配置Mesh普通业务示例

组网图形

图1配置Mesh组网示意图

  • 业务需求
  • 组网需求
  • 数据规划
  • 配置思路
  • 配置注意事项
  • 操作步骤
  • 配置文件

业务需求

在企业内部各区域通过建立Mesh无线回传链路,实现无线覆盖区域拓展,降低有线部署成本。

组网需求
  • AC组网方式:旁挂二层组网
  • 无线回传方式:Mesh portal-node方式
  • 回传射频:5G频段

数据规划

表1AP数据规划表

AP

MAC

area_1

00e0-fc76-e360

area_2

00e0-fc04-b500

area_3

00e0-fc74-9640

表2AC数据规划表

配置项

数据

AP管理VLAN

VLAN100

DHCP服务器

AC作为AP的DHCP服务器

AP地址池

10.23.100.2~10.23.100.254/24

AC的源接口

VLANIF100:10.23.100.1/24

Mesh模板名称

名称:mesh-net

Mesh角色

  • area_1:Mesh-portal(MPP)
  • area_2:Mesh-node(MP)
  • area_3:Mesh-node(MP)

Mesh ID

名称:mesh-net

Mesh白名单

名称:mesh-list

AP系统模板

名称:mesh-sys

Mesh使用的射频

 射频1:

  • 带宽:40MHz-plus
  • 信道:157
  • 射频覆盖距离参数:4(单位:100m)

安全模板

  • 名称:mesh-sec
  • 安全策略:WPA2+PSK+AES
  • 密码类型:PASS-PHRASE
  • 密码:a1234567

AP组

  • mesh-mpp:area_1
  • mesh-mp:area_2、area_3

配置思路
  1. 配置网络互通,使区域A的AP(MPP节点)可以通过有线的方式在AC上线。
  2. 配置Mesh业务,使区域B和区域C的AP(MP节点)可以通过Mesh链路在AC上线。

配置注意事项
  • 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。
    • 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
    • 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。

  • 建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。

  • 隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。

  • V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。
  • V200R021C00版本开始,AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能,添加AP时AP会上线失败,此时需要先开启CAPWAP DTLS不认证方式(capwap dtls no-auth enable)让AP上线,以便AP获取安全凭证,AP上线后应及时关闭该功能(undo capwap dtls no-auth enable),避免未授权AP上线。

操作步骤
  1. 配置周边设备

    # 配置接入交换机Switch_B的GE0/0/1和GE0/0/2接口加入VLAN100,GE0/0/1的缺省VLAN为VLAN100。

     system-view[HUAWEI] sysname Switch_B[Switch_B] vlan batch 100[Switch_B] interface gigabitEthernet 0/0/1[Switch_B-GigabitEthernet0/0/1] port link-type trunk[Switch_B-GigabitEthernet0/0/1] port trunk pvid vlan 100[Switch_B-GigabitEthernet0/0/1] port trunk allow-pass vlan 100[Switch_B-GigabitEthernet0/0/1] port-isolate enable[Switch_B-GigabitEthernet0/0/1] quit[Switch_B] interface gigabitEthernet 0/0/2[Switch_B-GigabitEthernet0/0/2] port link-type trunk[Switch_B-GigabitEthernet0/0/2] port trunk allow-pass vlan 100[Switch_B-GigabitEthernet0/0/2] quit

    # 配置汇聚交换机Switch_A的GE0/0/1接口加入VLAN100,GE0/0/2接口加入VLAN100。

     system-view[HUAWEI] sysname Switch_A[Switch_A] vlan batch 100[Switch_A] interface gigabitEthernet 0/0/1[Switch_A-GigabitEthernet0/0/1] port link-type trunk[Switch_A-GigabitEthernet0/0/1] port trunk allow-pass vlan 100[Switch_A-GigabitEthernet0/0/1] quit[Switch_A] interface gigabitEthernet 0/0/2[Switch_A-GigabitEthernet0/0/2] port link-type trunk[Switch_A-GigabitEthernet0/0/2] port trunk allow-pass vlan 100[Switch_A-GigabitEthernet0/0/2] quit
  2. 配置AC与其它网络设备互通

