 100
 gateway-list 10.100.1.254 
 network 10.100.1.0 mask 255.255.255.0 
 excluded-ip-address 10.100.1.1 10.100.1.3 
 option 43 sub-option 2 ip-address 10.100.1.10  
#
#
ip pool 101
 gateway-list 10.101.1.254 
 network 10.101.1.0 mask 255.255.255.0 
 excluded-ip-address 10.101.1.1 10.101.1.3 
#
interface Vlanif100
 ip address 10.100.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.100.1.10
 admin-vrrp vrid 1 
 dhcp select glob
#
#
interface Vlanif101
 ip address 10.101.1.2 255.255.255.0
 vrrp vrid 2 virtual-ip 10.101.1.254
 vrrp vrid 2 track admin-vrrp interface Vlanif100 vrid 1 unflowdown
 dhcp select global
 #

2.配置 HSB通道：

​ @配置 HSB服务 0 ==>指定通道源目地址和源目端口
​ @配置 HSB组 0 ==>绑定HSB服务0和 管理 vrrp
​ @把 HSB 服务类型 【数据、AP、DHCP】和 HSB组 0 绑定

AC1：
#
hsb-service 0
 service-ip-port local-ip 10.100.1.1 peer-ip 10.100.1.2 local-data-port 10240 pe
er-data-port 10240
#
#
hsb-group 0
 track vrrp vrid 1 interface Vlanif100
 bind-service 0
#
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0

AC2：
#
hsb-service 0
 service-ip-port local-ip 10.100.1.2 peer-ip 10.100.1.1 local-data-port 10240 peer-data-port 10240
#
#
hsb-group 0
 track vrrp vrid 1 interface Vlanif100
 bind-service 0
#
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0 

**3.AP上线 **

​ A.建立 capwap隧道

​ B.下发业务配置 ：
​ @创建AP组
​ @用MAC认证 离线导入 AP
​ @AP组里面引用 域管理模板、VAP模板
​ @域管理模板，配置国家码
​ @VAP模板，先配置安全模板和SSID模板
​ @VAP模板，引用 安全模板和SSID模板，和配置数据转发方式、配置业务vlan

AC1：
#
capwap source ip-address 10.100.1.10
#
wlan
#
[AC1-wlan]ap-group name text
#
[AC1-wlan]ap auth-mode mac-auth
[AC1-wlan]ap-id 1 ap-mac 00e0-fc77-45c0【AP1的mac地址】
[AC1-wlan-ap-1]dis this
#
  ap-name AP1
  ap-group text
#
[AC1-wlan-view]regulatory-domain-profile name cn
[AC1-wlan-regulate-domain-cn]country-code cn
#
[AC1-wlan-view]security-profile name A
[AC1-wlan-sec-prof-A]dis this
#
  security wpa2 psk pass-phrase 123456789 aes 【密码】
#
[AC1-wlan-view]ssid-profile name A
[AC1-wlan-ssid-prof-A]ssid A
#
[AC1-wlan-view]vap-profile name A
[AC1-wlan-vap-prof-A]dis this
#
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile A
  security-profile A
#
[AC1-wlan-view]ap-group name text
[AC1-wlan-ap-group-text]regulatory-domain-profile cn
[AC1-wlan-ap-group-text]vap-profile A wlan 1 radio all

AC2：
#
capwap source ip-address 10.100.1.10
#
wlan
#
[AC2-wlan]ap-group name text
#
[AC2-wlan]ap auth-mode mac-auth
[AC2-wlan]ap-id 1 ap-mac 00e0-fc77-45c0【AP1的mac地址】
[AC2-wlan-ap-1]dis this
#
  ap-name AP1
  ap-group text
#
[AC2-wlan-view]regulatory-domain-profile name cn
[AC2-wlan-regulate-domain-cn]country-code cn
#
[AC2-wlan-view]security-profile name A
[AC2-wlan-sec-prof-A]dis this
#
  security wpa2 psk pass-phrase 123456789 aes 【密码】
#
[AC2-wlan-view]ssid-profile name A
[AC2-wlan-ssid-prof-A]ssid A
#
[AC2-wlan-view]vap-profile name A
[AC2-wlan-vap-prof-A]dis this
#
  forward-mode tunnel
  service-vlan vlan-id 101
  ssid-profile A
  security-profile A
#
[AC2-wlan-view]ap-group name text
[AC2-wlan-ap-group-text]regulatory-domain-profile cn
[AC2-wlan-ap-group-text]vap-profile A wlan 1 radio all

4、测试

LSW1：
#
vlan 3
#
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 3
#
#
interface Vlanif101
 ip address 10.101.1.3 255.255.255.0
#
#
interface Vlanif3
 ip address 10.3.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0 10.3.1.2

AR1:
#
interface GigabitEthernet0/0/0
 ip address 10.3.1.2 255.255.255.0 
#
ip route-static 10.101.1.0 24 10.3.1.1
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255 
#

AC1：
ip route-static 0.0.0.0 0 10.101.1.3

AC2：
ip route-static 0.0.0.0 0 10.101.1.3

5、测试结果

五、实验总结

​ 通过VRRP双机热备，实现了业务vlan的虚拟备份和管理vlan的虚拟备份；当主AC1接口发生故障时，备AC2可以实现主备切换，但还是有延迟和丢包现象。如果想实现快速故障收敛，可以用VRRP+监视上行接口。

[AC1-Vlanif100]vrrp vrid 1 track int g0/0/1 reduced 90