10. Huawei H3C small and medium-sized enterprise network architecture construction [Layer 2 roaming of wireless architecture]

Enterprise 2021-03-02 06:18:00 views: null

Topology

Actual combat

The topology can be saved locally, and then enlarged to view, so that it can be seen more clearly. (Drag to a new window to open it)

[ Layer 2 roaming of wireless architecture ]

In order to realize the function of wireless roaming, two APs need to be added to the topology. Of course, these two APs are all simulated and bridged to the local network card, and then the local network card is bridged to the real switch to realize the environment. It is equivalent to making a bridge. [The same effect as the real machine]

image001.png

In this way, the effects of layer 2 roaming and layer 3 roaming can be realized. Roaming between the 2 APs in the visitor hall belongs to layer 2 roaming , and the AP below the high-level personnel is layer 3 roaming.

Things to pay attention to when deploying roaming.

Matters needing attention in Layer 2 roaming
(1) Must be under the same AC
(2) WALN-ESS interface policies must be the same
(3) The authentication method of the security template must be the same, including the key
(4) SSID and in the service set template The data forwarding mode must be consistent.
(5) Just define a service set and call them on the AP that needs to roam.
(6) It is recommended to modify the Channel to not interfere, and the overlap area is 10%~15%.
(7) Business in direct forwarding mode Both the management VLAN and the management VLAN need to be released, otherwise the VLAN will not change after roaming, which will cause the VLAN not to pass.


Summary: You can see that there are certain rules for roaming, such as the same SSID and the same security policy. Another thing to pay attention to is the traffic released by the switch port and the problems that need to be paid attention to in the WLAN-eSS interface, such as roaming on the second layer . In this case, because only the AP has been crossed, the network segment and VLAN have not changed, so the WLAn-eSS interface configuration is the same as before, but if it is a three-layer roaming, for example, the user of VLAN19 roams to the network segment of VLAN20, such a situation Then, the WLAN-ESS needs to untagged VLAN 19 20, and the switch of the downstream interface needs to allow these VLANs to pass, otherwise the user will roam over and data communication will not be possible.

Specific configuration and demonstration of Layer 2 roaming

The configuration modification of the switch
needs to be modified. When we planned before, only one interface was reserved for wireless access, and the rest were for customer use. Then when a wireless AP is connected to other ports of the switch, Then the address we obtained is the 192.168.19.0/24 network segment. In this case, it will not be able to communicate with the AC's 192.168.1.0. There are two solutions. One is to change the attributes of the interface where the wireless AP accesses the switch. It is the same as the previous configuration.
For example, E0/0/2 is changed to the same configuration as E0/0/1. The other is DHCP Option 43. Here is an example of the most recommended method.


image002.png

This method is the most recommended and the most practical.

AC configuration instructions above

Note: The second floor roaming is wireless roaming between the visitor halls, so there is a 2.4g and 5g radio. The configuration idea is very simple. Just let another AP go online, and then call the directly defined under the corresponding AP. A strategy, such as defined by AP1, and then directly issued, is fine. Of course, pay attention to the channels not to overlap. For example, if A is 1, then B is 6. So I will not give out the configuration here. Refer to the previous AP online and configuration.

image003.png

There are already 2 APs online, AP 1 is the first AP, so the first one does not need to be configured, just configure the second one.

Specific placement

[AC6605]wlan
[AC6605-wlan-view]ap 2 radio 0
[AC6605-wlan-radio-2/0]radio-profile name 2.4G
[AC6605-wlan-radio-2/0]service-set id 0

[AC6605-wlan-view]ap 2 radio 1
[AC6605-wlan-radio-2/1]radio-profile name 5G
[AC6605-wlan-radio-2/1]service-set id 1
Description: like service set, security Neither the template nor the radio template needs to be configured, and the first one can be used directly. Note that the AP online configuration is not given here, you only need to configure an AP serial number. ap id 2 type-id 19 mac 00e0-fcaa-5d30 sn 210235448310C46D0459
[AC6605-wlan-view]commit ap 2

Channel modification

[AC6605-wlan-view]ap 1 radio 0
[AC6605-wlan-radio-1/0]channel 20mhz 1


[AC6605-wlan-view]ap 1 radio 0
[AC6605-wlan-radio-1/1]channel 20 149

[AC6605-wlan-view]ap 2 radio 0
[AC6605-wlan-radio-2/0]channel 20mhz 6

[AC6605-wlan-view]ap 2 radio 1
[AC6605-wlan-radio-2/1]channel 20mhz 153
[AC6605-wlan-view]commit all
Description: This configuration has manually modified the channel to ensure that A and B are The inter-channel does not conflict, and the best use is achieved.

Layer 2 roaming verification test

image004.png

You can see that the channel has been divided correctly, and you can start roaming under the test.

image005.png

When visitors are at the intersection of AP1 and AP2, they can see that the current signal strength of AP1 is higher, while the signal strength of AP2 is weaker.

image006.png

It is found that it can be connected, and the correct address is obtained.

image007.png

Ping continuously. We moved the visitor to the direction of AP 2 to point, to test the situation.

image008.png

You can see that only one packet has been lost, it has been migrated, and then it continues to send data packets.

Test the internal network

image009.png

It can be seen that it is currently connected to the internal network, and I move the customer, assuming the process of roaming.

image010.png

You can see that it has been migrated

image011.png

There is no problem with communication.

View roaming records

image012.png

Summary of Layer 2 Roaming:

It can be seen that there are certain rules for roaming, such as the same SSID and the same security policy. Another thing to pay attention to is the traffic released by the switch port and the issues that need to be paid attention to in the WLAN-eSS interface, such as in the case of layer 2 roaming. , Because it only crosses the AP, the network segment and VLAN are unchanged, so the WLAn-eSS interface configuration is the same as before, but if it is a three-layer roaming, for example, the user of VLAN19 roams to the network segment of VLAN20. In this case, Then WLAN-ESS needs untagged VLAN 19 20, and the switch of the downstream interface needs to allow these VLANs to pass, otherwise the user will roam over and data communication will not be possible.

This article was first published on the public account: Network Road Blog

Guess you like

Origin blog.51cto.com/ccieh3c/2642956
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com