    如果AC直接连接AP,需要在AC直连AP的接口上配置缺省VLAN为管理VLAN100。

    # 配置AC的接口GE0/0/1加入VLAN100。

     system-view[HUAWEI] sysname AC[AC] vlan batch 100[AC] interface gigabitEthernet 0/0/1[AC-GigabitEthernet0/0/1] port link-type trunk[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100[AC-GigabitEthernet0/0/1] quit
  3. 配置DHCP服务器为AP分配IP地址

    # 在AC上使能DHCP功能,并通过接口地址池为AP分配IP地址。

    [AC] dhcp enable[AC] interface vlanif 100[AC-Vlanif100] ip address 10.23.100.1 24[AC-Vlanif100] dhcp select interface[AC-Vlanif100] quit
  4. 配置AP组、国家码和AC的源接口

    # 创建MPP的AP组和MP的AP组,用于将相同配置的AP都加入同一AP组中。

    [AC] wlan[AC-wlan-view] ap-group name mesh-mpp[AC-wlan-ap-group-mesh-mpp] quit[AC-wlan-view] ap-group name mesh-mp[AC-wlan-ap-group-mesh-mp] quit

    # 创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。

    [AC-wlan-view] regulatory-domain-profile name domain1[AC-wlan-regulate-domain-domain1] country-code cn[AC-wlan-regulate-domain-domain1] quit[AC-wlan-view] ap-group name mesh-mpp[AC-wlan-ap-group-mesh-mpp] regulatory-domain-profile domain1Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue" />y[AC-wlan-ap-group-mesh-mpp] quit[AC-wlan-view] ap-group name mesh-mp[AC-wlan-ap-group-mesh-mp] regulatory-domain-profile domain1Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y[AC-wlan-ap-group-mesh-mp] quit[AC-wlan-view] quit

    # 配置AC的源接口。

    [AC] capwap source interface vlanif 100

    # 将area_1加入到AP组“mesh-mpp”中,将area_2、area_3加入到AP组“mesh-mp”中。

    ap auth-mode命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth

    举例中使用的AP为AP8130DN,具有射频0和射频1两个射频。

    [AC] wlan[AC-wlan-view] ap auth-mode mac-auth[AC-wlan-view] ap-id 1 ap-mac 00e0-fc76-e360[AC-wlan-ap-1] ap-name area_1[AC-wlan-ap-1] ap-group mesh-mppWarning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y[AC-wlan-ap-1] quit[AC-wlan-view] ap-id 2 ap-mac 00e0-fc04-b500[AC-wlan-ap-2] ap-name area_2[AC-wlan-ap-2] ap-group mesh-mpWarning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y[AC-wlan-ap-2] quit[AC-wlan-view] ap-id 3 ap-mac 00e0-fc74-9640[AC-wlan-ap-3] ap-name area_3[AC-wlan-ap-3] ap-group mesh-mpWarning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y[AC-wlan-ap-3] quit
  5. 配置Mesh业务参数

    # 配置Mesh节点使用的主要射频参数。本例中使用的是射频1,“coverage distance”参数为射频覆盖距离,缺省情况下是3,单位是100m。本例中使用参数为4,用户可以根据实际情况配置该参数。

    [AC-wlan-view] ap-group name mesh-mpp[AC-wlan-ap-group-mesh-mpp] radio 1[AC-wlan-group-radio-mesh-mpp/1] calibrate auto-channel-select disable[AC-wlan-group-radio-mesh-mpp/1] calibrate auto-txpower-select disable[AC-wlan-group-radio-mesh-mpp/1] channel 40mhz-plus 157Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-group-radio-mesh-mpp/1] coverage distance 4[AC-wlan-group-radio-mesh-mpp/1] quit[AC-wlan-ap-group-mesh-mpp] quit[AC-wlan-view] ap-group name mesh-mp[AC-wlan-ap-group-mesh-mp] radio 1[AC-wlan-group-radio-mesh-mp/1] calibrate auto-channel-select disable[AC-wlan-group-radio-mesh-mp/1] calibrate auto-txpower-select disable[AC-wlan-group-radio-mesh-mp/1] channel 40mhz-plus 157Warning: This action may cause service interruption. Continue?[Y/N]y [AC-wlan-group-radio-mesh-mp/1] coverage distance 4[AC-wlan-group-radio-mesh-mp/1] quit[AC-wlan-ap-group-mesh-mp] quit

