ENSP实现WLAN AC可靠性VRRP双机热备

原创已于 2025-11-30 10:07:17 修改 · 1.5k 阅读

11 ·

CC 4.0 BY-SA版权

文章标签：

#网络

于 2025-11-30 09:26:01 首次发布

实验拓扑图：

也可以使用独立的链路做为HSB专用链路，如下图：

AC1和AC2之间vlan10组成VRRP备份组，使用虚拟IP作为capwap隧道源IP

AC1和AC2之间vlan88作为HSB服务的检测IP

AC1和AC2上的WLAN配置需要手动配置，真机新版本上可以自动同步

配置如下表：

AC1

AC2

vlan batch 10 88

interface Vlanif10

ip address 10.1.10.3 255.255.255.0

vrrp vrid 10 virtual-ip 10.1.10.2

admin-vrrp vrid 10

vrrp vrid 10 priority 120

interface Vlanif88

ip address 10.1.88.3 255.255.255.0

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 88

ip route-static 0.0.0.0 0.0.0.0 10.1.10.1

capwap source ip-address 10.1.10.2

hsb-service 0

service-ip-port local-ip 10.1.88.3 peer-ip 10.1.88.4 local-data-port 12345 peer

-data-port 12345

hsb-group 0

track vrrp vrid 10 interface Vlanif10

bind-service 0

hsb enable

hsb-service-type access-user hsb-group 0

hsb-service-type ap hsb-group 0

wlan

security-profile name home

ssid-profile name home

ssid home

vap-profile name home

service-vlan vlan-id 20

ssid-profile home

security-profile home

regulatory-domain-profile name china

ap-group name home

regulatory-domain-profile china

radio 0

vap-profile home wlan 1

radio 1

vap-profile home wlan 1

radio 2

vap-profile home wlan 1

ap-id 0 type-id 56 ap-mac 00e0-fc7d-66e0 ap-sn 210235448310206B7F19

ap-name AP2

ap-group home

ap-id 1 type-id 56 ap-mac 00e0-fc3a-1520 ap-sn 210235448310613FDB28

ap-name AP1

ap-group home

vlan batch 10 88

interface Vlanif10

ip address 10.1.10.4 255.255.255.0

vrrp vrid 10 virtual-ip 10.1.10.2

admin-vrrp vrid 10

interface Vlanif88

ip address 10.1.88.4 255.255.255.0

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 88

ip route-static 0.0.0.0 0.0.0.0 10.1.10.1

capwap source ip-address 10.1.10.2

hsb-service 0

service-ip-port local-ip 10.1.88.4 peer-ip 10.1.88.3 local-data-port 12345 peer

-data-port 12345

hsb-group 0

track vrrp vrid 10 interface Vlanif10

bind-service 0

hsb enable

hsb-service-type access-user hsb-group 0

hsb-service-type ap hsb-group 0

wlan

security-profile name home

ssid-profile name home

ssid home

vap-profile name home

service-vlan vlan-id 20

ssid-profile home

security-profile home

regulatory-domain-profile name china

ap-group name home

regulatory-domain-profile china

radio 0

vap-profile home wlan 1

radio 1

vap-profile home wlan 1

radio 2

vap-profile home wlan 1

ap-id 0 type-id 56 ap-mac 00e0-fc7d-66e0 ap-sn 210235448310206B7F19

ap-name AP2

ap-group home

ap-id 1 type-id 56 ap-mac 00e0-fc3a-1520 ap-sn 210235448310613FDB28

ap-name AP1

ap-group home

vlan batch 10 20 88 111

dhcp enable

interface Vlanif10

ip address 10.1.10.1 255.255.255.0

dhcp select interface

dhcp server excluded-ip-address 10.1.10.2 10.1.10.4

interface Vlanif20

ip address 10.1.20.1 255.255.255.0

dhcp select interface

interface Vlanif111

ip address 10.1.111.1 255.255.255.0

interface GigabitEthernet0/0/1

port link-type access

port default vlan 111

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10 88

interface GigabitEthernet0/0/3

port link-type trunk

port trunk allow-pass vlan 10 88

interface GigabitEthernet0/0/4

port link-type trunk

port trunk pvid vlan 10

port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/5

port link-type trunk

port trunk pvid vlan 10

port trunk allow-pass vlan 10 20

ip route-static 0.0.0.0 0.0.0.0 10.1.111.2

interface GigabitEthernet0/0/0

ip address 10.1.111.2 255.255.255.0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ip route-static 0.0.0.0 0.0.0.0 10.1.111.1

HSB配置逻辑：

验证：

通过改变VRRP的优先级切换主备，AP状态很快便切换过来了。

通过关闭交换机端口再启用的方式，AP状态需要等很长时间才切换过来，中间出现AP掉线。可以通过增加VRRP抢占延迟，避免此现象。

AC2为nor状态，AC1为standby状态