    # 配置Mesh链路使用的安全模板“mesh-sec”,“mesh-sec”支持WPA2+PSK+AES的安全策略。

    [AC-wlan-view] security-profile name mesh-sec[AC-wlan-sec-prof-mesh-sec] security wpa2 psk pass-phrase a1234567 aes[AC-wlan-sec-prof-mesh-sec] quit

    # 配置Mesh白名单。

    [AC-wlan-view] mesh-whitelist-profile name mesh-list[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc76-e360[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc04-b500[AC-wlan-mesh-whitelist-mesh-list] peer-ap mac 00e0-fc74-9640[AC-wlan-mesh-whitelist-mesh-list] quit

    # 配置Mesh角色。配置area_1的Mesh角色为“Mesh-portal”,缺省情况下Mesh角色为“Mesh-node”,所以area_2、area_3可以使用默认配置。Mesh角色是通过AP系统模板配置的。

    [AC-wlan-view] ap-system-profile name mesh-sys[AC-wlan-ap-system-prof-mesh-sys] mesh-role Mesh-portal[AC-wlan-ap-system-prof-mesh-sys] quit

    # 配置Mesh模板。配置Mesh网络的ID为“mesh-net”,Mesh链路老化时间为30秒,并引用安全模板和Mesh白名单。

    [AC-wlan-view] mesh-profile name mesh-net[AC-wlan-mesh-prof-mesh-net] mesh-id mesh-net[AC-wlan-mesh-prof-mesh-net] link-aging-time 30[AC-wlan-mesh-prof-mesh-net] security-profile mesh-sec[AC-wlan-mesh-prof-mesh-net] quit

    # 配置AP射频引用Mesh白名单模板。

    [AC-wlan-view] ap-group name mesh-mpp[AC-wlan-ap-group-mesh-mpp] radio 1[AC-wlan-group-radio-mesh-mpp/1] mesh-whitelist-profile mesh-list[AC-wlan-group-radio-mesh-mpp/1] quit[AC-wlan-ap-group-mesh-mpp] quit[AC-wlan-view] ap-group name mesh-mp[AC-wlan-ap-group-mesh-mp] radio 1[AC-wlan-group-radio-mesh-mp/1] mesh-whitelist-profile mesh-list[AC-wlan-group-radio-mesh-mp/1] quit[AC-wlan-ap-group-mesh-mp] quit
  6. 在AP组引用相关模板,使Mesh业务生效

    # 配置AP组“mesh-mpp”引用AP系统模板“mesh-sys”,使MPP角色在area_1上生效。

    [AC-wlan-view] ap-group name mesh-mpp[AC-wlan-ap-group-mesh-mpp] ap-system-profile mesh-sys[AC-wlan-ap-group-mesh-mpp] quit

    # 配置AP组“mesh-mpp”和“mesh-mp”分别引用Mesh模板“mesh-net”,使Mesh业务生效。

    [AC-wlan-view] ap-group name mesh-mpp[AC-wlan-ap-group-mesh-mpp] mesh-profile mesh-net radio 1[AC-wlan-ap-group-mesh-mpp] quit[AC-wlan-view] ap-group name mesh-mp[AC-wlan-ap-group-mesh-mp] mesh-profile mesh-net radio 1[AC-wlan-ap-group-mesh-mp] quit[AC-wlan-view] quit[AC] quit
  7. 验证Mesh业务配置结果

    # 完成配置后,执行命令display ap all,查看Mesh各节点是否成功上线,当“State”字段显示为“nor”,则表示AP已成功上线。

     display ap allTotal AP information: nor: normal[3]Extra information: P: insufficient power supply----------------------------------------------------------------------------------------------------ID MACName Group IPTypeState STA UptimeExtraInfo----------------------------------------------------------------------------------------------------100e0-fc76-e360 area_1 mesh-mpp 10.23.100.254 AP8130DNnor 013M:45S -200e0-fc04-b500 area_2 mesh-mp10.23.100.251 AP8130DNnor 05M:22S-300e0-fc74-9640 area_3 mesh-mp10.23.100.253 AP8130DNnor 04M:14S-----------------------------------------------------------------------------------------------------Total: 3

    # Mesh业务生效后,执行命令display wlan mesh link all,查看Mesh链路相关信息。

     display wlan mesh link allRf : radio ID Dis: coverage distance(100m)Ch : channelPer: drop percent(%)TSNR : total SNR(dB)P- : peerMesh : Mesh modeRe : retry ratio(%)RSSI : RSSI(dBm)MaxR : max RSSI(dBm)----------------------------------------------------------------------------------------------------------------------------------APNameP-APNameP-APMAC Rf Dis ChMeshP-StatusRSSIMaxRPerRe TSNRSNR(Ch0~3:dB)Tx(Mbps)Rx(Mbps)----------------------------------------------------------------------------------------------------------------------------------area_1area_200e0-fc04-b50014 157 portalnormal-30 -27 012 6762/65/-/-192 192area_1area_300e0-fc74-964014 157 portalnormal-26 -24 012 7167/68/-/-192 192area_3area_200e0-fc04-b50014 157 nodenormal-19 -3057766/76/-/-192 192area_3area_100e0-fc76-e36014 157 nodenormal-32 -4026 6455/63/-/-192 192area_2area_100e0-fc76-e36014 157 nodenormal-32 -4012 6462/61/-/-192 192area_2area_300e0-fc74-964014 157 nodenormal-14 -12 048271/82/-/-192 192----------------------------------------------------------------------------------------------------------------------------------Total: 6

配置文件

  • Switch_A的配置文件

    #sysname Switch_A# vlan batch 100#dhcp enable #interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100#interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100#return

  • Switch_B的配置文件

    #sysname Switch_B# vlan batch 100#interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 port-isolate enable group 1 #interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100#return

  • AC的配置文件

    # sysname AC# vlan batch 100#dhcp enable#interface Vlanif100 ip address 10.23.100.1 255.255.255.0 dhcp select interface#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100#capwap source interface vlanif100#wlan security-profile name mesh-secsecurity wpa2 psk pass-phrase %^%#n}5+DgC3wLB.hJ34j5;*QMv<8"9#{Bq@ghBI3L9K%^%# aes mesh-whitelist-profile name mesh-listpeer-ap mac 00e0-fc76-e360peer-ap mac 00e0-fc04-b500peer-ap mac 00e0-fc74-9640 mesh-profile name mesh-netsecurity-profile mesh-secmesh-id mesh-netlink-aging-time 30 regulatory-domain-profile name domain1 ap-system-profile name mesh-sysmesh-role Mesh-portal ap-group name mesh-mpregulatory-domain-profile domain1radio 1mesh-profile mesh-net mesh-whitelist-profile mesh-listchannel 40mhz-plus 157 coverage distance 4 calibrate auto-channel-select disable calibrate auto-txpower-select disable ap-group name mesh-mppap-system-profile mesh-sysregulatory-domain-profile domain1radio 1mesh-profile mesh-net mesh-whitelist-profile mesh-listchannel 40mhz-plus 157 coverage distance 4calibrate auto-channel-select disable calibrate auto-txpower-select disable ap-id 1 type-id 39 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042ap-name area_1ap-group mesh-mppap-id 2 type-id 39 ap-mac 00e0-fc04-b500 ap-sn 210235557610DB000046ap-name area_2ap-group mesh-mpap-id 3 type-id 39 ap-mac 00e0-fc74-9640 ap-sn 210235419610D2000097ap-name area_3ap-group mesh-mp #return